2 posix1e - a python module exposing the posix acl functions
4 Copyright (C) 2002-2009, 2012, 2014, 2015 Iustin Pop <iustin@k1024.org>
6 This library is free software; you can redistribute it and/or
7 modify it under the terms of the GNU Lesser General Public
8 License as published by the Free Software Foundation; either
9 version 2.1 of the License, or (at your option) any later version.
11 This library is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 Lesser General Public License for more details.
16 You should have received a copy of the GNU Lesser General Public
17 License along with this library; if not, write to the Free Software
18 Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
25 #include <sys/types.h>
29 #include <acl/libacl.h>
30 #define get_perm acl_get_perm
32 #define get_perm acl_get_perm_np
35 #if PY_MAJOR_VERSION >= 3
37 #define PyInt_Check(op) PyLong_Check(op)
38 #define PyInt_FromString PyLong_FromString
39 #define PyInt_FromUnicode PyLong_FromUnicode
40 #define PyInt_FromLong PyLong_FromLong
41 #define PyInt_FromSize_t PyLong_FromSize_t
42 #define PyInt_FromSsize_t PyLong_FromSsize_t
43 #define PyInt_AsLong PyLong_AsLong
44 #define PyInt_AsSsize_t PyLong_AsSsize_t
45 #define PyInt_AsUnsignedLongMask PyLong_AsUnsignedLongMask
46 #define PyInt_AsUnsignedLongLongMask PyLong_AsUnsignedLongLongMask
47 #define PyInt_AS_LONG PyLong_AS_LONG
48 #define MyString_FromFormat PyUnicode_FromFormat
49 #define MyString_FromString PyUnicode_FromString
50 #define MyString_FromStringAndSize PyUnicode_FromStringAndSize
52 #define PyBytes_Check PyString_Check
53 #define PyBytes_AS_STRING PyString_AS_STRING
54 #define PyBytes_FromStringAndSize PyString_FromStringAndSize
55 #define PyBytes_FromString PyString_FromString
56 #define PyBytes_FromFormat PyString_FromFormat
57 #define MyString_FromFormat PyBytes_FromFormat
58 #define MyString_FromString PyBytes_FromString
59 #define MyString_FromStringAndSize PyBytes_FromStringAndSize
62 /* Used for cpychecker: */
63 /* The checker automatically defines this preprocessor name when creating
64 the custom attribute: */
65 #if defined(WITH_CPYCHECKER_TYPE_OBJECT_FOR_TYPEDEF_ATTRIBUTE)
66 #define CPYCHECKER_TYPE_OBJECT_FOR_TYPEDEF(typename) \
67 __attribute__((cpychecker_type_object_for_typedef(typename)))
69 /* This handles the case where we're compiling with a "vanilla"
70 compiler that doesn't supply this attribute: */
71 #define CPYCHECKER_TYPE_OBJECT_FOR_TYPEDEF(typename)
74 /* The checker automatically defines this preprocessor name when creating
75 the custom attribute: */
76 #if defined(WITH_CPYCHECKER_NEGATIVE_RESULT_SETS_EXCEPTION_ATTRIBUTE)
77 #define CPYCHECKER_NEGATIVE_RESULT_SETS_EXCEPTION \
78 __attribute__((cpychecker_negative_result_sets_exception))
80 #define CPYCHECKER_NEGATIVE_RESULT_SETS_EXCEPTION
83 static PyTypeObject ACL_Type
84 CPYCHECKER_TYPE_OBJECT_FOR_TYPEDEF("ACL_Object");
85 static PyObject* ACL_applyto(PyObject* obj, PyObject* args);
86 static PyObject* ACL_valid(PyObject* obj, PyObject* args);
88 #ifdef HAVE_ACL_COPY_EXT
89 static PyObject* ACL_get_state(PyObject *obj, PyObject* args);
90 static PyObject* ACL_set_state(PyObject *obj, PyObject* args);
94 static PyTypeObject Entry_Type
95 CPYCHECKER_TYPE_OBJECT_FOR_TYPEDEF("Entry_Object");
96 static PyTypeObject Permset_Type
97 CPYCHECKER_TYPE_OBJECT_FOR_TYPEDEF("Permset_Object");
98 static PyObject* Permset_new(PyTypeObject* type, PyObject* args,
102 static acl_perm_t holder_ACL_EXECUTE = ACL_EXECUTE;
103 static acl_perm_t holder_ACL_READ = ACL_READ;
104 static acl_perm_t holder_ACL_WRITE = ACL_WRITE;
118 PyObject *parent_acl; /* The parent acl, so it won't run out on us */
124 PyObject *parent_entry; /* The parent entry, so it won't run out on us */
125 acl_permset_t permset;
130 /* Creation of a new ACL instance */
131 static PyObject* ACL_new(PyTypeObject* type, PyObject* args,
135 newacl = type->tp_alloc(type, 0);
138 ((ACL_Object*)newacl)->acl = NULL;
140 ((ACL_Object*)newacl)->entry_id = ACL_FIRST_ENTRY;
147 /* Initialization of a new ACL instance */
148 static int ACL_init(PyObject* obj, PyObject* args, PyObject *keywds) {
149 ACL_Object* self = (ACL_Object*) obj;
151 static char *kwlist[] = { "file", "fd", "text", "acl", "filedef",
153 char *format = "|etisO!si";
156 static char *kwlist[] = { "file", "fd", "text", "acl", "filedef", NULL };
157 char *format = "|etisO!s";
160 char *filedef = NULL;
163 ACL_Object* thesrc = NULL;
165 if(!PyTuple_Check(args) || PyTuple_Size(args) != 0 ||
166 (keywds != NULL && PyDict_Check(keywds) && PyDict_Size(keywds) > 1)) {
167 PyErr_SetString(PyExc_ValueError, "a max of one keyword argument"
171 if(!PyArg_ParseTupleAndKeywords(args, keywds, format, kwlist,
172 NULL, &file, &fd, &text, &ACL_Type,
180 /* Free the old acl_t without checking for error, we don't
182 if(self->acl != NULL)
186 self->acl = acl_get_file(file, ACL_TYPE_ACCESS);
187 else if(text != NULL)
188 self->acl = acl_from_text(text);
190 self->acl = acl_get_fd(fd);
191 else if(thesrc != NULL)
192 self->acl = acl_dup(thesrc->acl);
193 else if(filedef != NULL)
194 self->acl = acl_get_file(filedef, ACL_TYPE_DEFAULT);
197 self->acl = acl_from_mode(mode);
200 self->acl = acl_init(0);
202 if(self->acl == NULL) {
203 PyErr_SetFromErrno(PyExc_IOError);
210 /* Standard type functions */
211 static void ACL_dealloc(PyObject* obj) {
212 ACL_Object *self = (ACL_Object*) obj;
213 PyObject *err_type, *err_value, *err_traceback;
214 int have_error = PyErr_Occurred() ? 1 : 0;
217 PyErr_Fetch(&err_type, &err_value, &err_traceback);
218 if(self->acl != NULL && acl_free(self->acl) != 0)
219 PyErr_WriteUnraisable(obj);
221 PyErr_Restore(err_type, err_value, err_traceback);
225 /* Converts the acl to a text format */
226 static PyObject* ACL_str(PyObject *obj) {
228 ACL_Object *self = (ACL_Object*) obj;
231 text = acl_to_text(self->acl, NULL);
233 return PyErr_SetFromErrno(PyExc_IOError);
235 ret = MyString_FromString(text);
236 if(acl_free(text) != 0) {
238 return PyErr_SetFromErrno(PyExc_IOError);
244 static char __to_any_text_doc__[] =
245 "to_any_text([prefix='', separator='n', options=0])\n"
246 "Convert the ACL to a custom text format.\n"
248 "This method encapsulates the ``acl_to_any_text()`` function.\n"
249 "It allows a customized text format to be generated for the ACL. See\n"
250 ":manpage:`acl_to_any_text(3)` for more details.\n"
252 ":param string prefix: if given, this string will be pre-pended to\n"
254 ":param string separator: a single character (defaults to '\\n'); this will"
255 " be used to separate the entries in the ACL\n"
256 ":param options: a bitwise combination of:\n\n"
257 " - :py:data:`TEXT_ABBREVIATE`: use 'u' instead of 'user', 'g' \n"
258 " instead of 'group', etc.\n"
259 " - :py:data:`TEXT_NUMERIC_IDS`: User and group IDs are included as\n"
260 " decimal numbers instead of names\n"
261 " - :py:data:`TEXT_SOME_EFFECTIVE`: Include comments denoting the\n"
262 " effective permissions when some are masked\n"
263 " - :py:data:`TEXT_ALL_EFFECTIVE`: Include comments after all ACL\n"
264 " entries affected by an ACL_MASK entry\n"
265 " - :py:data:`TEXT_SMART_INDENT`: Used in combination with the\n"
266 " _EFFECTIVE options, this will ensure that comments are aligned\n"
267 " to the fourth tab position (assuming one tab equals eight spaces)\n"
271 /* Converts the acl to a custom text format */
272 static PyObject* ACL_to_any_text(PyObject *obj, PyObject *args,
275 ACL_Object *self = (ACL_Object*) obj;
277 const char *arg_prefix = NULL;
278 char arg_separator = '\n';
280 static char *kwlist[] = {"prefix", "separator", "options", NULL};
282 if (!PyArg_ParseTupleAndKeywords(args, kwds, "|sci", kwlist, &arg_prefix,
283 &arg_separator, &arg_options))
286 text = acl_to_any_text(self->acl, arg_prefix, arg_separator, arg_options);
288 return PyErr_SetFromErrno(PyExc_IOError);
290 ret = PyBytes_FromString(text);
291 if(acl_free(text) != 0) {
293 return PyErr_SetFromErrno(PyExc_IOError);
298 static char __check_doc__[] =
299 "Check the ACL validity.\n"
301 "This is a non-portable, Linux specific extension that allow more\n"
302 "information to be retrieved in case an ACL is not valid than via the\n"
303 ":py:func:`valid` method.\n"
305 "This method will return either False (the ACL is valid), or a tuple\n"
306 "with two elements. The first element is one of the following\n"
308 " - :py:data:`ACL_MULTI_ERROR`: The ACL contains multiple entries that\n"
309 " have a tag type that may occur at most once\n"
310 " - :py:data:`ACL_DUPLICATE_ERROR`: The ACL contains multiple \n"
311 " :py:data:`ACL_USER` or :py:data:`ACL_GROUP` entries with the\n"
313 " - :py:data:`ACL_MISS_ERROR`: A required entry is missing\n"
314 " - :py:data:`ACL_ENTRY_ERROR`: The ACL contains an invalid entry\n"
317 "The second element of the tuple is the index of the entry that is\n"
318 "invalid (in the same order as by iterating over the ACL entry)\n"
321 /* The acl_check method */
322 static PyObject* ACL_check(PyObject* obj, PyObject* args) {
323 ACL_Object *self = (ACL_Object*) obj;
327 if((result = acl_check(self->acl, &eindex)) == -1)
328 return PyErr_SetFromErrno(PyExc_IOError);
332 return Py_BuildValue("(ii)", result, eindex);
335 /* Implementation of the rich compare for ACLs */
336 static PyObject* ACL_richcompare(PyObject* o1, PyObject* o2, int op) {
337 ACL_Object *acl1, *acl2;
341 if(!PyObject_IsInstance(o2, (PyObject*)&ACL_Type)) {
346 PyErr_SetString(PyExc_TypeError, "can only compare to an ACL");
350 acl1 = (ACL_Object*)o1;
351 acl2 = (ACL_Object*)o2;
352 if((n=acl_cmp(acl1->acl, acl2->acl))==-1)
353 return PyErr_SetFromErrno(PyExc_IOError);
356 ret = n == 0 ? Py_True : Py_False;
359 ret = n == 1 ? Py_True : Py_False;
362 PyErr_SetString(PyExc_TypeError, "ACLs are not orderable");
369 static char __equiv_mode_doc__[] =
370 "Return the octal mode the ACL is equivalent to.\n"
372 "This is a non-portable, Linux specific extension that checks\n"
373 "if the ACL is a basic ACL and returns the corresponding mode.\n"
376 ":raise IOError: An IOerror exception will be raised if the ACL is\n"
377 " an extended ACL.\n"
380 /* The acl_equiv_mode method */
381 static PyObject* ACL_equiv_mode(PyObject* obj, PyObject* args) {
382 ACL_Object *self = (ACL_Object*) obj;
385 if(acl_equiv_mode(self->acl, &mode) == -1)
386 return PyErr_SetFromErrno(PyExc_IOError);
387 return PyInt_FromLong(mode);
392 /* Implementation of the compare for ACLs */
393 static int ACL_nocmp(PyObject* o1, PyObject* o2) {
395 PyErr_SetString(PyExc_TypeError, "cannot compare ACLs using cmp()");
401 static char __applyto_doc__[] =
402 "applyto(item[, flag=ACL_TYPE_ACCESS])\n"
403 "Apply the ACL to a file or filehandle.\n"
405 ":param item: either a filename or a file-like object or an integer;\n"
406 " this represents the filesystem object on which to act\n"
407 ":param flag: optional flag representing the type of ACL to set, either\n"
408 " :py:data:`ACL_TYPE_ACCESS` (default) or :py:data:`ACL_TYPE_DEFAULT`\n"
411 /* Applies the ACL to a file */
412 static PyObject* ACL_applyto(PyObject* obj, PyObject* args) {
413 ACL_Object *self = (ACL_Object*) obj;
415 acl_type_t type = ACL_TYPE_ACCESS;
419 if (!PyArg_ParseTuple(args, "O|I", &myarg, &type))
422 if(PyBytes_Check(myarg)) {
423 char *filename = PyBytes_AS_STRING(myarg);
424 nret = acl_set_file(filename, type, self->acl);
425 } else if (PyUnicode_Check(myarg)) {
427 PyUnicode_AsEncodedString(myarg,
428 Py_FileSystemDefaultEncoding, "strict");
431 const char *filename = PyBytes_AS_STRING(o);
432 nret = acl_set_file(filename, type, self->acl);
434 } else if((fd = PyObject_AsFileDescriptor(myarg)) != -1) {
435 nret = acl_set_fd(fd, self->acl);
437 PyErr_SetString(PyExc_TypeError, "argument 1 must be string, int,"
438 " or file-like object");
442 return PyErr_SetFromErrno(PyExc_IOError);
445 /* Return the result */
450 static char __valid_doc__[] =
451 "Test the ACL for validity.\n"
453 "This method tests the ACL to see if it is a valid ACL\n"
454 "in terms of the file-system. More precisely, it checks that:\n"
456 "The ACL contains exactly one entry with each of the\n"
457 ":py:data:`ACL_USER_OBJ`, :py:data:`ACL_GROUP_OBJ`, and \n"
458 ":py:data:`ACL_OTHER` tag types. Entries\n"
459 "with :py:data:`ACL_USER` and :py:data:`ACL_GROUP` tag types may\n"
460 "appear zero or more\n"
461 "times in an ACL. An ACL that contains entries of :py:data:`ACL_USER` or\n"
462 ":py:data:`ACL_GROUP` tag types must contain exactly one entry of the \n"
463 ":py:data:`ACL_MASK` tag type. If an ACL contains no entries of\n"
464 ":py:data:`ACL_USER` or :py:data:`ACL_GROUP` tag types, the\n"
465 ":py:data:`ACL_MASK` entry is optional.\n"
467 "All user ID qualifiers must be unique among all entries of\n"
468 "the :py:data:`ACL_USER` tag type, and all group IDs must be unique\n"
469 "among all entries of :py:data:`ACL_GROUP` tag type.\n"
471 "The method will return 1 for a valid ACL and 0 for an invalid one.\n"
472 "This has been chosen because the specification for\n"
473 ":manpage:`acl_valid(3)`\n"
474 "in the POSIX.1e standard documents only one possible value for errno\n"
475 "in case of an invalid ACL, so we can't differentiate between\n"
476 "classes of errors. Other suggestions are welcome.\n"
482 /* Checks the ACL for validity */
483 static PyObject* ACL_valid(PyObject* obj, PyObject* args) {
484 ACL_Object *self = (ACL_Object*) obj;
486 if(acl_valid(self->acl) == -1) {
493 #ifdef HAVE_ACL_COPY_EXT
494 static PyObject* ACL_get_state(PyObject *obj, PyObject* args) {
495 ACL_Object *self = (ACL_Object*) obj;
500 size = acl_size(self->acl);
502 return PyErr_SetFromErrno(PyExc_IOError);
504 if((ret = PyBytes_FromStringAndSize(NULL, size)) == NULL)
506 buf = PyBytes_AsString(ret);
508 if((nsize = acl_copy_ext(buf, self->acl, size)) == -1) {
510 return PyErr_SetFromErrno(PyExc_IOError);
516 static PyObject* ACL_set_state(PyObject *obj, PyObject* args) {
517 ACL_Object *self = (ACL_Object*) obj;
522 /* Parse the argument */
523 if (!PyArg_ParseTuple(args, "s#", &buf, &bufsize))
526 /* Try to import the external representation */
527 if((ptr = acl_copy_int(buf)) == NULL)
528 return PyErr_SetFromErrno(PyExc_IOError);
530 /* Free the old acl. Should we ignore errors here? */
531 if(self->acl != NULL) {
532 if(acl_free(self->acl) == -1)
533 return PyErr_SetFromErrno(PyExc_IOError);
538 /* Return the result */
546 /* tp_iter for the ACL type; since it can be iterated only
547 * destructively, the type is its iterator
549 static PyObject* ACL_iter(PyObject *obj) {
550 ACL_Object *self = (ACL_Object*)obj;
551 self->entry_id = ACL_FIRST_ENTRY;
556 /* the tp_iternext function for the ACL type */
557 static PyObject* ACL_iternext(PyObject *obj) {
558 ACL_Object *self = (ACL_Object*)obj;
559 acl_entry_t the_entry_t;
560 Entry_Object *the_entry_obj;
563 nerr = acl_get_entry(self->acl, self->entry_id, &the_entry_t);
564 self->entry_id = ACL_NEXT_ENTRY;
566 return PyErr_SetFromErrno(PyExc_IOError);
568 /* Docs says this is not needed */
569 /*PyErr_SetObject(PyExc_StopIteration, Py_None);*/
573 the_entry_obj = (Entry_Object*) PyType_GenericNew(&Entry_Type, NULL, NULL);
574 if(the_entry_obj == NULL)
577 the_entry_obj->entry = the_entry_t;
579 the_entry_obj->parent_acl = obj;
580 Py_INCREF(obj); /* For the reference we have in entry->parent */
582 return (PyObject*)the_entry_obj;
585 static char __ACL_delete_entry_doc__[] =
586 "delete_entry(entry)\n"
587 "Deletes an entry from the ACL.\n"
589 ".. note:: Only available with level 2.\n"
591 ":param entry: the Entry object which should be deleted; note that after\n"
592 " this function is called, that object is unusable any longer\n"
593 " and should be deleted\n"
596 /* Deletes an entry from the ACL */
597 static PyObject* ACL_delete_entry(PyObject *obj, PyObject *args) {
598 ACL_Object *self = (ACL_Object*)obj;
601 if (!PyArg_ParseTuple(args, "O!", &Entry_Type, &e))
604 if(acl_delete_entry(self->acl, e->entry) == -1)
605 return PyErr_SetFromErrno(PyExc_IOError);
607 /* Return the result */
612 static char __ACL_calc_mask_doc__[] =
613 "Compute the file group class mask.\n"
615 "The calc_mask() method calculates and sets the permissions \n"
616 "associated with the :py:data:`ACL_MASK` Entry of the ACL.\n"
617 "The value of the new permissions is the union of the permissions \n"
618 "granted by all entries of tag type :py:data:`ACL_GROUP`, \n"
619 ":py:data:`ACL_GROUP_OBJ`, or \n"
620 ":py:data:`ACL_USER`. If the ACL already contains an :py:data:`ACL_MASK`\n"
622 "permissions are overwritten; if it does not contain an \n"
623 ":py:data:`ACL_MASK` Entry, one is added.\n"
625 "The order of existing entries in the ACL is undefined after this \n"
629 /* Updates the mask entry in the ACL */
630 static PyObject* ACL_calc_mask(PyObject *obj, PyObject *args) {
631 ACL_Object *self = (ACL_Object*)obj;
633 if(acl_calc_mask(&self->acl) == -1)
634 return PyErr_SetFromErrno(PyExc_IOError);
636 /* Return the result */
641 static char __ACL_append_doc__[] =
643 "Append a new Entry to the ACL and return it.\n"
645 "This is a convenience function to create a new Entry \n"
646 "and append it to the ACL.\n"
647 "If a parameter of type Entry instance is given, the \n"
648 "entry will be a copy of that one (as if copied with \n"
649 ":py:func:`Entry.copy`), otherwise, the new entry will be empty.\n"
651 ":rtype: :py:class:`Entry`\n"
652 ":returns: the newly created entry\n"
655 /* Convenience method to create a new Entry */
656 static PyObject* ACL_append(PyObject *obj, PyObject *args) {
657 ACL_Object* self = (ACL_Object*) obj;
658 Entry_Object* newentry;
659 Entry_Object* oldentry = NULL;
662 newentry = (Entry_Object*)PyType_GenericNew(&Entry_Type, NULL, NULL);
663 if(newentry == NULL) {
667 if (!PyArg_ParseTuple(args, "|O!", &Entry_Type, &oldentry)) {
672 nret = acl_create_entry(&self->acl, &newentry->entry);
675 return PyErr_SetFromErrno(PyExc_IOError);
678 if(oldentry != NULL) {
679 nret = acl_copy_entry(newentry->entry, oldentry->entry);
682 return PyErr_SetFromErrno(PyExc_IOError);
686 newentry->parent_acl = obj;
689 return (PyObject*)newentry;
692 /***** Entry type *****/
702 /* Pre-declaring the function is more friendly to cpychecker, sigh. */
703 static int get_tag_qualifier(acl_entry_t entry, tag_qual *tq)
704 CPYCHECKER_NEGATIVE_RESULT_SETS_EXCEPTION;
706 /* Helper function to get the tag and qualifier of an Entry at the
707 same time. This is "needed" because the acl_get_qualifier function
708 returns a pointer to different types, based on the tag value, and
709 thus it's not straightforward to get the right type.
711 It sets a Python exception if an error occurs, and returns -1 in
712 this case. If successful, the tag is set to the tag type, the
713 qualifier (if any) to either the uid or the gid entry in the
714 tag_qual structure, and the return value is 0.
716 static int get_tag_qualifier(acl_entry_t entry, tag_qual *tq) {
719 if(acl_get_tag_type(entry, &tq->tag) == -1) {
720 PyErr_SetFromErrno(PyExc_IOError);
723 if (tq->tag == ACL_USER || tq->tag == ACL_GROUP) {
724 if((p = acl_get_qualifier(entry)) == NULL) {
725 PyErr_SetFromErrno(PyExc_IOError);
728 if (tq->tag == ACL_USER) {
729 tq->uid = *(uid_t*)p;
731 tq->gid = *(gid_t*)p;
738 /* Creation of a new Entry instance */
739 static PyObject* Entry_new(PyTypeObject* type, PyObject* args,
743 newentry = PyType_GenericNew(type, args, keywds);
745 if(newentry != NULL) {
746 ((Entry_Object*)newentry)->entry = NULL;
747 ((Entry_Object*)newentry)->parent_acl = NULL;
753 /* Initialization of a new Entry instance */
754 static int Entry_init(PyObject* obj, PyObject* args, PyObject *keywds) {
755 Entry_Object* self = (Entry_Object*) obj;
756 ACL_Object* parent = NULL;
758 if (!PyArg_ParseTuple(args, "O!", &ACL_Type, &parent))
761 if(acl_create_entry(&parent->acl, &self->entry) == -1) {
762 PyErr_SetFromErrno(PyExc_IOError);
766 self->parent_acl = (PyObject*)parent;
772 /* Free the Entry instance */
773 static void Entry_dealloc(PyObject* obj) {
774 Entry_Object *self = (Entry_Object*) obj;
775 PyObject *err_type, *err_value, *err_traceback;
776 int have_error = PyErr_Occurred() ? 1 : 0;
779 PyErr_Fetch(&err_type, &err_value, &err_traceback);
780 if(self->parent_acl != NULL) {
781 Py_DECREF(self->parent_acl);
782 self->parent_acl = NULL;
785 PyErr_Restore(err_type, err_value, err_traceback);
789 /* Converts the entry to a text format */
790 static PyObject* Entry_str(PyObject *obj) {
791 PyObject *format, *kind;
792 Entry_Object *self = (Entry_Object*) obj;
795 if(get_tag_qualifier(self->entry, &tq) < 0) {
799 format = MyString_FromString("ACL entry for ");
803 case ACL_UNDEFINED_TAG:
804 kind = MyString_FromString("undefined type");
807 kind = MyString_FromString("the owner");
810 kind = MyString_FromString("the group");
813 kind = MyString_FromString("the others");
816 /* FIXME: here and in the group case, we're formatting with
817 unsigned, because there's no way to automatically determine
818 the signed-ness of the types; on Linux(glibc) they're
819 unsigned, so we'll go along with that */
820 kind = MyString_FromFormat("user with uid %u", tq.uid);
823 kind = MyString_FromFormat("group with gid %u", tq.gid);
826 kind = MyString_FromString("the mask");
829 kind = MyString_FromString("UNKNOWN_TAG_TYPE!");
837 PyObject *ret = PyUnicode_Concat(format, kind);
842 PyString_ConcatAndDel(&format, kind);
847 /* Sets the tag type of the entry */
848 static int Entry_set_tag_type(PyObject* obj, PyObject* value, void* arg) {
849 Entry_Object *self = (Entry_Object*) obj;
852 PyErr_SetString(PyExc_TypeError,
853 "tag type deletion is not supported");
857 if(!PyInt_Check(value)) {
858 PyErr_SetString(PyExc_TypeError,
859 "tag type must be integer");
862 if(acl_set_tag_type(self->entry, (acl_tag_t)PyInt_AsLong(value)) == -1) {
863 PyErr_SetFromErrno(PyExc_IOError);
870 /* Returns the tag type of the entry */
871 static PyObject* Entry_get_tag_type(PyObject *obj, void* arg) {
872 Entry_Object *self = (Entry_Object*) obj;
875 if (self->entry == NULL) {
876 PyErr_SetString(PyExc_AttributeError, "entry attribute");
879 if(acl_get_tag_type(self->entry, &value) == -1) {
880 PyErr_SetFromErrno(PyExc_IOError);
884 return PyInt_FromLong(value);
887 /* Sets the qualifier (either uid_t or gid_t) for the entry,
888 * usable only if the tag type if ACL_USER or ACL_GROUP
890 static int Entry_set_qualifier(PyObject* obj, PyObject* value, void* arg) {
891 Entry_Object *self = (Entry_Object*) obj;
899 PyErr_SetString(PyExc_TypeError,
900 "qualifier deletion is not supported");
904 if(!PyInt_Check(value)) {
905 PyErr_SetString(PyExc_TypeError,
906 "qualifier must be integer");
909 if((uidgid = PyInt_AsLong(value)) == -1) {
910 if(PyErr_Occurred() != NULL) {
914 /* Due to how acl_set_qualifier takes its argument, we have to do
915 this ugly dance with two variables and a pointer that will
916 point to one of them. */
917 if(acl_get_tag_type(self->entry, &tag) == -1) {
918 PyErr_SetFromErrno(PyExc_IOError);
925 if((long)uid != uidgid) {
926 PyErr_SetString(PyExc_OverflowError, "cannot assign given qualifier");
933 if((long)gid != uidgid) {
934 PyErr_SetString(PyExc_OverflowError, "cannot assign given qualifier");
941 PyErr_SetString(PyExc_TypeError,
942 "can only set qualifiers on ACL_USER or ACL_GROUP entries");
945 if(acl_set_qualifier(self->entry, p) == -1) {
946 PyErr_SetFromErrno(PyExc_IOError);
953 /* Returns the qualifier of the entry */
954 static PyObject* Entry_get_qualifier(PyObject *obj, void* arg) {
955 Entry_Object *self = (Entry_Object*) obj;
959 if (self->entry == NULL) {
960 PyErr_SetString(PyExc_AttributeError, "entry attribute");
963 if(get_tag_qualifier(self->entry, &tq) < 0) {
966 if (tq.tag == ACL_USER) {
968 } else if (tq.tag == ACL_GROUP) {
971 PyErr_SetString(PyExc_TypeError,
972 "given entry doesn't have an user or"
976 return PyInt_FromLong(value);
979 /* Returns the parent ACL of the entry */
980 static PyObject* Entry_get_parent(PyObject *obj, void* arg) {
981 Entry_Object *self = (Entry_Object*) obj;
983 Py_INCREF(self->parent_acl);
984 return self->parent_acl;
987 /* Returns the a new Permset representing the permset of the entry
988 * FIXME: Should return a new reference to the same object, which
989 * should be created at init time!
991 static PyObject* Entry_get_permset(PyObject *obj, void* arg) {
992 Entry_Object *self = (Entry_Object*)obj;
996 p = Permset_new(&Permset_Type, NULL, NULL);
999 ps = (Permset_Object*)p;
1000 if(acl_get_permset(self->entry, &ps->permset) == -1) {
1001 PyErr_SetFromErrno(PyExc_IOError);
1005 ps->parent_entry = obj;
1008 return (PyObject*)p;
1011 /* Sets the permset of the entry to the passed Permset */
1012 static int Entry_set_permset(PyObject* obj, PyObject* value, void* arg) {
1013 Entry_Object *self = (Entry_Object*)obj;
1016 if(!PyObject_IsInstance(value, (PyObject*)&Permset_Type)) {
1017 PyErr_SetString(PyExc_TypeError, "argument 1 must be posix1e.Permset");
1020 p = (Permset_Object*)value;
1021 if(acl_set_permset(self->entry, p->permset) == -1) {
1022 PyErr_SetFromErrno(PyExc_IOError);
1028 static char __Entry_copy_doc__[] =
1030 "Copies an ACL entry.\n"
1032 "This method sets all the parameters to those of another\n"
1033 "entry (either of the same ACL or belonging to another ACL).\n"
1035 ":param Entry src: instance of type Entry\n"
1038 /* Sets all the entry parameters to another entry */
1039 static PyObject* Entry_copy(PyObject *obj, PyObject *args) {
1040 Entry_Object *self = (Entry_Object*)obj;
1041 Entry_Object *other;
1043 if(!PyArg_ParseTuple(args, "O!", &Entry_Type, &other))
1046 if(acl_copy_entry(self->entry, other->entry) == -1)
1047 return PyErr_SetFromErrno(PyExc_IOError);
1053 /**** Permset type *****/
1055 /* Creation of a new Permset instance */
1056 static PyObject* Permset_new(PyTypeObject* type, PyObject* args,
1058 PyObject* newpermset;
1060 newpermset = PyType_GenericNew(type, args, keywds);
1062 if(newpermset != NULL) {
1063 ((Permset_Object*)newpermset)->permset = NULL;
1064 ((Permset_Object*)newpermset)->parent_entry = NULL;
1070 /* Initialization of a new Permset instance */
1071 static int Permset_init(PyObject* obj, PyObject* args, PyObject *keywds) {
1072 Permset_Object* self = (Permset_Object*) obj;
1073 Entry_Object* parent = NULL;
1075 if (!PyArg_ParseTuple(args, "O!", &Entry_Type, &parent))
1078 if(acl_get_permset(parent->entry, &self->permset) == -1) {
1079 PyErr_SetFromErrno(PyExc_IOError);
1083 self->parent_entry = (PyObject*)parent;
1089 /* Free the Permset instance */
1090 static void Permset_dealloc(PyObject* obj) {
1091 Permset_Object *self = (Permset_Object*) obj;
1092 PyObject *err_type, *err_value, *err_traceback;
1093 int have_error = PyErr_Occurred() ? 1 : 0;
1096 PyErr_Fetch(&err_type, &err_value, &err_traceback);
1097 if(self->parent_entry != NULL) {
1098 Py_DECREF(self->parent_entry);
1099 self->parent_entry = NULL;
1102 PyErr_Restore(err_type, err_value, err_traceback);
1106 /* Permset string representation */
1107 static PyObject* Permset_str(PyObject *obj) {
1108 Permset_Object *self = (Permset_Object*) obj;
1111 pstr[0] = get_perm(self->permset, ACL_READ) ? 'r' : '-';
1112 pstr[1] = get_perm(self->permset, ACL_WRITE) ? 'w' : '-';
1113 pstr[2] = get_perm(self->permset, ACL_EXECUTE) ? 'x' : '-';
1114 return MyString_FromStringAndSize(pstr, 3);
1117 static char __Permset_clear_doc__[] =
1118 "Clears all permissions from the permission set.\n"
1121 /* Clears all permissions from the permset */
1122 static PyObject* Permset_clear(PyObject* obj, PyObject* args) {
1123 Permset_Object *self = (Permset_Object*) obj;
1125 if(acl_clear_perms(self->permset) == -1)
1126 return PyErr_SetFromErrno(PyExc_IOError);
1128 /* Return the result */
1133 static PyObject* Permset_get_right(PyObject *obj, void* arg) {
1134 Permset_Object *self = (Permset_Object*) obj;
1136 if(get_perm(self->permset, *(acl_perm_t*)arg)) {
1143 static int Permset_set_right(PyObject* obj, PyObject* value, void* arg) {
1144 Permset_Object *self = (Permset_Object*) obj;
1148 if(!PyInt_Check(value)) {
1149 PyErr_SetString(PyExc_ValueError, "invalid argument, an integer"
1153 on = PyInt_AsLong(value);
1155 nerr = acl_add_perm(self->permset, *(acl_perm_t*)arg);
1157 nerr = acl_delete_perm(self->permset, *(acl_perm_t*)arg);
1159 PyErr_SetFromErrno(PyExc_IOError);
1165 static char __Permset_add_doc__[] =
1167 "Add a permission to the permission set.\n"
1169 "This function adds the permission contained in \n"
1170 "the argument perm to the permission set. An attempt \n"
1171 "to add a permission that is already contained in the \n"
1172 "permission set is not considered an error.\n"
1174 ":param perm: a permission (:py:data:`ACL_WRITE`, :py:data:`ACL_READ`,\n"
1175 " :py:data:`ACL_EXECUTE`, ...)\n"
1176 ":raises IOError: in case the argument is not a valid descriptor\n"
1179 static PyObject* Permset_add(PyObject* obj, PyObject* args) {
1180 Permset_Object *self = (Permset_Object*) obj;
1183 if (!PyArg_ParseTuple(args, "i", &right))
1186 if(acl_add_perm(self->permset, (acl_perm_t) right) == -1)
1187 return PyErr_SetFromErrno(PyExc_IOError);
1189 /* Return the result */
1194 static char __Permset_delete_doc__[] =
1196 "Delete a permission from the permission set.\n"
1198 "This function deletes the permission contained in \n"
1199 "the argument perm from the permission set. An attempt \n"
1200 "to delete a permission that is not contained in the \n"
1201 "permission set is not considered an error.\n"
1203 ":param perm: a permission (:py:data:`ACL_WRITE`, :py:data:`ACL_READ`,\n"
1204 " :py:data:`ACL_EXECUTE`, ...)\n"
1205 ":raises IOError: in case the argument is not a valid descriptor\n"
1208 static PyObject* Permset_delete(PyObject* obj, PyObject* args) {
1209 Permset_Object *self = (Permset_Object*) obj;
1212 if (!PyArg_ParseTuple(args, "i", &right))
1215 if(acl_delete_perm(self->permset, (acl_perm_t) right) == -1)
1216 return PyErr_SetFromErrno(PyExc_IOError);
1218 /* Return the result */
1223 static char __Permset_test_doc__[] =
1225 "Test if a permission exists in the permission set.\n"
1227 "The test() function tests if the permission represented by\n"
1228 "the argument perm exists in the permission set.\n"
1230 ":param perm: a permission (:py:data:`ACL_WRITE`, :py:data:`ACL_READ`,\n"
1231 " :py:data:`ACL_EXECUTE`, ...)\n"
1233 ":raises IOError: in case the argument is not a valid descriptor\n"
1236 static PyObject* Permset_test(PyObject* obj, PyObject* args) {
1237 Permset_Object *self = (Permset_Object*) obj;
1241 if (!PyArg_ParseTuple(args, "i", &right))
1244 ret = get_perm(self->permset, (acl_perm_t) right);
1246 return PyErr_SetFromErrno(PyExc_IOError);
1257 static char __ACL_Type_doc__[] =
1258 "Type which represents a POSIX ACL\n"
1260 ".. note:: only one keyword parameter should be provided\n"
1262 ":param string file: creates an ACL representing\n"
1263 " the access ACL of the specified file.\n"
1264 ":param string filedef: creates an ACL representing\n"
1265 " the default ACL of the given directory.\n"
1266 ":param int fd: creates an ACL representing\n"
1267 " the access ACL of the given file descriptor.\n"
1268 ":param string text: creates an ACL from a \n"
1269 " textual description; note the ACL must be valid, which\n"
1270 " means including a mask for extended ACLs, similar to\n"
1271 " ``setfacl --no-mask``\n"
1272 ":param ACL acl: creates a copy of an existing ACL instance.\n"
1273 ":param int mode: creates an ACL from a numeric mode\n"
1274 " (e.g. ``mode=0644``); this is valid only when the C library\n"
1275 " provides the ``acl_from_mode call``, and\n"
1276 " note that no validation is done on the given value.\n"
1278 "If no parameters are passed, an empty ACL will be created; this\n"
1279 "makes sense only when your OS supports ACL modification\n"
1280 "(i.e. it implements full POSIX.1e support), otherwise the ACL won't\n"
1284 /* ACL type methods */
1285 static PyMethodDef ACL_methods[] = {
1286 {"applyto", ACL_applyto, METH_VARARGS, __applyto_doc__},
1287 {"valid", ACL_valid, METH_NOARGS, __valid_doc__},
1289 {"to_any_text", (PyCFunction)ACL_to_any_text, METH_VARARGS | METH_KEYWORDS,
1290 __to_any_text_doc__},
1291 {"check", ACL_check, METH_NOARGS, __check_doc__},
1292 {"equiv_mode", ACL_equiv_mode, METH_NOARGS, __equiv_mode_doc__},
1294 #ifdef HAVE_ACL_COPYEXT
1295 {"__getstate__", ACL_get_state, METH_NOARGS,
1296 "Dumps the ACL to an external format."},
1297 {"__setstate__", ACL_set_state, METH_VARARGS,
1298 "Loads the ACL from an external format."},
1301 {"delete_entry", ACL_delete_entry, METH_VARARGS, __ACL_delete_entry_doc__},
1302 {"calc_mask", ACL_calc_mask, METH_NOARGS, __ACL_calc_mask_doc__},
1303 {"append", ACL_append, METH_VARARGS, __ACL_append_doc__},
1305 {NULL, NULL, 0, NULL}
1309 /* The definition of the ACL Type */
1310 static PyTypeObject ACL_Type = {
1312 PyVarObject_HEAD_INIT(NULL, 0)
1314 PyObject_HEAD_INIT(NULL)
1320 ACL_dealloc, /* tp_dealloc */
1325 0, /* formerly tp_compare, in 3.0 deprecated, in
1328 ACL_nocmp, /* tp_compare */
1331 0, /* tp_as_number */
1332 0, /* tp_as_sequence */
1333 0, /* tp_as_mapping */
1336 ACL_str, /* tp_str */
1337 0, /* tp_getattro */
1338 0, /* tp_setattro */
1339 0, /* tp_as_buffer */
1340 Py_TPFLAGS_DEFAULT, /* tp_flags */
1341 __ACL_Type_doc__, /* tp_doc */
1342 0, /* tp_traverse */
1345 ACL_richcompare, /* tp_richcompare */
1347 0, /* tp_richcompare */
1349 0, /* tp_weaklistoffset */
1355 0, /* tp_iternext */
1357 ACL_methods, /* tp_methods */
1362 0, /* tp_descr_get */
1363 0, /* tp_descr_set */
1364 0, /* tp_dictoffset */
1365 ACL_init, /* tp_init */
1367 ACL_new, /* tp_new */
1372 /* Entry type methods */
1373 static PyMethodDef Entry_methods[] = {
1374 {"copy", Entry_copy, METH_VARARGS, __Entry_copy_doc__},
1375 {NULL, NULL, 0, NULL}
1378 static char __Entry_tagtype_doc__[] =
1379 "The tag type of the current entry\n"
1382 " - :py:data:`ACL_UNDEFINED_TAG`\n"
1383 " - :py:data:`ACL_USER_OBJ`\n"
1384 " - :py:data:`ACL_USER`\n"
1385 " - :py:data:`ACL_GROUP_OBJ`\n"
1386 " - :py:data:`ACL_GROUP`\n"
1387 " - :py:data:`ACL_MASK`\n"
1388 " - :py:data:`ACL_OTHER`\n"
1391 static char __Entry_qualifier_doc__[] =
1392 "The qualifier of the current entry\n"
1394 "If the tag type is :py:data:`ACL_USER`, this should be a user id.\n"
1395 "If the tag type if :py:data:`ACL_GROUP`, this should be a group id.\n"
1396 "Else it doesn't matter.\n"
1399 static char __Entry_parent_doc__[] =
1400 "The parent ACL of this entry\n"
1403 static char __Entry_permset_doc__[] =
1404 "The permission set of this ACL entry\n"
1408 static PyGetSetDef Entry_getsets[] = {
1409 {"tag_type", Entry_get_tag_type, Entry_set_tag_type,
1410 __Entry_tagtype_doc__},
1411 {"qualifier", Entry_get_qualifier, Entry_set_qualifier,
1412 __Entry_qualifier_doc__},
1413 {"parent", Entry_get_parent, NULL, __Entry_parent_doc__},
1414 {"permset", Entry_get_permset, Entry_set_permset, __Entry_permset_doc__},
1418 static char __Entry_Type_doc__[] =
1419 "Type which represents an entry in an ACL.\n"
1421 "The type exists only if the OS has full support for POSIX.1e\n"
1422 "Can be created either by:\n"
1424 " >>> e = posix1e.Entry(myACL) # this creates a new entry in the ACL\n"
1425 " >>> e = myACL.append() # another way for doing the same thing\n"
1429 " >>> for entry in myACL:\n"
1430 " ... print entry\n"
1432 "Note that the Entry keeps a reference to its ACL, so even if \n"
1433 "you delete the ACL, it won't be cleaned up and will continue to \n"
1434 "exist until its Entry(ies) will be deleted.\n"
1436 /* The definition of the Entry Type */
1437 static PyTypeObject Entry_Type = {
1439 PyVarObject_HEAD_INIT(NULL, 0)
1441 PyObject_HEAD_INIT(NULL)
1445 sizeof(Entry_Object),
1447 Entry_dealloc, /* tp_dealloc */
1453 0, /* tp_as_number */
1454 0, /* tp_as_sequence */
1455 0, /* tp_as_mapping */
1458 Entry_str, /* tp_str */
1459 0, /* tp_getattro */
1460 0, /* tp_setattro */
1461 0, /* tp_as_buffer */
1462 Py_TPFLAGS_DEFAULT, /* tp_flags */
1463 __Entry_Type_doc__, /* tp_doc */
1464 0, /* tp_traverse */
1466 0, /* tp_richcompare */
1467 0, /* tp_weaklistoffset */
1469 0, /* tp_iternext */
1470 Entry_methods, /* tp_methods */
1472 Entry_getsets, /* tp_getset */
1475 0, /* tp_descr_get */
1476 0, /* tp_descr_set */
1477 0, /* tp_dictoffset */
1478 Entry_init, /* tp_init */
1480 Entry_new, /* tp_new */
1483 /* Permset type methods */
1484 static PyMethodDef Permset_methods[] = {
1485 {"clear", Permset_clear, METH_NOARGS, __Permset_clear_doc__, },
1486 {"add", Permset_add, METH_VARARGS, __Permset_add_doc__, },
1487 {"delete", Permset_delete, METH_VARARGS, __Permset_delete_doc__, },
1488 {"test", Permset_test, METH_VARARGS, __Permset_test_doc__, },
1489 {NULL, NULL, 0, NULL}
1492 static char __Permset_execute_doc__[] =
1493 "Execute permission property\n"
1495 "This is a convenience method of retrieving and setting the execute\n"
1496 "permission in the permission set; the \n"
1497 "same effect can be achieved using the functions\n"
1498 "add(), test(), delete(), and those can take any \n"
1499 "permission defined by your platform.\n"
1502 static char __Permset_read_doc__[] =
1503 "Read permission property\n"
1505 "This is a convenience method of retrieving and setting the read\n"
1506 "permission in the permission set; the \n"
1507 "same effect can be achieved using the functions\n"
1508 "add(), test(), delete(), and those can take any \n"
1509 "permission defined by your platform.\n"
1512 static char __Permset_write_doc__[] =
1513 "Write permission property\n"
1515 "This is a convenience method of retrieving and setting the write\n"
1516 "permission in the permission set; the \n"
1517 "same effect can be achieved using the functions\n"
1518 "add(), test(), delete(), and those can take any \n"
1519 "permission defined by your platform.\n"
1522 /* Permset getset */
1523 static PyGetSetDef Permset_getsets[] = {
1524 {"execute", Permset_get_right, Permset_set_right,
1525 __Permset_execute_doc__, &holder_ACL_EXECUTE},
1526 {"read", Permset_get_right, Permset_set_right,
1527 __Permset_read_doc__, &holder_ACL_READ},
1528 {"write", Permset_get_right, Permset_set_right,
1529 __Permset_write_doc__, &holder_ACL_WRITE},
1533 static char __Permset_Type_doc__[] =
1534 "Type which represents the permission set in an ACL entry\n"
1536 "The type exists only if the OS has full support for POSIX.1e\n"
1537 "Can be retrieved either by:\n\n"
1538 ">>> perms = myEntry.permset\n"
1541 ">>> perms = posix1e.Permset(myEntry)\n"
1543 "Note that the Permset keeps a reference to its Entry, so even if \n"
1544 "you delete the entry, it won't be cleaned up and will continue to \n"
1545 "exist until its Permset will be deleted.\n"
1548 /* The definition of the Permset Type */
1549 static PyTypeObject Permset_Type = {
1551 PyVarObject_HEAD_INIT(NULL, 0)
1553 PyObject_HEAD_INIT(NULL)
1557 sizeof(Permset_Object),
1559 Permset_dealloc, /* tp_dealloc */
1565 0, /* tp_as_number */
1566 0, /* tp_as_sequence */
1567 0, /* tp_as_mapping */
1570 Permset_str, /* tp_str */
1571 0, /* tp_getattro */
1572 0, /* tp_setattro */
1573 0, /* tp_as_buffer */
1574 Py_TPFLAGS_DEFAULT, /* tp_flags */
1575 __Permset_Type_doc__,/* tp_doc */
1576 0, /* tp_traverse */
1578 0, /* tp_richcompare */
1579 0, /* tp_weaklistoffset */
1581 0, /* tp_iternext */
1582 Permset_methods, /* tp_methods */
1584 Permset_getsets, /* tp_getset */
1587 0, /* tp_descr_get */
1588 0, /* tp_descr_set */
1589 0, /* tp_dictoffset */
1590 Permset_init, /* tp_init */
1592 Permset_new, /* tp_new */
1597 /* Module methods */
1599 static char __deletedef_doc__[] =
1600 "delete_default(path)\n"
1601 "Delete the default ACL from a directory.\n"
1603 "This function deletes the default ACL associated with\n"
1604 "a directory (the ACL which will be ANDed with the mode\n"
1605 "parameter to the open, creat functions).\n"
1607 ":param string path: the directory whose default ACL should be deleted\n"
1610 /* Deletes the default ACL from a directory */
1611 static PyObject* aclmodule_delete_default(PyObject* obj, PyObject* args) {
1614 /* Parse the arguments */
1615 if (!PyArg_ParseTuple(args, "et", NULL, &filename))
1618 if(acl_delete_def_file(filename) == -1) {
1619 return PyErr_SetFromErrno(PyExc_IOError);
1622 /* Return the result */
1628 static char __has_extended_doc__[] =
1629 "has_extended(item)\n"
1630 "Check if a file or file handle has an extended ACL.\n"
1632 ":param item: either a file name or a file-like object or an integer;\n"
1633 " it represents the file-system object on which to act\n"
1636 /* Check for extended ACL a file or fd */
1637 static PyObject* aclmodule_has_extended(PyObject* obj, PyObject* args) {
1642 if (!PyArg_ParseTuple(args, "O", &myarg))
1645 if(PyBytes_Check(myarg)) {
1646 const char *filename = PyBytes_AS_STRING(myarg);
1647 nret = acl_extended_file(filename);
1648 } else if (PyUnicode_Check(myarg)) {
1650 PyUnicode_AsEncodedString(myarg,
1651 Py_FileSystemDefaultEncoding, "strict");
1654 const char *filename = PyBytes_AS_STRING(o);
1655 nret = acl_extended_file(filename);
1657 } else if((fd = PyObject_AsFileDescriptor(myarg)) != -1) {
1658 nret = acl_extended_fd(fd);
1660 PyErr_SetString(PyExc_TypeError, "argument 1 must be string, int,"
1661 " or file-like object");
1665 return PyErr_SetFromErrno(PyExc_IOError);
1668 /* Return the result */
1669 return PyBool_FromLong(nret);
1673 /* The module methods */
1674 static PyMethodDef aclmodule_methods[] = {
1675 {"delete_default", aclmodule_delete_default, METH_VARARGS,
1678 {"has_extended", aclmodule_has_extended, METH_VARARGS,
1679 __has_extended_doc__},
1681 {NULL, NULL, 0, NULL}
1684 static char __posix1e_doc__[] =
1685 "POSIX.1e ACLs manipulation\n"
1686 "==========================\n"
1688 "This module provides support for manipulating POSIX.1e ACLS\n"
1690 "Depending on the operating system support for POSIX.1e, \n"
1691 "the ACL type will have more or less capabilities:\n\n"
1692 " - level 1, only basic support, you can create\n"
1693 " ACLs from files and text descriptions;\n"
1694 " once created, the type is immutable\n"
1695 " - level 2, complete support, you can alter\n"
1696 " the ACL once it is created\n"
1698 "Also, in level 2, more types are available, corresponding\n"
1699 "to acl_entry_t (the Entry type), acl_permset_t (the Permset type).\n"
1701 "The existence of level 2 support and other extensions can be\n"
1702 "checked by the constants:\n\n"
1703 " - :py:data:`HAS_ACL_ENTRY` for level 2 and the Entry/Permset classes\n"
1704 " - :py:data:`HAS_ACL_FROM_MODE` for ``ACL(mode=...)`` usage\n"
1705 " - :py:data:`HAS_ACL_CHECK` for the :py:func:`ACL.check` function\n"
1706 " - :py:data:`HAS_EXTENDED_CHECK` for the module-level\n"
1707 " :py:func:`has_extended` function\n"
1708 " - :py:data:`HAS_EQUIV_MODE` for the :py:func:`ACL.equiv_mode` method\n"
1712 ">>> import posix1e\n"
1713 ">>> acl1 = posix1e.ACL(file=\"file.txt\") \n"
1719 ">>> b = posix1e.ACL(text=\"u::rx,g::-,o::-\")\n"
1725 ">>> b.applyto(\"file.txt\")\n"
1726 ">>> print posix1e.ACL(file=\"file.txt\")\n"
1732 ".. py:data:: ACL_USER\n\n"
1733 " Denotes a specific user entry in an ACL.\n"
1735 ".. py:data:: ACL_USER_OBJ\n\n"
1736 " Denotes the user owner entry in an ACL.\n"
1738 ".. py:data:: ACL_GROUP\n\n"
1739 " Denotes the a group entry in an ACL.\n"
1741 ".. py:data:: ACL_GROUP_OBJ\n\n"
1742 " Denotes the group owner entry in an ACL.\n"
1744 ".. py:data:: ACL_OTHER\n\n"
1745 " Denotes the 'others' entry in an ACL.\n"
1747 ".. py:data:: ACL_MASK\n\n"
1748 " Denotes the mask entry in an ACL, representing the maximum\n"
1749 " access granted other users, the owner group and other groups.\n"
1751 ".. py:data:: ACL_UNDEFINED_TAG\n\n"
1752 " An undefined tag in an ACL.\n"
1754 ".. py:data:: ACL_READ\n\n"
1755 " Read permission in a permission set.\n"
1757 ".. py:data:: ACL_WRITE\n\n"
1758 " Write permission in a permission set.\n"
1760 ".. py:data:: ACL_EXECUTE\n\n"
1761 " Execute permission in a permission set.\n"
1763 ".. py:data:: HAS_ACL_ENTRY\n\n"
1764 " denotes support for level 2 and the Entry/Permset classes\n"
1766 ".. py:data:: HAS_ACL_FROM_MODE\n\n"
1767 " denotes support for building an ACL from an octal mode\n"
1769 ".. py:data:: HAS_ACL_CHECK\n\n"
1770 " denotes support for extended checks of an ACL's validity\n"
1772 ".. py:data:: HAS_EXTENDED_CHECK\n\n"
1773 " denotes support for checking whether an ACL is basic or extended\n"
1775 ".. py:data:: HAS_EQUIV_MODE\n\n"
1776 " denotes support for the equiv_mode function\n"
1782 static struct PyModuleDef posix1emodule = {
1783 PyModuleDef_HEAD_INIT,
1790 #define INITERROR return NULL
1793 PyInit_posix1e(void)
1796 #define INITERROR return
1798 void initposix1e(void)
1803 Py_TYPE(&ACL_Type) = &PyType_Type;
1804 if(PyType_Ready(&ACL_Type) < 0)
1808 Py_TYPE(&Entry_Type) = &PyType_Type;
1809 if(PyType_Ready(&Entry_Type) < 0)
1812 Py_TYPE(&Permset_Type) = &PyType_Type;
1813 if(PyType_Ready(&Permset_Type) < 0)
1818 m = PyModule_Create(&posix1emodule);
1820 m = Py_InitModule3("posix1e", aclmodule_methods, __posix1e_doc__);
1825 d = PyModule_GetDict(m);
1829 Py_INCREF(&ACL_Type);
1830 if (PyDict_SetItemString(d, "ACL",
1831 (PyObject *) &ACL_Type) < 0)
1834 /* 23.3.6 acl_type_t values */
1835 PyModule_AddIntConstant(m, "ACL_TYPE_ACCESS", ACL_TYPE_ACCESS);
1836 PyModule_AddIntConstant(m, "ACL_TYPE_DEFAULT", ACL_TYPE_DEFAULT);
1840 Py_INCREF(&Entry_Type);
1841 if (PyDict_SetItemString(d, "Entry",
1842 (PyObject *) &Entry_Type) < 0)
1845 Py_INCREF(&Permset_Type);
1846 if (PyDict_SetItemString(d, "Permset",
1847 (PyObject *) &Permset_Type) < 0)
1850 /* 23.2.2 acl_perm_t values */
1851 PyModule_AddIntConstant(m, "ACL_READ", ACL_READ);
1852 PyModule_AddIntConstant(m, "ACL_WRITE", ACL_WRITE);
1853 PyModule_AddIntConstant(m, "ACL_EXECUTE", ACL_EXECUTE);
1855 /* 23.2.5 acl_tag_t values */
1856 PyModule_AddIntConstant(m, "ACL_UNDEFINED_TAG", ACL_UNDEFINED_TAG);
1857 PyModule_AddIntConstant(m, "ACL_USER_OBJ", ACL_USER_OBJ);
1858 PyModule_AddIntConstant(m, "ACL_USER", ACL_USER);
1859 PyModule_AddIntConstant(m, "ACL_GROUP_OBJ", ACL_GROUP_OBJ);
1860 PyModule_AddIntConstant(m, "ACL_GROUP", ACL_GROUP);
1861 PyModule_AddIntConstant(m, "ACL_MASK", ACL_MASK);
1862 PyModule_AddIntConstant(m, "ACL_OTHER", ACL_OTHER);
1864 /* Document extended functionality via easy-to-use constants */
1865 PyModule_AddIntConstant(m, "HAS_ACL_ENTRY", 1);
1867 PyModule_AddIntConstant(m, "HAS_ACL_ENTRY", 0);
1871 /* Linux libacl specific acl_to_any_text constants */
1872 PyModule_AddIntConstant(m, "TEXT_ABBREVIATE", TEXT_ABBREVIATE);
1873 PyModule_AddIntConstant(m, "TEXT_NUMERIC_IDS", TEXT_NUMERIC_IDS);
1874 PyModule_AddIntConstant(m, "TEXT_SOME_EFFECTIVE", TEXT_SOME_EFFECTIVE);
1875 PyModule_AddIntConstant(m, "TEXT_ALL_EFFECTIVE", TEXT_ALL_EFFECTIVE);
1876 PyModule_AddIntConstant(m, "TEXT_SMART_INDENT", TEXT_SMART_INDENT);
1878 /* Linux libacl specific acl_check constants */
1879 PyModule_AddIntConstant(m, "ACL_MULTI_ERROR", ACL_MULTI_ERROR);
1880 PyModule_AddIntConstant(m, "ACL_DUPLICATE_ERROR", ACL_DUPLICATE_ERROR);
1881 PyModule_AddIntConstant(m, "ACL_MISS_ERROR", ACL_MISS_ERROR);
1882 PyModule_AddIntConstant(m, "ACL_ENTRY_ERROR", ACL_ENTRY_ERROR);
1884 #define LINUX_EXT_VAL 1
1886 #define LINUX_EXT_VAL 0
1888 /* declare the Linux extensions */
1889 PyModule_AddIntConstant(m, "HAS_ACL_FROM_MODE", LINUX_EXT_VAL);
1890 PyModule_AddIntConstant(m, "HAS_ACL_CHECK", LINUX_EXT_VAL);
1891 PyModule_AddIntConstant(m, "HAS_EXTENDED_CHECK", LINUX_EXT_VAL);
1892 PyModule_AddIntConstant(m, "HAS_EQUIV_MODE", LINUX_EXT_VAL);
projects / debian-pylibacl.git / blob