2 posix1e - a python module exposing the posix acl functions
4 Copyright (C) 2002-2009, 2012, 2014, 2015 Iustin Pop <iustin@k1024.org>
6 This library is free software; you can redistribute it and/or
7 modify it under the terms of the GNU Lesser General Public
8 License as published by the Free Software Foundation; either
9 version 2.1 of the License, or (at your option) any later version.
11 This library is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 Lesser General Public License for more details.
16 You should have received a copy of the GNU Lesser General Public
17 License along with this library; if not, write to the Free Software
18 Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
25 #include <sys/types.h>
29 #include <acl/libacl.h>
30 #define get_perm acl_get_perm
32 #define get_perm acl_get_perm_np
35 /* Used for cpychecker: */
36 /* The checker automatically defines this preprocessor name when creating
37 the custom attribute: */
38 #if defined(WITH_CPYCHECKER_TYPE_OBJECT_FOR_TYPEDEF_ATTRIBUTE)
39 #define CPYCHECKER_TYPE_OBJECT_FOR_TYPEDEF(typename) \
40 __attribute__((cpychecker_type_object_for_typedef(typename)))
42 /* This handles the case where we're compiling with a "vanilla"
43 compiler that doesn't supply this attribute: */
44 #define CPYCHECKER_TYPE_OBJECT_FOR_TYPEDEF(typename)
47 /* The checker automatically defines this preprocessor name when creating
48 the custom attribute: */
49 #if defined(WITH_CPYCHECKER_NEGATIVE_RESULT_SETS_EXCEPTION_ATTRIBUTE)
50 #define CPYCHECKER_NEGATIVE_RESULT_SETS_EXCEPTION \
51 __attribute__((cpychecker_negative_result_sets_exception))
53 #define CPYCHECKER_NEGATIVE_RESULT_SETS_EXCEPTION
56 static PyTypeObject ACL_Type
57 CPYCHECKER_TYPE_OBJECT_FOR_TYPEDEF("ACL_Object");
58 static PyObject* ACL_applyto(PyObject* obj, PyObject* args);
59 static PyObject* ACL_valid(PyObject* obj, PyObject* args);
61 #ifdef HAVE_ACL_COPY_EXT
62 static PyObject* ACL_get_state(PyObject *obj, PyObject* args);
63 static PyObject* ACL_set_state(PyObject *obj, PyObject* args);
67 static PyTypeObject Entry_Type
68 CPYCHECKER_TYPE_OBJECT_FOR_TYPEDEF("Entry_Object");
69 static PyTypeObject Permset_Type
70 CPYCHECKER_TYPE_OBJECT_FOR_TYPEDEF("Permset_Object");
71 static PyObject* Permset_new(PyTypeObject* type, PyObject* args,
75 static acl_perm_t holder_ACL_EXECUTE = ACL_EXECUTE;
76 static acl_perm_t holder_ACL_READ = ACL_READ;
77 static acl_perm_t holder_ACL_WRITE = ACL_WRITE;
91 PyObject *parent_acl; /* The parent acl, so it won't run out on us */
97 PyObject *parent_entry; /* The parent entry, so it won't run out on us */
98 acl_permset_t permset;
103 /* Creation of a new ACL instance */
104 static PyObject* ACL_new(PyTypeObject* type, PyObject* args,
109 newacl = type->tp_alloc(type, 0);
114 acl = (ACL_Object*) newacl;
116 acl->acl = acl_init(0);
117 if (acl->acl == NULL) {
118 PyErr_SetFromErrno(PyExc_IOError);
123 acl->entry_id = ACL_FIRST_ENTRY;
129 /* Initialization of a new ACL instance */
130 static int ACL_init(PyObject* obj, PyObject* args, PyObject *keywds) {
131 ACL_Object* self = (ACL_Object*) obj;
133 static char *kwlist[] = { "file", "fd", "text", "acl", "filedef",
135 char *format = "|etisO!si";
138 static char *kwlist[] = { "file", "fd", "text", "acl", "filedef", NULL };
139 char *format = "|etisO!s";
142 char *filedef = NULL;
145 ACL_Object* thesrc = NULL;
147 if(!PyTuple_Check(args) || PyTuple_Size(args) != 0 ||
148 (keywds != NULL && PyDict_Check(keywds) && PyDict_Size(keywds) > 1)) {
149 PyErr_SetString(PyExc_ValueError, "a max of one keyword argument"
153 if(!PyArg_ParseTupleAndKeywords(args, keywds, format, kwlist,
154 NULL, &file, &fd, &text, &ACL_Type,
162 /* Free the old acl_t without checking for error, we don't
164 if(self->acl != NULL)
168 self->acl = acl_get_file(file, ACL_TYPE_ACCESS);
169 else if(text != NULL)
170 self->acl = acl_from_text(text);
172 self->acl = acl_get_fd(fd);
173 else if(thesrc != NULL)
174 self->acl = acl_dup(thesrc->acl);
175 else if(filedef != NULL)
176 self->acl = acl_get_file(filedef, ACL_TYPE_DEFAULT);
179 self->acl = acl_from_mode(mode);
182 self->acl = acl_init(0);
184 if(self->acl == NULL) {
185 PyErr_SetFromErrno(PyExc_IOError);
192 /* Standard type functions */
193 static void ACL_dealloc(PyObject* obj) {
194 ACL_Object *self = (ACL_Object*) obj;
195 PyObject *err_type, *err_value, *err_traceback;
196 int have_error = PyErr_Occurred() ? 1 : 0;
199 PyErr_Fetch(&err_type, &err_value, &err_traceback);
200 if(self->acl != NULL && acl_free(self->acl) != 0)
201 PyErr_WriteUnraisable(obj);
203 PyErr_Restore(err_type, err_value, err_traceback);
207 /* Converts the acl to a text format */
208 static PyObject* ACL_str(PyObject *obj) {
210 ACL_Object *self = (ACL_Object*) obj;
213 text = acl_to_text(self->acl, NULL);
215 return PyErr_SetFromErrno(PyExc_IOError);
217 ret = PyUnicode_FromString(text);
218 if(acl_free(text) != 0) {
220 return PyErr_SetFromErrno(PyExc_IOError);
226 static char __to_any_text_doc__[] =
227 "to_any_text([prefix='', separator='n', options=0])\n"
228 "Convert the ACL to a custom text format.\n"
230 "This method encapsulates the ``acl_to_any_text()`` function.\n"
231 "It allows a customized text format to be generated for the ACL. See\n"
232 ":manpage:`acl_to_any_text(3)` for more details.\n"
234 ":param string prefix: if given, this string will be pre-pended to\n"
236 ":param string separator: a single character (defaults to '\\n'); this will"
237 " be used to separate the entries in the ACL\n"
238 ":param options: a bitwise combination of:\n\n"
239 " - :py:data:`TEXT_ABBREVIATE`: use 'u' instead of 'user', 'g' \n"
240 " instead of 'group', etc.\n"
241 " - :py:data:`TEXT_NUMERIC_IDS`: User and group IDs are included as\n"
242 " decimal numbers instead of names\n"
243 " - :py:data:`TEXT_SOME_EFFECTIVE`: Include comments denoting the\n"
244 " effective permissions when some are masked\n"
245 " - :py:data:`TEXT_ALL_EFFECTIVE`: Include comments after all ACL\n"
246 " entries affected by an ACL_MASK entry\n"
247 " - :py:data:`TEXT_SMART_INDENT`: Used in combination with the\n"
248 " _EFFECTIVE options, this will ensure that comments are aligned\n"
249 " to the fourth tab position (assuming one tab equals eight spaces)\n"
253 /* Converts the acl to a custom text format */
254 static PyObject* ACL_to_any_text(PyObject *obj, PyObject *args,
257 ACL_Object *self = (ACL_Object*) obj;
259 const char *arg_prefix = NULL;
260 char arg_separator = '\n';
262 static char *kwlist[] = {"prefix", "separator", "options", NULL};
264 if (!PyArg_ParseTupleAndKeywords(args, kwds, "|sci", kwlist, &arg_prefix,
265 &arg_separator, &arg_options))
268 text = acl_to_any_text(self->acl, arg_prefix, arg_separator, arg_options);
270 return PyErr_SetFromErrno(PyExc_IOError);
272 ret = PyBytes_FromString(text);
273 if(acl_free(text) != 0) {
275 return PyErr_SetFromErrno(PyExc_IOError);
280 static char __check_doc__[] =
281 "Check the ACL validity.\n"
283 "This is a non-portable, Linux specific extension that allow more\n"
284 "information to be retrieved in case an ACL is not valid than via the\n"
285 ":py:func:`valid` method.\n"
287 "This method will return either False (the ACL is valid), or a tuple\n"
288 "with two elements. The first element is one of the following\n"
290 " - :py:data:`ACL_MULTI_ERROR`: The ACL contains multiple entries that\n"
291 " have a tag type that may occur at most once\n"
292 " - :py:data:`ACL_DUPLICATE_ERROR`: The ACL contains multiple \n"
293 " :py:data:`ACL_USER` or :py:data:`ACL_GROUP` entries with the\n"
295 " - :py:data:`ACL_MISS_ERROR`: A required entry is missing\n"
296 " - :py:data:`ACL_ENTRY_ERROR`: The ACL contains an invalid entry\n"
299 "The second element of the tuple is the index of the entry that is\n"
300 "invalid (in the same order as by iterating over the ACL entry)\n"
303 /* The acl_check method */
304 static PyObject* ACL_check(PyObject* obj, PyObject* args) {
305 ACL_Object *self = (ACL_Object*) obj;
309 if((result = acl_check(self->acl, &eindex)) == -1)
310 return PyErr_SetFromErrno(PyExc_IOError);
314 return Py_BuildValue("(ii)", result, eindex);
317 /* Implementation of the rich compare for ACLs */
318 static PyObject* ACL_richcompare(PyObject* o1, PyObject* o2, int op) {
319 ACL_Object *acl1, *acl2;
323 if(!PyObject_IsInstance(o2, (PyObject*)&ACL_Type)) {
328 PyErr_SetString(PyExc_TypeError, "can only compare to an ACL");
332 acl1 = (ACL_Object*)o1;
333 acl2 = (ACL_Object*)o2;
334 if((n=acl_cmp(acl1->acl, acl2->acl))==-1)
335 return PyErr_SetFromErrno(PyExc_IOError);
338 ret = n == 0 ? Py_True : Py_False;
341 ret = n == 1 ? Py_True : Py_False;
344 PyErr_SetString(PyExc_TypeError, "ACLs are not orderable");
351 static char __equiv_mode_doc__[] =
352 "Return the octal mode the ACL is equivalent to.\n"
354 "This is a non-portable, Linux specific extension that checks\n"
355 "if the ACL is a basic ACL and returns the corresponding mode.\n"
358 ":raise IOError: An IOerror exception will be raised if the ACL is\n"
359 " an extended ACL.\n"
362 /* The acl_equiv_mode method */
363 static PyObject* ACL_equiv_mode(PyObject* obj, PyObject* args) {
364 ACL_Object *self = (ACL_Object*) obj;
367 if(acl_equiv_mode(self->acl, &mode) == -1)
368 return PyErr_SetFromErrno(PyExc_IOError);
369 return PyLong_FromLong(mode);
374 static char __applyto_doc__[] =
375 "applyto(item[, flag=ACL_TYPE_ACCESS])\n"
376 "Apply the ACL to a file or filehandle.\n"
378 ":param item: either a filename or a file-like object or an integer;\n"
379 " this represents the filesystem object on which to act\n"
380 ":param flag: optional flag representing the type of ACL to set, either\n"
381 " :py:data:`ACL_TYPE_ACCESS` (default) or :py:data:`ACL_TYPE_DEFAULT`\n"
384 /* Applies the ACL to a file */
385 static PyObject* ACL_applyto(PyObject* obj, PyObject* args) {
386 ACL_Object *self = (ACL_Object*) obj;
387 PyObject *target, *tmp;
388 acl_type_t type = ACL_TYPE_ACCESS;
392 if (!PyArg_ParseTuple(args, "O|I", &target, &type))
394 if ((fd = PyObject_AsFileDescriptor(target)) != -1) {
395 if((nret = acl_set_fd(fd, self->acl)) == -1) {
396 PyErr_SetFromErrno(PyExc_IOError);
399 // PyObject_AsFileDescriptor sets an error when failing, so clear
400 // it such that further code works; some method lookups fail if an
401 // error already occured when called, which breaks at least
402 // PyOS_FSPath (called by FSConverter).
404 if(PyUnicode_FSConverter(target, &tmp)) {
405 char *filename = PyBytes_AS_STRING(tmp);
406 if ((nret = acl_set_file(filename, type, self->acl)) == -1) {
407 PyErr_SetFromErrnoWithFilename(PyExc_IOError, filename);
421 static char __valid_doc__[] =
422 "Test the ACL for validity.\n"
424 "This method tests the ACL to see if it is a valid ACL\n"
425 "in terms of the file-system. More precisely, it checks that:\n"
427 "The ACL contains exactly one entry with each of the\n"
428 ":py:data:`ACL_USER_OBJ`, :py:data:`ACL_GROUP_OBJ`, and \n"
429 ":py:data:`ACL_OTHER` tag types. Entries\n"
430 "with :py:data:`ACL_USER` and :py:data:`ACL_GROUP` tag types may\n"
431 "appear zero or more\n"
432 "times in an ACL. An ACL that contains entries of :py:data:`ACL_USER` or\n"
433 ":py:data:`ACL_GROUP` tag types must contain exactly one entry of the \n"
434 ":py:data:`ACL_MASK` tag type. If an ACL contains no entries of\n"
435 ":py:data:`ACL_USER` or :py:data:`ACL_GROUP` tag types, the\n"
436 ":py:data:`ACL_MASK` entry is optional.\n"
438 "All user ID qualifiers must be unique among all entries of\n"
439 "the :py:data:`ACL_USER` tag type, and all group IDs must be unique\n"
440 "among all entries of :py:data:`ACL_GROUP` tag type.\n"
442 "The method will return 1 for a valid ACL and 0 for an invalid one.\n"
443 "This has been chosen because the specification for\n"
444 ":manpage:`acl_valid(3)`\n"
445 "in the POSIX.1e standard documents only one possible value for errno\n"
446 "in case of an invalid ACL, so we can't differentiate between\n"
447 "classes of errors. Other suggestions are welcome.\n"
453 /* Checks the ACL for validity */
454 static PyObject* ACL_valid(PyObject* obj, PyObject* args) {
455 ACL_Object *self = (ACL_Object*) obj;
457 if(acl_valid(self->acl) == -1) {
464 #ifdef HAVE_ACL_COPY_EXT
465 static PyObject* ACL_get_state(PyObject *obj, PyObject* args) {
466 ACL_Object *self = (ACL_Object*) obj;
471 size = acl_size(self->acl);
473 return PyErr_SetFromErrno(PyExc_IOError);
475 if((ret = PyBytes_FromStringAndSize(NULL, size)) == NULL)
477 buf = PyBytes_AsString(ret);
479 if((nsize = acl_copy_ext(buf, self->acl, size)) == -1) {
481 return PyErr_SetFromErrno(PyExc_IOError);
487 static PyObject* ACL_set_state(PyObject *obj, PyObject* args) {
488 ACL_Object *self = (ACL_Object*) obj;
493 /* Parse the argument */
494 if (!PyArg_ParseTuple(args, "s#", &buf, &bufsize))
497 /* Try to import the external representation */
498 if((ptr = acl_copy_int(buf)) == NULL)
499 return PyErr_SetFromErrno(PyExc_IOError);
501 /* Free the old acl. Should we ignore errors here? */
502 if(self->acl != NULL) {
503 if(acl_free(self->acl) == -1)
504 return PyErr_SetFromErrno(PyExc_IOError);
515 /* tp_iter for the ACL type; since it can be iterated only
516 * destructively, the type is its iterator
518 static PyObject* ACL_iter(PyObject *obj) {
519 ACL_Object *self = (ACL_Object*)obj;
520 self->entry_id = ACL_FIRST_ENTRY;
525 /* the tp_iternext function for the ACL type */
526 static PyObject* ACL_iternext(PyObject *obj) {
527 ACL_Object *self = (ACL_Object*)obj;
528 acl_entry_t the_entry_t;
529 Entry_Object *the_entry_obj;
532 nerr = acl_get_entry(self->acl, self->entry_id, &the_entry_t);
533 self->entry_id = ACL_NEXT_ENTRY;
535 return PyErr_SetFromErrno(PyExc_IOError);
537 /* Docs says this is not needed */
538 /*PyErr_SetObject(PyExc_StopIteration, Py_None);*/
542 the_entry_obj = (Entry_Object*) PyType_GenericNew(&Entry_Type, NULL, NULL);
543 if(the_entry_obj == NULL)
546 the_entry_obj->entry = the_entry_t;
548 the_entry_obj->parent_acl = obj;
549 Py_INCREF(obj); /* For the reference we have in entry->parent */
551 return (PyObject*)the_entry_obj;
554 static char __ACL_delete_entry_doc__[] =
555 "delete_entry(entry)\n"
556 "Deletes an entry from the ACL.\n"
558 ".. note:: Only available with level 2.\n"
560 ":param entry: the Entry object which should be deleted; note that after\n"
561 " this function is called, that object is unusable any longer\n"
562 " and should be deleted\n"
565 /* Deletes an entry from the ACL */
566 static PyObject* ACL_delete_entry(PyObject *obj, PyObject *args) {
567 ACL_Object *self = (ACL_Object*)obj;
570 if (!PyArg_ParseTuple(args, "O!", &Entry_Type, &e))
573 if(acl_delete_entry(self->acl, e->entry) == -1)
574 return PyErr_SetFromErrno(PyExc_IOError);
579 static char __ACL_calc_mask_doc__[] =
580 "Compute the file group class mask.\n"
582 "The calc_mask() method calculates and sets the permissions \n"
583 "associated with the :py:data:`ACL_MASK` Entry of the ACL.\n"
584 "The value of the new permissions is the union of the permissions \n"
585 "granted by all entries of tag type :py:data:`ACL_GROUP`, \n"
586 ":py:data:`ACL_GROUP_OBJ`, or \n"
587 ":py:data:`ACL_USER`. If the ACL already contains an :py:data:`ACL_MASK`\n"
589 "permissions are overwritten; if it does not contain an \n"
590 ":py:data:`ACL_MASK` Entry, one is added.\n"
592 "The order of existing entries in the ACL is undefined after this \n"
596 /* Updates the mask entry in the ACL */
597 static PyObject* ACL_calc_mask(PyObject *obj, PyObject *args) {
598 ACL_Object *self = (ACL_Object*)obj;
600 if(acl_calc_mask(&self->acl) == -1)
601 return PyErr_SetFromErrno(PyExc_IOError);
606 static char __ACL_append_doc__[] =
608 "Append a new Entry to the ACL and return it.\n"
610 "This is a convenience function to create a new Entry \n"
611 "and append it to the ACL.\n"
612 "If a parameter of type Entry instance is given, the \n"
613 "entry will be a copy of that one (as if copied with \n"
614 ":py:func:`Entry.copy`), otherwise, the new entry will be empty.\n"
616 ":rtype: :py:class:`Entry`\n"
617 ":returns: the newly created entry\n"
620 /* Convenience method to create a new Entry */
621 static PyObject* ACL_append(PyObject *obj, PyObject *args) {
622 ACL_Object* self = (ACL_Object*) obj;
623 Entry_Object* newentry;
624 Entry_Object* oldentry = NULL;
627 newentry = (Entry_Object*)PyType_GenericNew(&Entry_Type, NULL, NULL);
628 if(newentry == NULL) {
632 if (!PyArg_ParseTuple(args, "|O!", &Entry_Type, &oldentry)) {
637 nret = acl_create_entry(&self->acl, &newentry->entry);
640 return PyErr_SetFromErrno(PyExc_IOError);
643 if(oldentry != NULL) {
644 nret = acl_copy_entry(newentry->entry, oldentry->entry);
647 return PyErr_SetFromErrno(PyExc_IOError);
651 newentry->parent_acl = obj;
654 return (PyObject*)newentry;
657 /***** Entry type *****/
667 /* Pre-declaring the function is more friendly to cpychecker, sigh. */
668 static int get_tag_qualifier(acl_entry_t entry, tag_qual *tq)
669 CPYCHECKER_NEGATIVE_RESULT_SETS_EXCEPTION;
671 /* Helper function to get the tag and qualifier of an Entry at the
672 same time. This is "needed" because the acl_get_qualifier function
673 returns a pointer to different types, based on the tag value, and
674 thus it's not straightforward to get the right type.
676 It sets a Python exception if an error occurs, and returns -1 in
677 this case. If successful, the tag is set to the tag type, the
678 qualifier (if any) to either the uid or the gid entry in the
679 tag_qual structure, and the return value is 0.
681 static int get_tag_qualifier(acl_entry_t entry, tag_qual *tq) {
684 if(acl_get_tag_type(entry, &tq->tag) == -1) {
685 PyErr_SetFromErrno(PyExc_IOError);
688 if (tq->tag == ACL_USER || tq->tag == ACL_GROUP) {
689 if((p = acl_get_qualifier(entry)) == NULL) {
690 PyErr_SetFromErrno(PyExc_IOError);
693 if (tq->tag == ACL_USER) {
694 tq->uid = *(uid_t*)p;
696 tq->gid = *(gid_t*)p;
703 #define ENTRY_SET_CHECK(self, attr, value) \
704 if (value == NULL) { \
705 PyErr_SetString(PyExc_TypeError, \
706 attr " deletion is not supported"); \
710 /* Creation of a new Entry instance */
711 static PyObject* Entry_new(PyTypeObject* type, PyObject* args,
715 ACL_Object* parent = NULL;
717 if (!PyArg_ParseTuple(args, "O!", &ACL_Type, &parent))
720 newentry = PyType_GenericNew(type, args, keywds);
722 if(newentry == NULL) {
726 entry = (Entry_Object*)newentry;
728 if(acl_create_entry(&parent->acl, &entry->entry) == -1) {
729 PyErr_SetFromErrno(PyExc_IOError);
734 entry->parent_acl = (PyObject*)parent;
738 /* Initialization of a new Entry instance */
739 static int Entry_init(PyObject* obj, PyObject* args, PyObject *keywds) {
740 Entry_Object* self = (Entry_Object*) obj;
741 ACL_Object* parent = NULL;
743 if (!PyArg_ParseTuple(args, "O!", &ACL_Type, &parent))
746 if ((PyObject*)parent != self->parent_acl) {
747 PyErr_SetString(PyExc_ValueError,
748 "Can't reinitialize with a different parent");
754 /* Free the Entry instance */
755 static void Entry_dealloc(PyObject* obj) {
756 Entry_Object *self = (Entry_Object*) obj;
757 PyObject *err_type, *err_value, *err_traceback;
758 int have_error = PyErr_Occurred() ? 1 : 0;
761 PyErr_Fetch(&err_type, &err_value, &err_traceback);
762 if(self->parent_acl != NULL) {
763 Py_DECREF(self->parent_acl);
764 self->parent_acl = NULL;
767 PyErr_Restore(err_type, err_value, err_traceback);
771 /* Converts the entry to a text format */
772 static PyObject* Entry_str(PyObject *obj) {
773 PyObject *format, *kind;
774 Entry_Object *self = (Entry_Object*) obj;
777 if(get_tag_qualifier(self->entry, &tq) < 0) {
781 format = PyUnicode_FromString("ACL entry for ");
785 case ACL_UNDEFINED_TAG:
786 kind = PyUnicode_FromString("undefined type");
789 kind = PyUnicode_FromString("the owner");
792 kind = PyUnicode_FromString("the group");
795 kind = PyUnicode_FromString("the others");
798 /* FIXME: here and in the group case, we're formatting with
799 unsigned, because there's no way to automatically determine
800 the signed-ness of the types; on Linux(glibc) they're
801 unsigned, so we'll go along with that */
802 kind = PyUnicode_FromFormat("user with uid %u", tq.uid);
805 kind = PyUnicode_FromFormat("group with gid %u", tq.gid);
808 kind = PyUnicode_FromString("the mask");
811 kind = PyUnicode_FromString("UNKNOWN_TAG_TYPE!");
818 PyObject *ret = PyUnicode_Concat(format, kind);
824 /* Sets the tag type of the entry */
825 static int Entry_set_tag_type(PyObject* obj, PyObject* value, void* arg) {
826 Entry_Object *self = (Entry_Object*) obj;
828 ENTRY_SET_CHECK(self, "tag type", value);
830 if(!PyLong_Check(value)) {
831 PyErr_SetString(PyExc_TypeError,
832 "tag type must be integer");
835 if(acl_set_tag_type(self->entry, (acl_tag_t)PyLong_AsLong(value)) == -1) {
836 PyErr_SetFromErrno(PyExc_IOError);
843 /* Returns the tag type of the entry */
844 static PyObject* Entry_get_tag_type(PyObject *obj, void* arg) {
845 Entry_Object *self = (Entry_Object*) obj;
848 if(acl_get_tag_type(self->entry, &value) == -1) {
849 PyErr_SetFromErrno(PyExc_IOError);
853 return PyLong_FromLong(value);
856 /* Sets the qualifier (either uid_t or gid_t) for the entry,
857 * usable only if the tag type if ACL_USER or ACL_GROUP
859 static int Entry_set_qualifier(PyObject* obj, PyObject* value, void* arg) {
860 Entry_Object *self = (Entry_Object*) obj;
867 ENTRY_SET_CHECK(self, "qualifier", value);
869 if(!PyLong_Check(value)) {
870 PyErr_SetString(PyExc_TypeError,
871 "qualifier must be integer");
874 if((uidgid = PyLong_AsLong(value)) == -1) {
875 if(PyErr_Occurred() != NULL) {
879 /* Due to how acl_set_qualifier takes its argument, we have to do
880 this ugly dance with two variables and a pointer that will
881 point to one of them. */
882 if(acl_get_tag_type(self->entry, &tag) == -1) {
883 PyErr_SetFromErrno(PyExc_IOError);
890 if((long)uid != uidgid) {
891 PyErr_SetString(PyExc_OverflowError, "Can't assign given qualifier");
898 if((long)gid != uidgid) {
899 PyErr_SetString(PyExc_OverflowError, "Can't assign given qualifier");
906 PyErr_SetString(PyExc_TypeError,
907 "Can only set qualifiers on ACL_USER or ACL_GROUP entries");
910 if(acl_set_qualifier(self->entry, p) == -1) {
911 PyErr_SetFromErrno(PyExc_IOError);
918 /* Returns the qualifier of the entry */
919 static PyObject* Entry_get_qualifier(PyObject *obj, void* arg) {
920 Entry_Object *self = (Entry_Object*) obj;
924 if (self->entry == NULL) {
925 PyErr_SetString(PyExc_ValueError, "Can't get qualifier on uninitalized Entry object");
928 if(get_tag_qualifier(self->entry, &tq) < 0) {
931 if (tq.tag == ACL_USER) {
933 } else if (tq.tag == ACL_GROUP) {
936 PyErr_SetString(PyExc_TypeError,
937 "Given entry doesn't have an user or"
941 return PyLong_FromLong(value);
944 /* Returns the parent ACL of the entry */
945 static PyObject* Entry_get_parent(PyObject *obj, void* arg) {
946 Entry_Object *self = (Entry_Object*) obj;
948 Py_INCREF(self->parent_acl);
949 return self->parent_acl;
952 /* Returns the a new Permset representing the permset of the entry
953 * FIXME: Should return a new reference to the same object, which
954 * should be created at init time!
956 static PyObject* Entry_get_permset(PyObject *obj, void* arg) {
959 PyObject *perm_arglist = Py_BuildValue("(O)", obj);
960 if (perm_arglist == NULL) {
963 p = PyObject_CallObject((PyObject*)&Permset_Type, perm_arglist);
964 Py_DECREF(perm_arglist);
968 /* Sets the permset of the entry to the passed Permset */
969 static int Entry_set_permset(PyObject* obj, PyObject* value, void* arg) {
970 Entry_Object *self = (Entry_Object*)obj;
973 ENTRY_SET_CHECK(self, "permset", value);
975 if(!PyObject_IsInstance(value, (PyObject*)&Permset_Type)) {
976 PyErr_SetString(PyExc_TypeError, "argument 1 must be posix1e.Permset");
979 p = (Permset_Object*)value;
980 if(acl_set_permset(self->entry, p->permset) == -1) {
981 PyErr_SetFromErrno(PyExc_IOError);
987 static char __Entry_copy_doc__[] =
989 "Copies an ACL entry.\n"
991 "This method sets all the parameters to those of another\n"
992 "entry (either of the same ACL or belonging to another ACL).\n"
994 ":param Entry src: instance of type Entry\n"
997 /* Sets all the entry parameters to another entry */
998 static PyObject* Entry_copy(PyObject *obj, PyObject *args) {
999 Entry_Object *self = (Entry_Object*)obj;
1000 Entry_Object *other;
1002 if(!PyArg_ParseTuple(args, "O!", &Entry_Type, &other))
1005 if(acl_copy_entry(self->entry, other->entry) == -1)
1006 return PyErr_SetFromErrno(PyExc_IOError);
1011 /**** Permset type *****/
1013 /* Creation of a new Permset instance */
1014 static PyObject* Permset_new(PyTypeObject* type, PyObject* args,
1016 PyObject* newpermset;
1017 Permset_Object* permset;
1018 Entry_Object* parent = NULL;
1020 if (!PyArg_ParseTuple(args, "O!", &Entry_Type, &parent)) {
1024 newpermset = PyType_GenericNew(type, args, keywds);
1026 if(newpermset == NULL) {
1030 permset = (Permset_Object*)newpermset;
1032 if(acl_get_permset(parent->entry, &permset->permset) == -1) {
1033 PyErr_SetFromErrno(PyExc_IOError);
1034 Py_DECREF(newpermset);
1038 permset->parent_entry = (PyObject*)parent;
1044 /* Initialization of a new Permset instance */
1045 static int Permset_init(PyObject* obj, PyObject* args, PyObject *keywds) {
1046 Permset_Object* self = (Permset_Object*) obj;
1047 Entry_Object* parent = NULL;
1049 if (!PyArg_ParseTuple(args, "O!", &Entry_Type, &parent))
1052 if ((PyObject*)parent != self->parent_entry) {
1053 PyErr_SetString(PyExc_ValueError,
1054 "Can't reinitialize with a different parent");
1061 /* Free the Permset instance */
1062 static void Permset_dealloc(PyObject* obj) {
1063 Permset_Object *self = (Permset_Object*) obj;
1064 PyObject *err_type, *err_value, *err_traceback;
1065 int have_error = PyErr_Occurred() ? 1 : 0;
1068 PyErr_Fetch(&err_type, &err_value, &err_traceback);
1069 if(self->parent_entry != NULL) {
1070 Py_DECREF(self->parent_entry);
1071 self->parent_entry = NULL;
1074 PyErr_Restore(err_type, err_value, err_traceback);
1078 /* Permset string representation */
1079 static PyObject* Permset_str(PyObject *obj) {
1080 Permset_Object *self = (Permset_Object*) obj;
1083 pstr[0] = get_perm(self->permset, ACL_READ) ? 'r' : '-';
1084 pstr[1] = get_perm(self->permset, ACL_WRITE) ? 'w' : '-';
1085 pstr[2] = get_perm(self->permset, ACL_EXECUTE) ? 'x' : '-';
1086 return PyUnicode_FromStringAndSize(pstr, 3);
1089 static char __Permset_clear_doc__[] =
1090 "Clears all permissions from the permission set.\n"
1093 /* Clears all permissions from the permset */
1094 static PyObject* Permset_clear(PyObject* obj, PyObject* args) {
1095 Permset_Object *self = (Permset_Object*) obj;
1097 if(acl_clear_perms(self->permset) == -1)
1098 return PyErr_SetFromErrno(PyExc_IOError);
1103 static PyObject* Permset_get_right(PyObject *obj, void* arg) {
1104 Permset_Object *self = (Permset_Object*) obj;
1106 if(get_perm(self->permset, *(acl_perm_t*)arg)) {
1113 static int Permset_set_right(PyObject* obj, PyObject* value, void* arg) {
1114 Permset_Object *self = (Permset_Object*) obj;
1118 if(!PyLong_Check(value)) {
1119 PyErr_SetString(PyExc_ValueError, "invalid argument, an integer"
1123 on = PyLong_AsLong(value);
1125 nerr = acl_add_perm(self->permset, *(acl_perm_t*)arg);
1127 nerr = acl_delete_perm(self->permset, *(acl_perm_t*)arg);
1129 PyErr_SetFromErrno(PyExc_IOError);
1135 static char __Permset_add_doc__[] =
1137 "Add a permission to the permission set.\n"
1139 "This function adds the permission contained in \n"
1140 "the argument perm to the permission set. An attempt \n"
1141 "to add a permission that is already contained in the \n"
1142 "permission set is not considered an error.\n"
1144 ":param perm: a permission (:py:data:`ACL_WRITE`, :py:data:`ACL_READ`,\n"
1145 " :py:data:`ACL_EXECUTE`, ...)\n"
1146 ":raises IOError: in case the argument is not a valid descriptor\n"
1149 static PyObject* Permset_add(PyObject* obj, PyObject* args) {
1150 Permset_Object *self = (Permset_Object*) obj;
1153 if (!PyArg_ParseTuple(args, "i", &right))
1156 if(acl_add_perm(self->permset, (acl_perm_t) right) == -1)
1157 return PyErr_SetFromErrno(PyExc_IOError);
1162 static char __Permset_delete_doc__[] =
1164 "Delete a permission from the permission set.\n"
1166 "This function deletes the permission contained in \n"
1167 "the argument perm from the permission set. An attempt \n"
1168 "to delete a permission that is not contained in the \n"
1169 "permission set is not considered an error.\n"
1171 ":param perm: a permission (:py:data:`ACL_WRITE`, :py:data:`ACL_READ`,\n"
1172 " :py:data:`ACL_EXECUTE`, ...)\n"
1173 ":raises IOError: in case the argument is not a valid descriptor\n"
1176 static PyObject* Permset_delete(PyObject* obj, PyObject* args) {
1177 Permset_Object *self = (Permset_Object*) obj;
1180 if (!PyArg_ParseTuple(args, "i", &right))
1183 if(acl_delete_perm(self->permset, (acl_perm_t) right) == -1)
1184 return PyErr_SetFromErrno(PyExc_IOError);
1189 static char __Permset_test_doc__[] =
1191 "Test if a permission exists in the permission set.\n"
1193 "The test() function tests if the permission represented by\n"
1194 "the argument perm exists in the permission set.\n"
1196 ":param perm: a permission (:py:data:`ACL_WRITE`, :py:data:`ACL_READ`,\n"
1197 " :py:data:`ACL_EXECUTE`, ...)\n"
1199 ":raises IOError: in case the argument is not a valid descriptor\n"
1202 static PyObject* Permset_test(PyObject* obj, PyObject* args) {
1203 Permset_Object *self = (Permset_Object*) obj;
1207 if (!PyArg_ParseTuple(args, "i", &right))
1210 ret = get_perm(self->permset, (acl_perm_t) right);
1212 return PyErr_SetFromErrno(PyExc_IOError);
1223 static char __ACL_Type_doc__[] =
1224 "Type which represents a POSIX ACL\n"
1226 ".. note:: only one keyword parameter should be provided\n"
1228 ":param string file: creates an ACL representing\n"
1229 " the access ACL of the specified file.\n"
1230 ":param string filedef: creates an ACL representing\n"
1231 " the default ACL of the given directory.\n"
1232 ":param int fd: creates an ACL representing\n"
1233 " the access ACL of the given file descriptor.\n"
1234 ":param string text: creates an ACL from a \n"
1235 " textual description; note the ACL must be valid, which\n"
1236 " means including a mask for extended ACLs, similar to\n"
1237 " ``setfacl --no-mask``\n"
1238 ":param ACL acl: creates a copy of an existing ACL instance.\n"
1239 ":param int mode: creates an ACL from a numeric mode\n"
1240 " (e.g. ``mode=0644``); this is valid only when the C library\n"
1241 " provides the ``acl_from_mode call``, and\n"
1242 " note that no validation is done on the given value.\n"
1244 "If no parameters are passed, an empty ACL will be created; this\n"
1245 "makes sense only when your OS supports ACL modification\n"
1246 "(i.e. it implements full POSIX.1e support), otherwise the ACL won't\n"
1250 /* ACL type methods */
1251 static PyMethodDef ACL_methods[] = {
1252 {"applyto", ACL_applyto, METH_VARARGS, __applyto_doc__},
1253 {"valid", ACL_valid, METH_NOARGS, __valid_doc__},
1255 {"to_any_text", (PyCFunction)ACL_to_any_text, METH_VARARGS | METH_KEYWORDS,
1256 __to_any_text_doc__},
1257 {"check", ACL_check, METH_NOARGS, __check_doc__},
1258 {"equiv_mode", ACL_equiv_mode, METH_NOARGS, __equiv_mode_doc__},
1260 #ifdef HAVE_ACL_COPY_EXT
1261 {"__getstate__", ACL_get_state, METH_NOARGS,
1262 "Dumps the ACL to an external format."},
1263 {"__setstate__", ACL_set_state, METH_VARARGS,
1264 "Loads the ACL from an external format."},
1267 {"delete_entry", ACL_delete_entry, METH_VARARGS, __ACL_delete_entry_doc__},
1268 {"calc_mask", ACL_calc_mask, METH_NOARGS, __ACL_calc_mask_doc__},
1269 {"append", ACL_append, METH_VARARGS, __ACL_append_doc__},
1271 {NULL, NULL, 0, NULL}
1275 /* The definition of the ACL Type */
1276 static PyTypeObject ACL_Type = {
1277 PyVarObject_HEAD_INIT(NULL, 0)
1281 ACL_dealloc, /* tp_dealloc */
1285 0, /* formerly tp_compare, in 3.0 deprecated, in
1288 0, /* tp_as_number */
1289 0, /* tp_as_sequence */
1290 0, /* tp_as_mapping */
1293 ACL_str, /* tp_str */
1294 0, /* tp_getattro */
1295 0, /* tp_setattro */
1296 0, /* tp_as_buffer */
1297 Py_TPFLAGS_DEFAULT, /* tp_flags */
1298 __ACL_Type_doc__, /* tp_doc */
1299 0, /* tp_traverse */
1302 ACL_richcompare, /* tp_richcompare */
1304 0, /* tp_richcompare */
1306 0, /* tp_weaklistoffset */
1312 0, /* tp_iternext */
1314 ACL_methods, /* tp_methods */
1319 0, /* tp_descr_get */
1320 0, /* tp_descr_set */
1321 0, /* tp_dictoffset */
1322 ACL_init, /* tp_init */
1324 ACL_new, /* tp_new */
1329 /* Entry type methods */
1330 static PyMethodDef Entry_methods[] = {
1331 {"copy", Entry_copy, METH_VARARGS, __Entry_copy_doc__},
1332 {NULL, NULL, 0, NULL}
1335 static char __Entry_tagtype_doc__[] =
1336 "The tag type of the current entry\n"
1339 " - :py:data:`ACL_UNDEFINED_TAG`\n"
1340 " - :py:data:`ACL_USER_OBJ`\n"
1341 " - :py:data:`ACL_USER`\n"
1342 " - :py:data:`ACL_GROUP_OBJ`\n"
1343 " - :py:data:`ACL_GROUP`\n"
1344 " - :py:data:`ACL_MASK`\n"
1345 " - :py:data:`ACL_OTHER`\n"
1348 static char __Entry_qualifier_doc__[] =
1349 "The qualifier of the current entry\n"
1351 "If the tag type is :py:data:`ACL_USER`, this should be a user id.\n"
1352 "If the tag type if :py:data:`ACL_GROUP`, this should be a group id.\n"
1353 "Else it doesn't matter.\n"
1356 static char __Entry_parent_doc__[] =
1357 "The parent ACL of this entry\n"
1360 static char __Entry_permset_doc__[] =
1361 "The permission set of this ACL entry\n"
1365 static PyGetSetDef Entry_getsets[] = {
1366 {"tag_type", Entry_get_tag_type, Entry_set_tag_type,
1367 __Entry_tagtype_doc__},
1368 {"qualifier", Entry_get_qualifier, Entry_set_qualifier,
1369 __Entry_qualifier_doc__},
1370 {"parent", Entry_get_parent, NULL, __Entry_parent_doc__},
1371 {"permset", Entry_get_permset, Entry_set_permset, __Entry_permset_doc__},
1375 static char __Entry_Type_doc__[] =
1376 "Type which represents an entry in an ACL.\n"
1378 "The type exists only if the OS has full support for POSIX.1e\n"
1379 "Can be created either by:\n"
1381 " >>> e = posix1e.Entry(myACL) # this creates a new entry in the ACL\n"
1382 " >>> e = myACL.append() # another way for doing the same thing\n"
1386 " >>> for entry in myACL:\n"
1387 " ... print entry\n"
1389 "Note that the Entry keeps a reference to its ACL, so even if \n"
1390 "you delete the ACL, it won't be cleaned up and will continue to \n"
1391 "exist until its Entry(ies) will be deleted.\n"
1393 /* The definition of the Entry Type */
1394 static PyTypeObject Entry_Type = {
1395 PyVarObject_HEAD_INIT(NULL, 0)
1397 sizeof(Entry_Object),
1399 Entry_dealloc, /* tp_dealloc */
1405 0, /* tp_as_number */
1406 0, /* tp_as_sequence */
1407 0, /* tp_as_mapping */
1410 Entry_str, /* tp_str */
1411 0, /* tp_getattro */
1412 0, /* tp_setattro */
1413 0, /* tp_as_buffer */
1414 Py_TPFLAGS_DEFAULT, /* tp_flags */
1415 __Entry_Type_doc__, /* tp_doc */
1416 0, /* tp_traverse */
1418 0, /* tp_richcompare */
1419 0, /* tp_weaklistoffset */
1421 0, /* tp_iternext */
1422 Entry_methods, /* tp_methods */
1424 Entry_getsets, /* tp_getset */
1427 0, /* tp_descr_get */
1428 0, /* tp_descr_set */
1429 0, /* tp_dictoffset */
1430 Entry_init, /* tp_init */
1432 Entry_new, /* tp_new */
1435 /* Permset type methods */
1436 static PyMethodDef Permset_methods[] = {
1437 {"clear", Permset_clear, METH_NOARGS, __Permset_clear_doc__, },
1438 {"add", Permset_add, METH_VARARGS, __Permset_add_doc__, },
1439 {"delete", Permset_delete, METH_VARARGS, __Permset_delete_doc__, },
1440 {"test", Permset_test, METH_VARARGS, __Permset_test_doc__, },
1441 {NULL, NULL, 0, NULL}
1444 static char __Permset_execute_doc__[] =
1445 "Execute permission property\n"
1447 "This is a convenience method of retrieving and setting the execute\n"
1448 "permission in the permission set; the \n"
1449 "same effect can be achieved using the functions\n"
1450 "add(), test(), delete(), and those can take any \n"
1451 "permission defined by your platform.\n"
1454 static char __Permset_read_doc__[] =
1455 "Read permission property\n"
1457 "This is a convenience method of retrieving and setting the read\n"
1458 "permission in the permission set; the \n"
1459 "same effect can be achieved using the functions\n"
1460 "add(), test(), delete(), and those can take any \n"
1461 "permission defined by your platform.\n"
1464 static char __Permset_write_doc__[] =
1465 "Write permission property\n"
1467 "This is a convenience method of retrieving and setting the write\n"
1468 "permission in the permission set; the \n"
1469 "same effect can be achieved using the functions\n"
1470 "add(), test(), delete(), and those can take any \n"
1471 "permission defined by your platform.\n"
1474 /* Permset getset */
1475 static PyGetSetDef Permset_getsets[] = {
1476 {"execute", Permset_get_right, Permset_set_right,
1477 __Permset_execute_doc__, &holder_ACL_EXECUTE},
1478 {"read", Permset_get_right, Permset_set_right,
1479 __Permset_read_doc__, &holder_ACL_READ},
1480 {"write", Permset_get_right, Permset_set_right,
1481 __Permset_write_doc__, &holder_ACL_WRITE},
1485 static char __Permset_Type_doc__[] =
1486 "Type which represents the permission set in an ACL entry\n"
1488 "The type exists only if the OS has full support for POSIX.1e\n"
1489 "Can be retrieved either by:\n\n"
1490 ">>> perms = myEntry.permset\n"
1493 ">>> perms = posix1e.Permset(myEntry)\n"
1495 "Note that the Permset keeps a reference to its Entry, so even if \n"
1496 "you delete the entry, it won't be cleaned up and will continue to \n"
1497 "exist until its Permset will be deleted.\n"
1500 /* The definition of the Permset Type */
1501 static PyTypeObject Permset_Type = {
1502 PyVarObject_HEAD_INIT(NULL, 0)
1504 sizeof(Permset_Object),
1506 Permset_dealloc, /* tp_dealloc */
1512 0, /* tp_as_number */
1513 0, /* tp_as_sequence */
1514 0, /* tp_as_mapping */
1517 Permset_str, /* tp_str */
1518 0, /* tp_getattro */
1519 0, /* tp_setattro */
1520 0, /* tp_as_buffer */
1521 Py_TPFLAGS_DEFAULT, /* tp_flags */
1522 __Permset_Type_doc__,/* tp_doc */
1523 0, /* tp_traverse */
1525 0, /* tp_richcompare */
1526 0, /* tp_weaklistoffset */
1528 0, /* tp_iternext */
1529 Permset_methods, /* tp_methods */
1531 Permset_getsets, /* tp_getset */
1534 0, /* tp_descr_get */
1535 0, /* tp_descr_set */
1536 0, /* tp_dictoffset */
1537 Permset_init, /* tp_init */
1539 Permset_new, /* tp_new */
1544 /* Module methods */
1546 static char __deletedef_doc__[] =
1547 "delete_default(path)\n"
1548 "Delete the default ACL from a directory.\n"
1550 "This function deletes the default ACL associated with\n"
1551 "a directory (the ACL which will be ANDed with the mode\n"
1552 "parameter to the open, creat functions).\n"
1554 ":param string path: the directory whose default ACL should be deleted\n"
1557 /* Deletes the default ACL from a directory */
1558 static PyObject* aclmodule_delete_default(PyObject* obj, PyObject* args) {
1561 /* Parse the arguments */
1562 if (!PyArg_ParseTuple(args, "et", NULL, &filename))
1565 if(acl_delete_def_file(filename) == -1) {
1566 return PyErr_SetFromErrnoWithFilename(PyExc_IOError, filename);
1573 static char __has_extended_doc__[] =
1574 "has_extended(item)\n"
1575 "Check if a file or file handle has an extended ACL.\n"
1577 ":param item: either a file name or a file-like object or an integer;\n"
1578 " it represents the file-system object on which to act\n"
1581 /* Check for extended ACL a file or fd */
1582 static PyObject* aclmodule_has_extended(PyObject* obj, PyObject* args) {
1583 PyObject *item, *tmp;
1587 if (!PyArg_ParseTuple(args, "O", &item))
1590 if((fd = PyObject_AsFileDescriptor(item)) != -1) {
1591 if((nret = acl_extended_fd(fd)) == -1) {
1592 PyErr_SetFromErrno(PyExc_IOError);
1595 // PyObject_AsFileDescriptor sets an error when failing, so clear
1596 // it such that further code works; some method lookups fail if an
1597 // error already occured when called, which breaks at least
1598 // PyOS_FSPath (called by FSConverter).
1600 if(PyUnicode_FSConverter(item, &tmp)) {
1601 char *filename = PyBytes_AS_STRING(tmp);
1602 if ((nret = acl_extended_file(filename)) == -1) {
1603 PyErr_SetFromErrnoWithFilename(PyExc_IOError, filename);
1614 return PyBool_FromLong(nret);
1619 /* The module methods */
1620 static PyMethodDef aclmodule_methods[] = {
1621 {"delete_default", aclmodule_delete_default, METH_VARARGS,
1624 {"has_extended", aclmodule_has_extended, METH_VARARGS,
1625 __has_extended_doc__},
1627 {NULL, NULL, 0, NULL}
1630 static char __posix1e_doc__[] =
1631 "POSIX.1e ACLs manipulation\n"
1632 "==========================\n"
1634 "This module provides support for manipulating POSIX.1e ACLS\n"
1636 "Depending on the operating system support for POSIX.1e, \n"
1637 "the ACL type will have more or less capabilities:\n\n"
1638 " - level 1, only basic support, you can create\n"
1639 " ACLs from files and text descriptions;\n"
1640 " once created, the type is immutable\n"
1641 " - level 2, complete support, you can alter\n"
1642 " the ACL once it is created\n"
1644 "Also, in level 2, more types are available, corresponding\n"
1645 "to acl_entry_t (the Entry type), acl_permset_t (the Permset type).\n"
1647 "The existence of level 2 support and other extensions can be\n"
1648 "checked by the constants:\n\n"
1649 " - :py:data:`HAS_ACL_ENTRY` for level 2 and the Entry/Permset classes\n"
1650 " - :py:data:`HAS_ACL_FROM_MODE` for ``ACL(mode=...)`` usage\n"
1651 " - :py:data:`HAS_ACL_CHECK` for the :py:func:`ACL.check` function\n"
1652 " - :py:data:`HAS_EXTENDED_CHECK` for the module-level\n"
1653 " :py:func:`has_extended` function\n"
1654 " - :py:data:`HAS_EQUIV_MODE` for the :py:func:`ACL.equiv_mode` method\n"
1655 " - :py:data:`HAS_COPY_EXT` for the :py:func:`ACL.__getstate__` and\n"
1656 " :py:func:`ACL.__setstate__` functions (pickle protocol)\n"
1660 ">>> import posix1e\n"
1661 ">>> acl1 = posix1e.ACL(file=\"file.txt\") \n"
1667 ">>> b = posix1e.ACL(text=\"u::rx,g::-,o::-\")\n"
1673 ">>> b.applyto(\"file.txt\")\n"
1674 ">>> print posix1e.ACL(file=\"file.txt\")\n"
1680 ".. py:data:: ACL_USER\n\n"
1681 " Denotes a specific user entry in an ACL.\n"
1683 ".. py:data:: ACL_USER_OBJ\n\n"
1684 " Denotes the user owner entry in an ACL.\n"
1686 ".. py:data:: ACL_GROUP\n\n"
1687 " Denotes the a group entry in an ACL.\n"
1689 ".. py:data:: ACL_GROUP_OBJ\n\n"
1690 " Denotes the group owner entry in an ACL.\n"
1692 ".. py:data:: ACL_OTHER\n\n"
1693 " Denotes the 'others' entry in an ACL.\n"
1695 ".. py:data:: ACL_MASK\n\n"
1696 " Denotes the mask entry in an ACL, representing the maximum\n"
1697 " access granted other users, the owner group and other groups.\n"
1699 ".. py:data:: ACL_UNDEFINED_TAG\n\n"
1700 " An undefined tag in an ACL.\n"
1702 ".. py:data:: ACL_READ\n\n"
1703 " Read permission in a permission set.\n"
1705 ".. py:data:: ACL_WRITE\n\n"
1706 " Write permission in a permission set.\n"
1708 ".. py:data:: ACL_EXECUTE\n\n"
1709 " Execute permission in a permission set.\n"
1711 ".. py:data:: HAS_ACL_ENTRY\n\n"
1712 " denotes support for level 2 and the Entry/Permset classes\n"
1714 ".. py:data:: HAS_ACL_FROM_MODE\n\n"
1715 " denotes support for building an ACL from an octal mode\n"
1717 ".. py:data:: HAS_ACL_CHECK\n\n"
1718 " denotes support for extended checks of an ACL's validity\n"
1720 ".. py:data:: HAS_EXTENDED_CHECK\n\n"
1721 " denotes support for checking whether an ACL is basic or extended\n"
1723 ".. py:data:: HAS_EQUIV_MODE\n\n"
1724 " denotes support for the equiv_mode function\n"
1726 ".. py:data:: HAS_COPY_EXT\n\n"
1727 " denotes support for __getstate__()/__setstate__() on an ACL\n"
1731 static struct PyModuleDef posix1emodule = {
1732 PyModuleDef_HEAD_INIT,
1740 PyInit_posix1e(void)
1744 Py_TYPE(&ACL_Type) = &PyType_Type;
1745 if(PyType_Ready(&ACL_Type) < 0)
1749 Py_TYPE(&Entry_Type) = &PyType_Type;
1750 if(PyType_Ready(&Entry_Type) < 0)
1753 Py_TYPE(&Permset_Type) = &PyType_Type;
1754 if(PyType_Ready(&Permset_Type) < 0)
1758 m = PyModule_Create(&posix1emodule);
1762 d = PyModule_GetDict(m);
1766 Py_INCREF(&ACL_Type);
1767 if (PyDict_SetItemString(d, "ACL",
1768 (PyObject *) &ACL_Type) < 0)
1771 /* 23.3.6 acl_type_t values */
1772 PyModule_AddIntConstant(m, "ACL_TYPE_ACCESS", ACL_TYPE_ACCESS);
1773 PyModule_AddIntConstant(m, "ACL_TYPE_DEFAULT", ACL_TYPE_DEFAULT);
1777 Py_INCREF(&Entry_Type);
1778 if (PyDict_SetItemString(d, "Entry",
1779 (PyObject *) &Entry_Type) < 0)
1782 Py_INCREF(&Permset_Type);
1783 if (PyDict_SetItemString(d, "Permset",
1784 (PyObject *) &Permset_Type) < 0)
1787 /* 23.2.2 acl_perm_t values */
1788 PyModule_AddIntConstant(m, "ACL_READ", ACL_READ);
1789 PyModule_AddIntConstant(m, "ACL_WRITE", ACL_WRITE);
1790 PyModule_AddIntConstant(m, "ACL_EXECUTE", ACL_EXECUTE);
1792 /* 23.2.5 acl_tag_t values */
1793 PyModule_AddIntConstant(m, "ACL_UNDEFINED_TAG", ACL_UNDEFINED_TAG);
1794 PyModule_AddIntConstant(m, "ACL_USER_OBJ", ACL_USER_OBJ);
1795 PyModule_AddIntConstant(m, "ACL_USER", ACL_USER);
1796 PyModule_AddIntConstant(m, "ACL_GROUP_OBJ", ACL_GROUP_OBJ);
1797 PyModule_AddIntConstant(m, "ACL_GROUP", ACL_GROUP);
1798 PyModule_AddIntConstant(m, "ACL_MASK", ACL_MASK);
1799 PyModule_AddIntConstant(m, "ACL_OTHER", ACL_OTHER);
1801 /* Document extended functionality via easy-to-use constants */
1802 PyModule_AddIntConstant(m, "HAS_ACL_ENTRY", 1);
1804 PyModule_AddIntConstant(m, "HAS_ACL_ENTRY", 0);
1808 /* Linux libacl specific acl_to_any_text constants */
1809 PyModule_AddIntConstant(m, "TEXT_ABBREVIATE", TEXT_ABBREVIATE);
1810 PyModule_AddIntConstant(m, "TEXT_NUMERIC_IDS", TEXT_NUMERIC_IDS);
1811 PyModule_AddIntConstant(m, "TEXT_SOME_EFFECTIVE", TEXT_SOME_EFFECTIVE);
1812 PyModule_AddIntConstant(m, "TEXT_ALL_EFFECTIVE", TEXT_ALL_EFFECTIVE);
1813 PyModule_AddIntConstant(m, "TEXT_SMART_INDENT", TEXT_SMART_INDENT);
1815 /* Linux libacl specific acl_check constants */
1816 PyModule_AddIntConstant(m, "ACL_MULTI_ERROR", ACL_MULTI_ERROR);
1817 PyModule_AddIntConstant(m, "ACL_DUPLICATE_ERROR", ACL_DUPLICATE_ERROR);
1818 PyModule_AddIntConstant(m, "ACL_MISS_ERROR", ACL_MISS_ERROR);
1819 PyModule_AddIntConstant(m, "ACL_ENTRY_ERROR", ACL_ENTRY_ERROR);
1821 #define LINUX_EXT_VAL 1
1823 #define LINUX_EXT_VAL 0
1825 /* declare the Linux extensions */
1826 PyModule_AddIntConstant(m, "HAS_ACL_FROM_MODE", LINUX_EXT_VAL);
1827 PyModule_AddIntConstant(m, "HAS_ACL_CHECK", LINUX_EXT_VAL);
1828 PyModule_AddIntConstant(m, "HAS_EXTENDED_CHECK", LINUX_EXT_VAL);
1829 PyModule_AddIntConstant(m, "HAS_EQUIV_MODE", LINUX_EXT_VAL);
1831 PyModule_AddIntConstant(m, "HAS_COPY_EXT",
1832 #ifdef HAVE_ACL_COPY_EXT