7 #include <acl/libacl.h>
8 #define get_perm acl_get_perm
10 #define get_perm acl_get_perm_np
13 staticforward PyTypeObject ACL_Type;
14 static PyObject* ACL_applyto(PyObject* obj, PyObject* args);
15 static PyObject* ACL_valid(PyObject* obj, PyObject* args);
17 #ifdef HAVE_ACL_COPY_EXT
18 static PyObject* ACL_get_state(PyObject *obj, PyObject* args);
19 static PyObject* ACL_set_state(PyObject *obj, PyObject* args);
23 staticforward PyTypeObject Entry_Type;
24 staticforward PyTypeObject Permset_Type;
25 static PyObject* Permset_new(PyTypeObject* type, PyObject* args,
29 static acl_perm_t holder_ACL_EXECUTE = ACL_EXECUTE;
30 static acl_perm_t holder_ACL_READ = ACL_READ;
31 static acl_perm_t holder_ACL_WRITE = ACL_WRITE;
45 PyObject *parent_acl; /* The parent acl, so it won't run out on us */
51 PyObject *parent_entry; /* The parent entry, so it won't run out on us */
52 acl_permset_t permset;
57 /* Creation of a new ACL instance */
58 static PyObject* ACL_new(PyTypeObject* type, PyObject* args,
62 newacl = type->tp_alloc(type, 0);
65 ((ACL_Object*)newacl)->acl = NULL;
67 ((ACL_Object*)newacl)->entry_id = ACL_FIRST_ENTRY;
74 /* Initialization of a new ACL instance */
75 static int ACL_init(PyObject* obj, PyObject* args, PyObject *keywds) {
76 ACL_Object* self = (ACL_Object*) obj;
78 static char *kwlist[] = { "file", "fd", "text", "acl", "filedef",
80 char *format = "|sisO!sH";
83 static char *kwlist[] = { "file", "fd", "text", "acl", "filedef", NULL };
84 char *format = "|sisO!s";
90 ACL_Object* thesrc = NULL;
92 if(!PyTuple_Check(args) || PyTuple_Size(args) != 0 ||
93 (keywds != NULL && PyDict_Check(keywds) && PyDict_Size(keywds) > 1)) {
94 PyErr_SetString(PyExc_ValueError, "a max of one keyword argument"
98 if(!PyArg_ParseTupleAndKeywords(args, keywds, format, kwlist,
99 &file, &fd, &text, &ACL_Type,
107 /* Free the old acl_t without checking for error, we don't
109 if(self->acl != NULL)
113 self->acl = acl_get_file(file, ACL_TYPE_ACCESS);
114 else if(text != NULL)
115 self->acl = acl_from_text(text);
117 self->acl = acl_get_fd(fd);
118 else if(thesrc != NULL)
119 self->acl = acl_dup(thesrc->acl);
120 else if(filedef != NULL)
121 self->acl = acl_get_file(filedef, ACL_TYPE_DEFAULT);
123 else if(PyMapping_HasKeyString(keywds, kwlist[5]))
124 self->acl = acl_from_mode(mode);
127 self->acl = acl_init(0);
129 if(self->acl == NULL) {
130 PyErr_SetFromErrno(PyExc_IOError);
137 /* Standard type functions */
138 static void ACL_dealloc(PyObject* obj) {
139 ACL_Object *self = (ACL_Object*) obj;
140 PyObject *err_type, *err_value, *err_traceback;
141 int have_error = PyErr_Occurred() ? 1 : 0;
144 PyErr_Fetch(&err_type, &err_value, &err_traceback);
145 if(self->acl != NULL && acl_free(self->acl) != 0)
146 PyErr_WriteUnraisable(obj);
148 PyErr_Restore(err_type, err_value, err_traceback);
152 /* Converts the acl to a text format */
153 static PyObject* ACL_str(PyObject *obj) {
155 ACL_Object *self = (ACL_Object*) obj;
158 text = acl_to_text(self->acl, NULL);
160 return PyErr_SetFromErrno(PyExc_IOError);
162 ret = PyString_FromString(text);
163 if(acl_free(text) != 0) {
165 return PyErr_SetFromErrno(PyExc_IOError);
171 static char __to_any_text_doc__[] =
172 "Convert the ACL to a custom text format.\n"
174 "This method encapsulates the acl_to_any_text function. It allows a \n"
175 "customized text format to be generated for the ACL. See\n"
176 "acl_to_any_text(3) for more details.\n"
179 " - prefix: if given, this string will be prepended to all lines\n"
180 " - separator: a single character (defaults to '\\n'); this will be\n"
181 " user to separate the entries in the ACL\n"
182 " - options: a bitwise combination of:\n"
183 " TEXT_ABBREVIATE: use 'u' instead of 'user', 'g' instead of \n"
185 " TEXT_NUMERIC_IDS: User and group IDs are included as decimal\n"
186 " numbers instead of names\n"
187 " TEXT_SOME_EFFECTIVE: Include comments denoting the effective\n"
188 " permissions when some are masked\n"
189 " TEXT_ALL_EFFECTIVE: Include comments after all ACL entries\n"
190 " affected by an ACL_MASK entry\n"
191 " TEXT_SMART_INDENT: Used in combination with the _EFFECTIVE\n"
192 " options, this will ensure that comments \n"
193 " are alligned to the fourth tab position\n"
194 " (assuming one tab equal eight spaces\n"
197 /* Converts the acl to a custom text format */
198 static PyObject* ACL_to_any_text(PyObject *obj, PyObject *args,
201 ACL_Object *self = (ACL_Object*) obj;
203 char *arg_prefix = NULL;
204 char arg_separator = '\n';
206 static char *kwlist[] = {"prefix", "separator", "options", NULL};
208 if (!PyArg_ParseTupleAndKeywords(args, kwds, "|sci", kwlist, &arg_prefix,
209 &arg_separator, &arg_options))
212 text = acl_to_any_text(self->acl, arg_prefix, arg_separator, arg_options);
214 return PyErr_SetFromErrno(PyExc_IOError);
216 ret = PyString_FromString(text);
217 if(acl_free(text) != 0) {
219 return PyErr_SetFromErrno(PyExc_IOError);
224 static char __check_doc__[] =
225 "Check the ACL validity.\n"
227 "This is a non-portable, Linux specific extension that allow more\n"
228 "information to be retrieved in case an ACL is not valid than the\n"
229 "validate() method.\n"
231 "This method will return either False (the ACL is valid), or a tuple\n"
232 "with two elements. The first element is one of the following\n"
234 " - ACL_MULTI_ERROR: The ACL contains multiple entries that have a\n"
235 " tag type that may occur at most once\n"
236 " - ACL_DUPLICATE_ERROR: The ACL contains multiple ACL_USER or \n"
237 " ACL_GROUP entries with the same ID\n"
238 " - ACL_MISS_ERROR: A required entry is missing\n"
239 " - ACL_ENTRY_ERROR: The ACL contains an invalid entry tag type\n"
241 "The second element of the tuple is the index of the entry that is\n"
242 "invalid (in the same order as by iterating over the ACL entry)\n"
245 /* The acl_check method */
246 static PyObject* ACL_check(PyObject* obj, PyObject* args) {
247 ACL_Object *self = (ACL_Object*) obj;
251 if((result = acl_check(self->acl, &eindex)) == -1)
252 return PyErr_SetFromErrno(PyExc_IOError);
257 return PyTuple_Pack(2, PyInt_FromLong(result), PyInt_FromLong(eindex));
260 /* Implementation of the rich compare for ACLs */
261 static PyObject* ACL_richcompare(PyObject* o1, PyObject* o2, int op) {
262 ACL_Object *acl1, *acl2;
266 if(!PyObject_IsInstance(o2, (PyObject*)&ACL_Type)) {
271 PyErr_SetString(PyExc_TypeError, "can only compare to an ACL");
275 acl1 = (ACL_Object*)o1;
276 acl2 = (ACL_Object*)o2;
277 if((n=acl_cmp(acl1->acl, acl2->acl))==-1)
278 return PyErr_SetFromErrno(PyExc_IOError);
281 ret = n == 0 ? Py_True : Py_False;
284 ret = n == 1 ? Py_True : Py_False;
287 ret = Py_NotImplemented;
294 /* Implementation of the compare for ACLs */
295 static int ACL_nocmp(PyObject* o1, PyObject* o2) {
297 PyErr_SetString(PyExc_TypeError, "cannot compare ACLs using cmp()");
302 static char __applyto_doc__[] =
303 "Apply the ACL to a file or filehandle.\n"
306 " - either a filename or a file-like object or an integer; this\n"
307 " represents the filesystem object on which to act\n"
308 " - optional flag representing the type of ACL to set, either\n"
309 " ACL_TYPE_ACCESS (default) or ACL_TYPE_DEFAULT\n"
312 /* Applyes the ACL to a file */
313 static PyObject* ACL_applyto(PyObject* obj, PyObject* args) {
314 ACL_Object *self = (ACL_Object*) obj;
316 acl_type_t type = ACL_TYPE_ACCESS;
320 if (!PyArg_ParseTuple(args, "O|i", &myarg, &type))
323 if(PyString_Check(myarg)) {
324 char *filename = PyString_AS_STRING(myarg);
325 nret = acl_set_file(filename, type, self->acl);
326 } else if((fd = PyObject_AsFileDescriptor(myarg)) != -1) {
327 nret = acl_set_fd(fd, self->acl);
329 PyErr_SetString(PyExc_TypeError, "argument 1 must be string, int,"
330 " or file-like object");
334 return PyErr_SetFromErrno(PyExc_IOError);
337 /* Return the result */
342 static char __valid_doc__[] =
343 "Test the ACL for validity.\n"
345 "This method tests the ACL to see if it is a valid ACL\n"
346 "in terms of the filesystem. More precisely, it checks that:\n"
348 "The ACL contains exactly one entry with each of the\n"
349 "ACL_USER_OBJ, ACL_GROUP_OBJ, and ACL_OTHER tag types. Entries\n"
350 "with ACL_USER and ACL_GROUP tag types may appear zero or more\n"
351 "times in an ACL. An ACL that contains entries of ACL_USER or\n"
352 "ACL_GROUP tag types must contain exactly one entry of the \n"
353 "ACL_MASK tag type. If an ACL contains no entries of\n"
354 "ACL_USER or ACL_GROUP tag types, the ACL_MASK entry is optional.\n"
356 "All user ID qualifiers must be unique among all entries of\n"
357 "the ACL_USER tag type, and all group IDs must be unique among all\n"
358 "entries of ACL_GROUP tag type.\n"
360 "The method will return 1 for a valid ACL and 0 for an invalid one.\n"
361 "This has been chosen because the specification for acl_valid in\n"
362 "the POSIX.1e standard documents only one possible value for errno\n"
363 "in case of an invalid ACL, so we can't differentiate between\n"
364 "classes of errors. Other suggestions are welcome.\n"
367 /* Checks the ACL for validity */
368 static PyObject* ACL_valid(PyObject* obj, PyObject* args) {
369 ACL_Object *self = (ACL_Object*) obj;
371 if(acl_valid(self->acl) == -1) {
380 #ifdef HAVE_ACL_COPY_EXT
381 static PyObject* ACL_get_state(PyObject *obj, PyObject* args) {
382 ACL_Object *self = (ACL_Object*) obj;
387 size = acl_size(self->acl);
389 return PyErr_SetFromErrno(PyExc_IOError);
391 if((ret = PyString_FromStringAndSize(NULL, size)) == NULL)
393 buf = PyString_AsString(ret);
395 if((nsize = acl_copy_ext(buf, self->acl, size)) == -1) {
397 return PyErr_SetFromErrno(PyExc_IOError);
403 static PyObject* ACL_set_state(PyObject *obj, PyObject* args) {
404 ACL_Object *self = (ACL_Object*) obj;
409 /* Parse the argument */
410 if (!PyArg_ParseTuple(args, "s#", &buf, &bufsize))
413 /* Try to import the external representation */
414 if((ptr = acl_copy_int(buf)) == NULL)
415 return PyErr_SetFromErrno(PyExc_IOError);
417 /* Free the old acl. Should we ignore errors here? */
418 if(self->acl != NULL) {
419 if(acl_free(self->acl) == -1)
420 return PyErr_SetFromErrno(PyExc_IOError);
425 /* Return the result */
433 /* tp_iter for the ACL type; since it can be iterated only
434 * destructively, the type is its iterator
436 static PyObject* ACL_iter(PyObject *obj) {
437 ACL_Object *self = (ACL_Object*)obj;
438 self->entry_id = ACL_FIRST_ENTRY;
443 /* the tp_iternext function for the ACL type */
444 static PyObject* ACL_iternext(PyObject *obj) {
445 ACL_Object *self = (ACL_Object*)obj;
446 acl_entry_t the_entry_t;
447 Entry_Object *the_entry_obj;
450 nerr = acl_get_entry(self->acl, self->entry_id, &the_entry_t);
451 self->entry_id = ACL_NEXT_ENTRY;
453 return PyErr_SetFromErrno(PyExc_IOError);
455 /* Docs says this is not needed */
456 /*PyErr_SetObject(PyExc_StopIteration, Py_None);*/
460 the_entry_obj = (Entry_Object*) PyType_GenericNew(&Entry_Type, NULL, NULL);
461 if(the_entry_obj == NULL)
464 the_entry_obj->entry = the_entry_t;
466 the_entry_obj->parent_acl = obj;
467 Py_INCREF(obj); /* For the reference we have in entry->parent */
469 return (PyObject*)the_entry_obj;
472 static char __ACL_delete_entry_doc__[] =
473 "Deletes an entry from the ACL.\n"
475 "Note: Only with level 2\n"
477 " - the Entry object which should be deleted; note that after\n"
478 " this function is called, that object is unusable any longer\n"
479 " and should be deleted\n"
482 /* Deletes an entry from the ACL */
483 static PyObject* ACL_delete_entry(PyObject *obj, PyObject *args) {
484 ACL_Object *self = (ACL_Object*)obj;
487 if (!PyArg_ParseTuple(args, "O!", &Entry_Type, &e))
490 if(acl_delete_entry(self->acl, e->entry) == -1)
491 return PyErr_SetFromErrno(PyExc_IOError);
493 /* Return the result */
498 static char __ACL_calc_mask_doc__[] =
499 "Compute the file group class mask.\n"
501 "The calc_mask() method calculates and sets the permissions \n"
502 "associated with the ACL_MASK Entry of the ACL.\n"
503 "The value of the new permissions is the union of the permissions \n"
504 "granted by all entries of tag type ACL_GROUP, ACL_GROUP_OBJ, or \n"
505 "ACL_USER. If the ACL already contains an ACL_MASK entry, its \n"
506 "permissions are overwritten; if it does not contain an ACL_MASK \n"
507 "Entry, one is added.\n"
509 "The order of existing entries in the ACL is undefined after this \n"
513 /* Updates the mask entry in the ACL */
514 static PyObject* ACL_calc_mask(PyObject *obj, PyObject *args) {
515 ACL_Object *self = (ACL_Object*)obj;
517 if(acl_calc_mask(&self->acl) == -1)
518 return PyErr_SetFromErrno(PyExc_IOError);
520 /* Return the result */
525 static char __ACL_append_doc__[] =
526 "Append a new Entry to the ACL and return it.\n"
528 "This is a convenience function to create a new Entry \n"
529 "and append it to the ACL.\n"
530 "If a parameter of type Entry instance is given, the \n"
531 "entry will be a copy of that one (as if copied with \n"
532 "Entry.copy()), otherwise, the new entry will be empty.\n"
535 /* Convenience method to create a new Entry */
536 static PyObject* ACL_append(PyObject *obj, PyObject *args) {
537 ACL_Object* self = (ACL_Object*) obj;
538 Entry_Object* newentry;
539 Entry_Object* oldentry = NULL;
542 newentry = (Entry_Object*)PyType_GenericNew(&Entry_Type, NULL, NULL);
543 if(newentry == NULL) {
547 if (!PyArg_ParseTuple(args, "|O!", &Entry_Type, &oldentry))
550 nret = acl_create_entry(&self->acl, &newentry->entry);
553 return PyErr_SetFromErrno(PyExc_IOError);
556 if(oldentry != NULL) {
557 nret = acl_copy_entry(newentry->entry, oldentry->entry);
560 return PyErr_SetFromErrno(PyExc_IOError);
564 newentry->parent_acl = obj;
567 return (PyObject*)newentry;
570 /***** Entry type *****/
572 /* Creation of a new Entry instance */
573 static PyObject* Entry_new(PyTypeObject* type, PyObject* args,
577 newentry = PyType_GenericNew(type, args, keywds);
579 if(newentry != NULL) {
580 ((Entry_Object*)newentry)->entry = NULL;
581 ((Entry_Object*)newentry)->parent_acl = NULL;
587 /* Initialization of a new Entry instance */
588 static int Entry_init(PyObject* obj, PyObject* args, PyObject *keywds) {
589 Entry_Object* self = (Entry_Object*) obj;
590 ACL_Object* parent = NULL;
592 if (!PyArg_ParseTuple(args, "O!", &ACL_Type, &parent))
595 if(acl_create_entry(&parent->acl, &self->entry) == -1) {
596 PyErr_SetFromErrno(PyExc_IOError);
600 self->parent_acl = (PyObject*)parent;
606 /* Free the Entry instance */
607 static void Entry_dealloc(PyObject* obj) {
608 Entry_Object *self = (Entry_Object*) obj;
609 PyObject *err_type, *err_value, *err_traceback;
610 int have_error = PyErr_Occurred() ? 1 : 0;
613 PyErr_Fetch(&err_type, &err_value, &err_traceback);
614 if(self->parent_acl != NULL) {
615 Py_DECREF(self->parent_acl);
616 self->parent_acl = NULL;
619 PyErr_Restore(err_type, err_value, err_traceback);
623 /* Converts the entry to a text format */
624 static PyObject* Entry_str(PyObject *obj) {
629 PyObject *format, *list;
630 Entry_Object *self = (Entry_Object*) obj;
632 if(acl_get_tag_type(self->entry, &tag) == -1) {
633 PyErr_SetFromErrno(PyExc_IOError);
636 if(tag == ACL_USER || tag == ACL_GROUP) {
637 if((p = acl_get_qualifier(self->entry)) == NULL) {
638 PyErr_SetFromErrno(PyExc_IOError);
641 qualifier = *(uid_t*)p;
647 format = PyString_FromString("ACL entry for %s");
650 list = PyTuple_New(1);
651 if(tag == ACL_UNDEFINED_TAG) {
652 PyTuple_SetItem(list, 0, PyString_FromString("undefined type"));
653 } else if(tag == ACL_USER_OBJ) {
654 PyTuple_SetItem(list, 0, PyString_FromString("the owner"));
655 } else if(tag == ACL_GROUP_OBJ) {
656 PyTuple_SetItem(list, 0, PyString_FromString("the group"));
657 } else if(tag == ACL_OTHER) {
658 PyTuple_SetItem(list, 0, PyString_FromString("the others"));
659 } else if(tag == ACL_USER) {
660 PyTuple_SetItem(list, 0, PyString_FromFormat("user with uid %d",
662 } else if(tag == ACL_GROUP) {
663 PyTuple_SetItem(list, 0, PyString_FromFormat("group with gid %d",
665 } else if(tag == ACL_MASK) {
666 PyTuple_SetItem(list, 0, PyString_FromString("the mask"));
668 PyTuple_SetItem(list, 0, PyString_FromString("UNKNOWN_TAG_TYPE!"));
670 ret = PyString_Format(format, list);
676 /* Sets the tag type of the entry */
677 static int Entry_set_tag_type(PyObject* obj, PyObject* value, void* arg) {
678 Entry_Object *self = (Entry_Object*) obj;
681 PyErr_SetString(PyExc_TypeError,
682 "tag type deletion is not supported");
686 if(!PyInt_Check(value)) {
687 PyErr_SetString(PyExc_TypeError,
688 "tag type must be integer");
691 if(acl_set_tag_type(self->entry, (acl_tag_t)PyInt_AsLong(value)) == -1) {
692 PyErr_SetFromErrno(PyExc_IOError);
699 /* Returns the tag type of the entry */
700 static PyObject* Entry_get_tag_type(PyObject *obj, void* arg) {
701 Entry_Object *self = (Entry_Object*) obj;
704 if (self->entry == NULL) {
705 PyErr_SetString(PyExc_AttributeError, "entry attribute");
708 if(acl_get_tag_type(self->entry, &value) == -1) {
709 PyErr_SetFromErrno(PyExc_IOError);
713 return PyInt_FromLong(value);
716 /* Sets the qualifier (either uid_t or gid_t) for the entry,
717 * usable only if the tag type if ACL_USER or ACL_GROUP
719 static int Entry_set_qualifier(PyObject* obj, PyObject* value, void* arg) {
720 Entry_Object *self = (Entry_Object*) obj;
724 PyErr_SetString(PyExc_TypeError,
725 "qualifier deletion is not supported");
729 if(!PyInt_Check(value)) {
730 PyErr_SetString(PyExc_TypeError,
731 "tag type must be integer");
734 uidgid = PyInt_AsLong(value);
735 if(acl_set_qualifier(self->entry, (void*)&uidgid) == -1) {
736 PyErr_SetFromErrno(PyExc_IOError);
743 /* Returns the qualifier of the entry */
744 static PyObject* Entry_get_qualifier(PyObject *obj, void* arg) {
745 Entry_Object *self = (Entry_Object*) obj;
749 if (self->entry == NULL) {
750 PyErr_SetString(PyExc_AttributeError, "entry attribute");
753 if((p = acl_get_qualifier(self->entry)) == NULL) {
754 PyErr_SetFromErrno(PyExc_IOError);
760 return PyInt_FromLong(value);
763 /* Returns the parent ACL of the entry */
764 static PyObject* Entry_get_parent(PyObject *obj, void* arg) {
765 Entry_Object *self = (Entry_Object*) obj;
767 Py_INCREF(self->parent_acl);
768 return self->parent_acl;
771 /* Returns the a new Permset representing the permset of the entry
772 * FIXME: Should return a new reference to the same object, which
773 * should be created at init time!
775 static PyObject* Entry_get_permset(PyObject *obj, void* arg) {
776 Entry_Object *self = (Entry_Object*)obj;
780 p = Permset_new(&Permset_Type, NULL, NULL);
783 ps = (Permset_Object*)p;
784 if(acl_get_permset(self->entry, &ps->permset) == -1) {
785 PyErr_SetFromErrno(PyExc_IOError);
788 ps->parent_entry = obj;
794 /* Sets the permset of the entry to the passed Permset */
795 static int Entry_set_permset(PyObject* obj, PyObject* value, void* arg) {
796 Entry_Object *self = (Entry_Object*)obj;
799 if(!PyObject_IsInstance(value, (PyObject*)&Permset_Type)) {
800 PyErr_SetString(PyExc_TypeError, "argument 1 must be posix1e.Permset");
803 p = (Permset_Object*)value;
804 if(acl_set_permset(self->entry, p->permset) == -1) {
805 PyErr_SetFromErrno(PyExc_IOError);
811 static char __Entry_copy_doc__[] =
812 "Copy an ACL entry.\n"
814 "This method sets all the parameters to those of another\n"
815 "entry, even one of another's ACL\n"
817 " - src, instance of type Entry\n"
820 /* Sets all the entry parameters to another's entry */
821 static PyObject* Entry_copy(PyObject *obj, PyObject *args) {
822 Entry_Object *self = (Entry_Object*)obj;
825 if(!PyArg_ParseTuple(args, "O!", &Entry_Type, &other))
828 if(acl_copy_entry(self->entry, other->entry) == -1)
829 return PyErr_SetFromErrno(PyExc_IOError);
835 /**** Permset type *****/
837 /* Creation of a new Permset instance */
838 static PyObject* Permset_new(PyTypeObject* type, PyObject* args,
840 PyObject* newpermset;
842 newpermset = PyType_GenericNew(type, args, keywds);
844 if(newpermset != NULL) {
845 ((Permset_Object*)newpermset)->permset = NULL;
846 ((Permset_Object*)newpermset)->parent_entry = NULL;
852 /* Initialization of a new Permset instance */
853 static int Permset_init(PyObject* obj, PyObject* args, PyObject *keywds) {
854 Permset_Object* self = (Permset_Object*) obj;
855 Entry_Object* parent = NULL;
857 if (!PyArg_ParseTuple(args, "O!", &Entry_Type, &parent))
860 if(acl_get_permset(parent->entry, &self->permset) == -1) {
861 PyErr_SetFromErrno(PyExc_IOError);
865 self->parent_entry = (PyObject*)parent;
871 /* Free the Permset instance */
872 static void Permset_dealloc(PyObject* obj) {
873 Permset_Object *self = (Permset_Object*) obj;
874 PyObject *err_type, *err_value, *err_traceback;
875 int have_error = PyErr_Occurred() ? 1 : 0;
878 PyErr_Fetch(&err_type, &err_value, &err_traceback);
879 if(self->parent_entry != NULL) {
880 Py_DECREF(self->parent_entry);
881 self->parent_entry = NULL;
884 PyErr_Restore(err_type, err_value, err_traceback);
888 /* Permset string representation */
889 static PyObject* Permset_str(PyObject *obj) {
890 Permset_Object *self = (Permset_Object*) obj;
893 pstr[0] = get_perm(self->permset, ACL_READ) ? 'r' : '-';
894 pstr[1] = get_perm(self->permset, ACL_WRITE) ? 'w' : '-';
895 pstr[2] = get_perm(self->permset, ACL_EXECUTE) ? 'x' : '-';
896 return PyString_FromStringAndSize(pstr, 3);
899 static char __Permset_clear_doc__[] =
900 "Clear all permissions from the permission set.\n"
903 /* Clears all permissions from the permset */
904 static PyObject* Permset_clear(PyObject* obj, PyObject* args) {
905 Permset_Object *self = (Permset_Object*) obj;
907 if(acl_clear_perms(self->permset) == -1)
908 return PyErr_SetFromErrno(PyExc_IOError);
910 /* Return the result */
915 static PyObject* Permset_get_right(PyObject *obj, void* arg) {
916 Permset_Object *self = (Permset_Object*) obj;
918 if(get_perm(self->permset, *(acl_perm_t*)arg)) {
927 static int Permset_set_right(PyObject* obj, PyObject* value, void* arg) {
928 Permset_Object *self = (Permset_Object*) obj;
932 if(!PyInt_Check(value)) {
933 PyErr_SetString(PyExc_ValueError, "a maximum of one argument must"
937 on = PyInt_AsLong(value);
939 nerr = acl_add_perm(self->permset, *(acl_perm_t*)arg);
941 nerr = acl_delete_perm(self->permset, *(acl_perm_t*)arg);
943 PyErr_SetFromErrno(PyExc_IOError);
949 static char __Permset_add_doc__[] =
950 "Add a permission to the permission set.\n"
952 "The add() function adds the permission contained in \n"
953 "the argument perm to the permission set. An attempt \n"
954 "to add a permission that is already contained in the \n"
955 "permission set is not considered an error.\n"
957 " - perm a permission (ACL_WRITE, ACL_READ, ACL_EXECUTE, ...\n"
960 "Can raise: IOError\n"
963 static PyObject* Permset_add(PyObject* obj, PyObject* args) {
964 Permset_Object *self = (Permset_Object*) obj;
967 if (!PyArg_ParseTuple(args, "i", &right))
970 if(acl_add_perm(self->permset, (acl_perm_t) right) == -1)
971 return PyErr_SetFromErrno(PyExc_IOError);
973 /* Return the result */
978 static char __Permset_delete_doc__[] =
979 "Delete a permission from the permission set.\n"
981 "The delete() function deletes the permission contained in \n"
982 "the argument perm from the permission set. An attempt \n"
983 "to delete a permission that is not contained in the \n"
984 "permission set is not considered an error.\n"
986 " - perm a permission (ACL_WRITE, ACL_READ, ACL_EXECUTE, ...\n"
989 "Can raise: IOError\n"
992 static PyObject* Permset_delete(PyObject* obj, PyObject* args) {
993 Permset_Object *self = (Permset_Object*) obj;
996 if (!PyArg_ParseTuple(args, "i", &right))
999 if(acl_delete_perm(self->permset, (acl_perm_t) right) == -1)
1000 return PyErr_SetFromErrno(PyExc_IOError);
1002 /* Return the result */
1007 static char __Permset_test_doc__[] =
1008 "Test if a permission exists in the permission set.\n"
1010 "The test() function tests if the permission contained in \n"
1011 "the argument perm exits the permission set.\n"
1013 " - perm a permission (ACL_WRITE, ACL_READ, ACL_EXECUTE, ...\n"
1016 "Can raise: IOError\n"
1019 static PyObject* Permset_test(PyObject* obj, PyObject* args) {
1020 Permset_Object *self = (Permset_Object*) obj;
1024 if (!PyArg_ParseTuple(args, "i", &right))
1027 ret = get_perm(self->permset, (acl_perm_t) right);
1029 return PyErr_SetFromErrno(PyExc_IOError);
1035 Py_INCREF(Py_False);
1042 static char __ACL_Type_doc__[] =
1043 "Type which represents a POSIX ACL\n"
1046 " Only one keword parameter should be provided:\n"
1047 " - file=\"...\", meaning create ACL representing\n"
1048 " the access ACL of that file\n"
1049 " - filedef=\"...\", meaning create ACL representing\n"
1050 " the default ACL of that directory\n"
1051 " - fd=<int>, meaning create ACL representing\n"
1052 " the access ACL of that file descriptor\n"
1053 " - text=\"...\", meaning create ACL from a \n"
1054 " textual description\n"
1055 " - acl=<ACL instance>, meaning create a copy\n"
1056 " of an existing ACL instance\n"
1057 " - mode=<int>, meaning create an ACL from a numeric mode\n"
1058 " (e.g. mode=0644) (this is valid only when the C library\n"
1059 " provides the acl_from_mode call)\n"
1060 "If no parameters are passed, create an empty ACL; this\n"
1061 "makes sense only when your OS supports ACL modification\n"
1062 " (i.e. it implements full POSIX.1e support)\n"
1065 /* ACL type methods */
1066 static PyMethodDef ACL_methods[] = {
1067 {"applyto", ACL_applyto, METH_VARARGS, __applyto_doc__},
1068 {"valid", ACL_valid, METH_NOARGS, __valid_doc__},
1070 {"to_any_text", (PyCFunction)ACL_to_any_text, METH_VARARGS | METH_KEYWORDS,
1071 __to_any_text_doc__},
1072 {"check", ACL_check, METH_NOARGS, __check_doc__},
1074 #ifdef HAVE_ACL_COPYEXT
1075 {"__getstate__", ACL_get_state, METH_NOARGS,
1076 "Dumps the ACL to an external format."},
1077 {"__setstate__", ACL_set_state, METH_VARARGS,
1078 "Loads the ACL from an external format."},
1081 {"delete_entry", ACL_delete_entry, METH_VARARGS, __ACL_delete_entry_doc__},
1082 {"calc_mask", ACL_calc_mask, METH_NOARGS, __ACL_calc_mask_doc__},
1083 {"append", ACL_append, METH_VARARGS, __ACL_append_doc__},
1085 {NULL, NULL, 0, NULL}
1089 /* The definition of the ACL Type */
1090 static PyTypeObject ACL_Type = {
1091 PyObject_HEAD_INIT(NULL)
1096 ACL_dealloc, /* tp_dealloc */
1100 ACL_nocmp, /* tp_compare */
1102 0, /* tp_as_number */
1103 0, /* tp_as_sequence */
1104 0, /* tp_as_mapping */
1107 ACL_str, /* tp_str */
1108 0, /* tp_getattro */
1109 0, /* tp_setattro */
1110 0, /* tp_as_buffer */
1111 Py_TPFLAGS_DEFAULT, /* tp_flags */
1112 __ACL_Type_doc__, /* tp_doc */
1113 0, /* tp_traverse */
1116 ACL_richcompare, /* tp_richcompare */
1118 0, /* tp_richcompare */
1120 0, /* tp_weaklistoffset */
1126 0, /* tp_iternext */
1128 ACL_methods, /* tp_methods */
1133 0, /* tp_descr_get */
1134 0, /* tp_descr_set */
1135 0, /* tp_dictoffset */
1136 ACL_init, /* tp_init */
1138 ACL_new, /* tp_new */
1143 /* Entry type methods */
1144 static PyMethodDef Entry_methods[] = {
1145 {"copy", Entry_copy, METH_VARARGS, __Entry_copy_doc__},
1146 {NULL, NULL, 0, NULL}
1149 static char __Entry_tagtype_doc__[] =
1150 "The tag type of the current entry\n"
1153 " - ACL_UNDEFINED_TAG\n"
1156 " - ACL_GROUP_OBJ\n"
1162 static char __Entry_qualifier_doc__[] =
1163 "The qualifier of the current entry\n"
1165 "If the tag type is ACL_USER, this should be a user id.\n"
1166 "If the tag type if ACL_GROUP, this should be a group id.\n"
1167 "Else, it doesn't matter.\n"
1170 static char __Entry_parent_doc__[] =
1171 "The parent ACL of this entry\n"
1174 static char __Entry_permset_doc__[] =
1175 "The permission set of this ACL entry\n"
1179 static PyGetSetDef Entry_getsets[] = {
1180 {"tag_type", Entry_get_tag_type, Entry_set_tag_type,
1181 __Entry_tagtype_doc__},
1182 {"qualifier", Entry_get_qualifier, Entry_set_qualifier,
1183 __Entry_qualifier_doc__},
1184 {"parent", Entry_get_parent, NULL, __Entry_parent_doc__},
1185 {"permset", Entry_get_permset, Entry_set_permset, __Entry_permset_doc__},
1189 static char __Entry_Type_doc__[] =
1190 "Type which represents an entry in an ACL.\n"
1192 "The type exists only if the OS has full support for POSIX.1e\n"
1193 "Can be created either by:\n"
1194 " e = posix1e.Entry(myACL) # this creates a new entry in the ACL\n"
1196 " for entry in myACL:\n"
1199 "Note that the Entry keeps a reference to its ACL, so even if \n"
1200 "you delete the ACL, it won't be cleaned up and will continue to \n"
1201 "exist until its Entry(ies) will be deleted.\n"
1203 /* The definition of the Entry Type */
1204 static PyTypeObject Entry_Type = {
1205 PyObject_HEAD_INIT(NULL)
1208 sizeof(Entry_Object),
1210 Entry_dealloc, /* tp_dealloc */
1216 0, /* tp_as_number */
1217 0, /* tp_as_sequence */
1218 0, /* tp_as_mapping */
1221 Entry_str, /* tp_str */
1222 0, /* tp_getattro */
1223 0, /* tp_setattro */
1224 0, /* tp_as_buffer */
1225 Py_TPFLAGS_DEFAULT, /* tp_flags */
1226 __Entry_Type_doc__, /* tp_doc */
1227 0, /* tp_traverse */
1229 0, /* tp_richcompare */
1230 0, /* tp_weaklistoffset */
1232 0, /* tp_iternext */
1233 Entry_methods, /* tp_methods */
1235 Entry_getsets, /* tp_getset */
1238 0, /* tp_descr_get */
1239 0, /* tp_descr_set */
1240 0, /* tp_dictoffset */
1241 Entry_init, /* tp_init */
1243 Entry_new, /* tp_new */
1246 /* Permset type methods */
1247 static PyMethodDef Permset_methods[] = {
1248 {"clear", Permset_clear, METH_NOARGS, __Permset_clear_doc__, },
1249 {"add", Permset_add, METH_VARARGS, __Permset_add_doc__, },
1250 {"delete", Permset_delete, METH_VARARGS, __Permset_delete_doc__, },
1251 {"test", Permset_test, METH_VARARGS, __Permset_test_doc__, },
1252 {NULL, NULL, 0, NULL}
1255 static char __Permset_execute_doc__[] =
1256 "Execute permsission\n"
1258 "This is a convenience method of access; the \n"
1259 "same effect can be achieved using the functions\n"
1260 "add(), test(), delete(), and those can take any \n"
1261 "permission defined by your platform.\n"
1264 static char __Permset_read_doc__[] =
1265 "Read permsission\n"
1267 "This is a convenience method of access; the \n"
1268 "same effect can be achieved using the functions\n"
1269 "add(), test(), delete(), and those can take any \n"
1270 "permission defined by your platform.\n"
1273 static char __Permset_write_doc__[] =
1274 "Write permsission\n"
1276 "This is a convenience method of access; the \n"
1277 "same effect can be achieved using the functions\n"
1278 "add(), test(), delete(), and those can take any \n"
1279 "permission defined by your platform.\n"
1282 /* Permset getset */
1283 static PyGetSetDef Permset_getsets[] = {
1284 {"execute", Permset_get_right, Permset_set_right,
1285 __Permset_execute_doc__, &holder_ACL_EXECUTE},
1286 {"read", Permset_get_right, Permset_set_right,
1287 __Permset_read_doc__, &holder_ACL_READ},
1288 {"write", Permset_get_right, Permset_set_right,
1289 __Permset_write_doc__, &holder_ACL_WRITE},
1293 static char __Permset_Type_doc__[] =
1294 "Type which represents the permission set in an ACL entry\n"
1296 "The type exists only if the OS has full support for POSIX.1e\n"
1297 "Can be created either by:\n"
1298 " perms = myEntry.permset\n"
1300 " perms = posix1e.Permset(myEntry)\n"
1302 "Note that the Permset keeps a reference to its Entry, so even if \n"
1303 "you delete the entry, it won't be cleaned up and will continue to \n"
1304 "exist until its Permset will be deleted.\n"
1307 /* The definition of the Permset Type */
1308 static PyTypeObject Permset_Type = {
1309 PyObject_HEAD_INIT(NULL)
1312 sizeof(Permset_Object),
1314 Permset_dealloc, /* tp_dealloc */
1320 0, /* tp_as_number */
1321 0, /* tp_as_sequence */
1322 0, /* tp_as_mapping */
1325 Permset_str, /* tp_str */
1326 0, /* tp_getattro */
1327 0, /* tp_setattro */
1328 0, /* tp_as_buffer */
1329 Py_TPFLAGS_DEFAULT, /* tp_flags */
1330 __Permset_Type_doc__,/* tp_doc */
1331 0, /* tp_traverse */
1333 0, /* tp_richcompare */
1334 0, /* tp_weaklistoffset */
1336 0, /* tp_iternext */
1337 Permset_methods, /* tp_methods */
1339 Permset_getsets, /* tp_getset */
1342 0, /* tp_descr_get */
1343 0, /* tp_descr_set */
1344 0, /* tp_dictoffset */
1345 Permset_init, /* tp_init */
1347 Permset_new, /* tp_new */
1352 /* Module methods */
1354 static char __deletedef_doc__[] =
1355 "Delete the default ACL from a directory.\n"
1357 "This function deletes the default ACL associated with \n"
1358 "a directory (the ACL which will be ANDed with the mode\n"
1359 "parameter to the open, creat functions).\n"
1361 " - a string representing the directory whose default ACL\n"
1362 " should be deleted\n"
1365 /* Deletes the default ACL from a directory */
1366 static PyObject* aclmodule_delete_default(PyObject* obj, PyObject* args) {
1369 /* Parse the arguments */
1370 if (!PyArg_ParseTuple(args, "s", &filename))
1373 if(acl_delete_def_file(filename) == -1) {
1374 return PyErr_SetFromErrno(PyExc_IOError);
1377 /* Return the result */
1382 /* The module methods */
1383 static PyMethodDef aclmodule_methods[] = {
1384 {"delete_default", aclmodule_delete_default, METH_VARARGS,
1386 {NULL, NULL, 0, NULL}
1389 static char __posix1e_doc__[] =
1390 "POSIX.1e ACLs manipulation\n"
1392 "This module provides support for manipulating POSIX.1e ACLS\n"
1394 "Depending on the operating system support for POSIX.1e, \n"
1395 "the ACL type will have more or less capabilities:\n"
1396 " - level 1, only basic support, you can create\n"
1397 " ACLs from files and text descriptions;\n"
1398 " once created, the type is immutable\n"
1399 " - level 2, complete support, you can alter\n"
1400 " the ACL once it is created\n"
1402 "Also, in level 2, more types are available, corresponding\n"
1403 "to acl_entry_t (Entry type), acl_permset_t (Permset type).\n"
1406 ">>> import posix1e\n"
1407 ">>> acl1 = posix1e.ACL(file=\"file.txt\") \n"
1413 ">>> b = posix1e.ACL(text=\"u::rx,g::-,o::-\")\n"
1419 ">>> b.applyto(\"file.txt\")\n"
1420 ">>> print posix1e.ACL(file=\"file.txt\")\n"
1428 void initposix1e(void) {
1431 ACL_Type.ob_type = &PyType_Type;
1432 if(PyType_Ready(&ACL_Type) < 0)
1436 Entry_Type.ob_type = &PyType_Type;
1437 if(PyType_Ready(&Entry_Type) < 0)
1440 Permset_Type.ob_type = &PyType_Type;
1441 if(PyType_Ready(&Permset_Type) < 0)
1445 m = Py_InitModule3("posix1e", aclmodule_methods, __posix1e_doc__);
1447 d = PyModule_GetDict(m);
1451 Py_INCREF(&ACL_Type);
1452 if (PyDict_SetItemString(d, "ACL",
1453 (PyObject *) &ACL_Type) < 0)
1456 /* 23.3.6 acl_type_t values */
1457 PyModule_AddIntConstant(m, "ACL_TYPE_ACCESS", ACL_TYPE_ACCESS);
1458 PyModule_AddIntConstant(m, "ACL_TYPE_DEFAULT", ACL_TYPE_DEFAULT);
1462 Py_INCREF(&Entry_Type);
1463 if (PyDict_SetItemString(d, "Entry",
1464 (PyObject *) &Entry_Type) < 0)
1467 Py_INCREF(&Permset_Type);
1468 if (PyDict_SetItemString(d, "Permset",
1469 (PyObject *) &Permset_Type) < 0)
1472 /* 23.2.2 acl_perm_t values */
1473 PyModule_AddIntConstant(m, "ACL_READ", ACL_READ);
1474 PyModule_AddIntConstant(m, "ACL_WRITE", ACL_WRITE);
1475 PyModule_AddIntConstant(m, "ACL_EXECUTE", ACL_EXECUTE);
1477 /* 23.2.5 acl_tag_t values */
1478 PyModule_AddIntConstant(m, "ACL_UNDEFINED_TAG", ACL_UNDEFINED_TAG);
1479 PyModule_AddIntConstant(m, "ACL_USER_OBJ", ACL_USER_OBJ);
1480 PyModule_AddIntConstant(m, "ACL_USER", ACL_USER);
1481 PyModule_AddIntConstant(m, "ACL_GROUP_OBJ", ACL_GROUP_OBJ);
1482 PyModule_AddIntConstant(m, "ACL_GROUP", ACL_GROUP);
1483 PyModule_AddIntConstant(m, "ACL_MASK", ACL_MASK);
1484 PyModule_AddIntConstant(m, "ACL_OTHER", ACL_OTHER);
1486 /* Document extended functionality via easy-to-use constants */
1487 PyModule_AddIntConstant(m, "HAS_ACL_ENTRY", 1);
1489 PyModule_AddIntConstant(m, "HAS_ACL_ENTRY", 0);
1493 /* Linux libacl specific acl_to_any_text constants */
1494 PyModule_AddIntConstant(m, "TEXT_ABBREVIATE", TEXT_ABBREVIATE);
1495 PyModule_AddIntConstant(m, "TEXT_NUMERIC_IDS", TEXT_NUMERIC_IDS);
1496 PyModule_AddIntConstant(m, "TEXT_SOME_EFFECTIVE", TEXT_SOME_EFFECTIVE);
1497 PyModule_AddIntConstant(m, "TEXT_ALL_EFFECTIVE", TEXT_ALL_EFFECTIVE);
1498 PyModule_AddIntConstant(m, "TEXT_SMART_INDENT", TEXT_SMART_INDENT);
1500 /* Linux libacl specific acl_check constants */
1501 PyModule_AddIntConstant(m, "ACL_MULTI_ERROR", ACL_MULTI_ERROR);
1502 PyModule_AddIntConstant(m, "ACL_DUPLICATE_ERROR", ACL_DUPLICATE_ERROR);
1503 PyModule_AddIntConstant(m, "ACL_MISS_ERROR", ACL_MISS_ERROR);
1504 PyModule_AddIntConstant(m, "ACL_ENTRY_ERROR", ACL_ENTRY_ERROR);
1506 /* declare the Linux extensions */
1507 PyModule_AddIntConstant(m, "HAS_ACL_FROM_MODE", 1);
1508 PyModule_AddIntConstant(m, "HAS_ACL_CHECK", 1);
1510 PyModule_AddIntConstant(m, "HAS_ACL_FROM_MODE", 0);
1511 PyModule_AddIntConstant(m, "HAS_ACL_CHECK", 0);