2 posix1e - a python module exposing the posix acl functions
4 Copyright (C) 2002-2009, 2012, 2014, 2015 Iustin Pop <iustin@k1024.org>
6 This library is free software; you can redistribute it and/or
7 modify it under the terms of the GNU Lesser General Public
8 License as published by the Free Software Foundation; either
9 version 2.1 of the License, or (at your option) any later version.
11 This library is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 Lesser General Public License for more details.
16 You should have received a copy of the GNU Lesser General Public
17 License along with this library; if not, write to the Free Software
18 Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
25 #include <sys/types.h>
29 #include <acl/libacl.h>
30 #define get_perm acl_get_perm
32 #define get_perm acl_get_perm_np
35 /* Used for cpychecker: */
36 /* The checker automatically defines this preprocessor name when creating
37 the custom attribute: */
38 #if defined(WITH_CPYCHECKER_TYPE_OBJECT_FOR_TYPEDEF_ATTRIBUTE)
39 #define CPYCHECKER_TYPE_OBJECT_FOR_TYPEDEF(typename) \
40 __attribute__((cpychecker_type_object_for_typedef(typename)))
42 /* This handles the case where we're compiling with a "vanilla"
43 compiler that doesn't supply this attribute: */
44 #define CPYCHECKER_TYPE_OBJECT_FOR_TYPEDEF(typename)
47 /* The checker automatically defines this preprocessor name when creating
48 the custom attribute: */
49 #if defined(WITH_CPYCHECKER_NEGATIVE_RESULT_SETS_EXCEPTION_ATTRIBUTE)
50 #define CPYCHECKER_NEGATIVE_RESULT_SETS_EXCEPTION \
51 __attribute__((cpychecker_negative_result_sets_exception))
53 #define CPYCHECKER_NEGATIVE_RESULT_SETS_EXCEPTION
56 static PyTypeObject ACL_Type
57 CPYCHECKER_TYPE_OBJECT_FOR_TYPEDEF("ACL_Object");
58 static PyObject* ACL_applyto(PyObject* obj, PyObject* args);
59 static PyObject* ACL_valid(PyObject* obj, PyObject* args);
61 #ifdef HAVE_ACL_COPY_EXT
62 static PyObject* ACL_get_state(PyObject *obj, PyObject* args);
63 static PyObject* ACL_set_state(PyObject *obj, PyObject* args);
67 static PyTypeObject Entry_Type
68 CPYCHECKER_TYPE_OBJECT_FOR_TYPEDEF("Entry_Object");
69 static PyTypeObject Permset_Type
70 CPYCHECKER_TYPE_OBJECT_FOR_TYPEDEF("Permset_Object");
71 static PyObject* Permset_new(PyTypeObject* type, PyObject* args,
75 static acl_perm_t holder_ACL_EXECUTE = ACL_EXECUTE;
76 static acl_perm_t holder_ACL_READ = ACL_READ;
77 static acl_perm_t holder_ACL_WRITE = ACL_WRITE;
91 PyObject *parent_acl; /* The parent acl, so it won't run out on us */
97 PyObject *parent_entry; /* The parent entry, so it won't run out on us */
98 acl_permset_t permset;
103 /* Creation of a new ACL instance */
104 static PyObject* ACL_new(PyTypeObject* type, PyObject* args,
109 newacl = type->tp_alloc(type, 0);
114 acl = (ACL_Object*) newacl;
116 acl->acl = acl_init(0);
117 if (acl->acl == NULL) {
118 PyErr_SetFromErrno(PyExc_IOError);
123 acl->entry_id = ACL_FIRST_ENTRY;
129 /* Initialization of a new ACL instance */
130 static int ACL_init(PyObject* obj, PyObject* args, PyObject *keywds) {
131 ACL_Object* self = (ACL_Object*) obj;
133 static char *kwlist[] = { "file", "fd", "text", "acl", "filedef",
135 char *format = "|O&OsO!O&i";
138 static char *kwlist[] = { "file", "fd", "text", "acl", "filedef", NULL };
139 char *format = "|O&OsO!O&";
141 PyObject *file = NULL;
142 PyObject *filedef = NULL;
145 ACL_Object* thesrc = NULL;
147 if(!PyTuple_Check(args) || PyTuple_Size(args) != 0 ||
148 (keywds != NULL && PyDict_Check(keywds) && PyDict_Size(keywds) > 1)) {
149 PyErr_SetString(PyExc_ValueError, "a max of one keyword argument"
153 if(!PyArg_ParseTupleAndKeywords(args, keywds, format, kwlist,
154 PyUnicode_FSConverter, &file,
155 &fd, &text, &ACL_Type, &thesrc,
156 PyUnicode_FSConverter, &filedef
163 /* Free the old acl_t without checking for error, we don't
165 if(self->acl != NULL)
169 fprintf(stderr, "foobar!\n");
170 char *path = PyBytes_AS_STRING(file);
171 self->acl = acl_get_file(path, ACL_TYPE_ACCESS);
173 } else if(text != NULL)
174 self->acl = acl_from_text(text);
175 else if(fd != NULL) {
177 if ((fdval = PyObject_AsFileDescriptor(fd)) != -1) {
178 self->acl = acl_get_fd(fdval);
183 else if(thesrc != NULL)
184 self->acl = acl_dup(thesrc->acl);
185 else if(filedef != NULL) {
186 char *path = PyBytes_AS_STRING(filedef);
187 self->acl = acl_get_file(path, ACL_TYPE_DEFAULT);
192 self->acl = acl_from_mode(mode);
195 self->acl = acl_init(0);
197 if(self->acl == NULL) {
198 PyErr_SetFromErrno(PyExc_IOError);
205 /* Standard type functions */
206 static void ACL_dealloc(PyObject* obj) {
207 ACL_Object *self = (ACL_Object*) obj;
208 PyObject *err_type, *err_value, *err_traceback;
209 int have_error = PyErr_Occurred() ? 1 : 0;
212 PyErr_Fetch(&err_type, &err_value, &err_traceback);
213 if(self->acl != NULL && acl_free(self->acl) != 0)
214 PyErr_WriteUnraisable(obj);
216 PyErr_Restore(err_type, err_value, err_traceback);
220 /* Converts the acl to a text format */
221 static PyObject* ACL_str(PyObject *obj) {
223 ACL_Object *self = (ACL_Object*) obj;
226 text = acl_to_text(self->acl, NULL);
228 return PyErr_SetFromErrno(PyExc_IOError);
230 ret = PyUnicode_FromString(text);
231 if(acl_free(text) != 0) {
233 return PyErr_SetFromErrno(PyExc_IOError);
239 static char __to_any_text_doc__[] =
240 "to_any_text([prefix='', separator='n', options=0])\n"
241 "Convert the ACL to a custom text format.\n"
243 "This method encapsulates the ``acl_to_any_text()`` function.\n"
244 "It allows a customized text format to be generated for the ACL. See\n"
245 ":manpage:`acl_to_any_text(3)` for more details.\n"
247 ":param string prefix: if given, this string will be pre-pended to\n"
249 ":param string separator: a single character (defaults to '\\n'); this will"
250 " be used to separate the entries in the ACL\n"
251 ":param options: a bitwise combination of:\n\n"
252 " - :py:data:`TEXT_ABBREVIATE`: use 'u' instead of 'user', 'g' \n"
253 " instead of 'group', etc.\n"
254 " - :py:data:`TEXT_NUMERIC_IDS`: User and group IDs are included as\n"
255 " decimal numbers instead of names\n"
256 " - :py:data:`TEXT_SOME_EFFECTIVE`: Include comments denoting the\n"
257 " effective permissions when some are masked\n"
258 " - :py:data:`TEXT_ALL_EFFECTIVE`: Include comments after all ACL\n"
259 " entries affected by an ACL_MASK entry\n"
260 " - :py:data:`TEXT_SMART_INDENT`: Used in combination with the\n"
261 " _EFFECTIVE options, this will ensure that comments are aligned\n"
262 " to the fourth tab position (assuming one tab equals eight spaces)\n"
266 /* Converts the acl to a custom text format */
267 static PyObject* ACL_to_any_text(PyObject *obj, PyObject *args,
270 ACL_Object *self = (ACL_Object*) obj;
272 const char *arg_prefix = NULL;
273 char arg_separator = '\n';
275 static char *kwlist[] = {"prefix", "separator", "options", NULL};
277 if (!PyArg_ParseTupleAndKeywords(args, kwds, "|sci", kwlist, &arg_prefix,
278 &arg_separator, &arg_options))
281 text = acl_to_any_text(self->acl, arg_prefix, arg_separator, arg_options);
283 return PyErr_SetFromErrno(PyExc_IOError);
285 ret = PyBytes_FromString(text);
286 if(acl_free(text) != 0) {
288 return PyErr_SetFromErrno(PyExc_IOError);
293 static char __check_doc__[] =
294 "Check the ACL validity.\n"
296 "This is a non-portable, Linux specific extension that allow more\n"
297 "information to be retrieved in case an ACL is not valid than via the\n"
298 ":py:func:`valid` method.\n"
300 "This method will return either False (the ACL is valid), or a tuple\n"
301 "with two elements. The first element is one of the following\n"
303 " - :py:data:`ACL_MULTI_ERROR`: The ACL contains multiple entries that\n"
304 " have a tag type that may occur at most once\n"
305 " - :py:data:`ACL_DUPLICATE_ERROR`: The ACL contains multiple \n"
306 " :py:data:`ACL_USER` or :py:data:`ACL_GROUP` entries with the\n"
308 " - :py:data:`ACL_MISS_ERROR`: A required entry is missing\n"
309 " - :py:data:`ACL_ENTRY_ERROR`: The ACL contains an invalid entry\n"
312 "The second element of the tuple is the index of the entry that is\n"
313 "invalid (in the same order as by iterating over the ACL entry)\n"
316 /* The acl_check method */
317 static PyObject* ACL_check(PyObject* obj, PyObject* args) {
318 ACL_Object *self = (ACL_Object*) obj;
322 if((result = acl_check(self->acl, &eindex)) == -1)
323 return PyErr_SetFromErrno(PyExc_IOError);
327 return Py_BuildValue("(ii)", result, eindex);
330 /* Implementation of the rich compare for ACLs */
331 static PyObject* ACL_richcompare(PyObject* o1, PyObject* o2, int op) {
332 ACL_Object *acl1, *acl2;
336 if(!PyObject_IsInstance(o2, (PyObject*)&ACL_Type)) {
341 PyErr_SetString(PyExc_TypeError, "can only compare to an ACL");
345 acl1 = (ACL_Object*)o1;
346 acl2 = (ACL_Object*)o2;
347 if((n=acl_cmp(acl1->acl, acl2->acl))==-1)
348 return PyErr_SetFromErrno(PyExc_IOError);
351 ret = n == 0 ? Py_True : Py_False;
354 ret = n == 1 ? Py_True : Py_False;
357 PyErr_SetString(PyExc_TypeError, "ACLs are not orderable");
364 static char __equiv_mode_doc__[] =
365 "Return the octal mode the ACL is equivalent to.\n"
367 "This is a non-portable, Linux specific extension that checks\n"
368 "if the ACL is a basic ACL and returns the corresponding mode.\n"
371 ":raise IOError: An IOerror exception will be raised if the ACL is\n"
372 " an extended ACL.\n"
375 /* The acl_equiv_mode method */
376 static PyObject* ACL_equiv_mode(PyObject* obj, PyObject* args) {
377 ACL_Object *self = (ACL_Object*) obj;
380 if(acl_equiv_mode(self->acl, &mode) == -1)
381 return PyErr_SetFromErrno(PyExc_IOError);
382 return PyLong_FromLong(mode);
387 static char __applyto_doc__[] =
388 "applyto(item[, flag=ACL_TYPE_ACCESS])\n"
389 "Apply the ACL to a file or filehandle.\n"
391 ":param item: either a filename or a file-like object or an integer;\n"
392 " this represents the filesystem object on which to act\n"
393 ":param flag: optional flag representing the type of ACL to set, either\n"
394 " :py:data:`ACL_TYPE_ACCESS` (default) or :py:data:`ACL_TYPE_DEFAULT`\n"
397 /* Applies the ACL to a file */
398 static PyObject* ACL_applyto(PyObject* obj, PyObject* args) {
399 ACL_Object *self = (ACL_Object*) obj;
400 PyObject *target, *tmp;
401 acl_type_t type = ACL_TYPE_ACCESS;
405 if (!PyArg_ParseTuple(args, "O|I", &target, &type))
407 if ((fd = PyObject_AsFileDescriptor(target)) != -1) {
408 if((nret = acl_set_fd(fd, self->acl)) == -1) {
409 PyErr_SetFromErrno(PyExc_IOError);
412 // PyObject_AsFileDescriptor sets an error when failing, so clear
413 // it such that further code works; some method lookups fail if an
414 // error already occured when called, which breaks at least
415 // PyOS_FSPath (called by FSConverter).
417 if(PyUnicode_FSConverter(target, &tmp)) {
418 char *filename = PyBytes_AS_STRING(tmp);
419 if ((nret = acl_set_file(filename, type, self->acl)) == -1) {
420 PyErr_SetFromErrnoWithFilename(PyExc_IOError, filename);
434 static char __valid_doc__[] =
435 "Test the ACL for validity.\n"
437 "This method tests the ACL to see if it is a valid ACL\n"
438 "in terms of the file-system. More precisely, it checks that:\n"
440 "The ACL contains exactly one entry with each of the\n"
441 ":py:data:`ACL_USER_OBJ`, :py:data:`ACL_GROUP_OBJ`, and \n"
442 ":py:data:`ACL_OTHER` tag types. Entries\n"
443 "with :py:data:`ACL_USER` and :py:data:`ACL_GROUP` tag types may\n"
444 "appear zero or more\n"
445 "times in an ACL. An ACL that contains entries of :py:data:`ACL_USER` or\n"
446 ":py:data:`ACL_GROUP` tag types must contain exactly one entry of the \n"
447 ":py:data:`ACL_MASK` tag type. If an ACL contains no entries of\n"
448 ":py:data:`ACL_USER` or :py:data:`ACL_GROUP` tag types, the\n"
449 ":py:data:`ACL_MASK` entry is optional.\n"
451 "All user ID qualifiers must be unique among all entries of\n"
452 "the :py:data:`ACL_USER` tag type, and all group IDs must be unique\n"
453 "among all entries of :py:data:`ACL_GROUP` tag type.\n"
455 "The method will return 1 for a valid ACL and 0 for an invalid one.\n"
456 "This has been chosen because the specification for\n"
457 ":manpage:`acl_valid(3)`\n"
458 "in the POSIX.1e standard documents only one possible value for errno\n"
459 "in case of an invalid ACL, so we can't differentiate between\n"
460 "classes of errors. Other suggestions are welcome.\n"
466 /* Checks the ACL for validity */
467 static PyObject* ACL_valid(PyObject* obj, PyObject* args) {
468 ACL_Object *self = (ACL_Object*) obj;
470 if(acl_valid(self->acl) == -1) {
477 #ifdef HAVE_ACL_COPY_EXT
478 static PyObject* ACL_get_state(PyObject *obj, PyObject* args) {
479 ACL_Object *self = (ACL_Object*) obj;
484 size = acl_size(self->acl);
486 return PyErr_SetFromErrno(PyExc_IOError);
488 if((ret = PyBytes_FromStringAndSize(NULL, size)) == NULL)
490 buf = PyBytes_AsString(ret);
492 if((nsize = acl_copy_ext(buf, self->acl, size)) == -1) {
494 return PyErr_SetFromErrno(PyExc_IOError);
500 static PyObject* ACL_set_state(PyObject *obj, PyObject* args) {
501 ACL_Object *self = (ACL_Object*) obj;
506 /* Parse the argument */
507 if (!PyArg_ParseTuple(args, "s#", &buf, &bufsize))
510 /* Try to import the external representation */
511 if((ptr = acl_copy_int(buf)) == NULL)
512 return PyErr_SetFromErrno(PyExc_IOError);
514 /* Free the old acl. Should we ignore errors here? */
515 if(self->acl != NULL) {
516 if(acl_free(self->acl) == -1)
517 return PyErr_SetFromErrno(PyExc_IOError);
528 /* tp_iter for the ACL type; since it can be iterated only
529 * destructively, the type is its iterator
531 static PyObject* ACL_iter(PyObject *obj) {
532 ACL_Object *self = (ACL_Object*)obj;
533 self->entry_id = ACL_FIRST_ENTRY;
538 /* the tp_iternext function for the ACL type */
539 static PyObject* ACL_iternext(PyObject *obj) {
540 ACL_Object *self = (ACL_Object*)obj;
541 acl_entry_t the_entry_t;
542 Entry_Object *the_entry_obj;
545 nerr = acl_get_entry(self->acl, self->entry_id, &the_entry_t);
546 self->entry_id = ACL_NEXT_ENTRY;
548 return PyErr_SetFromErrno(PyExc_IOError);
550 /* Docs says this is not needed */
551 /*PyErr_SetObject(PyExc_StopIteration, Py_None);*/
555 the_entry_obj = (Entry_Object*) PyType_GenericNew(&Entry_Type, NULL, NULL);
556 if(the_entry_obj == NULL)
559 the_entry_obj->entry = the_entry_t;
561 the_entry_obj->parent_acl = obj;
562 Py_INCREF(obj); /* For the reference we have in entry->parent */
564 return (PyObject*)the_entry_obj;
567 static char __ACL_delete_entry_doc__[] =
568 "delete_entry(entry)\n"
569 "Deletes an entry from the ACL.\n"
571 ".. note:: Only available with level 2.\n"
573 ":param entry: the Entry object which should be deleted; note that after\n"
574 " this function is called, that object is unusable any longer\n"
575 " and should be deleted\n"
578 /* Deletes an entry from the ACL */
579 static PyObject* ACL_delete_entry(PyObject *obj, PyObject *args) {
580 ACL_Object *self = (ACL_Object*)obj;
583 if (!PyArg_ParseTuple(args, "O!", &Entry_Type, &e))
586 if (e->parent_acl != obj) {
587 PyErr_SetString(PyExc_ValueError,
588 "Can't remove un-owned entry");
591 if(acl_delete_entry(self->acl, e->entry) == -1)
592 return PyErr_SetFromErrno(PyExc_IOError);
597 static char __ACL_calc_mask_doc__[] =
598 "Compute the file group class mask.\n"
600 "The calc_mask() method calculates and sets the permissions \n"
601 "associated with the :py:data:`ACL_MASK` Entry of the ACL.\n"
602 "The value of the new permissions is the union of the permissions \n"
603 "granted by all entries of tag type :py:data:`ACL_GROUP`, \n"
604 ":py:data:`ACL_GROUP_OBJ`, or \n"
605 ":py:data:`ACL_USER`. If the ACL already contains an :py:data:`ACL_MASK`\n"
607 "permissions are overwritten; if it does not contain an \n"
608 ":py:data:`ACL_MASK` Entry, one is added.\n"
610 "The order of existing entries in the ACL is undefined after this \n"
614 /* Updates the mask entry in the ACL */
615 static PyObject* ACL_calc_mask(PyObject *obj, PyObject *args) {
616 ACL_Object *self = (ACL_Object*)obj;
618 if(acl_calc_mask(&self->acl) == -1)
619 return PyErr_SetFromErrno(PyExc_IOError);
624 static char __ACL_append_doc__[] =
626 "Append a new Entry to the ACL and return it.\n"
628 "This is a convenience function to create a new Entry \n"
629 "and append it to the ACL.\n"
630 "If a parameter of type Entry instance is given, the \n"
631 "entry will be a copy of that one (as if copied with \n"
632 ":py:func:`Entry.copy`), otherwise, the new entry will be empty.\n"
634 ":rtype: :py:class:`Entry`\n"
635 ":returns: the newly created entry\n"
638 /* Convenience method to create a new Entry */
639 static PyObject* ACL_append(PyObject *obj, PyObject *args) {
640 Entry_Object* newentry;
641 Entry_Object* oldentry = NULL;
644 if (!PyArg_ParseTuple(args, "|O!", &Entry_Type, &oldentry)) {
648 PyObject *new_arglist = Py_BuildValue("(O)", obj);
649 if (new_arglist == NULL) {
652 newentry = (Entry_Object*) PyObject_CallObject((PyObject*)&Entry_Type, new_arglist);
653 Py_DECREF(new_arglist);
654 if(newentry == NULL) {
658 if(oldentry != NULL) {
659 nret = acl_copy_entry(newentry->entry, oldentry->entry);
662 return PyErr_SetFromErrno(PyExc_IOError);
666 return (PyObject*)newentry;
669 /***** Entry type *****/
679 /* Pre-declaring the function is more friendly to cpychecker, sigh. */
680 static int get_tag_qualifier(acl_entry_t entry, tag_qual *tq)
681 CPYCHECKER_NEGATIVE_RESULT_SETS_EXCEPTION;
683 /* Helper function to get the tag and qualifier of an Entry at the
684 same time. This is "needed" because the acl_get_qualifier function
685 returns a pointer to different types, based on the tag value, and
686 thus it's not straightforward to get the right type.
688 It sets a Python exception if an error occurs, and returns -1 in
689 this case. If successful, the tag is set to the tag type, the
690 qualifier (if any) to either the uid or the gid entry in the
691 tag_qual structure, and the return value is 0.
693 static int get_tag_qualifier(acl_entry_t entry, tag_qual *tq) {
696 if(acl_get_tag_type(entry, &tq->tag) == -1) {
697 PyErr_SetFromErrno(PyExc_IOError);
700 if (tq->tag == ACL_USER || tq->tag == ACL_GROUP) {
701 if((p = acl_get_qualifier(entry)) == NULL) {
702 PyErr_SetFromErrno(PyExc_IOError);
705 if (tq->tag == ACL_USER) {
706 tq->uid = *(uid_t*)p;
708 tq->gid = *(gid_t*)p;
715 #define ENTRY_SET_CHECK(self, attr, value) \
716 if (value == NULL) { \
717 PyErr_SetString(PyExc_TypeError, \
718 attr " deletion is not supported"); \
722 /* Creation of a new Entry instance */
723 static PyObject* Entry_new(PyTypeObject* type, PyObject* args,
727 ACL_Object* parent = NULL;
729 if (!PyArg_ParseTuple(args, "O!", &ACL_Type, &parent))
732 newentry = PyType_GenericNew(type, args, keywds);
734 if(newentry == NULL) {
738 entry = (Entry_Object*)newentry;
740 if(acl_create_entry(&parent->acl, &entry->entry) == -1) {
741 PyErr_SetFromErrno(PyExc_IOError);
746 entry->parent_acl = (PyObject*)parent;
750 /* Initialization of a new Entry instance */
751 static int Entry_init(PyObject* obj, PyObject* args, PyObject *keywds) {
752 Entry_Object* self = (Entry_Object*) obj;
753 ACL_Object* parent = NULL;
755 if (!PyArg_ParseTuple(args, "O!", &ACL_Type, &parent))
758 if ((PyObject*)parent != self->parent_acl) {
759 PyErr_SetString(PyExc_ValueError,
760 "Can't reinitialize with a different parent");
766 /* Free the Entry instance */
767 static void Entry_dealloc(PyObject* obj) {
768 Entry_Object *self = (Entry_Object*) obj;
769 PyObject *err_type, *err_value, *err_traceback;
770 int have_error = PyErr_Occurred() ? 1 : 0;
773 PyErr_Fetch(&err_type, &err_value, &err_traceback);
774 if(self->parent_acl != NULL) {
775 Py_DECREF(self->parent_acl);
776 self->parent_acl = NULL;
779 PyErr_Restore(err_type, err_value, err_traceback);
783 /* Converts the entry to a text format */
784 static PyObject* Entry_str(PyObject *obj) {
785 PyObject *format, *kind;
786 Entry_Object *self = (Entry_Object*) obj;
789 if(get_tag_qualifier(self->entry, &tq) < 0) {
793 format = PyUnicode_FromString("ACL entry for ");
797 case ACL_UNDEFINED_TAG:
798 kind = PyUnicode_FromString("undefined type");
801 kind = PyUnicode_FromString("the owner");
804 kind = PyUnicode_FromString("the group");
807 kind = PyUnicode_FromString("the others");
810 /* FIXME: here and in the group case, we're formatting with
811 unsigned, because there's no way to automatically determine
812 the signed-ness of the types; on Linux(glibc) they're
813 unsigned, so we'll go along with that */
814 kind = PyUnicode_FromFormat("user with uid %u", tq.uid);
817 kind = PyUnicode_FromFormat("group with gid %u", tq.gid);
820 kind = PyUnicode_FromString("the mask");
823 kind = PyUnicode_FromString("UNKNOWN_TAG_TYPE!");
830 PyObject *ret = PyUnicode_Concat(format, kind);
836 /* Sets the tag type of the entry */
837 static int Entry_set_tag_type(PyObject* obj, PyObject* value, void* arg) {
838 Entry_Object *self = (Entry_Object*) obj;
840 ENTRY_SET_CHECK(self, "tag type", value);
842 if(!PyLong_Check(value)) {
843 PyErr_SetString(PyExc_TypeError,
844 "tag type must be integer");
847 if(acl_set_tag_type(self->entry, (acl_tag_t)PyLong_AsLong(value)) == -1) {
848 PyErr_SetFromErrno(PyExc_IOError);
855 /* Returns the tag type of the entry */
856 static PyObject* Entry_get_tag_type(PyObject *obj, void* arg) {
857 Entry_Object *self = (Entry_Object*) obj;
860 if(acl_get_tag_type(self->entry, &value) == -1) {
861 PyErr_SetFromErrno(PyExc_IOError);
865 return PyLong_FromLong(value);
868 /* Sets the qualifier (either uid_t or gid_t) for the entry,
869 * usable only if the tag type if ACL_USER or ACL_GROUP
871 static int Entry_set_qualifier(PyObject* obj, PyObject* value, void* arg) {
872 Entry_Object *self = (Entry_Object*) obj;
879 ENTRY_SET_CHECK(self, "qualifier", value);
881 if(!PyLong_Check(value)) {
882 PyErr_SetString(PyExc_TypeError,
883 "qualifier must be integer");
886 if((uidgid = PyLong_AsLong(value)) == -1) {
887 if(PyErr_Occurred() != NULL) {
891 /* Due to how acl_set_qualifier takes its argument, we have to do
892 this ugly dance with two variables and a pointer that will
893 point to one of them. */
894 if(acl_get_tag_type(self->entry, &tag) == -1) {
895 PyErr_SetFromErrno(PyExc_IOError);
902 if((long)uid != uidgid) {
903 PyErr_SetString(PyExc_OverflowError, "Can't assign given qualifier");
910 if((long)gid != uidgid) {
911 PyErr_SetString(PyExc_OverflowError, "Can't assign given qualifier");
918 PyErr_SetString(PyExc_TypeError,
919 "Can only set qualifiers on ACL_USER or ACL_GROUP entries");
922 if(acl_set_qualifier(self->entry, p) == -1) {
923 PyErr_SetFromErrno(PyExc_IOError);
930 /* Returns the qualifier of the entry */
931 static PyObject* Entry_get_qualifier(PyObject *obj, void* arg) {
932 Entry_Object *self = (Entry_Object*) obj;
936 if (self->entry == NULL) {
937 PyErr_SetString(PyExc_ValueError, "Can't get qualifier on uninitalized Entry object");
940 if(get_tag_qualifier(self->entry, &tq) < 0) {
943 if (tq.tag == ACL_USER) {
945 } else if (tq.tag == ACL_GROUP) {
948 PyErr_SetString(PyExc_TypeError,
949 "Given entry doesn't have an user or"
953 return PyLong_FromLong(value);
956 /* Returns the parent ACL of the entry */
957 static PyObject* Entry_get_parent(PyObject *obj, void* arg) {
958 Entry_Object *self = (Entry_Object*) obj;
960 Py_INCREF(self->parent_acl);
961 return self->parent_acl;
964 /* Returns the a new Permset representing the permset of the entry
965 * FIXME: Should return a new reference to the same object, which
966 * should be created at init time!
968 static PyObject* Entry_get_permset(PyObject *obj, void* arg) {
971 PyObject *perm_arglist = Py_BuildValue("(O)", obj);
972 if (perm_arglist == NULL) {
975 p = PyObject_CallObject((PyObject*)&Permset_Type, perm_arglist);
976 Py_DECREF(perm_arglist);
980 /* Sets the permset of the entry to the passed Permset */
981 static int Entry_set_permset(PyObject* obj, PyObject* value, void* arg) {
982 Entry_Object *self = (Entry_Object*)obj;
985 ENTRY_SET_CHECK(self, "permset", value);
987 if(!PyObject_IsInstance(value, (PyObject*)&Permset_Type)) {
988 PyErr_SetString(PyExc_TypeError, "argument 1 must be posix1e.Permset");
991 p = (Permset_Object*)value;
992 if(acl_set_permset(self->entry, p->permset) == -1) {
993 PyErr_SetFromErrno(PyExc_IOError);
999 static char __Entry_copy_doc__[] =
1001 "Copies an ACL entry.\n"
1003 "This method sets all the parameters to those of another\n"
1004 "entry (either of the same ACL or belonging to another ACL).\n"
1006 ":param Entry src: instance of type Entry\n"
1009 /* Sets all the entry parameters to another entry */
1010 static PyObject* Entry_copy(PyObject *obj, PyObject *args) {
1011 Entry_Object *self = (Entry_Object*)obj;
1012 Entry_Object *other;
1014 if(!PyArg_ParseTuple(args, "O!", &Entry_Type, &other))
1017 if(acl_copy_entry(self->entry, other->entry) == -1)
1018 return PyErr_SetFromErrno(PyExc_IOError);
1023 /**** Permset type *****/
1025 /* Creation of a new Permset instance */
1026 static PyObject* Permset_new(PyTypeObject* type, PyObject* args,
1028 PyObject* newpermset;
1029 Permset_Object* permset;
1030 Entry_Object* parent = NULL;
1032 if (!PyArg_ParseTuple(args, "O!", &Entry_Type, &parent)) {
1036 newpermset = PyType_GenericNew(type, args, keywds);
1038 if(newpermset == NULL) {
1042 permset = (Permset_Object*)newpermset;
1044 if(acl_get_permset(parent->entry, &permset->permset) == -1) {
1045 PyErr_SetFromErrno(PyExc_IOError);
1046 Py_DECREF(newpermset);
1050 permset->parent_entry = (PyObject*)parent;
1056 /* Initialization of a new Permset instance */
1057 static int Permset_init(PyObject* obj, PyObject* args, PyObject *keywds) {
1058 Permset_Object* self = (Permset_Object*) obj;
1059 Entry_Object* parent = NULL;
1061 if (!PyArg_ParseTuple(args, "O!", &Entry_Type, &parent))
1064 if ((PyObject*)parent != self->parent_entry) {
1065 PyErr_SetString(PyExc_ValueError,
1066 "Can't reinitialize with a different parent");
1073 /* Free the Permset instance */
1074 static void Permset_dealloc(PyObject* obj) {
1075 Permset_Object *self = (Permset_Object*) obj;
1076 PyObject *err_type, *err_value, *err_traceback;
1077 int have_error = PyErr_Occurred() ? 1 : 0;
1080 PyErr_Fetch(&err_type, &err_value, &err_traceback);
1081 if(self->parent_entry != NULL) {
1082 Py_DECREF(self->parent_entry);
1083 self->parent_entry = NULL;
1086 PyErr_Restore(err_type, err_value, err_traceback);
1090 /* Permset string representation */
1091 static PyObject* Permset_str(PyObject *obj) {
1092 Permset_Object *self = (Permset_Object*) obj;
1095 pstr[0] = get_perm(self->permset, ACL_READ) ? 'r' : '-';
1096 pstr[1] = get_perm(self->permset, ACL_WRITE) ? 'w' : '-';
1097 pstr[2] = get_perm(self->permset, ACL_EXECUTE) ? 'x' : '-';
1098 return PyUnicode_FromStringAndSize(pstr, 3);
1101 static char __Permset_clear_doc__[] =
1102 "Clears all permissions from the permission set.\n"
1105 /* Clears all permissions from the permset */
1106 static PyObject* Permset_clear(PyObject* obj, PyObject* args) {
1107 Permset_Object *self = (Permset_Object*) obj;
1109 if(acl_clear_perms(self->permset) == -1)
1110 return PyErr_SetFromErrno(PyExc_IOError);
1115 static PyObject* Permset_get_right(PyObject *obj, void* arg) {
1116 Permset_Object *self = (Permset_Object*) obj;
1118 if(get_perm(self->permset, *(acl_perm_t*)arg)) {
1125 static int Permset_set_right(PyObject* obj, PyObject* value, void* arg) {
1126 Permset_Object *self = (Permset_Object*) obj;
1130 if(!PyLong_Check(value)) {
1131 PyErr_SetString(PyExc_ValueError, "invalid argument, an integer"
1135 on = PyLong_AsLong(value);
1137 nerr = acl_add_perm(self->permset, *(acl_perm_t*)arg);
1139 nerr = acl_delete_perm(self->permset, *(acl_perm_t*)arg);
1141 PyErr_SetFromErrno(PyExc_IOError);
1147 static char __Permset_add_doc__[] =
1149 "Add a permission to the permission set.\n"
1151 "This function adds the permission contained in \n"
1152 "the argument perm to the permission set. An attempt \n"
1153 "to add a permission that is already contained in the \n"
1154 "permission set is not considered an error.\n"
1156 ":param perm: a permission (:py:data:`ACL_WRITE`, :py:data:`ACL_READ`,\n"
1157 " :py:data:`ACL_EXECUTE`, ...)\n"
1158 ":raises IOError: in case the argument is not a valid descriptor\n"
1161 static PyObject* Permset_add(PyObject* obj, PyObject* args) {
1162 Permset_Object *self = (Permset_Object*) obj;
1165 if (!PyArg_ParseTuple(args, "i", &right))
1168 if(acl_add_perm(self->permset, (acl_perm_t) right) == -1)
1169 return PyErr_SetFromErrno(PyExc_IOError);
1174 static char __Permset_delete_doc__[] =
1176 "Delete a permission from the permission set.\n"
1178 "This function deletes the permission contained in \n"
1179 "the argument perm from the permission set. An attempt \n"
1180 "to delete a permission that is not contained in the \n"
1181 "permission set is not considered an error.\n"
1183 ":param perm: a permission (:py:data:`ACL_WRITE`, :py:data:`ACL_READ`,\n"
1184 " :py:data:`ACL_EXECUTE`, ...)\n"
1185 ":raises IOError: in case the argument is not a valid descriptor\n"
1188 static PyObject* Permset_delete(PyObject* obj, PyObject* args) {
1189 Permset_Object *self = (Permset_Object*) obj;
1192 if (!PyArg_ParseTuple(args, "i", &right))
1195 if(acl_delete_perm(self->permset, (acl_perm_t) right) == -1)
1196 return PyErr_SetFromErrno(PyExc_IOError);
1201 static char __Permset_test_doc__[] =
1203 "Test if a permission exists in the permission set.\n"
1205 "The test() function tests if the permission represented by\n"
1206 "the argument perm exists in the permission set.\n"
1208 ":param perm: a permission (:py:data:`ACL_WRITE`, :py:data:`ACL_READ`,\n"
1209 " :py:data:`ACL_EXECUTE`, ...)\n"
1211 ":raises IOError: in case the argument is not a valid descriptor\n"
1214 static PyObject* Permset_test(PyObject* obj, PyObject* args) {
1215 Permset_Object *self = (Permset_Object*) obj;
1219 if (!PyArg_ParseTuple(args, "i", &right))
1222 ret = get_perm(self->permset, (acl_perm_t) right);
1224 return PyErr_SetFromErrno(PyExc_IOError);
1235 static char __ACL_Type_doc__[] =
1236 "Type which represents a POSIX ACL\n"
1238 ".. note:: only one keyword parameter should be provided\n"
1240 ":param string/bytes/path-like file: creates an ACL representing\n"
1241 " the access ACL of the specified file or directory.\n"
1242 ":param string/bytes/path-like filedef: creates an ACL representing\n"
1243 " the default ACL of the given directory.\n"
1244 ":param int/iostream fd: creates an ACL representing\n"
1245 " the access ACL of the given file descriptor.\n"
1246 ":param string text: creates an ACL from a \n"
1247 " textual description; note the ACL must be valid, which\n"
1248 " means including a mask for extended ACLs, similar to\n"
1249 " ``setfacl --no-mask``\n"
1250 ":param ACL acl: creates a copy of an existing ACL instance.\n"
1251 ":param int mode: creates an ACL from a numeric mode\n"
1252 " (e.g. ``mode=0644``); this is valid only when the C library\n"
1253 " provides the ``acl_from_mode call``, and\n"
1254 " note that no validation is done on the given value.\n"
1256 "If no parameters are passed, an empty ACL will be created; this\n"
1257 "makes sense only when your OS supports ACL modification\n"
1258 "(i.e. it implements full POSIX.1e support), otherwise the ACL won't\n"
1262 /* ACL type methods */
1263 static PyMethodDef ACL_methods[] = {
1264 {"applyto", ACL_applyto, METH_VARARGS, __applyto_doc__},
1265 {"valid", ACL_valid, METH_NOARGS, __valid_doc__},
1267 {"to_any_text", (PyCFunction)ACL_to_any_text, METH_VARARGS | METH_KEYWORDS,
1268 __to_any_text_doc__},
1269 {"check", ACL_check, METH_NOARGS, __check_doc__},
1270 {"equiv_mode", ACL_equiv_mode, METH_NOARGS, __equiv_mode_doc__},
1272 #ifdef HAVE_ACL_COPY_EXT
1273 {"__getstate__", ACL_get_state, METH_NOARGS,
1274 "Dumps the ACL to an external format."},
1275 {"__setstate__", ACL_set_state, METH_VARARGS,
1276 "Loads the ACL from an external format."},
1279 {"delete_entry", ACL_delete_entry, METH_VARARGS, __ACL_delete_entry_doc__},
1280 {"calc_mask", ACL_calc_mask, METH_NOARGS, __ACL_calc_mask_doc__},
1281 {"append", ACL_append, METH_VARARGS, __ACL_append_doc__},
1283 {NULL, NULL, 0, NULL}
1287 /* The definition of the ACL Type */
1288 static PyTypeObject ACL_Type = {
1289 PyVarObject_HEAD_INIT(NULL, 0)
1293 ACL_dealloc, /* tp_dealloc */
1297 0, /* formerly tp_compare, in 3.0 deprecated, in
1300 0, /* tp_as_number */
1301 0, /* tp_as_sequence */
1302 0, /* tp_as_mapping */
1305 ACL_str, /* tp_str */
1306 0, /* tp_getattro */
1307 0, /* tp_setattro */
1308 0, /* tp_as_buffer */
1309 Py_TPFLAGS_DEFAULT, /* tp_flags */
1310 __ACL_Type_doc__, /* tp_doc */
1311 0, /* tp_traverse */
1314 ACL_richcompare, /* tp_richcompare */
1316 0, /* tp_richcompare */
1318 0, /* tp_weaklistoffset */
1324 0, /* tp_iternext */
1326 ACL_methods, /* tp_methods */
1331 0, /* tp_descr_get */
1332 0, /* tp_descr_set */
1333 0, /* tp_dictoffset */
1334 ACL_init, /* tp_init */
1336 ACL_new, /* tp_new */
1341 /* Entry type methods */
1342 static PyMethodDef Entry_methods[] = {
1343 {"copy", Entry_copy, METH_VARARGS, __Entry_copy_doc__},
1344 {NULL, NULL, 0, NULL}
1347 static char __Entry_tagtype_doc__[] =
1348 "The tag type of the current entry\n"
1351 " - :py:data:`ACL_UNDEFINED_TAG`\n"
1352 " - :py:data:`ACL_USER_OBJ`\n"
1353 " - :py:data:`ACL_USER`\n"
1354 " - :py:data:`ACL_GROUP_OBJ`\n"
1355 " - :py:data:`ACL_GROUP`\n"
1356 " - :py:data:`ACL_MASK`\n"
1357 " - :py:data:`ACL_OTHER`\n"
1360 static char __Entry_qualifier_doc__[] =
1361 "The qualifier of the current entry\n"
1363 "If the tag type is :py:data:`ACL_USER`, this should be a user id.\n"
1364 "If the tag type if :py:data:`ACL_GROUP`, this should be a group id.\n"
1365 "Else it doesn't matter.\n"
1368 static char __Entry_parent_doc__[] =
1369 "The parent ACL of this entry\n"
1372 static char __Entry_permset_doc__[] =
1373 "The permission set of this ACL entry\n"
1377 static PyGetSetDef Entry_getsets[] = {
1378 {"tag_type", Entry_get_tag_type, Entry_set_tag_type,
1379 __Entry_tagtype_doc__},
1380 {"qualifier", Entry_get_qualifier, Entry_set_qualifier,
1381 __Entry_qualifier_doc__},
1382 {"parent", Entry_get_parent, NULL, __Entry_parent_doc__},
1383 {"permset", Entry_get_permset, Entry_set_permset, __Entry_permset_doc__},
1387 static char __Entry_Type_doc__[] =
1388 "Type which represents an entry in an ACL.\n"
1390 "The type exists only if the OS has full support for POSIX.1e\n"
1391 "Can be created either by:\n"
1393 " >>> e = posix1e.Entry(myACL) # this creates a new entry in the ACL\n"
1394 " >>> e = myACL.append() # another way for doing the same thing\n"
1398 " >>> for entry in myACL:\n"
1399 " ... print entry\n"
1401 "Note that the Entry keeps a reference to its ACL, so even if \n"
1402 "you delete the ACL, it won't be cleaned up and will continue to \n"
1403 "exist until its Entry(ies) will be deleted.\n"
1405 /* The definition of the Entry Type */
1406 static PyTypeObject Entry_Type = {
1407 PyVarObject_HEAD_INIT(NULL, 0)
1409 sizeof(Entry_Object),
1411 Entry_dealloc, /* tp_dealloc */
1417 0, /* tp_as_number */
1418 0, /* tp_as_sequence */
1419 0, /* tp_as_mapping */
1422 Entry_str, /* tp_str */
1423 0, /* tp_getattro */
1424 0, /* tp_setattro */
1425 0, /* tp_as_buffer */
1426 Py_TPFLAGS_DEFAULT, /* tp_flags */
1427 __Entry_Type_doc__, /* tp_doc */
1428 0, /* tp_traverse */
1430 0, /* tp_richcompare */
1431 0, /* tp_weaklistoffset */
1433 0, /* tp_iternext */
1434 Entry_methods, /* tp_methods */
1436 Entry_getsets, /* tp_getset */
1439 0, /* tp_descr_get */
1440 0, /* tp_descr_set */
1441 0, /* tp_dictoffset */
1442 Entry_init, /* tp_init */
1444 Entry_new, /* tp_new */
1447 /* Permset type methods */
1448 static PyMethodDef Permset_methods[] = {
1449 {"clear", Permset_clear, METH_NOARGS, __Permset_clear_doc__, },
1450 {"add", Permset_add, METH_VARARGS, __Permset_add_doc__, },
1451 {"delete", Permset_delete, METH_VARARGS, __Permset_delete_doc__, },
1452 {"test", Permset_test, METH_VARARGS, __Permset_test_doc__, },
1453 {NULL, NULL, 0, NULL}
1456 static char __Permset_execute_doc__[] =
1457 "Execute permission property\n"
1459 "This is a convenience method of retrieving and setting the execute\n"
1460 "permission in the permission set; the \n"
1461 "same effect can be achieved using the functions\n"
1462 "add(), test(), delete(), and those can take any \n"
1463 "permission defined by your platform.\n"
1466 static char __Permset_read_doc__[] =
1467 "Read permission property\n"
1469 "This is a convenience method of retrieving and setting the read\n"
1470 "permission in the permission set; the \n"
1471 "same effect can be achieved using the functions\n"
1472 "add(), test(), delete(), and those can take any \n"
1473 "permission defined by your platform.\n"
1476 static char __Permset_write_doc__[] =
1477 "Write permission property\n"
1479 "This is a convenience method of retrieving and setting the write\n"
1480 "permission in the permission set; the \n"
1481 "same effect can be achieved using the functions\n"
1482 "add(), test(), delete(), and those can take any \n"
1483 "permission defined by your platform.\n"
1486 /* Permset getset */
1487 static PyGetSetDef Permset_getsets[] = {
1488 {"execute", Permset_get_right, Permset_set_right,
1489 __Permset_execute_doc__, &holder_ACL_EXECUTE},
1490 {"read", Permset_get_right, Permset_set_right,
1491 __Permset_read_doc__, &holder_ACL_READ},
1492 {"write", Permset_get_right, Permset_set_right,
1493 __Permset_write_doc__, &holder_ACL_WRITE},
1497 static char __Permset_Type_doc__[] =
1498 "Type which represents the permission set in an ACL entry\n"
1500 "The type exists only if the OS has full support for POSIX.1e\n"
1501 "Can be retrieved either by:\n\n"
1502 ">>> perms = myEntry.permset\n"
1505 ">>> perms = posix1e.Permset(myEntry)\n"
1507 "Note that the Permset keeps a reference to its Entry, so even if \n"
1508 "you delete the entry, it won't be cleaned up and will continue to \n"
1509 "exist until its Permset will be deleted.\n"
1512 /* The definition of the Permset Type */
1513 static PyTypeObject Permset_Type = {
1514 PyVarObject_HEAD_INIT(NULL, 0)
1516 sizeof(Permset_Object),
1518 Permset_dealloc, /* tp_dealloc */
1524 0, /* tp_as_number */
1525 0, /* tp_as_sequence */
1526 0, /* tp_as_mapping */
1529 Permset_str, /* tp_str */
1530 0, /* tp_getattro */
1531 0, /* tp_setattro */
1532 0, /* tp_as_buffer */
1533 Py_TPFLAGS_DEFAULT, /* tp_flags */
1534 __Permset_Type_doc__,/* tp_doc */
1535 0, /* tp_traverse */
1537 0, /* tp_richcompare */
1538 0, /* tp_weaklistoffset */
1540 0, /* tp_iternext */
1541 Permset_methods, /* tp_methods */
1543 Permset_getsets, /* tp_getset */
1546 0, /* tp_descr_get */
1547 0, /* tp_descr_set */
1548 0, /* tp_dictoffset */
1549 Permset_init, /* tp_init */
1551 Permset_new, /* tp_new */
1556 /* Module methods */
1558 static char __deletedef_doc__[] =
1559 "delete_default(path)\n"
1560 "Delete the default ACL from a directory.\n"
1562 "This function deletes the default ACL associated with\n"
1563 "a directory (the ACL which will be ANDed with the mode\n"
1564 "parameter to the open, creat functions).\n"
1566 ":param string path: the directory whose default ACL should be deleted\n"
1569 /* Deletes the default ACL from a directory */
1570 static PyObject* aclmodule_delete_default(PyObject* obj, PyObject* args) {
1573 /* Parse the arguments */
1574 if (!PyArg_ParseTuple(args, "et", NULL, &filename))
1577 if(acl_delete_def_file(filename) == -1) {
1578 return PyErr_SetFromErrnoWithFilename(PyExc_IOError, filename);
1585 static char __has_extended_doc__[] =
1586 "has_extended(item)\n"
1587 "Check if a file or file handle has an extended ACL.\n"
1589 ":param item: either a file name or a file-like object or an integer;\n"
1590 " it represents the file-system object on which to act\n"
1593 /* Check for extended ACL a file or fd */
1594 static PyObject* aclmodule_has_extended(PyObject* obj, PyObject* args) {
1595 PyObject *item, *tmp;
1599 if (!PyArg_ParseTuple(args, "O", &item))
1602 if((fd = PyObject_AsFileDescriptor(item)) != -1) {
1603 if((nret = acl_extended_fd(fd)) == -1) {
1604 PyErr_SetFromErrno(PyExc_IOError);
1607 // PyObject_AsFileDescriptor sets an error when failing, so clear
1608 // it such that further code works; some method lookups fail if an
1609 // error already occured when called, which breaks at least
1610 // PyOS_FSPath (called by FSConverter).
1612 if(PyUnicode_FSConverter(item, &tmp)) {
1613 char *filename = PyBytes_AS_STRING(tmp);
1614 if ((nret = acl_extended_file(filename)) == -1) {
1615 PyErr_SetFromErrnoWithFilename(PyExc_IOError, filename);
1626 return PyBool_FromLong(nret);
1631 /* The module methods */
1632 static PyMethodDef aclmodule_methods[] = {
1633 {"delete_default", aclmodule_delete_default, METH_VARARGS,
1636 {"has_extended", aclmodule_has_extended, METH_VARARGS,
1637 __has_extended_doc__},
1639 {NULL, NULL, 0, NULL}
1642 static char __posix1e_doc__[] =
1643 "POSIX.1e ACLs manipulation\n"
1644 "==========================\n"
1646 "This module provides support for manipulating POSIX.1e ACLS\n"
1648 "Depending on the operating system support for POSIX.1e, \n"
1649 "the ACL type will have more or less capabilities:\n\n"
1650 " - level 1, only basic support, you can create\n"
1651 " ACLs from files and text descriptions;\n"
1652 " once created, the type is immutable\n"
1653 " - level 2, complete support, you can alter\n"
1654 " the ACL once it is created\n"
1656 "Also, in level 2, more types are available, corresponding\n"
1657 "to acl_entry_t (the Entry type), acl_permset_t (the Permset type).\n"
1659 "The existence of level 2 support and other extensions can be\n"
1660 "checked by the constants:\n\n"
1661 " - :py:data:`HAS_ACL_ENTRY` for level 2 and the Entry/Permset classes\n"
1662 " - :py:data:`HAS_ACL_FROM_MODE` for ``ACL(mode=...)`` usage\n"
1663 " - :py:data:`HAS_ACL_CHECK` for the :py:func:`ACL.check` function\n"
1664 " - :py:data:`HAS_EXTENDED_CHECK` for the module-level\n"
1665 " :py:func:`has_extended` function\n"
1666 " - :py:data:`HAS_EQUIV_MODE` for the :py:func:`ACL.equiv_mode` method\n"
1667 " - :py:data:`HAS_COPY_EXT` for the :py:func:`ACL.__getstate__` and\n"
1668 " :py:func:`ACL.__setstate__` functions (pickle protocol)\n"
1672 ">>> import posix1e\n"
1673 ">>> acl1 = posix1e.ACL(file=\"file.txt\") \n"
1679 ">>> b = posix1e.ACL(text=\"u::rx,g::-,o::-\")\n"
1685 ">>> b.applyto(\"file.txt\")\n"
1686 ">>> print posix1e.ACL(file=\"file.txt\")\n"
1692 ".. py:data:: ACL_USER\n\n"
1693 " Denotes a specific user entry in an ACL.\n"
1695 ".. py:data:: ACL_USER_OBJ\n\n"
1696 " Denotes the user owner entry in an ACL.\n"
1698 ".. py:data:: ACL_GROUP\n\n"
1699 " Denotes the a group entry in an ACL.\n"
1701 ".. py:data:: ACL_GROUP_OBJ\n\n"
1702 " Denotes the group owner entry in an ACL.\n"
1704 ".. py:data:: ACL_OTHER\n\n"
1705 " Denotes the 'others' entry in an ACL.\n"
1707 ".. py:data:: ACL_MASK\n\n"
1708 " Denotes the mask entry in an ACL, representing the maximum\n"
1709 " access granted other users, the owner group and other groups.\n"
1711 ".. py:data:: ACL_UNDEFINED_TAG\n\n"
1712 " An undefined tag in an ACL.\n"
1714 ".. py:data:: ACL_READ\n\n"
1715 " Read permission in a permission set.\n"
1717 ".. py:data:: ACL_WRITE\n\n"
1718 " Write permission in a permission set.\n"
1720 ".. py:data:: ACL_EXECUTE\n\n"
1721 " Execute permission in a permission set.\n"
1723 ".. py:data:: HAS_ACL_ENTRY\n\n"
1724 " denotes support for level 2 and the Entry/Permset classes\n"
1726 ".. py:data:: HAS_ACL_FROM_MODE\n\n"
1727 " denotes support for building an ACL from an octal mode\n"
1729 ".. py:data:: HAS_ACL_CHECK\n\n"
1730 " denotes support for extended checks of an ACL's validity\n"
1732 ".. py:data:: HAS_EXTENDED_CHECK\n\n"
1733 " denotes support for checking whether an ACL is basic or extended\n"
1735 ".. py:data:: HAS_EQUIV_MODE\n\n"
1736 " denotes support for the equiv_mode function\n"
1738 ".. py:data:: HAS_COPY_EXT\n\n"
1739 " denotes support for __getstate__()/__setstate__() on an ACL\n"
1743 static struct PyModuleDef posix1emodule = {
1744 PyModuleDef_HEAD_INIT,
1752 PyInit_posix1e(void)
1756 Py_TYPE(&ACL_Type) = &PyType_Type;
1757 if(PyType_Ready(&ACL_Type) < 0)
1761 Py_TYPE(&Entry_Type) = &PyType_Type;
1762 if(PyType_Ready(&Entry_Type) < 0)
1765 Py_TYPE(&Permset_Type) = &PyType_Type;
1766 if(PyType_Ready(&Permset_Type) < 0)
1770 m = PyModule_Create(&posix1emodule);
1774 d = PyModule_GetDict(m);
1778 Py_INCREF(&ACL_Type);
1779 if (PyDict_SetItemString(d, "ACL",
1780 (PyObject *) &ACL_Type) < 0)
1783 /* 23.3.6 acl_type_t values */
1784 PyModule_AddIntConstant(m, "ACL_TYPE_ACCESS", ACL_TYPE_ACCESS);
1785 PyModule_AddIntConstant(m, "ACL_TYPE_DEFAULT", ACL_TYPE_DEFAULT);
1789 Py_INCREF(&Entry_Type);
1790 if (PyDict_SetItemString(d, "Entry",
1791 (PyObject *) &Entry_Type) < 0)
1794 Py_INCREF(&Permset_Type);
1795 if (PyDict_SetItemString(d, "Permset",
1796 (PyObject *) &Permset_Type) < 0)
1799 /* 23.2.2 acl_perm_t values */
1800 PyModule_AddIntConstant(m, "ACL_READ", ACL_READ);
1801 PyModule_AddIntConstant(m, "ACL_WRITE", ACL_WRITE);
1802 PyModule_AddIntConstant(m, "ACL_EXECUTE", ACL_EXECUTE);
1804 /* 23.2.5 acl_tag_t values */
1805 PyModule_AddIntConstant(m, "ACL_UNDEFINED_TAG", ACL_UNDEFINED_TAG);
1806 PyModule_AddIntConstant(m, "ACL_USER_OBJ", ACL_USER_OBJ);
1807 PyModule_AddIntConstant(m, "ACL_USER", ACL_USER);
1808 PyModule_AddIntConstant(m, "ACL_GROUP_OBJ", ACL_GROUP_OBJ);
1809 PyModule_AddIntConstant(m, "ACL_GROUP", ACL_GROUP);
1810 PyModule_AddIntConstant(m, "ACL_MASK", ACL_MASK);
1811 PyModule_AddIntConstant(m, "ACL_OTHER", ACL_OTHER);
1813 /* Document extended functionality via easy-to-use constants */
1814 PyModule_AddIntConstant(m, "HAS_ACL_ENTRY", 1);
1816 PyModule_AddIntConstant(m, "HAS_ACL_ENTRY", 0);
1820 /* Linux libacl specific acl_to_any_text constants */
1821 PyModule_AddIntConstant(m, "TEXT_ABBREVIATE", TEXT_ABBREVIATE);
1822 PyModule_AddIntConstant(m, "TEXT_NUMERIC_IDS", TEXT_NUMERIC_IDS);
1823 PyModule_AddIntConstant(m, "TEXT_SOME_EFFECTIVE", TEXT_SOME_EFFECTIVE);
1824 PyModule_AddIntConstant(m, "TEXT_ALL_EFFECTIVE", TEXT_ALL_EFFECTIVE);
1825 PyModule_AddIntConstant(m, "TEXT_SMART_INDENT", TEXT_SMART_INDENT);
1827 /* Linux libacl specific acl_check constants */
1828 PyModule_AddIntConstant(m, "ACL_MULTI_ERROR", ACL_MULTI_ERROR);
1829 PyModule_AddIntConstant(m, "ACL_DUPLICATE_ERROR", ACL_DUPLICATE_ERROR);
1830 PyModule_AddIntConstant(m, "ACL_MISS_ERROR", ACL_MISS_ERROR);
1831 PyModule_AddIntConstant(m, "ACL_ENTRY_ERROR", ACL_ENTRY_ERROR);
1833 #define LINUX_EXT_VAL 1
1835 #define LINUX_EXT_VAL 0
1837 /* declare the Linux extensions */
1838 PyModule_AddIntConstant(m, "HAS_ACL_FROM_MODE", LINUX_EXT_VAL);
1839 PyModule_AddIntConstant(m, "HAS_ACL_CHECK", LINUX_EXT_VAL);
1840 PyModule_AddIntConstant(m, "HAS_EXTENDED_CHECK", LINUX_EXT_VAL);
1841 PyModule_AddIntConstant(m, "HAS_EQUIV_MODE", LINUX_EXT_VAL);
1843 PyModule_AddIntConstant(m, "HAS_COPY_EXT",
1844 #ifdef HAVE_ACL_COPY_EXT