2 posix1e - a python module exposing the posix acl functions
4 Copyright (C) 2002-2009, 2012, 2014, 2015 Iustin Pop <iustin@k1024.org>
6 This library is free software; you can redistribute it and/or
7 modify it under the terms of the GNU Lesser General Public
8 License as published by the Free Software Foundation; either
9 version 2.1 of the License, or (at your option) any later version.
11 This library is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 Lesser General Public License for more details.
16 You should have received a copy of the GNU Lesser General Public
17 License along with this library; if not, write to the Free Software
18 Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
25 #include <sys/types.h>
29 #include <acl/libacl.h>
30 #define get_perm acl_get_perm
32 #define get_perm acl_get_perm_np
35 #if PY_MAJOR_VERSION >= 3
37 #define PyInt_Check(op) PyLong_Check(op)
38 #define PyInt_FromString PyLong_FromString
39 #define PyInt_FromUnicode PyLong_FromUnicode
40 #define PyInt_FromLong PyLong_FromLong
41 #define PyInt_FromSize_t PyLong_FromSize_t
42 #define PyInt_FromSsize_t PyLong_FromSsize_t
43 #define PyInt_AsLong PyLong_AsLong
44 #define PyInt_AsSsize_t PyLong_AsSsize_t
45 #define PyInt_AsUnsignedLongMask PyLong_AsUnsignedLongMask
46 #define PyInt_AsUnsignedLongLongMask PyLong_AsUnsignedLongLongMask
47 #define PyInt_AS_LONG PyLong_AS_LONG
48 #define MyString_ConcatAndDel PyUnicode_AppendAndDel
49 #define MyString_FromFormat PyUnicode_FromFormat
50 #define MyString_FromString PyUnicode_FromString
51 #define MyString_FromStringAndSize PyUnicode_FromStringAndSize
53 #define PyBytes_Check PyString_Check
54 #define PyBytes_AS_STRING PyString_AS_STRING
55 #define PyBytes_FromStringAndSize PyString_FromStringAndSize
56 #define PyBytes_FromString PyString_FromString
57 #define PyBytes_FromFormat PyString_FromFormat
58 #define PyBytes_ConcatAndDel PyString_ConcatAndDel
59 #define MyString_ConcatAndDel PyBytes_ConcatAndDel
60 #define MyString_FromFormat PyBytes_FromFormat
61 #define MyString_FromString PyBytes_FromString
62 #define MyString_FromStringAndSize PyBytes_FromStringAndSize
64 /* Python 2.6 already defines Py_TYPE */
66 #define Py_TYPE(o) (((PyObject*)(o))->ob_type)
70 /* Used for cpychecker: */
71 /* The checker automatically defines this preprocessor name when creating
72 the custom attribute: */
73 #if defined(WITH_CPYCHECKER_TYPE_OBJECT_FOR_TYPEDEF_ATTRIBUTE)
74 #define CPYCHECKER_TYPE_OBJECT_FOR_TYPEDEF(typename) \
75 __attribute__((cpychecker_type_object_for_typedef(typename)))
77 /* This handles the case where we're compiling with a "vanilla"
78 compiler that doesn't supply this attribute: */
79 #define CPYCHECKER_TYPE_OBJECT_FOR_TYPEDEF(typename)
82 /* The checker automatically defines this preprocessor name when creating
83 the custom attribute: */
84 #if defined(WITH_CPYCHECKER_NEGATIVE_RESULT_SETS_EXCEPTION_ATTRIBUTE)
85 #define CPYCHECKER_NEGATIVE_RESULT_SETS_EXCEPTION \
86 __attribute__((cpychecker_negative_result_sets_exception))
88 #define CPYCHECKER_NEGATIVE_RESULT_SETS_EXCEPTION
91 static PyTypeObject ACL_Type
92 CPYCHECKER_TYPE_OBJECT_FOR_TYPEDEF("ACL_Object");
93 static PyObject* ACL_applyto(PyObject* obj, PyObject* args);
94 static PyObject* ACL_valid(PyObject* obj, PyObject* args);
96 #ifdef HAVE_ACL_COPY_EXT
97 static PyObject* ACL_get_state(PyObject *obj, PyObject* args);
98 static PyObject* ACL_set_state(PyObject *obj, PyObject* args);
102 static PyTypeObject Entry_Type
103 CPYCHECKER_TYPE_OBJECT_FOR_TYPEDEF("Entry_Object");
104 static PyTypeObject Permset_Type
105 CPYCHECKER_TYPE_OBJECT_FOR_TYPEDEF("Permset_Object");
106 static PyObject* Permset_new(PyTypeObject* type, PyObject* args,
110 static acl_perm_t holder_ACL_EXECUTE = ACL_EXECUTE;
111 static acl_perm_t holder_ACL_READ = ACL_READ;
112 static acl_perm_t holder_ACL_WRITE = ACL_WRITE;
126 PyObject *parent_acl; /* The parent acl, so it won't run out on us */
132 PyObject *parent_entry; /* The parent entry, so it won't run out on us */
133 acl_permset_t permset;
138 /* Creation of a new ACL instance */
139 static PyObject* ACL_new(PyTypeObject* type, PyObject* args,
143 newacl = type->tp_alloc(type, 0);
146 ((ACL_Object*)newacl)->acl = NULL;
148 ((ACL_Object*)newacl)->entry_id = ACL_FIRST_ENTRY;
155 /* Initialization of a new ACL instance */
156 static int ACL_init(PyObject* obj, PyObject* args, PyObject *keywds) {
157 ACL_Object* self = (ACL_Object*) obj;
159 static char *kwlist[] = { "file", "fd", "text", "acl", "filedef",
161 char *format = "|etisO!sH";
164 static char *kwlist[] = { "file", "fd", "text", "acl", "filedef", NULL };
165 char *format = "|etisO!s";
168 char *filedef = NULL;
171 ACL_Object* thesrc = NULL;
173 if(!PyTuple_Check(args) || PyTuple_Size(args) != 0 ||
174 (keywds != NULL && PyDict_Check(keywds) && PyDict_Size(keywds) > 1)) {
175 PyErr_SetString(PyExc_ValueError, "a max of one keyword argument"
179 if(!PyArg_ParseTupleAndKeywords(args, keywds, format, kwlist,
180 NULL, &file, &fd, &text, &ACL_Type,
188 /* Free the old acl_t without checking for error, we don't
190 if(self->acl != NULL)
194 self->acl = acl_get_file(file, ACL_TYPE_ACCESS);
195 else if(text != NULL)
196 self->acl = acl_from_text(text);
198 self->acl = acl_get_fd(fd);
199 else if(thesrc != NULL)
200 self->acl = acl_dup(thesrc->acl);
201 else if(filedef != NULL)
202 self->acl = acl_get_file(filedef, ACL_TYPE_DEFAULT);
204 else if(PyMapping_HasKeyString(keywds, kwlist[5]))
205 self->acl = acl_from_mode(mode);
208 self->acl = acl_init(0);
210 if(self->acl == NULL) {
211 PyErr_SetFromErrno(PyExc_IOError);
218 /* Standard type functions */
219 static void ACL_dealloc(PyObject* obj) {
220 ACL_Object *self = (ACL_Object*) obj;
221 PyObject *err_type, *err_value, *err_traceback;
222 int have_error = PyErr_Occurred() ? 1 : 0;
225 PyErr_Fetch(&err_type, &err_value, &err_traceback);
226 if(self->acl != NULL && acl_free(self->acl) != 0)
227 PyErr_WriteUnraisable(obj);
229 PyErr_Restore(err_type, err_value, err_traceback);
233 /* Converts the acl to a text format */
234 static PyObject* ACL_str(PyObject *obj) {
236 ACL_Object *self = (ACL_Object*) obj;
239 text = acl_to_text(self->acl, NULL);
241 return PyErr_SetFromErrno(PyExc_IOError);
243 ret = MyString_FromString(text);
244 if(acl_free(text) != 0) {
246 return PyErr_SetFromErrno(PyExc_IOError);
252 static char __to_any_text_doc__[] =
253 "to_any_text([prefix='', separator='n', options=0])\n"
254 "Convert the ACL to a custom text format.\n"
256 "This method encapsulates the ``acl_to_any_text()`` function.\n"
257 "It allows a customized text format to be generated for the ACL. See\n"
258 ":manpage:`acl_to_any_text(3)` for more details.\n"
260 ":param string prefix: if given, this string will be pre-pended to\n"
262 ":param string separator: a single character (defaults to '\\n'); this will"
263 " be used to separate the entries in the ACL\n"
264 ":param options: a bitwise combination of:\n\n"
265 " - :py:data:`TEXT_ABBREVIATE`: use 'u' instead of 'user', 'g' \n"
266 " instead of 'group', etc.\n"
267 " - :py:data:`TEXT_NUMERIC_IDS`: User and group IDs are included as\n"
268 " decimal numbers instead of names\n"
269 " - :py:data:`TEXT_SOME_EFFECTIVE`: Include comments denoting the\n"
270 " effective permissions when some are masked\n"
271 " - :py:data:`TEXT_ALL_EFFECTIVE`: Include comments after all ACL\n"
272 " entries affected by an ACL_MASK entry\n"
273 " - :py:data:`TEXT_SMART_INDENT`: Used in combination with the\n"
274 " _EFFECTIVE options, this will ensure that comments are aligned\n"
275 " to the fourth tab position (assuming one tab equals eight spaces)\n"
279 /* Converts the acl to a custom text format */
280 static PyObject* ACL_to_any_text(PyObject *obj, PyObject *args,
283 ACL_Object *self = (ACL_Object*) obj;
285 const char *arg_prefix = NULL;
286 char arg_separator = '\n';
288 static char *kwlist[] = {"prefix", "separator", "options", NULL};
290 if (!PyArg_ParseTupleAndKeywords(args, kwds, "|sci", kwlist, &arg_prefix,
291 &arg_separator, &arg_options))
294 text = acl_to_any_text(self->acl, arg_prefix, arg_separator, arg_options);
296 return PyErr_SetFromErrno(PyExc_IOError);
298 ret = PyBytes_FromString(text);
299 if(acl_free(text) != 0) {
301 return PyErr_SetFromErrno(PyExc_IOError);
306 static char __check_doc__[] =
307 "Check the ACL validity.\n"
309 "This is a non-portable, Linux specific extension that allow more\n"
310 "information to be retrieved in case an ACL is not valid than via the\n"
311 ":py:func:`valid` method.\n"
313 "This method will return either False (the ACL is valid), or a tuple\n"
314 "with two elements. The first element is one of the following\n"
316 " - :py:data:`ACL_MULTI_ERROR`: The ACL contains multiple entries that\n"
317 " have a tag type that may occur at most once\n"
318 " - :py:data:`ACL_DUPLICATE_ERROR`: The ACL contains multiple \n"
319 " :py:data:`ACL_USER` or :py:data:`ACL_GROUP` entries with the\n"
321 " - :py:data:`ACL_MISS_ERROR`: A required entry is missing\n"
322 " - :py:data:`ACL_ENTRY_ERROR`: The ACL contains an invalid entry\n"
325 "The second element of the tuple is the index of the entry that is\n"
326 "invalid (in the same order as by iterating over the ACL entry)\n"
329 /* The acl_check method */
330 static PyObject* ACL_check(PyObject* obj, PyObject* args) {
331 ACL_Object *self = (ACL_Object*) obj;
335 if((result = acl_check(self->acl, &eindex)) == -1)
336 return PyErr_SetFromErrno(PyExc_IOError);
340 return Py_BuildValue("(ii)", result, eindex);
343 /* Implementation of the rich compare for ACLs */
344 static PyObject* ACL_richcompare(PyObject* o1, PyObject* o2, int op) {
345 ACL_Object *acl1, *acl2;
349 if(!PyObject_IsInstance(o2, (PyObject*)&ACL_Type)) {
354 PyErr_SetString(PyExc_TypeError, "can only compare to an ACL");
358 acl1 = (ACL_Object*)o1;
359 acl2 = (ACL_Object*)o2;
360 if((n=acl_cmp(acl1->acl, acl2->acl))==-1)
361 return PyErr_SetFromErrno(PyExc_IOError);
364 ret = n == 0 ? Py_True : Py_False;
367 ret = n == 1 ? Py_True : Py_False;
370 ret = Py_NotImplemented;
376 static char __equiv_mode_doc__[] =
377 "Return the octal mode the ACL is equivalent to.\n"
379 "This is a non-portable, Linux specific extension that checks\n"
380 "if the ACL is a basic ACL and returns the corresponding mode.\n"
383 ":raise IOError: An IOerror exception will be raised if the ACL is\n"
384 " an extended ACL.\n"
387 /* The acl_equiv_mode method */
388 static PyObject* ACL_equiv_mode(PyObject* obj, PyObject* args) {
389 ACL_Object *self = (ACL_Object*) obj;
392 if(acl_equiv_mode(self->acl, &mode) == -1)
393 return PyErr_SetFromErrno(PyExc_IOError);
394 return PyInt_FromLong(mode);
398 /* Implementation of the compare for ACLs */
399 static int ACL_nocmp(PyObject* o1, PyObject* o2) {
401 PyErr_SetString(PyExc_TypeError, "cannot compare ACLs using cmp()");
406 static char __applyto_doc__[] =
407 "applyto(item[, flag=ACL_TYPE_ACCESS])\n"
408 "Apply the ACL to a file or filehandle.\n"
410 ":param item: either a filename or a file-like object or an integer;\n"
411 " this represents the filesystem object on which to act\n"
412 ":param flag: optional flag representing the type of ACL to set, either\n"
413 " :py:data:`ACL_TYPE_ACCESS` (default) or :py:data:`ACL_TYPE_DEFAULT`\n"
416 /* Applies the ACL to a file */
417 static PyObject* ACL_applyto(PyObject* obj, PyObject* args) {
418 ACL_Object *self = (ACL_Object*) obj;
420 acl_type_t type = ACL_TYPE_ACCESS;
424 if (!PyArg_ParseTuple(args, "O|I", &myarg, &type))
427 if(PyBytes_Check(myarg)) {
428 char *filename = PyBytes_AS_STRING(myarg);
429 nret = acl_set_file(filename, type, self->acl);
430 } else if (PyUnicode_Check(myarg)) {
432 PyUnicode_AsEncodedString(myarg,
433 Py_FileSystemDefaultEncoding, "strict");
436 const char *filename = PyBytes_AS_STRING(o);
437 nret = acl_set_file(filename, type, self->acl);
439 } else if((fd = PyObject_AsFileDescriptor(myarg)) != -1) {
440 nret = acl_set_fd(fd, self->acl);
442 PyErr_SetString(PyExc_TypeError, "argument 1 must be string, int,"
443 " or file-like object");
447 return PyErr_SetFromErrno(PyExc_IOError);
450 /* Return the result */
455 static char __valid_doc__[] =
456 "Test the ACL for validity.\n"
458 "This method tests the ACL to see if it is a valid ACL\n"
459 "in terms of the file-system. More precisely, it checks that:\n"
461 "The ACL contains exactly one entry with each of the\n"
462 ":py:data:`ACL_USER_OBJ`, :py:data:`ACL_GROUP_OBJ`, and \n"
463 ":py:data:`ACL_OTHER` tag types. Entries\n"
464 "with :py:data:`ACL_USER` and :py:data:`ACL_GROUP` tag types may\n"
465 "appear zero or more\n"
466 "times in an ACL. An ACL that contains entries of :py:data:`ACL_USER` or\n"
467 ":py:data:`ACL_GROUP` tag types must contain exactly one entry of the \n"
468 ":py:data:`ACL_MASK` tag type. If an ACL contains no entries of\n"
469 ":py:data:`ACL_USER` or :py:data:`ACL_GROUP` tag types, the\n"
470 ":py:data:`ACL_MASK` entry is optional.\n"
472 "All user ID qualifiers must be unique among all entries of\n"
473 "the :py:data:`ACL_USER` tag type, and all group IDs must be unique\n"
474 "among all entries of :py:data:`ACL_GROUP` tag type.\n"
476 "The method will return 1 for a valid ACL and 0 for an invalid one.\n"
477 "This has been chosen because the specification for\n"
478 ":manpage:`acl_valid(3)`\n"
479 "in the POSIX.1e standard documents only one possible value for errno\n"
480 "in case of an invalid ACL, so we can't differentiate between\n"
481 "classes of errors. Other suggestions are welcome.\n"
487 /* Checks the ACL for validity */
488 static PyObject* ACL_valid(PyObject* obj, PyObject* args) {
489 ACL_Object *self = (ACL_Object*) obj;
491 if(acl_valid(self->acl) == -1) {
498 #ifdef HAVE_ACL_COPY_EXT
499 static PyObject* ACL_get_state(PyObject *obj, PyObject* args) {
500 ACL_Object *self = (ACL_Object*) obj;
505 size = acl_size(self->acl);
507 return PyErr_SetFromErrno(PyExc_IOError);
509 if((ret = PyBytes_FromStringAndSize(NULL, size)) == NULL)
511 buf = PyBytes_AsString(ret);
513 if((nsize = acl_copy_ext(buf, self->acl, size)) == -1) {
515 return PyErr_SetFromErrno(PyExc_IOError);
521 static PyObject* ACL_set_state(PyObject *obj, PyObject* args) {
522 ACL_Object *self = (ACL_Object*) obj;
527 /* Parse the argument */
528 if (!PyArg_ParseTuple(args, "s#", &buf, &bufsize))
531 /* Try to import the external representation */
532 if((ptr = acl_copy_int(buf)) == NULL)
533 return PyErr_SetFromErrno(PyExc_IOError);
535 /* Free the old acl. Should we ignore errors here? */
536 if(self->acl != NULL) {
537 if(acl_free(self->acl) == -1)
538 return PyErr_SetFromErrno(PyExc_IOError);
543 /* Return the result */
551 /* tp_iter for the ACL type; since it can be iterated only
552 * destructively, the type is its iterator
554 static PyObject* ACL_iter(PyObject *obj) {
555 ACL_Object *self = (ACL_Object*)obj;
556 self->entry_id = ACL_FIRST_ENTRY;
561 /* the tp_iternext function for the ACL type */
562 static PyObject* ACL_iternext(PyObject *obj) {
563 ACL_Object *self = (ACL_Object*)obj;
564 acl_entry_t the_entry_t;
565 Entry_Object *the_entry_obj;
568 nerr = acl_get_entry(self->acl, self->entry_id, &the_entry_t);
569 self->entry_id = ACL_NEXT_ENTRY;
571 return PyErr_SetFromErrno(PyExc_IOError);
573 /* Docs says this is not needed */
574 /*PyErr_SetObject(PyExc_StopIteration, Py_None);*/
578 the_entry_obj = (Entry_Object*) PyType_GenericNew(&Entry_Type, NULL, NULL);
579 if(the_entry_obj == NULL)
582 the_entry_obj->entry = the_entry_t;
584 the_entry_obj->parent_acl = obj;
585 Py_INCREF(obj); /* For the reference we have in entry->parent */
587 return (PyObject*)the_entry_obj;
590 static char __ACL_delete_entry_doc__[] =
591 "delete_entry(entry)\n"
592 "Deletes an entry from the ACL.\n"
594 ".. note:: Only available with level 2.\n"
596 ":param entry: the Entry object which should be deleted; note that after\n"
597 " this function is called, that object is unusable any longer\n"
598 " and should be deleted\n"
601 /* Deletes an entry from the ACL */
602 static PyObject* ACL_delete_entry(PyObject *obj, PyObject *args) {
603 ACL_Object *self = (ACL_Object*)obj;
606 if (!PyArg_ParseTuple(args, "O!", &Entry_Type, &e))
609 if(acl_delete_entry(self->acl, e->entry) == -1)
610 return PyErr_SetFromErrno(PyExc_IOError);
612 /* Return the result */
617 static char __ACL_calc_mask_doc__[] =
618 "Compute the file group class mask.\n"
620 "The calc_mask() method calculates and sets the permissions \n"
621 "associated with the :py:data:`ACL_MASK` Entry of the ACL.\n"
622 "The value of the new permissions is the union of the permissions \n"
623 "granted by all entries of tag type :py:data:`ACL_GROUP`, \n"
624 ":py:data:`ACL_GROUP_OBJ`, or \n"
625 ":py:data:`ACL_USER`. If the ACL already contains an :py:data:`ACL_MASK`\n"
627 "permissions are overwritten; if it does not contain an \n"
628 ":py:data:`ACL_MASK` Entry, one is added.\n"
630 "The order of existing entries in the ACL is undefined after this \n"
634 /* Updates the mask entry in the ACL */
635 static PyObject* ACL_calc_mask(PyObject *obj, PyObject *args) {
636 ACL_Object *self = (ACL_Object*)obj;
638 if(acl_calc_mask(&self->acl) == -1)
639 return PyErr_SetFromErrno(PyExc_IOError);
641 /* Return the result */
646 static char __ACL_append_doc__[] =
648 "Append a new Entry to the ACL and return it.\n"
650 "This is a convenience function to create a new Entry \n"
651 "and append it to the ACL.\n"
652 "If a parameter of type Entry instance is given, the \n"
653 "entry will be a copy of that one (as if copied with \n"
654 ":py:func:`Entry.copy`), otherwise, the new entry will be empty.\n"
656 ":rtype: :py:class:`Entry`\n"
657 ":returns: the newly created entry\n"
660 /* Convenience method to create a new Entry */
661 static PyObject* ACL_append(PyObject *obj, PyObject *args) {
662 ACL_Object* self = (ACL_Object*) obj;
663 Entry_Object* newentry;
664 Entry_Object* oldentry = NULL;
667 newentry = (Entry_Object*)PyType_GenericNew(&Entry_Type, NULL, NULL);
668 if(newentry == NULL) {
672 if (!PyArg_ParseTuple(args, "|O!", &Entry_Type, &oldentry)) {
677 nret = acl_create_entry(&self->acl, &newentry->entry);
680 return PyErr_SetFromErrno(PyExc_IOError);
683 if(oldentry != NULL) {
684 nret = acl_copy_entry(newentry->entry, oldentry->entry);
687 return PyErr_SetFromErrno(PyExc_IOError);
691 newentry->parent_acl = obj;
694 return (PyObject*)newentry;
697 /***** Entry type *****/
707 /* Pre-declaring the function is more friendly to cpychecker, sigh. */
708 static int get_tag_qualifier(acl_entry_t entry, tag_qual *tq)
709 CPYCHECKER_NEGATIVE_RESULT_SETS_EXCEPTION;
711 /* Helper function to get the tag and qualifier of an Entry at the
712 same time. This is "needed" because the acl_get_qualifier function
713 returns a pointer to different types, based on the tag value, and
714 thus it's not straightforward to get the right type.
716 It sets a Python exception if an error occurs, and returns -1 in
717 this case. If successful, the tag is set to the tag type, the
718 qualifier (if any) to either the uid or the gid entry in the
719 tag_qual structure, and the return value is 0.
721 static int get_tag_qualifier(acl_entry_t entry, tag_qual *tq) {
724 if(acl_get_tag_type(entry, &tq->tag) == -1) {
725 PyErr_SetFromErrno(PyExc_IOError);
728 if (tq->tag == ACL_USER || tq->tag == ACL_GROUP) {
729 if((p = acl_get_qualifier(entry)) == NULL) {
730 PyErr_SetFromErrno(PyExc_IOError);
733 if (tq->tag == ACL_USER) {
734 tq->uid = *(uid_t*)p;
736 tq->gid = *(gid_t*)p;
743 /* Creation of a new Entry instance */
744 static PyObject* Entry_new(PyTypeObject* type, PyObject* args,
748 newentry = PyType_GenericNew(type, args, keywds);
750 if(newentry != NULL) {
751 ((Entry_Object*)newentry)->entry = NULL;
752 ((Entry_Object*)newentry)->parent_acl = NULL;
758 /* Initialization of a new Entry instance */
759 static int Entry_init(PyObject* obj, PyObject* args, PyObject *keywds) {
760 Entry_Object* self = (Entry_Object*) obj;
761 ACL_Object* parent = NULL;
763 if (!PyArg_ParseTuple(args, "O!", &ACL_Type, &parent))
766 if(acl_create_entry(&parent->acl, &self->entry) == -1) {
767 PyErr_SetFromErrno(PyExc_IOError);
771 self->parent_acl = (PyObject*)parent;
777 /* Free the Entry instance */
778 static void Entry_dealloc(PyObject* obj) {
779 Entry_Object *self = (Entry_Object*) obj;
780 PyObject *err_type, *err_value, *err_traceback;
781 int have_error = PyErr_Occurred() ? 1 : 0;
784 PyErr_Fetch(&err_type, &err_value, &err_traceback);
785 if(self->parent_acl != NULL) {
786 Py_DECREF(self->parent_acl);
787 self->parent_acl = NULL;
790 PyErr_Restore(err_type, err_value, err_traceback);
794 /* Converts the entry to a text format */
795 static PyObject* Entry_str(PyObject *obj) {
796 PyObject *format, *kind;
797 Entry_Object *self = (Entry_Object*) obj;
800 if(get_tag_qualifier(self->entry, &tq) < 0) {
804 format = MyString_FromString("ACL entry for ");
808 case ACL_UNDEFINED_TAG:
809 kind = MyString_FromString("undefined type");
812 kind = MyString_FromString("the owner");
815 kind = MyString_FromString("the group");
818 kind = MyString_FromString("the others");
821 /* FIXME: here and in the group case, we're formatting with
822 unsigned, because there's no way to automatically determine
823 the signed-ness of the types; on Linux(glibc) they're
824 unsigned, so we'll go along with that */
825 kind = MyString_FromFormat("user with uid %u", tq.uid);
828 kind = MyString_FromFormat("group with gid %u", tq.gid);
831 kind = MyString_FromString("the mask");
834 kind = MyString_FromString("UNKNOWN_TAG_TYPE!");
841 MyString_ConcatAndDel(&format, kind);
845 /* Sets the tag type of the entry */
846 static int Entry_set_tag_type(PyObject* obj, PyObject* value, void* arg) {
847 Entry_Object *self = (Entry_Object*) obj;
850 PyErr_SetString(PyExc_TypeError,
851 "tag type deletion is not supported");
855 if(!PyInt_Check(value)) {
856 PyErr_SetString(PyExc_TypeError,
857 "tag type must be integer");
860 if(acl_set_tag_type(self->entry, (acl_tag_t)PyInt_AsLong(value)) == -1) {
861 PyErr_SetFromErrno(PyExc_IOError);
868 /* Returns the tag type of the entry */
869 static PyObject* Entry_get_tag_type(PyObject *obj, void* arg) {
870 Entry_Object *self = (Entry_Object*) obj;
873 if (self->entry == NULL) {
874 PyErr_SetString(PyExc_AttributeError, "entry attribute");
877 if(acl_get_tag_type(self->entry, &value) == -1) {
878 PyErr_SetFromErrno(PyExc_IOError);
882 return PyInt_FromLong(value);
885 /* Sets the qualifier (either uid_t or gid_t) for the entry,
886 * usable only if the tag type if ACL_USER or ACL_GROUP
888 static int Entry_set_qualifier(PyObject* obj, PyObject* value, void* arg) {
889 Entry_Object *self = (Entry_Object*) obj;
897 PyErr_SetString(PyExc_TypeError,
898 "qualifier deletion is not supported");
902 if(!PyInt_Check(value)) {
903 PyErr_SetString(PyExc_TypeError,
904 "qualifier must be integer");
907 if((uidgid = PyInt_AsLong(value)) == -1) {
908 if(PyErr_Occurred() != NULL) {
912 /* Due to how acl_set_qualifier takes its argument, we have to do
913 this ugly dance with two variables and a pointer that will
914 point to one of them. */
915 if(acl_get_tag_type(self->entry, &tag) == -1) {
916 PyErr_SetFromErrno(PyExc_IOError);
923 if((long)uid != uidgid) {
924 PyErr_SetString(PyExc_OverflowError, "cannot assign given qualifier");
931 if((long)gid != uidgid) {
932 PyErr_SetString(PyExc_OverflowError, "cannot assign given qualifier");
939 PyErr_SetString(PyExc_TypeError,
940 "can only set qualifiers on ACL_USER or ACL_GROUP entries");
943 if(acl_set_qualifier(self->entry, p) == -1) {
944 PyErr_SetFromErrno(PyExc_IOError);
951 /* Returns the qualifier of the entry */
952 static PyObject* Entry_get_qualifier(PyObject *obj, void* arg) {
953 Entry_Object *self = (Entry_Object*) obj;
957 if (self->entry == NULL) {
958 PyErr_SetString(PyExc_AttributeError, "entry attribute");
961 if(get_tag_qualifier(self->entry, &tq) < 0) {
964 if (tq.tag == ACL_USER) {
966 } else if (tq.tag == ACL_GROUP) {
969 PyErr_SetString(PyExc_TypeError,
970 "given entry doesn't have an user or"
974 return PyInt_FromLong(value);
977 /* Returns the parent ACL of the entry */
978 static PyObject* Entry_get_parent(PyObject *obj, void* arg) {
979 Entry_Object *self = (Entry_Object*) obj;
981 Py_INCREF(self->parent_acl);
982 return self->parent_acl;
985 /* Returns the a new Permset representing the permset of the entry
986 * FIXME: Should return a new reference to the same object, which
987 * should be created at init time!
989 static PyObject* Entry_get_permset(PyObject *obj, void* arg) {
990 Entry_Object *self = (Entry_Object*)obj;
994 p = Permset_new(&Permset_Type, NULL, NULL);
997 ps = (Permset_Object*)p;
998 if(acl_get_permset(self->entry, &ps->permset) == -1) {
999 PyErr_SetFromErrno(PyExc_IOError);
1003 ps->parent_entry = obj;
1006 return (PyObject*)p;
1009 /* Sets the permset of the entry to the passed Permset */
1010 static int Entry_set_permset(PyObject* obj, PyObject* value, void* arg) {
1011 Entry_Object *self = (Entry_Object*)obj;
1014 if(!PyObject_IsInstance(value, (PyObject*)&Permset_Type)) {
1015 PyErr_SetString(PyExc_TypeError, "argument 1 must be posix1e.Permset");
1018 p = (Permset_Object*)value;
1019 if(acl_set_permset(self->entry, p->permset) == -1) {
1020 PyErr_SetFromErrno(PyExc_IOError);
1026 static char __Entry_copy_doc__[] =
1028 "Copies an ACL entry.\n"
1030 "This method sets all the parameters to those of another\n"
1031 "entry (either of the same ACL or belonging to another ACL).\n"
1033 ":param Entry src: instance of type Entry\n"
1036 /* Sets all the entry parameters to another entry */
1037 static PyObject* Entry_copy(PyObject *obj, PyObject *args) {
1038 Entry_Object *self = (Entry_Object*)obj;
1039 Entry_Object *other;
1041 if(!PyArg_ParseTuple(args, "O!", &Entry_Type, &other))
1044 if(acl_copy_entry(self->entry, other->entry) == -1)
1045 return PyErr_SetFromErrno(PyExc_IOError);
1051 /**** Permset type *****/
1053 /* Creation of a new Permset instance */
1054 static PyObject* Permset_new(PyTypeObject* type, PyObject* args,
1056 PyObject* newpermset;
1058 newpermset = PyType_GenericNew(type, args, keywds);
1060 if(newpermset != NULL) {
1061 ((Permset_Object*)newpermset)->permset = NULL;
1062 ((Permset_Object*)newpermset)->parent_entry = NULL;
1068 /* Initialization of a new Permset instance */
1069 static int Permset_init(PyObject* obj, PyObject* args, PyObject *keywds) {
1070 Permset_Object* self = (Permset_Object*) obj;
1071 Entry_Object* parent = NULL;
1073 if (!PyArg_ParseTuple(args, "O!", &Entry_Type, &parent))
1076 if(acl_get_permset(parent->entry, &self->permset) == -1) {
1077 PyErr_SetFromErrno(PyExc_IOError);
1081 self->parent_entry = (PyObject*)parent;
1087 /* Free the Permset instance */
1088 static void Permset_dealloc(PyObject* obj) {
1089 Permset_Object *self = (Permset_Object*) obj;
1090 PyObject *err_type, *err_value, *err_traceback;
1091 int have_error = PyErr_Occurred() ? 1 : 0;
1094 PyErr_Fetch(&err_type, &err_value, &err_traceback);
1095 if(self->parent_entry != NULL) {
1096 Py_DECREF(self->parent_entry);
1097 self->parent_entry = NULL;
1100 PyErr_Restore(err_type, err_value, err_traceback);
1104 /* Permset string representation */
1105 static PyObject* Permset_str(PyObject *obj) {
1106 Permset_Object *self = (Permset_Object*) obj;
1109 pstr[0] = get_perm(self->permset, ACL_READ) ? 'r' : '-';
1110 pstr[1] = get_perm(self->permset, ACL_WRITE) ? 'w' : '-';
1111 pstr[2] = get_perm(self->permset, ACL_EXECUTE) ? 'x' : '-';
1112 return MyString_FromStringAndSize(pstr, 3);
1115 static char __Permset_clear_doc__[] =
1116 "Clears all permissions from the permission set.\n"
1119 /* Clears all permissions from the permset */
1120 static PyObject* Permset_clear(PyObject* obj, PyObject* args) {
1121 Permset_Object *self = (Permset_Object*) obj;
1123 if(acl_clear_perms(self->permset) == -1)
1124 return PyErr_SetFromErrno(PyExc_IOError);
1126 /* Return the result */
1131 static PyObject* Permset_get_right(PyObject *obj, void* arg) {
1132 Permset_Object *self = (Permset_Object*) obj;
1134 if(get_perm(self->permset, *(acl_perm_t*)arg)) {
1141 static int Permset_set_right(PyObject* obj, PyObject* value, void* arg) {
1142 Permset_Object *self = (Permset_Object*) obj;
1146 if(!PyInt_Check(value)) {
1147 PyErr_SetString(PyExc_ValueError, "a maximum of one argument must"
1151 on = PyInt_AsLong(value);
1153 nerr = acl_add_perm(self->permset, *(acl_perm_t*)arg);
1155 nerr = acl_delete_perm(self->permset, *(acl_perm_t*)arg);
1157 PyErr_SetFromErrno(PyExc_IOError);
1163 static char __Permset_add_doc__[] =
1165 "Add a permission to the permission set.\n"
1167 "This function adds the permission contained in \n"
1168 "the argument perm to the permission set. An attempt \n"
1169 "to add a permission that is already contained in the \n"
1170 "permission set is not considered an error.\n"
1172 ":param perm: a permission (:py:data:`ACL_WRITE`, :py:data:`ACL_READ`,\n"
1173 " :py:data:`ACL_EXECUTE`, ...)\n"
1174 ":raises IOError: in case the argument is not a valid descriptor\n"
1177 static PyObject* Permset_add(PyObject* obj, PyObject* args) {
1178 Permset_Object *self = (Permset_Object*) obj;
1181 if (!PyArg_ParseTuple(args, "i", &right))
1184 if(acl_add_perm(self->permset, (acl_perm_t) right) == -1)
1185 return PyErr_SetFromErrno(PyExc_IOError);
1187 /* Return the result */
1192 static char __Permset_delete_doc__[] =
1194 "Delete a permission from the permission set.\n"
1196 "This function deletes the permission contained in \n"
1197 "the argument perm from the permission set. An attempt \n"
1198 "to delete a permission that is not contained in the \n"
1199 "permission set is not considered an error.\n"
1201 ":param perm: a permission (:py:data:`ACL_WRITE`, :py:data:`ACL_READ`,\n"
1202 " :py:data:`ACL_EXECUTE`, ...)\n"
1203 ":raises IOError: in case the argument is not a valid descriptor\n"
1206 static PyObject* Permset_delete(PyObject* obj, PyObject* args) {
1207 Permset_Object *self = (Permset_Object*) obj;
1210 if (!PyArg_ParseTuple(args, "i", &right))
1213 if(acl_delete_perm(self->permset, (acl_perm_t) right) == -1)
1214 return PyErr_SetFromErrno(PyExc_IOError);
1216 /* Return the result */
1221 static char __Permset_test_doc__[] =
1223 "Test if a permission exists in the permission set.\n"
1225 "The test() function tests if the permission represented by\n"
1226 "the argument perm exists in the permission set.\n"
1228 ":param perm: a permission (:py:data:`ACL_WRITE`, :py:data:`ACL_READ`,\n"
1229 " :py:data:`ACL_EXECUTE`, ...)\n"
1231 ":raises IOError: in case the argument is not a valid descriptor\n"
1234 static PyObject* Permset_test(PyObject* obj, PyObject* args) {
1235 Permset_Object *self = (Permset_Object*) obj;
1239 if (!PyArg_ParseTuple(args, "i", &right))
1242 ret = get_perm(self->permset, (acl_perm_t) right);
1244 return PyErr_SetFromErrno(PyExc_IOError);
1255 static char __ACL_Type_doc__[] =
1256 "Type which represents a POSIX ACL\n"
1258 ".. note:: only one keyword parameter should be provided\n"
1260 ":param string file: creates an ACL representing\n"
1261 " the access ACL of the specified file\n"
1262 ":param string filedef: creates an ACL representing\n"
1263 " the default ACL of the given directory\n"
1264 ":param int fd: creates an ACL representing\n"
1265 " the access ACL of the given file descriptor\n"
1266 ":param string text: creates an ACL from a \n"
1267 " textual description\n"
1268 ":param ACL acl: creates a copy of an existing ACL instance\n"
1269 ":param int mode: creates an ACL from a numeric mode\n"
1270 " (e.g. mode=0644) (this is valid only when the C library\n"
1271 " provides the acl_from_mode call)\n"
1273 "If no parameters are passed, an empty ACL will be created; this\n"
1274 "makes sense only when your OS supports ACL modification\n"
1275 "(i.e. it implements full POSIX.1e support), otherwise the ACL won't\n"
1279 /* ACL type methods */
1280 static PyMethodDef ACL_methods[] = {
1281 {"applyto", ACL_applyto, METH_VARARGS, __applyto_doc__},
1282 {"valid", ACL_valid, METH_NOARGS, __valid_doc__},
1284 {"to_any_text", (PyCFunction)ACL_to_any_text, METH_VARARGS | METH_KEYWORDS,
1285 __to_any_text_doc__},
1286 {"check", ACL_check, METH_NOARGS, __check_doc__},
1287 {"equiv_mode", ACL_equiv_mode, METH_NOARGS, __equiv_mode_doc__},
1289 #ifdef HAVE_ACL_COPYEXT
1290 {"__getstate__", ACL_get_state, METH_NOARGS,
1291 "Dumps the ACL to an external format."},
1292 {"__setstate__", ACL_set_state, METH_VARARGS,
1293 "Loads the ACL from an external format."},
1296 {"delete_entry", ACL_delete_entry, METH_VARARGS, __ACL_delete_entry_doc__},
1297 {"calc_mask", ACL_calc_mask, METH_NOARGS, __ACL_calc_mask_doc__},
1298 {"append", ACL_append, METH_VARARGS, __ACL_append_doc__},
1300 {NULL, NULL, 0, NULL}
1304 /* The definition of the ACL Type */
1305 static PyTypeObject ACL_Type = {
1307 PyVarObject_HEAD_INIT(NULL, 0)
1309 PyObject_HEAD_INIT(NULL)
1315 ACL_dealloc, /* tp_dealloc */
1319 ACL_nocmp, /* tp_compare */
1321 0, /* tp_as_number */
1322 0, /* tp_as_sequence */
1323 0, /* tp_as_mapping */
1326 ACL_str, /* tp_str */
1327 0, /* tp_getattro */
1328 0, /* tp_setattro */
1329 0, /* tp_as_buffer */
1330 Py_TPFLAGS_DEFAULT, /* tp_flags */
1331 __ACL_Type_doc__, /* tp_doc */
1332 0, /* tp_traverse */
1335 ACL_richcompare, /* tp_richcompare */
1337 0, /* tp_richcompare */
1339 0, /* tp_weaklistoffset */
1345 0, /* tp_iternext */
1347 ACL_methods, /* tp_methods */
1352 0, /* tp_descr_get */
1353 0, /* tp_descr_set */
1354 0, /* tp_dictoffset */
1355 ACL_init, /* tp_init */
1357 ACL_new, /* tp_new */
1362 /* Entry type methods */
1363 static PyMethodDef Entry_methods[] = {
1364 {"copy", Entry_copy, METH_VARARGS, __Entry_copy_doc__},
1365 {NULL, NULL, 0, NULL}
1368 static char __Entry_tagtype_doc__[] =
1369 "The tag type of the current entry\n"
1372 " - :py:data:`ACL_UNDEFINED_TAG`\n"
1373 " - :py:data:`ACL_USER_OBJ`\n"
1374 " - :py:data:`ACL_USER`\n"
1375 " - :py:data:`ACL_GROUP_OBJ`\n"
1376 " - :py:data:`ACL_GROUP`\n"
1377 " - :py:data:`ACL_MASK`\n"
1378 " - :py:data:`ACL_OTHER`\n"
1381 static char __Entry_qualifier_doc__[] =
1382 "The qualifier of the current entry\n"
1384 "If the tag type is :py:data:`ACL_USER`, this should be a user id.\n"
1385 "If the tag type if :py:data:`ACL_GROUP`, this should be a group id.\n"
1386 "Else it doesn't matter.\n"
1389 static char __Entry_parent_doc__[] =
1390 "The parent ACL of this entry\n"
1393 static char __Entry_permset_doc__[] =
1394 "The permission set of this ACL entry\n"
1398 static PyGetSetDef Entry_getsets[] = {
1399 {"tag_type", Entry_get_tag_type, Entry_set_tag_type,
1400 __Entry_tagtype_doc__},
1401 {"qualifier", Entry_get_qualifier, Entry_set_qualifier,
1402 __Entry_qualifier_doc__},
1403 {"parent", Entry_get_parent, NULL, __Entry_parent_doc__},
1404 {"permset", Entry_get_permset, Entry_set_permset, __Entry_permset_doc__},
1408 static char __Entry_Type_doc__[] =
1409 "Type which represents an entry in an ACL.\n"
1411 "The type exists only if the OS has full support for POSIX.1e\n"
1412 "Can be created either by:\n"
1414 " >>> e = posix1e.Entry(myACL) # this creates a new entry in the ACL\n"
1415 " >>> e = myACL.append() # another way for doing the same thing\n"
1419 " >>> for entry in myACL:\n"
1420 " ... print entry\n"
1422 "Note that the Entry keeps a reference to its ACL, so even if \n"
1423 "you delete the ACL, it won't be cleaned up and will continue to \n"
1424 "exist until its Entry(ies) will be deleted.\n"
1426 /* The definition of the Entry Type */
1427 static PyTypeObject Entry_Type = {
1429 PyVarObject_HEAD_INIT(NULL, 0)
1431 PyObject_HEAD_INIT(NULL)
1435 sizeof(Entry_Object),
1437 Entry_dealloc, /* tp_dealloc */
1443 0, /* tp_as_number */
1444 0, /* tp_as_sequence */
1445 0, /* tp_as_mapping */
1448 Entry_str, /* tp_str */
1449 0, /* tp_getattro */
1450 0, /* tp_setattro */
1451 0, /* tp_as_buffer */
1452 Py_TPFLAGS_DEFAULT, /* tp_flags */
1453 __Entry_Type_doc__, /* tp_doc */
1454 0, /* tp_traverse */
1456 0, /* tp_richcompare */
1457 0, /* tp_weaklistoffset */
1459 0, /* tp_iternext */
1460 Entry_methods, /* tp_methods */
1462 Entry_getsets, /* tp_getset */
1465 0, /* tp_descr_get */
1466 0, /* tp_descr_set */
1467 0, /* tp_dictoffset */
1468 Entry_init, /* tp_init */
1470 Entry_new, /* tp_new */
1473 /* Permset type methods */
1474 static PyMethodDef Permset_methods[] = {
1475 {"clear", Permset_clear, METH_NOARGS, __Permset_clear_doc__, },
1476 {"add", Permset_add, METH_VARARGS, __Permset_add_doc__, },
1477 {"delete", Permset_delete, METH_VARARGS, __Permset_delete_doc__, },
1478 {"test", Permset_test, METH_VARARGS, __Permset_test_doc__, },
1479 {NULL, NULL, 0, NULL}
1482 static char __Permset_execute_doc__[] =
1483 "Execute permission property\n"
1485 "This is a convenience method of retrieving and setting the execute\n"
1486 "permission in the permission set; the \n"
1487 "same effect can be achieved using the functions\n"
1488 "add(), test(), delete(), and those can take any \n"
1489 "permission defined by your platform.\n"
1492 static char __Permset_read_doc__[] =
1493 "Read permission property\n"
1495 "This is a convenience method of retrieving and setting the read\n"
1496 "permission in the permission set; the \n"
1497 "same effect can be achieved using the functions\n"
1498 "add(), test(), delete(), and those can take any \n"
1499 "permission defined by your platform.\n"
1502 static char __Permset_write_doc__[] =
1503 "Write permission property\n"
1505 "This is a convenience method of retrieving and setting the write\n"
1506 "permission in the permission set; the \n"
1507 "same effect can be achieved using the functions\n"
1508 "add(), test(), delete(), and those can take any \n"
1509 "permission defined by your platform.\n"
1512 /* Permset getset */
1513 static PyGetSetDef Permset_getsets[] = {
1514 {"execute", Permset_get_right, Permset_set_right,
1515 __Permset_execute_doc__, &holder_ACL_EXECUTE},
1516 {"read", Permset_get_right, Permset_set_right,
1517 __Permset_read_doc__, &holder_ACL_READ},
1518 {"write", Permset_get_right, Permset_set_right,
1519 __Permset_write_doc__, &holder_ACL_WRITE},
1523 static char __Permset_Type_doc__[] =
1524 "Type which represents the permission set in an ACL entry\n"
1526 "The type exists only if the OS has full support for POSIX.1e\n"
1527 "Can be retrieved either by:\n\n"
1528 ">>> perms = myEntry.permset\n"
1531 ">>> perms = posix1e.Permset(myEntry)\n"
1533 "Note that the Permset keeps a reference to its Entry, so even if \n"
1534 "you delete the entry, it won't be cleaned up and will continue to \n"
1535 "exist until its Permset will be deleted.\n"
1538 /* The definition of the Permset Type */
1539 static PyTypeObject Permset_Type = {
1541 PyVarObject_HEAD_INIT(NULL, 0)
1543 PyObject_HEAD_INIT(NULL)
1547 sizeof(Permset_Object),
1549 Permset_dealloc, /* tp_dealloc */
1555 0, /* tp_as_number */
1556 0, /* tp_as_sequence */
1557 0, /* tp_as_mapping */
1560 Permset_str, /* tp_str */
1561 0, /* tp_getattro */
1562 0, /* tp_setattro */
1563 0, /* tp_as_buffer */
1564 Py_TPFLAGS_DEFAULT, /* tp_flags */
1565 __Permset_Type_doc__,/* tp_doc */
1566 0, /* tp_traverse */
1568 0, /* tp_richcompare */
1569 0, /* tp_weaklistoffset */
1571 0, /* tp_iternext */
1572 Permset_methods, /* tp_methods */
1574 Permset_getsets, /* tp_getset */
1577 0, /* tp_descr_get */
1578 0, /* tp_descr_set */
1579 0, /* tp_dictoffset */
1580 Permset_init, /* tp_init */
1582 Permset_new, /* tp_new */
1587 /* Module methods */
1589 static char __deletedef_doc__[] =
1590 "delete_default(path)\n"
1591 "Delete the default ACL from a directory.\n"
1593 "This function deletes the default ACL associated with\n"
1594 "a directory (the ACL which will be ANDed with the mode\n"
1595 "parameter to the open, creat functions).\n"
1597 ":param string path: the directory whose default ACL should be deleted\n"
1600 /* Deletes the default ACL from a directory */
1601 static PyObject* aclmodule_delete_default(PyObject* obj, PyObject* args) {
1604 /* Parse the arguments */
1605 if (!PyArg_ParseTuple(args, "et", NULL, &filename))
1608 if(acl_delete_def_file(filename) == -1) {
1609 return PyErr_SetFromErrno(PyExc_IOError);
1612 /* Return the result */
1618 static char __has_extended_doc__[] =
1619 "has_extended(item)\n"
1620 "Check if a file or file handle has an extended ACL.\n"
1622 ":param item: either a file name or a file-like object or an integer;\n"
1623 " it represents the file-system object on which to act\n"
1626 /* Check for extended ACL a file or fd */
1627 static PyObject* aclmodule_has_extended(PyObject* obj, PyObject* args) {
1632 if (!PyArg_ParseTuple(args, "O", &myarg))
1635 if(PyBytes_Check(myarg)) {
1636 const char *filename = PyBytes_AS_STRING(myarg);
1637 nret = acl_extended_file(filename);
1638 } else if (PyUnicode_Check(myarg)) {
1640 PyUnicode_AsEncodedString(myarg,
1641 Py_FileSystemDefaultEncoding, "strict");
1644 const char *filename = PyBytes_AS_STRING(o);
1645 nret = acl_extended_file(filename);
1647 } else if((fd = PyObject_AsFileDescriptor(myarg)) != -1) {
1648 nret = acl_extended_fd(fd);
1650 PyErr_SetString(PyExc_TypeError, "argument 1 must be string, int,"
1651 " or file-like object");
1655 return PyErr_SetFromErrno(PyExc_IOError);
1658 /* Return the result */
1659 return PyBool_FromLong(nret);
1663 /* The module methods */
1664 static PyMethodDef aclmodule_methods[] = {
1665 {"delete_default", aclmodule_delete_default, METH_VARARGS,
1668 {"has_extended", aclmodule_has_extended, METH_VARARGS,
1669 __has_extended_doc__},
1671 {NULL, NULL, 0, NULL}
1674 static char __posix1e_doc__[] =
1675 "POSIX.1e ACLs manipulation\n"
1676 "==========================\n"
1678 "This module provides support for manipulating POSIX.1e ACLS\n"
1680 "Depending on the operating system support for POSIX.1e, \n"
1681 "the ACL type will have more or less capabilities:\n\n"
1682 " - level 1, only basic support, you can create\n"
1683 " ACLs from files and text descriptions;\n"
1684 " once created, the type is immutable\n"
1685 " - level 2, complete support, you can alter\n"
1686 " the ACL once it is created\n"
1688 "Also, in level 2, more types are available, corresponding\n"
1689 "to acl_entry_t (the Entry type), acl_permset_t (the Permset type).\n"
1691 "The existence of level 2 support and other extensions can be\n"
1692 "checked by the constants:\n\n"
1693 " - :py:data:`HAS_ACL_ENTRY` for level 2 and the Entry/Permset classes\n"
1694 " - :py:data:`HAS_ACL_FROM_MODE` for ``ACL(mode=...)`` usage\n"
1695 " - :py:data:`HAS_ACL_CHECK` for the :py:func:`ACL.check` function\n"
1696 " - :py:data:`HAS_EXTENDED_CHECK` for the module-level\n"
1697 " :py:func:`has_extended` function\n"
1698 " - :py:data:`HAS_EQUIV_MODE` for the :py:func:`ACL.equiv_mode` method\n"
1702 ">>> import posix1e\n"
1703 ">>> acl1 = posix1e.ACL(file=\"file.txt\") \n"
1709 ">>> b = posix1e.ACL(text=\"u::rx,g::-,o::-\")\n"
1715 ">>> b.applyto(\"file.txt\")\n"
1716 ">>> print posix1e.ACL(file=\"file.txt\")\n"
1722 ".. py:data:: ACL_USER\n\n"
1723 " Denotes a specific user entry in an ACL.\n"
1725 ".. py:data:: ACL_USER_OBJ\n\n"
1726 " Denotes the user owner entry in an ACL.\n"
1728 ".. py:data:: ACL_GROUP\n\n"
1729 " Denotes the a group entry in an ACL.\n"
1731 ".. py:data:: ACL_GROUP_OBJ\n\n"
1732 " Denotes the group owner entry in an ACL.\n"
1734 ".. py:data:: ACL_OTHER\n\n"
1735 " Denotes the 'others' entry in an ACL.\n"
1737 ".. py:data:: ACL_MASK\n\n"
1738 " Denotes the mask entry in an ACL, representing the maximum\n"
1739 " access granted other users, the owner group and other groups.\n"
1741 ".. py:data:: ACL_UNDEFINED_TAG\n\n"
1742 " An undefined tag in an ACL.\n"
1744 ".. py:data:: ACL_READ\n\n"
1745 " Read permission in a permission set.\n"
1747 ".. py:data:: ACL_WRITE\n\n"
1748 " Write permission in a permission set.\n"
1750 ".. py:data:: ACL_EXECUTE\n\n"
1751 " Execute permission in a permission set.\n"
1753 ".. py:data:: HAS_ACL_ENTRY\n\n"
1754 " denotes support for level 2 and the Entry/Permset classes\n"
1756 ".. py:data:: HAS_ACL_FROM_MODE\n\n"
1757 " denotes support for building an ACL from an octal mode\n"
1759 ".. py:data:: HAS_ACL_CHECK\n\n"
1760 " denotes support for extended checks of an ACL's validity\n"
1762 ".. py:data:: HAS_EXTENDED_CHECK\n\n"
1763 " denotes support for checking whether an ACL is basic or extended\n"
1765 ".. py:data:: HAS_EQUIV_MODE\n\n"
1766 " denotes support for the equiv_mode function\n"
1772 static struct PyModuleDef posix1emodule = {
1773 PyModuleDef_HEAD_INIT,
1780 #define INITERROR return NULL
1783 PyInit_posix1e(void)
1786 #define INITERROR return
1788 void initposix1e(void)
1793 Py_TYPE(&ACL_Type) = &PyType_Type;
1794 if(PyType_Ready(&ACL_Type) < 0)
1798 Py_TYPE(&Entry_Type) = &PyType_Type;
1799 if(PyType_Ready(&Entry_Type) < 0)
1802 Py_TYPE(&Permset_Type) = &PyType_Type;
1803 if(PyType_Ready(&Permset_Type) < 0)
1808 m = PyModule_Create(&posix1emodule);
1810 m = Py_InitModule3("posix1e", aclmodule_methods, __posix1e_doc__);
1815 d = PyModule_GetDict(m);
1819 Py_INCREF(&ACL_Type);
1820 if (PyDict_SetItemString(d, "ACL",
1821 (PyObject *) &ACL_Type) < 0)
1824 /* 23.3.6 acl_type_t values */
1825 PyModule_AddIntConstant(m, "ACL_TYPE_ACCESS", ACL_TYPE_ACCESS);
1826 PyModule_AddIntConstant(m, "ACL_TYPE_DEFAULT", ACL_TYPE_DEFAULT);
1830 Py_INCREF(&Entry_Type);
1831 if (PyDict_SetItemString(d, "Entry",
1832 (PyObject *) &Entry_Type) < 0)
1835 Py_INCREF(&Permset_Type);
1836 if (PyDict_SetItemString(d, "Permset",
1837 (PyObject *) &Permset_Type) < 0)
1840 /* 23.2.2 acl_perm_t values */
1841 PyModule_AddIntConstant(m, "ACL_READ", ACL_READ);
1842 PyModule_AddIntConstant(m, "ACL_WRITE", ACL_WRITE);
1843 PyModule_AddIntConstant(m, "ACL_EXECUTE", ACL_EXECUTE);
1845 /* 23.2.5 acl_tag_t values */
1846 PyModule_AddIntConstant(m, "ACL_UNDEFINED_TAG", ACL_UNDEFINED_TAG);
1847 PyModule_AddIntConstant(m, "ACL_USER_OBJ", ACL_USER_OBJ);
1848 PyModule_AddIntConstant(m, "ACL_USER", ACL_USER);
1849 PyModule_AddIntConstant(m, "ACL_GROUP_OBJ", ACL_GROUP_OBJ);
1850 PyModule_AddIntConstant(m, "ACL_GROUP", ACL_GROUP);
1851 PyModule_AddIntConstant(m, "ACL_MASK", ACL_MASK);
1852 PyModule_AddIntConstant(m, "ACL_OTHER", ACL_OTHER);
1854 /* Document extended functionality via easy-to-use constants */
1855 PyModule_AddIntConstant(m, "HAS_ACL_ENTRY", 1);
1857 PyModule_AddIntConstant(m, "HAS_ACL_ENTRY", 0);
1861 /* Linux libacl specific acl_to_any_text constants */
1862 PyModule_AddIntConstant(m, "TEXT_ABBREVIATE", TEXT_ABBREVIATE);
1863 PyModule_AddIntConstant(m, "TEXT_NUMERIC_IDS", TEXT_NUMERIC_IDS);
1864 PyModule_AddIntConstant(m, "TEXT_SOME_EFFECTIVE", TEXT_SOME_EFFECTIVE);
1865 PyModule_AddIntConstant(m, "TEXT_ALL_EFFECTIVE", TEXT_ALL_EFFECTIVE);
1866 PyModule_AddIntConstant(m, "TEXT_SMART_INDENT", TEXT_SMART_INDENT);
1868 /* Linux libacl specific acl_check constants */
1869 PyModule_AddIntConstant(m, "ACL_MULTI_ERROR", ACL_MULTI_ERROR);
1870 PyModule_AddIntConstant(m, "ACL_DUPLICATE_ERROR", ACL_DUPLICATE_ERROR);
1871 PyModule_AddIntConstant(m, "ACL_MISS_ERROR", ACL_MISS_ERROR);
1872 PyModule_AddIntConstant(m, "ACL_ENTRY_ERROR", ACL_ENTRY_ERROR);
1874 #define LINUX_EXT_VAL 1
1876 #define LINUX_EXT_VAL 0
1878 /* declare the Linux extensions */
1879 PyModule_AddIntConstant(m, "HAS_ACL_FROM_MODE", LINUX_EXT_VAL);
1880 PyModule_AddIntConstant(m, "HAS_ACL_CHECK", LINUX_EXT_VAL);
1881 PyModule_AddIntConstant(m, "HAS_EXTENDED_CHECK", LINUX_EXT_VAL);
1882 PyModule_AddIntConstant(m, "HAS_EQUIV_MODE", LINUX_EXT_VAL);