7 #include <acl/libacl.h>
8 #define get_perm acl_get_perm
10 #define get_perm acl_get_perm_np
13 staticforward PyTypeObject ACL_Type;
14 static PyObject* ACL_applyto(PyObject* obj, PyObject* args);
15 static PyObject* ACL_valid(PyObject* obj, PyObject* args);
17 #ifdef HAVE_ACL_COPY_EXT
18 static PyObject* ACL_get_state(PyObject *obj, PyObject* args);
19 static PyObject* ACL_set_state(PyObject *obj, PyObject* args);
23 staticforward PyTypeObject Entry_Type;
24 staticforward PyTypeObject Permset_Type;
25 static PyObject* Permset_new(PyTypeObject* type, PyObject* args,
29 static acl_perm_t holder_ACL_EXECUTE = ACL_EXECUTE;
30 static acl_perm_t holder_ACL_READ = ACL_READ;
31 static acl_perm_t holder_ACL_WRITE = ACL_WRITE;
45 PyObject *parent_acl; /* The parent acl, so it won't run out on us */
51 PyObject *parent_entry; /* The parent entry, so it won't run out on us */
52 acl_permset_t permset;
57 /* Creation of a new ACL instance */
58 static PyObject* ACL_new(PyTypeObject* type, PyObject* args,
62 newacl = type->tp_alloc(type, 0);
65 ((ACL_Object*)newacl)->acl = NULL;
67 ((ACL_Object*)newacl)->entry_id = ACL_FIRST_ENTRY;
74 /* Initialization of a new ACL instance */
75 static int ACL_init(PyObject* obj, PyObject* args, PyObject *keywds) {
76 ACL_Object* self = (ACL_Object*) obj;
78 static char *kwlist[] = { "file", "fd", "text", "acl", "filedef",
80 char *format = "|sisO!sH";
83 static char *kwlist[] = { "file", "fd", "text", "acl", "filedef", NULL };
84 char *format = "|sisO!s";
90 ACL_Object* thesrc = NULL;
92 if(!PyTuple_Check(args) || PyTuple_Size(args) != 0 ||
93 (keywds != NULL && PyDict_Check(keywds) && PyDict_Size(keywds) > 1)) {
94 PyErr_SetString(PyExc_ValueError, "a max of one keyword argument"
98 if(!PyArg_ParseTupleAndKeywords(args, keywds, format, kwlist,
99 &file, &fd, &text, &ACL_Type,
107 /* Free the old acl_t without checking for error, we don't
109 if(self->acl != NULL)
113 self->acl = acl_get_file(file, ACL_TYPE_ACCESS);
114 else if(text != NULL)
115 self->acl = acl_from_text(text);
117 self->acl = acl_get_fd(fd);
118 else if(thesrc != NULL)
119 self->acl = acl_dup(thesrc->acl);
120 else if(filedef != NULL)
121 self->acl = acl_get_file(filedef, ACL_TYPE_DEFAULT);
123 else if(PyMapping_HasKeyString(keywds, kwlist[5]))
124 self->acl = acl_from_mode(mode);
127 self->acl = acl_init(0);
129 if(self->acl == NULL) {
130 PyErr_SetFromErrno(PyExc_IOError);
137 /* Standard type functions */
138 static void ACL_dealloc(PyObject* obj) {
139 ACL_Object *self = (ACL_Object*) obj;
140 PyObject *err_type, *err_value, *err_traceback;
141 int have_error = PyErr_Occurred() ? 1 : 0;
144 PyErr_Fetch(&err_type, &err_value, &err_traceback);
145 if(self->acl != NULL && acl_free(self->acl) != 0)
146 PyErr_WriteUnraisable(obj);
148 PyErr_Restore(err_type, err_value, err_traceback);
152 /* Converts the acl to a text format */
153 static PyObject* ACL_str(PyObject *obj) {
155 ACL_Object *self = (ACL_Object*) obj;
158 text = acl_to_text(self->acl, NULL);
160 return PyErr_SetFromErrno(PyExc_IOError);
162 ret = PyString_FromString(text);
163 if(acl_free(text) != 0) {
165 return PyErr_SetFromErrno(PyExc_IOError);
171 static char __to_any_text_doc__[] =
172 "Convert the ACL to a custom text format.\n"
174 "This method encapsulates the acl_to_any_text function. It allows a \n"
175 "customized text format to be generated for the ACL. See\n"
176 "acl_to_any_text(3) for more details.\n"
179 " - prefix: if given, this string will be prepended to all lines\n"
180 " - separator: a single character (defaults to '\\n'); this will be\n"
181 " user to separate the entries in the ACL\n"
182 " - options: a bitwise combination of:\n"
183 " - TEXT_ABBREVIATE: use 'u' instead of 'user', 'g' instead of \n"
185 " - TEXT_NUMERIC_IDS: User and group IDs are included as decimal\n"
186 " numbers instead of names\n"
187 " - TEXT_SOME_EFFECTIVE: Include comments denoting the effective\n"
188 " permissions when some are masked\n"
189 " - TEXT_ALL_EFFECTIVE: Include comments after all ACL entries\n"
190 " affected by an ACL_MASK entry\n"
191 " - TEXT_SMART_INDENT: Used in combination with the _EFFECTIVE\n"
192 " options, this will ensure that comments \n"
193 " are alligned to the fourth tab position\n"
194 " (assuming one tab equals eight spaces)\n"
197 /* Converts the acl to a custom text format */
198 static PyObject* ACL_to_any_text(PyObject *obj, PyObject *args,
201 ACL_Object *self = (ACL_Object*) obj;
203 char *arg_prefix = NULL;
204 char arg_separator = '\n';
206 static char *kwlist[] = {"prefix", "separator", "options", NULL};
208 if (!PyArg_ParseTupleAndKeywords(args, kwds, "|sci", kwlist, &arg_prefix,
209 &arg_separator, &arg_options))
212 text = acl_to_any_text(self->acl, arg_prefix, arg_separator, arg_options);
214 return PyErr_SetFromErrno(PyExc_IOError);
216 ret = PyString_FromString(text);
217 if(acl_free(text) != 0) {
219 return PyErr_SetFromErrno(PyExc_IOError);
224 static char __check_doc__[] =
225 "Check the ACL validity.\n"
227 "This is a non-portable, Linux specific extension that allow more\n"
228 "information to be retrieved in case an ACL is not valid than the\n"
229 "validate() method.\n"
231 "This method will return either False (the ACL is valid), or a tuple\n"
232 "with two elements. The first element is one of the following\n"
234 " - ACL_MULTI_ERROR: The ACL contains multiple entries that have a\n"
235 " tag type that may occur at most once\n"
236 " - ACL_DUPLICATE_ERROR: The ACL contains multiple ACL_USER or \n"
237 " ACL_GROUP entries with the same ID\n"
238 " - ACL_MISS_ERROR: A required entry is missing\n"
239 " - ACL_ENTRY_ERROR: The ACL contains an invalid entry tag type\n"
241 "The second element of the tuple is the index of the entry that is\n"
242 "invalid (in the same order as by iterating over the ACL entry)\n"
245 /* The acl_check method */
246 static PyObject* ACL_check(PyObject* obj, PyObject* args) {
247 ACL_Object *self = (ACL_Object*) obj;
251 if((result = acl_check(self->acl, &eindex)) == -1)
252 return PyErr_SetFromErrno(PyExc_IOError);
257 return PyTuple_Pack(2, PyInt_FromLong(result), PyInt_FromLong(eindex));
260 /* Implementation of the rich compare for ACLs */
261 static PyObject* ACL_richcompare(PyObject* o1, PyObject* o2, int op) {
262 ACL_Object *acl1, *acl2;
266 if(!PyObject_IsInstance(o2, (PyObject*)&ACL_Type)) {
271 PyErr_SetString(PyExc_TypeError, "can only compare to an ACL");
275 acl1 = (ACL_Object*)o1;
276 acl2 = (ACL_Object*)o2;
277 if((n=acl_cmp(acl1->acl, acl2->acl))==-1)
278 return PyErr_SetFromErrno(PyExc_IOError);
281 ret = n == 0 ? Py_True : Py_False;
284 ret = n == 1 ? Py_True : Py_False;
287 ret = Py_NotImplemented;
293 static char __equiv_mode_doc__[] =
294 "Return the octal mode the ACL is equivalent to.\n"
296 "This is a non-portable, Linux specific extension that checks\n"
297 "if the ACL is a basic ACL and returns the corresponding mode.\n"
299 "An IOerror exception will be raised if the ACL is an extended ACL\n"
302 /* The acl_equiv_mode method */
303 static PyObject* ACL_equiv_mode(PyObject* obj, PyObject* args) {
304 ACL_Object *self = (ACL_Object*) obj;
307 if(acl_equiv_mode(self->acl, &mode) == -1)
308 return PyErr_SetFromErrno(PyExc_IOError);
309 return PyInt_FromLong(mode);
313 /* Implementation of the compare for ACLs */
314 static int ACL_nocmp(PyObject* o1, PyObject* o2) {
316 PyErr_SetString(PyExc_TypeError, "cannot compare ACLs using cmp()");
321 static char __applyto_doc__[] =
322 "Apply the ACL to a file or filehandle.\n"
325 " - either a filename or a file-like object or an integer; this\n"
326 " represents the filesystem object on which to act\n"
327 " - optional flag representing the type of ACL to set, either\n"
328 " ACL_TYPE_ACCESS (default) or ACL_TYPE_DEFAULT\n"
331 /* Applyes the ACL to a file */
332 static PyObject* ACL_applyto(PyObject* obj, PyObject* args) {
333 ACL_Object *self = (ACL_Object*) obj;
335 acl_type_t type = ACL_TYPE_ACCESS;
339 if (!PyArg_ParseTuple(args, "O|i", &myarg, &type))
342 if(PyString_Check(myarg)) {
343 char *filename = PyString_AS_STRING(myarg);
344 nret = acl_set_file(filename, type, self->acl);
345 } else if((fd = PyObject_AsFileDescriptor(myarg)) != -1) {
346 nret = acl_set_fd(fd, self->acl);
348 PyErr_SetString(PyExc_TypeError, "argument 1 must be string, int,"
349 " or file-like object");
353 return PyErr_SetFromErrno(PyExc_IOError);
356 /* Return the result */
361 static char __valid_doc__[] =
362 "Test the ACL for validity.\n"
364 "This method tests the ACL to see if it is a valid ACL\n"
365 "in terms of the filesystem. More precisely, it checks that:\n"
367 "The ACL contains exactly one entry with each of the\n"
368 "ACL_USER_OBJ, ACL_GROUP_OBJ, and ACL_OTHER tag types. Entries\n"
369 "with ACL_USER and ACL_GROUP tag types may appear zero or more\n"
370 "times in an ACL. An ACL that contains entries of ACL_USER or\n"
371 "ACL_GROUP tag types must contain exactly one entry of the \n"
372 "ACL_MASK tag type. If an ACL contains no entries of\n"
373 "ACL_USER or ACL_GROUP tag types, the ACL_MASK entry is optional.\n"
375 "All user ID qualifiers must be unique among all entries of\n"
376 "the ACL_USER tag type, and all group IDs must be unique among all\n"
377 "entries of ACL_GROUP tag type.\n"
379 "The method will return 1 for a valid ACL and 0 for an invalid one.\n"
380 "This has been chosen because the specification for acl_valid in\n"
381 "the POSIX.1e standard documents only one possible value for errno\n"
382 "in case of an invalid ACL, so we can't differentiate between\n"
383 "classes of errors. Other suggestions are welcome.\n"
386 /* Checks the ACL for validity */
387 static PyObject* ACL_valid(PyObject* obj, PyObject* args) {
388 ACL_Object *self = (ACL_Object*) obj;
390 if(acl_valid(self->acl) == -1) {
399 #ifdef HAVE_ACL_COPY_EXT
400 static PyObject* ACL_get_state(PyObject *obj, PyObject* args) {
401 ACL_Object *self = (ACL_Object*) obj;
406 size = acl_size(self->acl);
408 return PyErr_SetFromErrno(PyExc_IOError);
410 if((ret = PyString_FromStringAndSize(NULL, size)) == NULL)
412 buf = PyString_AsString(ret);
414 if((nsize = acl_copy_ext(buf, self->acl, size)) == -1) {
416 return PyErr_SetFromErrno(PyExc_IOError);
422 static PyObject* ACL_set_state(PyObject *obj, PyObject* args) {
423 ACL_Object *self = (ACL_Object*) obj;
428 /* Parse the argument */
429 if (!PyArg_ParseTuple(args, "s#", &buf, &bufsize))
432 /* Try to import the external representation */
433 if((ptr = acl_copy_int(buf)) == NULL)
434 return PyErr_SetFromErrno(PyExc_IOError);
436 /* Free the old acl. Should we ignore errors here? */
437 if(self->acl != NULL) {
438 if(acl_free(self->acl) == -1)
439 return PyErr_SetFromErrno(PyExc_IOError);
444 /* Return the result */
452 /* tp_iter for the ACL type; since it can be iterated only
453 * destructively, the type is its iterator
455 static PyObject* ACL_iter(PyObject *obj) {
456 ACL_Object *self = (ACL_Object*)obj;
457 self->entry_id = ACL_FIRST_ENTRY;
462 /* the tp_iternext function for the ACL type */
463 static PyObject* ACL_iternext(PyObject *obj) {
464 ACL_Object *self = (ACL_Object*)obj;
465 acl_entry_t the_entry_t;
466 Entry_Object *the_entry_obj;
469 nerr = acl_get_entry(self->acl, self->entry_id, &the_entry_t);
470 self->entry_id = ACL_NEXT_ENTRY;
472 return PyErr_SetFromErrno(PyExc_IOError);
474 /* Docs says this is not needed */
475 /*PyErr_SetObject(PyExc_StopIteration, Py_None);*/
479 the_entry_obj = (Entry_Object*) PyType_GenericNew(&Entry_Type, NULL, NULL);
480 if(the_entry_obj == NULL)
483 the_entry_obj->entry = the_entry_t;
485 the_entry_obj->parent_acl = obj;
486 Py_INCREF(obj); /* For the reference we have in entry->parent */
488 return (PyObject*)the_entry_obj;
491 static char __ACL_delete_entry_doc__[] =
492 "Deletes an entry from the ACL.\n"
494 "Note: Only with level 2\n"
496 " - the Entry object which should be deleted; note that after\n"
497 " this function is called, that object is unusable any longer\n"
498 " and should be deleted\n"
501 /* Deletes an entry from the ACL */
502 static PyObject* ACL_delete_entry(PyObject *obj, PyObject *args) {
503 ACL_Object *self = (ACL_Object*)obj;
506 if (!PyArg_ParseTuple(args, "O!", &Entry_Type, &e))
509 if(acl_delete_entry(self->acl, e->entry) == -1)
510 return PyErr_SetFromErrno(PyExc_IOError);
512 /* Return the result */
517 static char __ACL_calc_mask_doc__[] =
518 "Compute the file group class mask.\n"
520 "The calc_mask() method calculates and sets the permissions \n"
521 "associated with the ACL_MASK Entry of the ACL.\n"
522 "The value of the new permissions is the union of the permissions \n"
523 "granted by all entries of tag type ACL_GROUP, ACL_GROUP_OBJ, or \n"
524 "ACL_USER. If the ACL already contains an ACL_MASK entry, its \n"
525 "permissions are overwritten; if it does not contain an ACL_MASK \n"
526 "Entry, one is added.\n"
528 "The order of existing entries in the ACL is undefined after this \n"
532 /* Updates the mask entry in the ACL */
533 static PyObject* ACL_calc_mask(PyObject *obj, PyObject *args) {
534 ACL_Object *self = (ACL_Object*)obj;
536 if(acl_calc_mask(&self->acl) == -1)
537 return PyErr_SetFromErrno(PyExc_IOError);
539 /* Return the result */
544 static char __ACL_append_doc__[] =
545 "Append a new Entry to the ACL and return it.\n"
547 "This is a convenience function to create a new Entry \n"
548 "and append it to the ACL.\n"
549 "If a parameter of type Entry instance is given, the \n"
550 "entry will be a copy of that one (as if copied with \n"
551 "Entry.copy()), otherwise, the new entry will be empty.\n"
554 /* Convenience method to create a new Entry */
555 static PyObject* ACL_append(PyObject *obj, PyObject *args) {
556 ACL_Object* self = (ACL_Object*) obj;
557 Entry_Object* newentry;
558 Entry_Object* oldentry = NULL;
561 newentry = (Entry_Object*)PyType_GenericNew(&Entry_Type, NULL, NULL);
562 if(newentry == NULL) {
566 if (!PyArg_ParseTuple(args, "|O!", &Entry_Type, &oldentry))
569 nret = acl_create_entry(&self->acl, &newentry->entry);
572 return PyErr_SetFromErrno(PyExc_IOError);
575 if(oldentry != NULL) {
576 nret = acl_copy_entry(newentry->entry, oldentry->entry);
579 return PyErr_SetFromErrno(PyExc_IOError);
583 newentry->parent_acl = obj;
586 return (PyObject*)newentry;
589 /***** Entry type *****/
591 /* Creation of a new Entry instance */
592 static PyObject* Entry_new(PyTypeObject* type, PyObject* args,
596 newentry = PyType_GenericNew(type, args, keywds);
598 if(newentry != NULL) {
599 ((Entry_Object*)newentry)->entry = NULL;
600 ((Entry_Object*)newentry)->parent_acl = NULL;
606 /* Initialization of a new Entry instance */
607 static int Entry_init(PyObject* obj, PyObject* args, PyObject *keywds) {
608 Entry_Object* self = (Entry_Object*) obj;
609 ACL_Object* parent = NULL;
611 if (!PyArg_ParseTuple(args, "O!", &ACL_Type, &parent))
614 if(acl_create_entry(&parent->acl, &self->entry) == -1) {
615 PyErr_SetFromErrno(PyExc_IOError);
619 self->parent_acl = (PyObject*)parent;
625 /* Free the Entry instance */
626 static void Entry_dealloc(PyObject* obj) {
627 Entry_Object *self = (Entry_Object*) obj;
628 PyObject *err_type, *err_value, *err_traceback;
629 int have_error = PyErr_Occurred() ? 1 : 0;
632 PyErr_Fetch(&err_type, &err_value, &err_traceback);
633 if(self->parent_acl != NULL) {
634 Py_DECREF(self->parent_acl);
635 self->parent_acl = NULL;
638 PyErr_Restore(err_type, err_value, err_traceback);
642 /* Converts the entry to a text format */
643 static PyObject* Entry_str(PyObject *obj) {
648 PyObject *format, *list;
649 Entry_Object *self = (Entry_Object*) obj;
651 if(acl_get_tag_type(self->entry, &tag) == -1) {
652 PyErr_SetFromErrno(PyExc_IOError);
655 if(tag == ACL_USER || tag == ACL_GROUP) {
656 if((p = acl_get_qualifier(self->entry)) == NULL) {
657 PyErr_SetFromErrno(PyExc_IOError);
660 qualifier = *(uid_t*)p;
666 format = PyString_FromString("ACL entry for %s");
669 list = PyTuple_New(1);
670 if(tag == ACL_UNDEFINED_TAG) {
671 PyTuple_SetItem(list, 0, PyString_FromString("undefined type"));
672 } else if(tag == ACL_USER_OBJ) {
673 PyTuple_SetItem(list, 0, PyString_FromString("the owner"));
674 } else if(tag == ACL_GROUP_OBJ) {
675 PyTuple_SetItem(list, 0, PyString_FromString("the group"));
676 } else if(tag == ACL_OTHER) {
677 PyTuple_SetItem(list, 0, PyString_FromString("the others"));
678 } else if(tag == ACL_USER) {
679 PyTuple_SetItem(list, 0, PyString_FromFormat("user with uid %d",
681 } else if(tag == ACL_GROUP) {
682 PyTuple_SetItem(list, 0, PyString_FromFormat("group with gid %d",
684 } else if(tag == ACL_MASK) {
685 PyTuple_SetItem(list, 0, PyString_FromString("the mask"));
687 PyTuple_SetItem(list, 0, PyString_FromString("UNKNOWN_TAG_TYPE!"));
689 ret = PyString_Format(format, list);
695 /* Sets the tag type of the entry */
696 static int Entry_set_tag_type(PyObject* obj, PyObject* value, void* arg) {
697 Entry_Object *self = (Entry_Object*) obj;
700 PyErr_SetString(PyExc_TypeError,
701 "tag type deletion is not supported");
705 if(!PyInt_Check(value)) {
706 PyErr_SetString(PyExc_TypeError,
707 "tag type must be integer");
710 if(acl_set_tag_type(self->entry, (acl_tag_t)PyInt_AsLong(value)) == -1) {
711 PyErr_SetFromErrno(PyExc_IOError);
718 /* Returns the tag type of the entry */
719 static PyObject* Entry_get_tag_type(PyObject *obj, void* arg) {
720 Entry_Object *self = (Entry_Object*) obj;
723 if (self->entry == NULL) {
724 PyErr_SetString(PyExc_AttributeError, "entry attribute");
727 if(acl_get_tag_type(self->entry, &value) == -1) {
728 PyErr_SetFromErrno(PyExc_IOError);
732 return PyInt_FromLong(value);
735 /* Sets the qualifier (either uid_t or gid_t) for the entry,
736 * usable only if the tag type if ACL_USER or ACL_GROUP
738 static int Entry_set_qualifier(PyObject* obj, PyObject* value, void* arg) {
739 Entry_Object *self = (Entry_Object*) obj;
743 PyErr_SetString(PyExc_TypeError,
744 "qualifier deletion is not supported");
748 if(!PyInt_Check(value)) {
749 PyErr_SetString(PyExc_TypeError,
750 "tag type must be integer");
753 uidgid = PyInt_AsLong(value);
754 if(acl_set_qualifier(self->entry, (void*)&uidgid) == -1) {
755 PyErr_SetFromErrno(PyExc_IOError);
762 /* Returns the qualifier of the entry */
763 static PyObject* Entry_get_qualifier(PyObject *obj, void* arg) {
764 Entry_Object *self = (Entry_Object*) obj;
768 if (self->entry == NULL) {
769 PyErr_SetString(PyExc_AttributeError, "entry attribute");
772 if((p = acl_get_qualifier(self->entry)) == NULL) {
773 PyErr_SetFromErrno(PyExc_IOError);
779 return PyInt_FromLong(value);
782 /* Returns the parent ACL of the entry */
783 static PyObject* Entry_get_parent(PyObject *obj, void* arg) {
784 Entry_Object *self = (Entry_Object*) obj;
786 Py_INCREF(self->parent_acl);
787 return self->parent_acl;
790 /* Returns the a new Permset representing the permset of the entry
791 * FIXME: Should return a new reference to the same object, which
792 * should be created at init time!
794 static PyObject* Entry_get_permset(PyObject *obj, void* arg) {
795 Entry_Object *self = (Entry_Object*)obj;
799 p = Permset_new(&Permset_Type, NULL, NULL);
802 ps = (Permset_Object*)p;
803 if(acl_get_permset(self->entry, &ps->permset) == -1) {
804 PyErr_SetFromErrno(PyExc_IOError);
807 ps->parent_entry = obj;
813 /* Sets the permset of the entry to the passed Permset */
814 static int Entry_set_permset(PyObject* obj, PyObject* value, void* arg) {
815 Entry_Object *self = (Entry_Object*)obj;
818 if(!PyObject_IsInstance(value, (PyObject*)&Permset_Type)) {
819 PyErr_SetString(PyExc_TypeError, "argument 1 must be posix1e.Permset");
822 p = (Permset_Object*)value;
823 if(acl_set_permset(self->entry, p->permset) == -1) {
824 PyErr_SetFromErrno(PyExc_IOError);
830 static char __Entry_copy_doc__[] =
831 "Copy an ACL entry.\n"
833 "This method sets all the parameters to those of another\n"
834 "entry, even one of another's ACL\n"
836 " - src, instance of type Entry\n"
839 /* Sets all the entry parameters to another's entry */
840 static PyObject* Entry_copy(PyObject *obj, PyObject *args) {
841 Entry_Object *self = (Entry_Object*)obj;
844 if(!PyArg_ParseTuple(args, "O!", &Entry_Type, &other))
847 if(acl_copy_entry(self->entry, other->entry) == -1)
848 return PyErr_SetFromErrno(PyExc_IOError);
854 /**** Permset type *****/
856 /* Creation of a new Permset instance */
857 static PyObject* Permset_new(PyTypeObject* type, PyObject* args,
859 PyObject* newpermset;
861 newpermset = PyType_GenericNew(type, args, keywds);
863 if(newpermset != NULL) {
864 ((Permset_Object*)newpermset)->permset = NULL;
865 ((Permset_Object*)newpermset)->parent_entry = NULL;
871 /* Initialization of a new Permset instance */
872 static int Permset_init(PyObject* obj, PyObject* args, PyObject *keywds) {
873 Permset_Object* self = (Permset_Object*) obj;
874 Entry_Object* parent = NULL;
876 if (!PyArg_ParseTuple(args, "O!", &Entry_Type, &parent))
879 if(acl_get_permset(parent->entry, &self->permset) == -1) {
880 PyErr_SetFromErrno(PyExc_IOError);
884 self->parent_entry = (PyObject*)parent;
890 /* Free the Permset instance */
891 static void Permset_dealloc(PyObject* obj) {
892 Permset_Object *self = (Permset_Object*) obj;
893 PyObject *err_type, *err_value, *err_traceback;
894 int have_error = PyErr_Occurred() ? 1 : 0;
897 PyErr_Fetch(&err_type, &err_value, &err_traceback);
898 if(self->parent_entry != NULL) {
899 Py_DECREF(self->parent_entry);
900 self->parent_entry = NULL;
903 PyErr_Restore(err_type, err_value, err_traceback);
907 /* Permset string representation */
908 static PyObject* Permset_str(PyObject *obj) {
909 Permset_Object *self = (Permset_Object*) obj;
912 pstr[0] = get_perm(self->permset, ACL_READ) ? 'r' : '-';
913 pstr[1] = get_perm(self->permset, ACL_WRITE) ? 'w' : '-';
914 pstr[2] = get_perm(self->permset, ACL_EXECUTE) ? 'x' : '-';
915 return PyString_FromStringAndSize(pstr, 3);
918 static char __Permset_clear_doc__[] =
919 "Clear all permissions from the permission set.\n"
922 /* Clears all permissions from the permset */
923 static PyObject* Permset_clear(PyObject* obj, PyObject* args) {
924 Permset_Object *self = (Permset_Object*) obj;
926 if(acl_clear_perms(self->permset) == -1)
927 return PyErr_SetFromErrno(PyExc_IOError);
929 /* Return the result */
934 static PyObject* Permset_get_right(PyObject *obj, void* arg) {
935 Permset_Object *self = (Permset_Object*) obj;
937 if(get_perm(self->permset, *(acl_perm_t*)arg)) {
946 static int Permset_set_right(PyObject* obj, PyObject* value, void* arg) {
947 Permset_Object *self = (Permset_Object*) obj;
951 if(!PyInt_Check(value)) {
952 PyErr_SetString(PyExc_ValueError, "a maximum of one argument must"
956 on = PyInt_AsLong(value);
958 nerr = acl_add_perm(self->permset, *(acl_perm_t*)arg);
960 nerr = acl_delete_perm(self->permset, *(acl_perm_t*)arg);
962 PyErr_SetFromErrno(PyExc_IOError);
968 static char __Permset_add_doc__[] =
969 "Add a permission to the permission set.\n"
971 "The add() function adds the permission contained in \n"
972 "the argument perm to the permission set. An attempt \n"
973 "to add a permission that is already contained in the \n"
974 "permission set is not considered an error.\n"
977 " - perm: a permission (ACL_WRITE, ACL_READ, ACL_EXECUTE, ...)\n"
979 "Return value: None\n"
981 "Can raise: IOError\n"
984 static PyObject* Permset_add(PyObject* obj, PyObject* args) {
985 Permset_Object *self = (Permset_Object*) obj;
988 if (!PyArg_ParseTuple(args, "i", &right))
991 if(acl_add_perm(self->permset, (acl_perm_t) right) == -1)
992 return PyErr_SetFromErrno(PyExc_IOError);
994 /* Return the result */
999 static char __Permset_delete_doc__[] =
1000 "Delete a permission from the permission set.\n"
1002 "The delete() function deletes the permission contained in \n"
1003 "the argument perm from the permission set. An attempt \n"
1004 "to delete a permission that is not contained in the \n"
1005 "permission set is not considered an error.\n"
1007 " - perm a permission (ACL_WRITE, ACL_READ, ACL_EXECUTE, ...)\n"
1008 "Return value: None\n"
1010 "Can raise: IOError\n"
1013 static PyObject* Permset_delete(PyObject* obj, PyObject* args) {
1014 Permset_Object *self = (Permset_Object*) obj;
1017 if (!PyArg_ParseTuple(args, "i", &right))
1020 if(acl_delete_perm(self->permset, (acl_perm_t) right) == -1)
1021 return PyErr_SetFromErrno(PyExc_IOError);
1023 /* Return the result */
1028 static char __Permset_test_doc__[] =
1029 "Test if a permission exists in the permission set.\n"
1031 "The test() function tests if the permission contained in \n"
1032 "the argument perm exits the permission set.\n"
1034 " - perm a permission (ACL_WRITE, ACL_READ, ACL_EXECUTE, ...)\n"
1035 "Return value: Boolean\n"
1037 "Can raise: IOError\n"
1040 static PyObject* Permset_test(PyObject* obj, PyObject* args) {
1041 Permset_Object *self = (Permset_Object*) obj;
1045 if (!PyArg_ParseTuple(args, "i", &right))
1048 ret = get_perm(self->permset, (acl_perm_t) right);
1050 return PyErr_SetFromErrno(PyExc_IOError);
1056 Py_INCREF(Py_False);
1063 static char __ACL_Type_doc__[] =
1064 "Type which represents a POSIX ACL\n"
1066 "Parameters (only one keword parameter should be provided):\n"
1067 " - file=\"...\", meaning create ACL representing\n"
1068 " the access ACL of that file\n"
1069 " - filedef=\"...\", meaning create ACL representing\n"
1070 " the default ACL of that directory\n"
1071 " - fd=<int>, meaning create ACL representing\n"
1072 " the access ACL of that file descriptor\n"
1073 " - text=\"...\", meaning create ACL from a \n"
1074 " textual description\n"
1075 " - acl=<ACL instance>, meaning create a copy\n"
1076 " of an existing ACL instance\n"
1077 " - mode=<int>, meaning create an ACL from a numeric mode\n"
1078 " (e.g. mode=0644) (this is valid only when the C library\n"
1079 " provides the acl_from_mode call)\n"
1081 "If no parameters are passed, create an empty ACL; this\n"
1082 "makes sense only when your OS supports ACL modification\n"
1083 "(i.e. it implements full POSIX.1e support)\n"
1086 /* ACL type methods */
1087 static PyMethodDef ACL_methods[] = {
1088 {"applyto", ACL_applyto, METH_VARARGS, __applyto_doc__},
1089 {"valid", ACL_valid, METH_NOARGS, __valid_doc__},
1091 {"to_any_text", (PyCFunction)ACL_to_any_text, METH_VARARGS | METH_KEYWORDS,
1092 __to_any_text_doc__},
1093 {"check", ACL_check, METH_NOARGS, __check_doc__},
1094 {"equiv_mode", ACL_equiv_mode, METH_NOARGS, __equiv_mode_doc__},
1096 #ifdef HAVE_ACL_COPYEXT
1097 {"__getstate__", ACL_get_state, METH_NOARGS,
1098 "Dumps the ACL to an external format."},
1099 {"__setstate__", ACL_set_state, METH_VARARGS,
1100 "Loads the ACL from an external format."},
1103 {"delete_entry", ACL_delete_entry, METH_VARARGS, __ACL_delete_entry_doc__},
1104 {"calc_mask", ACL_calc_mask, METH_NOARGS, __ACL_calc_mask_doc__},
1105 {"append", ACL_append, METH_VARARGS, __ACL_append_doc__},
1107 {NULL, NULL, 0, NULL}
1111 /* The definition of the ACL Type */
1112 static PyTypeObject ACL_Type = {
1113 PyObject_HEAD_INIT(NULL)
1118 ACL_dealloc, /* tp_dealloc */
1122 ACL_nocmp, /* tp_compare */
1124 0, /* tp_as_number */
1125 0, /* tp_as_sequence */
1126 0, /* tp_as_mapping */
1129 ACL_str, /* tp_str */
1130 0, /* tp_getattro */
1131 0, /* tp_setattro */
1132 0, /* tp_as_buffer */
1133 Py_TPFLAGS_DEFAULT, /* tp_flags */
1134 __ACL_Type_doc__, /* tp_doc */
1135 0, /* tp_traverse */
1138 ACL_richcompare, /* tp_richcompare */
1140 0, /* tp_richcompare */
1142 0, /* tp_weaklistoffset */
1148 0, /* tp_iternext */
1150 ACL_methods, /* tp_methods */
1155 0, /* tp_descr_get */
1156 0, /* tp_descr_set */
1157 0, /* tp_dictoffset */
1158 ACL_init, /* tp_init */
1160 ACL_new, /* tp_new */
1165 /* Entry type methods */
1166 static PyMethodDef Entry_methods[] = {
1167 {"copy", Entry_copy, METH_VARARGS, __Entry_copy_doc__},
1168 {NULL, NULL, 0, NULL}
1171 static char __Entry_tagtype_doc__[] =
1172 "The tag type of the current entry\n"
1175 " - ACL_UNDEFINED_TAG\n"
1178 " - ACL_GROUP_OBJ\n"
1184 static char __Entry_qualifier_doc__[] =
1185 "The qualifier of the current entry\n"
1187 "If the tag type is ACL_USER, this should be a user id.\n"
1188 "If the tag type if ACL_GROUP, this should be a group id.\n"
1189 "Else, it doesn't matter.\n"
1192 static char __Entry_parent_doc__[] =
1193 "The parent ACL of this entry\n"
1196 static char __Entry_permset_doc__[] =
1197 "The permission set of this ACL entry\n"
1201 static PyGetSetDef Entry_getsets[] = {
1202 {"tag_type", Entry_get_tag_type, Entry_set_tag_type,
1203 __Entry_tagtype_doc__},
1204 {"qualifier", Entry_get_qualifier, Entry_set_qualifier,
1205 __Entry_qualifier_doc__},
1206 {"parent", Entry_get_parent, NULL, __Entry_parent_doc__},
1207 {"permset", Entry_get_permset, Entry_set_permset, __Entry_permset_doc__},
1211 static char __Entry_Type_doc__[] =
1212 "Type which represents an entry in an ACL.\n"
1214 "The type exists only if the OS has full support for POSIX.1e\n"
1215 "Can be created either by:\n"
1217 " >>> e = posix1e.Entry(myACL) # this creates a new entry in the ACL\n"
1218 " >>> e = myACL.append() # another way for doing the same thing\n"
1221 " >>> for entry in myACL:\n"
1222 " ... print entry\n"
1224 "Note that the Entry keeps a reference to its ACL, so even if \n"
1225 "you delete the ACL, it won't be cleaned up and will continue to \n"
1226 "exist until its Entry(ies) will be deleted.\n"
1228 /* The definition of the Entry Type */
1229 static PyTypeObject Entry_Type = {
1230 PyObject_HEAD_INIT(NULL)
1233 sizeof(Entry_Object),
1235 Entry_dealloc, /* tp_dealloc */
1241 0, /* tp_as_number */
1242 0, /* tp_as_sequence */
1243 0, /* tp_as_mapping */
1246 Entry_str, /* tp_str */
1247 0, /* tp_getattro */
1248 0, /* tp_setattro */
1249 0, /* tp_as_buffer */
1250 Py_TPFLAGS_DEFAULT, /* tp_flags */
1251 __Entry_Type_doc__, /* tp_doc */
1252 0, /* tp_traverse */
1254 0, /* tp_richcompare */
1255 0, /* tp_weaklistoffset */
1257 0, /* tp_iternext */
1258 Entry_methods, /* tp_methods */
1260 Entry_getsets, /* tp_getset */
1263 0, /* tp_descr_get */
1264 0, /* tp_descr_set */
1265 0, /* tp_dictoffset */
1266 Entry_init, /* tp_init */
1268 Entry_new, /* tp_new */
1271 /* Permset type methods */
1272 static PyMethodDef Permset_methods[] = {
1273 {"clear", Permset_clear, METH_NOARGS, __Permset_clear_doc__, },
1274 {"add", Permset_add, METH_VARARGS, __Permset_add_doc__, },
1275 {"delete", Permset_delete, METH_VARARGS, __Permset_delete_doc__, },
1276 {"test", Permset_test, METH_VARARGS, __Permset_test_doc__, },
1277 {NULL, NULL, 0, NULL}
1280 static char __Permset_execute_doc__[] =
1281 "Execute permsission\n"
1283 "This is a convenience method of access; the \n"
1284 "same effect can be achieved using the functions\n"
1285 "add(), test(), delete(), and those can take any \n"
1286 "permission defined by your platform.\n"
1289 static char __Permset_read_doc__[] =
1290 "Read permsission\n"
1292 "This is a convenience method of access; the \n"
1293 "same effect can be achieved using the functions\n"
1294 "add(), test(), delete(), and those can take any \n"
1295 "permission defined by your platform.\n"
1298 static char __Permset_write_doc__[] =
1299 "Write permsission\n"
1301 "This is a convenience method of access; the \n"
1302 "same effect can be achieved using the functions\n"
1303 "add(), test(), delete(), and those can take any \n"
1304 "permission defined by your platform.\n"
1307 /* Permset getset */
1308 static PyGetSetDef Permset_getsets[] = {
1309 {"execute", Permset_get_right, Permset_set_right,
1310 __Permset_execute_doc__, &holder_ACL_EXECUTE},
1311 {"read", Permset_get_right, Permset_set_right,
1312 __Permset_read_doc__, &holder_ACL_READ},
1313 {"write", Permset_get_right, Permset_set_right,
1314 __Permset_write_doc__, &holder_ACL_WRITE},
1318 static char __Permset_Type_doc__[] =
1319 "Type which represents the permission set in an ACL entry\n"
1321 "The type exists only if the OS has full support for POSIX.1e\n"
1322 "Can be retrieved either by:\n\n"
1323 ">>> perms = myEntry.permset\n"
1326 ">>> perms = posix1e.Permset(myEntry)\n"
1328 "Note that the Permset keeps a reference to its Entry, so even if \n"
1329 "you delete the entry, it won't be cleaned up and will continue to \n"
1330 "exist until its Permset will be deleted.\n"
1333 /* The definition of the Permset Type */
1334 static PyTypeObject Permset_Type = {
1335 PyObject_HEAD_INIT(NULL)
1338 sizeof(Permset_Object),
1340 Permset_dealloc, /* tp_dealloc */
1346 0, /* tp_as_number */
1347 0, /* tp_as_sequence */
1348 0, /* tp_as_mapping */
1351 Permset_str, /* tp_str */
1352 0, /* tp_getattro */
1353 0, /* tp_setattro */
1354 0, /* tp_as_buffer */
1355 Py_TPFLAGS_DEFAULT, /* tp_flags */
1356 __Permset_Type_doc__,/* tp_doc */
1357 0, /* tp_traverse */
1359 0, /* tp_richcompare */
1360 0, /* tp_weaklistoffset */
1362 0, /* tp_iternext */
1363 Permset_methods, /* tp_methods */
1365 Permset_getsets, /* tp_getset */
1368 0, /* tp_descr_get */
1369 0, /* tp_descr_set */
1370 0, /* tp_dictoffset */
1371 Permset_init, /* tp_init */
1373 Permset_new, /* tp_new */
1378 /* Module methods */
1380 static char __deletedef_doc__[] =
1381 "Delete the default ACL from a directory.\n"
1383 "This function deletes the default ACL associated with \n"
1384 "a directory (the ACL which will be ANDed with the mode\n"
1385 "parameter to the open, creat functions).\n"
1387 " - a string representing the directory whose default ACL\n"
1388 " should be deleted\n"
1391 /* Deletes the default ACL from a directory */
1392 static PyObject* aclmodule_delete_default(PyObject* obj, PyObject* args) {
1395 /* Parse the arguments */
1396 if (!PyArg_ParseTuple(args, "s", &filename))
1399 if(acl_delete_def_file(filename) == -1) {
1400 return PyErr_SetFromErrno(PyExc_IOError);
1403 /* Return the result */
1409 static char __has_extended_doc__[] =
1410 "Check if a file or filehandle has an extended ACL.\n"
1413 " - either a filename or a file-like object or an integer; this\n"
1414 " represents the filesystem object on which to act\n"
1417 /* Check for extended ACL a file or fd */
1418 static PyObject* aclmodule_has_extended(PyObject* obj, PyObject* args) {
1423 if (!PyArg_ParseTuple(args, "O", &myarg))
1426 if(PyString_Check(myarg)) {
1427 const char *filename = PyString_AS_STRING(myarg);
1428 nret = acl_extended_file(filename);
1429 } else if((fd = PyObject_AsFileDescriptor(myarg)) != -1) {
1430 nret = acl_extended_fd(fd);
1432 PyErr_SetString(PyExc_TypeError, "argument 1 must be string, int,"
1433 " or file-like object");
1437 return PyErr_SetFromErrno(PyExc_IOError);
1440 /* Return the result */
1441 return PyBool_FromLong(nret);
1445 /* The module methods */
1446 static PyMethodDef aclmodule_methods[] = {
1447 {"delete_default", aclmodule_delete_default, METH_VARARGS,
1450 {"has_extended", aclmodule_has_extended, METH_VARARGS,
1451 __has_extended_doc__},
1453 {NULL, NULL, 0, NULL}
1456 static char __posix1e_doc__[] =
1457 "POSIX.1e ACLs manipulation\n"
1459 "This module provides support for manipulating POSIX.1e ACLS\n"
1461 "Depending on the operating system support for POSIX.1e, \n"
1462 "the ACL type will have more or less capabilities:\n"
1463 " - level 1, only basic support, you can create\n"
1464 " ACLs from files and text descriptions;\n"
1465 " once created, the type is immutable\n"
1466 " - level 2, complete support, you can alter\n"
1467 " the ACL once it is created\n"
1469 "Also, in level 2, more types are available, corresponding\n"
1470 "to acl_entry_t (the Entry type), acl_permset_t (the Permset type).\n"
1472 "The existence of level 2 support and other extensions can be\n"
1473 "checked by the constants:\n"
1474 " - HAS_ACL_ENTRY for level 2 and the Entry/Permset classes\n"
1475 " - HAS_ACL_FROM_MODE for ACL(mode=...) usage\n"
1476 " - HAS_ACL_CHECK for the ACL().check function\n"
1477 " - HAS_EXTENDED_CHECK for the module-level has_extended function\n"
1478 " - HAS_EQUIV_MODE for the ACL().equiv_mode method\n"
1482 ">>> import posix1e\n"
1483 ">>> acl1 = posix1e.ACL(file=\"file.txt\") \n"
1489 ">>> b = posix1e.ACL(text=\"u::rx,g::-,o::-\")\n"
1495 ">>> b.applyto(\"file.txt\")\n"
1496 ">>> print posix1e.ACL(file=\"file.txt\")\n"
1504 void initposix1e(void) {
1507 ACL_Type.ob_type = &PyType_Type;
1508 if(PyType_Ready(&ACL_Type) < 0)
1512 Entry_Type.ob_type = &PyType_Type;
1513 if(PyType_Ready(&Entry_Type) < 0)
1516 Permset_Type.ob_type = &PyType_Type;
1517 if(PyType_Ready(&Permset_Type) < 0)
1521 m = Py_InitModule3("posix1e", aclmodule_methods, __posix1e_doc__);
1523 d = PyModule_GetDict(m);
1527 Py_INCREF(&ACL_Type);
1528 if (PyDict_SetItemString(d, "ACL",
1529 (PyObject *) &ACL_Type) < 0)
1532 /* 23.3.6 acl_type_t values */
1533 PyModule_AddIntConstant(m, "ACL_TYPE_ACCESS", ACL_TYPE_ACCESS);
1534 PyModule_AddIntConstant(m, "ACL_TYPE_DEFAULT", ACL_TYPE_DEFAULT);
1538 Py_INCREF(&Entry_Type);
1539 if (PyDict_SetItemString(d, "Entry",
1540 (PyObject *) &Entry_Type) < 0)
1543 Py_INCREF(&Permset_Type);
1544 if (PyDict_SetItemString(d, "Permset",
1545 (PyObject *) &Permset_Type) < 0)
1548 /* 23.2.2 acl_perm_t values */
1549 PyModule_AddIntConstant(m, "ACL_READ", ACL_READ);
1550 PyModule_AddIntConstant(m, "ACL_WRITE", ACL_WRITE);
1551 PyModule_AddIntConstant(m, "ACL_EXECUTE", ACL_EXECUTE);
1553 /* 23.2.5 acl_tag_t values */
1554 PyModule_AddIntConstant(m, "ACL_UNDEFINED_TAG", ACL_UNDEFINED_TAG);
1555 PyModule_AddIntConstant(m, "ACL_USER_OBJ", ACL_USER_OBJ);
1556 PyModule_AddIntConstant(m, "ACL_USER", ACL_USER);
1557 PyModule_AddIntConstant(m, "ACL_GROUP_OBJ", ACL_GROUP_OBJ);
1558 PyModule_AddIntConstant(m, "ACL_GROUP", ACL_GROUP);
1559 PyModule_AddIntConstant(m, "ACL_MASK", ACL_MASK);
1560 PyModule_AddIntConstant(m, "ACL_OTHER", ACL_OTHER);
1562 /* Document extended functionality via easy-to-use constants */
1563 PyModule_AddIntConstant(m, "HAS_ACL_ENTRY", 1);
1565 PyModule_AddIntConstant(m, "HAS_ACL_ENTRY", 0);
1569 /* Linux libacl specific acl_to_any_text constants */
1570 PyModule_AddIntConstant(m, "TEXT_ABBREVIATE", TEXT_ABBREVIATE);
1571 PyModule_AddIntConstant(m, "TEXT_NUMERIC_IDS", TEXT_NUMERIC_IDS);
1572 PyModule_AddIntConstant(m, "TEXT_SOME_EFFECTIVE", TEXT_SOME_EFFECTIVE);
1573 PyModule_AddIntConstant(m, "TEXT_ALL_EFFECTIVE", TEXT_ALL_EFFECTIVE);
1574 PyModule_AddIntConstant(m, "TEXT_SMART_INDENT", TEXT_SMART_INDENT);
1576 /* Linux libacl specific acl_check constants */
1577 PyModule_AddIntConstant(m, "ACL_MULTI_ERROR", ACL_MULTI_ERROR);
1578 PyModule_AddIntConstant(m, "ACL_DUPLICATE_ERROR", ACL_DUPLICATE_ERROR);
1579 PyModule_AddIntConstant(m, "ACL_MISS_ERROR", ACL_MISS_ERROR);
1580 PyModule_AddIntConstant(m, "ACL_ENTRY_ERROR", ACL_ENTRY_ERROR);
1582 /* declare the Linux extensions */
1583 PyModule_AddIntConstant(m, "HAS_ACL_FROM_MODE", 1);
1584 PyModule_AddIntConstant(m, "HAS_ACL_CHECK", 1);
1585 PyModule_AddIntConstant(m, "HAS_EXTENDED_CHECK", 1);
1586 PyModule_AddIntConstant(m, "HAS_EQUIV_MODE", 1);
1588 PyModule_AddIntConstant(m, "HAS_ACL_FROM_MODE", 0);
1589 PyModule_AddIntConstant(m, "HAS_ACL_CHECK", 0);
1590 PyModule_AddIntConstant(m, "HAS_EXTENDED_CHECK", 0);
1591 PyModule_AddIntConstant(m, "HAS_EQUIV_MODE", 0);