2 posix1e - a python module exposing the posix acl functions
4 Copyright (C) 2002-2009, 2012, 2014, 2015 Iustin Pop <iustin@k1024.org>
6 This library is free software; you can redistribute it and/or
7 modify it under the terms of the GNU Lesser General Public
8 License as published by the Free Software Foundation; either
9 version 2.1 of the License, or (at your option) any later version.
11 This library is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 Lesser General Public License for more details.
16 You should have received a copy of the GNU Lesser General Public
17 License along with this library; if not, write to the Free Software
18 Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
25 #include <sys/types.h>
29 #include <acl/libacl.h>
30 #define get_perm acl_get_perm
32 #define get_perm acl_get_perm_np
35 /* Used for cpychecker: */
36 /* The checker automatically defines this preprocessor name when creating
37 the custom attribute: */
38 #if defined(WITH_CPYCHECKER_TYPE_OBJECT_FOR_TYPEDEF_ATTRIBUTE)
39 #define CPYCHECKER_TYPE_OBJECT_FOR_TYPEDEF(typename) \
40 __attribute__((cpychecker_type_object_for_typedef(typename)))
42 /* This handles the case where we're compiling with a "vanilla"
43 compiler that doesn't supply this attribute: */
44 #define CPYCHECKER_TYPE_OBJECT_FOR_TYPEDEF(typename)
47 /* The checker automatically defines this preprocessor name when creating
48 the custom attribute: */
49 #if defined(WITH_CPYCHECKER_NEGATIVE_RESULT_SETS_EXCEPTION_ATTRIBUTE)
50 #define CPYCHECKER_NEGATIVE_RESULT_SETS_EXCEPTION \
51 __attribute__((cpychecker_negative_result_sets_exception))
53 #define CPYCHECKER_NEGATIVE_RESULT_SETS_EXCEPTION
56 static PyTypeObject ACL_Type
57 CPYCHECKER_TYPE_OBJECT_FOR_TYPEDEF("ACL_Object");
58 static PyObject* ACL_applyto(PyObject* obj, PyObject* args);
59 static PyObject* ACL_valid(PyObject* obj, PyObject* args);
61 #ifdef HAVE_ACL_COPY_EXT
62 static PyObject* ACL_get_state(PyObject *obj, PyObject* args);
63 static PyObject* ACL_set_state(PyObject *obj, PyObject* args);
67 static PyTypeObject Entry_Type
68 CPYCHECKER_TYPE_OBJECT_FOR_TYPEDEF("Entry_Object");
69 static PyTypeObject Permset_Type
70 CPYCHECKER_TYPE_OBJECT_FOR_TYPEDEF("Permset_Object");
71 static PyObject* Permset_new(PyTypeObject* type, PyObject* args,
75 static acl_perm_t holder_ACL_EXECUTE = ACL_EXECUTE;
76 static acl_perm_t holder_ACL_READ = ACL_READ;
77 static acl_perm_t holder_ACL_WRITE = ACL_WRITE;
91 PyObject *parent_acl; /* The parent acl, so it won't run out on us */
97 PyObject *parent_entry; /* The parent entry, so it won't run out on us */
98 acl_permset_t permset;
103 /* Creation of a new ACL instance */
104 static PyObject* ACL_new(PyTypeObject* type, PyObject* args,
108 newacl = type->tp_alloc(type, 0);
111 ((ACL_Object*)newacl)->acl = NULL;
113 ((ACL_Object*)newacl)->entry_id = ACL_FIRST_ENTRY;
120 /* Initialization of a new ACL instance */
121 static int ACL_init(PyObject* obj, PyObject* args, PyObject *keywds) {
122 ACL_Object* self = (ACL_Object*) obj;
124 static char *kwlist[] = { "file", "fd", "text", "acl", "filedef",
126 char *format = "|etisO!si";
129 static char *kwlist[] = { "file", "fd", "text", "acl", "filedef", NULL };
130 char *format = "|etisO!s";
133 char *filedef = NULL;
136 ACL_Object* thesrc = NULL;
138 if(!PyTuple_Check(args) || PyTuple_Size(args) != 0 ||
139 (keywds != NULL && PyDict_Check(keywds) && PyDict_Size(keywds) > 1)) {
140 PyErr_SetString(PyExc_ValueError, "a max of one keyword argument"
144 if(!PyArg_ParseTupleAndKeywords(args, keywds, format, kwlist,
145 NULL, &file, &fd, &text, &ACL_Type,
153 /* Free the old acl_t without checking for error, we don't
155 if(self->acl != NULL)
159 self->acl = acl_get_file(file, ACL_TYPE_ACCESS);
160 else if(text != NULL)
161 self->acl = acl_from_text(text);
163 self->acl = acl_get_fd(fd);
164 else if(thesrc != NULL)
165 self->acl = acl_dup(thesrc->acl);
166 else if(filedef != NULL)
167 self->acl = acl_get_file(filedef, ACL_TYPE_DEFAULT);
170 self->acl = acl_from_mode(mode);
173 self->acl = acl_init(0);
175 if(self->acl == NULL) {
176 PyErr_SetFromErrno(PyExc_IOError);
183 /* Standard type functions */
184 static void ACL_dealloc(PyObject* obj) {
185 ACL_Object *self = (ACL_Object*) obj;
186 PyObject *err_type, *err_value, *err_traceback;
187 int have_error = PyErr_Occurred() ? 1 : 0;
190 PyErr_Fetch(&err_type, &err_value, &err_traceback);
191 if(self->acl != NULL && acl_free(self->acl) != 0)
192 PyErr_WriteUnraisable(obj);
194 PyErr_Restore(err_type, err_value, err_traceback);
198 /* Converts the acl to a text format */
199 static PyObject* ACL_str(PyObject *obj) {
201 ACL_Object *self = (ACL_Object*) obj;
204 text = acl_to_text(self->acl, NULL);
206 return PyErr_SetFromErrno(PyExc_IOError);
208 ret = PyUnicode_FromString(text);
209 if(acl_free(text) != 0) {
211 return PyErr_SetFromErrno(PyExc_IOError);
217 static char __to_any_text_doc__[] =
218 "to_any_text([prefix='', separator='n', options=0])\n"
219 "Convert the ACL to a custom text format.\n"
221 "This method encapsulates the ``acl_to_any_text()`` function.\n"
222 "It allows a customized text format to be generated for the ACL. See\n"
223 ":manpage:`acl_to_any_text(3)` for more details.\n"
225 ":param string prefix: if given, this string will be pre-pended to\n"
227 ":param string separator: a single character (defaults to '\\n'); this will"
228 " be used to separate the entries in the ACL\n"
229 ":param options: a bitwise combination of:\n\n"
230 " - :py:data:`TEXT_ABBREVIATE`: use 'u' instead of 'user', 'g' \n"
231 " instead of 'group', etc.\n"
232 " - :py:data:`TEXT_NUMERIC_IDS`: User and group IDs are included as\n"
233 " decimal numbers instead of names\n"
234 " - :py:data:`TEXT_SOME_EFFECTIVE`: Include comments denoting the\n"
235 " effective permissions when some are masked\n"
236 " - :py:data:`TEXT_ALL_EFFECTIVE`: Include comments after all ACL\n"
237 " entries affected by an ACL_MASK entry\n"
238 " - :py:data:`TEXT_SMART_INDENT`: Used in combination with the\n"
239 " _EFFECTIVE options, this will ensure that comments are aligned\n"
240 " to the fourth tab position (assuming one tab equals eight spaces)\n"
244 /* Converts the acl to a custom text format */
245 static PyObject* ACL_to_any_text(PyObject *obj, PyObject *args,
248 ACL_Object *self = (ACL_Object*) obj;
250 const char *arg_prefix = NULL;
251 char arg_separator = '\n';
253 static char *kwlist[] = {"prefix", "separator", "options", NULL};
255 if (!PyArg_ParseTupleAndKeywords(args, kwds, "|sci", kwlist, &arg_prefix,
256 &arg_separator, &arg_options))
259 text = acl_to_any_text(self->acl, arg_prefix, arg_separator, arg_options);
261 return PyErr_SetFromErrno(PyExc_IOError);
263 ret = PyBytes_FromString(text);
264 if(acl_free(text) != 0) {
266 return PyErr_SetFromErrno(PyExc_IOError);
271 static char __check_doc__[] =
272 "Check the ACL validity.\n"
274 "This is a non-portable, Linux specific extension that allow more\n"
275 "information to be retrieved in case an ACL is not valid than via the\n"
276 ":py:func:`valid` method.\n"
278 "This method will return either False (the ACL is valid), or a tuple\n"
279 "with two elements. The first element is one of the following\n"
281 " - :py:data:`ACL_MULTI_ERROR`: The ACL contains multiple entries that\n"
282 " have a tag type that may occur at most once\n"
283 " - :py:data:`ACL_DUPLICATE_ERROR`: The ACL contains multiple \n"
284 " :py:data:`ACL_USER` or :py:data:`ACL_GROUP` entries with the\n"
286 " - :py:data:`ACL_MISS_ERROR`: A required entry is missing\n"
287 " - :py:data:`ACL_ENTRY_ERROR`: The ACL contains an invalid entry\n"
290 "The second element of the tuple is the index of the entry that is\n"
291 "invalid (in the same order as by iterating over the ACL entry)\n"
294 /* The acl_check method */
295 static PyObject* ACL_check(PyObject* obj, PyObject* args) {
296 ACL_Object *self = (ACL_Object*) obj;
300 if((result = acl_check(self->acl, &eindex)) == -1)
301 return PyErr_SetFromErrno(PyExc_IOError);
305 return Py_BuildValue("(ii)", result, eindex);
308 /* Implementation of the rich compare for ACLs */
309 static PyObject* ACL_richcompare(PyObject* o1, PyObject* o2, int op) {
310 ACL_Object *acl1, *acl2;
314 if(!PyObject_IsInstance(o2, (PyObject*)&ACL_Type)) {
319 PyErr_SetString(PyExc_TypeError, "can only compare to an ACL");
323 acl1 = (ACL_Object*)o1;
324 acl2 = (ACL_Object*)o2;
325 if((n=acl_cmp(acl1->acl, acl2->acl))==-1)
326 return PyErr_SetFromErrno(PyExc_IOError);
329 ret = n == 0 ? Py_True : Py_False;
332 ret = n == 1 ? Py_True : Py_False;
335 PyErr_SetString(PyExc_TypeError, "ACLs are not orderable");
342 static char __equiv_mode_doc__[] =
343 "Return the octal mode the ACL is equivalent to.\n"
345 "This is a non-portable, Linux specific extension that checks\n"
346 "if the ACL is a basic ACL and returns the corresponding mode.\n"
349 ":raise IOError: An IOerror exception will be raised if the ACL is\n"
350 " an extended ACL.\n"
353 /* The acl_equiv_mode method */
354 static PyObject* ACL_equiv_mode(PyObject* obj, PyObject* args) {
355 ACL_Object *self = (ACL_Object*) obj;
358 if(acl_equiv_mode(self->acl, &mode) == -1)
359 return PyErr_SetFromErrno(PyExc_IOError);
360 return PyLong_FromLong(mode);
365 static char __applyto_doc__[] =
366 "applyto(item[, flag=ACL_TYPE_ACCESS])\n"
367 "Apply the ACL to a file or filehandle.\n"
369 ":param item: either a filename or a file-like object or an integer;\n"
370 " this represents the filesystem object on which to act\n"
371 ":param flag: optional flag representing the type of ACL to set, either\n"
372 " :py:data:`ACL_TYPE_ACCESS` (default) or :py:data:`ACL_TYPE_DEFAULT`\n"
375 /* Applies the ACL to a file */
376 static PyObject* ACL_applyto(PyObject* obj, PyObject* args) {
377 ACL_Object *self = (ACL_Object*) obj;
378 PyObject *target, *tmp;
379 acl_type_t type = ACL_TYPE_ACCESS;
383 if (!PyArg_ParseTuple(args, "O|I", &target, &type))
385 if ((fd = PyObject_AsFileDescriptor(target)) != -1) {
386 if((nret = acl_set_fd(fd, self->acl)) == -1) {
387 PyErr_SetFromErrno(PyExc_IOError);
390 // PyObject_AsFileDescriptor sets an error when failing, so clear
391 // it such that further code works; some method lookups fail if an
392 // error already occured when called, which breaks at least
393 // PyOS_FSPath (called by FSConverter).
395 if(PyUnicode_FSConverter(target, &tmp)) {
396 char *filename = PyBytes_AS_STRING(tmp);
397 if ((nret = acl_set_file(filename, type, self->acl)) == -1) {
398 PyErr_SetFromErrnoWithFilename(PyExc_IOError, filename);
413 static char __valid_doc__[] =
414 "Test the ACL for validity.\n"
416 "This method tests the ACL to see if it is a valid ACL\n"
417 "in terms of the file-system. More precisely, it checks that:\n"
419 "The ACL contains exactly one entry with each of the\n"
420 ":py:data:`ACL_USER_OBJ`, :py:data:`ACL_GROUP_OBJ`, and \n"
421 ":py:data:`ACL_OTHER` tag types. Entries\n"
422 "with :py:data:`ACL_USER` and :py:data:`ACL_GROUP` tag types may\n"
423 "appear zero or more\n"
424 "times in an ACL. An ACL that contains entries of :py:data:`ACL_USER` or\n"
425 ":py:data:`ACL_GROUP` tag types must contain exactly one entry of the \n"
426 ":py:data:`ACL_MASK` tag type. If an ACL contains no entries of\n"
427 ":py:data:`ACL_USER` or :py:data:`ACL_GROUP` tag types, the\n"
428 ":py:data:`ACL_MASK` entry is optional.\n"
430 "All user ID qualifiers must be unique among all entries of\n"
431 "the :py:data:`ACL_USER` tag type, and all group IDs must be unique\n"
432 "among all entries of :py:data:`ACL_GROUP` tag type.\n"
434 "The method will return 1 for a valid ACL and 0 for an invalid one.\n"
435 "This has been chosen because the specification for\n"
436 ":manpage:`acl_valid(3)`\n"
437 "in the POSIX.1e standard documents only one possible value for errno\n"
438 "in case of an invalid ACL, so we can't differentiate between\n"
439 "classes of errors. Other suggestions are welcome.\n"
445 /* Checks the ACL for validity */
446 static PyObject* ACL_valid(PyObject* obj, PyObject* args) {
447 ACL_Object *self = (ACL_Object*) obj;
449 if(acl_valid(self->acl) == -1) {
456 #ifdef HAVE_ACL_COPY_EXT
457 static PyObject* ACL_get_state(PyObject *obj, PyObject* args) {
458 ACL_Object *self = (ACL_Object*) obj;
463 size = acl_size(self->acl);
465 return PyErr_SetFromErrno(PyExc_IOError);
467 if((ret = PyBytes_FromStringAndSize(NULL, size)) == NULL)
469 buf = PyBytes_AsString(ret);
471 if((nsize = acl_copy_ext(buf, self->acl, size)) == -1) {
473 return PyErr_SetFromErrno(PyExc_IOError);
479 static PyObject* ACL_set_state(PyObject *obj, PyObject* args) {
480 ACL_Object *self = (ACL_Object*) obj;
485 /* Parse the argument */
486 if (!PyArg_ParseTuple(args, "s#", &buf, &bufsize))
489 /* Try to import the external representation */
490 if((ptr = acl_copy_int(buf)) == NULL)
491 return PyErr_SetFromErrno(PyExc_IOError);
493 /* Free the old acl. Should we ignore errors here? */
494 if(self->acl != NULL) {
495 if(acl_free(self->acl) == -1)
496 return PyErr_SetFromErrno(PyExc_IOError);
501 /* Return the result */
509 /* tp_iter for the ACL type; since it can be iterated only
510 * destructively, the type is its iterator
512 static PyObject* ACL_iter(PyObject *obj) {
513 ACL_Object *self = (ACL_Object*)obj;
514 self->entry_id = ACL_FIRST_ENTRY;
519 /* the tp_iternext function for the ACL type */
520 static PyObject* ACL_iternext(PyObject *obj) {
521 ACL_Object *self = (ACL_Object*)obj;
522 acl_entry_t the_entry_t;
523 Entry_Object *the_entry_obj;
526 nerr = acl_get_entry(self->acl, self->entry_id, &the_entry_t);
527 self->entry_id = ACL_NEXT_ENTRY;
529 return PyErr_SetFromErrno(PyExc_IOError);
531 /* Docs says this is not needed */
532 /*PyErr_SetObject(PyExc_StopIteration, Py_None);*/
536 the_entry_obj = (Entry_Object*) PyType_GenericNew(&Entry_Type, NULL, NULL);
537 if(the_entry_obj == NULL)
540 the_entry_obj->entry = the_entry_t;
542 the_entry_obj->parent_acl = obj;
543 Py_INCREF(obj); /* For the reference we have in entry->parent */
545 return (PyObject*)the_entry_obj;
548 static char __ACL_delete_entry_doc__[] =
549 "delete_entry(entry)\n"
550 "Deletes an entry from the ACL.\n"
552 ".. note:: Only available with level 2.\n"
554 ":param entry: the Entry object which should be deleted; note that after\n"
555 " this function is called, that object is unusable any longer\n"
556 " and should be deleted\n"
559 /* Deletes an entry from the ACL */
560 static PyObject* ACL_delete_entry(PyObject *obj, PyObject *args) {
561 ACL_Object *self = (ACL_Object*)obj;
564 if (!PyArg_ParseTuple(args, "O!", &Entry_Type, &e))
567 if(acl_delete_entry(self->acl, e->entry) == -1)
568 return PyErr_SetFromErrno(PyExc_IOError);
570 /* Return the result */
575 static char __ACL_calc_mask_doc__[] =
576 "Compute the file group class mask.\n"
578 "The calc_mask() method calculates and sets the permissions \n"
579 "associated with the :py:data:`ACL_MASK` Entry of the ACL.\n"
580 "The value of the new permissions is the union of the permissions \n"
581 "granted by all entries of tag type :py:data:`ACL_GROUP`, \n"
582 ":py:data:`ACL_GROUP_OBJ`, or \n"
583 ":py:data:`ACL_USER`. If the ACL already contains an :py:data:`ACL_MASK`\n"
585 "permissions are overwritten; if it does not contain an \n"
586 ":py:data:`ACL_MASK` Entry, one is added.\n"
588 "The order of existing entries in the ACL is undefined after this \n"
592 /* Updates the mask entry in the ACL */
593 static PyObject* ACL_calc_mask(PyObject *obj, PyObject *args) {
594 ACL_Object *self = (ACL_Object*)obj;
596 if(acl_calc_mask(&self->acl) == -1)
597 return PyErr_SetFromErrno(PyExc_IOError);
599 /* Return the result */
604 static char __ACL_append_doc__[] =
606 "Append a new Entry to the ACL and return it.\n"
608 "This is a convenience function to create a new Entry \n"
609 "and append it to the ACL.\n"
610 "If a parameter of type Entry instance is given, the \n"
611 "entry will be a copy of that one (as if copied with \n"
612 ":py:func:`Entry.copy`), otherwise, the new entry will be empty.\n"
614 ":rtype: :py:class:`Entry`\n"
615 ":returns: the newly created entry\n"
618 /* Convenience method to create a new Entry */
619 static PyObject* ACL_append(PyObject *obj, PyObject *args) {
620 ACL_Object* self = (ACL_Object*) obj;
621 Entry_Object* newentry;
622 Entry_Object* oldentry = NULL;
625 newentry = (Entry_Object*)PyType_GenericNew(&Entry_Type, NULL, NULL);
626 if(newentry == NULL) {
630 if (!PyArg_ParseTuple(args, "|O!", &Entry_Type, &oldentry)) {
635 nret = acl_create_entry(&self->acl, &newentry->entry);
638 return PyErr_SetFromErrno(PyExc_IOError);
641 if(oldentry != NULL) {
642 nret = acl_copy_entry(newentry->entry, oldentry->entry);
645 return PyErr_SetFromErrno(PyExc_IOError);
649 newentry->parent_acl = obj;
652 return (PyObject*)newentry;
655 /***** Entry type *****/
665 /* Pre-declaring the function is more friendly to cpychecker, sigh. */
666 static int get_tag_qualifier(acl_entry_t entry, tag_qual *tq)
667 CPYCHECKER_NEGATIVE_RESULT_SETS_EXCEPTION;
669 /* Helper function to get the tag and qualifier of an Entry at the
670 same time. This is "needed" because the acl_get_qualifier function
671 returns a pointer to different types, based on the tag value, and
672 thus it's not straightforward to get the right type.
674 It sets a Python exception if an error occurs, and returns -1 in
675 this case. If successful, the tag is set to the tag type, the
676 qualifier (if any) to either the uid or the gid entry in the
677 tag_qual structure, and the return value is 0.
679 static int get_tag_qualifier(acl_entry_t entry, tag_qual *tq) {
682 if(acl_get_tag_type(entry, &tq->tag) == -1) {
683 PyErr_SetFromErrno(PyExc_IOError);
686 if (tq->tag == ACL_USER || tq->tag == ACL_GROUP) {
687 if((p = acl_get_qualifier(entry)) == NULL) {
688 PyErr_SetFromErrno(PyExc_IOError);
691 if (tq->tag == ACL_USER) {
692 tq->uid = *(uid_t*)p;
694 tq->gid = *(gid_t*)p;
701 #define ENTRY_SET_CHECK(self, attr, value) \
702 if (value == NULL) { \
703 PyErr_SetString(PyExc_TypeError, \
704 attr " deletion is not supported"); \
708 /* Creation of a new Entry instance */
709 static PyObject* Entry_new(PyTypeObject* type, PyObject* args,
713 ACL_Object* parent = NULL;
715 if (!PyArg_ParseTuple(args, "O!", &ACL_Type, &parent))
718 newentry = PyType_GenericNew(type, args, keywds);
720 if(newentry == NULL) {
724 entry = (Entry_Object*)newentry;
726 if(acl_create_entry(&parent->acl, &entry->entry) == -1) {
727 PyErr_SetFromErrno(PyExc_IOError);
732 entry->parent_acl = (PyObject*)parent;
736 /* Initialization of a new Entry instance */
737 static int Entry_init(PyObject* obj, PyObject* args, PyObject *keywds) {
738 Entry_Object* self = (Entry_Object*) obj;
739 ACL_Object* parent = NULL;
741 if (!PyArg_ParseTuple(args, "O!", &ACL_Type, &parent))
744 if ((PyObject*)parent != self->parent_acl) {
745 PyErr_SetString(PyExc_ValueError,
746 "Can't reinitialize with a different parent");
752 /* Free the Entry instance */
753 static void Entry_dealloc(PyObject* obj) {
754 Entry_Object *self = (Entry_Object*) obj;
755 PyObject *err_type, *err_value, *err_traceback;
756 int have_error = PyErr_Occurred() ? 1 : 0;
759 PyErr_Fetch(&err_type, &err_value, &err_traceback);
760 if(self->parent_acl != NULL) {
761 Py_DECREF(self->parent_acl);
762 self->parent_acl = NULL;
765 PyErr_Restore(err_type, err_value, err_traceback);
769 /* Converts the entry to a text format */
770 static PyObject* Entry_str(PyObject *obj) {
771 PyObject *format, *kind;
772 Entry_Object *self = (Entry_Object*) obj;
775 if(get_tag_qualifier(self->entry, &tq) < 0) {
779 format = PyUnicode_FromString("ACL entry for ");
783 case ACL_UNDEFINED_TAG:
784 kind = PyUnicode_FromString("undefined type");
787 kind = PyUnicode_FromString("the owner");
790 kind = PyUnicode_FromString("the group");
793 kind = PyUnicode_FromString("the others");
796 /* FIXME: here and in the group case, we're formatting with
797 unsigned, because there's no way to automatically determine
798 the signed-ness of the types; on Linux(glibc) they're
799 unsigned, so we'll go along with that */
800 kind = PyUnicode_FromFormat("user with uid %u", tq.uid);
803 kind = PyUnicode_FromFormat("group with gid %u", tq.gid);
806 kind = PyUnicode_FromString("the mask");
809 kind = PyUnicode_FromString("UNKNOWN_TAG_TYPE!");
816 PyObject *ret = PyUnicode_Concat(format, kind);
822 /* Sets the tag type of the entry */
823 static int Entry_set_tag_type(PyObject* obj, PyObject* value, void* arg) {
824 Entry_Object *self = (Entry_Object*) obj;
826 ENTRY_SET_CHECK(self, "tag type", value);
828 if(!PyLong_Check(value)) {
829 PyErr_SetString(PyExc_TypeError,
830 "tag type must be integer");
833 if(acl_set_tag_type(self->entry, (acl_tag_t)PyLong_AsLong(value)) == -1) {
834 PyErr_SetFromErrno(PyExc_IOError);
841 /* Returns the tag type of the entry */
842 static PyObject* Entry_get_tag_type(PyObject *obj, void* arg) {
843 Entry_Object *self = (Entry_Object*) obj;
846 if(acl_get_tag_type(self->entry, &value) == -1) {
847 PyErr_SetFromErrno(PyExc_IOError);
851 return PyLong_FromLong(value);
854 /* Sets the qualifier (either uid_t or gid_t) for the entry,
855 * usable only if the tag type if ACL_USER or ACL_GROUP
857 static int Entry_set_qualifier(PyObject* obj, PyObject* value, void* arg) {
858 Entry_Object *self = (Entry_Object*) obj;
865 ENTRY_SET_CHECK(self, "qualifier", value);
867 if(!PyLong_Check(value)) {
868 PyErr_SetString(PyExc_TypeError,
869 "qualifier must be integer");
872 if((uidgid = PyLong_AsLong(value)) == -1) {
873 if(PyErr_Occurred() != NULL) {
877 /* Due to how acl_set_qualifier takes its argument, we have to do
878 this ugly dance with two variables and a pointer that will
879 point to one of them. */
880 if(acl_get_tag_type(self->entry, &tag) == -1) {
881 PyErr_SetFromErrno(PyExc_IOError);
888 if((long)uid != uidgid) {
889 PyErr_SetString(PyExc_OverflowError, "Can't assign given qualifier");
896 if((long)gid != uidgid) {
897 PyErr_SetString(PyExc_OverflowError, "Can't assign given qualifier");
904 PyErr_SetString(PyExc_TypeError,
905 "Can only set qualifiers on ACL_USER or ACL_GROUP entries");
908 if(acl_set_qualifier(self->entry, p) == -1) {
909 PyErr_SetFromErrno(PyExc_IOError);
916 /* Returns the qualifier of the entry */
917 static PyObject* Entry_get_qualifier(PyObject *obj, void* arg) {
918 Entry_Object *self = (Entry_Object*) obj;
922 if (self->entry == NULL) {
923 PyErr_SetString(PyExc_ValueError, "Can't get qualifier on uninitalized Entry object");
926 if(get_tag_qualifier(self->entry, &tq) < 0) {
929 if (tq.tag == ACL_USER) {
931 } else if (tq.tag == ACL_GROUP) {
934 PyErr_SetString(PyExc_TypeError,
935 "Given entry doesn't have an user or"
939 return PyLong_FromLong(value);
942 /* Returns the parent ACL of the entry */
943 static PyObject* Entry_get_parent(PyObject *obj, void* arg) {
944 Entry_Object *self = (Entry_Object*) obj;
946 Py_INCREF(self->parent_acl);
947 return self->parent_acl;
950 /* Returns the a new Permset representing the permset of the entry
951 * FIXME: Should return a new reference to the same object, which
952 * should be created at init time!
954 static PyObject* Entry_get_permset(PyObject *obj, void* arg) {
957 PyObject *perm_arglist = Py_BuildValue("(O)", obj);
958 if (perm_arglist == NULL) {
961 p = PyObject_CallObject((PyObject*)&Permset_Type, perm_arglist);
962 Py_DECREF(perm_arglist);
966 /* Sets the permset of the entry to the passed Permset */
967 static int Entry_set_permset(PyObject* obj, PyObject* value, void* arg) {
968 Entry_Object *self = (Entry_Object*)obj;
971 ENTRY_SET_CHECK(self, "permset", value);
973 if(!PyObject_IsInstance(value, (PyObject*)&Permset_Type)) {
974 PyErr_SetString(PyExc_TypeError, "argument 1 must be posix1e.Permset");
977 p = (Permset_Object*)value;
978 if(acl_set_permset(self->entry, p->permset) == -1) {
979 PyErr_SetFromErrno(PyExc_IOError);
985 static char __Entry_copy_doc__[] =
987 "Copies an ACL entry.\n"
989 "This method sets all the parameters to those of another\n"
990 "entry (either of the same ACL or belonging to another ACL).\n"
992 ":param Entry src: instance of type Entry\n"
995 /* Sets all the entry parameters to another entry */
996 static PyObject* Entry_copy(PyObject *obj, PyObject *args) {
997 Entry_Object *self = (Entry_Object*)obj;
1000 if(!PyArg_ParseTuple(args, "O!", &Entry_Type, &other))
1003 if(acl_copy_entry(self->entry, other->entry) == -1)
1004 return PyErr_SetFromErrno(PyExc_IOError);
1010 /**** Permset type *****/
1012 /* Creation of a new Permset instance */
1013 static PyObject* Permset_new(PyTypeObject* type, PyObject* args,
1015 PyObject* newpermset;
1017 newpermset = PyType_GenericNew(type, args, keywds);
1019 if(newpermset != NULL) {
1020 ((Permset_Object*)newpermset)->permset = NULL;
1021 ((Permset_Object*)newpermset)->parent_entry = NULL;
1027 /* Initialization of a new Permset instance */
1028 static int Permset_init(PyObject* obj, PyObject* args, PyObject *keywds) {
1029 Permset_Object* self = (Permset_Object*) obj;
1030 Entry_Object* parent = NULL;
1032 if (!PyArg_ParseTuple(args, "O!", &Entry_Type, &parent))
1035 if(acl_get_permset(parent->entry, &self->permset) == -1) {
1036 PyErr_SetFromErrno(PyExc_IOError);
1040 self->parent_entry = (PyObject*)parent;
1046 /* Free the Permset instance */
1047 static void Permset_dealloc(PyObject* obj) {
1048 Permset_Object *self = (Permset_Object*) obj;
1049 PyObject *err_type, *err_value, *err_traceback;
1050 int have_error = PyErr_Occurred() ? 1 : 0;
1053 PyErr_Fetch(&err_type, &err_value, &err_traceback);
1054 if(self->parent_entry != NULL) {
1055 Py_DECREF(self->parent_entry);
1056 self->parent_entry = NULL;
1059 PyErr_Restore(err_type, err_value, err_traceback);
1063 /* Permset string representation */
1064 static PyObject* Permset_str(PyObject *obj) {
1065 Permset_Object *self = (Permset_Object*) obj;
1068 pstr[0] = get_perm(self->permset, ACL_READ) ? 'r' : '-';
1069 pstr[1] = get_perm(self->permset, ACL_WRITE) ? 'w' : '-';
1070 pstr[2] = get_perm(self->permset, ACL_EXECUTE) ? 'x' : '-';
1071 return PyUnicode_FromStringAndSize(pstr, 3);
1074 static char __Permset_clear_doc__[] =
1075 "Clears all permissions from the permission set.\n"
1078 /* Clears all permissions from the permset */
1079 static PyObject* Permset_clear(PyObject* obj, PyObject* args) {
1080 Permset_Object *self = (Permset_Object*) obj;
1082 if(acl_clear_perms(self->permset) == -1)
1083 return PyErr_SetFromErrno(PyExc_IOError);
1085 /* Return the result */
1090 static PyObject* Permset_get_right(PyObject *obj, void* arg) {
1091 Permset_Object *self = (Permset_Object*) obj;
1093 if(get_perm(self->permset, *(acl_perm_t*)arg)) {
1100 static int Permset_set_right(PyObject* obj, PyObject* value, void* arg) {
1101 Permset_Object *self = (Permset_Object*) obj;
1105 if(!PyLong_Check(value)) {
1106 PyErr_SetString(PyExc_ValueError, "invalid argument, an integer"
1110 on = PyLong_AsLong(value);
1112 nerr = acl_add_perm(self->permset, *(acl_perm_t*)arg);
1114 nerr = acl_delete_perm(self->permset, *(acl_perm_t*)arg);
1116 PyErr_SetFromErrno(PyExc_IOError);
1122 static char __Permset_add_doc__[] =
1124 "Add a permission to the permission set.\n"
1126 "This function adds the permission contained in \n"
1127 "the argument perm to the permission set. An attempt \n"
1128 "to add a permission that is already contained in the \n"
1129 "permission set is not considered an error.\n"
1131 ":param perm: a permission (:py:data:`ACL_WRITE`, :py:data:`ACL_READ`,\n"
1132 " :py:data:`ACL_EXECUTE`, ...)\n"
1133 ":raises IOError: in case the argument is not a valid descriptor\n"
1136 static PyObject* Permset_add(PyObject* obj, PyObject* args) {
1137 Permset_Object *self = (Permset_Object*) obj;
1140 if (!PyArg_ParseTuple(args, "i", &right))
1143 if(acl_add_perm(self->permset, (acl_perm_t) right) == -1)
1144 return PyErr_SetFromErrno(PyExc_IOError);
1146 /* Return the result */
1151 static char __Permset_delete_doc__[] =
1153 "Delete a permission from the permission set.\n"
1155 "This function deletes the permission contained in \n"
1156 "the argument perm from the permission set. An attempt \n"
1157 "to delete a permission that is not contained in the \n"
1158 "permission set is not considered an error.\n"
1160 ":param perm: a permission (:py:data:`ACL_WRITE`, :py:data:`ACL_READ`,\n"
1161 " :py:data:`ACL_EXECUTE`, ...)\n"
1162 ":raises IOError: in case the argument is not a valid descriptor\n"
1165 static PyObject* Permset_delete(PyObject* obj, PyObject* args) {
1166 Permset_Object *self = (Permset_Object*) obj;
1169 if (!PyArg_ParseTuple(args, "i", &right))
1172 if(acl_delete_perm(self->permset, (acl_perm_t) right) == -1)
1173 return PyErr_SetFromErrno(PyExc_IOError);
1175 /* Return the result */
1180 static char __Permset_test_doc__[] =
1182 "Test if a permission exists in the permission set.\n"
1184 "The test() function tests if the permission represented by\n"
1185 "the argument perm exists in the permission set.\n"
1187 ":param perm: a permission (:py:data:`ACL_WRITE`, :py:data:`ACL_READ`,\n"
1188 " :py:data:`ACL_EXECUTE`, ...)\n"
1190 ":raises IOError: in case the argument is not a valid descriptor\n"
1193 static PyObject* Permset_test(PyObject* obj, PyObject* args) {
1194 Permset_Object *self = (Permset_Object*) obj;
1198 if (!PyArg_ParseTuple(args, "i", &right))
1201 ret = get_perm(self->permset, (acl_perm_t) right);
1203 return PyErr_SetFromErrno(PyExc_IOError);
1214 static char __ACL_Type_doc__[] =
1215 "Type which represents a POSIX ACL\n"
1217 ".. note:: only one keyword parameter should be provided\n"
1219 ":param string file: creates an ACL representing\n"
1220 " the access ACL of the specified file.\n"
1221 ":param string filedef: creates an ACL representing\n"
1222 " the default ACL of the given directory.\n"
1223 ":param int fd: creates an ACL representing\n"
1224 " the access ACL of the given file descriptor.\n"
1225 ":param string text: creates an ACL from a \n"
1226 " textual description; note the ACL must be valid, which\n"
1227 " means including a mask for extended ACLs, similar to\n"
1228 " ``setfacl --no-mask``\n"
1229 ":param ACL acl: creates a copy of an existing ACL instance.\n"
1230 ":param int mode: creates an ACL from a numeric mode\n"
1231 " (e.g. ``mode=0644``); this is valid only when the C library\n"
1232 " provides the ``acl_from_mode call``, and\n"
1233 " note that no validation is done on the given value.\n"
1235 "If no parameters are passed, an empty ACL will be created; this\n"
1236 "makes sense only when your OS supports ACL modification\n"
1237 "(i.e. it implements full POSIX.1e support), otherwise the ACL won't\n"
1241 /* ACL type methods */
1242 static PyMethodDef ACL_methods[] = {
1243 {"applyto", ACL_applyto, METH_VARARGS, __applyto_doc__},
1244 {"valid", ACL_valid, METH_NOARGS, __valid_doc__},
1246 {"to_any_text", (PyCFunction)ACL_to_any_text, METH_VARARGS | METH_KEYWORDS,
1247 __to_any_text_doc__},
1248 {"check", ACL_check, METH_NOARGS, __check_doc__},
1249 {"equiv_mode", ACL_equiv_mode, METH_NOARGS, __equiv_mode_doc__},
1251 #ifdef HAVE_ACL_COPY_EXT
1252 {"__getstate__", ACL_get_state, METH_NOARGS,
1253 "Dumps the ACL to an external format."},
1254 {"__setstate__", ACL_set_state, METH_VARARGS,
1255 "Loads the ACL from an external format."},
1258 {"delete_entry", ACL_delete_entry, METH_VARARGS, __ACL_delete_entry_doc__},
1259 {"calc_mask", ACL_calc_mask, METH_NOARGS, __ACL_calc_mask_doc__},
1260 {"append", ACL_append, METH_VARARGS, __ACL_append_doc__},
1262 {NULL, NULL, 0, NULL}
1266 /* The definition of the ACL Type */
1267 static PyTypeObject ACL_Type = {
1268 PyVarObject_HEAD_INIT(NULL, 0)
1272 ACL_dealloc, /* tp_dealloc */
1276 0, /* formerly tp_compare, in 3.0 deprecated, in
1279 0, /* tp_as_number */
1280 0, /* tp_as_sequence */
1281 0, /* tp_as_mapping */
1284 ACL_str, /* tp_str */
1285 0, /* tp_getattro */
1286 0, /* tp_setattro */
1287 0, /* tp_as_buffer */
1288 Py_TPFLAGS_DEFAULT, /* tp_flags */
1289 __ACL_Type_doc__, /* tp_doc */
1290 0, /* tp_traverse */
1293 ACL_richcompare, /* tp_richcompare */
1295 0, /* tp_richcompare */
1297 0, /* tp_weaklistoffset */
1303 0, /* tp_iternext */
1305 ACL_methods, /* tp_methods */
1310 0, /* tp_descr_get */
1311 0, /* tp_descr_set */
1312 0, /* tp_dictoffset */
1313 ACL_init, /* tp_init */
1315 ACL_new, /* tp_new */
1320 /* Entry type methods */
1321 static PyMethodDef Entry_methods[] = {
1322 {"copy", Entry_copy, METH_VARARGS, __Entry_copy_doc__},
1323 {NULL, NULL, 0, NULL}
1326 static char __Entry_tagtype_doc__[] =
1327 "The tag type of the current entry\n"
1330 " - :py:data:`ACL_UNDEFINED_TAG`\n"
1331 " - :py:data:`ACL_USER_OBJ`\n"
1332 " - :py:data:`ACL_USER`\n"
1333 " - :py:data:`ACL_GROUP_OBJ`\n"
1334 " - :py:data:`ACL_GROUP`\n"
1335 " - :py:data:`ACL_MASK`\n"
1336 " - :py:data:`ACL_OTHER`\n"
1339 static char __Entry_qualifier_doc__[] =
1340 "The qualifier of the current entry\n"
1342 "If the tag type is :py:data:`ACL_USER`, this should be a user id.\n"
1343 "If the tag type if :py:data:`ACL_GROUP`, this should be a group id.\n"
1344 "Else it doesn't matter.\n"
1347 static char __Entry_parent_doc__[] =
1348 "The parent ACL of this entry\n"
1351 static char __Entry_permset_doc__[] =
1352 "The permission set of this ACL entry\n"
1356 static PyGetSetDef Entry_getsets[] = {
1357 {"tag_type", Entry_get_tag_type, Entry_set_tag_type,
1358 __Entry_tagtype_doc__},
1359 {"qualifier", Entry_get_qualifier, Entry_set_qualifier,
1360 __Entry_qualifier_doc__},
1361 {"parent", Entry_get_parent, NULL, __Entry_parent_doc__},
1362 {"permset", Entry_get_permset, Entry_set_permset, __Entry_permset_doc__},
1366 static char __Entry_Type_doc__[] =
1367 "Type which represents an entry in an ACL.\n"
1369 "The type exists only if the OS has full support for POSIX.1e\n"
1370 "Can be created either by:\n"
1372 " >>> e = posix1e.Entry(myACL) # this creates a new entry in the ACL\n"
1373 " >>> e = myACL.append() # another way for doing the same thing\n"
1377 " >>> for entry in myACL:\n"
1378 " ... print entry\n"
1380 "Note that the Entry keeps a reference to its ACL, so even if \n"
1381 "you delete the ACL, it won't be cleaned up and will continue to \n"
1382 "exist until its Entry(ies) will be deleted.\n"
1384 /* The definition of the Entry Type */
1385 static PyTypeObject Entry_Type = {
1386 PyVarObject_HEAD_INIT(NULL, 0)
1388 sizeof(Entry_Object),
1390 Entry_dealloc, /* tp_dealloc */
1396 0, /* tp_as_number */
1397 0, /* tp_as_sequence */
1398 0, /* tp_as_mapping */
1401 Entry_str, /* tp_str */
1402 0, /* tp_getattro */
1403 0, /* tp_setattro */
1404 0, /* tp_as_buffer */
1405 Py_TPFLAGS_DEFAULT, /* tp_flags */
1406 __Entry_Type_doc__, /* tp_doc */
1407 0, /* tp_traverse */
1409 0, /* tp_richcompare */
1410 0, /* tp_weaklistoffset */
1412 0, /* tp_iternext */
1413 Entry_methods, /* tp_methods */
1415 Entry_getsets, /* tp_getset */
1418 0, /* tp_descr_get */
1419 0, /* tp_descr_set */
1420 0, /* tp_dictoffset */
1421 Entry_init, /* tp_init */
1423 Entry_new, /* tp_new */
1426 /* Permset type methods */
1427 static PyMethodDef Permset_methods[] = {
1428 {"clear", Permset_clear, METH_NOARGS, __Permset_clear_doc__, },
1429 {"add", Permset_add, METH_VARARGS, __Permset_add_doc__, },
1430 {"delete", Permset_delete, METH_VARARGS, __Permset_delete_doc__, },
1431 {"test", Permset_test, METH_VARARGS, __Permset_test_doc__, },
1432 {NULL, NULL, 0, NULL}
1435 static char __Permset_execute_doc__[] =
1436 "Execute permission property\n"
1438 "This is a convenience method of retrieving and setting the execute\n"
1439 "permission in the permission set; the \n"
1440 "same effect can be achieved using the functions\n"
1441 "add(), test(), delete(), and those can take any \n"
1442 "permission defined by your platform.\n"
1445 static char __Permset_read_doc__[] =
1446 "Read permission property\n"
1448 "This is a convenience method of retrieving and setting the read\n"
1449 "permission in the permission set; the \n"
1450 "same effect can be achieved using the functions\n"
1451 "add(), test(), delete(), and those can take any \n"
1452 "permission defined by your platform.\n"
1455 static char __Permset_write_doc__[] =
1456 "Write permission property\n"
1458 "This is a convenience method of retrieving and setting the write\n"
1459 "permission in the permission set; the \n"
1460 "same effect can be achieved using the functions\n"
1461 "add(), test(), delete(), and those can take any \n"
1462 "permission defined by your platform.\n"
1465 /* Permset getset */
1466 static PyGetSetDef Permset_getsets[] = {
1467 {"execute", Permset_get_right, Permset_set_right,
1468 __Permset_execute_doc__, &holder_ACL_EXECUTE},
1469 {"read", Permset_get_right, Permset_set_right,
1470 __Permset_read_doc__, &holder_ACL_READ},
1471 {"write", Permset_get_right, Permset_set_right,
1472 __Permset_write_doc__, &holder_ACL_WRITE},
1476 static char __Permset_Type_doc__[] =
1477 "Type which represents the permission set in an ACL entry\n"
1479 "The type exists only if the OS has full support for POSIX.1e\n"
1480 "Can be retrieved either by:\n\n"
1481 ">>> perms = myEntry.permset\n"
1484 ">>> perms = posix1e.Permset(myEntry)\n"
1486 "Note that the Permset keeps a reference to its Entry, so even if \n"
1487 "you delete the entry, it won't be cleaned up and will continue to \n"
1488 "exist until its Permset will be deleted.\n"
1491 /* The definition of the Permset Type */
1492 static PyTypeObject Permset_Type = {
1493 PyVarObject_HEAD_INIT(NULL, 0)
1495 sizeof(Permset_Object),
1497 Permset_dealloc, /* tp_dealloc */
1503 0, /* tp_as_number */
1504 0, /* tp_as_sequence */
1505 0, /* tp_as_mapping */
1508 Permset_str, /* tp_str */
1509 0, /* tp_getattro */
1510 0, /* tp_setattro */
1511 0, /* tp_as_buffer */
1512 Py_TPFLAGS_DEFAULT, /* tp_flags */
1513 __Permset_Type_doc__,/* tp_doc */
1514 0, /* tp_traverse */
1516 0, /* tp_richcompare */
1517 0, /* tp_weaklistoffset */
1519 0, /* tp_iternext */
1520 Permset_methods, /* tp_methods */
1522 Permset_getsets, /* tp_getset */
1525 0, /* tp_descr_get */
1526 0, /* tp_descr_set */
1527 0, /* tp_dictoffset */
1528 Permset_init, /* tp_init */
1530 Permset_new, /* tp_new */
1535 /* Module methods */
1537 static char __deletedef_doc__[] =
1538 "delete_default(path)\n"
1539 "Delete the default ACL from a directory.\n"
1541 "This function deletes the default ACL associated with\n"
1542 "a directory (the ACL which will be ANDed with the mode\n"
1543 "parameter to the open, creat functions).\n"
1545 ":param string path: the directory whose default ACL should be deleted\n"
1548 /* Deletes the default ACL from a directory */
1549 static PyObject* aclmodule_delete_default(PyObject* obj, PyObject* args) {
1552 /* Parse the arguments */
1553 if (!PyArg_ParseTuple(args, "et", NULL, &filename))
1556 if(acl_delete_def_file(filename) == -1) {
1557 return PyErr_SetFromErrnoWithFilename(PyExc_IOError, filename);
1560 /* Return the result */
1566 static char __has_extended_doc__[] =
1567 "has_extended(item)\n"
1568 "Check if a file or file handle has an extended ACL.\n"
1570 ":param item: either a file name or a file-like object or an integer;\n"
1571 " it represents the file-system object on which to act\n"
1574 /* Check for extended ACL a file or fd */
1575 static PyObject* aclmodule_has_extended(PyObject* obj, PyObject* args) {
1576 PyObject *item, *tmp;
1580 if (!PyArg_ParseTuple(args, "O", &item))
1583 if((fd = PyObject_AsFileDescriptor(item)) != -1) {
1584 if((nret = acl_extended_fd(fd)) == -1) {
1585 PyErr_SetFromErrno(PyExc_IOError);
1588 // PyObject_AsFileDescriptor sets an error when failing, so clear
1589 // it such that further code works; some method lookups fail if an
1590 // error already occured when called, which breaks at least
1591 // PyOS_FSPath (called by FSConverter).
1593 if(PyUnicode_FSConverter(item, &tmp)) {
1594 char *filename = PyBytes_AS_STRING(tmp);
1595 if ((nret = acl_extended_file(filename)) == -1) {
1596 PyErr_SetFromErrnoWithFilename(PyExc_IOError, filename);
1607 return PyBool_FromLong(nret);
1612 /* The module methods */
1613 static PyMethodDef aclmodule_methods[] = {
1614 {"delete_default", aclmodule_delete_default, METH_VARARGS,
1617 {"has_extended", aclmodule_has_extended, METH_VARARGS,
1618 __has_extended_doc__},
1620 {NULL, NULL, 0, NULL}
1623 static char __posix1e_doc__[] =
1624 "POSIX.1e ACLs manipulation\n"
1625 "==========================\n"
1627 "This module provides support for manipulating POSIX.1e ACLS\n"
1629 "Depending on the operating system support for POSIX.1e, \n"
1630 "the ACL type will have more or less capabilities:\n\n"
1631 " - level 1, only basic support, you can create\n"
1632 " ACLs from files and text descriptions;\n"
1633 " once created, the type is immutable\n"
1634 " - level 2, complete support, you can alter\n"
1635 " the ACL once it is created\n"
1637 "Also, in level 2, more types are available, corresponding\n"
1638 "to acl_entry_t (the Entry type), acl_permset_t (the Permset type).\n"
1640 "The existence of level 2 support and other extensions can be\n"
1641 "checked by the constants:\n\n"
1642 " - :py:data:`HAS_ACL_ENTRY` for level 2 and the Entry/Permset classes\n"
1643 " - :py:data:`HAS_ACL_FROM_MODE` for ``ACL(mode=...)`` usage\n"
1644 " - :py:data:`HAS_ACL_CHECK` for the :py:func:`ACL.check` function\n"
1645 " - :py:data:`HAS_EXTENDED_CHECK` for the module-level\n"
1646 " :py:func:`has_extended` function\n"
1647 " - :py:data:`HAS_EQUIV_MODE` for the :py:func:`ACL.equiv_mode` method\n"
1648 " - :py:data:`HAS_COPY_EXT` for the :py:func:`ACL.__getstate__` and\n"
1649 " :py:func:`ACL.__setstate__` functions (pickle protocol)\n"
1653 ">>> import posix1e\n"
1654 ">>> acl1 = posix1e.ACL(file=\"file.txt\") \n"
1660 ">>> b = posix1e.ACL(text=\"u::rx,g::-,o::-\")\n"
1666 ">>> b.applyto(\"file.txt\")\n"
1667 ">>> print posix1e.ACL(file=\"file.txt\")\n"
1673 ".. py:data:: ACL_USER\n\n"
1674 " Denotes a specific user entry in an ACL.\n"
1676 ".. py:data:: ACL_USER_OBJ\n\n"
1677 " Denotes the user owner entry in an ACL.\n"
1679 ".. py:data:: ACL_GROUP\n\n"
1680 " Denotes the a group entry in an ACL.\n"
1682 ".. py:data:: ACL_GROUP_OBJ\n\n"
1683 " Denotes the group owner entry in an ACL.\n"
1685 ".. py:data:: ACL_OTHER\n\n"
1686 " Denotes the 'others' entry in an ACL.\n"
1688 ".. py:data:: ACL_MASK\n\n"
1689 " Denotes the mask entry in an ACL, representing the maximum\n"
1690 " access granted other users, the owner group and other groups.\n"
1692 ".. py:data:: ACL_UNDEFINED_TAG\n\n"
1693 " An undefined tag in an ACL.\n"
1695 ".. py:data:: ACL_READ\n\n"
1696 " Read permission in a permission set.\n"
1698 ".. py:data:: ACL_WRITE\n\n"
1699 " Write permission in a permission set.\n"
1701 ".. py:data:: ACL_EXECUTE\n\n"
1702 " Execute permission in a permission set.\n"
1704 ".. py:data:: HAS_ACL_ENTRY\n\n"
1705 " denotes support for level 2 and the Entry/Permset classes\n"
1707 ".. py:data:: HAS_ACL_FROM_MODE\n\n"
1708 " denotes support for building an ACL from an octal mode\n"
1710 ".. py:data:: HAS_ACL_CHECK\n\n"
1711 " denotes support for extended checks of an ACL's validity\n"
1713 ".. py:data:: HAS_EXTENDED_CHECK\n\n"
1714 " denotes support for checking whether an ACL is basic or extended\n"
1716 ".. py:data:: HAS_EQUIV_MODE\n\n"
1717 " denotes support for the equiv_mode function\n"
1719 ".. py:data:: HAS_COPY_EXT\n\n"
1720 " denotes support for __getstate__()/__setstate__() on an ACL\n"
1724 static struct PyModuleDef posix1emodule = {
1725 PyModuleDef_HEAD_INIT,
1733 PyInit_posix1e(void)
1737 Py_TYPE(&ACL_Type) = &PyType_Type;
1738 if(PyType_Ready(&ACL_Type) < 0)
1742 Py_TYPE(&Entry_Type) = &PyType_Type;
1743 if(PyType_Ready(&Entry_Type) < 0)
1746 Py_TYPE(&Permset_Type) = &PyType_Type;
1747 if(PyType_Ready(&Permset_Type) < 0)
1751 m = PyModule_Create(&posix1emodule);
1755 d = PyModule_GetDict(m);
1759 Py_INCREF(&ACL_Type);
1760 if (PyDict_SetItemString(d, "ACL",
1761 (PyObject *) &ACL_Type) < 0)
1764 /* 23.3.6 acl_type_t values */
1765 PyModule_AddIntConstant(m, "ACL_TYPE_ACCESS", ACL_TYPE_ACCESS);
1766 PyModule_AddIntConstant(m, "ACL_TYPE_DEFAULT", ACL_TYPE_DEFAULT);
1770 Py_INCREF(&Entry_Type);
1771 if (PyDict_SetItemString(d, "Entry",
1772 (PyObject *) &Entry_Type) < 0)
1775 Py_INCREF(&Permset_Type);
1776 if (PyDict_SetItemString(d, "Permset",
1777 (PyObject *) &Permset_Type) < 0)
1780 /* 23.2.2 acl_perm_t values */
1781 PyModule_AddIntConstant(m, "ACL_READ", ACL_READ);
1782 PyModule_AddIntConstant(m, "ACL_WRITE", ACL_WRITE);
1783 PyModule_AddIntConstant(m, "ACL_EXECUTE", ACL_EXECUTE);
1785 /* 23.2.5 acl_tag_t values */
1786 PyModule_AddIntConstant(m, "ACL_UNDEFINED_TAG", ACL_UNDEFINED_TAG);
1787 PyModule_AddIntConstant(m, "ACL_USER_OBJ", ACL_USER_OBJ);
1788 PyModule_AddIntConstant(m, "ACL_USER", ACL_USER);
1789 PyModule_AddIntConstant(m, "ACL_GROUP_OBJ", ACL_GROUP_OBJ);
1790 PyModule_AddIntConstant(m, "ACL_GROUP", ACL_GROUP);
1791 PyModule_AddIntConstant(m, "ACL_MASK", ACL_MASK);
1792 PyModule_AddIntConstant(m, "ACL_OTHER", ACL_OTHER);
1794 /* Document extended functionality via easy-to-use constants */
1795 PyModule_AddIntConstant(m, "HAS_ACL_ENTRY", 1);
1797 PyModule_AddIntConstant(m, "HAS_ACL_ENTRY", 0);
1801 /* Linux libacl specific acl_to_any_text constants */
1802 PyModule_AddIntConstant(m, "TEXT_ABBREVIATE", TEXT_ABBREVIATE);
1803 PyModule_AddIntConstant(m, "TEXT_NUMERIC_IDS", TEXT_NUMERIC_IDS);
1804 PyModule_AddIntConstant(m, "TEXT_SOME_EFFECTIVE", TEXT_SOME_EFFECTIVE);
1805 PyModule_AddIntConstant(m, "TEXT_ALL_EFFECTIVE", TEXT_ALL_EFFECTIVE);
1806 PyModule_AddIntConstant(m, "TEXT_SMART_INDENT", TEXT_SMART_INDENT);
1808 /* Linux libacl specific acl_check constants */
1809 PyModule_AddIntConstant(m, "ACL_MULTI_ERROR", ACL_MULTI_ERROR);
1810 PyModule_AddIntConstant(m, "ACL_DUPLICATE_ERROR", ACL_DUPLICATE_ERROR);
1811 PyModule_AddIntConstant(m, "ACL_MISS_ERROR", ACL_MISS_ERROR);
1812 PyModule_AddIntConstant(m, "ACL_ENTRY_ERROR", ACL_ENTRY_ERROR);
1814 #define LINUX_EXT_VAL 1
1816 #define LINUX_EXT_VAL 0
1818 /* declare the Linux extensions */
1819 PyModule_AddIntConstant(m, "HAS_ACL_FROM_MODE", LINUX_EXT_VAL);
1820 PyModule_AddIntConstant(m, "HAS_ACL_CHECK", LINUX_EXT_VAL);
1821 PyModule_AddIntConstant(m, "HAS_EXTENDED_CHECK", LINUX_EXT_VAL);
1822 PyModule_AddIntConstant(m, "HAS_EQUIV_MODE", LINUX_EXT_VAL);
1824 PyModule_AddIntConstant(m, "HAS_COPY_EXT",
1825 #ifdef HAVE_ACL_COPY_EXT