10 staticforward PyTypeObject ACL_Type;
11 static PyObject* ACL_applyto(PyObject* obj, PyObject* args);
12 static PyObject* ACL_valid(PyObject* obj, PyObject* args);
15 static PyObject* ACL_get_state(PyObject *obj, PyObject* args);
16 static PyObject* ACL_set_state(PyObject *obj, PyObject* args);
18 staticforward PyTypeObject Entry_Type;
19 staticforward PyTypeObject Permset_Type;
20 static PyObject* Permset_new(PyTypeObject* type, PyObject* args,
24 static acl_perm_t holder_ACL_EXECUTE = ACL_EXECUTE;
25 static acl_perm_t holder_ACL_READ = ACL_READ;
26 static acl_perm_t holder_ACL_WRITE = ACL_WRITE;
40 PyObject *parent_acl; /* The parent acl, so it won't run out on us */
46 PyObject *parent_entry; /* The parent entry, so it won't run out on us */
47 acl_permset_t permset;
52 /* Creation of a new ACL instance */
53 static PyObject* ACL_new(PyTypeObject* type, PyObject* args,
57 newacl = type->tp_alloc(type, 0);
60 ((ACL_Object*)newacl)->acl = NULL;
62 ((ACL_Object*)newacl)->entry_id = ACL_FIRST_ENTRY;
69 /* Initialization of a new ACL instance */
70 static int ACL_init(PyObject* obj, PyObject* args, PyObject *keywds) {
71 ACL_Object* self = (ACL_Object*) obj;
73 static char *kwlist[] = { "file", "fd", "text", "acl", "filedef",
75 char *format = "|sisO!sH";
78 static char *kwlist[] = { "file", "fd", "text", "acl", "filedef", NULL };
79 char *format = "|sisO!s";
85 ACL_Object* thesrc = NULL;
87 if(!PyTuple_Check(args) || PyTuple_Size(args) != 0 ||
88 (keywds != NULL && PyDict_Check(keywds) && PyDict_Size(keywds) > 1)) {
89 PyErr_SetString(PyExc_ValueError, "a max of one keyword argument"
93 if(!PyArg_ParseTupleAndKeywords(args, keywds, format, kwlist,
94 &file, &fd, &text, &ACL_Type,
102 /* Free the old acl_t without checking for error, we don't
104 if(self->acl != NULL)
108 self->acl = acl_get_file(file, ACL_TYPE_ACCESS);
109 else if(text != NULL)
110 self->acl = acl_from_text(text);
112 self->acl = acl_get_fd(fd);
113 else if(thesrc != NULL)
114 self->acl = acl_dup(thesrc->acl);
115 else if(filedef != NULL)
116 self->acl = acl_get_file(filedef, ACL_TYPE_DEFAULT);
118 else if(PyMapping_HasKeyString(keywds, kwlist[5]))
119 self->acl = acl_from_mode(mode);
122 self->acl = acl_init(0);
124 if(self->acl == NULL) {
125 PyErr_SetFromErrno(PyExc_IOError);
132 /* Standard type functions */
133 static void ACL_dealloc(PyObject* obj) {
134 ACL_Object *self = (ACL_Object*) obj;
135 PyObject *err_type, *err_value, *err_traceback;
136 int have_error = PyErr_Occurred() ? 1 : 0;
139 PyErr_Fetch(&err_type, &err_value, &err_traceback);
140 if(self->acl != NULL && acl_free(self->acl) != 0)
141 PyErr_WriteUnraisable(obj);
143 PyErr_Restore(err_type, err_value, err_traceback);
147 /* Converts the acl to a text format */
148 static PyObject* ACL_str(PyObject *obj) {
150 ACL_Object *self = (ACL_Object*) obj;
153 text = acl_to_text(self->acl, NULL);
155 return PyErr_SetFromErrno(PyExc_IOError);
157 ret = PyString_FromString(text);
158 if(acl_free(text) != 0) {
160 return PyErr_SetFromErrno(PyExc_IOError);
166 static char __to_any_text_doc__[] =
167 "Convert the ACL to a custom text format.\n"
169 "This method encapsulates the acl_to_any_text function. It allows a \n"
170 "customized text format to be generated for the ACL. See\n"
171 "acl_to_any_text(3) for more details.\n"
174 " - prefix: if given, this string will be prepended to all lines\n"
175 " - separator: a single character (defaults to '\\n'); this will be\n"
176 " user to separate the entries in the ACL\n"
177 " - options: a bitwise combination of:\n"
178 " TEXT_ABBREVIATE: use 'u' instead of 'user', 'g' instead of \n"
180 " TEXT_NUMERIC_IDS: User and group IDs are included as decimal\n"
181 " numbers instead of names\n"
182 " TEXT_SOME_EFFECTIVE: Include comments denoting the effective\n"
183 " permissions when some are masked\n"
184 " TEXT_ALL_EFFECTIVE: Include comments after all ACL entries\n"
185 " affected by an ACL_MASK entry\n"
186 " TEXT_SMART_INDENT: Used in combination with the _EFFECTIVE\n"
187 " options, this will ensure that comments \n"
188 " are alligned to the fourth tab position\n"
189 " (assuming one tab equal eight spaces\n"
192 /* Converts the acl to a custom text format */
193 static PyObject* ACL_to_any_text(PyObject *obj, PyObject *args,
196 ACL_Object *self = (ACL_Object*) obj;
198 char *arg_prefix = NULL;
199 char arg_separator = '\n';
201 static char *kwlist[] = {"prefix", "separator", "options", NULL};
203 if (!PyArg_ParseTupleAndKeywords(args, kwds, "|sci", kwlist, &arg_prefix,
204 &arg_separator, &arg_options))
207 text = acl_to_any_text(self->acl, arg_prefix, arg_separator, arg_options);
209 return PyErr_SetFromErrno(PyExc_IOError);
211 ret = PyString_FromString(text);
212 if(acl_free(text) != 0) {
214 return PyErr_SetFromErrno(PyExc_IOError);
219 static char __check_doc__[] =
220 "Check the ACL validity.\n"
222 "This is a non-portable, Linux specific extension that allow more\n"
223 "information to be retrieved in case an ACL is not valid than the\n"
224 "validate() method.\n"
226 "This method will return either False (the ACL is valid), or a tuple\n"
227 "with two elements. The first element is one of the following\n"
229 " - ACL_MULTI_ERROR: The ACL contains multiple entries that have a\n"
230 " tag type that may occur at most once\n"
231 " - ACL_DUPLICATE_ERROR: The ACL contains multiple ACL_USER or \n"
232 " ACL_GROUP entries with the same ID\n"
233 " - ACL_MISS_ERROR: A required entry is missing\n"
234 " - ACL_ENTRY_ERROR: The ACL contains an invalid entry tag type\n"
236 "The second element of the tuple is the index of the entry that is\n"
237 "invalid (in the same order as by iterating over the ACL entry)\n"
240 /* The acl_check method */
241 static PyObject* ACL_check(PyObject* obj, PyObject* args) {
242 ACL_Object *self = (ACL_Object*) obj;
246 if((result = acl_check(self->acl, &eindex)) == -1)
247 return PyErr_SetFromErrno(PyExc_IOError);
252 return PyTuple_Pack(2, PyInt_FromLong(result), PyInt_FromLong(eindex));
255 /* Implementation of the rich compare for ACLs */
256 static PyObject* ACL_richcompare(PyObject* o1, PyObject* o2, int op) {
257 ACL_Object *acl1, *acl2;
261 if(!PyObject_IsInstance(o2, (PyObject*)&ACL_Type)) {
266 PyErr_SetString(PyExc_TypeError, "can only compare to an ACL");
270 acl1 = (ACL_Object*)o1;
271 acl2 = (ACL_Object*)o2;
272 if((n=acl_cmp(acl1->acl, acl2->acl))==-1)
273 return PyErr_SetFromErrno(PyExc_IOError);
276 ret = n == 0 ? Py_True : Py_False;
279 ret = n == 1 ? Py_True : Py_False;
282 ret = Py_NotImplemented;
289 /* Implementation of the compare for ACLs */
290 static int ACL_nocmp(PyObject* o1, PyObject* o2) {
292 PyErr_SetString(PyExc_TypeError, "cannot compare ACLs using cmp()");
297 static char __applyto_doc__[] =
298 "Apply the ACL to a file or filehandle.\n"
301 " - either a filename or a file-like object or an integer; this\n"
302 " represents the filesystem object on which to act\n"
303 " - optional flag representing the type of ACL to set, either\n"
304 " ACL_TYPE_ACCESS (default) or ACL_TYPE_DEFAULT\n"
307 /* Applyes the ACL to a file */
308 static PyObject* ACL_applyto(PyObject* obj, PyObject* args) {
309 ACL_Object *self = (ACL_Object*) obj;
311 acl_type_t type = ACL_TYPE_ACCESS;
315 if (!PyArg_ParseTuple(args, "O|i", &myarg, &type))
318 if(PyString_Check(myarg)) {
319 char *filename = PyString_AS_STRING(myarg);
320 nret = acl_set_file(filename, type, self->acl);
321 } else if((fd = PyObject_AsFileDescriptor(myarg)) != -1) {
322 nret = acl_set_fd(fd, self->acl);
324 PyErr_SetString(PyExc_TypeError, "argument 1 must be string, int,"
325 " or file-like object");
329 return PyErr_SetFromErrno(PyExc_IOError);
332 /* Return the result */
337 static char __valid_doc__[] =
338 "Test the ACL for validity.\n"
340 "This method tests the ACL to see if it is a valid ACL\n"
341 "in terms of the filesystem. More precisely, it checks that:\n"
343 "The ACL contains exactly one entry with each of the\n"
344 "ACL_USER_OBJ, ACL_GROUP_OBJ, and ACL_OTHER tag types. Entries\n"
345 "with ACL_USER and ACL_GROUP tag types may appear zero or more\n"
346 "times in an ACL. An ACL that contains entries of ACL_USER or\n"
347 "ACL_GROUP tag types must contain exactly one entry of the \n"
348 "ACL_MASK tag type. If an ACL contains no entries of\n"
349 "ACL_USER or ACL_GROUP tag types, the ACL_MASK entry is optional.\n"
351 "All user ID qualifiers must be unique among all entries of\n"
352 "the ACL_USER tag type, and all group IDs must be unique among all\n"
353 "entries of ACL_GROUP tag type.\n"
355 "The method will return 1 for a valid ACL and 0 for an invalid one.\n"
356 "This has been chosen because the specification for acl_valid in\n"
357 "the POSIX.1e standard documents only one possible value for errno\n"
358 "in case of an invalid ACL, so we can't differentiate between\n"
359 "classes of errors. Other suggestions are welcome.\n"
362 /* Checks the ACL for validity */
363 static PyObject* ACL_valid(PyObject* obj, PyObject* args) {
364 ACL_Object *self = (ACL_Object*) obj;
366 if(acl_valid(self->acl) == -1) {
377 static PyObject* ACL_get_state(PyObject *obj, PyObject* args) {
378 ACL_Object *self = (ACL_Object*) obj;
383 size = acl_size(self->acl);
385 return PyErr_SetFromErrno(PyExc_IOError);
387 if((ret = PyString_FromStringAndSize(NULL, size)) == NULL)
389 buf = PyString_AsString(ret);
391 if((nsize = acl_copy_ext(buf, self->acl, size)) == -1) {
393 return PyErr_SetFromErrno(PyExc_IOError);
399 static PyObject* ACL_set_state(PyObject *obj, PyObject* args) {
400 ACL_Object *self = (ACL_Object*) obj;
405 /* Parse the argument */
406 if (!PyArg_ParseTuple(args, "s#", &buf, &bufsize))
409 /* Try to import the external representation */
410 if((ptr = acl_copy_int(buf)) == NULL)
411 return PyErr_SetFromErrno(PyExc_IOError);
413 /* Free the old acl. Should we ignore errors here? */
414 if(self->acl != NULL) {
415 if(acl_free(self->acl) == -1)
416 return PyErr_SetFromErrno(PyExc_IOError);
421 /* Return the result */
426 /* tp_iter for the ACL type; since it can be iterated only
427 * destructively, the type is its iterator
429 static PyObject* ACL_iter(PyObject *obj) {
430 ACL_Object *self = (ACL_Object*)obj;
431 self->entry_id = ACL_FIRST_ENTRY;
436 /* the tp_iternext function for the ACL type */
437 static PyObject* ACL_iternext(PyObject *obj) {
438 ACL_Object *self = (ACL_Object*)obj;
439 acl_entry_t the_entry_t;
440 Entry_Object *the_entry_obj;
443 nerr = acl_get_entry(self->acl, self->entry_id, &the_entry_t);
444 self->entry_id = ACL_NEXT_ENTRY;
446 return PyErr_SetFromErrno(PyExc_IOError);
448 /* Docs says this is not needed */
449 /*PyErr_SetObject(PyExc_StopIteration, Py_None);*/
453 the_entry_obj = (Entry_Object*) PyType_GenericNew(&Entry_Type, NULL, NULL);
454 if(the_entry_obj == NULL)
457 the_entry_obj->entry = the_entry_t;
459 the_entry_obj->parent_acl = obj;
460 Py_INCREF(obj); /* For the reference we have in entry->parent */
462 return (PyObject*)the_entry_obj;
465 static char __ACL_delete_entry_doc__[] =
466 "Deletes an entry from the ACL.\n"
468 "Note: Only with level 2\n"
470 " - the Entry object which should be deleted; note that after\n"
471 " this function is called, that object is unusable any longer\n"
472 " and should be deleted\n"
475 /* Deletes an entry from the ACL */
476 static PyObject* ACL_delete_entry(PyObject *obj, PyObject *args) {
477 ACL_Object *self = (ACL_Object*)obj;
480 if (!PyArg_ParseTuple(args, "O!", &Entry_Type, &e))
483 if(acl_delete_entry(self->acl, e->entry) == -1)
484 return PyErr_SetFromErrno(PyExc_IOError);
486 /* Return the result */
491 static char __ACL_calc_mask_doc__[] =
492 "Compute the file group class mask.\n"
494 "The calc_mask() method calculates and sets the permissions \n"
495 "associated with the ACL_MASK Entry of the ACL.\n"
496 "The value of the new permissions is the union of the permissions \n"
497 "granted by all entries of tag type ACL_GROUP, ACL_GROUP_OBJ, or \n"
498 "ACL_USER. If the ACL already contains an ACL_MASK entry, its \n"
499 "permissions are overwritten; if it does not contain an ACL_MASK \n"
500 "Entry, one is added.\n"
502 "The order of existing entries in the ACL is undefined after this \n"
506 /* Updates the mask entry in the ACL */
507 static PyObject* ACL_calc_mask(PyObject *obj, PyObject *args) {
508 ACL_Object *self = (ACL_Object*)obj;
510 if(acl_calc_mask(&self->acl) == -1)
511 return PyErr_SetFromErrno(PyExc_IOError);
513 /* Return the result */
518 static char __ACL_append_doc__[] =
519 "Append a new Entry to the ACL and return it.\n"
521 "This is a convenience function to create a new Entry \n"
522 "and append it to the ACL.\n"
523 "If a parameter of type Entry instance is given, the \n"
524 "entry will be a copy of that one (as if copied with \n"
525 "Entry.copy()), otherwise, the new entry will be empty.\n"
528 /* Convenience method to create a new Entry */
529 static PyObject* ACL_append(PyObject *obj, PyObject *args) {
530 ACL_Object* self = (ACL_Object*) obj;
531 Entry_Object* newentry;
532 Entry_Object* oldentry = NULL;
535 newentry = (Entry_Object*)PyType_GenericNew(&Entry_Type, NULL, NULL);
536 if(newentry == NULL) {
540 if (!PyArg_ParseTuple(args, "|O!", &Entry_Type, &oldentry))
543 nret = acl_create_entry(&self->acl, &newentry->entry);
546 return PyErr_SetFromErrno(PyExc_IOError);
549 if(oldentry != NULL) {
550 nret = acl_copy_entry(newentry->entry, oldentry->entry);
553 return PyErr_SetFromErrno(PyExc_IOError);
557 newentry->parent_acl = obj;
560 return (PyObject*)newentry;
563 /***** Entry type *****/
565 /* Creation of a new Entry instance */
566 static PyObject* Entry_new(PyTypeObject* type, PyObject* args,
570 newentry = PyType_GenericNew(type, args, keywds);
572 if(newentry != NULL) {
573 ((Entry_Object*)newentry)->entry = NULL;
574 ((Entry_Object*)newentry)->parent_acl = NULL;
580 /* Initialization of a new Entry instance */
581 static int Entry_init(PyObject* obj, PyObject* args, PyObject *keywds) {
582 Entry_Object* self = (Entry_Object*) obj;
583 ACL_Object* parent = NULL;
585 if (!PyArg_ParseTuple(args, "O!", &ACL_Type, &parent))
588 if(acl_create_entry(&parent->acl, &self->entry) == -1) {
589 PyErr_SetFromErrno(PyExc_IOError);
593 self->parent_acl = (PyObject*)parent;
599 /* Free the Entry instance */
600 static void Entry_dealloc(PyObject* obj) {
601 Entry_Object *self = (Entry_Object*) obj;
602 PyObject *err_type, *err_value, *err_traceback;
603 int have_error = PyErr_Occurred() ? 1 : 0;
606 PyErr_Fetch(&err_type, &err_value, &err_traceback);
607 if(self->parent_acl != NULL) {
608 Py_DECREF(self->parent_acl);
609 self->parent_acl = NULL;
612 PyErr_Restore(err_type, err_value, err_traceback);
616 /* Converts the entry to a text format */
617 static PyObject* Entry_str(PyObject *obj) {
622 PyObject *format, *list;
623 Entry_Object *self = (Entry_Object*) obj;
625 if(acl_get_tag_type(self->entry, &tag) == -1) {
626 PyErr_SetFromErrno(PyExc_IOError);
629 if(tag == ACL_USER || tag == ACL_GROUP) {
630 if((p = acl_get_qualifier(self->entry)) == NULL) {
631 PyErr_SetFromErrno(PyExc_IOError);
634 qualifier = *(uid_t*)p;
640 format = PyString_FromString("ACL entry for %s");
643 list = PyTuple_New(1);
644 if(tag == ACL_UNDEFINED_TAG) {
645 PyTuple_SetItem(list, 0, PyString_FromString("undefined type"));
646 } else if(tag == ACL_USER_OBJ) {
647 PyTuple_SetItem(list, 0, PyString_FromString("the owner"));
648 } else if(tag == ACL_GROUP_OBJ) {
649 PyTuple_SetItem(list, 0, PyString_FromString("the group"));
650 } else if(tag == ACL_OTHER) {
651 PyTuple_SetItem(list, 0, PyString_FromString("the others"));
652 } else if(tag == ACL_USER) {
653 PyTuple_SetItem(list, 0, PyString_FromFormat("user with uid %d",
655 } else if(tag == ACL_GROUP) {
656 PyTuple_SetItem(list, 0, PyString_FromFormat("group with gid %d",
658 } else if(tag == ACL_MASK) {
659 PyTuple_SetItem(list, 0, PyString_FromString("the mask"));
661 PyTuple_SetItem(list, 0, PyString_FromString("UNKNOWN_TAG_TYPE!"));
663 ret = PyString_Format(format, list);
669 /* Sets the tag type of the entry */
670 static int Entry_set_tag_type(PyObject* obj, PyObject* value, void* arg) {
671 Entry_Object *self = (Entry_Object*) obj;
674 PyErr_SetString(PyExc_TypeError,
675 "tag type deletion is not supported");
679 if(!PyInt_Check(value)) {
680 PyErr_SetString(PyExc_TypeError,
681 "tag type must be integer");
684 if(acl_set_tag_type(self->entry, (acl_tag_t)PyInt_AsLong(value)) == -1) {
685 PyErr_SetFromErrno(PyExc_IOError);
692 /* Returns the tag type of the entry */
693 static PyObject* Entry_get_tag_type(PyObject *obj, void* arg) {
694 Entry_Object *self = (Entry_Object*) obj;
697 if (self->entry == NULL) {
698 PyErr_SetString(PyExc_AttributeError, "entry attribute");
701 if(acl_get_tag_type(self->entry, &value) == -1) {
702 PyErr_SetFromErrno(PyExc_IOError);
706 return PyInt_FromLong(value);
709 /* Sets the qualifier (either uid_t or gid_t) for the entry,
710 * usable only if the tag type if ACL_USER or ACL_GROUP
712 static int Entry_set_qualifier(PyObject* obj, PyObject* value, void* arg) {
713 Entry_Object *self = (Entry_Object*) obj;
717 PyErr_SetString(PyExc_TypeError,
718 "qualifier deletion is not supported");
722 if(!PyInt_Check(value)) {
723 PyErr_SetString(PyExc_TypeError,
724 "tag type must be integer");
727 uidgid = PyInt_AsLong(value);
728 if(acl_set_qualifier(self->entry, (void*)&uidgid) == -1) {
729 PyErr_SetFromErrno(PyExc_IOError);
736 /* Returns the qualifier of the entry */
737 static PyObject* Entry_get_qualifier(PyObject *obj, void* arg) {
738 Entry_Object *self = (Entry_Object*) obj;
742 if (self->entry == NULL) {
743 PyErr_SetString(PyExc_AttributeError, "entry attribute");
746 if((p = acl_get_qualifier(self->entry)) == NULL) {
747 PyErr_SetFromErrno(PyExc_IOError);
753 return PyInt_FromLong(value);
756 /* Returns the parent ACL of the entry */
757 static PyObject* Entry_get_parent(PyObject *obj, void* arg) {
758 Entry_Object *self = (Entry_Object*) obj;
760 Py_INCREF(self->parent_acl);
761 return self->parent_acl;
764 /* Returns the a new Permset representing the permset of the entry
765 * FIXME: Should return a new reference to the same object, which
766 * should be created at init time!
768 static PyObject* Entry_get_permset(PyObject *obj, void* arg) {
769 Entry_Object *self = (Entry_Object*)obj;
773 p = Permset_new(&Permset_Type, NULL, NULL);
776 ps = (Permset_Object*)p;
777 if(acl_get_permset(self->entry, &ps->permset) == -1) {
778 PyErr_SetFromErrno(PyExc_IOError);
781 ps->parent_entry = obj;
787 /* Sets the permset of the entry to the passed Permset */
788 static int Entry_set_permset(PyObject* obj, PyObject* value, void* arg) {
789 Entry_Object *self = (Entry_Object*)obj;
792 if(!PyObject_IsInstance(value, (PyObject*)&Permset_Type)) {
793 PyErr_SetString(PyExc_TypeError, "argument 1 must be posix1e.Permset");
796 p = (Permset_Object*)value;
797 if(acl_set_permset(self->entry, p->permset) == -1) {
798 PyErr_SetFromErrno(PyExc_IOError);
804 static char __Entry_copy_doc__[] =
805 "Copy an ACL entry.\n"
807 "This method sets all the parameters to those of another\n"
808 "entry, even one of another's ACL\n"
810 " - src, instance of type Entry\n"
813 /* Sets all the entry parameters to another's entry */
814 static PyObject* Entry_copy(PyObject *obj, PyObject *args) {
815 Entry_Object *self = (Entry_Object*)obj;
818 if(!PyArg_ParseTuple(args, "O!", &Entry_Type, &other))
821 if(acl_copy_entry(self->entry, other->entry) == -1)
822 return PyErr_SetFromErrno(PyExc_IOError);
828 /**** Permset type *****/
830 /* Creation of a new Permset instance */
831 static PyObject* Permset_new(PyTypeObject* type, PyObject* args,
833 PyObject* newpermset;
835 newpermset = PyType_GenericNew(type, args, keywds);
837 if(newpermset != NULL) {
838 ((Permset_Object*)newpermset)->permset = NULL;
839 ((Permset_Object*)newpermset)->parent_entry = NULL;
845 /* Initialization of a new Permset instance */
846 static int Permset_init(PyObject* obj, PyObject* args, PyObject *keywds) {
847 Permset_Object* self = (Permset_Object*) obj;
848 Entry_Object* parent = NULL;
850 if (!PyArg_ParseTuple(args, "O!", &Entry_Type, &parent))
853 if(acl_get_permset(parent->entry, &self->permset) == -1) {
854 PyErr_SetFromErrno(PyExc_IOError);
858 self->parent_entry = (PyObject*)parent;
864 /* Free the Permset instance */
865 static void Permset_dealloc(PyObject* obj) {
866 Permset_Object *self = (Permset_Object*) obj;
867 PyObject *err_type, *err_value, *err_traceback;
868 int have_error = PyErr_Occurred() ? 1 : 0;
871 PyErr_Fetch(&err_type, &err_value, &err_traceback);
872 if(self->parent_entry != NULL) {
873 Py_DECREF(self->parent_entry);
874 self->parent_entry = NULL;
877 PyErr_Restore(err_type, err_value, err_traceback);
881 /* Permset string representation */
882 static PyObject* Permset_str(PyObject *obj) {
883 Permset_Object *self = (Permset_Object*) obj;
886 pstr[0] = get_perm(self->permset, ACL_READ) ? 'r' : '-';
887 pstr[1] = get_perm(self->permset, ACL_WRITE) ? 'w' : '-';
888 pstr[2] = get_perm(self->permset, ACL_EXECUTE) ? 'x' : '-';
889 return PyString_FromStringAndSize(pstr, 3);
892 static char __Permset_clear_doc__[] =
893 "Clear all permissions from the permission set.\n"
896 /* Clears all permissions from the permset */
897 static PyObject* Permset_clear(PyObject* obj, PyObject* args) {
898 Permset_Object *self = (Permset_Object*) obj;
900 if(acl_clear_perms(self->permset) == -1)
901 return PyErr_SetFromErrno(PyExc_IOError);
903 /* Return the result */
908 static PyObject* Permset_get_right(PyObject *obj, void* arg) {
909 Permset_Object *self = (Permset_Object*) obj;
911 if(get_perm(self->permset, *(acl_perm_t*)arg)) {
920 static int Permset_set_right(PyObject* obj, PyObject* value, void* arg) {
921 Permset_Object *self = (Permset_Object*) obj;
925 if(!PyInt_Check(value)) {
926 PyErr_SetString(PyExc_ValueError, "a maximum of one argument must"
930 on = PyInt_AsLong(value);
932 nerr = acl_add_perm(self->permset, *(acl_perm_t*)arg);
934 nerr = acl_delete_perm(self->permset, *(acl_perm_t*)arg);
936 PyErr_SetFromErrno(PyExc_IOError);
942 static char __Permset_add_doc__[] =
943 "Add a permission to the permission set.\n"
945 "The add() function adds the permission contained in \n"
946 "the argument perm to the permission set. An attempt \n"
947 "to add a permission that is already contained in the \n"
948 "permission set is not considered an error.\n"
950 " - perm a permission (ACL_WRITE, ACL_READ, ACL_EXECUTE, ...\n"
953 "Can raise: IOError\n"
956 static PyObject* Permset_add(PyObject* obj, PyObject* args) {
957 Permset_Object *self = (Permset_Object*) obj;
960 if (!PyArg_ParseTuple(args, "i", &right))
963 if(acl_add_perm(self->permset, (acl_perm_t) right) == -1)
964 return PyErr_SetFromErrno(PyExc_IOError);
966 /* Return the result */
971 static char __Permset_delete_doc__[] =
972 "Delete a permission from the permission set.\n"
974 "The delete() function deletes the permission contained in \n"
975 "the argument perm from the permission set. An attempt \n"
976 "to delete a permission that is not contained in the \n"
977 "permission set is not considered an error.\n"
979 " - perm a permission (ACL_WRITE, ACL_READ, ACL_EXECUTE, ...\n"
982 "Can raise: IOError\n"
985 static PyObject* Permset_delete(PyObject* obj, PyObject* args) {
986 Permset_Object *self = (Permset_Object*) obj;
989 if (!PyArg_ParseTuple(args, "i", &right))
992 if(acl_delete_perm(self->permset, (acl_perm_t) right) == -1)
993 return PyErr_SetFromErrno(PyExc_IOError);
995 /* Return the result */
1000 static char __Permset_test_doc__[] =
1001 "Test if a permission exists in the permission set.\n"
1003 "The test() function tests if the permission contained in \n"
1004 "the argument perm exits the permission set.\n"
1006 " - perm a permission (ACL_WRITE, ACL_READ, ACL_EXECUTE, ...\n"
1009 "Can raise: IOError\n"
1012 static PyObject* Permset_test(PyObject* obj, PyObject* args) {
1013 Permset_Object *self = (Permset_Object*) obj;
1017 if (!PyArg_ParseTuple(args, "i", &right))
1020 ret = get_perm(self->permset, (acl_perm_t) right);
1022 return PyErr_SetFromErrno(PyExc_IOError);
1028 Py_INCREF(Py_False);
1035 static char __ACL_Type_doc__[] =
1036 "Type which represents a POSIX ACL\n"
1039 " Only one keword parameter should be provided:\n"
1040 " - file=\"...\", meaning create ACL representing\n"
1041 " the access ACL of that file\n"
1042 " - filedef=\"...\", meaning create ACL representing\n"
1043 " the default ACL of that directory\n"
1044 " - fd=<int>, meaning create ACL representing\n"
1045 " the access ACL of that file descriptor\n"
1046 " - text=\"...\", meaning create ACL from a \n"
1047 " textual description\n"
1048 " - acl=<ACL instance>, meaning create a copy\n"
1049 " of an existing ACL instance\n"
1050 " - mode=<int>, meaning create an ACL from a numeric mode\n"
1051 " (e.g. mode=0644) (this is valid only when the C library\n"
1052 " provides the acl_from_mode call)\n"
1053 "If no parameters are passed, create an empty ACL; this\n"
1054 "makes sense only when your OS supports ACL modification\n"
1055 " (i.e. it implements full POSIX.1e support)\n"
1058 /* ACL type methods */
1059 static PyMethodDef ACL_methods[] = {
1060 {"applyto", ACL_applyto, METH_VARARGS, __applyto_doc__},
1061 {"valid", ACL_valid, METH_NOARGS, __valid_doc__},
1063 {"to_any_text", (PyCFunction)ACL_to_any_text, METH_VARARGS | METH_KEYWORDS,
1064 __to_any_text_doc__},
1065 {"check", ACL_check, METH_NOARGS, __check_doc__},
1068 {"__getstate__", ACL_get_state, METH_NOARGS,
1069 "Dumps the ACL to an external format."},
1070 {"__setstate__", ACL_set_state, METH_VARARGS,
1071 "Loads the ACL from an external format."},
1072 {"delete_entry", ACL_delete_entry, METH_VARARGS, __ACL_delete_entry_doc__},
1073 {"calc_mask", ACL_calc_mask, METH_NOARGS, __ACL_calc_mask_doc__},
1074 {"append", ACL_append, METH_VARARGS, __ACL_append_doc__},
1076 {NULL, NULL, 0, NULL}
1080 /* The definition of the ACL Type */
1081 static PyTypeObject ACL_Type = {
1082 PyObject_HEAD_INIT(NULL)
1087 ACL_dealloc, /* tp_dealloc */
1091 ACL_nocmp, /* tp_compare */
1093 0, /* tp_as_number */
1094 0, /* tp_as_sequence */
1095 0, /* tp_as_mapping */
1098 ACL_str, /* tp_str */
1099 0, /* tp_getattro */
1100 0, /* tp_setattro */
1101 0, /* tp_as_buffer */
1102 Py_TPFLAGS_DEFAULT, /* tp_flags */
1103 __ACL_Type_doc__, /* tp_doc */
1104 0, /* tp_traverse */
1107 ACL_richcompare, /* tp_richcompare */
1109 0, /* tp_richcompare */
1111 0, /* tp_weaklistoffset */
1117 0, /* tp_iternext */
1119 ACL_methods, /* tp_methods */
1124 0, /* tp_descr_get */
1125 0, /* tp_descr_set */
1126 0, /* tp_dictoffset */
1127 ACL_init, /* tp_init */
1129 ACL_new, /* tp_new */
1134 /* Entry type methods */
1135 static PyMethodDef Entry_methods[] = {
1136 {"copy", Entry_copy, METH_VARARGS, __Entry_copy_doc__},
1137 {NULL, NULL, 0, NULL}
1140 static char __Entry_tagtype_doc__[] =
1141 "The tag type of the current entry\n"
1144 " - ACL_UNDEFINED_TAG\n"
1147 " - ACL_GROUP_OBJ\n"
1153 static char __Entry_qualifier_doc__[] =
1154 "The qualifier of the current entry\n"
1156 "If the tag type is ACL_USER, this should be a user id.\n"
1157 "If the tag type if ACL_GROUP, this should be a group id.\n"
1158 "Else, it doesn't matter.\n"
1161 static char __Entry_parent_doc__[] =
1162 "The parent ACL of this entry\n"
1165 static char __Entry_permset_doc__[] =
1166 "The permission set of this ACL entry\n"
1170 static PyGetSetDef Entry_getsets[] = {
1171 {"tag_type", Entry_get_tag_type, Entry_set_tag_type,
1172 __Entry_tagtype_doc__},
1173 {"qualifier", Entry_get_qualifier, Entry_set_qualifier,
1174 __Entry_qualifier_doc__},
1175 {"parent", Entry_get_parent, NULL, __Entry_parent_doc__},
1176 {"permset", Entry_get_permset, Entry_set_permset, __Entry_permset_doc__},
1180 static char __Entry_Type_doc__[] =
1181 "Type which represents an entry in an ACL.\n"
1183 "The type exists only if the OS has full support for POSIX.1e\n"
1184 "Can be created either by:\n"
1185 " e = posix1e.Entry(myACL) # this creates a new entry in the ACL\n"
1187 " for entry in myACL:\n"
1190 "Note that the Entry keeps a reference to its ACL, so even if \n"
1191 "you delete the ACL, it won't be cleaned up and will continue to \n"
1192 "exist until its Entry(ies) will be deleted.\n"
1194 /* The definition of the Entry Type */
1195 static PyTypeObject Entry_Type = {
1196 PyObject_HEAD_INIT(NULL)
1199 sizeof(Entry_Object),
1201 Entry_dealloc, /* tp_dealloc */
1207 0, /* tp_as_number */
1208 0, /* tp_as_sequence */
1209 0, /* tp_as_mapping */
1212 Entry_str, /* tp_str */
1213 0, /* tp_getattro */
1214 0, /* tp_setattro */
1215 0, /* tp_as_buffer */
1216 Py_TPFLAGS_DEFAULT, /* tp_flags */
1217 __Entry_Type_doc__, /* tp_doc */
1218 0, /* tp_traverse */
1220 0, /* tp_richcompare */
1221 0, /* tp_weaklistoffset */
1223 0, /* tp_iternext */
1224 Entry_methods, /* tp_methods */
1226 Entry_getsets, /* tp_getset */
1229 0, /* tp_descr_get */
1230 0, /* tp_descr_set */
1231 0, /* tp_dictoffset */
1232 Entry_init, /* tp_init */
1234 Entry_new, /* tp_new */
1237 /* Permset type methods */
1238 static PyMethodDef Permset_methods[] = {
1239 {"clear", Permset_clear, METH_NOARGS, __Permset_clear_doc__, },
1240 {"add", Permset_add, METH_VARARGS, __Permset_add_doc__, },
1241 {"delete", Permset_delete, METH_VARARGS, __Permset_delete_doc__, },
1242 {"test", Permset_test, METH_VARARGS, __Permset_test_doc__, },
1243 {NULL, NULL, 0, NULL}
1246 static char __Permset_execute_doc__[] =
1247 "Execute permsission\n"
1249 "This is a convenience method of access; the \n"
1250 "same effect can be achieved using the functions\n"
1251 "add(), test(), delete(), and those can take any \n"
1252 "permission defined by your platform.\n"
1255 static char __Permset_read_doc__[] =
1256 "Read permsission\n"
1258 "This is a convenience method of access; the \n"
1259 "same effect can be achieved using the functions\n"
1260 "add(), test(), delete(), and those can take any \n"
1261 "permission defined by your platform.\n"
1264 static char __Permset_write_doc__[] =
1265 "Write permsission\n"
1267 "This is a convenience method of access; the \n"
1268 "same effect can be achieved using the functions\n"
1269 "add(), test(), delete(), and those can take any \n"
1270 "permission defined by your platform.\n"
1273 /* Permset getset */
1274 static PyGetSetDef Permset_getsets[] = {
1275 {"execute", Permset_get_right, Permset_set_right,
1276 __Permset_execute_doc__, &holder_ACL_EXECUTE},
1277 {"read", Permset_get_right, Permset_set_right,
1278 __Permset_read_doc__, &holder_ACL_READ},
1279 {"write", Permset_get_right, Permset_set_right,
1280 __Permset_write_doc__, &holder_ACL_WRITE},
1284 static char __Permset_Type_doc__[] =
1285 "Type which represents the permission set in an ACL entry\n"
1287 "The type exists only if the OS has full support for POSIX.1e\n"
1288 "Can be created either by:\n"
1289 " perms = myEntry.permset\n"
1291 " perms = posix1e.Permset(myEntry)\n"
1293 "Note that the Permset keeps a reference to its Entry, so even if \n"
1294 "you delete the entry, it won't be cleaned up and will continue to \n"
1295 "exist until its Permset will be deleted.\n"
1298 /* The definition of the Permset Type */
1299 static PyTypeObject Permset_Type = {
1300 PyObject_HEAD_INIT(NULL)
1303 sizeof(Permset_Object),
1305 Permset_dealloc, /* tp_dealloc */
1311 0, /* tp_as_number */
1312 0, /* tp_as_sequence */
1313 0, /* tp_as_mapping */
1316 Permset_str, /* tp_str */
1317 0, /* tp_getattro */
1318 0, /* tp_setattro */
1319 0, /* tp_as_buffer */
1320 Py_TPFLAGS_DEFAULT, /* tp_flags */
1321 __Permset_Type_doc__,/* tp_doc */
1322 0, /* tp_traverse */
1324 0, /* tp_richcompare */
1325 0, /* tp_weaklistoffset */
1327 0, /* tp_iternext */
1328 Permset_methods, /* tp_methods */
1330 Permset_getsets, /* tp_getset */
1333 0, /* tp_descr_get */
1334 0, /* tp_descr_set */
1335 0, /* tp_dictoffset */
1336 Permset_init, /* tp_init */
1338 Permset_new, /* tp_new */
1343 /* Module methods */
1345 static char __deletedef_doc__[] =
1346 "Delete the default ACL from a directory.\n"
1348 "This function deletes the default ACL associated with \n"
1349 "a directory (the ACL which will be ANDed with the mode\n"
1350 "parameter to the open, creat functions).\n"
1352 " - a string representing the directory whose default ACL\n"
1353 " should be deleted\n"
1356 /* Deletes the default ACL from a directory */
1357 static PyObject* aclmodule_delete_default(PyObject* obj, PyObject* args) {
1360 /* Parse the arguments */
1361 if (!PyArg_ParseTuple(args, "s", &filename))
1364 if(acl_delete_def_file(filename) == -1) {
1365 return PyErr_SetFromErrno(PyExc_IOError);
1368 /* Return the result */
1373 /* The module methods */
1374 static PyMethodDef aclmodule_methods[] = {
1375 {"delete_default", aclmodule_delete_default, METH_VARARGS,
1377 {NULL, NULL, 0, NULL}
1380 static char __posix1e_doc__[] =
1381 "POSIX.1e ACLs manipulation\n"
1383 "This module provides support for manipulating POSIX.1e ACLS\n"
1385 "Depending on the operating system support for POSIX.1e, \n"
1386 "the ACL type will have more or less capabilities:\n"
1387 " - level 1, only basic support, you can create\n"
1388 " ACLs from files and text descriptions;\n"
1389 " once created, the type is immutable\n"
1390 " - level 2, complete support, you can alter\n"
1391 " the ACL once it is created\n"
1393 "Also, in level 2, more types are available, corresponding\n"
1394 "to acl_entry_t (Entry type), acl_permset_t (Permset type).\n"
1397 ">>> import posix1e\n"
1398 ">>> acl1 = posix1e.ACL(file=\"file.txt\") \n"
1404 ">>> b = posix1e.ACL(text=\"u::rx,g::-,o::-\")\n"
1410 ">>> b.applyto(\"file.txt\")\n"
1411 ">>> print posix1e.ACL(file=\"file.txt\")\n"
1419 void initposix1e(void) {
1422 ACL_Type.ob_type = &PyType_Type;
1423 if(PyType_Ready(&ACL_Type) < 0)
1427 Entry_Type.ob_type = &PyType_Type;
1428 if(PyType_Ready(&Entry_Type) < 0)
1431 Permset_Type.ob_type = &PyType_Type;
1432 if(PyType_Ready(&Permset_Type) < 0)
1436 m = Py_InitModule3("posix1e", aclmodule_methods, __posix1e_doc__);
1438 d = PyModule_GetDict(m);
1442 Py_INCREF(&ACL_Type);
1443 if (PyDict_SetItemString(d, "ACL",
1444 (PyObject *) &ACL_Type) < 0)
1447 /* 23.3.6 acl_type_t values */
1448 PyModule_AddIntConstant(m, "ACL_TYPE_ACCESS", ACL_TYPE_ACCESS);
1449 PyModule_AddIntConstant(m, "ACL_TYPE_DEFAULT", ACL_TYPE_DEFAULT);
1453 Py_INCREF(&Entry_Type);
1454 if (PyDict_SetItemString(d, "Entry",
1455 (PyObject *) &Entry_Type) < 0)
1458 Py_INCREF(&Permset_Type);
1459 if (PyDict_SetItemString(d, "Permset",
1460 (PyObject *) &Permset_Type) < 0)
1463 /* 23.2.2 acl_perm_t values */
1464 PyModule_AddIntConstant(m, "ACL_READ", ACL_READ);
1465 PyModule_AddIntConstant(m, "ACL_WRITE", ACL_WRITE);
1466 PyModule_AddIntConstant(m, "ACL_EXECUTE", ACL_EXECUTE);
1468 /* 23.2.5 acl_tag_t values */
1469 PyModule_AddIntConstant(m, "ACL_UNDEFINED_TAG", ACL_UNDEFINED_TAG);
1470 PyModule_AddIntConstant(m, "ACL_USER_OBJ", ACL_USER_OBJ);
1471 PyModule_AddIntConstant(m, "ACL_USER", ACL_USER);
1472 PyModule_AddIntConstant(m, "ACL_GROUP_OBJ", ACL_GROUP_OBJ);
1473 PyModule_AddIntConstant(m, "ACL_GROUP", ACL_GROUP);
1474 PyModule_AddIntConstant(m, "ACL_MASK", ACL_MASK);
1475 PyModule_AddIntConstant(m, "ACL_OTHER", ACL_OTHER);
1480 /* Linux libacl specific acl_to_any_text constants */
1481 PyModule_AddIntConstant(m, "TEXT_ABBREVIATE", TEXT_ABBREVIATE);
1482 PyModule_AddIntConstant(m, "TEXT_NUMERIC_IDS", TEXT_NUMERIC_IDS);
1483 PyModule_AddIntConstant(m, "TEXT_SOME_EFFECTIVE", TEXT_SOME_EFFECTIVE);
1484 PyModule_AddIntConstant(m, "TEXT_ALL_EFFECTIVE", TEXT_ALL_EFFECTIVE);
1485 PyModule_AddIntConstant(m, "TEXT_SMART_INDENT", TEXT_SMART_INDENT);
1487 /* Linux libacl specific acl_check constants */
1488 PyModule_AddIntConstant(m, "ACL_MULTI_ERROR", ACL_MULTI_ERROR);
1489 PyModule_AddIntConstant(m, "ACL_DUPLICATE_ERROR", ACL_DUPLICATE_ERROR);
1490 PyModule_AddIntConstant(m, "ACL_MISS_ERROR", ACL_MISS_ERROR);
1491 PyModule_AddIntConstant(m, "ACL_ENTRY_ERROR", ACL_ENTRY_ERROR);