2 posix1e - a python module exposing the posix acl functions
4 Copyright (C) 2002-2008 Iustin Pop <iusty@k1024.org>
6 This library is free software; you can redistribute it and/or
7 modify it under the terms of the GNU Lesser General Public
8 License as published by the Free Software Foundation; either
9 version 2.1 of the License, or (at your option) any later version.
11 This library is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 Lesser General Public License for more details.
16 You should have received a copy of the GNU Lesser General Public
17 License along with this library; if not, write to the Free Software
18 Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
25 #include <sys/types.h>
29 #include <acl/libacl.h>
30 #define get_perm acl_get_perm
32 #define get_perm acl_get_perm_np
35 staticforward PyTypeObject ACL_Type;
36 static PyObject* ACL_applyto(PyObject* obj, PyObject* args);
37 static PyObject* ACL_valid(PyObject* obj, PyObject* args);
39 #ifdef HAVE_ACL_COPY_EXT
40 static PyObject* ACL_get_state(PyObject *obj, PyObject* args);
41 static PyObject* ACL_set_state(PyObject *obj, PyObject* args);
45 staticforward PyTypeObject Entry_Type;
46 staticforward PyTypeObject Permset_Type;
47 static PyObject* Permset_new(PyTypeObject* type, PyObject* args,
51 static acl_perm_t holder_ACL_EXECUTE = ACL_EXECUTE;
52 static acl_perm_t holder_ACL_READ = ACL_READ;
53 static acl_perm_t holder_ACL_WRITE = ACL_WRITE;
67 PyObject *parent_acl; /* The parent acl, so it won't run out on us */
73 PyObject *parent_entry; /* The parent entry, so it won't run out on us */
74 acl_permset_t permset;
79 /* Creation of a new ACL instance */
80 static PyObject* ACL_new(PyTypeObject* type, PyObject* args,
84 newacl = type->tp_alloc(type, 0);
87 ((ACL_Object*)newacl)->acl = NULL;
89 ((ACL_Object*)newacl)->entry_id = ACL_FIRST_ENTRY;
96 /* Initialization of a new ACL instance */
97 static int ACL_init(PyObject* obj, PyObject* args, PyObject *keywds) {
98 ACL_Object* self = (ACL_Object*) obj;
100 static char *kwlist[] = { "file", "fd", "text", "acl", "filedef",
102 char *format = "|sisO!sH";
105 static char *kwlist[] = { "file", "fd", "text", "acl", "filedef", NULL };
106 char *format = "|sisO!s";
109 char *filedef = NULL;
112 ACL_Object* thesrc = NULL;
114 if(!PyTuple_Check(args) || PyTuple_Size(args) != 0 ||
115 (keywds != NULL && PyDict_Check(keywds) && PyDict_Size(keywds) > 1)) {
116 PyErr_SetString(PyExc_ValueError, "a max of one keyword argument"
120 if(!PyArg_ParseTupleAndKeywords(args, keywds, format, kwlist,
121 &file, &fd, &text, &ACL_Type,
129 /* Free the old acl_t without checking for error, we don't
131 if(self->acl != NULL)
135 self->acl = acl_get_file(file, ACL_TYPE_ACCESS);
136 else if(text != NULL)
137 self->acl = acl_from_text(text);
139 self->acl = acl_get_fd(fd);
140 else if(thesrc != NULL)
141 self->acl = acl_dup(thesrc->acl);
142 else if(filedef != NULL)
143 self->acl = acl_get_file(filedef, ACL_TYPE_DEFAULT);
145 else if(PyMapping_HasKeyString(keywds, kwlist[5]))
146 self->acl = acl_from_mode(mode);
149 self->acl = acl_init(0);
151 if(self->acl == NULL) {
152 PyErr_SetFromErrno(PyExc_IOError);
159 /* Standard type functions */
160 static void ACL_dealloc(PyObject* obj) {
161 ACL_Object *self = (ACL_Object*) obj;
162 PyObject *err_type, *err_value, *err_traceback;
163 int have_error = PyErr_Occurred() ? 1 : 0;
166 PyErr_Fetch(&err_type, &err_value, &err_traceback);
167 if(self->acl != NULL && acl_free(self->acl) != 0)
168 PyErr_WriteUnraisable(obj);
170 PyErr_Restore(err_type, err_value, err_traceback);
174 /* Converts the acl to a text format */
175 static PyObject* ACL_str(PyObject *obj) {
177 ACL_Object *self = (ACL_Object*) obj;
180 text = acl_to_text(self->acl, NULL);
182 return PyErr_SetFromErrno(PyExc_IOError);
184 ret = PyString_FromString(text);
185 if(acl_free(text) != 0) {
187 return PyErr_SetFromErrno(PyExc_IOError);
193 static char __to_any_text_doc__[] =
194 "Convert the ACL to a custom text format.\n"
196 "This method encapsulates the acl_to_any_text function. It allows a \n"
197 "customized text format to be generated for the ACL. See\n"
198 "acl_to_any_text(3) for more details.\n"
201 " - prefix: if given, this string will be prepended to all lines\n"
202 " - separator: a single character (defaults to '\\n'); this will be\n"
203 " user to separate the entries in the ACL\n"
204 " - options: a bitwise combination of:\n"
205 " - TEXT_ABBREVIATE: use 'u' instead of 'user', 'g' instead of \n"
207 " - TEXT_NUMERIC_IDS: User and group IDs are included as decimal\n"
208 " numbers instead of names\n"
209 " - TEXT_SOME_EFFECTIVE: Include comments denoting the effective\n"
210 " permissions when some are masked\n"
211 " - TEXT_ALL_EFFECTIVE: Include comments after all ACL entries\n"
212 " affected by an ACL_MASK entry\n"
213 " - TEXT_SMART_INDENT: Used in combination with the _EFFECTIVE\n"
214 " options, this will ensure that comments \n"
215 " are alligned to the fourth tab position\n"
216 " (assuming one tab equals eight spaces)\n"
219 /* Converts the acl to a custom text format */
220 static PyObject* ACL_to_any_text(PyObject *obj, PyObject *args,
223 ACL_Object *self = (ACL_Object*) obj;
225 char *arg_prefix = NULL;
226 char arg_separator = '\n';
228 static char *kwlist[] = {"prefix", "separator", "options", NULL};
230 if (!PyArg_ParseTupleAndKeywords(args, kwds, "|sci", kwlist, &arg_prefix,
231 &arg_separator, &arg_options))
234 text = acl_to_any_text(self->acl, arg_prefix, arg_separator, arg_options);
236 return PyErr_SetFromErrno(PyExc_IOError);
238 ret = PyString_FromString(text);
239 if(acl_free(text) != 0) {
241 return PyErr_SetFromErrno(PyExc_IOError);
246 static char __check_doc__[] =
247 "Check the ACL validity.\n"
249 "This is a non-portable, Linux specific extension that allow more\n"
250 "information to be retrieved in case an ACL is not valid than the\n"
251 "validate() method.\n"
253 "This method will return either False (the ACL is valid), or a tuple\n"
254 "with two elements. The first element is one of the following\n"
256 " - ACL_MULTI_ERROR: The ACL contains multiple entries that have a\n"
257 " tag type that may occur at most once\n"
258 " - ACL_DUPLICATE_ERROR: The ACL contains multiple ACL_USER or \n"
259 " ACL_GROUP entries with the same ID\n"
260 " - ACL_MISS_ERROR: A required entry is missing\n"
261 " - ACL_ENTRY_ERROR: The ACL contains an invalid entry tag type\n"
263 "The second element of the tuple is the index of the entry that is\n"
264 "invalid (in the same order as by iterating over the ACL entry)\n"
267 /* The acl_check method */
268 static PyObject* ACL_check(PyObject* obj, PyObject* args) {
269 ACL_Object *self = (ACL_Object*) obj;
273 if((result = acl_check(self->acl, &eindex)) == -1)
274 return PyErr_SetFromErrno(PyExc_IOError);
279 return PyTuple_Pack(2, PyInt_FromLong(result), PyInt_FromLong(eindex));
282 /* Implementation of the rich compare for ACLs */
283 static PyObject* ACL_richcompare(PyObject* o1, PyObject* o2, int op) {
284 ACL_Object *acl1, *acl2;
288 if(!PyObject_IsInstance(o2, (PyObject*)&ACL_Type)) {
293 PyErr_SetString(PyExc_TypeError, "can only compare to an ACL");
297 acl1 = (ACL_Object*)o1;
298 acl2 = (ACL_Object*)o2;
299 if((n=acl_cmp(acl1->acl, acl2->acl))==-1)
300 return PyErr_SetFromErrno(PyExc_IOError);
303 ret = n == 0 ? Py_True : Py_False;
306 ret = n == 1 ? Py_True : Py_False;
309 ret = Py_NotImplemented;
315 static char __equiv_mode_doc__[] =
316 "Return the octal mode the ACL is equivalent to.\n"
318 "This is a non-portable, Linux specific extension that checks\n"
319 "if the ACL is a basic ACL and returns the corresponding mode.\n"
321 "An IOerror exception will be raised if the ACL is an extended ACL\n"
324 /* The acl_equiv_mode method */
325 static PyObject* ACL_equiv_mode(PyObject* obj, PyObject* args) {
326 ACL_Object *self = (ACL_Object*) obj;
329 if(acl_equiv_mode(self->acl, &mode) == -1)
330 return PyErr_SetFromErrno(PyExc_IOError);
331 return PyInt_FromLong(mode);
335 /* Implementation of the compare for ACLs */
336 static int ACL_nocmp(PyObject* o1, PyObject* o2) {
338 PyErr_SetString(PyExc_TypeError, "cannot compare ACLs using cmp()");
343 static char __applyto_doc__[] =
344 "Apply the ACL to a file or filehandle.\n"
347 " - either a filename or a file-like object or an integer; this\n"
348 " represents the filesystem object on which to act\n"
349 " - optional flag representing the type of ACL to set, either\n"
350 " ACL_TYPE_ACCESS (default) or ACL_TYPE_DEFAULT\n"
353 /* Applyes the ACL to a file */
354 static PyObject* ACL_applyto(PyObject* obj, PyObject* args) {
355 ACL_Object *self = (ACL_Object*) obj;
357 acl_type_t type = ACL_TYPE_ACCESS;
361 if (!PyArg_ParseTuple(args, "O|i", &myarg, &type))
364 if(PyString_Check(myarg)) {
365 char *filename = PyString_AS_STRING(myarg);
366 nret = acl_set_file(filename, type, self->acl);
367 } else if((fd = PyObject_AsFileDescriptor(myarg)) != -1) {
368 nret = acl_set_fd(fd, self->acl);
370 PyErr_SetString(PyExc_TypeError, "argument 1 must be string, int,"
371 " or file-like object");
375 return PyErr_SetFromErrno(PyExc_IOError);
378 /* Return the result */
383 static char __valid_doc__[] =
384 "Test the ACL for validity.\n"
386 "This method tests the ACL to see if it is a valid ACL\n"
387 "in terms of the filesystem. More precisely, it checks that:\n"
389 "The ACL contains exactly one entry with each of the\n"
390 "ACL_USER_OBJ, ACL_GROUP_OBJ, and ACL_OTHER tag types. Entries\n"
391 "with ACL_USER and ACL_GROUP tag types may appear zero or more\n"
392 "times in an ACL. An ACL that contains entries of ACL_USER or\n"
393 "ACL_GROUP tag types must contain exactly one entry of the \n"
394 "ACL_MASK tag type. If an ACL contains no entries of\n"
395 "ACL_USER or ACL_GROUP tag types, the ACL_MASK entry is optional.\n"
397 "All user ID qualifiers must be unique among all entries of\n"
398 "the ACL_USER tag type, and all group IDs must be unique among all\n"
399 "entries of ACL_GROUP tag type.\n"
401 "The method will return 1 for a valid ACL and 0 for an invalid one.\n"
402 "This has been chosen because the specification for acl_valid in\n"
403 "the POSIX.1e standard documents only one possible value for errno\n"
404 "in case of an invalid ACL, so we can't differentiate between\n"
405 "classes of errors. Other suggestions are welcome.\n"
408 /* Checks the ACL for validity */
409 static PyObject* ACL_valid(PyObject* obj, PyObject* args) {
410 ACL_Object *self = (ACL_Object*) obj;
412 if(acl_valid(self->acl) == -1) {
421 #ifdef HAVE_ACL_COPY_EXT
422 static PyObject* ACL_get_state(PyObject *obj, PyObject* args) {
423 ACL_Object *self = (ACL_Object*) obj;
428 size = acl_size(self->acl);
430 return PyErr_SetFromErrno(PyExc_IOError);
432 if((ret = PyString_FromStringAndSize(NULL, size)) == NULL)
434 buf = PyString_AsString(ret);
436 if((nsize = acl_copy_ext(buf, self->acl, size)) == -1) {
438 return PyErr_SetFromErrno(PyExc_IOError);
444 static PyObject* ACL_set_state(PyObject *obj, PyObject* args) {
445 ACL_Object *self = (ACL_Object*) obj;
450 /* Parse the argument */
451 if (!PyArg_ParseTuple(args, "s#", &buf, &bufsize))
454 /* Try to import the external representation */
455 if((ptr = acl_copy_int(buf)) == NULL)
456 return PyErr_SetFromErrno(PyExc_IOError);
458 /* Free the old acl. Should we ignore errors here? */
459 if(self->acl != NULL) {
460 if(acl_free(self->acl) == -1)
461 return PyErr_SetFromErrno(PyExc_IOError);
466 /* Return the result */
474 /* tp_iter for the ACL type; since it can be iterated only
475 * destructively, the type is its iterator
477 static PyObject* ACL_iter(PyObject *obj) {
478 ACL_Object *self = (ACL_Object*)obj;
479 self->entry_id = ACL_FIRST_ENTRY;
484 /* the tp_iternext function for the ACL type */
485 static PyObject* ACL_iternext(PyObject *obj) {
486 ACL_Object *self = (ACL_Object*)obj;
487 acl_entry_t the_entry_t;
488 Entry_Object *the_entry_obj;
491 nerr = acl_get_entry(self->acl, self->entry_id, &the_entry_t);
492 self->entry_id = ACL_NEXT_ENTRY;
494 return PyErr_SetFromErrno(PyExc_IOError);
496 /* Docs says this is not needed */
497 /*PyErr_SetObject(PyExc_StopIteration, Py_None);*/
501 the_entry_obj = (Entry_Object*) PyType_GenericNew(&Entry_Type, NULL, NULL);
502 if(the_entry_obj == NULL)
505 the_entry_obj->entry = the_entry_t;
507 the_entry_obj->parent_acl = obj;
508 Py_INCREF(obj); /* For the reference we have in entry->parent */
510 return (PyObject*)the_entry_obj;
513 static char __ACL_delete_entry_doc__[] =
514 "Deletes an entry from the ACL.\n"
516 "Note: Only with level 2\n"
518 " - the Entry object which should be deleted; note that after\n"
519 " this function is called, that object is unusable any longer\n"
520 " and should be deleted\n"
523 /* Deletes an entry from the ACL */
524 static PyObject* ACL_delete_entry(PyObject *obj, PyObject *args) {
525 ACL_Object *self = (ACL_Object*)obj;
528 if (!PyArg_ParseTuple(args, "O!", &Entry_Type, &e))
531 if(acl_delete_entry(self->acl, e->entry) == -1)
532 return PyErr_SetFromErrno(PyExc_IOError);
534 /* Return the result */
539 static char __ACL_calc_mask_doc__[] =
540 "Compute the file group class mask.\n"
542 "The calc_mask() method calculates and sets the permissions \n"
543 "associated with the ACL_MASK Entry of the ACL.\n"
544 "The value of the new permissions is the union of the permissions \n"
545 "granted by all entries of tag type ACL_GROUP, ACL_GROUP_OBJ, or \n"
546 "ACL_USER. If the ACL already contains an ACL_MASK entry, its \n"
547 "permissions are overwritten; if it does not contain an ACL_MASK \n"
548 "Entry, one is added.\n"
550 "The order of existing entries in the ACL is undefined after this \n"
554 /* Updates the mask entry in the ACL */
555 static PyObject* ACL_calc_mask(PyObject *obj, PyObject *args) {
556 ACL_Object *self = (ACL_Object*)obj;
558 if(acl_calc_mask(&self->acl) == -1)
559 return PyErr_SetFromErrno(PyExc_IOError);
561 /* Return the result */
566 static char __ACL_append_doc__[] =
567 "Append a new Entry to the ACL and return it.\n"
569 "This is a convenience function to create a new Entry \n"
570 "and append it to the ACL.\n"
571 "If a parameter of type Entry instance is given, the \n"
572 "entry will be a copy of that one (as if copied with \n"
573 "Entry.copy()), otherwise, the new entry will be empty.\n"
576 /* Convenience method to create a new Entry */
577 static PyObject* ACL_append(PyObject *obj, PyObject *args) {
578 ACL_Object* self = (ACL_Object*) obj;
579 Entry_Object* newentry;
580 Entry_Object* oldentry = NULL;
583 newentry = (Entry_Object*)PyType_GenericNew(&Entry_Type, NULL, NULL);
584 if(newentry == NULL) {
588 if (!PyArg_ParseTuple(args, "|O!", &Entry_Type, &oldentry))
591 nret = acl_create_entry(&self->acl, &newentry->entry);
594 return PyErr_SetFromErrno(PyExc_IOError);
597 if(oldentry != NULL) {
598 nret = acl_copy_entry(newentry->entry, oldentry->entry);
601 return PyErr_SetFromErrno(PyExc_IOError);
605 newentry->parent_acl = obj;
608 return (PyObject*)newentry;
611 /***** Entry type *****/
613 /* Creation of a new Entry instance */
614 static PyObject* Entry_new(PyTypeObject* type, PyObject* args,
618 newentry = PyType_GenericNew(type, args, keywds);
620 if(newentry != NULL) {
621 ((Entry_Object*)newentry)->entry = NULL;
622 ((Entry_Object*)newentry)->parent_acl = NULL;
628 /* Initialization of a new Entry instance */
629 static int Entry_init(PyObject* obj, PyObject* args, PyObject *keywds) {
630 Entry_Object* self = (Entry_Object*) obj;
631 ACL_Object* parent = NULL;
633 if (!PyArg_ParseTuple(args, "O!", &ACL_Type, &parent))
636 if(acl_create_entry(&parent->acl, &self->entry) == -1) {
637 PyErr_SetFromErrno(PyExc_IOError);
641 self->parent_acl = (PyObject*)parent;
647 /* Free the Entry instance */
648 static void Entry_dealloc(PyObject* obj) {
649 Entry_Object *self = (Entry_Object*) obj;
650 PyObject *err_type, *err_value, *err_traceback;
651 int have_error = PyErr_Occurred() ? 1 : 0;
654 PyErr_Fetch(&err_type, &err_value, &err_traceback);
655 if(self->parent_acl != NULL) {
656 Py_DECREF(self->parent_acl);
657 self->parent_acl = NULL;
660 PyErr_Restore(err_type, err_value, err_traceback);
664 /* Converts the entry to a text format */
665 static PyObject* Entry_str(PyObject *obj) {
670 PyObject *format, *list;
671 Entry_Object *self = (Entry_Object*) obj;
673 if(acl_get_tag_type(self->entry, &tag) == -1) {
674 PyErr_SetFromErrno(PyExc_IOError);
677 if(tag == ACL_USER || tag == ACL_GROUP) {
678 if((p = acl_get_qualifier(self->entry)) == NULL) {
679 PyErr_SetFromErrno(PyExc_IOError);
682 qualifier = *(uid_t*)p;
688 format = PyString_FromString("ACL entry for %s");
691 list = PyTuple_New(1);
692 if(tag == ACL_UNDEFINED_TAG) {
693 PyTuple_SetItem(list, 0, PyString_FromString("undefined type"));
694 } else if(tag == ACL_USER_OBJ) {
695 PyTuple_SetItem(list, 0, PyString_FromString("the owner"));
696 } else if(tag == ACL_GROUP_OBJ) {
697 PyTuple_SetItem(list, 0, PyString_FromString("the group"));
698 } else if(tag == ACL_OTHER) {
699 PyTuple_SetItem(list, 0, PyString_FromString("the others"));
700 } else if(tag == ACL_USER) {
701 PyTuple_SetItem(list, 0, PyString_FromFormat("user with uid %d",
703 } else if(tag == ACL_GROUP) {
704 PyTuple_SetItem(list, 0, PyString_FromFormat("group with gid %d",
706 } else if(tag == ACL_MASK) {
707 PyTuple_SetItem(list, 0, PyString_FromString("the mask"));
709 PyTuple_SetItem(list, 0, PyString_FromString("UNKNOWN_TAG_TYPE!"));
711 ret = PyString_Format(format, list);
717 /* Sets the tag type of the entry */
718 static int Entry_set_tag_type(PyObject* obj, PyObject* value, void* arg) {
719 Entry_Object *self = (Entry_Object*) obj;
722 PyErr_SetString(PyExc_TypeError,
723 "tag type deletion is not supported");
727 if(!PyInt_Check(value)) {
728 PyErr_SetString(PyExc_TypeError,
729 "tag type must be integer");
732 if(acl_set_tag_type(self->entry, (acl_tag_t)PyInt_AsLong(value)) == -1) {
733 PyErr_SetFromErrno(PyExc_IOError);
740 /* Returns the tag type of the entry */
741 static PyObject* Entry_get_tag_type(PyObject *obj, void* arg) {
742 Entry_Object *self = (Entry_Object*) obj;
745 if (self->entry == NULL) {
746 PyErr_SetString(PyExc_AttributeError, "entry attribute");
749 if(acl_get_tag_type(self->entry, &value) == -1) {
750 PyErr_SetFromErrno(PyExc_IOError);
754 return PyInt_FromLong(value);
757 /* Sets the qualifier (either uid_t or gid_t) for the entry,
758 * usable only if the tag type if ACL_USER or ACL_GROUP
760 static int Entry_set_qualifier(PyObject* obj, PyObject* value, void* arg) {
761 Entry_Object *self = (Entry_Object*) obj;
765 PyErr_SetString(PyExc_TypeError,
766 "qualifier deletion is not supported");
770 if(!PyInt_Check(value)) {
771 PyErr_SetString(PyExc_TypeError,
772 "tag type must be integer");
775 uidgid = PyInt_AsLong(value);
776 if(acl_set_qualifier(self->entry, (void*)&uidgid) == -1) {
777 PyErr_SetFromErrno(PyExc_IOError);
784 /* Returns the qualifier of the entry */
785 static PyObject* Entry_get_qualifier(PyObject *obj, void* arg) {
786 Entry_Object *self = (Entry_Object*) obj;
790 if (self->entry == NULL) {
791 PyErr_SetString(PyExc_AttributeError, "entry attribute");
794 if((p = acl_get_qualifier(self->entry)) == NULL) {
795 PyErr_SetFromErrno(PyExc_IOError);
801 return PyInt_FromLong(value);
804 /* Returns the parent ACL of the entry */
805 static PyObject* Entry_get_parent(PyObject *obj, void* arg) {
806 Entry_Object *self = (Entry_Object*) obj;
808 Py_INCREF(self->parent_acl);
809 return self->parent_acl;
812 /* Returns the a new Permset representing the permset of the entry
813 * FIXME: Should return a new reference to the same object, which
814 * should be created at init time!
816 static PyObject* Entry_get_permset(PyObject *obj, void* arg) {
817 Entry_Object *self = (Entry_Object*)obj;
821 p = Permset_new(&Permset_Type, NULL, NULL);
824 ps = (Permset_Object*)p;
825 if(acl_get_permset(self->entry, &ps->permset) == -1) {
826 PyErr_SetFromErrno(PyExc_IOError);
829 ps->parent_entry = obj;
835 /* Sets the permset of the entry to the passed Permset */
836 static int Entry_set_permset(PyObject* obj, PyObject* value, void* arg) {
837 Entry_Object *self = (Entry_Object*)obj;
840 if(!PyObject_IsInstance(value, (PyObject*)&Permset_Type)) {
841 PyErr_SetString(PyExc_TypeError, "argument 1 must be posix1e.Permset");
844 p = (Permset_Object*)value;
845 if(acl_set_permset(self->entry, p->permset) == -1) {
846 PyErr_SetFromErrno(PyExc_IOError);
852 static char __Entry_copy_doc__[] =
853 "Copy an ACL entry.\n"
855 "This method sets all the parameters to those of another\n"
856 "entry, even one of another's ACL\n"
858 " - src, instance of type Entry\n"
861 /* Sets all the entry parameters to another's entry */
862 static PyObject* Entry_copy(PyObject *obj, PyObject *args) {
863 Entry_Object *self = (Entry_Object*)obj;
866 if(!PyArg_ParseTuple(args, "O!", &Entry_Type, &other))
869 if(acl_copy_entry(self->entry, other->entry) == -1)
870 return PyErr_SetFromErrno(PyExc_IOError);
876 /**** Permset type *****/
878 /* Creation of a new Permset instance */
879 static PyObject* Permset_new(PyTypeObject* type, PyObject* args,
881 PyObject* newpermset;
883 newpermset = PyType_GenericNew(type, args, keywds);
885 if(newpermset != NULL) {
886 ((Permset_Object*)newpermset)->permset = NULL;
887 ((Permset_Object*)newpermset)->parent_entry = NULL;
893 /* Initialization of a new Permset instance */
894 static int Permset_init(PyObject* obj, PyObject* args, PyObject *keywds) {
895 Permset_Object* self = (Permset_Object*) obj;
896 Entry_Object* parent = NULL;
898 if (!PyArg_ParseTuple(args, "O!", &Entry_Type, &parent))
901 if(acl_get_permset(parent->entry, &self->permset) == -1) {
902 PyErr_SetFromErrno(PyExc_IOError);
906 self->parent_entry = (PyObject*)parent;
912 /* Free the Permset instance */
913 static void Permset_dealloc(PyObject* obj) {
914 Permset_Object *self = (Permset_Object*) obj;
915 PyObject *err_type, *err_value, *err_traceback;
916 int have_error = PyErr_Occurred() ? 1 : 0;
919 PyErr_Fetch(&err_type, &err_value, &err_traceback);
920 if(self->parent_entry != NULL) {
921 Py_DECREF(self->parent_entry);
922 self->parent_entry = NULL;
925 PyErr_Restore(err_type, err_value, err_traceback);
929 /* Permset string representation */
930 static PyObject* Permset_str(PyObject *obj) {
931 Permset_Object *self = (Permset_Object*) obj;
934 pstr[0] = get_perm(self->permset, ACL_READ) ? 'r' : '-';
935 pstr[1] = get_perm(self->permset, ACL_WRITE) ? 'w' : '-';
936 pstr[2] = get_perm(self->permset, ACL_EXECUTE) ? 'x' : '-';
937 return PyString_FromStringAndSize(pstr, 3);
940 static char __Permset_clear_doc__[] =
941 "Clear all permissions from the permission set.\n"
944 /* Clears all permissions from the permset */
945 static PyObject* Permset_clear(PyObject* obj, PyObject* args) {
946 Permset_Object *self = (Permset_Object*) obj;
948 if(acl_clear_perms(self->permset) == -1)
949 return PyErr_SetFromErrno(PyExc_IOError);
951 /* Return the result */
956 static PyObject* Permset_get_right(PyObject *obj, void* arg) {
957 Permset_Object *self = (Permset_Object*) obj;
959 if(get_perm(self->permset, *(acl_perm_t*)arg)) {
968 static int Permset_set_right(PyObject* obj, PyObject* value, void* arg) {
969 Permset_Object *self = (Permset_Object*) obj;
973 if(!PyInt_Check(value)) {
974 PyErr_SetString(PyExc_ValueError, "a maximum of one argument must"
978 on = PyInt_AsLong(value);
980 nerr = acl_add_perm(self->permset, *(acl_perm_t*)arg);
982 nerr = acl_delete_perm(self->permset, *(acl_perm_t*)arg);
984 PyErr_SetFromErrno(PyExc_IOError);
990 static char __Permset_add_doc__[] =
991 "Add a permission to the permission set.\n"
993 "The add() function adds the permission contained in \n"
994 "the argument perm to the permission set. An attempt \n"
995 "to add a permission that is already contained in the \n"
996 "permission set is not considered an error.\n"
999 " - perm: a permission (ACL_WRITE, ACL_READ, ACL_EXECUTE, ...)\n"
1001 "Return value: None\n"
1003 "Can raise: IOError\n"
1006 static PyObject* Permset_add(PyObject* obj, PyObject* args) {
1007 Permset_Object *self = (Permset_Object*) obj;
1010 if (!PyArg_ParseTuple(args, "i", &right))
1013 if(acl_add_perm(self->permset, (acl_perm_t) right) == -1)
1014 return PyErr_SetFromErrno(PyExc_IOError);
1016 /* Return the result */
1021 static char __Permset_delete_doc__[] =
1022 "Delete a permission from the permission set.\n"
1024 "The delete() function deletes the permission contained in \n"
1025 "the argument perm from the permission set. An attempt \n"
1026 "to delete a permission that is not contained in the \n"
1027 "permission set is not considered an error.\n"
1029 " - perm a permission (ACL_WRITE, ACL_READ, ACL_EXECUTE, ...)\n"
1030 "Return value: None\n"
1032 "Can raise: IOError\n"
1035 static PyObject* Permset_delete(PyObject* obj, PyObject* args) {
1036 Permset_Object *self = (Permset_Object*) obj;
1039 if (!PyArg_ParseTuple(args, "i", &right))
1042 if(acl_delete_perm(self->permset, (acl_perm_t) right) == -1)
1043 return PyErr_SetFromErrno(PyExc_IOError);
1045 /* Return the result */
1050 static char __Permset_test_doc__[] =
1051 "Test if a permission exists in the permission set.\n"
1053 "The test() function tests if the permission contained in \n"
1054 "the argument perm exits the permission set.\n"
1056 " - perm a permission (ACL_WRITE, ACL_READ, ACL_EXECUTE, ...)\n"
1057 "Return value: Boolean\n"
1059 "Can raise: IOError\n"
1062 static PyObject* Permset_test(PyObject* obj, PyObject* args) {
1063 Permset_Object *self = (Permset_Object*) obj;
1067 if (!PyArg_ParseTuple(args, "i", &right))
1070 ret = get_perm(self->permset, (acl_perm_t) right);
1072 return PyErr_SetFromErrno(PyExc_IOError);
1078 Py_INCREF(Py_False);
1085 static char __ACL_Type_doc__[] =
1086 "Type which represents a POSIX ACL\n"
1088 "Parameters (only one keword parameter should be provided):\n"
1089 " - file=\"...\", meaning create ACL representing\n"
1090 " the access ACL of that file\n"
1091 " - filedef=\"...\", meaning create ACL representing\n"
1092 " the default ACL of that directory\n"
1093 " - fd=<int>, meaning create ACL representing\n"
1094 " the access ACL of that file descriptor\n"
1095 " - text=\"...\", meaning create ACL from a \n"
1096 " textual description\n"
1097 " - acl=<ACL instance>, meaning create a copy\n"
1098 " of an existing ACL instance\n"
1099 " - mode=<int>, meaning create an ACL from a numeric mode\n"
1100 " (e.g. mode=0644) (this is valid only when the C library\n"
1101 " provides the acl_from_mode call)\n"
1103 "If no parameters are passed, create an empty ACL; this\n"
1104 "makes sense only when your OS supports ACL modification\n"
1105 "(i.e. it implements full POSIX.1e support)\n"
1108 /* ACL type methods */
1109 static PyMethodDef ACL_methods[] = {
1110 {"applyto", ACL_applyto, METH_VARARGS, __applyto_doc__},
1111 {"valid", ACL_valid, METH_NOARGS, __valid_doc__},
1113 {"to_any_text", (PyCFunction)ACL_to_any_text, METH_VARARGS | METH_KEYWORDS,
1114 __to_any_text_doc__},
1115 {"check", ACL_check, METH_NOARGS, __check_doc__},
1116 {"equiv_mode", ACL_equiv_mode, METH_NOARGS, __equiv_mode_doc__},
1118 #ifdef HAVE_ACL_COPYEXT
1119 {"__getstate__", ACL_get_state, METH_NOARGS,
1120 "Dumps the ACL to an external format."},
1121 {"__setstate__", ACL_set_state, METH_VARARGS,
1122 "Loads the ACL from an external format."},
1125 {"delete_entry", ACL_delete_entry, METH_VARARGS, __ACL_delete_entry_doc__},
1126 {"calc_mask", ACL_calc_mask, METH_NOARGS, __ACL_calc_mask_doc__},
1127 {"append", ACL_append, METH_VARARGS, __ACL_append_doc__},
1129 {NULL, NULL, 0, NULL}
1133 /* The definition of the ACL Type */
1134 static PyTypeObject ACL_Type = {
1135 PyObject_HEAD_INIT(NULL)
1140 ACL_dealloc, /* tp_dealloc */
1144 ACL_nocmp, /* tp_compare */
1146 0, /* tp_as_number */
1147 0, /* tp_as_sequence */
1148 0, /* tp_as_mapping */
1151 ACL_str, /* tp_str */
1152 0, /* tp_getattro */
1153 0, /* tp_setattro */
1154 0, /* tp_as_buffer */
1155 Py_TPFLAGS_DEFAULT, /* tp_flags */
1156 __ACL_Type_doc__, /* tp_doc */
1157 0, /* tp_traverse */
1160 ACL_richcompare, /* tp_richcompare */
1162 0, /* tp_richcompare */
1164 0, /* tp_weaklistoffset */
1170 0, /* tp_iternext */
1172 ACL_methods, /* tp_methods */
1177 0, /* tp_descr_get */
1178 0, /* tp_descr_set */
1179 0, /* tp_dictoffset */
1180 ACL_init, /* tp_init */
1182 ACL_new, /* tp_new */
1187 /* Entry type methods */
1188 static PyMethodDef Entry_methods[] = {
1189 {"copy", Entry_copy, METH_VARARGS, __Entry_copy_doc__},
1190 {NULL, NULL, 0, NULL}
1193 static char __Entry_tagtype_doc__[] =
1194 "The tag type of the current entry\n"
1197 " - ACL_UNDEFINED_TAG\n"
1200 " - ACL_GROUP_OBJ\n"
1206 static char __Entry_qualifier_doc__[] =
1207 "The qualifier of the current entry\n"
1209 "If the tag type is ACL_USER, this should be a user id.\n"
1210 "If the tag type if ACL_GROUP, this should be a group id.\n"
1211 "Else, it doesn't matter.\n"
1214 static char __Entry_parent_doc__[] =
1215 "The parent ACL of this entry\n"
1218 static char __Entry_permset_doc__[] =
1219 "The permission set of this ACL entry\n"
1223 static PyGetSetDef Entry_getsets[] = {
1224 {"tag_type", Entry_get_tag_type, Entry_set_tag_type,
1225 __Entry_tagtype_doc__},
1226 {"qualifier", Entry_get_qualifier, Entry_set_qualifier,
1227 __Entry_qualifier_doc__},
1228 {"parent", Entry_get_parent, NULL, __Entry_parent_doc__},
1229 {"permset", Entry_get_permset, Entry_set_permset, __Entry_permset_doc__},
1233 static char __Entry_Type_doc__[] =
1234 "Type which represents an entry in an ACL.\n"
1236 "The type exists only if the OS has full support for POSIX.1e\n"
1237 "Can be created either by:\n"
1239 " >>> e = posix1e.Entry(myACL) # this creates a new entry in the ACL\n"
1240 " >>> e = myACL.append() # another way for doing the same thing\n"
1243 " >>> for entry in myACL:\n"
1244 " ... print entry\n"
1246 "Note that the Entry keeps a reference to its ACL, so even if \n"
1247 "you delete the ACL, it won't be cleaned up and will continue to \n"
1248 "exist until its Entry(ies) will be deleted.\n"
1250 /* The definition of the Entry Type */
1251 static PyTypeObject Entry_Type = {
1252 PyObject_HEAD_INIT(NULL)
1255 sizeof(Entry_Object),
1257 Entry_dealloc, /* tp_dealloc */
1263 0, /* tp_as_number */
1264 0, /* tp_as_sequence */
1265 0, /* tp_as_mapping */
1268 Entry_str, /* tp_str */
1269 0, /* tp_getattro */
1270 0, /* tp_setattro */
1271 0, /* tp_as_buffer */
1272 Py_TPFLAGS_DEFAULT, /* tp_flags */
1273 __Entry_Type_doc__, /* tp_doc */
1274 0, /* tp_traverse */
1276 0, /* tp_richcompare */
1277 0, /* tp_weaklistoffset */
1279 0, /* tp_iternext */
1280 Entry_methods, /* tp_methods */
1282 Entry_getsets, /* tp_getset */
1285 0, /* tp_descr_get */
1286 0, /* tp_descr_set */
1287 0, /* tp_dictoffset */
1288 Entry_init, /* tp_init */
1290 Entry_new, /* tp_new */
1293 /* Permset type methods */
1294 static PyMethodDef Permset_methods[] = {
1295 {"clear", Permset_clear, METH_NOARGS, __Permset_clear_doc__, },
1296 {"add", Permset_add, METH_VARARGS, __Permset_add_doc__, },
1297 {"delete", Permset_delete, METH_VARARGS, __Permset_delete_doc__, },
1298 {"test", Permset_test, METH_VARARGS, __Permset_test_doc__, },
1299 {NULL, NULL, 0, NULL}
1302 static char __Permset_execute_doc__[] =
1303 "Execute permsission\n"
1305 "This is a convenience method of access; the \n"
1306 "same effect can be achieved using the functions\n"
1307 "add(), test(), delete(), and those can take any \n"
1308 "permission defined by your platform.\n"
1311 static char __Permset_read_doc__[] =
1312 "Read permsission\n"
1314 "This is a convenience method of access; the \n"
1315 "same effect can be achieved using the functions\n"
1316 "add(), test(), delete(), and those can take any \n"
1317 "permission defined by your platform.\n"
1320 static char __Permset_write_doc__[] =
1321 "Write permsission\n"
1323 "This is a convenience method of access; the \n"
1324 "same effect can be achieved using the functions\n"
1325 "add(), test(), delete(), and those can take any \n"
1326 "permission defined by your platform.\n"
1329 /* Permset getset */
1330 static PyGetSetDef Permset_getsets[] = {
1331 {"execute", Permset_get_right, Permset_set_right,
1332 __Permset_execute_doc__, &holder_ACL_EXECUTE},
1333 {"read", Permset_get_right, Permset_set_right,
1334 __Permset_read_doc__, &holder_ACL_READ},
1335 {"write", Permset_get_right, Permset_set_right,
1336 __Permset_write_doc__, &holder_ACL_WRITE},
1340 static char __Permset_Type_doc__[] =
1341 "Type which represents the permission set in an ACL entry\n"
1343 "The type exists only if the OS has full support for POSIX.1e\n"
1344 "Can be retrieved either by:\n\n"
1345 ">>> perms = myEntry.permset\n"
1348 ">>> perms = posix1e.Permset(myEntry)\n"
1350 "Note that the Permset keeps a reference to its Entry, so even if \n"
1351 "you delete the entry, it won't be cleaned up and will continue to \n"
1352 "exist until its Permset will be deleted.\n"
1355 /* The definition of the Permset Type */
1356 static PyTypeObject Permset_Type = {
1357 PyObject_HEAD_INIT(NULL)
1360 sizeof(Permset_Object),
1362 Permset_dealloc, /* tp_dealloc */
1368 0, /* tp_as_number */
1369 0, /* tp_as_sequence */
1370 0, /* tp_as_mapping */
1373 Permset_str, /* tp_str */
1374 0, /* tp_getattro */
1375 0, /* tp_setattro */
1376 0, /* tp_as_buffer */
1377 Py_TPFLAGS_DEFAULT, /* tp_flags */
1378 __Permset_Type_doc__,/* tp_doc */
1379 0, /* tp_traverse */
1381 0, /* tp_richcompare */
1382 0, /* tp_weaklistoffset */
1384 0, /* tp_iternext */
1385 Permset_methods, /* tp_methods */
1387 Permset_getsets, /* tp_getset */
1390 0, /* tp_descr_get */
1391 0, /* tp_descr_set */
1392 0, /* tp_dictoffset */
1393 Permset_init, /* tp_init */
1395 Permset_new, /* tp_new */
1400 /* Module methods */
1402 static char __deletedef_doc__[] =
1403 "Delete the default ACL from a directory.\n"
1405 "This function deletes the default ACL associated with \n"
1406 "a directory (the ACL which will be ANDed with the mode\n"
1407 "parameter to the open, creat functions).\n"
1409 " - a string representing the directory whose default ACL\n"
1410 " should be deleted\n"
1413 /* Deletes the default ACL from a directory */
1414 static PyObject* aclmodule_delete_default(PyObject* obj, PyObject* args) {
1417 /* Parse the arguments */
1418 if (!PyArg_ParseTuple(args, "s", &filename))
1421 if(acl_delete_def_file(filename) == -1) {
1422 return PyErr_SetFromErrno(PyExc_IOError);
1425 /* Return the result */
1431 static char __has_extended_doc__[] =
1432 "Check if a file or filehandle has an extended ACL.\n"
1435 " - either a filename or a file-like object or an integer; this\n"
1436 " represents the filesystem object on which to act\n"
1439 /* Check for extended ACL a file or fd */
1440 static PyObject* aclmodule_has_extended(PyObject* obj, PyObject* args) {
1445 if (!PyArg_ParseTuple(args, "O", &myarg))
1448 if(PyString_Check(myarg)) {
1449 const char *filename = PyString_AS_STRING(myarg);
1450 nret = acl_extended_file(filename);
1451 } else if((fd = PyObject_AsFileDescriptor(myarg)) != -1) {
1452 nret = acl_extended_fd(fd);
1454 PyErr_SetString(PyExc_TypeError, "argument 1 must be string, int,"
1455 " or file-like object");
1459 return PyErr_SetFromErrno(PyExc_IOError);
1462 /* Return the result */
1463 return PyBool_FromLong(nret);
1467 /* The module methods */
1468 static PyMethodDef aclmodule_methods[] = {
1469 {"delete_default", aclmodule_delete_default, METH_VARARGS,
1472 {"has_extended", aclmodule_has_extended, METH_VARARGS,
1473 __has_extended_doc__},
1475 {NULL, NULL, 0, NULL}
1478 static char __posix1e_doc__[] =
1479 "POSIX.1e ACLs manipulation\n"
1481 "This module provides support for manipulating POSIX.1e ACLS\n"
1483 "Depending on the operating system support for POSIX.1e, \n"
1484 "the ACL type will have more or less capabilities:\n"
1485 " - level 1, only basic support, you can create\n"
1486 " ACLs from files and text descriptions;\n"
1487 " once created, the type is immutable\n"
1488 " - level 2, complete support, you can alter\n"
1489 " the ACL once it is created\n"
1491 "Also, in level 2, more types are available, corresponding\n"
1492 "to acl_entry_t (the Entry type), acl_permset_t (the Permset type).\n"
1494 "The existence of level 2 support and other extensions can be\n"
1495 "checked by the constants:\n"
1496 " - HAS_ACL_ENTRY for level 2 and the Entry/Permset classes\n"
1497 " - HAS_ACL_FROM_MODE for ACL(mode=...) usage\n"
1498 " - HAS_ACL_CHECK for the ACL().check function\n"
1499 " - HAS_EXTENDED_CHECK for the module-level has_extended function\n"
1500 " - HAS_EQUIV_MODE for the ACL().equiv_mode method\n"
1504 ">>> import posix1e\n"
1505 ">>> acl1 = posix1e.ACL(file=\"file.txt\") \n"
1511 ">>> b = posix1e.ACL(text=\"u::rx,g::-,o::-\")\n"
1517 ">>> b.applyto(\"file.txt\")\n"
1518 ">>> print posix1e.ACL(file=\"file.txt\")\n"
1526 void initposix1e(void) {
1529 ACL_Type.ob_type = &PyType_Type;
1530 if(PyType_Ready(&ACL_Type) < 0)
1534 Entry_Type.ob_type = &PyType_Type;
1535 if(PyType_Ready(&Entry_Type) < 0)
1538 Permset_Type.ob_type = &PyType_Type;
1539 if(PyType_Ready(&Permset_Type) < 0)
1543 m = Py_InitModule3("posix1e", aclmodule_methods, __posix1e_doc__);
1545 d = PyModule_GetDict(m);
1549 Py_INCREF(&ACL_Type);
1550 if (PyDict_SetItemString(d, "ACL",
1551 (PyObject *) &ACL_Type) < 0)
1554 /* 23.3.6 acl_type_t values */
1555 PyModule_AddIntConstant(m, "ACL_TYPE_ACCESS", ACL_TYPE_ACCESS);
1556 PyModule_AddIntConstant(m, "ACL_TYPE_DEFAULT", ACL_TYPE_DEFAULT);
1560 Py_INCREF(&Entry_Type);
1561 if (PyDict_SetItemString(d, "Entry",
1562 (PyObject *) &Entry_Type) < 0)
1565 Py_INCREF(&Permset_Type);
1566 if (PyDict_SetItemString(d, "Permset",
1567 (PyObject *) &Permset_Type) < 0)
1570 /* 23.2.2 acl_perm_t values */
1571 PyModule_AddIntConstant(m, "ACL_READ", ACL_READ);
1572 PyModule_AddIntConstant(m, "ACL_WRITE", ACL_WRITE);
1573 PyModule_AddIntConstant(m, "ACL_EXECUTE", ACL_EXECUTE);
1575 /* 23.2.5 acl_tag_t values */
1576 PyModule_AddIntConstant(m, "ACL_UNDEFINED_TAG", ACL_UNDEFINED_TAG);
1577 PyModule_AddIntConstant(m, "ACL_USER_OBJ", ACL_USER_OBJ);
1578 PyModule_AddIntConstant(m, "ACL_USER", ACL_USER);
1579 PyModule_AddIntConstant(m, "ACL_GROUP_OBJ", ACL_GROUP_OBJ);
1580 PyModule_AddIntConstant(m, "ACL_GROUP", ACL_GROUP);
1581 PyModule_AddIntConstant(m, "ACL_MASK", ACL_MASK);
1582 PyModule_AddIntConstant(m, "ACL_OTHER", ACL_OTHER);
1584 /* Document extended functionality via easy-to-use constants */
1585 PyModule_AddIntConstant(m, "HAS_ACL_ENTRY", 1);
1587 PyModule_AddIntConstant(m, "HAS_ACL_ENTRY", 0);
1591 /* Linux libacl specific acl_to_any_text constants */
1592 PyModule_AddIntConstant(m, "TEXT_ABBREVIATE", TEXT_ABBREVIATE);
1593 PyModule_AddIntConstant(m, "TEXT_NUMERIC_IDS", TEXT_NUMERIC_IDS);
1594 PyModule_AddIntConstant(m, "TEXT_SOME_EFFECTIVE", TEXT_SOME_EFFECTIVE);
1595 PyModule_AddIntConstant(m, "TEXT_ALL_EFFECTIVE", TEXT_ALL_EFFECTIVE);
1596 PyModule_AddIntConstant(m, "TEXT_SMART_INDENT", TEXT_SMART_INDENT);
1598 /* Linux libacl specific acl_check constants */
1599 PyModule_AddIntConstant(m, "ACL_MULTI_ERROR", ACL_MULTI_ERROR);
1600 PyModule_AddIntConstant(m, "ACL_DUPLICATE_ERROR", ACL_DUPLICATE_ERROR);
1601 PyModule_AddIntConstant(m, "ACL_MISS_ERROR", ACL_MISS_ERROR);
1602 PyModule_AddIntConstant(m, "ACL_ENTRY_ERROR", ACL_ENTRY_ERROR);
1604 /* declare the Linux extensions */
1605 PyModule_AddIntConstant(m, "HAS_ACL_FROM_MODE", 1);
1606 PyModule_AddIntConstant(m, "HAS_ACL_CHECK", 1);
1607 PyModule_AddIntConstant(m, "HAS_EXTENDED_CHECK", 1);
1608 PyModule_AddIntConstant(m, "HAS_EQUIV_MODE", 1);
1610 PyModule_AddIntConstant(m, "HAS_ACL_FROM_MODE", 0);
1611 PyModule_AddIntConstant(m, "HAS_ACL_CHECK", 0);
1612 PyModule_AddIntConstant(m, "HAS_EXTENDED_CHECK", 0);
1613 PyModule_AddIntConstant(m, "HAS_EQUIV_MODE", 0);
projects / pylibacl.git / blob