2 posix1e - a python module exposing the posix acl functions
4 Copyright (C) 2002-2009, 2012, 2014, 2015 Iustin Pop <iustin@k1024.org>
6 This library is free software; you can redistribute it and/or
7 modify it under the terms of the GNU Lesser General Public
8 License as published by the Free Software Foundation; either
9 version 2.1 of the License, or (at your option) any later version.
11 This library is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 Lesser General Public License for more details.
16 You should have received a copy of the GNU Lesser General Public
17 License along with this library; if not, write to the Free Software
18 Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
23 #define PY_SSIZE_T_CLEAN
26 #include <sys/types.h>
30 #include <acl/libacl.h>
31 #define get_perm acl_get_perm
33 #define get_perm acl_get_perm_np
36 /* Used for cpychecker: */
37 /* The checker automatically defines this preprocessor name when creating
38 the custom attribute: */
39 #if defined(WITH_CPYCHECKER_TYPE_OBJECT_FOR_TYPEDEF_ATTRIBUTE)
40 #define CPYCHECKER_TYPE_OBJECT_FOR_TYPEDEF(typename) \
41 __attribute__((cpychecker_type_object_for_typedef(typename)))
43 /* This handles the case where we're compiling with a "vanilla"
44 compiler that doesn't supply this attribute: */
45 #define CPYCHECKER_TYPE_OBJECT_FOR_TYPEDEF(typename)
48 /* The checker automatically defines this preprocessor name when creating
49 the custom attribute: */
50 #if defined(WITH_CPYCHECKER_NEGATIVE_RESULT_SETS_EXCEPTION_ATTRIBUTE)
51 #define CPYCHECKER_NEGATIVE_RESULT_SETS_EXCEPTION \
52 __attribute__((cpychecker_negative_result_sets_exception))
54 #define CPYCHECKER_NEGATIVE_RESULT_SETS_EXCEPTION
57 static PyTypeObject ACL_Type
58 CPYCHECKER_TYPE_OBJECT_FOR_TYPEDEF("ACL_Object");
59 static PyObject* ACL_applyto(PyObject* obj, PyObject* args);
60 static PyObject* ACL_valid(PyObject* obj, PyObject* args);
62 #ifdef HAVE_ACL_COPY_EXT
63 static PyObject* ACL_get_state(PyObject *obj, PyObject* args);
64 static PyObject* ACL_set_state(PyObject *obj, PyObject* args);
68 static PyTypeObject Entry_Type
69 CPYCHECKER_TYPE_OBJECT_FOR_TYPEDEF("Entry_Object");
70 static PyTypeObject Permset_Type
71 CPYCHECKER_TYPE_OBJECT_FOR_TYPEDEF("Permset_Object");
72 static PyObject* Permset_new(PyTypeObject* type, PyObject* args,
76 static acl_perm_t holder_ACL_EXECUTE = ACL_EXECUTE;
77 static acl_perm_t holder_ACL_READ = ACL_READ;
78 static acl_perm_t holder_ACL_WRITE = ACL_WRITE;
92 PyObject *parent_acl; /* The parent acl, so it won't run out on us */
98 PyObject *parent_entry; /* The parent entry, so it won't run out on us */
99 acl_permset_t permset;
104 /* Creation of a new ACL instance */
105 static PyObject* ACL_new(PyTypeObject* type, PyObject* args,
110 newacl = type->tp_alloc(type, 0);
115 acl = (ACL_Object*) newacl;
117 acl->acl = acl_init(0);
118 if (acl->acl == NULL) {
119 PyErr_SetFromErrno(PyExc_IOError);
124 acl->entry_id = ACL_FIRST_ENTRY;
130 /* Initialization of a new ACL instance */
131 static int ACL_init(PyObject* obj, PyObject* args, PyObject *keywds) {
132 ACL_Object* self = (ACL_Object*) obj;
133 static char *kwlist[] = { "file", "fd", "text", "acl", "filedef",
137 #ifdef HAVE_ACL_COPY_EXT
141 char *format = "|O&OsO!O&"
145 #ifdef HAVE_ACL_COPY_EXT
151 PyObject *file = NULL;
152 PyObject *filedef = NULL;
155 ACL_Object* thesrc = NULL;
156 const void *buf = NULL;
160 if(!PyTuple_Check(args) || PyTuple_Size(args) != 0 ||
161 (keywds != NULL && PyDict_Check(keywds) && PyDict_Size(keywds) > 1)) {
162 PyErr_SetString(PyExc_ValueError, "a max of one keyword argument"
166 if(!PyArg_ParseTupleAndKeywords(args, keywds, format, kwlist,
167 PyUnicode_FSConverter, &file,
168 &fd, &text, &ACL_Type, &thesrc,
169 PyUnicode_FSConverter, &filedef
173 #ifdef HAVE_ACL_COPY_EXT
180 fprintf(stderr, "foobar!\n");
181 char *path = PyBytes_AS_STRING(file);
182 new = acl_get_file(path, ACL_TYPE_ACCESS);
183 // Set custom exception on this failure path which includes
186 PyErr_SetFromErrnoWithFilename(PyExc_IOError, path);
190 } else if(text != NULL)
191 new = acl_from_text(text);
192 else if(fd != NULL) {
194 if ((fdval = PyObject_AsFileDescriptor(fd)) != -1) {
195 new = acl_get_fd(fdval);
197 } else if(thesrc != NULL)
198 new = acl_dup(thesrc->acl);
199 else if(filedef != NULL) {
200 char *path = PyBytes_AS_STRING(filedef);
201 new = acl_get_file(path, ACL_TYPE_DEFAULT);
202 // Set custom exception on this failure path which includes
205 PyErr_SetFromErrnoWithFilename(PyExc_IOError, path);
212 new = acl_from_mode(mode);
214 #ifdef HAVE_ACL_COPY_EXT
215 else if(buf != NULL) {
216 new = acl_copy_int(buf);
224 PyErr_SetFromErrno(PyExc_IOError);
229 /* Free the old acl_t without checking for error, we don't
231 if(self->acl != NULL)
239 /* Standard type functions */
240 static void ACL_dealloc(PyObject* obj) {
241 ACL_Object *self = (ACL_Object*) obj;
242 PyObject *err_type, *err_value, *err_traceback;
243 int have_error = PyErr_Occurred() ? 1 : 0;
246 PyErr_Fetch(&err_type, &err_value, &err_traceback);
247 if(self->acl != NULL && acl_free(self->acl) != 0)
248 PyErr_WriteUnraisable(obj);
250 PyErr_Restore(err_type, err_value, err_traceback);
254 /* Converts the acl to a text format */
255 static PyObject* ACL_str(PyObject *obj) {
257 ACL_Object *self = (ACL_Object*) obj;
260 text = acl_to_text(self->acl, NULL);
262 return PyErr_SetFromErrno(PyExc_IOError);
264 ret = PyUnicode_FromString(text);
265 if(acl_free(text) != 0) {
267 return PyErr_SetFromErrno(PyExc_IOError);
273 static char __to_any_text_doc__[] =
274 "to_any_text([prefix='', separator='n', options=0])\n"
275 "Convert the ACL to a custom text format.\n"
277 "This method encapsulates the ``acl_to_any_text()`` function.\n"
278 "It allows a customized text format to be generated for the ACL. See\n"
279 ":manpage:`acl_to_any_text(3)` for more details.\n"
281 ":param string prefix: if given, this string will be pre-pended to\n"
283 ":param string separator: a single character (defaults to '\\n'); this will"
284 " be used to separate the entries in the ACL\n"
285 ":param options: a bitwise combination of:\n\n"
286 " - :py:data:`TEXT_ABBREVIATE`: use 'u' instead of 'user', 'g' \n"
287 " instead of 'group', etc.\n"
288 " - :py:data:`TEXT_NUMERIC_IDS`: User and group IDs are included as\n"
289 " decimal numbers instead of names\n"
290 " - :py:data:`TEXT_SOME_EFFECTIVE`: Include comments denoting the\n"
291 " effective permissions when some are masked\n"
292 " - :py:data:`TEXT_ALL_EFFECTIVE`: Include comments after all ACL\n"
293 " entries affected by an ACL_MASK entry\n"
294 " - :py:data:`TEXT_SMART_INDENT`: Used in combination with the\n"
295 " _EFFECTIVE options, this will ensure that comments are aligned\n"
296 " to the fourth tab position (assuming one tab equals eight spaces)\n"
300 /* Converts the acl to a custom text format */
301 static PyObject* ACL_to_any_text(PyObject *obj, PyObject *args,
304 ACL_Object *self = (ACL_Object*) obj;
306 const char *arg_prefix = NULL;
307 char arg_separator = '\n';
309 static char *kwlist[] = {"prefix", "separator", "options", NULL};
311 if (!PyArg_ParseTupleAndKeywords(args, kwds, "|sci", kwlist, &arg_prefix,
312 &arg_separator, &arg_options))
315 text = acl_to_any_text(self->acl, arg_prefix, arg_separator, arg_options);
317 return PyErr_SetFromErrno(PyExc_IOError);
319 ret = PyBytes_FromString(text);
320 if(acl_free(text) != 0) {
322 return PyErr_SetFromErrno(PyExc_IOError);
327 static char __check_doc__[] =
328 "Check the ACL validity.\n"
330 "This is a non-portable, Linux specific extension that allow more\n"
331 "information to be retrieved in case an ACL is not valid than via the\n"
332 ":py:func:`valid` method.\n"
334 "This method will return either False (the ACL is valid), or a tuple\n"
335 "with two elements. The first element is one of the following\n"
337 " - :py:data:`ACL_MULTI_ERROR`: The ACL contains multiple entries that\n"
338 " have a tag type that may occur at most once\n"
339 " - :py:data:`ACL_DUPLICATE_ERROR`: The ACL contains multiple \n"
340 " :py:data:`ACL_USER` or :py:data:`ACL_GROUP` entries with the\n"
342 " - :py:data:`ACL_MISS_ERROR`: A required entry is missing\n"
343 " - :py:data:`ACL_ENTRY_ERROR`: The ACL contains an invalid entry\n"
346 "The second element of the tuple is the index of the entry that is\n"
347 "invalid (in the same order as by iterating over the ACL entry)\n"
350 /* The acl_check method */
351 static PyObject* ACL_check(PyObject* obj, PyObject* args) {
352 ACL_Object *self = (ACL_Object*) obj;
356 if((result = acl_check(self->acl, &eindex)) == -1)
357 return PyErr_SetFromErrno(PyExc_IOError);
361 return Py_BuildValue("(ii)", result, eindex);
364 /* Implementation of the rich compare for ACLs */
365 static PyObject* ACL_richcompare(PyObject* o1, PyObject* o2, int op) {
366 ACL_Object *acl1, *acl2;
370 if(!PyObject_IsInstance(o2, (PyObject*)&ACL_Type)) {
375 PyErr_SetString(PyExc_TypeError, "can only compare to an ACL");
379 acl1 = (ACL_Object*)o1;
380 acl2 = (ACL_Object*)o2;
381 if((n=acl_cmp(acl1->acl, acl2->acl))==-1)
382 return PyErr_SetFromErrno(PyExc_IOError);
385 ret = n == 0 ? Py_True : Py_False;
388 ret = n == 1 ? Py_True : Py_False;
391 PyErr_SetString(PyExc_TypeError, "ACLs are not orderable");
398 static char __equiv_mode_doc__[] =
399 "Return the octal mode the ACL is equivalent to.\n"
401 "This is a non-portable, Linux specific extension that checks\n"
402 "if the ACL is a basic ACL and returns the corresponding mode.\n"
405 ":raise IOError: An IOerror exception will be raised if the ACL is\n"
406 " an extended ACL.\n"
409 /* The acl_equiv_mode method */
410 static PyObject* ACL_equiv_mode(PyObject* obj, PyObject* args) {
411 ACL_Object *self = (ACL_Object*) obj;
414 if(acl_equiv_mode(self->acl, &mode) == -1)
415 return PyErr_SetFromErrno(PyExc_IOError);
416 return PyLong_FromLong(mode);
421 static char __applyto_doc__[] =
422 "applyto(item[, flag=ACL_TYPE_ACCESS])\n"
423 "Apply the ACL to a file or filehandle.\n"
425 ":param item: either a filename or a file-like object or an integer;\n"
426 " this represents the filesystem object on which to act\n"
427 ":param flag: optional flag representing the type of ACL to set, either\n"
428 " :py:data:`ACL_TYPE_ACCESS` (default) or :py:data:`ACL_TYPE_DEFAULT`\n"
431 /* Applies the ACL to a file */
432 static PyObject* ACL_applyto(PyObject* obj, PyObject* args) {
433 ACL_Object *self = (ACL_Object*) obj;
434 PyObject *target, *tmp;
435 acl_type_t type = ACL_TYPE_ACCESS;
439 if (!PyArg_ParseTuple(args, "O|I", &target, &type))
441 if ((fd = PyObject_AsFileDescriptor(target)) != -1) {
442 if((nret = acl_set_fd(fd, self->acl)) == -1) {
443 PyErr_SetFromErrno(PyExc_IOError);
446 // PyObject_AsFileDescriptor sets an error when failing, so clear
447 // it such that further code works; some method lookups fail if an
448 // error already occured when called, which breaks at least
449 // PyOS_FSPath (called by FSConverter).
451 if(PyUnicode_FSConverter(target, &tmp)) {
452 char *filename = PyBytes_AS_STRING(tmp);
453 if ((nret = acl_set_file(filename, type, self->acl)) == -1) {
454 PyErr_SetFromErrnoWithFilename(PyExc_IOError, filename);
468 static char __valid_doc__[] =
469 "Test the ACL for validity.\n"
471 "This method tests the ACL to see if it is a valid ACL\n"
472 "in terms of the file-system. More precisely, it checks that:\n"
474 "The ACL contains exactly one entry with each of the\n"
475 ":py:data:`ACL_USER_OBJ`, :py:data:`ACL_GROUP_OBJ`, and \n"
476 ":py:data:`ACL_OTHER` tag types. Entries\n"
477 "with :py:data:`ACL_USER` and :py:data:`ACL_GROUP` tag types may\n"
478 "appear zero or more\n"
479 "times in an ACL. An ACL that contains entries of :py:data:`ACL_USER` or\n"
480 ":py:data:`ACL_GROUP` tag types must contain exactly one entry of the \n"
481 ":py:data:`ACL_MASK` tag type. If an ACL contains no entries of\n"
482 ":py:data:`ACL_USER` or :py:data:`ACL_GROUP` tag types, the\n"
483 ":py:data:`ACL_MASK` entry is optional.\n"
485 "All user ID qualifiers must be unique among all entries of\n"
486 "the :py:data:`ACL_USER` tag type, and all group IDs must be unique\n"
487 "among all entries of :py:data:`ACL_GROUP` tag type.\n"
489 "The method will return 1 for a valid ACL and 0 for an invalid one.\n"
490 "This has been chosen because the specification for\n"
491 ":manpage:`acl_valid(3)`\n"
492 "in the POSIX.1e standard documents only one possible value for errno\n"
493 "in case of an invalid ACL, so we can't differentiate between\n"
494 "classes of errors. Other suggestions are welcome.\n"
500 /* Checks the ACL for validity */
501 static PyObject* ACL_valid(PyObject* obj, PyObject* args) {
502 ACL_Object *self = (ACL_Object*) obj;
504 if(acl_valid(self->acl) == -1) {
511 #ifdef HAVE_ACL_COPY_EXT
512 static PyObject* ACL_get_state(PyObject *obj, PyObject* args) {
513 ACL_Object *self = (ACL_Object*) obj;
518 size = acl_size(self->acl);
520 return PyErr_SetFromErrno(PyExc_IOError);
522 if((ret = PyBytes_FromStringAndSize(NULL, size)) == NULL)
524 buf = PyBytes_AsString(ret);
526 if((nsize = acl_copy_ext(buf, self->acl, size)) == -1) {
528 return PyErr_SetFromErrno(PyExc_IOError);
534 static PyObject* ACL_set_state(PyObject *obj, PyObject* args) {
535 ACL_Object *self = (ACL_Object*) obj;
540 /* Parse the argument */
541 if (!PyArg_ParseTuple(args, "y#", &buf, &bufsize))
544 /* Try to import the external representation */
545 if((ptr = acl_copy_int(buf)) == NULL)
546 return PyErr_SetFromErrno(PyExc_IOError);
548 /* Free the old acl. Should we ignore errors here? */
549 if(self->acl != NULL) {
550 if(acl_free(self->acl) == -1)
551 return PyErr_SetFromErrno(PyExc_IOError);
562 /* tp_iter for the ACL type; since it can be iterated only
563 * destructively, the type is its iterator
565 static PyObject* ACL_iter(PyObject *obj) {
566 ACL_Object *self = (ACL_Object*)obj;
567 self->entry_id = ACL_FIRST_ENTRY;
572 /* the tp_iternext function for the ACL type */
573 static PyObject* ACL_iternext(PyObject *obj) {
574 ACL_Object *self = (ACL_Object*)obj;
575 acl_entry_t the_entry_t;
576 Entry_Object *the_entry_obj;
579 nerr = acl_get_entry(self->acl, self->entry_id, &the_entry_t);
580 self->entry_id = ACL_NEXT_ENTRY;
582 return PyErr_SetFromErrno(PyExc_IOError);
584 /* Docs says this is not needed */
585 /*PyErr_SetObject(PyExc_StopIteration, Py_None);*/
589 the_entry_obj = (Entry_Object*) PyType_GenericNew(&Entry_Type, NULL, NULL);
590 if(the_entry_obj == NULL)
593 the_entry_obj->entry = the_entry_t;
595 the_entry_obj->parent_acl = obj;
596 Py_INCREF(obj); /* For the reference we have in entry->parent */
598 return (PyObject*)the_entry_obj;
601 static char __ACL_delete_entry_doc__[] =
602 "delete_entry(entry)\n"
603 "Deletes an entry from the ACL.\n"
605 ".. note:: Only available with level 2.\n"
607 ":param entry: the Entry object which should be deleted; note that after\n"
608 " this function is called, that object is unusable any longer\n"
609 " and should be deleted\n"
612 /* Deletes an entry from the ACL */
613 static PyObject* ACL_delete_entry(PyObject *obj, PyObject *args) {
614 ACL_Object *self = (ACL_Object*)obj;
617 if (!PyArg_ParseTuple(args, "O!", &Entry_Type, &e))
620 if (e->parent_acl != obj) {
621 PyErr_SetString(PyExc_ValueError,
622 "Can't remove un-owned entry");
625 if(acl_delete_entry(self->acl, e->entry) == -1)
626 return PyErr_SetFromErrno(PyExc_IOError);
631 static char __ACL_calc_mask_doc__[] =
632 "Compute the file group class mask.\n"
634 "The calc_mask() method calculates and sets the permissions \n"
635 "associated with the :py:data:`ACL_MASK` Entry of the ACL.\n"
636 "The value of the new permissions is the union of the permissions \n"
637 "granted by all entries of tag type :py:data:`ACL_GROUP`, \n"
638 ":py:data:`ACL_GROUP_OBJ`, or \n"
639 ":py:data:`ACL_USER`. If the ACL already contains an :py:data:`ACL_MASK`\n"
641 "permissions are overwritten; if it does not contain an \n"
642 ":py:data:`ACL_MASK` Entry, one is added.\n"
644 "The order of existing entries in the ACL is undefined after this \n"
648 /* Updates the mask entry in the ACL */
649 static PyObject* ACL_calc_mask(PyObject *obj, PyObject *args) {
650 ACL_Object *self = (ACL_Object*)obj;
652 if(acl_calc_mask(&self->acl) == -1)
653 return PyErr_SetFromErrno(PyExc_IOError);
658 static char __ACL_append_doc__[] =
660 "Append a new Entry to the ACL and return it.\n"
662 "This is a convenience function to create a new Entry \n"
663 "and append it to the ACL.\n"
664 "If a parameter of type Entry instance is given, the \n"
665 "entry will be a copy of that one (as if copied with \n"
666 ":py:func:`Entry.copy`), otherwise, the new entry will be empty.\n"
668 ":rtype: :py:class:`Entry`\n"
669 ":returns: the newly created entry\n"
672 /* Convenience method to create a new Entry */
673 static PyObject* ACL_append(PyObject *obj, PyObject *args) {
674 Entry_Object* newentry;
675 Entry_Object* oldentry = NULL;
678 if (!PyArg_ParseTuple(args, "|O!", &Entry_Type, &oldentry)) {
682 PyObject *new_arglist = Py_BuildValue("(O)", obj);
683 if (new_arglist == NULL) {
686 newentry = (Entry_Object*) PyObject_CallObject((PyObject*)&Entry_Type, new_arglist);
687 Py_DECREF(new_arglist);
688 if(newentry == NULL) {
692 if(oldentry != NULL) {
693 nret = acl_copy_entry(newentry->entry, oldentry->entry);
696 return PyErr_SetFromErrno(PyExc_IOError);
700 return (PyObject*)newentry;
703 /***** Entry type *****/
713 /* Pre-declaring the function is more friendly to cpychecker, sigh. */
714 static int get_tag_qualifier(acl_entry_t entry, tag_qual *tq)
715 CPYCHECKER_NEGATIVE_RESULT_SETS_EXCEPTION;
717 /* Helper function to get the tag and qualifier of an Entry at the
718 same time. This is "needed" because the acl_get_qualifier function
719 returns a pointer to different types, based on the tag value, and
720 thus it's not straightforward to get the right type.
722 It sets a Python exception if an error occurs, and returns -1 in
723 this case. If successful, the tag is set to the tag type, the
724 qualifier (if any) to either the uid or the gid entry in the
725 tag_qual structure, and the return value is 0.
727 static int get_tag_qualifier(acl_entry_t entry, tag_qual *tq) {
730 if(acl_get_tag_type(entry, &tq->tag) == -1) {
731 PyErr_SetFromErrno(PyExc_IOError);
734 if (tq->tag == ACL_USER || tq->tag == ACL_GROUP) {
735 if((p = acl_get_qualifier(entry)) == NULL) {
736 PyErr_SetFromErrno(PyExc_IOError);
739 if (tq->tag == ACL_USER) {
740 tq->uid = *(uid_t*)p;
742 tq->gid = *(gid_t*)p;
749 #define ENTRY_SET_CHECK(self, attr, value) \
750 if (value == NULL) { \
751 PyErr_SetString(PyExc_TypeError, \
752 attr " deletion is not supported"); \
756 /* Creation of a new Entry instance */
757 static PyObject* Entry_new(PyTypeObject* type, PyObject* args,
761 ACL_Object* parent = NULL;
763 if (!PyArg_ParseTuple(args, "O!", &ACL_Type, &parent))
766 newentry = PyType_GenericNew(type, args, keywds);
768 if(newentry == NULL) {
772 entry = (Entry_Object*)newentry;
774 if(acl_create_entry(&parent->acl, &entry->entry) == -1) {
775 PyErr_SetFromErrno(PyExc_IOError);
780 entry->parent_acl = (PyObject*)parent;
784 /* Initialization of a new Entry instance */
785 static int Entry_init(PyObject* obj, PyObject* args, PyObject *keywds) {
786 Entry_Object* self = (Entry_Object*) obj;
787 ACL_Object* parent = NULL;
789 if (!PyArg_ParseTuple(args, "O!", &ACL_Type, &parent))
792 if ((PyObject*)parent != self->parent_acl) {
793 PyErr_SetString(PyExc_ValueError,
794 "Can't reinitialize with a different parent");
800 /* Free the Entry instance */
801 static void Entry_dealloc(PyObject* obj) {
802 Entry_Object *self = (Entry_Object*) obj;
803 PyObject *err_type, *err_value, *err_traceback;
804 int have_error = PyErr_Occurred() ? 1 : 0;
807 PyErr_Fetch(&err_type, &err_value, &err_traceback);
808 if(self->parent_acl != NULL) {
809 Py_DECREF(self->parent_acl);
810 self->parent_acl = NULL;
813 PyErr_Restore(err_type, err_value, err_traceback);
817 /* Converts the entry to a text format */
818 static PyObject* Entry_str(PyObject *obj) {
819 PyObject *format, *kind;
820 Entry_Object *self = (Entry_Object*) obj;
823 if(get_tag_qualifier(self->entry, &tq) < 0) {
827 format = PyUnicode_FromString("ACL entry for ");
831 case ACL_UNDEFINED_TAG:
832 kind = PyUnicode_FromString("undefined type");
835 kind = PyUnicode_FromString("the owner");
838 kind = PyUnicode_FromString("the group");
841 kind = PyUnicode_FromString("the others");
844 /* FIXME: here and in the group case, we're formatting with
845 unsigned, because there's no way to automatically determine
846 the signed-ness of the types; on Linux(glibc) they're
847 unsigned, so we'll go along with that */
848 kind = PyUnicode_FromFormat("user with uid %u", tq.uid);
851 kind = PyUnicode_FromFormat("group with gid %u", tq.gid);
854 kind = PyUnicode_FromString("the mask");
857 kind = PyUnicode_FromString("UNKNOWN_TAG_TYPE!");
864 PyObject *ret = PyUnicode_Concat(format, kind);
870 /* Sets the tag type of the entry */
871 static int Entry_set_tag_type(PyObject* obj, PyObject* value, void* arg) {
872 Entry_Object *self = (Entry_Object*) obj;
874 ENTRY_SET_CHECK(self, "tag type", value);
876 if(!PyLong_Check(value)) {
877 PyErr_SetString(PyExc_TypeError,
878 "tag type must be integer");
881 if(acl_set_tag_type(self->entry, (acl_tag_t)PyLong_AsLong(value)) == -1) {
882 PyErr_SetFromErrno(PyExc_IOError);
889 /* Returns the tag type of the entry */
890 static PyObject* Entry_get_tag_type(PyObject *obj, void* arg) {
891 Entry_Object *self = (Entry_Object*) obj;
894 if(acl_get_tag_type(self->entry, &value) == -1) {
895 PyErr_SetFromErrno(PyExc_IOError);
899 return PyLong_FromLong(value);
902 /* Sets the qualifier (either uid_t or gid_t) for the entry,
903 * usable only if the tag type if ACL_USER or ACL_GROUP
905 static int Entry_set_qualifier(PyObject* obj, PyObject* value, void* arg) {
906 Entry_Object *self = (Entry_Object*) obj;
907 unsigned long uidgid;
913 ENTRY_SET_CHECK(self, "qualifier", value);
915 if(!PyLong_Check(value)) {
916 PyErr_SetString(PyExc_TypeError,
917 "qualifier must be integer");
920 /* This is the negative value check, and larger than long
921 check. If uid_t/gid_t are long-sized, this is enough to check
922 for both over and underflow. */
923 if((uidgid = PyLong_AsUnsignedLong(value)) == (unsigned long) -1) {
924 if(PyErr_Occurred() != NULL) {
928 /* Due to how acl_set_qualifier takes its argument, we have to do
929 this ugly dance with two variables and a pointer that will
930 point to one of them. */
931 if(acl_get_tag_type(self->entry, &tag) == -1) {
932 PyErr_SetFromErrno(PyExc_IOError);
937 /* This is an extra overflow check, in case uid_t/gid_t are
938 int-sized (and int size smaller than long size). */
941 if((unsigned long)uid != uidgid) {
942 PyErr_SetString(PyExc_OverflowError, "Can't assign given qualifier");
949 if((unsigned long)gid != uidgid) {
950 PyErr_SetString(PyExc_OverflowError, "Can't assign given qualifier");
957 PyErr_SetString(PyExc_TypeError,
958 "Can only set qualifiers on ACL_USER or ACL_GROUP entries");
961 if(acl_set_qualifier(self->entry, p) == -1) {
962 PyErr_SetFromErrno(PyExc_IOError);
969 /* Returns the qualifier of the entry */
970 static PyObject* Entry_get_qualifier(PyObject *obj, void* arg) {
971 Entry_Object *self = (Entry_Object*) obj;
975 if (self->entry == NULL) {
976 PyErr_SetString(PyExc_ValueError, "Can't get qualifier on uninitalized Entry object");
979 if(get_tag_qualifier(self->entry, &tq) < 0) {
982 if (tq.tag == ACL_USER) {
984 } else if (tq.tag == ACL_GROUP) {
987 PyErr_SetString(PyExc_TypeError,
988 "Given entry doesn't have an user or"
992 return PyLong_FromUnsignedLong(value);
995 /* Returns the parent ACL of the entry */
996 static PyObject* Entry_get_parent(PyObject *obj, void* arg) {
997 Entry_Object *self = (Entry_Object*) obj;
999 Py_INCREF(self->parent_acl);
1000 return self->parent_acl;
1003 /* Returns the a new Permset representing the permset of the entry
1004 * FIXME: Should return a new reference to the same object, which
1005 * should be created at init time!
1007 static PyObject* Entry_get_permset(PyObject *obj, void* arg) {
1010 PyObject *perm_arglist = Py_BuildValue("(O)", obj);
1011 if (perm_arglist == NULL) {
1014 p = PyObject_CallObject((PyObject*)&Permset_Type, perm_arglist);
1015 Py_DECREF(perm_arglist);
1019 /* Sets the permset of the entry to the passed Permset */
1020 static int Entry_set_permset(PyObject* obj, PyObject* value, void* arg) {
1021 Entry_Object *self = (Entry_Object*)obj;
1024 ENTRY_SET_CHECK(self, "permset", value);
1026 if(!PyObject_IsInstance(value, (PyObject*)&Permset_Type)) {
1027 PyErr_SetString(PyExc_TypeError, "argument 1 must be posix1e.Permset");
1030 p = (Permset_Object*)value;
1031 if(acl_set_permset(self->entry, p->permset) == -1) {
1032 PyErr_SetFromErrno(PyExc_IOError);
1038 static char __Entry_copy_doc__[] =
1040 "Copies an ACL entry.\n"
1042 "This method sets all the parameters to those of another\n"
1043 "entry (either of the same ACL or belonging to another ACL).\n"
1045 ":param Entry src: instance of type Entry\n"
1048 /* Sets all the entry parameters to another entry */
1049 static PyObject* Entry_copy(PyObject *obj, PyObject *args) {
1050 Entry_Object *self = (Entry_Object*)obj;
1051 Entry_Object *other;
1053 if(!PyArg_ParseTuple(args, "O!", &Entry_Type, &other))
1056 if(acl_copy_entry(self->entry, other->entry) == -1)
1057 return PyErr_SetFromErrno(PyExc_IOError);
1062 /**** Permset type *****/
1064 /* Creation of a new Permset instance */
1065 static PyObject* Permset_new(PyTypeObject* type, PyObject* args,
1067 PyObject* newpermset;
1068 Permset_Object* permset;
1069 Entry_Object* parent = NULL;
1071 if (!PyArg_ParseTuple(args, "O!", &Entry_Type, &parent)) {
1075 newpermset = PyType_GenericNew(type, args, keywds);
1077 if(newpermset == NULL) {
1081 permset = (Permset_Object*)newpermset;
1083 if(acl_get_permset(parent->entry, &permset->permset) == -1) {
1084 PyErr_SetFromErrno(PyExc_IOError);
1085 Py_DECREF(newpermset);
1089 permset->parent_entry = (PyObject*)parent;
1095 /* Initialization of a new Permset instance */
1096 static int Permset_init(PyObject* obj, PyObject* args, PyObject *keywds) {
1097 Permset_Object* self = (Permset_Object*) obj;
1098 Entry_Object* parent = NULL;
1100 if (!PyArg_ParseTuple(args, "O!", &Entry_Type, &parent))
1103 if ((PyObject*)parent != self->parent_entry) {
1104 PyErr_SetString(PyExc_ValueError,
1105 "Can't reinitialize with a different parent");
1112 /* Free the Permset instance */
1113 static void Permset_dealloc(PyObject* obj) {
1114 Permset_Object *self = (Permset_Object*) obj;
1115 PyObject *err_type, *err_value, *err_traceback;
1116 int have_error = PyErr_Occurred() ? 1 : 0;
1119 PyErr_Fetch(&err_type, &err_value, &err_traceback);
1120 if(self->parent_entry != NULL) {
1121 Py_DECREF(self->parent_entry);
1122 self->parent_entry = NULL;
1125 PyErr_Restore(err_type, err_value, err_traceback);
1129 /* Permset string representation */
1130 static PyObject* Permset_str(PyObject *obj) {
1131 Permset_Object *self = (Permset_Object*) obj;
1134 pstr[0] = get_perm(self->permset, ACL_READ) ? 'r' : '-';
1135 pstr[1] = get_perm(self->permset, ACL_WRITE) ? 'w' : '-';
1136 pstr[2] = get_perm(self->permset, ACL_EXECUTE) ? 'x' : '-';
1137 return PyUnicode_FromStringAndSize(pstr, 3);
1140 static char __Permset_clear_doc__[] =
1141 "Clears all permissions from the permission set.\n"
1144 /* Clears all permissions from the permset */
1145 static PyObject* Permset_clear(PyObject* obj, PyObject* args) {
1146 Permset_Object *self = (Permset_Object*) obj;
1148 if(acl_clear_perms(self->permset) == -1)
1149 return PyErr_SetFromErrno(PyExc_IOError);
1154 static PyObject* Permset_get_right(PyObject *obj, void* arg) {
1155 Permset_Object *self = (Permset_Object*) obj;
1157 if(get_perm(self->permset, *(acl_perm_t*)arg)) {
1164 static int Permset_set_right(PyObject* obj, PyObject* value, void* arg) {
1165 Permset_Object *self = (Permset_Object*) obj;
1169 if(!PyLong_Check(value)) {
1170 PyErr_SetString(PyExc_ValueError, "invalid argument, an integer"
1174 on = PyLong_AsLong(value);
1176 nerr = acl_add_perm(self->permset, *(acl_perm_t*)arg);
1178 nerr = acl_delete_perm(self->permset, *(acl_perm_t*)arg);
1180 PyErr_SetFromErrno(PyExc_IOError);
1186 static char __Permset_add_doc__[] =
1188 "Add a permission to the permission set.\n"
1190 "This function adds the permission contained in \n"
1191 "the argument perm to the permission set. An attempt \n"
1192 "to add a permission that is already contained in the \n"
1193 "permission set is not considered an error.\n"
1195 ":param perm: a permission (:py:data:`ACL_WRITE`, :py:data:`ACL_READ`,\n"
1196 " :py:data:`ACL_EXECUTE`, ...)\n"
1197 ":raises IOError: in case the argument is not a valid descriptor\n"
1200 static PyObject* Permset_add(PyObject* obj, PyObject* args) {
1201 Permset_Object *self = (Permset_Object*) obj;
1204 if (!PyArg_ParseTuple(args, "i", &right))
1207 if(acl_add_perm(self->permset, (acl_perm_t) right) == -1)
1208 return PyErr_SetFromErrno(PyExc_IOError);
1213 static char __Permset_delete_doc__[] =
1215 "Delete a permission from the permission set.\n"
1217 "This function deletes the permission contained in \n"
1218 "the argument perm from the permission set. An attempt \n"
1219 "to delete a permission that is not contained in the \n"
1220 "permission set is not considered an error.\n"
1222 ":param perm: a permission (:py:data:`ACL_WRITE`, :py:data:`ACL_READ`,\n"
1223 " :py:data:`ACL_EXECUTE`, ...)\n"
1224 ":raises IOError: in case the argument is not a valid descriptor\n"
1227 static PyObject* Permset_delete(PyObject* obj, PyObject* args) {
1228 Permset_Object *self = (Permset_Object*) obj;
1231 if (!PyArg_ParseTuple(args, "i", &right))
1234 if(acl_delete_perm(self->permset, (acl_perm_t) right) == -1)
1235 return PyErr_SetFromErrno(PyExc_IOError);
1240 static char __Permset_test_doc__[] =
1242 "Test if a permission exists in the permission set.\n"
1244 "The test() function tests if the permission represented by\n"
1245 "the argument perm exists in the permission set.\n"
1247 ":param perm: a permission (:py:data:`ACL_WRITE`, :py:data:`ACL_READ`,\n"
1248 " :py:data:`ACL_EXECUTE`, ...)\n"
1250 ":raises IOError: in case the argument is not a valid descriptor\n"
1253 static PyObject* Permset_test(PyObject* obj, PyObject* args) {
1254 Permset_Object *self = (Permset_Object*) obj;
1258 if (!PyArg_ParseTuple(args, "i", &right))
1261 ret = get_perm(self->permset, (acl_perm_t) right);
1263 return PyErr_SetFromErrno(PyExc_IOError);
1274 static char __ACL_Type_doc__[] =
1275 "Type which represents a POSIX ACL\n"
1277 ".. note:: only one keyword parameter should be provided\n"
1279 ":param string/bytes/path-like file: creates an ACL representing\n"
1280 " the access ACL of the specified file or directory.\n"
1281 ":param string/bytes/path-like filedef: creates an ACL representing\n"
1282 " the default ACL of the given directory.\n"
1283 ":param int/iostream fd: creates an ACL representing\n"
1284 " the access ACL of the given file descriptor.\n"
1285 ":param string text: creates an ACL from a \n"
1286 " textual description; note the ACL must be valid, which\n"
1287 " means including a mask for extended ACLs, similar to\n"
1288 " ``setfacl --no-mask``\n"
1289 ":param ACL acl: creates a copy of an existing ACL instance.\n"
1290 ":param int mode: creates an ACL from a numeric mode\n"
1291 " (e.g. ``mode=0644``); this is valid only when the C library\n"
1292 " provides the ``acl_from_mode call``, and\n"
1293 " note that no validation is done on the given value.\n"
1294 ":param bytes data: creates an ACL from a serialised form,\n"
1295 " as provided by calling ``__getstate__()`` on an existing ACL\n"
1297 "If no parameters are passed, an empty ACL will be created; this\n"
1298 "makes sense only when your OS supports ACL modification\n"
1299 "(i.e. it implements full POSIX.1e support), otherwise the ACL won't\n"
1303 /* ACL type methods */
1304 static PyMethodDef ACL_methods[] = {
1305 {"applyto", ACL_applyto, METH_VARARGS, __applyto_doc__},
1306 {"valid", ACL_valid, METH_NOARGS, __valid_doc__},
1308 {"to_any_text", (PyCFunction)ACL_to_any_text, METH_VARARGS | METH_KEYWORDS,
1309 __to_any_text_doc__},
1310 {"check", ACL_check, METH_NOARGS, __check_doc__},
1311 {"equiv_mode", ACL_equiv_mode, METH_NOARGS, __equiv_mode_doc__},
1313 #ifdef HAVE_ACL_COPY_EXT
1314 {"__getstate__", ACL_get_state, METH_NOARGS,
1315 "Dumps the ACL to an external format."},
1316 {"__setstate__", ACL_set_state, METH_VARARGS,
1317 "Loads the ACL from an external format."},
1320 {"delete_entry", ACL_delete_entry, METH_VARARGS, __ACL_delete_entry_doc__},
1321 {"calc_mask", ACL_calc_mask, METH_NOARGS, __ACL_calc_mask_doc__},
1322 {"append", ACL_append, METH_VARARGS, __ACL_append_doc__},
1324 {NULL, NULL, 0, NULL}
1328 /* The definition of the ACL Type */
1329 static PyTypeObject ACL_Type = {
1330 PyVarObject_HEAD_INIT(NULL, 0)
1334 ACL_dealloc, /* tp_dealloc */
1338 0, /* formerly tp_compare, in 3.0 deprecated, in
1341 0, /* tp_as_number */
1342 0, /* tp_as_sequence */
1343 0, /* tp_as_mapping */
1346 ACL_str, /* tp_str */
1347 0, /* tp_getattro */
1348 0, /* tp_setattro */
1349 0, /* tp_as_buffer */
1350 Py_TPFLAGS_DEFAULT, /* tp_flags */
1351 __ACL_Type_doc__, /* tp_doc */
1352 0, /* tp_traverse */
1355 ACL_richcompare, /* tp_richcompare */
1357 0, /* tp_richcompare */
1359 0, /* tp_weaklistoffset */
1365 0, /* tp_iternext */
1367 ACL_methods, /* tp_methods */
1372 0, /* tp_descr_get */
1373 0, /* tp_descr_set */
1374 0, /* tp_dictoffset */
1375 ACL_init, /* tp_init */
1377 ACL_new, /* tp_new */
1382 /* Entry type methods */
1383 static PyMethodDef Entry_methods[] = {
1384 {"copy", Entry_copy, METH_VARARGS, __Entry_copy_doc__},
1385 {NULL, NULL, 0, NULL}
1388 static char __Entry_tagtype_doc__[] =
1389 "The tag type of the current entry\n"
1392 " - :py:data:`ACL_UNDEFINED_TAG`\n"
1393 " - :py:data:`ACL_USER_OBJ`\n"
1394 " - :py:data:`ACL_USER`\n"
1395 " - :py:data:`ACL_GROUP_OBJ`\n"
1396 " - :py:data:`ACL_GROUP`\n"
1397 " - :py:data:`ACL_MASK`\n"
1398 " - :py:data:`ACL_OTHER`\n"
1401 static char __Entry_qualifier_doc__[] =
1402 "The qualifier of the current entry\n"
1404 "If the tag type is :py:data:`ACL_USER`, this should be a user id.\n"
1405 "If the tag type if :py:data:`ACL_GROUP`, this should be a group id.\n"
1406 "Else it doesn't matter.\n"
1409 static char __Entry_parent_doc__[] =
1410 "The parent ACL of this entry\n"
1413 static char __Entry_permset_doc__[] =
1414 "The permission set of this ACL entry\n"
1418 static PyGetSetDef Entry_getsets[] = {
1419 {"tag_type", Entry_get_tag_type, Entry_set_tag_type,
1420 __Entry_tagtype_doc__},
1421 {"qualifier", Entry_get_qualifier, Entry_set_qualifier,
1422 __Entry_qualifier_doc__},
1423 {"parent", Entry_get_parent, NULL, __Entry_parent_doc__},
1424 {"permset", Entry_get_permset, Entry_set_permset, __Entry_permset_doc__},
1428 static char __Entry_Type_doc__[] =
1429 "Type which represents an entry in an ACL.\n"
1431 "The type exists only if the OS has full support for POSIX.1e\n"
1432 "Can be created either by:\n"
1434 " >>> e = posix1e.Entry(myACL) # this creates a new entry in the ACL\n"
1435 " >>> e = myACL.append() # another way for doing the same thing\n"
1439 " >>> for entry in myACL:\n"
1440 " ... print entry\n"
1442 "Note that the Entry keeps a reference to its ACL, so even if \n"
1443 "you delete the ACL, it won't be cleaned up and will continue to \n"
1444 "exist until its Entry(ies) will be deleted.\n"
1446 /* The definition of the Entry Type */
1447 static PyTypeObject Entry_Type = {
1448 PyVarObject_HEAD_INIT(NULL, 0)
1450 sizeof(Entry_Object),
1452 Entry_dealloc, /* tp_dealloc */
1458 0, /* tp_as_number */
1459 0, /* tp_as_sequence */
1460 0, /* tp_as_mapping */
1463 Entry_str, /* tp_str */
1464 0, /* tp_getattro */
1465 0, /* tp_setattro */
1466 0, /* tp_as_buffer */
1467 Py_TPFLAGS_DEFAULT, /* tp_flags */
1468 __Entry_Type_doc__, /* tp_doc */
1469 0, /* tp_traverse */
1471 0, /* tp_richcompare */
1472 0, /* tp_weaklistoffset */
1474 0, /* tp_iternext */
1475 Entry_methods, /* tp_methods */
1477 Entry_getsets, /* tp_getset */
1480 0, /* tp_descr_get */
1481 0, /* tp_descr_set */
1482 0, /* tp_dictoffset */
1483 Entry_init, /* tp_init */
1485 Entry_new, /* tp_new */
1488 /* Permset type methods */
1489 static PyMethodDef Permset_methods[] = {
1490 {"clear", Permset_clear, METH_NOARGS, __Permset_clear_doc__, },
1491 {"add", Permset_add, METH_VARARGS, __Permset_add_doc__, },
1492 {"delete", Permset_delete, METH_VARARGS, __Permset_delete_doc__, },
1493 {"test", Permset_test, METH_VARARGS, __Permset_test_doc__, },
1494 {NULL, NULL, 0, NULL}
1497 static char __Permset_execute_doc__[] =
1498 "Execute permission property\n"
1500 "This is a convenience method of retrieving and setting the execute\n"
1501 "permission in the permission set; the \n"
1502 "same effect can be achieved using the functions\n"
1503 "add(), test(), delete(), and those can take any \n"
1504 "permission defined by your platform.\n"
1507 static char __Permset_read_doc__[] =
1508 "Read permission property\n"
1510 "This is a convenience method of retrieving and setting the read\n"
1511 "permission in the permission set; the \n"
1512 "same effect can be achieved using the functions\n"
1513 "add(), test(), delete(), and those can take any \n"
1514 "permission defined by your platform.\n"
1517 static char __Permset_write_doc__[] =
1518 "Write permission property\n"
1520 "This is a convenience method of retrieving and setting the write\n"
1521 "permission in the permission set; the \n"
1522 "same effect can be achieved using the functions\n"
1523 "add(), test(), delete(), and those can take any \n"
1524 "permission defined by your platform.\n"
1527 /* Permset getset */
1528 static PyGetSetDef Permset_getsets[] = {
1529 {"execute", Permset_get_right, Permset_set_right,
1530 __Permset_execute_doc__, &holder_ACL_EXECUTE},
1531 {"read", Permset_get_right, Permset_set_right,
1532 __Permset_read_doc__, &holder_ACL_READ},
1533 {"write", Permset_get_right, Permset_set_right,
1534 __Permset_write_doc__, &holder_ACL_WRITE},
1538 static char __Permset_Type_doc__[] =
1539 "Type which represents the permission set in an ACL entry\n"
1541 "The type exists only if the OS has full support for POSIX.1e\n"
1542 "Can be retrieved either by:\n\n"
1543 ">>> perms = myEntry.permset\n"
1546 ">>> perms = posix1e.Permset(myEntry)\n"
1548 "Note that the Permset keeps a reference to its Entry, so even if \n"
1549 "you delete the entry, it won't be cleaned up and will continue to \n"
1550 "exist until its Permset will be deleted.\n"
1553 /* The definition of the Permset Type */
1554 static PyTypeObject Permset_Type = {
1555 PyVarObject_HEAD_INIT(NULL, 0)
1557 sizeof(Permset_Object),
1559 Permset_dealloc, /* tp_dealloc */
1565 0, /* tp_as_number */
1566 0, /* tp_as_sequence */
1567 0, /* tp_as_mapping */
1570 Permset_str, /* tp_str */
1571 0, /* tp_getattro */
1572 0, /* tp_setattro */
1573 0, /* tp_as_buffer */
1574 Py_TPFLAGS_DEFAULT, /* tp_flags */
1575 __Permset_Type_doc__,/* tp_doc */
1576 0, /* tp_traverse */
1578 0, /* tp_richcompare */
1579 0, /* tp_weaklistoffset */
1581 0, /* tp_iternext */
1582 Permset_methods, /* tp_methods */
1584 Permset_getsets, /* tp_getset */
1587 0, /* tp_descr_get */
1588 0, /* tp_descr_set */
1589 0, /* tp_dictoffset */
1590 Permset_init, /* tp_init */
1592 Permset_new, /* tp_new */
1597 /* Module methods */
1599 static char __deletedef_doc__[] =
1600 "delete_default(path)\n"
1601 "Delete the default ACL from a directory.\n"
1603 "This function deletes the default ACL associated with\n"
1604 "a directory (the ACL which will be ANDed with the mode\n"
1605 "parameter to the open, creat functions).\n"
1607 ":param string path: the directory whose default ACL should be deleted\n"
1610 /* Deletes the default ACL from a directory */
1611 static PyObject* aclmodule_delete_default(PyObject* obj, PyObject* args) {
1614 /* Parse the arguments */
1615 if (!PyArg_ParseTuple(args, "et", NULL, &filename))
1618 if(acl_delete_def_file(filename) == -1) {
1619 return PyErr_SetFromErrnoWithFilename(PyExc_IOError, filename);
1626 static char __has_extended_doc__[] =
1627 "has_extended(item)\n"
1628 "Check if a file or file handle has an extended ACL.\n"
1630 ":param item: either a file name or a file-like object or an integer;\n"
1631 " it represents the file-system object on which to act\n"
1634 /* Check for extended ACL a file or fd */
1635 static PyObject* aclmodule_has_extended(PyObject* obj, PyObject* args) {
1636 PyObject *item, *tmp;
1640 if (!PyArg_ParseTuple(args, "O", &item))
1643 if((fd = PyObject_AsFileDescriptor(item)) != -1) {
1644 if((nret = acl_extended_fd(fd)) == -1) {
1645 PyErr_SetFromErrno(PyExc_IOError);
1648 // PyObject_AsFileDescriptor sets an error when failing, so clear
1649 // it such that further code works; some method lookups fail if an
1650 // error already occured when called, which breaks at least
1651 // PyOS_FSPath (called by FSConverter).
1653 if(PyUnicode_FSConverter(item, &tmp)) {
1654 char *filename = PyBytes_AS_STRING(tmp);
1655 if ((nret = acl_extended_file(filename)) == -1) {
1656 PyErr_SetFromErrnoWithFilename(PyExc_IOError, filename);
1667 return PyBool_FromLong(nret);
1672 /* The module methods */
1673 static PyMethodDef aclmodule_methods[] = {
1674 {"delete_default", aclmodule_delete_default, METH_VARARGS,
1677 {"has_extended", aclmodule_has_extended, METH_VARARGS,
1678 __has_extended_doc__},
1680 {NULL, NULL, 0, NULL}
1683 static char __posix1e_doc__[] =
1684 "POSIX.1e ACLs manipulation\n"
1685 "==========================\n"
1687 "This module provides support for manipulating POSIX.1e ACLS\n"
1689 "Depending on the operating system support for POSIX.1e, \n"
1690 "the ACL type will have more or less capabilities:\n\n"
1691 " - level 1, only basic support, you can create\n"
1692 " ACLs from files and text descriptions;\n"
1693 " once created, the type is immutable\n"
1694 " - level 2, complete support, you can alter\n"
1695 " the ACL once it is created\n"
1697 "Also, in level 2, more types are available, corresponding\n"
1698 "to acl_entry_t (the Entry type), acl_permset_t (the Permset type).\n"
1700 "The existence of level 2 support and other extensions can be\n"
1701 "checked by the constants:\n\n"
1702 " - :py:data:`HAS_ACL_ENTRY` for level 2 and the Entry/Permset classes\n"
1703 " - :py:data:`HAS_ACL_FROM_MODE` for ``ACL(mode=...)`` usage\n"
1704 " - :py:data:`HAS_ACL_CHECK` for the :py:func:`ACL.check` function\n"
1705 " - :py:data:`HAS_EXTENDED_CHECK` for the module-level\n"
1706 " :py:func:`has_extended` function\n"
1707 " - :py:data:`HAS_EQUIV_MODE` for the :py:func:`ACL.equiv_mode` method\n"
1708 " - :py:data:`HAS_COPY_EXT` for the :py:func:`ACL.__getstate__` and\n"
1709 " :py:func:`ACL.__setstate__` functions (pickle protocol)\n"
1713 ">>> import posix1e\n"
1714 ">>> acl1 = posix1e.ACL(file=\"file.txt\") \n"
1720 ">>> b = posix1e.ACL(text=\"u::rx,g::-,o::-\")\n"
1726 ">>> b.applyto(\"file.txt\")\n"
1727 ">>> print posix1e.ACL(file=\"file.txt\")\n"
1733 ".. py:data:: ACL_USER\n\n"
1734 " Denotes a specific user entry in an ACL.\n"
1736 ".. py:data:: ACL_USER_OBJ\n\n"
1737 " Denotes the user owner entry in an ACL.\n"
1739 ".. py:data:: ACL_GROUP\n\n"
1740 " Denotes the a group entry in an ACL.\n"
1742 ".. py:data:: ACL_GROUP_OBJ\n\n"
1743 " Denotes the group owner entry in an ACL.\n"
1745 ".. py:data:: ACL_OTHER\n\n"
1746 " Denotes the 'others' entry in an ACL.\n"
1748 ".. py:data:: ACL_MASK\n\n"
1749 " Denotes the mask entry in an ACL, representing the maximum\n"
1750 " access granted other users, the owner group and other groups.\n"
1752 ".. py:data:: ACL_UNDEFINED_TAG\n\n"
1753 " An undefined tag in an ACL.\n"
1755 ".. py:data:: ACL_READ\n\n"
1756 " Read permission in a permission set.\n"
1758 ".. py:data:: ACL_WRITE\n\n"
1759 " Write permission in a permission set.\n"
1761 ".. py:data:: ACL_EXECUTE\n\n"
1762 " Execute permission in a permission set.\n"
1764 ".. py:data:: HAS_ACL_ENTRY\n\n"
1765 " denotes support for level 2 and the Entry/Permset classes\n"
1767 ".. py:data:: HAS_ACL_FROM_MODE\n\n"
1768 " denotes support for building an ACL from an octal mode\n"
1770 ".. py:data:: HAS_ACL_CHECK\n\n"
1771 " denotes support for extended checks of an ACL's validity\n"
1773 ".. py:data:: HAS_EXTENDED_CHECK\n\n"
1774 " denotes support for checking whether an ACL is basic or extended\n"
1776 ".. py:data:: HAS_EQUIV_MODE\n\n"
1777 " denotes support for the equiv_mode function\n"
1779 ".. py:data:: HAS_COPY_EXT\n\n"
1780 " denotes support for __getstate__()/__setstate__() on an ACL\n"
1784 static struct PyModuleDef posix1emodule = {
1785 PyModuleDef_HEAD_INIT,
1793 PyInit_posix1e(void)
1797 Py_TYPE(&ACL_Type) = &PyType_Type;
1798 if(PyType_Ready(&ACL_Type) < 0)
1802 Py_TYPE(&Entry_Type) = &PyType_Type;
1803 if(PyType_Ready(&Entry_Type) < 0)
1806 Py_TYPE(&Permset_Type) = &PyType_Type;
1807 if(PyType_Ready(&Permset_Type) < 0)
1811 m = PyModule_Create(&posix1emodule);
1815 d = PyModule_GetDict(m);
1819 Py_INCREF(&ACL_Type);
1820 if (PyDict_SetItemString(d, "ACL",
1821 (PyObject *) &ACL_Type) < 0)
1824 /* 23.3.6 acl_type_t values */
1825 PyModule_AddIntConstant(m, "ACL_TYPE_ACCESS", ACL_TYPE_ACCESS);
1826 PyModule_AddIntConstant(m, "ACL_TYPE_DEFAULT", ACL_TYPE_DEFAULT);
1830 Py_INCREF(&Entry_Type);
1831 if (PyDict_SetItemString(d, "Entry",
1832 (PyObject *) &Entry_Type) < 0)
1835 Py_INCREF(&Permset_Type);
1836 if (PyDict_SetItemString(d, "Permset",
1837 (PyObject *) &Permset_Type) < 0)
1840 /* 23.2.2 acl_perm_t values */
1841 PyModule_AddIntConstant(m, "ACL_READ", ACL_READ);
1842 PyModule_AddIntConstant(m, "ACL_WRITE", ACL_WRITE);
1843 PyModule_AddIntConstant(m, "ACL_EXECUTE", ACL_EXECUTE);
1845 /* 23.2.5 acl_tag_t values */
1846 PyModule_AddIntConstant(m, "ACL_UNDEFINED_TAG", ACL_UNDEFINED_TAG);
1847 PyModule_AddIntConstant(m, "ACL_USER_OBJ", ACL_USER_OBJ);
1848 PyModule_AddIntConstant(m, "ACL_USER", ACL_USER);
1849 PyModule_AddIntConstant(m, "ACL_GROUP_OBJ", ACL_GROUP_OBJ);
1850 PyModule_AddIntConstant(m, "ACL_GROUP", ACL_GROUP);
1851 PyModule_AddIntConstant(m, "ACL_MASK", ACL_MASK);
1852 PyModule_AddIntConstant(m, "ACL_OTHER", ACL_OTHER);
1854 /* Document extended functionality via easy-to-use constants */
1855 PyModule_AddIntConstant(m, "HAS_ACL_ENTRY", 1);
1857 PyModule_AddIntConstant(m, "HAS_ACL_ENTRY", 0);
1861 /* Linux libacl specific acl_to_any_text constants */
1862 PyModule_AddIntConstant(m, "TEXT_ABBREVIATE", TEXT_ABBREVIATE);
1863 PyModule_AddIntConstant(m, "TEXT_NUMERIC_IDS", TEXT_NUMERIC_IDS);
1864 PyModule_AddIntConstant(m, "TEXT_SOME_EFFECTIVE", TEXT_SOME_EFFECTIVE);
1865 PyModule_AddIntConstant(m, "TEXT_ALL_EFFECTIVE", TEXT_ALL_EFFECTIVE);
1866 PyModule_AddIntConstant(m, "TEXT_SMART_INDENT", TEXT_SMART_INDENT);
1868 /* Linux libacl specific acl_check constants */
1869 PyModule_AddIntConstant(m, "ACL_MULTI_ERROR", ACL_MULTI_ERROR);
1870 PyModule_AddIntConstant(m, "ACL_DUPLICATE_ERROR", ACL_DUPLICATE_ERROR);
1871 PyModule_AddIntConstant(m, "ACL_MISS_ERROR", ACL_MISS_ERROR);
1872 PyModule_AddIntConstant(m, "ACL_ENTRY_ERROR", ACL_ENTRY_ERROR);
1874 #define LINUX_EXT_VAL 1
1876 #define LINUX_EXT_VAL 0
1878 /* declare the Linux extensions */
1879 PyModule_AddIntConstant(m, "HAS_ACL_FROM_MODE", LINUX_EXT_VAL);
1880 PyModule_AddIntConstant(m, "HAS_ACL_CHECK", LINUX_EXT_VAL);
1881 PyModule_AddIntConstant(m, "HAS_EXTENDED_CHECK", LINUX_EXT_VAL);
1882 PyModule_AddIntConstant(m, "HAS_EQUIV_MODE", LINUX_EXT_VAL);
1884 PyModule_AddIntConstant(m, "HAS_COPY_EXT",
1885 #ifdef HAVE_ACL_COPY_EXT