2 posix1e - a python module exposing the posix acl functions
4 Copyright (C) 2002-2009, 2012, 2014, 2015 Iustin Pop <iustin@k1024.org>
6 This library is free software; you can redistribute it and/or
7 modify it under the terms of the GNU Lesser General Public
8 License as published by the Free Software Foundation; either
9 version 2.1 of the License, or (at your option) any later version.
11 This library is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 Lesser General Public License for more details.
16 You should have received a copy of the GNU Lesser General Public
17 License along with this library; if not, write to the Free Software
18 Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
25 #include <sys/types.h>
29 #include <acl/libacl.h>
30 #define get_perm acl_get_perm
32 #define get_perm acl_get_perm_np
35 #if PY_MAJOR_VERSION >= 3
37 #define PyInt_Check(op) PyLong_Check(op)
38 #define PyInt_FromString PyLong_FromString
39 #define PyInt_FromUnicode PyLong_FromUnicode
40 #define PyInt_FromLong PyLong_FromLong
41 #define PyInt_FromSize_t PyLong_FromSize_t
42 #define PyInt_FromSsize_t PyLong_FromSsize_t
43 #define PyInt_AsLong PyLong_AsLong
44 #define PyInt_AsSsize_t PyLong_AsSsize_t
45 #define PyInt_AsUnsignedLongMask PyLong_AsUnsignedLongMask
46 #define PyInt_AsUnsignedLongLongMask PyLong_AsUnsignedLongLongMask
47 #define PyInt_AS_LONG PyLong_AS_LONG
48 #define MyString_ConcatAndDel PyUnicode_AppendAndDel
49 #define MyString_FromFormat PyUnicode_FromFormat
50 #define MyString_FromString PyUnicode_FromString
51 #define MyString_FromStringAndSize PyUnicode_FromStringAndSize
53 #define PyBytes_Check PyString_Check
54 #define PyBytes_AS_STRING PyString_AS_STRING
55 #define PyBytes_FromStringAndSize PyString_FromStringAndSize
56 #define PyBytes_FromString PyString_FromString
57 #define PyBytes_FromFormat PyString_FromFormat
58 #define PyBytes_ConcatAndDel PyString_ConcatAndDel
59 #define MyString_ConcatAndDel PyBytes_ConcatAndDel
60 #define MyString_FromFormat PyBytes_FromFormat
61 #define MyString_FromString PyBytes_FromString
62 #define MyString_FromStringAndSize PyBytes_FromStringAndSize
64 /* Python 2.6 already defines Py_TYPE */
66 #define Py_TYPE(o) (((PyObject*)(o))->ob_type)
70 /* Used for cpychecker: */
71 /* The checker automatically defines this preprocessor name when creating
72 the custom attribute: */
73 #if defined(WITH_CPYCHECKER_TYPE_OBJECT_FOR_TYPEDEF_ATTRIBUTE)
74 #define CPYCHECKER_TYPE_OBJECT_FOR_TYPEDEF(typename) \
75 __attribute__((cpychecker_type_object_for_typedef(typename)))
77 /* This handles the case where we're compiling with a "vanilla"
78 compiler that doesn't supply this attribute: */
79 #define CPYCHECKER_TYPE_OBJECT_FOR_TYPEDEF(typename)
82 static PyTypeObject ACL_Type
83 CPYCHECKER_TYPE_OBJECT_FOR_TYPEDEF("ACL_Object");
84 static PyObject* ACL_applyto(PyObject* obj, PyObject* args);
85 static PyObject* ACL_valid(PyObject* obj, PyObject* args);
87 #ifdef HAVE_ACL_COPY_EXT
88 static PyObject* ACL_get_state(PyObject *obj, PyObject* args);
89 static PyObject* ACL_set_state(PyObject *obj, PyObject* args);
93 static PyTypeObject Entry_Type
94 CPYCHECKER_TYPE_OBJECT_FOR_TYPEDEF("Entry_Object");
95 static PyTypeObject Permset_Type
96 CPYCHECKER_TYPE_OBJECT_FOR_TYPEDEF("Permset_Object");
97 static PyObject* Permset_new(PyTypeObject* type, PyObject* args,
101 static acl_perm_t holder_ACL_EXECUTE = ACL_EXECUTE;
102 static acl_perm_t holder_ACL_READ = ACL_READ;
103 static acl_perm_t holder_ACL_WRITE = ACL_WRITE;
117 PyObject *parent_acl; /* The parent acl, so it won't run out on us */
123 PyObject *parent_entry; /* The parent entry, so it won't run out on us */
124 acl_permset_t permset;
129 /* Creation of a new ACL instance */
130 static PyObject* ACL_new(PyTypeObject* type, PyObject* args,
134 newacl = type->tp_alloc(type, 0);
137 ((ACL_Object*)newacl)->acl = NULL;
139 ((ACL_Object*)newacl)->entry_id = ACL_FIRST_ENTRY;
146 /* Initialization of a new ACL instance */
147 static int ACL_init(PyObject* obj, PyObject* args, PyObject *keywds) {
148 ACL_Object* self = (ACL_Object*) obj;
150 static char *kwlist[] = { "file", "fd", "text", "acl", "filedef",
152 char *format = "|etisO!sH";
155 static char *kwlist[] = { "file", "fd", "text", "acl", "filedef", NULL };
156 char *format = "|etisO!s";
159 char *filedef = NULL;
162 ACL_Object* thesrc = NULL;
164 if(!PyTuple_Check(args) || PyTuple_Size(args) != 0 ||
165 (keywds != NULL && PyDict_Check(keywds) && PyDict_Size(keywds) > 1)) {
166 PyErr_SetString(PyExc_ValueError, "a max of one keyword argument"
170 if(!PyArg_ParseTupleAndKeywords(args, keywds, format, kwlist,
171 NULL, &file, &fd, &text, &ACL_Type,
179 /* Free the old acl_t without checking for error, we don't
181 if(self->acl != NULL)
185 self->acl = acl_get_file(file, ACL_TYPE_ACCESS);
186 else if(text != NULL)
187 self->acl = acl_from_text(text);
189 self->acl = acl_get_fd(fd);
190 else if(thesrc != NULL)
191 self->acl = acl_dup(thesrc->acl);
192 else if(filedef != NULL)
193 self->acl = acl_get_file(filedef, ACL_TYPE_DEFAULT);
195 else if(PyMapping_HasKeyString(keywds, kwlist[5]))
196 self->acl = acl_from_mode(mode);
199 self->acl = acl_init(0);
201 if(self->acl == NULL) {
202 PyErr_SetFromErrno(PyExc_IOError);
209 /* Standard type functions */
210 static void ACL_dealloc(PyObject* obj) {
211 ACL_Object *self = (ACL_Object*) obj;
212 PyObject *err_type, *err_value, *err_traceback;
213 int have_error = PyErr_Occurred() ? 1 : 0;
216 PyErr_Fetch(&err_type, &err_value, &err_traceback);
217 if(self->acl != NULL && acl_free(self->acl) != 0)
218 PyErr_WriteUnraisable(obj);
220 PyErr_Restore(err_type, err_value, err_traceback);
224 /* Converts the acl to a text format */
225 static PyObject* ACL_str(PyObject *obj) {
227 ACL_Object *self = (ACL_Object*) obj;
230 text = acl_to_text(self->acl, NULL);
232 return PyErr_SetFromErrno(PyExc_IOError);
234 ret = MyString_FromString(text);
235 if(acl_free(text) != 0) {
237 return PyErr_SetFromErrno(PyExc_IOError);
243 static char __to_any_text_doc__[] =
244 "to_any_text([prefix='', separator='n', options=0])\n"
245 "Convert the ACL to a custom text format.\n"
247 "This method encapsulates the ``acl_to_any_text()`` function.\n"
248 "It allows a customized text format to be generated for the ACL. See\n"
249 ":manpage:`acl_to_any_text(3)` for more details.\n"
251 ":param string prefix: if given, this string will be pre-pended to\n"
253 ":param string separator: a single character (defaults to '\\n'); this will"
254 " be used to separate the entries in the ACL\n"
255 ":param options: a bitwise combination of:\n\n"
256 " - :py:data:`TEXT_ABBREVIATE`: use 'u' instead of 'user', 'g' \n"
257 " instead of 'group', etc.\n"
258 " - :py:data:`TEXT_NUMERIC_IDS`: User and group IDs are included as\n"
259 " decimal numbers instead of names\n"
260 " - :py:data:`TEXT_SOME_EFFECTIVE`: Include comments denoting the\n"
261 " effective permissions when some are masked\n"
262 " - :py:data:`TEXT_ALL_EFFECTIVE`: Include comments after all ACL\n"
263 " entries affected by an ACL_MASK entry\n"
264 " - :py:data:`TEXT_SMART_INDENT`: Used in combination with the\n"
265 " _EFFECTIVE options, this will ensure that comments are aligned\n"
266 " to the fourth tab position (assuming one tab equals eight spaces)\n"
270 /* Converts the acl to a custom text format */
271 static PyObject* ACL_to_any_text(PyObject *obj, PyObject *args,
274 ACL_Object *self = (ACL_Object*) obj;
276 const char *arg_prefix = NULL;
277 char arg_separator = '\n';
279 static char *kwlist[] = {"prefix", "separator", "options", NULL};
281 if (!PyArg_ParseTupleAndKeywords(args, kwds, "|sci", kwlist, &arg_prefix,
282 &arg_separator, &arg_options))
285 text = acl_to_any_text(self->acl, arg_prefix, arg_separator, arg_options);
287 return PyErr_SetFromErrno(PyExc_IOError);
289 ret = PyBytes_FromString(text);
290 if(acl_free(text) != 0) {
292 return PyErr_SetFromErrno(PyExc_IOError);
297 static char __check_doc__[] =
298 "Check the ACL validity.\n"
300 "This is a non-portable, Linux specific extension that allow more\n"
301 "information to be retrieved in case an ACL is not valid than via the\n"
302 ":py:func:`valid` method.\n"
304 "This method will return either False (the ACL is valid), or a tuple\n"
305 "with two elements. The first element is one of the following\n"
307 " - :py:data:`ACL_MULTI_ERROR`: The ACL contains multiple entries that\n"
308 " have a tag type that may occur at most once\n"
309 " - :py:data:`ACL_DUPLICATE_ERROR`: The ACL contains multiple \n"
310 " :py:data:`ACL_USER` or :py:data:`ACL_GROUP` entries with the\n"
312 " - :py:data:`ACL_MISS_ERROR`: A required entry is missing\n"
313 " - :py:data:`ACL_ENTRY_ERROR`: The ACL contains an invalid entry\n"
316 "The second element of the tuple is the index of the entry that is\n"
317 "invalid (in the same order as by iterating over the ACL entry)\n"
320 /* The acl_check method */
321 static PyObject* ACL_check(PyObject* obj, PyObject* args) {
322 ACL_Object *self = (ACL_Object*) obj;
326 if((result = acl_check(self->acl, &eindex)) == -1)
327 return PyErr_SetFromErrno(PyExc_IOError);
331 return Py_BuildValue("(ii)", result, eindex);
334 /* Implementation of the rich compare for ACLs */
335 static PyObject* ACL_richcompare(PyObject* o1, PyObject* o2, int op) {
336 ACL_Object *acl1, *acl2;
340 if(!PyObject_IsInstance(o2, (PyObject*)&ACL_Type)) {
345 PyErr_SetString(PyExc_TypeError, "can only compare to an ACL");
349 acl1 = (ACL_Object*)o1;
350 acl2 = (ACL_Object*)o2;
351 if((n=acl_cmp(acl1->acl, acl2->acl))==-1)
352 return PyErr_SetFromErrno(PyExc_IOError);
355 ret = n == 0 ? Py_True : Py_False;
358 ret = n == 1 ? Py_True : Py_False;
361 ret = Py_NotImplemented;
367 static char __equiv_mode_doc__[] =
368 "Return the octal mode the ACL is equivalent to.\n"
370 "This is a non-portable, Linux specific extension that checks\n"
371 "if the ACL is a basic ACL and returns the corresponding mode.\n"
374 ":raise IOError: An IOerror exception will be raised if the ACL is\n"
375 " an extended ACL.\n"
378 /* The acl_equiv_mode method */
379 static PyObject* ACL_equiv_mode(PyObject* obj, PyObject* args) {
380 ACL_Object *self = (ACL_Object*) obj;
383 if(acl_equiv_mode(self->acl, &mode) == -1)
384 return PyErr_SetFromErrno(PyExc_IOError);
385 return PyInt_FromLong(mode);
389 /* Implementation of the compare for ACLs */
390 static int ACL_nocmp(PyObject* o1, PyObject* o2) {
392 PyErr_SetString(PyExc_TypeError, "cannot compare ACLs using cmp()");
397 static char __applyto_doc__[] =
398 "applyto(item[, flag=ACL_TYPE_ACCESS])\n"
399 "Apply the ACL to a file or filehandle.\n"
401 ":param item: either a filename or a file-like object or an integer;\n"
402 " this represents the filesystem object on which to act\n"
403 ":param flag: optional flag representing the type of ACL to set, either\n"
404 " :py:data:`ACL_TYPE_ACCESS` (default) or :py:data:`ACL_TYPE_DEFAULT`\n"
407 /* Applies the ACL to a file */
408 static PyObject* ACL_applyto(PyObject* obj, PyObject* args) {
409 ACL_Object *self = (ACL_Object*) obj;
411 acl_type_t type = ACL_TYPE_ACCESS;
415 if (!PyArg_ParseTuple(args, "O|I", &myarg, &type))
418 if(PyBytes_Check(myarg)) {
419 char *filename = PyBytes_AS_STRING(myarg);
420 nret = acl_set_file(filename, type, self->acl);
421 } else if (PyUnicode_Check(myarg)) {
423 PyUnicode_AsEncodedString(myarg,
424 Py_FileSystemDefaultEncoding, "strict");
427 const char *filename = PyBytes_AS_STRING(o);
428 nret = acl_set_file(filename, type, self->acl);
430 } else if((fd = PyObject_AsFileDescriptor(myarg)) != -1) {
431 nret = acl_set_fd(fd, self->acl);
433 PyErr_SetString(PyExc_TypeError, "argument 1 must be string, int,"
434 " or file-like object");
438 return PyErr_SetFromErrno(PyExc_IOError);
441 /* Return the result */
446 static char __valid_doc__[] =
447 "Test the ACL for validity.\n"
449 "This method tests the ACL to see if it is a valid ACL\n"
450 "in terms of the file-system. More precisely, it checks that:\n"
452 "The ACL contains exactly one entry with each of the\n"
453 ":py:data:`ACL_USER_OBJ`, :py:data:`ACL_GROUP_OBJ`, and \n"
454 ":py:data:`ACL_OTHER` tag types. Entries\n"
455 "with :py:data:`ACL_USER` and :py:data:`ACL_GROUP` tag types may\n"
456 "appear zero or more\n"
457 "times in an ACL. An ACL that contains entries of :py:data:`ACL_USER` or\n"
458 ":py:data:`ACL_GROUP` tag types must contain exactly one entry of the \n"
459 ":py:data:`ACL_MASK` tag type. If an ACL contains no entries of\n"
460 ":py:data:`ACL_USER` or :py:data:`ACL_GROUP` tag types, the\n"
461 ":py:data:`ACL_MASK` entry is optional.\n"
463 "All user ID qualifiers must be unique among all entries of\n"
464 "the :py:data:`ACL_USER` tag type, and all group IDs must be unique\n"
465 "among all entries of :py:data:`ACL_GROUP` tag type.\n"
467 "The method will return 1 for a valid ACL and 0 for an invalid one.\n"
468 "This has been chosen because the specification for\n"
469 ":manpage:`acl_valid(3)`\n"
470 "in the POSIX.1e standard documents only one possible value for errno\n"
471 "in case of an invalid ACL, so we can't differentiate between\n"
472 "classes of errors. Other suggestions are welcome.\n"
478 /* Checks the ACL for validity */
479 static PyObject* ACL_valid(PyObject* obj, PyObject* args) {
480 ACL_Object *self = (ACL_Object*) obj;
482 if(acl_valid(self->acl) == -1) {
489 #ifdef HAVE_ACL_COPY_EXT
490 static PyObject* ACL_get_state(PyObject *obj, PyObject* args) {
491 ACL_Object *self = (ACL_Object*) obj;
496 size = acl_size(self->acl);
498 return PyErr_SetFromErrno(PyExc_IOError);
500 if((ret = PyBytes_FromStringAndSize(NULL, size)) == NULL)
502 buf = PyBytes_AsString(ret);
504 if((nsize = acl_copy_ext(buf, self->acl, size)) == -1) {
506 return PyErr_SetFromErrno(PyExc_IOError);
512 static PyObject* ACL_set_state(PyObject *obj, PyObject* args) {
513 ACL_Object *self = (ACL_Object*) obj;
518 /* Parse the argument */
519 if (!PyArg_ParseTuple(args, "s#", &buf, &bufsize))
522 /* Try to import the external representation */
523 if((ptr = acl_copy_int(buf)) == NULL)
524 return PyErr_SetFromErrno(PyExc_IOError);
526 /* Free the old acl. Should we ignore errors here? */
527 if(self->acl != NULL) {
528 if(acl_free(self->acl) == -1)
529 return PyErr_SetFromErrno(PyExc_IOError);
534 /* Return the result */
542 /* tp_iter for the ACL type; since it can be iterated only
543 * destructively, the type is its iterator
545 static PyObject* ACL_iter(PyObject *obj) {
546 ACL_Object *self = (ACL_Object*)obj;
547 self->entry_id = ACL_FIRST_ENTRY;
552 /* the tp_iternext function for the ACL type */
553 static PyObject* ACL_iternext(PyObject *obj) {
554 ACL_Object *self = (ACL_Object*)obj;
555 acl_entry_t the_entry_t;
556 Entry_Object *the_entry_obj;
559 nerr = acl_get_entry(self->acl, self->entry_id, &the_entry_t);
560 self->entry_id = ACL_NEXT_ENTRY;
562 return PyErr_SetFromErrno(PyExc_IOError);
564 /* Docs says this is not needed */
565 /*PyErr_SetObject(PyExc_StopIteration, Py_None);*/
569 the_entry_obj = (Entry_Object*) PyType_GenericNew(&Entry_Type, NULL, NULL);
570 if(the_entry_obj == NULL)
573 the_entry_obj->entry = the_entry_t;
575 the_entry_obj->parent_acl = obj;
576 Py_INCREF(obj); /* For the reference we have in entry->parent */
578 return (PyObject*)the_entry_obj;
581 static char __ACL_delete_entry_doc__[] =
582 "delete_entry(entry)\n"
583 "Deletes an entry from the ACL.\n"
585 ".. note:: Only available with level 2.\n"
587 ":param entry: the Entry object which should be deleted; note that after\n"
588 " this function is called, that object is unusable any longer\n"
589 " and should be deleted\n"
592 /* Deletes an entry from the ACL */
593 static PyObject* ACL_delete_entry(PyObject *obj, PyObject *args) {
594 ACL_Object *self = (ACL_Object*)obj;
597 if (!PyArg_ParseTuple(args, "O!", &Entry_Type, &e))
600 if(acl_delete_entry(self->acl, e->entry) == -1)
601 return PyErr_SetFromErrno(PyExc_IOError);
603 /* Return the result */
608 static char __ACL_calc_mask_doc__[] =
609 "Compute the file group class mask.\n"
611 "The calc_mask() method calculates and sets the permissions \n"
612 "associated with the :py:data:`ACL_MASK` Entry of the ACL.\n"
613 "The value of the new permissions is the union of the permissions \n"
614 "granted by all entries of tag type :py:data:`ACL_GROUP`, \n"
615 ":py:data:`ACL_GROUP_OBJ`, or \n"
616 ":py:data:`ACL_USER`. If the ACL already contains an :py:data:`ACL_MASK`\n"
618 "permissions are overwritten; if it does not contain an \n"
619 ":py:data:`ACL_MASK` Entry, one is added.\n"
621 "The order of existing entries in the ACL is undefined after this \n"
625 /* Updates the mask entry in the ACL */
626 static PyObject* ACL_calc_mask(PyObject *obj, PyObject *args) {
627 ACL_Object *self = (ACL_Object*)obj;
629 if(acl_calc_mask(&self->acl) == -1)
630 return PyErr_SetFromErrno(PyExc_IOError);
632 /* Return the result */
637 static char __ACL_append_doc__[] =
639 "Append a new Entry to the ACL and return it.\n"
641 "This is a convenience function to create a new Entry \n"
642 "and append it to the ACL.\n"
643 "If a parameter of type Entry instance is given, the \n"
644 "entry will be a copy of that one (as if copied with \n"
645 ":py:func:`Entry.copy`), otherwise, the new entry will be empty.\n"
647 ":rtype: :py:class:`Entry`\n"
648 ":returns: the newly created entry\n"
651 /* Convenience method to create a new Entry */
652 static PyObject* ACL_append(PyObject *obj, PyObject *args) {
653 ACL_Object* self = (ACL_Object*) obj;
654 Entry_Object* newentry;
655 Entry_Object* oldentry = NULL;
658 newentry = (Entry_Object*)PyType_GenericNew(&Entry_Type, NULL, NULL);
659 if(newentry == NULL) {
663 if (!PyArg_ParseTuple(args, "|O!", &Entry_Type, &oldentry)) {
668 nret = acl_create_entry(&self->acl, &newentry->entry);
671 return PyErr_SetFromErrno(PyExc_IOError);
674 if(oldentry != NULL) {
675 nret = acl_copy_entry(newentry->entry, oldentry->entry);
678 return PyErr_SetFromErrno(PyExc_IOError);
682 newentry->parent_acl = obj;
685 return (PyObject*)newentry;
688 /***** Entry type *****/
698 /* Helper function to get the tag and qualifier of an Entry at the
699 same time. This is "needed" because the acl_get_qualifier function
700 returns a pointer to different types, based on the tag value, and
701 thus it's not straightforward to get the right type.
703 It sets a Python exception if an error occurs, and return 0 in this
704 case. If successful, the tag is set to the tag type, and the
705 qualifier (if any) to either the uid or the gid entry in the
708 int get_tag_qualifier(acl_entry_t entry, tag_qual *tq) {
711 if(acl_get_tag_type(entry, &tq->tag) == -1) {
712 PyErr_SetFromErrno(PyExc_IOError);
715 if (tq->tag == ACL_USER || tq->tag == ACL_GROUP) {
716 if((p = acl_get_qualifier(entry)) == NULL) {
717 PyErr_SetFromErrno(PyExc_IOError);
720 if (tq->tag == ACL_USER) {
721 tq->uid = *(uid_t*)p;
723 tq->gid = *(gid_t*)p;
730 /* Creation of a new Entry instance */
731 static PyObject* Entry_new(PyTypeObject* type, PyObject* args,
735 newentry = PyType_GenericNew(type, args, keywds);
737 if(newentry != NULL) {
738 ((Entry_Object*)newentry)->entry = NULL;
739 ((Entry_Object*)newentry)->parent_acl = NULL;
745 /* Initialization of a new Entry instance */
746 static int Entry_init(PyObject* obj, PyObject* args, PyObject *keywds) {
747 Entry_Object* self = (Entry_Object*) obj;
748 ACL_Object* parent = NULL;
750 if (!PyArg_ParseTuple(args, "O!", &ACL_Type, &parent))
753 if(acl_create_entry(&parent->acl, &self->entry) == -1) {
754 PyErr_SetFromErrno(PyExc_IOError);
758 self->parent_acl = (PyObject*)parent;
764 /* Free the Entry instance */
765 static void Entry_dealloc(PyObject* obj) {
766 Entry_Object *self = (Entry_Object*) obj;
767 PyObject *err_type, *err_value, *err_traceback;
768 int have_error = PyErr_Occurred() ? 1 : 0;
771 PyErr_Fetch(&err_type, &err_value, &err_traceback);
772 if(self->parent_acl != NULL) {
773 Py_DECREF(self->parent_acl);
774 self->parent_acl = NULL;
777 PyErr_Restore(err_type, err_value, err_traceback);
781 /* Converts the entry to a text format */
782 static PyObject* Entry_str(PyObject *obj) {
783 PyObject *format, *kind;
784 Entry_Object *self = (Entry_Object*) obj;
787 if(!get_tag_qualifier(self->entry, &tq)) {
791 format = MyString_FromString("ACL entry for ");
795 case ACL_UNDEFINED_TAG:
796 kind = MyString_FromString("undefined type");
799 kind = MyString_FromString("the owner");
802 kind = MyString_FromString("the group");
805 kind = MyString_FromString("the others");
808 /* FIXME: here and in the group case, we're formatting with
809 unsigned, because there's no way to automatically determine
810 the signed-ness of the types; on Linux(glibc) they're
811 unsigned, so we'll go along with that */
812 kind = MyString_FromFormat("user with uid %u", tq.uid);
815 kind = MyString_FromFormat("group with gid %u", tq.gid);
818 kind = MyString_FromString("the mask");
821 kind = MyString_FromString("UNKNOWN_TAG_TYPE!");
828 MyString_ConcatAndDel(&format, kind);
832 /* Sets the tag type of the entry */
833 static int Entry_set_tag_type(PyObject* obj, PyObject* value, void* arg) {
834 Entry_Object *self = (Entry_Object*) obj;
837 PyErr_SetString(PyExc_TypeError,
838 "tag type deletion is not supported");
842 if(!PyInt_Check(value)) {
843 PyErr_SetString(PyExc_TypeError,
844 "tag type must be integer");
847 if(acl_set_tag_type(self->entry, (acl_tag_t)PyInt_AsLong(value)) == -1) {
848 PyErr_SetFromErrno(PyExc_IOError);
855 /* Returns the tag type of the entry */
856 static PyObject* Entry_get_tag_type(PyObject *obj, void* arg) {
857 Entry_Object *self = (Entry_Object*) obj;
860 if (self->entry == NULL) {
861 PyErr_SetString(PyExc_AttributeError, "entry attribute");
864 if(acl_get_tag_type(self->entry, &value) == -1) {
865 PyErr_SetFromErrno(PyExc_IOError);
869 return PyInt_FromLong(value);
872 /* Sets the qualifier (either uid_t or gid_t) for the entry,
873 * usable only if the tag type if ACL_USER or ACL_GROUP
875 static int Entry_set_qualifier(PyObject* obj, PyObject* value, void* arg) {
876 Entry_Object *self = (Entry_Object*) obj;
884 PyErr_SetString(PyExc_TypeError,
885 "qualifier deletion is not supported");
889 if(!PyInt_Check(value)) {
890 PyErr_SetString(PyExc_TypeError,
891 "qualifier must be integer");
894 if((uidgid = PyInt_AsLong(value)) == -1) {
895 if(PyErr_Occurred() != NULL) {
899 /* Due to how acl_set_qualifier takes its argument, we have to do
900 this ugly dance with two variables and a pointer that will
901 point to one of them. */
902 if(acl_get_tag_type(self->entry, &tag) == -1) {
903 PyErr_SetFromErrno(PyExc_IOError);
910 if((long)uid != uidgid) {
911 PyErr_SetString(PyExc_OverflowError, "cannot assign given qualifier");
918 if((long)gid != uidgid) {
919 PyErr_SetString(PyExc_OverflowError, "cannot assign given qualifier");
926 PyErr_SetString(PyExc_TypeError,
927 "can only set qualifiers on ACL_USER or ACL_GROUP entries");
930 if(acl_set_qualifier(self->entry, p) == -1) {
931 PyErr_SetFromErrno(PyExc_IOError);
938 /* Returns the qualifier of the entry */
939 static PyObject* Entry_get_qualifier(PyObject *obj, void* arg) {
940 Entry_Object *self = (Entry_Object*) obj;
944 if (self->entry == NULL) {
945 PyErr_SetString(PyExc_AttributeError, "entry attribute");
948 if(!get_tag_qualifier(self->entry, &tq)) {
951 if (tq.tag == ACL_USER) {
953 } else if (tq.tag == ACL_GROUP) {
956 PyErr_SetString(PyExc_TypeError,
957 "given entry doesn't have an user or"
961 return PyInt_FromLong(value);
964 /* Returns the parent ACL of the entry */
965 static PyObject* Entry_get_parent(PyObject *obj, void* arg) {
966 Entry_Object *self = (Entry_Object*) obj;
968 Py_INCREF(self->parent_acl);
969 return self->parent_acl;
972 /* Returns the a new Permset representing the permset of the entry
973 * FIXME: Should return a new reference to the same object, which
974 * should be created at init time!
976 static PyObject* Entry_get_permset(PyObject *obj, void* arg) {
977 Entry_Object *self = (Entry_Object*)obj;
981 p = Permset_new(&Permset_Type, NULL, NULL);
984 ps = (Permset_Object*)p;
985 if(acl_get_permset(self->entry, &ps->permset) == -1) {
986 PyErr_SetFromErrno(PyExc_IOError);
990 ps->parent_entry = obj;
996 /* Sets the permset of the entry to the passed Permset */
997 static int Entry_set_permset(PyObject* obj, PyObject* value, void* arg) {
998 Entry_Object *self = (Entry_Object*)obj;
1001 if(!PyObject_IsInstance(value, (PyObject*)&Permset_Type)) {
1002 PyErr_SetString(PyExc_TypeError, "argument 1 must be posix1e.Permset");
1005 p = (Permset_Object*)value;
1006 if(acl_set_permset(self->entry, p->permset) == -1) {
1007 PyErr_SetFromErrno(PyExc_IOError);
1013 static char __Entry_copy_doc__[] =
1015 "Copies an ACL entry.\n"
1017 "This method sets all the parameters to those of another\n"
1018 "entry (either of the same ACL or belonging to another ACL).\n"
1020 ":param Entry src: instance of type Entry\n"
1023 /* Sets all the entry parameters to another entry */
1024 static PyObject* Entry_copy(PyObject *obj, PyObject *args) {
1025 Entry_Object *self = (Entry_Object*)obj;
1026 Entry_Object *other;
1028 if(!PyArg_ParseTuple(args, "O!", &Entry_Type, &other))
1031 if(acl_copy_entry(self->entry, other->entry) == -1)
1032 return PyErr_SetFromErrno(PyExc_IOError);
1038 /**** Permset type *****/
1040 /* Creation of a new Permset instance */
1041 static PyObject* Permset_new(PyTypeObject* type, PyObject* args,
1043 PyObject* newpermset;
1045 newpermset = PyType_GenericNew(type, args, keywds);
1047 if(newpermset != NULL) {
1048 ((Permset_Object*)newpermset)->permset = NULL;
1049 ((Permset_Object*)newpermset)->parent_entry = NULL;
1055 /* Initialization of a new Permset instance */
1056 static int Permset_init(PyObject* obj, PyObject* args, PyObject *keywds) {
1057 Permset_Object* self = (Permset_Object*) obj;
1058 Entry_Object* parent = NULL;
1060 if (!PyArg_ParseTuple(args, "O!", &Entry_Type, &parent))
1063 if(acl_get_permset(parent->entry, &self->permset) == -1) {
1064 PyErr_SetFromErrno(PyExc_IOError);
1068 self->parent_entry = (PyObject*)parent;
1074 /* Free the Permset instance */
1075 static void Permset_dealloc(PyObject* obj) {
1076 Permset_Object *self = (Permset_Object*) obj;
1077 PyObject *err_type, *err_value, *err_traceback;
1078 int have_error = PyErr_Occurred() ? 1 : 0;
1081 PyErr_Fetch(&err_type, &err_value, &err_traceback);
1082 if(self->parent_entry != NULL) {
1083 Py_DECREF(self->parent_entry);
1084 self->parent_entry = NULL;
1087 PyErr_Restore(err_type, err_value, err_traceback);
1091 /* Permset string representation */
1092 static PyObject* Permset_str(PyObject *obj) {
1093 Permset_Object *self = (Permset_Object*) obj;
1096 pstr[0] = get_perm(self->permset, ACL_READ) ? 'r' : '-';
1097 pstr[1] = get_perm(self->permset, ACL_WRITE) ? 'w' : '-';
1098 pstr[2] = get_perm(self->permset, ACL_EXECUTE) ? 'x' : '-';
1099 return MyString_FromStringAndSize(pstr, 3);
1102 static char __Permset_clear_doc__[] =
1103 "Clears all permissions from the permission set.\n"
1106 /* Clears all permissions from the permset */
1107 static PyObject* Permset_clear(PyObject* obj, PyObject* args) {
1108 Permset_Object *self = (Permset_Object*) obj;
1110 if(acl_clear_perms(self->permset) == -1)
1111 return PyErr_SetFromErrno(PyExc_IOError);
1113 /* Return the result */
1118 static PyObject* Permset_get_right(PyObject *obj, void* arg) {
1119 Permset_Object *self = (Permset_Object*) obj;
1121 if(get_perm(self->permset, *(acl_perm_t*)arg)) {
1128 static int Permset_set_right(PyObject* obj, PyObject* value, void* arg) {
1129 Permset_Object *self = (Permset_Object*) obj;
1133 if(!PyInt_Check(value)) {
1134 PyErr_SetString(PyExc_ValueError, "a maximum of one argument must"
1138 on = PyInt_AsLong(value);
1140 nerr = acl_add_perm(self->permset, *(acl_perm_t*)arg);
1142 nerr = acl_delete_perm(self->permset, *(acl_perm_t*)arg);
1144 PyErr_SetFromErrno(PyExc_IOError);
1150 static char __Permset_add_doc__[] =
1152 "Add a permission to the permission set.\n"
1154 "This function adds the permission contained in \n"
1155 "the argument perm to the permission set. An attempt \n"
1156 "to add a permission that is already contained in the \n"
1157 "permission set is not considered an error.\n"
1159 ":param perm: a permission (:py:data:`ACL_WRITE`, :py:data:`ACL_READ`,\n"
1160 " :py:data:`ACL_EXECUTE`, ...)\n"
1161 ":raises IOError: in case the argument is not a valid descriptor\n"
1164 static PyObject* Permset_add(PyObject* obj, PyObject* args) {
1165 Permset_Object *self = (Permset_Object*) obj;
1168 if (!PyArg_ParseTuple(args, "i", &right))
1171 if(acl_add_perm(self->permset, (acl_perm_t) right) == -1)
1172 return PyErr_SetFromErrno(PyExc_IOError);
1174 /* Return the result */
1179 static char __Permset_delete_doc__[] =
1181 "Delete a permission from the permission set.\n"
1183 "This function deletes the permission contained in \n"
1184 "the argument perm from the permission set. An attempt \n"
1185 "to delete a permission that is not contained in the \n"
1186 "permission set is not considered an error.\n"
1188 ":param perm: a permission (:py:data:`ACL_WRITE`, :py:data:`ACL_READ`,\n"
1189 " :py:data:`ACL_EXECUTE`, ...)\n"
1190 ":raises IOError: in case the argument is not a valid descriptor\n"
1193 static PyObject* Permset_delete(PyObject* obj, PyObject* args) {
1194 Permset_Object *self = (Permset_Object*) obj;
1197 if (!PyArg_ParseTuple(args, "i", &right))
1200 if(acl_delete_perm(self->permset, (acl_perm_t) right) == -1)
1201 return PyErr_SetFromErrno(PyExc_IOError);
1203 /* Return the result */
1208 static char __Permset_test_doc__[] =
1210 "Test if a permission exists in the permission set.\n"
1212 "The test() function tests if the permission represented by\n"
1213 "the argument perm exists in the permission set.\n"
1215 ":param perm: a permission (:py:data:`ACL_WRITE`, :py:data:`ACL_READ`,\n"
1216 " :py:data:`ACL_EXECUTE`, ...)\n"
1218 ":raises IOError: in case the argument is not a valid descriptor\n"
1221 static PyObject* Permset_test(PyObject* obj, PyObject* args) {
1222 Permset_Object *self = (Permset_Object*) obj;
1226 if (!PyArg_ParseTuple(args, "i", &right))
1229 ret = get_perm(self->permset, (acl_perm_t) right);
1231 return PyErr_SetFromErrno(PyExc_IOError);
1242 static char __ACL_Type_doc__[] =
1243 "Type which represents a POSIX ACL\n"
1245 ".. note:: only one keyword parameter should be provided\n"
1247 ":param string file: creates an ACL representing\n"
1248 " the access ACL of the specified file\n"
1249 ":param string filedef: creates an ACL representing\n"
1250 " the default ACL of the given directory\n"
1251 ":param int fd: creates an ACL representing\n"
1252 " the access ACL of the given file descriptor\n"
1253 ":param string text: creates an ACL from a \n"
1254 " textual description\n"
1255 ":param ACL acl: creates a copy of an existing ACL instance\n"
1256 ":param int mode: creates an ACL from a numeric mode\n"
1257 " (e.g. mode=0644) (this is valid only when the C library\n"
1258 " provides the acl_from_mode call)\n"
1260 "If no parameters are passed, an empty ACL will be created; this\n"
1261 "makes sense only when your OS supports ACL modification\n"
1262 "(i.e. it implements full POSIX.1e support), otherwise the ACL won't\n"
1266 /* ACL type methods */
1267 static PyMethodDef ACL_methods[] = {
1268 {"applyto", ACL_applyto, METH_VARARGS, __applyto_doc__},
1269 {"valid", ACL_valid, METH_NOARGS, __valid_doc__},
1271 {"to_any_text", (PyCFunction)ACL_to_any_text, METH_VARARGS | METH_KEYWORDS,
1272 __to_any_text_doc__},
1273 {"check", ACL_check, METH_NOARGS, __check_doc__},
1274 {"equiv_mode", ACL_equiv_mode, METH_NOARGS, __equiv_mode_doc__},
1276 #ifdef HAVE_ACL_COPYEXT
1277 {"__getstate__", ACL_get_state, METH_NOARGS,
1278 "Dumps the ACL to an external format."},
1279 {"__setstate__", ACL_set_state, METH_VARARGS,
1280 "Loads the ACL from an external format."},
1283 {"delete_entry", ACL_delete_entry, METH_VARARGS, __ACL_delete_entry_doc__},
1284 {"calc_mask", ACL_calc_mask, METH_NOARGS, __ACL_calc_mask_doc__},
1285 {"append", ACL_append, METH_VARARGS, __ACL_append_doc__},
1287 {NULL, NULL, 0, NULL}
1291 /* The definition of the ACL Type */
1292 static PyTypeObject ACL_Type = {
1294 PyVarObject_HEAD_INIT(NULL, 0)
1296 PyObject_HEAD_INIT(NULL)
1302 ACL_dealloc, /* tp_dealloc */
1306 ACL_nocmp, /* tp_compare */
1308 0, /* tp_as_number */
1309 0, /* tp_as_sequence */
1310 0, /* tp_as_mapping */
1313 ACL_str, /* tp_str */
1314 0, /* tp_getattro */
1315 0, /* tp_setattro */
1316 0, /* tp_as_buffer */
1317 Py_TPFLAGS_DEFAULT, /* tp_flags */
1318 __ACL_Type_doc__, /* tp_doc */
1319 0, /* tp_traverse */
1322 ACL_richcompare, /* tp_richcompare */
1324 0, /* tp_richcompare */
1326 0, /* tp_weaklistoffset */
1332 0, /* tp_iternext */
1334 ACL_methods, /* tp_methods */
1339 0, /* tp_descr_get */
1340 0, /* tp_descr_set */
1341 0, /* tp_dictoffset */
1342 ACL_init, /* tp_init */
1344 ACL_new, /* tp_new */
1349 /* Entry type methods */
1350 static PyMethodDef Entry_methods[] = {
1351 {"copy", Entry_copy, METH_VARARGS, __Entry_copy_doc__},
1352 {NULL, NULL, 0, NULL}
1355 static char __Entry_tagtype_doc__[] =
1356 "The tag type of the current entry\n"
1359 " - :py:data:`ACL_UNDEFINED_TAG`\n"
1360 " - :py:data:`ACL_USER_OBJ`\n"
1361 " - :py:data:`ACL_USER`\n"
1362 " - :py:data:`ACL_GROUP_OBJ`\n"
1363 " - :py:data:`ACL_GROUP`\n"
1364 " - :py:data:`ACL_MASK`\n"
1365 " - :py:data:`ACL_OTHER`\n"
1368 static char __Entry_qualifier_doc__[] =
1369 "The qualifier of the current entry\n"
1371 "If the tag type is :py:data:`ACL_USER`, this should be a user id.\n"
1372 "If the tag type if :py:data:`ACL_GROUP`, this should be a group id.\n"
1373 "Else it doesn't matter.\n"
1376 static char __Entry_parent_doc__[] =
1377 "The parent ACL of this entry\n"
1380 static char __Entry_permset_doc__[] =
1381 "The permission set of this ACL entry\n"
1385 static PyGetSetDef Entry_getsets[] = {
1386 {"tag_type", Entry_get_tag_type, Entry_set_tag_type,
1387 __Entry_tagtype_doc__},
1388 {"qualifier", Entry_get_qualifier, Entry_set_qualifier,
1389 __Entry_qualifier_doc__},
1390 {"parent", Entry_get_parent, NULL, __Entry_parent_doc__},
1391 {"permset", Entry_get_permset, Entry_set_permset, __Entry_permset_doc__},
1395 static char __Entry_Type_doc__[] =
1396 "Type which represents an entry in an ACL.\n"
1398 "The type exists only if the OS has full support for POSIX.1e\n"
1399 "Can be created either by:\n"
1401 " >>> e = posix1e.Entry(myACL) # this creates a new entry in the ACL\n"
1402 " >>> e = myACL.append() # another way for doing the same thing\n"
1406 " >>> for entry in myACL:\n"
1407 " ... print entry\n"
1409 "Note that the Entry keeps a reference to its ACL, so even if \n"
1410 "you delete the ACL, it won't be cleaned up and will continue to \n"
1411 "exist until its Entry(ies) will be deleted.\n"
1413 /* The definition of the Entry Type */
1414 static PyTypeObject Entry_Type = {
1416 PyVarObject_HEAD_INIT(NULL, 0)
1418 PyObject_HEAD_INIT(NULL)
1422 sizeof(Entry_Object),
1424 Entry_dealloc, /* tp_dealloc */
1430 0, /* tp_as_number */
1431 0, /* tp_as_sequence */
1432 0, /* tp_as_mapping */
1435 Entry_str, /* tp_str */
1436 0, /* tp_getattro */
1437 0, /* tp_setattro */
1438 0, /* tp_as_buffer */
1439 Py_TPFLAGS_DEFAULT, /* tp_flags */
1440 __Entry_Type_doc__, /* tp_doc */
1441 0, /* tp_traverse */
1443 0, /* tp_richcompare */
1444 0, /* tp_weaklistoffset */
1446 0, /* tp_iternext */
1447 Entry_methods, /* tp_methods */
1449 Entry_getsets, /* tp_getset */
1452 0, /* tp_descr_get */
1453 0, /* tp_descr_set */
1454 0, /* tp_dictoffset */
1455 Entry_init, /* tp_init */
1457 Entry_new, /* tp_new */
1460 /* Permset type methods */
1461 static PyMethodDef Permset_methods[] = {
1462 {"clear", Permset_clear, METH_NOARGS, __Permset_clear_doc__, },
1463 {"add", Permset_add, METH_VARARGS, __Permset_add_doc__, },
1464 {"delete", Permset_delete, METH_VARARGS, __Permset_delete_doc__, },
1465 {"test", Permset_test, METH_VARARGS, __Permset_test_doc__, },
1466 {NULL, NULL, 0, NULL}
1469 static char __Permset_execute_doc__[] =
1470 "Execute permission property\n"
1472 "This is a convenience method of retrieving and setting the execute\n"
1473 "permission in the permission set; the \n"
1474 "same effect can be achieved using the functions\n"
1475 "add(), test(), delete(), and those can take any \n"
1476 "permission defined by your platform.\n"
1479 static char __Permset_read_doc__[] =
1480 "Read permission property\n"
1482 "This is a convenience method of retrieving and setting the read\n"
1483 "permission in the permission set; the \n"
1484 "same effect can be achieved using the functions\n"
1485 "add(), test(), delete(), and those can take any \n"
1486 "permission defined by your platform.\n"
1489 static char __Permset_write_doc__[] =
1490 "Write permission property\n"
1492 "This is a convenience method of retrieving and setting the write\n"
1493 "permission in the permission set; the \n"
1494 "same effect can be achieved using the functions\n"
1495 "add(), test(), delete(), and those can take any \n"
1496 "permission defined by your platform.\n"
1499 /* Permset getset */
1500 static PyGetSetDef Permset_getsets[] = {
1501 {"execute", Permset_get_right, Permset_set_right,
1502 __Permset_execute_doc__, &holder_ACL_EXECUTE},
1503 {"read", Permset_get_right, Permset_set_right,
1504 __Permset_read_doc__, &holder_ACL_READ},
1505 {"write", Permset_get_right, Permset_set_right,
1506 __Permset_write_doc__, &holder_ACL_WRITE},
1510 static char __Permset_Type_doc__[] =
1511 "Type which represents the permission set in an ACL entry\n"
1513 "The type exists only if the OS has full support for POSIX.1e\n"
1514 "Can be retrieved either by:\n\n"
1515 ">>> perms = myEntry.permset\n"
1518 ">>> perms = posix1e.Permset(myEntry)\n"
1520 "Note that the Permset keeps a reference to its Entry, so even if \n"
1521 "you delete the entry, it won't be cleaned up and will continue to \n"
1522 "exist until its Permset will be deleted.\n"
1525 /* The definition of the Permset Type */
1526 static PyTypeObject Permset_Type = {
1528 PyVarObject_HEAD_INIT(NULL, 0)
1530 PyObject_HEAD_INIT(NULL)
1534 sizeof(Permset_Object),
1536 Permset_dealloc, /* tp_dealloc */
1542 0, /* tp_as_number */
1543 0, /* tp_as_sequence */
1544 0, /* tp_as_mapping */
1547 Permset_str, /* tp_str */
1548 0, /* tp_getattro */
1549 0, /* tp_setattro */
1550 0, /* tp_as_buffer */
1551 Py_TPFLAGS_DEFAULT, /* tp_flags */
1552 __Permset_Type_doc__,/* tp_doc */
1553 0, /* tp_traverse */
1555 0, /* tp_richcompare */
1556 0, /* tp_weaklistoffset */
1558 0, /* tp_iternext */
1559 Permset_methods, /* tp_methods */
1561 Permset_getsets, /* tp_getset */
1564 0, /* tp_descr_get */
1565 0, /* tp_descr_set */
1566 0, /* tp_dictoffset */
1567 Permset_init, /* tp_init */
1569 Permset_new, /* tp_new */
1574 /* Module methods */
1576 static char __deletedef_doc__[] =
1577 "delete_default(path)\n"
1578 "Delete the default ACL from a directory.\n"
1580 "This function deletes the default ACL associated with\n"
1581 "a directory (the ACL which will be ANDed with the mode\n"
1582 "parameter to the open, creat functions).\n"
1584 ":param string path: the directory whose default ACL should be deleted\n"
1587 /* Deletes the default ACL from a directory */
1588 static PyObject* aclmodule_delete_default(PyObject* obj, PyObject* args) {
1591 /* Parse the arguments */
1592 if (!PyArg_ParseTuple(args, "et", NULL, &filename))
1595 if(acl_delete_def_file(filename) == -1) {
1596 return PyErr_SetFromErrno(PyExc_IOError);
1599 /* Return the result */
1605 static char __has_extended_doc__[] =
1606 "has_extended(item)\n"
1607 "Check if a file or file handle has an extended ACL.\n"
1609 ":param item: either a file name or a file-like object or an integer;\n"
1610 " it represents the file-system object on which to act\n"
1613 /* Check for extended ACL a file or fd */
1614 static PyObject* aclmodule_has_extended(PyObject* obj, PyObject* args) {
1619 if (!PyArg_ParseTuple(args, "O", &myarg))
1622 if(PyBytes_Check(myarg)) {
1623 const char *filename = PyBytes_AS_STRING(myarg);
1624 nret = acl_extended_file(filename);
1625 } else if (PyUnicode_Check(myarg)) {
1627 PyUnicode_AsEncodedString(myarg,
1628 Py_FileSystemDefaultEncoding, "strict");
1631 const char *filename = PyBytes_AS_STRING(o);
1632 nret = acl_extended_file(filename);
1634 } else if((fd = PyObject_AsFileDescriptor(myarg)) != -1) {
1635 nret = acl_extended_fd(fd);
1637 PyErr_SetString(PyExc_TypeError, "argument 1 must be string, int,"
1638 " or file-like object");
1642 return PyErr_SetFromErrno(PyExc_IOError);
1645 /* Return the result */
1646 return PyBool_FromLong(nret);
1650 /* The module methods */
1651 static PyMethodDef aclmodule_methods[] = {
1652 {"delete_default", aclmodule_delete_default, METH_VARARGS,
1655 {"has_extended", aclmodule_has_extended, METH_VARARGS,
1656 __has_extended_doc__},
1658 {NULL, NULL, 0, NULL}
1661 static char __posix1e_doc__[] =
1662 "POSIX.1e ACLs manipulation\n"
1663 "==========================\n"
1665 "This module provides support for manipulating POSIX.1e ACLS\n"
1667 "Depending on the operating system support for POSIX.1e, \n"
1668 "the ACL type will have more or less capabilities:\n\n"
1669 " - level 1, only basic support, you can create\n"
1670 " ACLs from files and text descriptions;\n"
1671 " once created, the type is immutable\n"
1672 " - level 2, complete support, you can alter\n"
1673 " the ACL once it is created\n"
1675 "Also, in level 2, more types are available, corresponding\n"
1676 "to acl_entry_t (the Entry type), acl_permset_t (the Permset type).\n"
1678 "The existence of level 2 support and other extensions can be\n"
1679 "checked by the constants:\n\n"
1680 " - :py:data:`HAS_ACL_ENTRY` for level 2 and the Entry/Permset classes\n"
1681 " - :py:data:`HAS_ACL_FROM_MODE` for ``ACL(mode=...)`` usage\n"
1682 " - :py:data:`HAS_ACL_CHECK` for the :py:func:`ACL.check` function\n"
1683 " - :py:data:`HAS_EXTENDED_CHECK` for the module-level\n"
1684 " :py:func:`has_extended` function\n"
1685 " - :py:data:`HAS_EQUIV_MODE` for the :py:func:`ACL.equiv_mode` method\n"
1689 ">>> import posix1e\n"
1690 ">>> acl1 = posix1e.ACL(file=\"file.txt\") \n"
1696 ">>> b = posix1e.ACL(text=\"u::rx,g::-,o::-\")\n"
1702 ">>> b.applyto(\"file.txt\")\n"
1703 ">>> print posix1e.ACL(file=\"file.txt\")\n"
1709 ".. py:data:: ACL_USER\n\n"
1710 " Denotes a specific user entry in an ACL.\n"
1712 ".. py:data:: ACL_USER_OBJ\n\n"
1713 " Denotes the user owner entry in an ACL.\n"
1715 ".. py:data:: ACL_GROUP\n\n"
1716 " Denotes the a group entry in an ACL.\n"
1718 ".. py:data:: ACL_GROUP_OBJ\n\n"
1719 " Denotes the group owner entry in an ACL.\n"
1721 ".. py:data:: ACL_OTHER\n\n"
1722 " Denotes the 'others' entry in an ACL.\n"
1724 ".. py:data:: ACL_MASK\n\n"
1725 " Denotes the mask entry in an ACL, representing the maximum\n"
1726 " access granted other users, the owner group and other groups.\n"
1728 ".. py:data:: ACL_UNDEFINED_TAG\n\n"
1729 " An undefined tag in an ACL.\n"
1731 ".. py:data:: ACL_READ\n\n"
1732 " Read permission in a permission set.\n"
1734 ".. py:data:: ACL_WRITE\n\n"
1735 " Write permission in a permission set.\n"
1737 ".. py:data:: ACL_EXECUTE\n\n"
1738 " Execute permission in a permission set.\n"
1740 ".. py:data:: HAS_ACL_ENTRY\n\n"
1741 " denotes support for level 2 and the Entry/Permset classes\n"
1743 ".. py:data:: HAS_ACL_FROM_MODE\n\n"
1744 " denotes support for building an ACL from an octal mode\n"
1746 ".. py:data:: HAS_ACL_CHECK\n\n"
1747 " denotes support for extended checks of an ACL's validity\n"
1749 ".. py:data:: HAS_EXTENDED_CHECK\n\n"
1750 " denotes support for checking whether an ACL is basic or extended\n"
1752 ".. py:data:: HAS_EQUIV_MODE\n\n"
1753 " denotes support for the equiv_mode function\n"
1759 static struct PyModuleDef posix1emodule = {
1760 PyModuleDef_HEAD_INIT,
1767 #define INITERROR return NULL
1770 PyInit_posix1e(void)
1773 #define INITERROR return
1775 void initposix1e(void)
1780 Py_TYPE(&ACL_Type) = &PyType_Type;
1781 if(PyType_Ready(&ACL_Type) < 0)
1785 Py_TYPE(&Entry_Type) = &PyType_Type;
1786 if(PyType_Ready(&Entry_Type) < 0)
1789 Py_TYPE(&Permset_Type) = &PyType_Type;
1790 if(PyType_Ready(&Permset_Type) < 0)
1795 m = PyModule_Create(&posix1emodule);
1797 m = Py_InitModule3("posix1e", aclmodule_methods, __posix1e_doc__);
1802 d = PyModule_GetDict(m);
1806 Py_INCREF(&ACL_Type);
1807 if (PyDict_SetItemString(d, "ACL",
1808 (PyObject *) &ACL_Type) < 0)
1811 /* 23.3.6 acl_type_t values */
1812 PyModule_AddIntConstant(m, "ACL_TYPE_ACCESS", ACL_TYPE_ACCESS);
1813 PyModule_AddIntConstant(m, "ACL_TYPE_DEFAULT", ACL_TYPE_DEFAULT);
1817 Py_INCREF(&Entry_Type);
1818 if (PyDict_SetItemString(d, "Entry",
1819 (PyObject *) &Entry_Type) < 0)
1822 Py_INCREF(&Permset_Type);
1823 if (PyDict_SetItemString(d, "Permset",
1824 (PyObject *) &Permset_Type) < 0)
1827 /* 23.2.2 acl_perm_t values */
1828 PyModule_AddIntConstant(m, "ACL_READ", ACL_READ);
1829 PyModule_AddIntConstant(m, "ACL_WRITE", ACL_WRITE);
1830 PyModule_AddIntConstant(m, "ACL_EXECUTE", ACL_EXECUTE);
1832 /* 23.2.5 acl_tag_t values */
1833 PyModule_AddIntConstant(m, "ACL_UNDEFINED_TAG", ACL_UNDEFINED_TAG);
1834 PyModule_AddIntConstant(m, "ACL_USER_OBJ", ACL_USER_OBJ);
1835 PyModule_AddIntConstant(m, "ACL_USER", ACL_USER);
1836 PyModule_AddIntConstant(m, "ACL_GROUP_OBJ", ACL_GROUP_OBJ);
1837 PyModule_AddIntConstant(m, "ACL_GROUP", ACL_GROUP);
1838 PyModule_AddIntConstant(m, "ACL_MASK", ACL_MASK);
1839 PyModule_AddIntConstant(m, "ACL_OTHER", ACL_OTHER);
1841 /* Document extended functionality via easy-to-use constants */
1842 PyModule_AddIntConstant(m, "HAS_ACL_ENTRY", 1);
1844 PyModule_AddIntConstant(m, "HAS_ACL_ENTRY", 0);
1848 /* Linux libacl specific acl_to_any_text constants */
1849 PyModule_AddIntConstant(m, "TEXT_ABBREVIATE", TEXT_ABBREVIATE);
1850 PyModule_AddIntConstant(m, "TEXT_NUMERIC_IDS", TEXT_NUMERIC_IDS);
1851 PyModule_AddIntConstant(m, "TEXT_SOME_EFFECTIVE", TEXT_SOME_EFFECTIVE);
1852 PyModule_AddIntConstant(m, "TEXT_ALL_EFFECTIVE", TEXT_ALL_EFFECTIVE);
1853 PyModule_AddIntConstant(m, "TEXT_SMART_INDENT", TEXT_SMART_INDENT);
1855 /* Linux libacl specific acl_check constants */
1856 PyModule_AddIntConstant(m, "ACL_MULTI_ERROR", ACL_MULTI_ERROR);
1857 PyModule_AddIntConstant(m, "ACL_DUPLICATE_ERROR", ACL_DUPLICATE_ERROR);
1858 PyModule_AddIntConstant(m, "ACL_MISS_ERROR", ACL_MISS_ERROR);
1859 PyModule_AddIntConstant(m, "ACL_ENTRY_ERROR", ACL_ENTRY_ERROR);
1861 #define LINUX_EXT_VAL 1
1863 #define LINUX_EXT_VAL 0
1865 /* declare the Linux extensions */
1866 PyModule_AddIntConstant(m, "HAS_ACL_FROM_MODE", LINUX_EXT_VAL);
1867 PyModule_AddIntConstant(m, "HAS_ACL_CHECK", LINUX_EXT_VAL);
1868 PyModule_AddIntConstant(m, "HAS_EXTENDED_CHECK", LINUX_EXT_VAL);
1869 PyModule_AddIntConstant(m, "HAS_EQUIV_MODE", LINUX_EXT_VAL);
projects / pylibacl.git / blob