2 posix1e - a python module exposing the posix acl functions
4 Copyright (C) 2002-2009, 2012, 2014 Iustin Pop <iusty@k1024.org>
6 This library is free software; you can redistribute it and/or
7 modify it under the terms of the GNU Lesser General Public
8 License as published by the Free Software Foundation; either
9 version 2.1 of the License, or (at your option) any later version.
11 This library is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 Lesser General Public License for more details.
16 You should have received a copy of the GNU Lesser General Public
17 License along with this library; if not, write to the Free Software
18 Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
25 #include <sys/types.h>
29 #include <acl/libacl.h>
30 #define get_perm acl_get_perm
32 #define get_perm acl_get_perm_np
35 #if PY_MAJOR_VERSION >= 3
37 #define PyInt_Check(op) PyLong_Check(op)
38 #define PyInt_FromString PyLong_FromString
39 #define PyInt_FromUnicode PyLong_FromUnicode
40 #define PyInt_FromLong PyLong_FromLong
41 #define PyInt_FromSize_t PyLong_FromSize_t
42 #define PyInt_FromSsize_t PyLong_FromSsize_t
43 #define PyInt_AsLong PyLong_AsLong
44 #define PyInt_AsSsize_t PyLong_AsSsize_t
45 #define PyInt_AsUnsignedLongMask PyLong_AsUnsignedLongMask
46 #define PyInt_AsUnsignedLongLongMask PyLong_AsUnsignedLongLongMask
47 #define PyInt_AS_LONG PyLong_AS_LONG
48 #define MyString_ConcatAndDel PyUnicode_AppendAndDel
49 #define MyString_FromFormat PyUnicode_FromFormat
50 #define MyString_FromString PyUnicode_FromString
51 #define MyString_FromStringAndSize PyUnicode_FromStringAndSize
53 #define PyBytes_Check PyString_Check
54 #define PyBytes_AS_STRING PyString_AS_STRING
55 #define PyBytes_FromStringAndSize PyString_FromStringAndSize
56 #define PyBytes_FromString PyString_FromString
57 #define PyBytes_FromFormat PyString_FromFormat
58 #define PyBytes_ConcatAndDel PyString_ConcatAndDel
59 #define MyString_ConcatAndDel PyBytes_ConcatAndDel
60 #define MyString_FromFormat PyBytes_FromFormat
61 #define MyString_FromString PyBytes_FromString
62 #define MyString_FromStringAndSize PyBytes_FromStringAndSize
64 /* Python 2.6 already defines Py_TYPE */
66 #define Py_TYPE(o) (((PyObject*)(o))->ob_type)
70 static PyTypeObject ACL_Type;
71 static PyObject* ACL_applyto(PyObject* obj, PyObject* args);
72 static PyObject* ACL_valid(PyObject* obj, PyObject* args);
74 #ifdef HAVE_ACL_COPY_EXT
75 static PyObject* ACL_get_state(PyObject *obj, PyObject* args);
76 static PyObject* ACL_set_state(PyObject *obj, PyObject* args);
80 static PyTypeObject Entry_Type;
81 static PyTypeObject Permset_Type;
82 static PyObject* Permset_new(PyTypeObject* type, PyObject* args,
86 static acl_perm_t holder_ACL_EXECUTE = ACL_EXECUTE;
87 static acl_perm_t holder_ACL_READ = ACL_READ;
88 static acl_perm_t holder_ACL_WRITE = ACL_WRITE;
102 PyObject *parent_acl; /* The parent acl, so it won't run out on us */
108 PyObject *parent_entry; /* The parent entry, so it won't run out on us */
109 acl_permset_t permset;
114 /* Creation of a new ACL instance */
115 static PyObject* ACL_new(PyTypeObject* type, PyObject* args,
119 newacl = type->tp_alloc(type, 0);
122 ((ACL_Object*)newacl)->acl = NULL;
124 ((ACL_Object*)newacl)->entry_id = ACL_FIRST_ENTRY;
131 /* Initialization of a new ACL instance */
132 static int ACL_init(PyObject* obj, PyObject* args, PyObject *keywds) {
133 ACL_Object* self = (ACL_Object*) obj;
135 static char *kwlist[] = { "file", "fd", "text", "acl", "filedef",
137 char *format = "|etisO!sH";
140 static char *kwlist[] = { "file", "fd", "text", "acl", "filedef", NULL };
141 char *format = "|etisO!s";
144 char *filedef = NULL;
147 ACL_Object* thesrc = NULL;
149 if(!PyTuple_Check(args) || PyTuple_Size(args) != 0 ||
150 (keywds != NULL && PyDict_Check(keywds) && PyDict_Size(keywds) > 1)) {
151 PyErr_SetString(PyExc_ValueError, "a max of one keyword argument"
155 if(!PyArg_ParseTupleAndKeywords(args, keywds, format, kwlist,
156 NULL, &file, &fd, &text, &ACL_Type,
164 /* Free the old acl_t without checking for error, we don't
166 if(self->acl != NULL)
170 self->acl = acl_get_file(file, ACL_TYPE_ACCESS);
171 else if(text != NULL)
172 self->acl = acl_from_text(text);
174 self->acl = acl_get_fd(fd);
175 else if(thesrc != NULL)
176 self->acl = acl_dup(thesrc->acl);
177 else if(filedef != NULL)
178 self->acl = acl_get_file(filedef, ACL_TYPE_DEFAULT);
180 else if(PyMapping_HasKeyString(keywds, kwlist[5]))
181 self->acl = acl_from_mode(mode);
184 self->acl = acl_init(0);
186 if(self->acl == NULL) {
187 PyErr_SetFromErrno(PyExc_IOError);
194 /* Standard type functions */
195 static void ACL_dealloc(PyObject* obj) {
196 ACL_Object *self = (ACL_Object*) obj;
197 PyObject *err_type, *err_value, *err_traceback;
198 int have_error = PyErr_Occurred() ? 1 : 0;
201 PyErr_Fetch(&err_type, &err_value, &err_traceback);
202 if(self->acl != NULL && acl_free(self->acl) != 0)
203 PyErr_WriteUnraisable(obj);
205 PyErr_Restore(err_type, err_value, err_traceback);
209 /* Converts the acl to a text format */
210 static PyObject* ACL_str(PyObject *obj) {
212 ACL_Object *self = (ACL_Object*) obj;
215 text = acl_to_text(self->acl, NULL);
217 return PyErr_SetFromErrno(PyExc_IOError);
219 ret = MyString_FromString(text);
220 if(acl_free(text) != 0) {
222 return PyErr_SetFromErrno(PyExc_IOError);
228 static char __to_any_text_doc__[] =
229 "to_any_text([prefix='', separator='n', options=0])\n"
230 "Convert the ACL to a custom text format.\n"
232 "This method encapsulates the ``acl_to_any_text()`` function.\n"
233 "It allows a customized text format to be generated for the ACL. See\n"
234 ":manpage:`acl_to_any_text(3)` for more details.\n"
236 ":param string prefix: if given, this string will be pre-pended to\n"
238 ":param string separator: a single character (defaults to '\\n'); this will"
239 " be used to separate the entries in the ACL\n"
240 ":param options: a bitwise combination of:\n\n"
241 " - :py:data:`TEXT_ABBREVIATE`: use 'u' instead of 'user', 'g' \n"
242 " instead of 'group', etc.\n"
243 " - :py:data:`TEXT_NUMERIC_IDS`: User and group IDs are included as\n"
244 " decimal numbers instead of names\n"
245 " - :py:data:`TEXT_SOME_EFFECTIVE`: Include comments denoting the\n"
246 " effective permissions when some are masked\n"
247 " - :py:data:`TEXT_ALL_EFFECTIVE`: Include comments after all ACL\n"
248 " entries affected by an ACL_MASK entry\n"
249 " - :py:data:`TEXT_SMART_INDENT`: Used in combination with the\n"
250 " _EFFECTIVE options, this will ensure that comments are aligned\n"
251 " to the fourth tab position (assuming one tab equals eight spaces)\n"
255 /* Converts the acl to a custom text format */
256 static PyObject* ACL_to_any_text(PyObject *obj, PyObject *args,
259 ACL_Object *self = (ACL_Object*) obj;
261 const char *arg_prefix = NULL;
262 char arg_separator = '\n';
264 static char *kwlist[] = {"prefix", "separator", "options", NULL};
266 if (!PyArg_ParseTupleAndKeywords(args, kwds, "|sci", kwlist, &arg_prefix,
267 &arg_separator, &arg_options))
270 text = acl_to_any_text(self->acl, arg_prefix, arg_separator, arg_options);
272 return PyErr_SetFromErrno(PyExc_IOError);
274 ret = PyBytes_FromString(text);
275 if(acl_free(text) != 0) {
277 return PyErr_SetFromErrno(PyExc_IOError);
282 static char __check_doc__[] =
283 "Check the ACL validity.\n"
285 "This is a non-portable, Linux specific extension that allow more\n"
286 "information to be retrieved in case an ACL is not valid than via the\n"
287 ":py:func:`valid` method.\n"
289 "This method will return either False (the ACL is valid), or a tuple\n"
290 "with two elements. The first element is one of the following\n"
292 " - :py:data:`ACL_MULTI_ERROR`: The ACL contains multiple entries that\n"
293 " have a tag type that may occur at most once\n"
294 " - :py:data:`ACL_DUPLICATE_ERROR`: The ACL contains multiple \n"
295 " :py:data:`ACL_USER` or :py:data:`ACL_GROUP` entries with the\n"
297 " - :py:data:`ACL_MISS_ERROR`: A required entry is missing\n"
298 " - :py:data:`ACL_ENTRY_ERROR`: The ACL contains an invalid entry\n"
301 "The second element of the tuple is the index of the entry that is\n"
302 "invalid (in the same order as by iterating over the ACL entry)\n"
305 /* The acl_check method */
306 static PyObject* ACL_check(PyObject* obj, PyObject* args) {
307 ACL_Object *self = (ACL_Object*) obj;
311 if((result = acl_check(self->acl, &eindex)) == -1)
312 return PyErr_SetFromErrno(PyExc_IOError);
316 return Py_BuildValue("(ii)", result, eindex);
319 /* Implementation of the rich compare for ACLs */
320 static PyObject* ACL_richcompare(PyObject* o1, PyObject* o2, int op) {
321 ACL_Object *acl1, *acl2;
325 if(!PyObject_IsInstance(o2, (PyObject*)&ACL_Type)) {
330 PyErr_SetString(PyExc_TypeError, "can only compare to an ACL");
334 acl1 = (ACL_Object*)o1;
335 acl2 = (ACL_Object*)o2;
336 if((n=acl_cmp(acl1->acl, acl2->acl))==-1)
337 return PyErr_SetFromErrno(PyExc_IOError);
340 ret = n == 0 ? Py_True : Py_False;
343 ret = n == 1 ? Py_True : Py_False;
346 ret = Py_NotImplemented;
352 static char __equiv_mode_doc__[] =
353 "Return the octal mode the ACL is equivalent to.\n"
355 "This is a non-portable, Linux specific extension that checks\n"
356 "if the ACL is a basic ACL and returns the corresponding mode.\n"
359 ":raise IOError: An IOerror exception will be raised if the ACL is\n"
360 " an extended ACL.\n"
363 /* The acl_equiv_mode method */
364 static PyObject* ACL_equiv_mode(PyObject* obj, PyObject* args) {
365 ACL_Object *self = (ACL_Object*) obj;
368 if(acl_equiv_mode(self->acl, &mode) == -1)
369 return PyErr_SetFromErrno(PyExc_IOError);
370 return PyInt_FromLong(mode);
374 /* Implementation of the compare for ACLs */
375 static int ACL_nocmp(PyObject* o1, PyObject* o2) {
377 PyErr_SetString(PyExc_TypeError, "cannot compare ACLs using cmp()");
382 static char __applyto_doc__[] =
383 "applyto(item[, flag=ACL_TYPE_ACCESS])\n"
384 "Apply the ACL to a file or filehandle.\n"
386 ":param item: either a filename or a file-like object or an integer;\n"
387 " this represents the filesystem object on which to act\n"
388 ":param flag: optional flag representing the type of ACL to set, either\n"
389 " :py:data:`ACL_TYPE_ACCESS` (default) or :py:data:`ACL_TYPE_DEFAULT`\n"
392 /* Applies the ACL to a file */
393 static PyObject* ACL_applyto(PyObject* obj, PyObject* args) {
394 ACL_Object *self = (ACL_Object*) obj;
396 acl_type_t type = ACL_TYPE_ACCESS;
400 if (!PyArg_ParseTuple(args, "O|I", &myarg, &type))
403 if(PyBytes_Check(myarg)) {
404 char *filename = PyBytes_AS_STRING(myarg);
405 nret = acl_set_file(filename, type, self->acl);
406 } else if (PyUnicode_Check(myarg)) {
408 PyUnicode_AsEncodedString(myarg,
409 Py_FileSystemDefaultEncoding, "strict");
412 const char *filename = PyBytes_AS_STRING(o);
413 nret = acl_set_file(filename, type, self->acl);
415 } else if((fd = PyObject_AsFileDescriptor(myarg)) != -1) {
416 nret = acl_set_fd(fd, self->acl);
418 PyErr_SetString(PyExc_TypeError, "argument 1 must be string, int,"
419 " or file-like object");
423 return PyErr_SetFromErrno(PyExc_IOError);
426 /* Return the result */
431 static char __valid_doc__[] =
432 "Test the ACL for validity.\n"
434 "This method tests the ACL to see if it is a valid ACL\n"
435 "in terms of the file-system. More precisely, it checks that:\n"
437 "The ACL contains exactly one entry with each of the\n"
438 ":py:data:`ACL_USER_OBJ`, :py:data:`ACL_GROUP_OBJ`, and \n"
439 ":py:data:`ACL_OTHER` tag types. Entries\n"
440 "with :py:data:`ACL_USER` and :py:data:`ACL_GROUP` tag types may\n"
441 "appear zero or more\n"
442 "times in an ACL. An ACL that contains entries of :py:data:`ACL_USER` or\n"
443 ":py:data:`ACL_GROUP` tag types must contain exactly one entry of the \n"
444 ":py:data:`ACL_MASK` tag type. If an ACL contains no entries of\n"
445 ":py:data:`ACL_USER` or :py:data:`ACL_GROUP` tag types, the\n"
446 ":py:data:`ACL_MASK` entry is optional.\n"
448 "All user ID qualifiers must be unique among all entries of\n"
449 "the :py:data:`ACL_USER` tag type, and all group IDs must be unique\n"
450 "among all entries of :py:data:`ACL_GROUP` tag type.\n"
452 "The method will return 1 for a valid ACL and 0 for an invalid one.\n"
453 "This has been chosen because the specification for\n"
454 ":manpage:`acl_valid(3)`\n"
455 "in the POSIX.1e standard documents only one possible value for errno\n"
456 "in case of an invalid ACL, so we can't differentiate between\n"
457 "classes of errors. Other suggestions are welcome.\n"
463 /* Checks the ACL for validity */
464 static PyObject* ACL_valid(PyObject* obj, PyObject* args) {
465 ACL_Object *self = (ACL_Object*) obj;
467 if(acl_valid(self->acl) == -1) {
474 #ifdef HAVE_ACL_COPY_EXT
475 static PyObject* ACL_get_state(PyObject *obj, PyObject* args) {
476 ACL_Object *self = (ACL_Object*) obj;
481 size = acl_size(self->acl);
483 return PyErr_SetFromErrno(PyExc_IOError);
485 if((ret = PyBytes_FromStringAndSize(NULL, size)) == NULL)
487 buf = PyBytes_AsString(ret);
489 if((nsize = acl_copy_ext(buf, self->acl, size)) == -1) {
491 return PyErr_SetFromErrno(PyExc_IOError);
497 static PyObject* ACL_set_state(PyObject *obj, PyObject* args) {
498 ACL_Object *self = (ACL_Object*) obj;
503 /* Parse the argument */
504 if (!PyArg_ParseTuple(args, "s#", &buf, &bufsize))
507 /* Try to import the external representation */
508 if((ptr = acl_copy_int(buf)) == NULL)
509 return PyErr_SetFromErrno(PyExc_IOError);
511 /* Free the old acl. Should we ignore errors here? */
512 if(self->acl != NULL) {
513 if(acl_free(self->acl) == -1)
514 return PyErr_SetFromErrno(PyExc_IOError);
519 /* Return the result */
527 /* tp_iter for the ACL type; since it can be iterated only
528 * destructively, the type is its iterator
530 static PyObject* ACL_iter(PyObject *obj) {
531 ACL_Object *self = (ACL_Object*)obj;
532 self->entry_id = ACL_FIRST_ENTRY;
537 /* the tp_iternext function for the ACL type */
538 static PyObject* ACL_iternext(PyObject *obj) {
539 ACL_Object *self = (ACL_Object*)obj;
540 acl_entry_t the_entry_t;
541 Entry_Object *the_entry_obj;
544 nerr = acl_get_entry(self->acl, self->entry_id, &the_entry_t);
545 self->entry_id = ACL_NEXT_ENTRY;
547 return PyErr_SetFromErrno(PyExc_IOError);
549 /* Docs says this is not needed */
550 /*PyErr_SetObject(PyExc_StopIteration, Py_None);*/
554 the_entry_obj = (Entry_Object*) PyType_GenericNew(&Entry_Type, NULL, NULL);
555 if(the_entry_obj == NULL)
558 the_entry_obj->entry = the_entry_t;
560 the_entry_obj->parent_acl = obj;
561 Py_INCREF(obj); /* For the reference we have in entry->parent */
563 return (PyObject*)the_entry_obj;
566 static char __ACL_delete_entry_doc__[] =
567 "delete_entry(entry)\n"
568 "Deletes an entry from the ACL.\n"
570 ".. note:: Only available with level 2.\n"
572 ":param entry: the Entry object which should be deleted; note that after\n"
573 " this function is called, that object is unusable any longer\n"
574 " and should be deleted\n"
577 /* Deletes an entry from the ACL */
578 static PyObject* ACL_delete_entry(PyObject *obj, PyObject *args) {
579 ACL_Object *self = (ACL_Object*)obj;
582 if (!PyArg_ParseTuple(args, "O!", &Entry_Type, &e))
585 if(acl_delete_entry(self->acl, e->entry) == -1)
586 return PyErr_SetFromErrno(PyExc_IOError);
588 /* Return the result */
593 static char __ACL_calc_mask_doc__[] =
594 "Compute the file group class mask.\n"
596 "The calc_mask() method calculates and sets the permissions \n"
597 "associated with the :py:data:`ACL_MASK` Entry of the ACL.\n"
598 "The value of the new permissions is the union of the permissions \n"
599 "granted by all entries of tag type :py:data:`ACL_GROUP`, \n"
600 ":py:data:`ACL_GROUP_OBJ`, or \n"
601 ":py:data:`ACL_USER`. If the ACL already contains an :py:data:`ACL_MASK`\n"
603 "permissions are overwritten; if it does not contain an \n"
604 ":py:data:`ACL_MASK` Entry, one is added.\n"
606 "The order of existing entries in the ACL is undefined after this \n"
610 /* Updates the mask entry in the ACL */
611 static PyObject* ACL_calc_mask(PyObject *obj, PyObject *args) {
612 ACL_Object *self = (ACL_Object*)obj;
614 if(acl_calc_mask(&self->acl) == -1)
615 return PyErr_SetFromErrno(PyExc_IOError);
617 /* Return the result */
622 static char __ACL_append_doc__[] =
624 "Append a new Entry to the ACL and return it.\n"
626 "This is a convenience function to create a new Entry \n"
627 "and append it to the ACL.\n"
628 "If a parameter of type Entry instance is given, the \n"
629 "entry will be a copy of that one (as if copied with \n"
630 ":py:func:`Entry.copy`), otherwise, the new entry will be empty.\n"
632 ":rtype: :py:class:`Entry`\n"
633 ":returns: the newly created entry\n"
636 /* Convenience method to create a new Entry */
637 static PyObject* ACL_append(PyObject *obj, PyObject *args) {
638 ACL_Object* self = (ACL_Object*) obj;
639 Entry_Object* newentry;
640 Entry_Object* oldentry = NULL;
643 newentry = (Entry_Object*)PyType_GenericNew(&Entry_Type, NULL, NULL);
644 if(newentry == NULL) {
648 if (!PyArg_ParseTuple(args, "|O!", &Entry_Type, &oldentry)) {
653 nret = acl_create_entry(&self->acl, &newentry->entry);
656 return PyErr_SetFromErrno(PyExc_IOError);
659 if(oldentry != NULL) {
660 nret = acl_copy_entry(newentry->entry, oldentry->entry);
663 return PyErr_SetFromErrno(PyExc_IOError);
667 newentry->parent_acl = obj;
670 return (PyObject*)newentry;
673 /***** Entry type *****/
683 /* Helper function to get the tag and qualifier of an Entry at the
684 same time. This is "needed" because the acl_get_qualifier function
685 returns a pointer to different types, based on the tag value, and
686 thus it's not straightforward to get the right type.
688 It sets a Python exception if an error occurs, and return 0 in this
689 case. If successful, the tag is set to the tag type, and the
690 qualifier (if any) to either the uid or the gid entry in the
693 int get_tag_qualifier(acl_entry_t entry, tag_qual *tq) {
696 if(acl_get_tag_type(entry, &tq->tag) == -1) {
697 PyErr_SetFromErrno(PyExc_IOError);
700 if (tq->tag == ACL_USER || tq->tag == ACL_GROUP) {
701 if((p = acl_get_qualifier(entry)) == NULL) {
702 PyErr_SetFromErrno(PyExc_IOError);
705 if (tq->tag == ACL_USER) {
706 tq->uid = *(uid_t*)p;
708 tq->gid = *(gid_t*)p;
715 /* Creation of a new Entry instance */
716 static PyObject* Entry_new(PyTypeObject* type, PyObject* args,
720 newentry = PyType_GenericNew(type, args, keywds);
722 if(newentry != NULL) {
723 ((Entry_Object*)newentry)->entry = NULL;
724 ((Entry_Object*)newentry)->parent_acl = NULL;
730 /* Initialization of a new Entry instance */
731 static int Entry_init(PyObject* obj, PyObject* args, PyObject *keywds) {
732 Entry_Object* self = (Entry_Object*) obj;
733 ACL_Object* parent = NULL;
735 if (!PyArg_ParseTuple(args, "O!", &ACL_Type, &parent))
738 if(acl_create_entry(&parent->acl, &self->entry) == -1) {
739 PyErr_SetFromErrno(PyExc_IOError);
743 self->parent_acl = (PyObject*)parent;
749 /* Free the Entry instance */
750 static void Entry_dealloc(PyObject* obj) {
751 Entry_Object *self = (Entry_Object*) obj;
752 PyObject *err_type, *err_value, *err_traceback;
753 int have_error = PyErr_Occurred() ? 1 : 0;
756 PyErr_Fetch(&err_type, &err_value, &err_traceback);
757 if(self->parent_acl != NULL) {
758 Py_DECREF(self->parent_acl);
759 self->parent_acl = NULL;
762 PyErr_Restore(err_type, err_value, err_traceback);
766 /* Converts the entry to a text format */
767 static PyObject* Entry_str(PyObject *obj) {
768 PyObject *format, *kind;
769 Entry_Object *self = (Entry_Object*) obj;
772 if(!get_tag_qualifier(self->entry, &tq)) {
776 format = MyString_FromString("ACL entry for ");
780 case ACL_UNDEFINED_TAG:
781 kind = MyString_FromString("undefined type");
784 kind = MyString_FromString("the owner");
787 kind = MyString_FromString("the group");
790 kind = MyString_FromString("the others");
793 /* FIXME: here and in the group case, we're formatting with
794 unsigned, because there's no way to automatically determine
795 the signed-ness of the types; on Linux(glibc) they're
796 unsigned, so we'll go along with that */
797 kind = MyString_FromFormat("user with uid %u", tq.uid);
800 kind = MyString_FromFormat("group with gid %u", tq.gid);
803 kind = MyString_FromString("the mask");
806 kind = MyString_FromString("UNKNOWN_TAG_TYPE!");
813 MyString_ConcatAndDel(&format, kind);
817 /* Sets the tag type of the entry */
818 static int Entry_set_tag_type(PyObject* obj, PyObject* value, void* arg) {
819 Entry_Object *self = (Entry_Object*) obj;
822 PyErr_SetString(PyExc_TypeError,
823 "tag type deletion is not supported");
827 if(!PyInt_Check(value)) {
828 PyErr_SetString(PyExc_TypeError,
829 "tag type must be integer");
832 if(acl_set_tag_type(self->entry, (acl_tag_t)PyInt_AsLong(value)) == -1) {
833 PyErr_SetFromErrno(PyExc_IOError);
840 /* Returns the tag type of the entry */
841 static PyObject* Entry_get_tag_type(PyObject *obj, void* arg) {
842 Entry_Object *self = (Entry_Object*) obj;
845 if (self->entry == NULL) {
846 PyErr_SetString(PyExc_AttributeError, "entry attribute");
849 if(acl_get_tag_type(self->entry, &value) == -1) {
850 PyErr_SetFromErrno(PyExc_IOError);
854 return PyInt_FromLong(value);
857 /* Sets the qualifier (either uid_t or gid_t) for the entry,
858 * usable only if the tag type if ACL_USER or ACL_GROUP
860 static int Entry_set_qualifier(PyObject* obj, PyObject* value, void* arg) {
861 Entry_Object *self = (Entry_Object*) obj;
869 PyErr_SetString(PyExc_TypeError,
870 "qualifier deletion is not supported");
874 if(!PyInt_Check(value)) {
875 PyErr_SetString(PyExc_TypeError,
876 "qualifier must be integer");
879 if((uidgid = PyInt_AsLong(value)) == -1) {
880 if(PyErr_Occurred() != NULL) {
884 /* Due to how acl_set_qualifier takes its argument, we have to do
885 this ugly dance with two variables and a pointer that will
886 point to one of them. */
887 if(acl_get_tag_type(self->entry, &tag) == -1) {
888 PyErr_SetFromErrno(PyExc_IOError);
895 if((long)uid != uidgid) {
896 PyErr_SetString(PyExc_OverflowError, "cannot assign given qualifier");
903 if((long)gid != uidgid) {
904 PyErr_SetString(PyExc_OverflowError, "cannot assign given qualifier");
911 PyErr_SetString(PyExc_TypeError,
912 "can only set qualifiers on ACL_USER or ACL_GROUP entries");
915 if(acl_set_qualifier(self->entry, p) == -1) {
916 PyErr_SetFromErrno(PyExc_IOError);
923 /* Returns the qualifier of the entry */
924 static PyObject* Entry_get_qualifier(PyObject *obj, void* arg) {
925 Entry_Object *self = (Entry_Object*) obj;
929 if (self->entry == NULL) {
930 PyErr_SetString(PyExc_AttributeError, "entry attribute");
933 if(!get_tag_qualifier(self->entry, &tq)) {
936 if (tq.tag == ACL_USER) {
938 } else if (tq.tag == ACL_GROUP) {
941 PyErr_SetString(PyExc_TypeError,
942 "given entry doesn't have an user or"
946 return PyInt_FromLong(value);
949 /* Returns the parent ACL of the entry */
950 static PyObject* Entry_get_parent(PyObject *obj, void* arg) {
951 Entry_Object *self = (Entry_Object*) obj;
953 Py_INCREF(self->parent_acl);
954 return self->parent_acl;
957 /* Returns the a new Permset representing the permset of the entry
958 * FIXME: Should return a new reference to the same object, which
959 * should be created at init time!
961 static PyObject* Entry_get_permset(PyObject *obj, void* arg) {
962 Entry_Object *self = (Entry_Object*)obj;
966 p = Permset_new(&Permset_Type, NULL, NULL);
969 ps = (Permset_Object*)p;
970 if(acl_get_permset(self->entry, &ps->permset) == -1) {
971 PyErr_SetFromErrno(PyExc_IOError);
975 ps->parent_entry = obj;
981 /* Sets the permset of the entry to the passed Permset */
982 static int Entry_set_permset(PyObject* obj, PyObject* value, void* arg) {
983 Entry_Object *self = (Entry_Object*)obj;
986 if(!PyObject_IsInstance(value, (PyObject*)&Permset_Type)) {
987 PyErr_SetString(PyExc_TypeError, "argument 1 must be posix1e.Permset");
990 p = (Permset_Object*)value;
991 if(acl_set_permset(self->entry, p->permset) == -1) {
992 PyErr_SetFromErrno(PyExc_IOError);
998 static char __Entry_copy_doc__[] =
1000 "Copies an ACL entry.\n"
1002 "This method sets all the parameters to those of another\n"
1003 "entry (either of the same ACL or belonging to another ACL).\n"
1005 ":param Entry src: instance of type Entry\n"
1008 /* Sets all the entry parameters to another entry */
1009 static PyObject* Entry_copy(PyObject *obj, PyObject *args) {
1010 Entry_Object *self = (Entry_Object*)obj;
1011 Entry_Object *other;
1013 if(!PyArg_ParseTuple(args, "O!", &Entry_Type, &other))
1016 if(acl_copy_entry(self->entry, other->entry) == -1)
1017 return PyErr_SetFromErrno(PyExc_IOError);
1023 /**** Permset type *****/
1025 /* Creation of a new Permset instance */
1026 static PyObject* Permset_new(PyTypeObject* type, PyObject* args,
1028 PyObject* newpermset;
1030 newpermset = PyType_GenericNew(type, args, keywds);
1032 if(newpermset != NULL) {
1033 ((Permset_Object*)newpermset)->permset = NULL;
1034 ((Permset_Object*)newpermset)->parent_entry = NULL;
1040 /* Initialization of a new Permset instance */
1041 static int Permset_init(PyObject* obj, PyObject* args, PyObject *keywds) {
1042 Permset_Object* self = (Permset_Object*) obj;
1043 Entry_Object* parent = NULL;
1045 if (!PyArg_ParseTuple(args, "O!", &Entry_Type, &parent))
1048 if(acl_get_permset(parent->entry, &self->permset) == -1) {
1049 PyErr_SetFromErrno(PyExc_IOError);
1053 self->parent_entry = (PyObject*)parent;
1059 /* Free the Permset instance */
1060 static void Permset_dealloc(PyObject* obj) {
1061 Permset_Object *self = (Permset_Object*) obj;
1062 PyObject *err_type, *err_value, *err_traceback;
1063 int have_error = PyErr_Occurred() ? 1 : 0;
1066 PyErr_Fetch(&err_type, &err_value, &err_traceback);
1067 if(self->parent_entry != NULL) {
1068 Py_DECREF(self->parent_entry);
1069 self->parent_entry = NULL;
1072 PyErr_Restore(err_type, err_value, err_traceback);
1076 /* Permset string representation */
1077 static PyObject* Permset_str(PyObject *obj) {
1078 Permset_Object *self = (Permset_Object*) obj;
1081 pstr[0] = get_perm(self->permset, ACL_READ) ? 'r' : '-';
1082 pstr[1] = get_perm(self->permset, ACL_WRITE) ? 'w' : '-';
1083 pstr[2] = get_perm(self->permset, ACL_EXECUTE) ? 'x' : '-';
1084 return MyString_FromStringAndSize(pstr, 3);
1087 static char __Permset_clear_doc__[] =
1088 "Clears all permissions from the permission set.\n"
1091 /* Clears all permissions from the permset */
1092 static PyObject* Permset_clear(PyObject* obj, PyObject* args) {
1093 Permset_Object *self = (Permset_Object*) obj;
1095 if(acl_clear_perms(self->permset) == -1)
1096 return PyErr_SetFromErrno(PyExc_IOError);
1098 /* Return the result */
1103 static PyObject* Permset_get_right(PyObject *obj, void* arg) {
1104 Permset_Object *self = (Permset_Object*) obj;
1106 if(get_perm(self->permset, *(acl_perm_t*)arg)) {
1113 static int Permset_set_right(PyObject* obj, PyObject* value, void* arg) {
1114 Permset_Object *self = (Permset_Object*) obj;
1118 if(!PyInt_Check(value)) {
1119 PyErr_SetString(PyExc_ValueError, "a maximum of one argument must"
1123 on = PyInt_AsLong(value);
1125 nerr = acl_add_perm(self->permset, *(acl_perm_t*)arg);
1127 nerr = acl_delete_perm(self->permset, *(acl_perm_t*)arg);
1129 PyErr_SetFromErrno(PyExc_IOError);
1135 static char __Permset_add_doc__[] =
1137 "Add a permission to the permission set.\n"
1139 "This function adds the permission contained in \n"
1140 "the argument perm to the permission set. An attempt \n"
1141 "to add a permission that is already contained in the \n"
1142 "permission set is not considered an error.\n"
1144 ":param perm: a permission (:py:data:`ACL_WRITE`, :py:data:`ACL_READ`,\n"
1145 " :py:data:`ACL_EXECUTE`, ...)\n"
1146 ":raises IOError: in case the argument is not a valid descriptor\n"
1149 static PyObject* Permset_add(PyObject* obj, PyObject* args) {
1150 Permset_Object *self = (Permset_Object*) obj;
1153 if (!PyArg_ParseTuple(args, "i", &right))
1156 if(acl_add_perm(self->permset, (acl_perm_t) right) == -1)
1157 return PyErr_SetFromErrno(PyExc_IOError);
1159 /* Return the result */
1164 static char __Permset_delete_doc__[] =
1166 "Delete a permission from the permission set.\n"
1168 "This function deletes the permission contained in \n"
1169 "the argument perm from the permission set. An attempt \n"
1170 "to delete a permission that is not contained in the \n"
1171 "permission set is not considered an error.\n"
1173 ":param perm: a permission (:py:data:`ACL_WRITE`, :py:data:`ACL_READ`,\n"
1174 " :py:data:`ACL_EXECUTE`, ...)\n"
1175 ":raises IOError: in case the argument is not a valid descriptor\n"
1178 static PyObject* Permset_delete(PyObject* obj, PyObject* args) {
1179 Permset_Object *self = (Permset_Object*) obj;
1182 if (!PyArg_ParseTuple(args, "i", &right))
1185 if(acl_delete_perm(self->permset, (acl_perm_t) right) == -1)
1186 return PyErr_SetFromErrno(PyExc_IOError);
1188 /* Return the result */
1193 static char __Permset_test_doc__[] =
1195 "Test if a permission exists in the permission set.\n"
1197 "The test() function tests if the permission represented by\n"
1198 "the argument perm exists in the permission set.\n"
1200 ":param perm: a permission (:py:data:`ACL_WRITE`, :py:data:`ACL_READ`,\n"
1201 " :py:data:`ACL_EXECUTE`, ...)\n"
1203 ":raises IOError: in case the argument is not a valid descriptor\n"
1206 static PyObject* Permset_test(PyObject* obj, PyObject* args) {
1207 Permset_Object *self = (Permset_Object*) obj;
1211 if (!PyArg_ParseTuple(args, "i", &right))
1214 ret = get_perm(self->permset, (acl_perm_t) right);
1216 return PyErr_SetFromErrno(PyExc_IOError);
1227 static char __ACL_Type_doc__[] =
1228 "Type which represents a POSIX ACL\n"
1230 ".. note:: only one keyword parameter should be provided\n"
1232 ":param string file: creates an ACL representing\n"
1233 " the access ACL of the specified file\n"
1234 ":param string filedef: creates an ACL representing\n"
1235 " the default ACL of the given directory\n"
1236 ":param int fd: creates an ACL representing\n"
1237 " the access ACL of the given file descriptor\n"
1238 ":param string text: creates an ACL from a \n"
1239 " textual description\n"
1240 ":param ACL acl: creates a copy of an existing ACL instance\n"
1241 ":param int mode: creates an ACL from a numeric mode\n"
1242 " (e.g. mode=0644) (this is valid only when the C library\n"
1243 " provides the acl_from_mode call)\n"
1245 "If no parameters are passed, an empty ACL will be created; this\n"
1246 "makes sense only when your OS supports ACL modification\n"
1247 "(i.e. it implements full POSIX.1e support), otherwise the ACL won't\n"
1251 /* ACL type methods */
1252 static PyMethodDef ACL_methods[] = {
1253 {"applyto", ACL_applyto, METH_VARARGS, __applyto_doc__},
1254 {"valid", ACL_valid, METH_NOARGS, __valid_doc__},
1256 {"to_any_text", (PyCFunction)ACL_to_any_text, METH_VARARGS | METH_KEYWORDS,
1257 __to_any_text_doc__},
1258 {"check", ACL_check, METH_NOARGS, __check_doc__},
1259 {"equiv_mode", ACL_equiv_mode, METH_NOARGS, __equiv_mode_doc__},
1261 #ifdef HAVE_ACL_COPYEXT
1262 {"__getstate__", ACL_get_state, METH_NOARGS,
1263 "Dumps the ACL to an external format."},
1264 {"__setstate__", ACL_set_state, METH_VARARGS,
1265 "Loads the ACL from an external format."},
1268 {"delete_entry", ACL_delete_entry, METH_VARARGS, __ACL_delete_entry_doc__},
1269 {"calc_mask", ACL_calc_mask, METH_NOARGS, __ACL_calc_mask_doc__},
1270 {"append", ACL_append, METH_VARARGS, __ACL_append_doc__},
1272 {NULL, NULL, 0, NULL}
1276 /* The definition of the ACL Type */
1277 static PyTypeObject ACL_Type = {
1279 PyVarObject_HEAD_INIT(NULL, 0)
1281 PyObject_HEAD_INIT(NULL)
1287 ACL_dealloc, /* tp_dealloc */
1291 ACL_nocmp, /* tp_compare */
1293 0, /* tp_as_number */
1294 0, /* tp_as_sequence */
1295 0, /* tp_as_mapping */
1298 ACL_str, /* tp_str */
1299 0, /* tp_getattro */
1300 0, /* tp_setattro */
1301 0, /* tp_as_buffer */
1302 Py_TPFLAGS_DEFAULT, /* tp_flags */
1303 __ACL_Type_doc__, /* tp_doc */
1304 0, /* tp_traverse */
1307 ACL_richcompare, /* tp_richcompare */
1309 0, /* tp_richcompare */
1311 0, /* tp_weaklistoffset */
1317 0, /* tp_iternext */
1319 ACL_methods, /* tp_methods */
1324 0, /* tp_descr_get */
1325 0, /* tp_descr_set */
1326 0, /* tp_dictoffset */
1327 ACL_init, /* tp_init */
1329 ACL_new, /* tp_new */
1334 /* Entry type methods */
1335 static PyMethodDef Entry_methods[] = {
1336 {"copy", Entry_copy, METH_VARARGS, __Entry_copy_doc__},
1337 {NULL, NULL, 0, NULL}
1340 static char __Entry_tagtype_doc__[] =
1341 "The tag type of the current entry\n"
1344 " - :py:data:`ACL_UNDEFINED_TAG`\n"
1345 " - :py:data:`ACL_USER_OBJ`\n"
1346 " - :py:data:`ACL_USER`\n"
1347 " - :py:data:`ACL_GROUP_OBJ`\n"
1348 " - :py:data:`ACL_GROUP`\n"
1349 " - :py:data:`ACL_MASK`\n"
1350 " - :py:data:`ACL_OTHER`\n"
1353 static char __Entry_qualifier_doc__[] =
1354 "The qualifier of the current entry\n"
1356 "If the tag type is :py:data:`ACL_USER`, this should be a user id.\n"
1357 "If the tag type if :py:data:`ACL_GROUP`, this should be a group id.\n"
1358 "Else it doesn't matter.\n"
1361 static char __Entry_parent_doc__[] =
1362 "The parent ACL of this entry\n"
1365 static char __Entry_permset_doc__[] =
1366 "The permission set of this ACL entry\n"
1370 static PyGetSetDef Entry_getsets[] = {
1371 {"tag_type", Entry_get_tag_type, Entry_set_tag_type,
1372 __Entry_tagtype_doc__},
1373 {"qualifier", Entry_get_qualifier, Entry_set_qualifier,
1374 __Entry_qualifier_doc__},
1375 {"parent", Entry_get_parent, NULL, __Entry_parent_doc__},
1376 {"permset", Entry_get_permset, Entry_set_permset, __Entry_permset_doc__},
1380 static char __Entry_Type_doc__[] =
1381 "Type which represents an entry in an ACL.\n"
1383 "The type exists only if the OS has full support for POSIX.1e\n"
1384 "Can be created either by:\n"
1386 " >>> e = posix1e.Entry(myACL) # this creates a new entry in the ACL\n"
1387 " >>> e = myACL.append() # another way for doing the same thing\n"
1391 " >>> for entry in myACL:\n"
1392 " ... print entry\n"
1394 "Note that the Entry keeps a reference to its ACL, so even if \n"
1395 "you delete the ACL, it won't be cleaned up and will continue to \n"
1396 "exist until its Entry(ies) will be deleted.\n"
1398 /* The definition of the Entry Type */
1399 static PyTypeObject Entry_Type = {
1401 PyVarObject_HEAD_INIT(NULL, 0)
1403 PyObject_HEAD_INIT(NULL)
1407 sizeof(Entry_Object),
1409 Entry_dealloc, /* tp_dealloc */
1415 0, /* tp_as_number */
1416 0, /* tp_as_sequence */
1417 0, /* tp_as_mapping */
1420 Entry_str, /* tp_str */
1421 0, /* tp_getattro */
1422 0, /* tp_setattro */
1423 0, /* tp_as_buffer */
1424 Py_TPFLAGS_DEFAULT, /* tp_flags */
1425 __Entry_Type_doc__, /* tp_doc */
1426 0, /* tp_traverse */
1428 0, /* tp_richcompare */
1429 0, /* tp_weaklistoffset */
1431 0, /* tp_iternext */
1432 Entry_methods, /* tp_methods */
1434 Entry_getsets, /* tp_getset */
1437 0, /* tp_descr_get */
1438 0, /* tp_descr_set */
1439 0, /* tp_dictoffset */
1440 Entry_init, /* tp_init */
1442 Entry_new, /* tp_new */
1445 /* Permset type methods */
1446 static PyMethodDef Permset_methods[] = {
1447 {"clear", Permset_clear, METH_NOARGS, __Permset_clear_doc__, },
1448 {"add", Permset_add, METH_VARARGS, __Permset_add_doc__, },
1449 {"delete", Permset_delete, METH_VARARGS, __Permset_delete_doc__, },
1450 {"test", Permset_test, METH_VARARGS, __Permset_test_doc__, },
1451 {NULL, NULL, 0, NULL}
1454 static char __Permset_execute_doc__[] =
1455 "Execute permission property\n"
1457 "This is a convenience method of retrieving and setting the execute\n"
1458 "permission in the permission set; the \n"
1459 "same effect can be achieved using the functions\n"
1460 "add(), test(), delete(), and those can take any \n"
1461 "permission defined by your platform.\n"
1464 static char __Permset_read_doc__[] =
1465 "Read permission property\n"
1467 "This is a convenience method of retrieving and setting the read\n"
1468 "permission in the permission set; the \n"
1469 "same effect can be achieved using the functions\n"
1470 "add(), test(), delete(), and those can take any \n"
1471 "permission defined by your platform.\n"
1474 static char __Permset_write_doc__[] =
1475 "Write permission property\n"
1477 "This is a convenience method of retrieving and setting the write\n"
1478 "permission in the permission set; the \n"
1479 "same effect can be achieved using the functions\n"
1480 "add(), test(), delete(), and those can take any \n"
1481 "permission defined by your platform.\n"
1484 /* Permset getset */
1485 static PyGetSetDef Permset_getsets[] = {
1486 {"execute", Permset_get_right, Permset_set_right,
1487 __Permset_execute_doc__, &holder_ACL_EXECUTE},
1488 {"read", Permset_get_right, Permset_set_right,
1489 __Permset_read_doc__, &holder_ACL_READ},
1490 {"write", Permset_get_right, Permset_set_right,
1491 __Permset_write_doc__, &holder_ACL_WRITE},
1495 static char __Permset_Type_doc__[] =
1496 "Type which represents the permission set in an ACL entry\n"
1498 "The type exists only if the OS has full support for POSIX.1e\n"
1499 "Can be retrieved either by:\n\n"
1500 ">>> perms = myEntry.permset\n"
1503 ">>> perms = posix1e.Permset(myEntry)\n"
1505 "Note that the Permset keeps a reference to its Entry, so even if \n"
1506 "you delete the entry, it won't be cleaned up and will continue to \n"
1507 "exist until its Permset will be deleted.\n"
1510 /* The definition of the Permset Type */
1511 static PyTypeObject Permset_Type = {
1513 PyVarObject_HEAD_INIT(NULL, 0)
1515 PyObject_HEAD_INIT(NULL)
1519 sizeof(Permset_Object),
1521 Permset_dealloc, /* tp_dealloc */
1527 0, /* tp_as_number */
1528 0, /* tp_as_sequence */
1529 0, /* tp_as_mapping */
1532 Permset_str, /* tp_str */
1533 0, /* tp_getattro */
1534 0, /* tp_setattro */
1535 0, /* tp_as_buffer */
1536 Py_TPFLAGS_DEFAULT, /* tp_flags */
1537 __Permset_Type_doc__,/* tp_doc */
1538 0, /* tp_traverse */
1540 0, /* tp_richcompare */
1541 0, /* tp_weaklistoffset */
1543 0, /* tp_iternext */
1544 Permset_methods, /* tp_methods */
1546 Permset_getsets, /* tp_getset */
1549 0, /* tp_descr_get */
1550 0, /* tp_descr_set */
1551 0, /* tp_dictoffset */
1552 Permset_init, /* tp_init */
1554 Permset_new, /* tp_new */
1559 /* Module methods */
1561 static char __deletedef_doc__[] =
1562 "delete_default(path)\n"
1563 "Delete the default ACL from a directory.\n"
1565 "This function deletes the default ACL associated with\n"
1566 "a directory (the ACL which will be ANDed with the mode\n"
1567 "parameter to the open, creat functions).\n"
1569 ":param string path: the directory whose default ACL should be deleted\n"
1572 /* Deletes the default ACL from a directory */
1573 static PyObject* aclmodule_delete_default(PyObject* obj, PyObject* args) {
1576 /* Parse the arguments */
1577 if (!PyArg_ParseTuple(args, "et", NULL, &filename))
1580 if(acl_delete_def_file(filename) == -1) {
1581 return PyErr_SetFromErrno(PyExc_IOError);
1584 /* Return the result */
1590 static char __has_extended_doc__[] =
1591 "has_extended(item)\n"
1592 "Check if a file or file handle has an extended ACL.\n"
1594 ":param item: either a file name or a file-like object or an integer;\n"
1595 " it represents the file-system object on which to act\n"
1598 /* Check for extended ACL a file or fd */
1599 static PyObject* aclmodule_has_extended(PyObject* obj, PyObject* args) {
1604 if (!PyArg_ParseTuple(args, "O", &myarg))
1607 if(PyBytes_Check(myarg)) {
1608 const char *filename = PyBytes_AS_STRING(myarg);
1609 nret = acl_extended_file(filename);
1610 } else if (PyUnicode_Check(myarg)) {
1612 PyUnicode_AsEncodedString(myarg,
1613 Py_FileSystemDefaultEncoding, "strict");
1616 const char *filename = PyBytes_AS_STRING(o);
1617 nret = acl_extended_file(filename);
1619 } else if((fd = PyObject_AsFileDescriptor(myarg)) != -1) {
1620 nret = acl_extended_fd(fd);
1622 PyErr_SetString(PyExc_TypeError, "argument 1 must be string, int,"
1623 " or file-like object");
1627 return PyErr_SetFromErrno(PyExc_IOError);
1630 /* Return the result */
1631 return PyBool_FromLong(nret);
1635 /* The module methods */
1636 static PyMethodDef aclmodule_methods[] = {
1637 {"delete_default", aclmodule_delete_default, METH_VARARGS,
1640 {"has_extended", aclmodule_has_extended, METH_VARARGS,
1641 __has_extended_doc__},
1643 {NULL, NULL, 0, NULL}
1646 static char __posix1e_doc__[] =
1647 "POSIX.1e ACLs manipulation\n"
1648 "==========================\n"
1650 "This module provides support for manipulating POSIX.1e ACLS\n"
1652 "Depending on the operating system support for POSIX.1e, \n"
1653 "the ACL type will have more or less capabilities:\n\n"
1654 " - level 1, only basic support, you can create\n"
1655 " ACLs from files and text descriptions;\n"
1656 " once created, the type is immutable\n"
1657 " - level 2, complete support, you can alter\n"
1658 " the ACL once it is created\n"
1660 "Also, in level 2, more types are available, corresponding\n"
1661 "to acl_entry_t (the Entry type), acl_permset_t (the Permset type).\n"
1663 "The existence of level 2 support and other extensions can be\n"
1664 "checked by the constants:\n\n"
1665 " - :py:data:`HAS_ACL_ENTRY` for level 2 and the Entry/Permset classes\n"
1666 " - :py:data:`HAS_ACL_FROM_MODE` for ``ACL(mode=...)`` usage\n"
1667 " - :py:data:`HAS_ACL_CHECK` for the :py:func:`ACL.check` function\n"
1668 " - :py:data:`HAS_EXTENDED_CHECK` for the module-level\n"
1669 " :py:func:`has_extended` function\n"
1670 " - :py:data:`HAS_EQUIV_MODE` for the :py:func:`ACL.equiv_mode` method\n"
1674 ">>> import posix1e\n"
1675 ">>> acl1 = posix1e.ACL(file=\"file.txt\") \n"
1681 ">>> b = posix1e.ACL(text=\"u::rx,g::-,o::-\")\n"
1687 ">>> b.applyto(\"file.txt\")\n"
1688 ">>> print posix1e.ACL(file=\"file.txt\")\n"
1694 ".. py:data:: ACL_USER\n\n"
1695 " Denotes a specific user entry in an ACL.\n"
1697 ".. py:data:: ACL_USER_OBJ\n\n"
1698 " Denotes the user owner entry in an ACL.\n"
1700 ".. py:data:: ACL_GROUP\n\n"
1701 " Denotes the a group entry in an ACL.\n"
1703 ".. py:data:: ACL_GROUP_OBJ\n\n"
1704 " Denotes the group owner entry in an ACL.\n"
1706 ".. py:data:: ACL_OTHER\n\n"
1707 " Denotes the 'others' entry in an ACL.\n"
1709 ".. py:data:: ACL_MASK\n\n"
1710 " Denotes the mask entry in an ACL, representing the maximum\n"
1711 " access granted other users, the owner group and other groups.\n"
1713 ".. py:data:: ACL_UNDEFINED_TAG\n\n"
1714 " An undefined tag in an ACL.\n"
1716 ".. py:data:: ACL_READ\n\n"
1717 " Read permission in a permission set.\n"
1719 ".. py:data:: ACL_WRITE\n\n"
1720 " Write permission in a permission set.\n"
1722 ".. py:data:: ACL_EXECUTE\n\n"
1723 " Execute permission in a permission set.\n"
1725 ".. py:data:: HAS_ACL_ENTRY\n\n"
1726 " denotes support for level 2 and the Entry/Permset classes\n"
1728 ".. py:data:: HAS_ACL_FROM_MODE\n\n"
1729 " denotes support for building an ACL from an octal mode\n"
1731 ".. py:data:: HAS_ACL_CHECK\n\n"
1732 " denotes support for extended checks of an ACL's validity\n"
1734 ".. py:data:: HAS_EXTENDED_CHECK\n\n"
1735 " denotes support for checking whether an ACL is basic or extended\n"
1737 ".. py:data:: HAS_EQUIV_MODE\n\n"
1738 " denotes support for the equiv_mode function\n"
1744 static struct PyModuleDef posix1emodule = {
1745 PyModuleDef_HEAD_INIT,
1752 #define INITERROR return NULL
1755 PyInit_posix1e(void)
1758 #define INITERROR return
1760 void initposix1e(void)
1765 Py_TYPE(&ACL_Type) = &PyType_Type;
1766 if(PyType_Ready(&ACL_Type) < 0)
1770 Py_TYPE(&Entry_Type) = &PyType_Type;
1771 if(PyType_Ready(&Entry_Type) < 0)
1774 Py_TYPE(&Permset_Type) = &PyType_Type;
1775 if(PyType_Ready(&Permset_Type) < 0)
1780 m = PyModule_Create(&posix1emodule);
1782 m = Py_InitModule3("posix1e", aclmodule_methods, __posix1e_doc__);
1787 d = PyModule_GetDict(m);
1791 Py_INCREF(&ACL_Type);
1792 if (PyDict_SetItemString(d, "ACL",
1793 (PyObject *) &ACL_Type) < 0)
1796 /* 23.3.6 acl_type_t values */
1797 PyModule_AddIntConstant(m, "ACL_TYPE_ACCESS", ACL_TYPE_ACCESS);
1798 PyModule_AddIntConstant(m, "ACL_TYPE_DEFAULT", ACL_TYPE_DEFAULT);
1802 Py_INCREF(&Entry_Type);
1803 if (PyDict_SetItemString(d, "Entry",
1804 (PyObject *) &Entry_Type) < 0)
1807 Py_INCREF(&Permset_Type);
1808 if (PyDict_SetItemString(d, "Permset",
1809 (PyObject *) &Permset_Type) < 0)
1812 /* 23.2.2 acl_perm_t values */
1813 PyModule_AddIntConstant(m, "ACL_READ", ACL_READ);
1814 PyModule_AddIntConstant(m, "ACL_WRITE", ACL_WRITE);
1815 PyModule_AddIntConstant(m, "ACL_EXECUTE", ACL_EXECUTE);
1817 /* 23.2.5 acl_tag_t values */
1818 PyModule_AddIntConstant(m, "ACL_UNDEFINED_TAG", ACL_UNDEFINED_TAG);
1819 PyModule_AddIntConstant(m, "ACL_USER_OBJ", ACL_USER_OBJ);
1820 PyModule_AddIntConstant(m, "ACL_USER", ACL_USER);
1821 PyModule_AddIntConstant(m, "ACL_GROUP_OBJ", ACL_GROUP_OBJ);
1822 PyModule_AddIntConstant(m, "ACL_GROUP", ACL_GROUP);
1823 PyModule_AddIntConstant(m, "ACL_MASK", ACL_MASK);
1824 PyModule_AddIntConstant(m, "ACL_OTHER", ACL_OTHER);
1826 /* Document extended functionality via easy-to-use constants */
1827 PyModule_AddIntConstant(m, "HAS_ACL_ENTRY", 1);
1829 PyModule_AddIntConstant(m, "HAS_ACL_ENTRY", 0);
1833 /* Linux libacl specific acl_to_any_text constants */
1834 PyModule_AddIntConstant(m, "TEXT_ABBREVIATE", TEXT_ABBREVIATE);
1835 PyModule_AddIntConstant(m, "TEXT_NUMERIC_IDS", TEXT_NUMERIC_IDS);
1836 PyModule_AddIntConstant(m, "TEXT_SOME_EFFECTIVE", TEXT_SOME_EFFECTIVE);
1837 PyModule_AddIntConstant(m, "TEXT_ALL_EFFECTIVE", TEXT_ALL_EFFECTIVE);
1838 PyModule_AddIntConstant(m, "TEXT_SMART_INDENT", TEXT_SMART_INDENT);
1840 /* Linux libacl specific acl_check constants */
1841 PyModule_AddIntConstant(m, "ACL_MULTI_ERROR", ACL_MULTI_ERROR);
1842 PyModule_AddIntConstant(m, "ACL_DUPLICATE_ERROR", ACL_DUPLICATE_ERROR);
1843 PyModule_AddIntConstant(m, "ACL_MISS_ERROR", ACL_MISS_ERROR);
1844 PyModule_AddIntConstant(m, "ACL_ENTRY_ERROR", ACL_ENTRY_ERROR);
1846 #define LINUX_EXT_VAL 1
1848 #define LINUX_EXT_VAL 0
1850 /* declare the Linux extensions */
1851 PyModule_AddIntConstant(m, "HAS_ACL_FROM_MODE", LINUX_EXT_VAL);
1852 PyModule_AddIntConstant(m, "HAS_ACL_CHECK", LINUX_EXT_VAL);
1853 PyModule_AddIntConstant(m, "HAS_EXTENDED_CHECK", LINUX_EXT_VAL);
1854 PyModule_AddIntConstant(m, "HAS_EQUIV_MODE", LINUX_EXT_VAL);
projects / pylibacl.git / blob