2 posix1e - a python module exposing the posix acl functions
4 Copyright (C) 2002-2009, 2012, 2014, 2015 Iustin Pop <iustin@k1024.org>
6 This library is free software; you can redistribute it and/or
7 modify it under the terms of the GNU Lesser General Public
8 License as published by the Free Software Foundation; either
9 version 2.1 of the License, or (at your option) any later version.
11 This library is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 Lesser General Public License for more details.
16 You should have received a copy of the GNU Lesser General Public
17 License along with this library; if not, write to the Free Software
18 Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
23 #define PY_SSIZE_T_CLEAN
26 #include <sys/types.h>
30 #include <acl/libacl.h>
31 #define get_perm acl_get_perm
33 #define get_perm acl_get_perm_np
36 /* Used for cpychecker: */
37 /* The checker automatically defines this preprocessor name when creating
38 the custom attribute: */
39 #if defined(WITH_CPYCHECKER_TYPE_OBJECT_FOR_TYPEDEF_ATTRIBUTE)
40 #define CPYCHECKER_TYPE_OBJECT_FOR_TYPEDEF(typename) \
41 __attribute__((cpychecker_type_object_for_typedef(typename)))
43 /* This handles the case where we're compiling with a "vanilla"
44 compiler that doesn't supply this attribute: */
45 #define CPYCHECKER_TYPE_OBJECT_FOR_TYPEDEF(typename)
48 /* The checker automatically defines this preprocessor name when creating
49 the custom attribute: */
50 #if defined(WITH_CPYCHECKER_NEGATIVE_RESULT_SETS_EXCEPTION_ATTRIBUTE)
51 #define CPYCHECKER_NEGATIVE_RESULT_SETS_EXCEPTION \
52 __attribute__((cpychecker_negative_result_sets_exception))
54 #define CPYCHECKER_NEGATIVE_RESULT_SETS_EXCEPTION
57 static PyTypeObject ACL_Type
58 CPYCHECKER_TYPE_OBJECT_FOR_TYPEDEF("ACL_Object");
59 static PyObject* ACL_applyto(PyObject* obj, PyObject* args);
60 static PyObject* ACL_valid(PyObject* obj, PyObject* args);
62 #ifdef HAVE_ACL_COPY_EXT
63 static PyObject* ACL_get_state(PyObject *obj, PyObject* args);
64 static PyObject* ACL_set_state(PyObject *obj, PyObject* args);
68 static PyTypeObject Entry_Type
69 CPYCHECKER_TYPE_OBJECT_FOR_TYPEDEF("Entry_Object");
70 static PyTypeObject Permset_Type
71 CPYCHECKER_TYPE_OBJECT_FOR_TYPEDEF("Permset_Object");
72 static PyObject* Permset_new(PyTypeObject* type, PyObject* args,
76 static acl_perm_t holder_ACL_EXECUTE = ACL_EXECUTE;
77 static acl_perm_t holder_ACL_READ = ACL_READ;
78 static acl_perm_t holder_ACL_WRITE = ACL_WRITE;
92 PyObject *parent_acl; /* The parent acl, so it won't run out on us */
98 PyObject *parent_entry; /* The parent entry, so it won't run out on us */
99 acl_permset_t permset;
104 /* Creation of a new ACL instance */
105 static PyObject* ACL_new(PyTypeObject* type, PyObject* args,
110 newacl = type->tp_alloc(type, 0);
115 acl = (ACL_Object*) newacl;
117 acl->acl = acl_init(0);
118 if (acl->acl == NULL) {
119 /* LCOV_EXCL_START */
120 PyErr_SetFromErrno(PyExc_IOError);
126 acl->entry_id = ACL_FIRST_ENTRY;
132 /* Initialization of a new ACL instance */
133 static int ACL_init(PyObject* obj, PyObject* args, PyObject *keywds) {
134 ACL_Object* self = (ACL_Object*) obj;
135 static char *kwlist[] = { "file", "fd", "text", "acl", "filedef",
139 #ifdef HAVE_ACL_COPY_EXT
143 char *format = "|O&OsO!O&"
147 #ifdef HAVE_ACL_COPY_EXT
155 PyObject *file = NULL;
156 PyObject *filedef = NULL;
159 ACL_Object* thesrc = NULL;
160 #ifdef HAVE_ACL_COPY_EXT
161 const void *buf = NULL;
166 if(!PyTuple_Check(args) || PyTuple_Size(args) != 0 ||
167 (keywds != NULL && PyDict_Check(keywds) && PyDict_Size(keywds) > 1)) {
168 PyErr_SetString(PyExc_ValueError, "a max of one keyword argument"
172 if(!PyArg_ParseTupleAndKeywords(args, keywds, format, kwlist,
173 PyUnicode_FSConverter, &file,
174 &fd, &text, &ACL_Type, &thesrc,
175 PyUnicode_FSConverter, &filedef
179 #ifdef HAVE_ACL_COPY_EXT
186 char *path = PyBytes_AS_STRING(file);
187 new = acl_get_file(path, ACL_TYPE_ACCESS);
188 // Set custom exception on this failure path which includes
191 PyErr_SetFromErrnoWithFilename(PyExc_IOError, path);
195 } else if(text != NULL)
196 new = acl_from_text(text);
197 else if(fd != NULL) {
199 if ((fdval = PyObject_AsFileDescriptor(fd)) != -1) {
200 new = acl_get_fd(fdval);
202 } else if(thesrc != NULL)
203 new = acl_dup(thesrc->acl);
204 else if(filedef != NULL) {
205 char *path = PyBytes_AS_STRING(filedef);
206 new = acl_get_file(path, ACL_TYPE_DEFAULT);
207 // Set custom exception on this failure path which includes
210 PyErr_SetFromErrnoWithFilename(PyExc_IOError, path);
217 new = acl_from_mode(mode);
219 #ifdef HAVE_ACL_COPY_EXT
220 else if(buf != NULL) {
221 new = acl_copy_int(buf);
229 PyErr_SetFromErrno(PyExc_IOError);
234 /* Free the old acl_t without checking for error, we don't
236 if(self->acl != NULL)
244 /* Standard type functions */
245 static void ACL_dealloc(PyObject* obj) {
246 ACL_Object *self = (ACL_Object*) obj;
247 PyObject *err_type, *err_value, *err_traceback;
248 int have_error = PyErr_Occurred() ? 1 : 0;
251 PyErr_Fetch(&err_type, &err_value, &err_traceback);
252 if(self->acl != NULL && acl_free(self->acl) != 0)
253 PyErr_WriteUnraisable(obj); /* LCOV_EXCL_LINE */
255 PyErr_Restore(err_type, err_value, err_traceback);
259 /* Converts the acl to a text format */
260 static PyObject* ACL_str(PyObject *obj) {
262 ACL_Object *self = (ACL_Object*) obj;
265 text = acl_to_text(self->acl, NULL);
267 /* LCOV_EXCL_START */
268 return PyErr_SetFromErrno(PyExc_IOError);
271 ret = PyUnicode_FromString(text);
272 if(acl_free(text) != 0) {
273 /* LCOV_EXCL_START */
275 return PyErr_SetFromErrno(PyExc_IOError);
282 static char __to_any_text_doc__[] =
283 "to_any_text([prefix='', separator='n', options=0])\n"
284 "Convert the ACL to a custom text format.\n"
286 "This method encapsulates the ``acl_to_any_text()`` function.\n"
287 "It allows a customized text format to be generated for the ACL. See\n"
288 ":manpage:`acl_to_any_text(3)` for more details.\n"
290 ":param string prefix: if given, this string will be pre-pended to\n"
292 ":param string separator: a single character (defaults to '\\n'); this will"
293 " be used to separate the entries in the ACL\n"
294 ":param options: a bitwise combination of:\n\n"
295 " - :py:data:`TEXT_ABBREVIATE`: use 'u' instead of 'user', 'g' \n"
296 " instead of 'group', etc.\n"
297 " - :py:data:`TEXT_NUMERIC_IDS`: User and group IDs are included as\n"
298 " decimal numbers instead of names\n"
299 " - :py:data:`TEXT_SOME_EFFECTIVE`: Include comments denoting the\n"
300 " effective permissions when some are masked\n"
301 " - :py:data:`TEXT_ALL_EFFECTIVE`: Include comments after all ACL\n"
302 " entries affected by an ACL_MASK entry\n"
303 " - :py:data:`TEXT_SMART_INDENT`: Used in combination with the\n"
304 " _EFFECTIVE options, this will ensure that comments are aligned\n"
305 " to the fourth tab position (assuming one tab equals eight spaces)\n"
309 /* Converts the acl to a custom text format */
310 static PyObject* ACL_to_any_text(PyObject *obj, PyObject *args,
313 ACL_Object *self = (ACL_Object*) obj;
315 const char *arg_prefix = NULL;
316 char arg_separator = '\n';
318 static char *kwlist[] = {"prefix", "separator", "options", NULL};
320 if (!PyArg_ParseTupleAndKeywords(args, kwds, "|sci", kwlist, &arg_prefix,
321 &arg_separator, &arg_options))
324 text = acl_to_any_text(self->acl, arg_prefix, arg_separator, arg_options);
326 return PyErr_SetFromErrno(PyExc_IOError); /* LCOV_EXCL_LINE */
328 ret = PyBytes_FromString(text);
329 if(acl_free(text) != 0) {
330 /* LCOV_EXCL_START */
332 return PyErr_SetFromErrno(PyExc_IOError);
338 static char __check_doc__[] =
339 "Check the ACL validity.\n"
341 "This is a non-portable, Linux specific extension that allow more\n"
342 "information to be retrieved in case an ACL is not valid than via the\n"
343 ":py:func:`valid` method.\n"
345 "This method will return either False (the ACL is valid), or a tuple\n"
346 "with two elements. The first element is one of the following\n"
348 " - :py:data:`ACL_MULTI_ERROR`: The ACL contains multiple entries that\n"
349 " have a tag type that may occur at most once\n"
350 " - :py:data:`ACL_DUPLICATE_ERROR`: The ACL contains multiple \n"
351 " :py:data:`ACL_USER` or :py:data:`ACL_GROUP` entries with the\n"
353 " - :py:data:`ACL_MISS_ERROR`: A required entry is missing\n"
354 " - :py:data:`ACL_ENTRY_ERROR`: The ACL contains an invalid entry\n"
357 "The second element of the tuple is the index of the entry that is\n"
358 "invalid (in the same order as by iterating over the ACL entry)\n"
361 /* The acl_check method */
362 static PyObject* ACL_check(PyObject* obj, PyObject* args) {
363 ACL_Object *self = (ACL_Object*) obj;
367 if((result = acl_check(self->acl, &eindex)) == -1)
368 return PyErr_SetFromErrno(PyExc_IOError); /* LCOV_EXCL_LINE */
372 return Py_BuildValue("(ii)", result, eindex);
375 /* Implementation of the rich compare for ACLs */
376 static PyObject* ACL_richcompare(PyObject* o1, PyObject* o2, int op) {
377 ACL_Object *acl1, *acl2;
381 if(!PyObject_IsInstance(o2, (PyObject*)&ACL_Type)) {
386 PyErr_SetString(PyExc_TypeError, "can only compare to an ACL");
390 acl1 = (ACL_Object*)o1;
391 acl2 = (ACL_Object*)o2;
392 if((n=acl_cmp(acl1->acl, acl2->acl))==-1)
393 return PyErr_SetFromErrno(PyExc_IOError); /* LCOV_EXCL_LINE */
396 ret = n == 0 ? Py_True : Py_False;
399 ret = n == 1 ? Py_True : Py_False;
402 PyErr_SetString(PyExc_TypeError, "ACLs are not orderable");
409 static char __equiv_mode_doc__[] =
410 "Return the octal mode the ACL is equivalent to.\n"
412 "This is a non-portable, Linux specific extension that checks\n"
413 "if the ACL is a basic ACL and returns the corresponding mode.\n"
416 ":raise IOError: An IOerror exception will be raised if the ACL is\n"
417 " an extended ACL.\n"
420 /* The acl_equiv_mode method */
421 static PyObject* ACL_equiv_mode(PyObject* obj, PyObject* args) {
422 ACL_Object *self = (ACL_Object*) obj;
425 if(acl_equiv_mode(self->acl, &mode) == -1)
426 return PyErr_SetFromErrno(PyExc_IOError); /* LCOV_EXCL_LINE */
427 return PyLong_FromLong(mode);
432 static char __applyto_doc__[] =
433 "applyto(item[, flag=ACL_TYPE_ACCESS])\n"
434 "Apply the ACL to a file or filehandle.\n"
436 ":param item: either a filename or a file-like object or an integer;\n"
437 " this represents the filesystem object on which to act\n"
438 ":param flag: optional flag representing the type of ACL to set, either\n"
439 " :py:data:`ACL_TYPE_ACCESS` (default) or :py:data:`ACL_TYPE_DEFAULT`\n"
442 /* Applies the ACL to a file */
443 static PyObject* ACL_applyto(PyObject* obj, PyObject* args) {
444 ACL_Object *self = (ACL_Object*) obj;
445 PyObject *target, *tmp;
446 acl_type_t type = ACL_TYPE_ACCESS;
450 if (!PyArg_ParseTuple(args, "O|I", &target, &type))
452 if ((fd = PyObject_AsFileDescriptor(target)) != -1) {
453 if((nret = acl_set_fd(fd, self->acl)) == -1) {
454 PyErr_SetFromErrno(PyExc_IOError);
457 // PyObject_AsFileDescriptor sets an error when failing, so clear
458 // it such that further code works; some method lookups fail if an
459 // error already occured when called, which breaks at least
460 // PyOS_FSPath (called by FSConverter).
462 if(PyUnicode_FSConverter(target, &tmp)) {
463 char *filename = PyBytes_AS_STRING(tmp);
464 if ((nret = acl_set_file(filename, type, self->acl)) == -1) {
465 PyErr_SetFromErrnoWithFilename(PyExc_IOError, filename);
479 static char __valid_doc__[] =
480 "Test the ACL for validity.\n"
482 "This method tests the ACL to see if it is a valid ACL\n"
483 "in terms of the file-system. More precisely, it checks that:\n"
485 "The ACL contains exactly one entry with each of the\n"
486 ":py:data:`ACL_USER_OBJ`, :py:data:`ACL_GROUP_OBJ`, and \n"
487 ":py:data:`ACL_OTHER` tag types. Entries\n"
488 "with :py:data:`ACL_USER` and :py:data:`ACL_GROUP` tag types may\n"
489 "appear zero or more\n"
490 "times in an ACL. An ACL that contains entries of :py:data:`ACL_USER` or\n"
491 ":py:data:`ACL_GROUP` tag types must contain exactly one entry of the \n"
492 ":py:data:`ACL_MASK` tag type. If an ACL contains no entries of\n"
493 ":py:data:`ACL_USER` or :py:data:`ACL_GROUP` tag types, the\n"
494 ":py:data:`ACL_MASK` entry is optional.\n"
496 "All user ID qualifiers must be unique among all entries of\n"
497 "the :py:data:`ACL_USER` tag type, and all group IDs must be unique\n"
498 "among all entries of :py:data:`ACL_GROUP` tag type.\n"
500 "The method will return 1 for a valid ACL and 0 for an invalid one.\n"
501 "This has been chosen because the specification for\n"
502 ":manpage:`acl_valid(3)`\n"
503 "in the POSIX.1e standard documents only one possible value for errno\n"
504 "in case of an invalid ACL, so we can't differentiate between\n"
505 "classes of errors. Other suggestions are welcome.\n"
511 /* Checks the ACL for validity */
512 static PyObject* ACL_valid(PyObject* obj, PyObject* args) {
513 ACL_Object *self = (ACL_Object*) obj;
515 if(acl_valid(self->acl) == -1) {
522 #ifdef HAVE_ACL_COPY_EXT
523 static PyObject* ACL_get_state(PyObject *obj, PyObject* args) {
524 ACL_Object *self = (ACL_Object*) obj;
529 size = acl_size(self->acl);
531 return PyErr_SetFromErrno(PyExc_IOError); /* LCOV_EXCL_LINE */
533 if((ret = PyBytes_FromStringAndSize(NULL, size)) == NULL)
535 buf = PyBytes_AsString(ret);
537 if((nsize = acl_copy_ext(buf, self->acl, size)) == -1) {
538 /* LCOV_EXCL_START */
540 return PyErr_SetFromErrno(PyExc_IOError);
547 static PyObject* ACL_set_state(PyObject *obj, PyObject* args) {
548 ACL_Object *self = (ACL_Object*) obj;
553 /* Parse the argument */
554 if (!PyArg_ParseTuple(args, "y#", &buf, &bufsize))
557 /* Try to import the external representation */
558 if((ptr = acl_copy_int(buf)) == NULL)
559 return PyErr_SetFromErrno(PyExc_IOError);
561 /* Free the old acl. Should we ignore errors here? */
562 if(self->acl != NULL) {
563 if(acl_free(self->acl) == -1)
564 return PyErr_SetFromErrno(PyExc_IOError); /* LCOV_EXCL_LINE */
575 /* tp_iter for the ACL type; since it can be iterated only
576 * destructively, the type is its iterator
578 static PyObject* ACL_iter(PyObject *obj) {
579 ACL_Object *self = (ACL_Object*)obj;
580 self->entry_id = ACL_FIRST_ENTRY;
585 /* the tp_iternext function for the ACL type */
586 static PyObject* ACL_iternext(PyObject *obj) {
587 ACL_Object *self = (ACL_Object*)obj;
588 acl_entry_t the_entry_t;
589 Entry_Object *the_entry_obj;
592 nerr = acl_get_entry(self->acl, self->entry_id, &the_entry_t);
593 self->entry_id = ACL_NEXT_ENTRY;
595 return PyErr_SetFromErrno(PyExc_IOError); /* LCOV_EXCL_LINE */
597 /* Docs says this is not needed */
598 /*PyErr_SetObject(PyExc_StopIteration, Py_None);*/
602 the_entry_obj = (Entry_Object*) PyType_GenericNew(&Entry_Type, NULL, NULL);
603 if(the_entry_obj == NULL)
606 the_entry_obj->entry = the_entry_t;
608 the_entry_obj->parent_acl = obj;
609 Py_INCREF(obj); /* For the reference we have in entry->parent */
611 return (PyObject*)the_entry_obj;
614 static char __ACL_delete_entry_doc__[] =
615 "delete_entry(entry)\n"
616 "Deletes an entry from the ACL.\n"
618 ".. note:: Only available with level 2.\n"
620 ":param entry: the Entry object which should be deleted; note that after\n"
621 " this function is called, that object is unusable any longer\n"
622 " and should be deleted\n"
625 /* Deletes an entry from the ACL */
626 static PyObject* ACL_delete_entry(PyObject *obj, PyObject *args) {
627 ACL_Object *self = (ACL_Object*)obj;
630 if (!PyArg_ParseTuple(args, "O!", &Entry_Type, &e))
633 if (e->parent_acl != obj) {
634 PyErr_SetString(PyExc_ValueError,
635 "Can't remove un-owned entry");
638 if(acl_delete_entry(self->acl, e->entry) == -1)
639 return PyErr_SetFromErrno(PyExc_IOError);
644 static char __ACL_calc_mask_doc__[] =
645 "Compute the file group class mask.\n"
647 "The calc_mask() method calculates and sets the permissions \n"
648 "associated with the :py:data:`ACL_MASK` Entry of the ACL.\n"
649 "The value of the new permissions is the union of the permissions \n"
650 "granted by all entries of tag type :py:data:`ACL_GROUP`, \n"
651 ":py:data:`ACL_GROUP_OBJ`, or \n"
652 ":py:data:`ACL_USER`. If the ACL already contains an :py:data:`ACL_MASK`\n"
654 "permissions are overwritten; if it does not contain an \n"
655 ":py:data:`ACL_MASK` Entry, one is added.\n"
657 "The order of existing entries in the ACL is undefined after this \n"
661 /* Updates the mask entry in the ACL */
662 static PyObject* ACL_calc_mask(PyObject *obj, PyObject *args) {
663 ACL_Object *self = (ACL_Object*)obj;
665 if(acl_calc_mask(&self->acl) == -1)
666 return PyErr_SetFromErrno(PyExc_IOError);
671 static char __ACL_append_doc__[] =
673 "Append a new Entry to the ACL and return it.\n"
675 "This is a convenience function to create a new Entry \n"
676 "and append it to the ACL.\n"
677 "If a parameter of type Entry instance is given, the \n"
678 "entry will be a copy of that one (as if copied with \n"
679 ":py:func:`Entry.copy`), otherwise, the new entry will be empty.\n"
681 ":rtype: :py:class:`Entry`\n"
682 ":returns: the newly created entry\n"
685 /* Convenience method to create a new Entry */
686 static PyObject* ACL_append(PyObject *obj, PyObject *args) {
687 Entry_Object* newentry;
688 Entry_Object* oldentry = NULL;
691 if (!PyArg_ParseTuple(args, "|O!", &Entry_Type, &oldentry)) {
695 PyObject *new_arglist = Py_BuildValue("(O)", obj);
696 if (new_arglist == NULL) {
699 newentry = (Entry_Object*) PyObject_CallObject((PyObject*)&Entry_Type, new_arglist);
700 Py_DECREF(new_arglist);
701 if(newentry == NULL) {
705 if(oldentry != NULL) {
706 nret = acl_copy_entry(newentry->entry, oldentry->entry);
708 /* LCOV_EXCL_START */
710 return PyErr_SetFromErrno(PyExc_IOError);
715 return (PyObject*)newentry;
718 /***** Entry type *****/
728 /* Pre-declaring the function is more friendly to cpychecker, sigh. */
729 static int get_tag_qualifier(acl_entry_t entry, tag_qual *tq)
730 CPYCHECKER_NEGATIVE_RESULT_SETS_EXCEPTION;
732 /* Helper function to get the tag and qualifier of an Entry at the
733 same time. This is "needed" because the acl_get_qualifier function
734 returns a pointer to different types, based on the tag value, and
735 thus it's not straightforward to get the right type.
737 It sets a Python exception if an error occurs, and returns -1 in
738 this case. If successful, the tag is set to the tag type, the
739 qualifier (if any) to either the uid or the gid entry in the
740 tag_qual structure, and the return value is 0.
742 static int get_tag_qualifier(acl_entry_t entry, tag_qual *tq) {
745 if(acl_get_tag_type(entry, &tq->tag) == -1) {
746 /* LCOV_EXCL_START */
747 PyErr_SetFromErrno(PyExc_IOError);
751 if (tq->tag == ACL_USER || tq->tag == ACL_GROUP) {
752 if((p = acl_get_qualifier(entry)) == NULL) {
753 /* LCOV_EXCL_START */
754 PyErr_SetFromErrno(PyExc_IOError);
758 if (tq->tag == ACL_USER) {
759 tq->uid = *(uid_t*)p;
761 tq->gid = *(gid_t*)p;
768 #define ENTRY_SET_CHECK(self, attr, value) \
769 if (value == NULL) { \
770 PyErr_SetString(PyExc_TypeError, \
771 attr " deletion is not supported"); \
775 /* Creation of a new Entry instance */
776 static PyObject* Entry_new(PyTypeObject* type, PyObject* args,
780 ACL_Object* parent = NULL;
782 if (!PyArg_ParseTuple(args, "O!", &ACL_Type, &parent))
785 newentry = PyType_GenericNew(type, args, keywds);
787 if(newentry == NULL) {
791 entry = (Entry_Object*)newentry;
793 if(acl_create_entry(&parent->acl, &entry->entry) == -1) {
794 /* LCOV_EXCL_START */
795 PyErr_SetFromErrno(PyExc_IOError);
801 entry->parent_acl = (PyObject*)parent;
805 /* Initialization of a new Entry instance */
806 static int Entry_init(PyObject* obj, PyObject* args, PyObject *keywds) {
807 Entry_Object* self = (Entry_Object*) obj;
808 ACL_Object* parent = NULL;
810 if (!PyArg_ParseTuple(args, "O!", &ACL_Type, &parent))
813 if ((PyObject*)parent != self->parent_acl) {
814 PyErr_SetString(PyExc_ValueError,
815 "Can't reinitialize with a different parent");
821 /* Free the Entry instance */
822 static void Entry_dealloc(PyObject* obj) {
823 Entry_Object *self = (Entry_Object*) obj;
824 PyObject *err_type, *err_value, *err_traceback;
825 int have_error = PyErr_Occurred() ? 1 : 0;
828 PyErr_Fetch(&err_type, &err_value, &err_traceback);
829 if(self->parent_acl != NULL) {
830 Py_DECREF(self->parent_acl);
831 self->parent_acl = NULL;
834 PyErr_Restore(err_type, err_value, err_traceback);
838 /* Converts the entry to a text format */
839 static PyObject* Entry_str(PyObject *obj) {
840 PyObject *format, *kind;
841 Entry_Object *self = (Entry_Object*) obj;
844 if(get_tag_qualifier(self->entry, &tq) < 0) {
848 format = PyUnicode_FromString("ACL entry for ");
852 case ACL_UNDEFINED_TAG:
853 kind = PyUnicode_FromString("undefined type");
856 kind = PyUnicode_FromString("the owner");
859 kind = PyUnicode_FromString("the group");
862 kind = PyUnicode_FromString("the others");
865 /* FIXME: here and in the group case, we're formatting with
866 unsigned, because there's no way to automatically determine
867 the signed-ness of the types; on Linux(glibc) they're
868 unsigned, so we'll go along with that */
869 kind = PyUnicode_FromFormat("user with uid %u", tq.uid);
872 kind = PyUnicode_FromFormat("group with gid %u", tq.gid);
875 kind = PyUnicode_FromString("the mask");
877 default: /* LCOV_EXCL_START */
878 kind = PyUnicode_FromString("UNKNOWN_TAG_TYPE!");
883 /* LCOV_EXCL_START */
888 PyObject *ret = PyUnicode_Concat(format, kind);
894 /* Sets the tag type of the entry */
895 static int Entry_set_tag_type(PyObject* obj, PyObject* value, void* arg) {
896 Entry_Object *self = (Entry_Object*) obj;
898 ENTRY_SET_CHECK(self, "tag type", value);
900 if(!PyLong_Check(value)) {
901 PyErr_SetString(PyExc_TypeError,
902 "tag type must be integer");
905 if(acl_set_tag_type(self->entry, (acl_tag_t)PyLong_AsLong(value)) == -1) {
906 PyErr_SetFromErrno(PyExc_IOError);
913 /* Returns the tag type of the entry */
914 static PyObject* Entry_get_tag_type(PyObject *obj, void* arg) {
915 Entry_Object *self = (Entry_Object*) obj;
918 if(acl_get_tag_type(self->entry, &value) == -1) {
919 /* LCOV_EXCL_START */
920 PyErr_SetFromErrno(PyExc_IOError);
925 return PyLong_FromLong(value);
928 /* Sets the qualifier (either uid_t or gid_t) for the entry,
929 * usable only if the tag type if ACL_USER or ACL_GROUP
931 static int Entry_set_qualifier(PyObject* obj, PyObject* value, void* arg) {
932 Entry_Object *self = (Entry_Object*) obj;
933 unsigned long uidgid;
939 ENTRY_SET_CHECK(self, "qualifier", value);
941 if(!PyLong_Check(value)) {
942 PyErr_SetString(PyExc_TypeError,
943 "qualifier must be integer");
946 /* This is the negative value check, and larger than long
947 check. If uid_t/gid_t are long-sized, this is enough to check
948 for both over and underflow. */
949 if((uidgid = PyLong_AsUnsignedLong(value)) == (unsigned long) -1) {
950 if(PyErr_Occurred() != NULL) {
954 /* Due to how acl_set_qualifier takes its argument, we have to do
955 this ugly dance with two variables and a pointer that will
956 point to one of them. */
957 if(acl_get_tag_type(self->entry, &tag) == -1) {
958 /* LCOV_EXCL_START */
959 PyErr_SetFromErrno(PyExc_IOError);
965 /* This is an extra overflow check, in case uid_t/gid_t are
966 int-sized (and int size smaller than long size). */
969 if((unsigned long)uid != uidgid) {
970 PyErr_SetString(PyExc_OverflowError, "Can't assign given qualifier");
977 if((unsigned long)gid != uidgid) {
978 PyErr_SetString(PyExc_OverflowError, "Can't assign given qualifier");
985 PyErr_SetString(PyExc_TypeError,
986 "Can only set qualifiers on ACL_USER or ACL_GROUP entries");
989 if(acl_set_qualifier(self->entry, p) == -1) {
990 /* LCOV_EXCL_START */
991 PyErr_SetFromErrno(PyExc_IOError);
999 /* Returns the qualifier of the entry */
1000 static PyObject* Entry_get_qualifier(PyObject *obj, void* arg) {
1001 Entry_Object *self = (Entry_Object*) obj;
1002 unsigned long value;
1005 if(get_tag_qualifier(self->entry, &tq) < 0) {
1008 if (tq.tag == ACL_USER) {
1010 } else if (tq.tag == ACL_GROUP) {
1013 PyErr_SetString(PyExc_TypeError,
1014 "Given entry doesn't have an user or"
1018 return PyLong_FromUnsignedLong(value);
1021 /* Returns the parent ACL of the entry */
1022 static PyObject* Entry_get_parent(PyObject *obj, void* arg) {
1023 Entry_Object *self = (Entry_Object*) obj;
1025 Py_INCREF(self->parent_acl);
1026 return self->parent_acl;
1029 /* Returns the a new Permset representing the permset of the entry
1030 * FIXME: Should return a new reference to the same object, which
1031 * should be created at init time!
1033 static PyObject* Entry_get_permset(PyObject *obj, void* arg) {
1036 PyObject *perm_arglist = Py_BuildValue("(O)", obj);
1037 if (perm_arglist == NULL) {
1040 p = PyObject_CallObject((PyObject*)&Permset_Type, perm_arglist);
1041 Py_DECREF(perm_arglist);
1045 /* Sets the permset of the entry to the passed Permset */
1046 static int Entry_set_permset(PyObject* obj, PyObject* value, void* arg) {
1047 Entry_Object *self = (Entry_Object*)obj;
1050 ENTRY_SET_CHECK(self, "permset", value);
1052 if(!PyObject_IsInstance(value, (PyObject*)&Permset_Type)) {
1053 PyErr_SetString(PyExc_TypeError, "argument 1 must be posix1e.Permset");
1056 p = (Permset_Object*)value;
1057 if(acl_set_permset(self->entry, p->permset) == -1) {
1058 /* LCOV_EXCL_START */
1059 PyErr_SetFromErrno(PyExc_IOError);
1061 /* LCOV_EXCL_STOP */
1066 static char __Entry_copy_doc__[] =
1068 "Copies an ACL entry.\n"
1070 "This method sets all the parameters to those of another\n"
1071 "entry (either of the same ACL or belonging to another ACL).\n"
1073 ":param Entry src: instance of type Entry\n"
1076 /* Sets all the entry parameters to another entry */
1077 static PyObject* Entry_copy(PyObject *obj, PyObject *args) {
1078 Entry_Object *self = (Entry_Object*)obj;
1079 Entry_Object *other;
1081 if(!PyArg_ParseTuple(args, "O!", &Entry_Type, &other))
1084 if(acl_copy_entry(self->entry, other->entry) == -1)
1085 return PyErr_SetFromErrno(PyExc_IOError); /* LCOV_EXCL_LINE */
1090 /**** Permset type *****/
1092 /* Creation of a new Permset instance */
1093 static PyObject* Permset_new(PyTypeObject* type, PyObject* args,
1095 PyObject* newpermset;
1096 Permset_Object* permset;
1097 Entry_Object* parent = NULL;
1099 if (!PyArg_ParseTuple(args, "O!", &Entry_Type, &parent)) {
1103 newpermset = PyType_GenericNew(type, args, keywds);
1105 if(newpermset == NULL) {
1109 permset = (Permset_Object*)newpermset;
1111 if(acl_get_permset(parent->entry, &permset->permset) == -1) {
1112 PyErr_SetFromErrno(PyExc_IOError);
1113 Py_DECREF(newpermset);
1117 permset->parent_entry = (PyObject*)parent;
1123 /* Initialization of a new Permset instance */
1124 static int Permset_init(PyObject* obj, PyObject* args, PyObject *keywds) {
1125 Permset_Object* self = (Permset_Object*) obj;
1126 Entry_Object* parent = NULL;
1128 if (!PyArg_ParseTuple(args, "O!", &Entry_Type, &parent))
1131 if ((PyObject*)parent != self->parent_entry) {
1132 PyErr_SetString(PyExc_ValueError,
1133 "Can't reinitialize with a different parent");
1140 /* Free the Permset instance */
1141 static void Permset_dealloc(PyObject* obj) {
1142 Permset_Object *self = (Permset_Object*) obj;
1143 PyObject *err_type, *err_value, *err_traceback;
1144 int have_error = PyErr_Occurred() ? 1 : 0;
1147 PyErr_Fetch(&err_type, &err_value, &err_traceback);
1148 if(self->parent_entry != NULL) {
1149 Py_DECREF(self->parent_entry);
1150 self->parent_entry = NULL;
1153 PyErr_Restore(err_type, err_value, err_traceback);
1157 /* Permset string representation */
1158 static PyObject* Permset_str(PyObject *obj) {
1159 Permset_Object *self = (Permset_Object*) obj;
1162 pstr[0] = get_perm(self->permset, ACL_READ) ? 'r' : '-';
1163 pstr[1] = get_perm(self->permset, ACL_WRITE) ? 'w' : '-';
1164 pstr[2] = get_perm(self->permset, ACL_EXECUTE) ? 'x' : '-';
1165 return PyUnicode_FromStringAndSize(pstr, 3);
1168 static char __Permset_clear_doc__[] =
1169 "Clears all permissions from the permission set.\n"
1172 /* Clears all permissions from the permset */
1173 static PyObject* Permset_clear(PyObject* obj, PyObject* args) {
1174 Permset_Object *self = (Permset_Object*) obj;
1176 if(acl_clear_perms(self->permset) == -1)
1177 return PyErr_SetFromErrno(PyExc_IOError); /* LCOV_EXCL_LINE */
1182 static PyObject* Permset_get_right(PyObject *obj, void* arg) {
1183 Permset_Object *self = (Permset_Object*) obj;
1185 if(get_perm(self->permset, *(acl_perm_t*)arg)) {
1192 static int Permset_set_right(PyObject* obj, PyObject* value, void* arg) {
1193 Permset_Object *self = (Permset_Object*) obj;
1197 if(!PyLong_Check(value)) {
1198 PyErr_SetString(PyExc_ValueError, "invalid argument, an integer"
1202 on = PyLong_AsLong(value);
1204 nerr = acl_add_perm(self->permset, *(acl_perm_t*)arg);
1206 nerr = acl_delete_perm(self->permset, *(acl_perm_t*)arg);
1208 /* LCOV_EXCL_START */
1209 PyErr_SetFromErrno(PyExc_IOError);
1211 /* LCOV_EXCL_STOP */
1216 static char __Permset_add_doc__[] =
1218 "Add a permission to the permission set.\n"
1220 "This function adds the permission contained in \n"
1221 "the argument perm to the permission set. An attempt \n"
1222 "to add a permission that is already contained in the \n"
1223 "permission set is not considered an error.\n"
1225 ":param perm: a permission (:py:data:`ACL_WRITE`, :py:data:`ACL_READ`,\n"
1226 " :py:data:`ACL_EXECUTE`, ...)\n"
1227 ":raises IOError: in case the argument is not a valid descriptor\n"
1230 static PyObject* Permset_add(PyObject* obj, PyObject* args) {
1231 Permset_Object *self = (Permset_Object*) obj;
1234 if (!PyArg_ParseTuple(args, "i", &right))
1237 if(acl_add_perm(self->permset, (acl_perm_t) right) == -1)
1238 return PyErr_SetFromErrno(PyExc_IOError); /* LCOV_EXCL_LINE */
1243 static char __Permset_delete_doc__[] =
1245 "Delete a permission from the permission set.\n"
1247 "This function deletes the permission contained in \n"
1248 "the argument perm from the permission set. An attempt \n"
1249 "to delete a permission that is not contained in the \n"
1250 "permission set is not considered an error.\n"
1252 ":param perm: a permission (:py:data:`ACL_WRITE`, :py:data:`ACL_READ`,\n"
1253 " :py:data:`ACL_EXECUTE`, ...)\n"
1254 ":raises IOError: in case the argument is not a valid descriptor\n"
1257 static PyObject* Permset_delete(PyObject* obj, PyObject* args) {
1258 Permset_Object *self = (Permset_Object*) obj;
1261 if (!PyArg_ParseTuple(args, "i", &right))
1264 if(acl_delete_perm(self->permset, (acl_perm_t) right) == -1)
1265 return PyErr_SetFromErrno(PyExc_IOError); /* LCOV_EXCL_LINE */
1270 static char __Permset_test_doc__[] =
1272 "Test if a permission exists in the permission set.\n"
1274 "The test() function tests if the permission represented by\n"
1275 "the argument perm exists in the permission set.\n"
1277 ":param perm: a permission (:py:data:`ACL_WRITE`, :py:data:`ACL_READ`,\n"
1278 " :py:data:`ACL_EXECUTE`, ...)\n"
1280 ":raises IOError: in case the argument is not a valid descriptor\n"
1283 static PyObject* Permset_test(PyObject* obj, PyObject* args) {
1284 Permset_Object *self = (Permset_Object*) obj;
1288 if (!PyArg_ParseTuple(args, "i", &right))
1291 ret = get_perm(self->permset, (acl_perm_t) right);
1293 return PyErr_SetFromErrno(PyExc_IOError); /* LCOV_EXCL_LINE */
1304 static char __ACL_Type_doc__[] =
1305 "Type which represents a POSIX ACL\n"
1307 ".. note:: only one keyword parameter should be provided\n"
1309 ":param string/bytes/path-like file: creates an ACL representing\n"
1310 " the access ACL of the specified file or directory.\n"
1311 ":param string/bytes/path-like filedef: creates an ACL representing\n"
1312 " the default ACL of the given directory.\n"
1313 ":param int/iostream fd: creates an ACL representing\n"
1314 " the access ACL of the given file descriptor.\n"
1315 ":param string text: creates an ACL from a \n"
1316 " textual description; note the ACL must be valid, which\n"
1317 " means including a mask for extended ACLs, similar to\n"
1318 " ``setfacl --no-mask``\n"
1319 ":param ACL acl: creates a copy of an existing ACL instance.\n"
1320 ":param int mode: creates an ACL from a numeric mode\n"
1321 " (e.g. ``mode=0644``); this is valid only when the C library\n"
1322 " provides the ``acl_from_mode call``, and\n"
1323 " note that no validation is done on the given value.\n"
1324 ":param bytes data: creates an ACL from a serialised form,\n"
1325 " as provided by calling ``__getstate__()`` on an existing ACL\n"
1327 "If no parameters are passed, an empty ACL will be created; this\n"
1328 "makes sense only when your OS supports ACL modification\n"
1329 "(i.e. it implements full POSIX.1e support), otherwise the ACL won't\n"
1333 /* ACL type methods */
1334 static PyMethodDef ACL_methods[] = {
1335 {"applyto", ACL_applyto, METH_VARARGS, __applyto_doc__},
1336 {"valid", ACL_valid, METH_NOARGS, __valid_doc__},
1338 {"to_any_text", (PyCFunction)ACL_to_any_text, METH_VARARGS | METH_KEYWORDS,
1339 __to_any_text_doc__},
1340 {"check", ACL_check, METH_NOARGS, __check_doc__},
1341 {"equiv_mode", ACL_equiv_mode, METH_NOARGS, __equiv_mode_doc__},
1343 #ifdef HAVE_ACL_COPY_EXT
1344 {"__getstate__", ACL_get_state, METH_NOARGS,
1345 "Dumps the ACL to an external format."},
1346 {"__setstate__", ACL_set_state, METH_VARARGS,
1347 "Loads the ACL from an external format."},
1350 {"delete_entry", ACL_delete_entry, METH_VARARGS, __ACL_delete_entry_doc__},
1351 {"calc_mask", ACL_calc_mask, METH_NOARGS, __ACL_calc_mask_doc__},
1352 {"append", ACL_append, METH_VARARGS, __ACL_append_doc__},
1354 {NULL, NULL, 0, NULL}
1358 /* The definition of the ACL Type */
1359 static PyTypeObject ACL_Type = {
1360 PyVarObject_HEAD_INIT(NULL, 0)
1364 ACL_dealloc, /* tp_dealloc */
1368 0, /* formerly tp_compare, in 3.0 deprecated, in
1371 0, /* tp_as_number */
1372 0, /* tp_as_sequence */
1373 0, /* tp_as_mapping */
1376 ACL_str, /* tp_str */
1377 0, /* tp_getattro */
1378 0, /* tp_setattro */
1379 0, /* tp_as_buffer */
1380 Py_TPFLAGS_DEFAULT, /* tp_flags */
1381 __ACL_Type_doc__, /* tp_doc */
1382 0, /* tp_traverse */
1385 ACL_richcompare, /* tp_richcompare */
1387 0, /* tp_richcompare */
1389 0, /* tp_weaklistoffset */
1395 0, /* tp_iternext */
1397 ACL_methods, /* tp_methods */
1402 0, /* tp_descr_get */
1403 0, /* tp_descr_set */
1404 0, /* tp_dictoffset */
1405 ACL_init, /* tp_init */
1407 ACL_new, /* tp_new */
1412 /* Entry type methods */
1413 static PyMethodDef Entry_methods[] = {
1414 {"copy", Entry_copy, METH_VARARGS, __Entry_copy_doc__},
1415 {NULL, NULL, 0, NULL}
1418 static char __Entry_tagtype_doc__[] =
1419 "The tag type of the current entry\n"
1422 " - :py:data:`ACL_UNDEFINED_TAG`\n"
1423 " - :py:data:`ACL_USER_OBJ`\n"
1424 " - :py:data:`ACL_USER`\n"
1425 " - :py:data:`ACL_GROUP_OBJ`\n"
1426 " - :py:data:`ACL_GROUP`\n"
1427 " - :py:data:`ACL_MASK`\n"
1428 " - :py:data:`ACL_OTHER`\n"
1431 static char __Entry_qualifier_doc__[] =
1432 "The qualifier of the current entry\n"
1434 "If the tag type is :py:data:`ACL_USER`, this should be a user id.\n"
1435 "If the tag type if :py:data:`ACL_GROUP`, this should be a group id.\n"
1436 "Else it doesn't matter.\n"
1439 static char __Entry_parent_doc__[] =
1440 "The parent ACL of this entry\n"
1443 static char __Entry_permset_doc__[] =
1444 "The permission set of this ACL entry\n"
1448 static PyGetSetDef Entry_getsets[] = {
1449 {"tag_type", Entry_get_tag_type, Entry_set_tag_type,
1450 __Entry_tagtype_doc__},
1451 {"qualifier", Entry_get_qualifier, Entry_set_qualifier,
1452 __Entry_qualifier_doc__},
1453 {"parent", Entry_get_parent, NULL, __Entry_parent_doc__},
1454 {"permset", Entry_get_permset, Entry_set_permset, __Entry_permset_doc__},
1458 static char __Entry_Type_doc__[] =
1459 "Type which represents an entry in an ACL.\n"
1461 "The type exists only if the OS has full support for POSIX.1e\n"
1462 "Can be created either by:\n"
1464 " >>> e = posix1e.Entry(myACL) # this creates a new entry in the ACL\n"
1465 " >>> e = myACL.append() # another way for doing the same thing\n"
1469 " >>> for entry in myACL:\n"
1470 " ... print entry\n"
1472 "Note that the Entry keeps a reference to its ACL, so even if \n"
1473 "you delete the ACL, it won't be cleaned up and will continue to \n"
1474 "exist until its Entry(ies) will be deleted.\n"
1476 /* The definition of the Entry Type */
1477 static PyTypeObject Entry_Type = {
1478 PyVarObject_HEAD_INIT(NULL, 0)
1480 sizeof(Entry_Object),
1482 Entry_dealloc, /* tp_dealloc */
1488 0, /* tp_as_number */
1489 0, /* tp_as_sequence */
1490 0, /* tp_as_mapping */
1493 Entry_str, /* tp_str */
1494 0, /* tp_getattro */
1495 0, /* tp_setattro */
1496 0, /* tp_as_buffer */
1497 Py_TPFLAGS_DEFAULT, /* tp_flags */
1498 __Entry_Type_doc__, /* tp_doc */
1499 0, /* tp_traverse */
1501 0, /* tp_richcompare */
1502 0, /* tp_weaklistoffset */
1504 0, /* tp_iternext */
1505 Entry_methods, /* tp_methods */
1507 Entry_getsets, /* tp_getset */
1510 0, /* tp_descr_get */
1511 0, /* tp_descr_set */
1512 0, /* tp_dictoffset */
1513 Entry_init, /* tp_init */
1515 Entry_new, /* tp_new */
1518 /* Permset type methods */
1519 static PyMethodDef Permset_methods[] = {
1520 {"clear", Permset_clear, METH_NOARGS, __Permset_clear_doc__, },
1521 {"add", Permset_add, METH_VARARGS, __Permset_add_doc__, },
1522 {"delete", Permset_delete, METH_VARARGS, __Permset_delete_doc__, },
1523 {"test", Permset_test, METH_VARARGS, __Permset_test_doc__, },
1524 {NULL, NULL, 0, NULL}
1527 static char __Permset_execute_doc__[] =
1528 "Execute permission property\n"
1530 "This is a convenience method of retrieving and setting the execute\n"
1531 "permission in the permission set; the \n"
1532 "same effect can be achieved using the functions\n"
1533 "add(), test(), delete(), and those can take any \n"
1534 "permission defined by your platform.\n"
1537 static char __Permset_read_doc__[] =
1538 "Read permission property\n"
1540 "This is a convenience method of retrieving and setting the read\n"
1541 "permission in the permission set; the \n"
1542 "same effect can be achieved using the functions\n"
1543 "add(), test(), delete(), and those can take any \n"
1544 "permission defined by your platform.\n"
1547 static char __Permset_write_doc__[] =
1548 "Write permission property\n"
1550 "This is a convenience method of retrieving and setting the write\n"
1551 "permission in the permission set; the \n"
1552 "same effect can be achieved using the functions\n"
1553 "add(), test(), delete(), and those can take any \n"
1554 "permission defined by your platform.\n"
1557 /* Permset getset */
1558 static PyGetSetDef Permset_getsets[] = {
1559 {"execute", Permset_get_right, Permset_set_right,
1560 __Permset_execute_doc__, &holder_ACL_EXECUTE},
1561 {"read", Permset_get_right, Permset_set_right,
1562 __Permset_read_doc__, &holder_ACL_READ},
1563 {"write", Permset_get_right, Permset_set_right,
1564 __Permset_write_doc__, &holder_ACL_WRITE},
1568 static char __Permset_Type_doc__[] =
1569 "Type which represents the permission set in an ACL entry\n"
1571 "The type exists only if the OS has full support for POSIX.1e\n"
1572 "Can be retrieved either by:\n\n"
1573 ">>> perms = myEntry.permset\n"
1576 ">>> perms = posix1e.Permset(myEntry)\n"
1578 "Note that the Permset keeps a reference to its Entry, so even if \n"
1579 "you delete the entry, it won't be cleaned up and will continue to \n"
1580 "exist until its Permset will be deleted.\n"
1583 /* The definition of the Permset Type */
1584 static PyTypeObject Permset_Type = {
1585 PyVarObject_HEAD_INIT(NULL, 0)
1587 sizeof(Permset_Object),
1589 Permset_dealloc, /* tp_dealloc */
1595 0, /* tp_as_number */
1596 0, /* tp_as_sequence */
1597 0, /* tp_as_mapping */
1600 Permset_str, /* tp_str */
1601 0, /* tp_getattro */
1602 0, /* tp_setattro */
1603 0, /* tp_as_buffer */
1604 Py_TPFLAGS_DEFAULT, /* tp_flags */
1605 __Permset_Type_doc__,/* tp_doc */
1606 0, /* tp_traverse */
1608 0, /* tp_richcompare */
1609 0, /* tp_weaklistoffset */
1611 0, /* tp_iternext */
1612 Permset_methods, /* tp_methods */
1614 Permset_getsets, /* tp_getset */
1617 0, /* tp_descr_get */
1618 0, /* tp_descr_set */
1619 0, /* tp_dictoffset */
1620 Permset_init, /* tp_init */
1622 Permset_new, /* tp_new */
1627 /* Module methods */
1629 static char __deletedef_doc__[] =
1630 "delete_default(path)\n"
1631 "Delete the default ACL from a directory.\n"
1633 "This function deletes the default ACL associated with\n"
1634 "a directory (the ACL which will be ANDed with the mode\n"
1635 "parameter to the open, creat functions).\n"
1637 ":param string path: the directory whose default ACL should be deleted\n"
1640 /* Deletes the default ACL from a directory */
1641 static PyObject* aclmodule_delete_default(PyObject* obj, PyObject* args) {
1644 /* Parse the arguments */
1645 if (!PyArg_ParseTuple(args, "et", NULL, &filename))
1648 if(acl_delete_def_file(filename) == -1) {
1649 return PyErr_SetFromErrnoWithFilename(PyExc_IOError, filename);
1656 static char __has_extended_doc__[] =
1657 "has_extended(item)\n"
1658 "Check if a file or file handle has an extended ACL.\n"
1660 ":param item: either a file name or a file-like object or an integer;\n"
1661 " it represents the file-system object on which to act\n"
1664 /* Check for extended ACL a file or fd */
1665 static PyObject* aclmodule_has_extended(PyObject* obj, PyObject* args) {
1666 PyObject *item, *tmp;
1670 if (!PyArg_ParseTuple(args, "O", &item))
1673 if((fd = PyObject_AsFileDescriptor(item)) != -1) {
1674 if((nret = acl_extended_fd(fd)) == -1) {
1675 PyErr_SetFromErrno(PyExc_IOError);
1678 // PyObject_AsFileDescriptor sets an error when failing, so clear
1679 // it such that further code works; some method lookups fail if an
1680 // error already occured when called, which breaks at least
1681 // PyOS_FSPath (called by FSConverter).
1683 if(PyUnicode_FSConverter(item, &tmp)) {
1684 char *filename = PyBytes_AS_STRING(tmp);
1685 if ((nret = acl_extended_file(filename)) == -1) {
1686 PyErr_SetFromErrnoWithFilename(PyExc_IOError, filename);
1697 return PyBool_FromLong(nret);
1702 /* The module methods */
1703 static PyMethodDef aclmodule_methods[] = {
1704 {"delete_default", aclmodule_delete_default, METH_VARARGS,
1707 {"has_extended", aclmodule_has_extended, METH_VARARGS,
1708 __has_extended_doc__},
1710 {NULL, NULL, 0, NULL}
1713 static char __posix1e_doc__[] =
1714 "POSIX.1e ACLs manipulation\n"
1715 "==========================\n"
1717 "This module provides support for manipulating POSIX.1e ACLS\n"
1719 "Depending on the operating system support for POSIX.1e, \n"
1720 "the ACL type will have more or less capabilities:\n\n"
1721 " - level 1, only basic support, you can create\n"
1722 " ACLs from files and text descriptions;\n"
1723 " once created, the type is immutable\n"
1724 " - level 2, complete support, you can alter\n"
1725 " the ACL once it is created\n"
1727 "Also, in level 2, more types are available, corresponding\n"
1728 "to acl_entry_t (the Entry type), acl_permset_t (the Permset type).\n"
1730 "The existence of level 2 support and other extensions can be\n"
1731 "checked by the constants:\n\n"
1732 " - :py:data:`HAS_ACL_ENTRY` for level 2 and the Entry/Permset classes\n"
1733 " - :py:data:`HAS_ACL_FROM_MODE` for ``ACL(mode=...)`` usage\n"
1734 " - :py:data:`HAS_ACL_CHECK` for the :py:func:`ACL.check` function\n"
1735 " - :py:data:`HAS_EXTENDED_CHECK` for the module-level\n"
1736 " :py:func:`has_extended` function\n"
1737 " - :py:data:`HAS_EQUIV_MODE` for the :py:func:`ACL.equiv_mode` method\n"
1738 " - :py:data:`HAS_COPY_EXT` for the :py:func:`ACL.__getstate__` and\n"
1739 " :py:func:`ACL.__setstate__` functions (pickle protocol)\n"
1743 ">>> import posix1e\n"
1744 ">>> acl1 = posix1e.ACL(file=\"file.txt\") \n"
1750 ">>> b = posix1e.ACL(text=\"u::rx,g::-,o::-\")\n"
1756 ">>> b.applyto(\"file.txt\")\n"
1757 ">>> print posix1e.ACL(file=\"file.txt\")\n"
1763 ".. py:data:: ACL_USER\n\n"
1764 " Denotes a specific user entry in an ACL.\n"
1766 ".. py:data:: ACL_USER_OBJ\n\n"
1767 " Denotes the user owner entry in an ACL.\n"
1769 ".. py:data:: ACL_GROUP\n\n"
1770 " Denotes the a group entry in an ACL.\n"
1772 ".. py:data:: ACL_GROUP_OBJ\n\n"
1773 " Denotes the group owner entry in an ACL.\n"
1775 ".. py:data:: ACL_OTHER\n\n"
1776 " Denotes the 'others' entry in an ACL.\n"
1778 ".. py:data:: ACL_MASK\n\n"
1779 " Denotes the mask entry in an ACL, representing the maximum\n"
1780 " access granted other users, the owner group and other groups.\n"
1782 ".. py:data:: ACL_UNDEFINED_TAG\n\n"
1783 " An undefined tag in an ACL.\n"
1785 ".. py:data:: ACL_READ\n\n"
1786 " Read permission in a permission set.\n"
1788 ".. py:data:: ACL_WRITE\n\n"
1789 " Write permission in a permission set.\n"
1791 ".. py:data:: ACL_EXECUTE\n\n"
1792 " Execute permission in a permission set.\n"
1794 ".. py:data:: HAS_ACL_ENTRY\n\n"
1795 " denotes support for level 2 and the Entry/Permset classes\n"
1797 ".. py:data:: HAS_ACL_FROM_MODE\n\n"
1798 " denotes support for building an ACL from an octal mode\n"
1800 ".. py:data:: HAS_ACL_CHECK\n\n"
1801 " denotes support for extended checks of an ACL's validity\n"
1803 ".. py:data:: HAS_EXTENDED_CHECK\n\n"
1804 " denotes support for checking whether an ACL is basic or extended\n"
1806 ".. py:data:: HAS_EQUIV_MODE\n\n"
1807 " denotes support for the equiv_mode function\n"
1809 ".. py:data:: HAS_COPY_EXT\n\n"
1810 " denotes support for __getstate__()/__setstate__() on an ACL\n"
1814 static struct PyModuleDef posix1emodule = {
1815 PyModuleDef_HEAD_INIT,
1823 PyInit_posix1e(void)
1827 if(PyType_Ready(&ACL_Type) < 0)
1831 if(PyType_Ready(&Entry_Type) < 0)
1834 if(PyType_Ready(&Permset_Type) < 0)
1838 m = PyModule_Create(&posix1emodule);
1842 d = PyModule_GetDict(m);
1846 Py_INCREF(&ACL_Type);
1847 if (PyDict_SetItemString(d, "ACL",
1848 (PyObject *) &ACL_Type) < 0)
1851 /* 23.3.6 acl_type_t values */
1852 PyModule_AddIntConstant(m, "ACL_TYPE_ACCESS", ACL_TYPE_ACCESS);
1853 PyModule_AddIntConstant(m, "ACL_TYPE_DEFAULT", ACL_TYPE_DEFAULT);
1857 Py_INCREF(&Entry_Type);
1858 if (PyDict_SetItemString(d, "Entry",
1859 (PyObject *) &Entry_Type) < 0)
1862 Py_INCREF(&Permset_Type);
1863 if (PyDict_SetItemString(d, "Permset",
1864 (PyObject *) &Permset_Type) < 0)
1867 /* 23.2.2 acl_perm_t values */
1868 PyModule_AddIntConstant(m, "ACL_READ", ACL_READ);
1869 PyModule_AddIntConstant(m, "ACL_WRITE", ACL_WRITE);
1870 PyModule_AddIntConstant(m, "ACL_EXECUTE", ACL_EXECUTE);
1872 /* 23.2.5 acl_tag_t values */
1873 PyModule_AddIntConstant(m, "ACL_UNDEFINED_TAG", ACL_UNDEFINED_TAG);
1874 PyModule_AddIntConstant(m, "ACL_USER_OBJ", ACL_USER_OBJ);
1875 PyModule_AddIntConstant(m, "ACL_USER", ACL_USER);
1876 PyModule_AddIntConstant(m, "ACL_GROUP_OBJ", ACL_GROUP_OBJ);
1877 PyModule_AddIntConstant(m, "ACL_GROUP", ACL_GROUP);
1878 PyModule_AddIntConstant(m, "ACL_MASK", ACL_MASK);
1879 PyModule_AddIntConstant(m, "ACL_OTHER", ACL_OTHER);
1881 /* Document extended functionality via easy-to-use constants */
1882 PyModule_AddIntConstant(m, "HAS_ACL_ENTRY", 1);
1884 PyModule_AddIntConstant(m, "HAS_ACL_ENTRY", 0);
1888 /* Linux libacl specific acl_to_any_text constants */
1889 PyModule_AddIntConstant(m, "TEXT_ABBREVIATE", TEXT_ABBREVIATE);
1890 PyModule_AddIntConstant(m, "TEXT_NUMERIC_IDS", TEXT_NUMERIC_IDS);
1891 PyModule_AddIntConstant(m, "TEXT_SOME_EFFECTIVE", TEXT_SOME_EFFECTIVE);
1892 PyModule_AddIntConstant(m, "TEXT_ALL_EFFECTIVE", TEXT_ALL_EFFECTIVE);
1893 PyModule_AddIntConstant(m, "TEXT_SMART_INDENT", TEXT_SMART_INDENT);
1895 /* Linux libacl specific acl_check constants */
1896 PyModule_AddIntConstant(m, "ACL_MULTI_ERROR", ACL_MULTI_ERROR);
1897 PyModule_AddIntConstant(m, "ACL_DUPLICATE_ERROR", ACL_DUPLICATE_ERROR);
1898 PyModule_AddIntConstant(m, "ACL_MISS_ERROR", ACL_MISS_ERROR);
1899 PyModule_AddIntConstant(m, "ACL_ENTRY_ERROR", ACL_ENTRY_ERROR);
1901 #define LINUX_EXT_VAL 1
1903 #define LINUX_EXT_VAL 0
1905 /* declare the Linux extensions */
1906 PyModule_AddIntConstant(m, "HAS_ACL_FROM_MODE", LINUX_EXT_VAL);
1907 PyModule_AddIntConstant(m, "HAS_ACL_CHECK", LINUX_EXT_VAL);
1908 PyModule_AddIntConstant(m, "HAS_EXTENDED_CHECK", LINUX_EXT_VAL);
1909 PyModule_AddIntConstant(m, "HAS_EQUIV_MODE", LINUX_EXT_VAL);
1911 PyModule_AddIntConstant(m, "HAS_COPY_EXT",
1912 #ifdef HAVE_ACL_COPY_EXT