2 posix1e - a python module exposing the posix acl functions
4 Copyright (C) 2002-2009, 2012, 2014, 2015 Iustin Pop <iustin@k1024.org>
6 This library is free software; you can redistribute it and/or
7 modify it under the terms of the GNU Lesser General Public
8 License as published by the Free Software Foundation; either
9 version 2.1 of the License, or (at your option) any later version.
11 This library is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 Lesser General Public License for more details.
16 You should have received a copy of the GNU Lesser General Public
17 License along with this library; if not, write to the Free Software
18 Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
23 #define PY_SSIZE_T_CLEAN
26 #include <sys/types.h>
30 #include <acl/libacl.h>
31 #define get_perm acl_get_perm
33 #define get_perm acl_get_perm_np
36 /* Used for cpychecker: */
37 /* The checker automatically defines this preprocessor name when creating
38 the custom attribute: */
39 #if defined(WITH_CPYCHECKER_TYPE_OBJECT_FOR_TYPEDEF_ATTRIBUTE)
40 #define CPYCHECKER_TYPE_OBJECT_FOR_TYPEDEF(typename) \
41 __attribute__((cpychecker_type_object_for_typedef(typename)))
43 /* This handles the case where we're compiling with a "vanilla"
44 compiler that doesn't supply this attribute: */
45 #define CPYCHECKER_TYPE_OBJECT_FOR_TYPEDEF(typename)
48 /* The checker automatically defines this preprocessor name when creating
49 the custom attribute: */
50 #if defined(WITH_CPYCHECKER_NEGATIVE_RESULT_SETS_EXCEPTION_ATTRIBUTE)
51 #define CPYCHECKER_NEGATIVE_RESULT_SETS_EXCEPTION \
52 __attribute__((cpychecker_negative_result_sets_exception))
54 #define CPYCHECKER_NEGATIVE_RESULT_SETS_EXCEPTION
57 static PyTypeObject ACL_Type
58 CPYCHECKER_TYPE_OBJECT_FOR_TYPEDEF("ACL_Object");
59 static PyObject* ACL_applyto(PyObject* obj, PyObject* args);
60 static PyObject* ACL_valid(PyObject* obj, PyObject* args);
62 #ifdef HAVE_ACL_COPY_EXT
63 static PyObject* ACL_get_state(PyObject *obj, PyObject* args);
64 static PyObject* ACL_set_state(PyObject *obj, PyObject* args);
68 static PyTypeObject Entry_Type
69 CPYCHECKER_TYPE_OBJECT_FOR_TYPEDEF("Entry_Object");
70 static PyTypeObject Permset_Type
71 CPYCHECKER_TYPE_OBJECT_FOR_TYPEDEF("Permset_Object");
72 static PyObject* Permset_new(PyTypeObject* type, PyObject* args,
76 static acl_perm_t holder_ACL_EXECUTE = ACL_EXECUTE;
77 static acl_perm_t holder_ACL_READ = ACL_READ;
78 static acl_perm_t holder_ACL_WRITE = ACL_WRITE;
92 PyObject *parent_acl; /* The parent acl, so it won't run out on us */
98 PyObject *parent_entry; /* The parent entry, so it won't run out on us */
99 acl_permset_t permset;
104 /* Creation of a new ACL instance */
105 static PyObject* ACL_new(PyTypeObject* type, PyObject* args,
110 newacl = type->tp_alloc(type, 0);
115 acl = (ACL_Object*) newacl;
117 acl->acl = acl_init(0);
118 if (acl->acl == NULL) {
119 PyErr_SetFromErrno(PyExc_IOError);
124 acl->entry_id = ACL_FIRST_ENTRY;
130 /* Initialization of a new ACL instance */
131 static int ACL_init(PyObject* obj, PyObject* args, PyObject *keywds) {
132 ACL_Object* self = (ACL_Object*) obj;
133 static char *kwlist[] = { "file", "fd", "text", "acl", "filedef",
137 #ifdef HAVE_ACL_COPY_EXT
141 char *format = "|O&OsO!O&"
145 #ifdef HAVE_ACL_COPY_EXT
150 PyObject *file = NULL;
151 PyObject *filedef = NULL;
154 ACL_Object* thesrc = NULL;
155 const void *buf = NULL;
158 if(!PyTuple_Check(args) || PyTuple_Size(args) != 0 ||
159 (keywds != NULL && PyDict_Check(keywds) && PyDict_Size(keywds) > 1)) {
160 PyErr_SetString(PyExc_ValueError, "a max of one keyword argument"
164 if(!PyArg_ParseTupleAndKeywords(args, keywds, format, kwlist,
165 PyUnicode_FSConverter, &file,
166 &fd, &text, &ACL_Type, &thesrc,
167 PyUnicode_FSConverter, &filedef
171 #ifdef HAVE_ACL_COPY_EXT
177 /* Free the old acl_t without checking for error, we don't
179 if(self->acl != NULL)
185 fprintf(stderr, "foobar!\n");
186 char *path = PyBytes_AS_STRING(file);
187 self->acl = acl_get_file(path, ACL_TYPE_ACCESS);
189 } else if(text != NULL)
190 self->acl = acl_from_text(text);
191 else if(fd != NULL) {
193 if ((fdval = PyObject_AsFileDescriptor(fd)) != -1) {
194 self->acl = acl_get_fd(fdval);
196 } else if(thesrc != NULL)
197 self->acl = acl_dup(thesrc->acl);
198 else if(filedef != NULL) {
199 char *path = PyBytes_AS_STRING(filedef);
200 self->acl = acl_get_file(path, ACL_TYPE_DEFAULT);
205 self->acl = acl_from_mode(mode);
207 #ifdef HAVE_ACL_COPY_EXT
208 else if(buf != NULL) {
209 if((self->acl = acl_copy_int(buf)) == NULL) {
210 PyErr_SetFromErrno(PyExc_IOError);
216 self->acl = acl_init(0);
218 if(self->acl == NULL) {
219 PyErr_SetFromErrno(PyExc_IOError);
226 /* Standard type functions */
227 static void ACL_dealloc(PyObject* obj) {
228 ACL_Object *self = (ACL_Object*) obj;
229 PyObject *err_type, *err_value, *err_traceback;
230 int have_error = PyErr_Occurred() ? 1 : 0;
233 PyErr_Fetch(&err_type, &err_value, &err_traceback);
234 if(self->acl != NULL && acl_free(self->acl) != 0)
235 PyErr_WriteUnraisable(obj);
237 PyErr_Restore(err_type, err_value, err_traceback);
241 /* Converts the acl to a text format */
242 static PyObject* ACL_str(PyObject *obj) {
244 ACL_Object *self = (ACL_Object*) obj;
247 text = acl_to_text(self->acl, NULL);
249 return PyErr_SetFromErrno(PyExc_IOError);
251 ret = PyUnicode_FromString(text);
252 if(acl_free(text) != 0) {
254 return PyErr_SetFromErrno(PyExc_IOError);
260 static char __to_any_text_doc__[] =
261 "to_any_text([prefix='', separator='n', options=0])\n"
262 "Convert the ACL to a custom text format.\n"
264 "This method encapsulates the ``acl_to_any_text()`` function.\n"
265 "It allows a customized text format to be generated for the ACL. See\n"
266 ":manpage:`acl_to_any_text(3)` for more details.\n"
268 ":param string prefix: if given, this string will be pre-pended to\n"
270 ":param string separator: a single character (defaults to '\\n'); this will"
271 " be used to separate the entries in the ACL\n"
272 ":param options: a bitwise combination of:\n\n"
273 " - :py:data:`TEXT_ABBREVIATE`: use 'u' instead of 'user', 'g' \n"
274 " instead of 'group', etc.\n"
275 " - :py:data:`TEXT_NUMERIC_IDS`: User and group IDs are included as\n"
276 " decimal numbers instead of names\n"
277 " - :py:data:`TEXT_SOME_EFFECTIVE`: Include comments denoting the\n"
278 " effective permissions when some are masked\n"
279 " - :py:data:`TEXT_ALL_EFFECTIVE`: Include comments after all ACL\n"
280 " entries affected by an ACL_MASK entry\n"
281 " - :py:data:`TEXT_SMART_INDENT`: Used in combination with the\n"
282 " _EFFECTIVE options, this will ensure that comments are aligned\n"
283 " to the fourth tab position (assuming one tab equals eight spaces)\n"
287 /* Converts the acl to a custom text format */
288 static PyObject* ACL_to_any_text(PyObject *obj, PyObject *args,
291 ACL_Object *self = (ACL_Object*) obj;
293 const char *arg_prefix = NULL;
294 char arg_separator = '\n';
296 static char *kwlist[] = {"prefix", "separator", "options", NULL};
298 if (!PyArg_ParseTupleAndKeywords(args, kwds, "|sci", kwlist, &arg_prefix,
299 &arg_separator, &arg_options))
302 text = acl_to_any_text(self->acl, arg_prefix, arg_separator, arg_options);
304 return PyErr_SetFromErrno(PyExc_IOError);
306 ret = PyBytes_FromString(text);
307 if(acl_free(text) != 0) {
309 return PyErr_SetFromErrno(PyExc_IOError);
314 static char __check_doc__[] =
315 "Check the ACL validity.\n"
317 "This is a non-portable, Linux specific extension that allow more\n"
318 "information to be retrieved in case an ACL is not valid than via the\n"
319 ":py:func:`valid` method.\n"
321 "This method will return either False (the ACL is valid), or a tuple\n"
322 "with two elements. The first element is one of the following\n"
324 " - :py:data:`ACL_MULTI_ERROR`: The ACL contains multiple entries that\n"
325 " have a tag type that may occur at most once\n"
326 " - :py:data:`ACL_DUPLICATE_ERROR`: The ACL contains multiple \n"
327 " :py:data:`ACL_USER` or :py:data:`ACL_GROUP` entries with the\n"
329 " - :py:data:`ACL_MISS_ERROR`: A required entry is missing\n"
330 " - :py:data:`ACL_ENTRY_ERROR`: The ACL contains an invalid entry\n"
333 "The second element of the tuple is the index of the entry that is\n"
334 "invalid (in the same order as by iterating over the ACL entry)\n"
337 /* The acl_check method */
338 static PyObject* ACL_check(PyObject* obj, PyObject* args) {
339 ACL_Object *self = (ACL_Object*) obj;
343 if((result = acl_check(self->acl, &eindex)) == -1)
344 return PyErr_SetFromErrno(PyExc_IOError);
348 return Py_BuildValue("(ii)", result, eindex);
351 /* Implementation of the rich compare for ACLs */
352 static PyObject* ACL_richcompare(PyObject* o1, PyObject* o2, int op) {
353 ACL_Object *acl1, *acl2;
357 if(!PyObject_IsInstance(o2, (PyObject*)&ACL_Type)) {
362 PyErr_SetString(PyExc_TypeError, "can only compare to an ACL");
366 acl1 = (ACL_Object*)o1;
367 acl2 = (ACL_Object*)o2;
368 if((n=acl_cmp(acl1->acl, acl2->acl))==-1)
369 return PyErr_SetFromErrno(PyExc_IOError);
372 ret = n == 0 ? Py_True : Py_False;
375 ret = n == 1 ? Py_True : Py_False;
378 PyErr_SetString(PyExc_TypeError, "ACLs are not orderable");
385 static char __equiv_mode_doc__[] =
386 "Return the octal mode the ACL is equivalent to.\n"
388 "This is a non-portable, Linux specific extension that checks\n"
389 "if the ACL is a basic ACL and returns the corresponding mode.\n"
392 ":raise IOError: An IOerror exception will be raised if the ACL is\n"
393 " an extended ACL.\n"
396 /* The acl_equiv_mode method */
397 static PyObject* ACL_equiv_mode(PyObject* obj, PyObject* args) {
398 ACL_Object *self = (ACL_Object*) obj;
401 if(acl_equiv_mode(self->acl, &mode) == -1)
402 return PyErr_SetFromErrno(PyExc_IOError);
403 return PyLong_FromLong(mode);
408 static char __applyto_doc__[] =
409 "applyto(item[, flag=ACL_TYPE_ACCESS])\n"
410 "Apply the ACL to a file or filehandle.\n"
412 ":param item: either a filename or a file-like object or an integer;\n"
413 " this represents the filesystem object on which to act\n"
414 ":param flag: optional flag representing the type of ACL to set, either\n"
415 " :py:data:`ACL_TYPE_ACCESS` (default) or :py:data:`ACL_TYPE_DEFAULT`\n"
418 /* Applies the ACL to a file */
419 static PyObject* ACL_applyto(PyObject* obj, PyObject* args) {
420 ACL_Object *self = (ACL_Object*) obj;
421 PyObject *target, *tmp;
422 acl_type_t type = ACL_TYPE_ACCESS;
426 if (!PyArg_ParseTuple(args, "O|I", &target, &type))
428 if ((fd = PyObject_AsFileDescriptor(target)) != -1) {
429 if((nret = acl_set_fd(fd, self->acl)) == -1) {
430 PyErr_SetFromErrno(PyExc_IOError);
433 // PyObject_AsFileDescriptor sets an error when failing, so clear
434 // it such that further code works; some method lookups fail if an
435 // error already occured when called, which breaks at least
436 // PyOS_FSPath (called by FSConverter).
438 if(PyUnicode_FSConverter(target, &tmp)) {
439 char *filename = PyBytes_AS_STRING(tmp);
440 if ((nret = acl_set_file(filename, type, self->acl)) == -1) {
441 PyErr_SetFromErrnoWithFilename(PyExc_IOError, filename);
455 static char __valid_doc__[] =
456 "Test the ACL for validity.\n"
458 "This method tests the ACL to see if it is a valid ACL\n"
459 "in terms of the file-system. More precisely, it checks that:\n"
461 "The ACL contains exactly one entry with each of the\n"
462 ":py:data:`ACL_USER_OBJ`, :py:data:`ACL_GROUP_OBJ`, and \n"
463 ":py:data:`ACL_OTHER` tag types. Entries\n"
464 "with :py:data:`ACL_USER` and :py:data:`ACL_GROUP` tag types may\n"
465 "appear zero or more\n"
466 "times in an ACL. An ACL that contains entries of :py:data:`ACL_USER` or\n"
467 ":py:data:`ACL_GROUP` tag types must contain exactly one entry of the \n"
468 ":py:data:`ACL_MASK` tag type. If an ACL contains no entries of\n"
469 ":py:data:`ACL_USER` or :py:data:`ACL_GROUP` tag types, the\n"
470 ":py:data:`ACL_MASK` entry is optional.\n"
472 "All user ID qualifiers must be unique among all entries of\n"
473 "the :py:data:`ACL_USER` tag type, and all group IDs must be unique\n"
474 "among all entries of :py:data:`ACL_GROUP` tag type.\n"
476 "The method will return 1 for a valid ACL and 0 for an invalid one.\n"
477 "This has been chosen because the specification for\n"
478 ":manpage:`acl_valid(3)`\n"
479 "in the POSIX.1e standard documents only one possible value for errno\n"
480 "in case of an invalid ACL, so we can't differentiate between\n"
481 "classes of errors. Other suggestions are welcome.\n"
487 /* Checks the ACL for validity */
488 static PyObject* ACL_valid(PyObject* obj, PyObject* args) {
489 ACL_Object *self = (ACL_Object*) obj;
491 if(acl_valid(self->acl) == -1) {
498 #ifdef HAVE_ACL_COPY_EXT
499 static PyObject* ACL_get_state(PyObject *obj, PyObject* args) {
500 ACL_Object *self = (ACL_Object*) obj;
505 size = acl_size(self->acl);
507 return PyErr_SetFromErrno(PyExc_IOError);
509 if((ret = PyBytes_FromStringAndSize(NULL, size)) == NULL)
511 buf = PyBytes_AsString(ret);
513 if((nsize = acl_copy_ext(buf, self->acl, size)) == -1) {
515 return PyErr_SetFromErrno(PyExc_IOError);
521 static PyObject* ACL_set_state(PyObject *obj, PyObject* args) {
522 ACL_Object *self = (ACL_Object*) obj;
527 /* Parse the argument */
528 if (!PyArg_ParseTuple(args, "y#", &buf, &bufsize))
531 /* Try to import the external representation */
532 if((ptr = acl_copy_int(buf)) == NULL)
533 return PyErr_SetFromErrno(PyExc_IOError);
535 /* Free the old acl. Should we ignore errors here? */
536 if(self->acl != NULL) {
537 if(acl_free(self->acl) == -1)
538 return PyErr_SetFromErrno(PyExc_IOError);
549 /* tp_iter for the ACL type; since it can be iterated only
550 * destructively, the type is its iterator
552 static PyObject* ACL_iter(PyObject *obj) {
553 ACL_Object *self = (ACL_Object*)obj;
554 self->entry_id = ACL_FIRST_ENTRY;
559 /* the tp_iternext function for the ACL type */
560 static PyObject* ACL_iternext(PyObject *obj) {
561 ACL_Object *self = (ACL_Object*)obj;
562 acl_entry_t the_entry_t;
563 Entry_Object *the_entry_obj;
566 nerr = acl_get_entry(self->acl, self->entry_id, &the_entry_t);
567 self->entry_id = ACL_NEXT_ENTRY;
569 return PyErr_SetFromErrno(PyExc_IOError);
571 /* Docs says this is not needed */
572 /*PyErr_SetObject(PyExc_StopIteration, Py_None);*/
576 the_entry_obj = (Entry_Object*) PyType_GenericNew(&Entry_Type, NULL, NULL);
577 if(the_entry_obj == NULL)
580 the_entry_obj->entry = the_entry_t;
582 the_entry_obj->parent_acl = obj;
583 Py_INCREF(obj); /* For the reference we have in entry->parent */
585 return (PyObject*)the_entry_obj;
588 static char __ACL_delete_entry_doc__[] =
589 "delete_entry(entry)\n"
590 "Deletes an entry from the ACL.\n"
592 ".. note:: Only available with level 2.\n"
594 ":param entry: the Entry object which should be deleted; note that after\n"
595 " this function is called, that object is unusable any longer\n"
596 " and should be deleted\n"
599 /* Deletes an entry from the ACL */
600 static PyObject* ACL_delete_entry(PyObject *obj, PyObject *args) {
601 ACL_Object *self = (ACL_Object*)obj;
604 if (!PyArg_ParseTuple(args, "O!", &Entry_Type, &e))
607 if (e->parent_acl != obj) {
608 PyErr_SetString(PyExc_ValueError,
609 "Can't remove un-owned entry");
612 if(acl_delete_entry(self->acl, e->entry) == -1)
613 return PyErr_SetFromErrno(PyExc_IOError);
618 static char __ACL_calc_mask_doc__[] =
619 "Compute the file group class mask.\n"
621 "The calc_mask() method calculates and sets the permissions \n"
622 "associated with the :py:data:`ACL_MASK` Entry of the ACL.\n"
623 "The value of the new permissions is the union of the permissions \n"
624 "granted by all entries of tag type :py:data:`ACL_GROUP`, \n"
625 ":py:data:`ACL_GROUP_OBJ`, or \n"
626 ":py:data:`ACL_USER`. If the ACL already contains an :py:data:`ACL_MASK`\n"
628 "permissions are overwritten; if it does not contain an \n"
629 ":py:data:`ACL_MASK` Entry, one is added.\n"
631 "The order of existing entries in the ACL is undefined after this \n"
635 /* Updates the mask entry in the ACL */
636 static PyObject* ACL_calc_mask(PyObject *obj, PyObject *args) {
637 ACL_Object *self = (ACL_Object*)obj;
639 if(acl_calc_mask(&self->acl) == -1)
640 return PyErr_SetFromErrno(PyExc_IOError);
645 static char __ACL_append_doc__[] =
647 "Append a new Entry to the ACL and return it.\n"
649 "This is a convenience function to create a new Entry \n"
650 "and append it to the ACL.\n"
651 "If a parameter of type Entry instance is given, the \n"
652 "entry will be a copy of that one (as if copied with \n"
653 ":py:func:`Entry.copy`), otherwise, the new entry will be empty.\n"
655 ":rtype: :py:class:`Entry`\n"
656 ":returns: the newly created entry\n"
659 /* Convenience method to create a new Entry */
660 static PyObject* ACL_append(PyObject *obj, PyObject *args) {
661 Entry_Object* newentry;
662 Entry_Object* oldentry = NULL;
665 if (!PyArg_ParseTuple(args, "|O!", &Entry_Type, &oldentry)) {
669 PyObject *new_arglist = Py_BuildValue("(O)", obj);
670 if (new_arglist == NULL) {
673 newentry = (Entry_Object*) PyObject_CallObject((PyObject*)&Entry_Type, new_arglist);
674 Py_DECREF(new_arglist);
675 if(newentry == NULL) {
679 if(oldentry != NULL) {
680 nret = acl_copy_entry(newentry->entry, oldentry->entry);
683 return PyErr_SetFromErrno(PyExc_IOError);
687 return (PyObject*)newentry;
690 /***** Entry type *****/
700 /* Pre-declaring the function is more friendly to cpychecker, sigh. */
701 static int get_tag_qualifier(acl_entry_t entry, tag_qual *tq)
702 CPYCHECKER_NEGATIVE_RESULT_SETS_EXCEPTION;
704 /* Helper function to get the tag and qualifier of an Entry at the
705 same time. This is "needed" because the acl_get_qualifier function
706 returns a pointer to different types, based on the tag value, and
707 thus it's not straightforward to get the right type.
709 It sets a Python exception if an error occurs, and returns -1 in
710 this case. If successful, the tag is set to the tag type, the
711 qualifier (if any) to either the uid or the gid entry in the
712 tag_qual structure, and the return value is 0.
714 static int get_tag_qualifier(acl_entry_t entry, tag_qual *tq) {
717 if(acl_get_tag_type(entry, &tq->tag) == -1) {
718 PyErr_SetFromErrno(PyExc_IOError);
721 if (tq->tag == ACL_USER || tq->tag == ACL_GROUP) {
722 if((p = acl_get_qualifier(entry)) == NULL) {
723 PyErr_SetFromErrno(PyExc_IOError);
726 if (tq->tag == ACL_USER) {
727 tq->uid = *(uid_t*)p;
729 tq->gid = *(gid_t*)p;
736 #define ENTRY_SET_CHECK(self, attr, value) \
737 if (value == NULL) { \
738 PyErr_SetString(PyExc_TypeError, \
739 attr " deletion is not supported"); \
743 /* Creation of a new Entry instance */
744 static PyObject* Entry_new(PyTypeObject* type, PyObject* args,
748 ACL_Object* parent = NULL;
750 if (!PyArg_ParseTuple(args, "O!", &ACL_Type, &parent))
753 newentry = PyType_GenericNew(type, args, keywds);
755 if(newentry == NULL) {
759 entry = (Entry_Object*)newentry;
761 if(acl_create_entry(&parent->acl, &entry->entry) == -1) {
762 PyErr_SetFromErrno(PyExc_IOError);
767 entry->parent_acl = (PyObject*)parent;
771 /* Initialization of a new Entry instance */
772 static int Entry_init(PyObject* obj, PyObject* args, PyObject *keywds) {
773 Entry_Object* self = (Entry_Object*) obj;
774 ACL_Object* parent = NULL;
776 if (!PyArg_ParseTuple(args, "O!", &ACL_Type, &parent))
779 if ((PyObject*)parent != self->parent_acl) {
780 PyErr_SetString(PyExc_ValueError,
781 "Can't reinitialize with a different parent");
787 /* Free the Entry instance */
788 static void Entry_dealloc(PyObject* obj) {
789 Entry_Object *self = (Entry_Object*) obj;
790 PyObject *err_type, *err_value, *err_traceback;
791 int have_error = PyErr_Occurred() ? 1 : 0;
794 PyErr_Fetch(&err_type, &err_value, &err_traceback);
795 if(self->parent_acl != NULL) {
796 Py_DECREF(self->parent_acl);
797 self->parent_acl = NULL;
800 PyErr_Restore(err_type, err_value, err_traceback);
804 /* Converts the entry to a text format */
805 static PyObject* Entry_str(PyObject *obj) {
806 PyObject *format, *kind;
807 Entry_Object *self = (Entry_Object*) obj;
810 if(get_tag_qualifier(self->entry, &tq) < 0) {
814 format = PyUnicode_FromString("ACL entry for ");
818 case ACL_UNDEFINED_TAG:
819 kind = PyUnicode_FromString("undefined type");
822 kind = PyUnicode_FromString("the owner");
825 kind = PyUnicode_FromString("the group");
828 kind = PyUnicode_FromString("the others");
831 /* FIXME: here and in the group case, we're formatting with
832 unsigned, because there's no way to automatically determine
833 the signed-ness of the types; on Linux(glibc) they're
834 unsigned, so we'll go along with that */
835 kind = PyUnicode_FromFormat("user with uid %u", tq.uid);
838 kind = PyUnicode_FromFormat("group with gid %u", tq.gid);
841 kind = PyUnicode_FromString("the mask");
844 kind = PyUnicode_FromString("UNKNOWN_TAG_TYPE!");
851 PyObject *ret = PyUnicode_Concat(format, kind);
857 /* Sets the tag type of the entry */
858 static int Entry_set_tag_type(PyObject* obj, PyObject* value, void* arg) {
859 Entry_Object *self = (Entry_Object*) obj;
861 ENTRY_SET_CHECK(self, "tag type", value);
863 if(!PyLong_Check(value)) {
864 PyErr_SetString(PyExc_TypeError,
865 "tag type must be integer");
868 if(acl_set_tag_type(self->entry, (acl_tag_t)PyLong_AsLong(value)) == -1) {
869 PyErr_SetFromErrno(PyExc_IOError);
876 /* Returns the tag type of the entry */
877 static PyObject* Entry_get_tag_type(PyObject *obj, void* arg) {
878 Entry_Object *self = (Entry_Object*) obj;
881 if(acl_get_tag_type(self->entry, &value) == -1) {
882 PyErr_SetFromErrno(PyExc_IOError);
886 return PyLong_FromLong(value);
889 /* Sets the qualifier (either uid_t or gid_t) for the entry,
890 * usable only if the tag type if ACL_USER or ACL_GROUP
892 static int Entry_set_qualifier(PyObject* obj, PyObject* value, void* arg) {
893 Entry_Object *self = (Entry_Object*) obj;
894 unsigned long uidgid;
900 ENTRY_SET_CHECK(self, "qualifier", value);
902 if(!PyLong_Check(value)) {
903 PyErr_SetString(PyExc_TypeError,
904 "qualifier must be integer");
907 /* This is the negative value check, and larger than long
908 check. If uid_t/gid_t are long-sized, this is enough to check
909 for both over and underflow. */
910 if((uidgid = PyLong_AsUnsignedLong(value)) == (unsigned long) -1) {
911 if(PyErr_Occurred() != NULL) {
915 /* Due to how acl_set_qualifier takes its argument, we have to do
916 this ugly dance with two variables and a pointer that will
917 point to one of them. */
918 if(acl_get_tag_type(self->entry, &tag) == -1) {
919 PyErr_SetFromErrno(PyExc_IOError);
924 /* This is an extra overflow check, in case uid_t/gid_t are
925 int-sized (and int size smaller than long size). */
928 if((unsigned long)uid != uidgid) {
929 PyErr_SetString(PyExc_OverflowError, "Can't assign given qualifier");
936 if((unsigned long)gid != uidgid) {
937 PyErr_SetString(PyExc_OverflowError, "Can't assign given qualifier");
944 PyErr_SetString(PyExc_TypeError,
945 "Can only set qualifiers on ACL_USER or ACL_GROUP entries");
948 if(acl_set_qualifier(self->entry, p) == -1) {
949 PyErr_SetFromErrno(PyExc_IOError);
956 /* Returns the qualifier of the entry */
957 static PyObject* Entry_get_qualifier(PyObject *obj, void* arg) {
958 Entry_Object *self = (Entry_Object*) obj;
962 if (self->entry == NULL) {
963 PyErr_SetString(PyExc_ValueError, "Can't get qualifier on uninitalized Entry object");
966 if(get_tag_qualifier(self->entry, &tq) < 0) {
969 if (tq.tag == ACL_USER) {
971 } else if (tq.tag == ACL_GROUP) {
974 PyErr_SetString(PyExc_TypeError,
975 "Given entry doesn't have an user or"
979 return PyLong_FromUnsignedLong(value);
982 /* Returns the parent ACL of the entry */
983 static PyObject* Entry_get_parent(PyObject *obj, void* arg) {
984 Entry_Object *self = (Entry_Object*) obj;
986 Py_INCREF(self->parent_acl);
987 return self->parent_acl;
990 /* Returns the a new Permset representing the permset of the entry
991 * FIXME: Should return a new reference to the same object, which
992 * should be created at init time!
994 static PyObject* Entry_get_permset(PyObject *obj, void* arg) {
997 PyObject *perm_arglist = Py_BuildValue("(O)", obj);
998 if (perm_arglist == NULL) {
1001 p = PyObject_CallObject((PyObject*)&Permset_Type, perm_arglist);
1002 Py_DECREF(perm_arglist);
1006 /* Sets the permset of the entry to the passed Permset */
1007 static int Entry_set_permset(PyObject* obj, PyObject* value, void* arg) {
1008 Entry_Object *self = (Entry_Object*)obj;
1011 ENTRY_SET_CHECK(self, "permset", value);
1013 if(!PyObject_IsInstance(value, (PyObject*)&Permset_Type)) {
1014 PyErr_SetString(PyExc_TypeError, "argument 1 must be posix1e.Permset");
1017 p = (Permset_Object*)value;
1018 if(acl_set_permset(self->entry, p->permset) == -1) {
1019 PyErr_SetFromErrno(PyExc_IOError);
1025 static char __Entry_copy_doc__[] =
1027 "Copies an ACL entry.\n"
1029 "This method sets all the parameters to those of another\n"
1030 "entry (either of the same ACL or belonging to another ACL).\n"
1032 ":param Entry src: instance of type Entry\n"
1035 /* Sets all the entry parameters to another entry */
1036 static PyObject* Entry_copy(PyObject *obj, PyObject *args) {
1037 Entry_Object *self = (Entry_Object*)obj;
1038 Entry_Object *other;
1040 if(!PyArg_ParseTuple(args, "O!", &Entry_Type, &other))
1043 if(acl_copy_entry(self->entry, other->entry) == -1)
1044 return PyErr_SetFromErrno(PyExc_IOError);
1049 /**** Permset type *****/
1051 /* Creation of a new Permset instance */
1052 static PyObject* Permset_new(PyTypeObject* type, PyObject* args,
1054 PyObject* newpermset;
1055 Permset_Object* permset;
1056 Entry_Object* parent = NULL;
1058 if (!PyArg_ParseTuple(args, "O!", &Entry_Type, &parent)) {
1062 newpermset = PyType_GenericNew(type, args, keywds);
1064 if(newpermset == NULL) {
1068 permset = (Permset_Object*)newpermset;
1070 if(acl_get_permset(parent->entry, &permset->permset) == -1) {
1071 PyErr_SetFromErrno(PyExc_IOError);
1072 Py_DECREF(newpermset);
1076 permset->parent_entry = (PyObject*)parent;
1082 /* Initialization of a new Permset instance */
1083 static int Permset_init(PyObject* obj, PyObject* args, PyObject *keywds) {
1084 Permset_Object* self = (Permset_Object*) obj;
1085 Entry_Object* parent = NULL;
1087 if (!PyArg_ParseTuple(args, "O!", &Entry_Type, &parent))
1090 if ((PyObject*)parent != self->parent_entry) {
1091 PyErr_SetString(PyExc_ValueError,
1092 "Can't reinitialize with a different parent");
1099 /* Free the Permset instance */
1100 static void Permset_dealloc(PyObject* obj) {
1101 Permset_Object *self = (Permset_Object*) obj;
1102 PyObject *err_type, *err_value, *err_traceback;
1103 int have_error = PyErr_Occurred() ? 1 : 0;
1106 PyErr_Fetch(&err_type, &err_value, &err_traceback);
1107 if(self->parent_entry != NULL) {
1108 Py_DECREF(self->parent_entry);
1109 self->parent_entry = NULL;
1112 PyErr_Restore(err_type, err_value, err_traceback);
1116 /* Permset string representation */
1117 static PyObject* Permset_str(PyObject *obj) {
1118 Permset_Object *self = (Permset_Object*) obj;
1121 pstr[0] = get_perm(self->permset, ACL_READ) ? 'r' : '-';
1122 pstr[1] = get_perm(self->permset, ACL_WRITE) ? 'w' : '-';
1123 pstr[2] = get_perm(self->permset, ACL_EXECUTE) ? 'x' : '-';
1124 return PyUnicode_FromStringAndSize(pstr, 3);
1127 static char __Permset_clear_doc__[] =
1128 "Clears all permissions from the permission set.\n"
1131 /* Clears all permissions from the permset */
1132 static PyObject* Permset_clear(PyObject* obj, PyObject* args) {
1133 Permset_Object *self = (Permset_Object*) obj;
1135 if(acl_clear_perms(self->permset) == -1)
1136 return PyErr_SetFromErrno(PyExc_IOError);
1141 static PyObject* Permset_get_right(PyObject *obj, void* arg) {
1142 Permset_Object *self = (Permset_Object*) obj;
1144 if(get_perm(self->permset, *(acl_perm_t*)arg)) {
1151 static int Permset_set_right(PyObject* obj, PyObject* value, void* arg) {
1152 Permset_Object *self = (Permset_Object*) obj;
1156 if(!PyLong_Check(value)) {
1157 PyErr_SetString(PyExc_ValueError, "invalid argument, an integer"
1161 on = PyLong_AsLong(value);
1163 nerr = acl_add_perm(self->permset, *(acl_perm_t*)arg);
1165 nerr = acl_delete_perm(self->permset, *(acl_perm_t*)arg);
1167 PyErr_SetFromErrno(PyExc_IOError);
1173 static char __Permset_add_doc__[] =
1175 "Add a permission to the permission set.\n"
1177 "This function adds the permission contained in \n"
1178 "the argument perm to the permission set. An attempt \n"
1179 "to add a permission that is already contained in the \n"
1180 "permission set is not considered an error.\n"
1182 ":param perm: a permission (:py:data:`ACL_WRITE`, :py:data:`ACL_READ`,\n"
1183 " :py:data:`ACL_EXECUTE`, ...)\n"
1184 ":raises IOError: in case the argument is not a valid descriptor\n"
1187 static PyObject* Permset_add(PyObject* obj, PyObject* args) {
1188 Permset_Object *self = (Permset_Object*) obj;
1191 if (!PyArg_ParseTuple(args, "i", &right))
1194 if(acl_add_perm(self->permset, (acl_perm_t) right) == -1)
1195 return PyErr_SetFromErrno(PyExc_IOError);
1200 static char __Permset_delete_doc__[] =
1202 "Delete a permission from the permission set.\n"
1204 "This function deletes the permission contained in \n"
1205 "the argument perm from the permission set. An attempt \n"
1206 "to delete a permission that is not contained in the \n"
1207 "permission set is not considered an error.\n"
1209 ":param perm: a permission (:py:data:`ACL_WRITE`, :py:data:`ACL_READ`,\n"
1210 " :py:data:`ACL_EXECUTE`, ...)\n"
1211 ":raises IOError: in case the argument is not a valid descriptor\n"
1214 static PyObject* Permset_delete(PyObject* obj, PyObject* args) {
1215 Permset_Object *self = (Permset_Object*) obj;
1218 if (!PyArg_ParseTuple(args, "i", &right))
1221 if(acl_delete_perm(self->permset, (acl_perm_t) right) == -1)
1222 return PyErr_SetFromErrno(PyExc_IOError);
1227 static char __Permset_test_doc__[] =
1229 "Test if a permission exists in the permission set.\n"
1231 "The test() function tests if the permission represented by\n"
1232 "the argument perm exists in the permission set.\n"
1234 ":param perm: a permission (:py:data:`ACL_WRITE`, :py:data:`ACL_READ`,\n"
1235 " :py:data:`ACL_EXECUTE`, ...)\n"
1237 ":raises IOError: in case the argument is not a valid descriptor\n"
1240 static PyObject* Permset_test(PyObject* obj, PyObject* args) {
1241 Permset_Object *self = (Permset_Object*) obj;
1245 if (!PyArg_ParseTuple(args, "i", &right))
1248 ret = get_perm(self->permset, (acl_perm_t) right);
1250 return PyErr_SetFromErrno(PyExc_IOError);
1261 static char __ACL_Type_doc__[] =
1262 "Type which represents a POSIX ACL\n"
1264 ".. note:: only one keyword parameter should be provided\n"
1266 ":param string/bytes/path-like file: creates an ACL representing\n"
1267 " the access ACL of the specified file or directory.\n"
1268 ":param string/bytes/path-like filedef: creates an ACL representing\n"
1269 " the default ACL of the given directory.\n"
1270 ":param int/iostream fd: creates an ACL representing\n"
1271 " the access ACL of the given file descriptor.\n"
1272 ":param string text: creates an ACL from a \n"
1273 " textual description; note the ACL must be valid, which\n"
1274 " means including a mask for extended ACLs, similar to\n"
1275 " ``setfacl --no-mask``\n"
1276 ":param ACL acl: creates a copy of an existing ACL instance.\n"
1277 ":param int mode: creates an ACL from a numeric mode\n"
1278 " (e.g. ``mode=0644``); this is valid only when the C library\n"
1279 " provides the ``acl_from_mode call``, and\n"
1280 " note that no validation is done on the given value.\n"
1281 ":param bytes data: creates an ACL from a serialised form,\n"
1282 " as provided by calling ``__getstate__()`` on an existing ACL\n"
1284 "If no parameters are passed, an empty ACL will be created; this\n"
1285 "makes sense only when your OS supports ACL modification\n"
1286 "(i.e. it implements full POSIX.1e support), otherwise the ACL won't\n"
1290 /* ACL type methods */
1291 static PyMethodDef ACL_methods[] = {
1292 {"applyto", ACL_applyto, METH_VARARGS, __applyto_doc__},
1293 {"valid", ACL_valid, METH_NOARGS, __valid_doc__},
1295 {"to_any_text", (PyCFunction)ACL_to_any_text, METH_VARARGS | METH_KEYWORDS,
1296 __to_any_text_doc__},
1297 {"check", ACL_check, METH_NOARGS, __check_doc__},
1298 {"equiv_mode", ACL_equiv_mode, METH_NOARGS, __equiv_mode_doc__},
1300 #ifdef HAVE_ACL_COPY_EXT
1301 {"__getstate__", ACL_get_state, METH_NOARGS,
1302 "Dumps the ACL to an external format."},
1303 {"__setstate__", ACL_set_state, METH_VARARGS,
1304 "Loads the ACL from an external format."},
1307 {"delete_entry", ACL_delete_entry, METH_VARARGS, __ACL_delete_entry_doc__},
1308 {"calc_mask", ACL_calc_mask, METH_NOARGS, __ACL_calc_mask_doc__},
1309 {"append", ACL_append, METH_VARARGS, __ACL_append_doc__},
1311 {NULL, NULL, 0, NULL}
1315 /* The definition of the ACL Type */
1316 static PyTypeObject ACL_Type = {
1317 PyVarObject_HEAD_INIT(NULL, 0)
1321 ACL_dealloc, /* tp_dealloc */
1325 0, /* formerly tp_compare, in 3.0 deprecated, in
1328 0, /* tp_as_number */
1329 0, /* tp_as_sequence */
1330 0, /* tp_as_mapping */
1333 ACL_str, /* tp_str */
1334 0, /* tp_getattro */
1335 0, /* tp_setattro */
1336 0, /* tp_as_buffer */
1337 Py_TPFLAGS_DEFAULT, /* tp_flags */
1338 __ACL_Type_doc__, /* tp_doc */
1339 0, /* tp_traverse */
1342 ACL_richcompare, /* tp_richcompare */
1344 0, /* tp_richcompare */
1346 0, /* tp_weaklistoffset */
1352 0, /* tp_iternext */
1354 ACL_methods, /* tp_methods */
1359 0, /* tp_descr_get */
1360 0, /* tp_descr_set */
1361 0, /* tp_dictoffset */
1362 ACL_init, /* tp_init */
1364 ACL_new, /* tp_new */
1369 /* Entry type methods */
1370 static PyMethodDef Entry_methods[] = {
1371 {"copy", Entry_copy, METH_VARARGS, __Entry_copy_doc__},
1372 {NULL, NULL, 0, NULL}
1375 static char __Entry_tagtype_doc__[] =
1376 "The tag type of the current entry\n"
1379 " - :py:data:`ACL_UNDEFINED_TAG`\n"
1380 " - :py:data:`ACL_USER_OBJ`\n"
1381 " - :py:data:`ACL_USER`\n"
1382 " - :py:data:`ACL_GROUP_OBJ`\n"
1383 " - :py:data:`ACL_GROUP`\n"
1384 " - :py:data:`ACL_MASK`\n"
1385 " - :py:data:`ACL_OTHER`\n"
1388 static char __Entry_qualifier_doc__[] =
1389 "The qualifier of the current entry\n"
1391 "If the tag type is :py:data:`ACL_USER`, this should be a user id.\n"
1392 "If the tag type if :py:data:`ACL_GROUP`, this should be a group id.\n"
1393 "Else it doesn't matter.\n"
1396 static char __Entry_parent_doc__[] =
1397 "The parent ACL of this entry\n"
1400 static char __Entry_permset_doc__[] =
1401 "The permission set of this ACL entry\n"
1405 static PyGetSetDef Entry_getsets[] = {
1406 {"tag_type", Entry_get_tag_type, Entry_set_tag_type,
1407 __Entry_tagtype_doc__},
1408 {"qualifier", Entry_get_qualifier, Entry_set_qualifier,
1409 __Entry_qualifier_doc__},
1410 {"parent", Entry_get_parent, NULL, __Entry_parent_doc__},
1411 {"permset", Entry_get_permset, Entry_set_permset, __Entry_permset_doc__},
1415 static char __Entry_Type_doc__[] =
1416 "Type which represents an entry in an ACL.\n"
1418 "The type exists only if the OS has full support for POSIX.1e\n"
1419 "Can be created either by:\n"
1421 " >>> e = posix1e.Entry(myACL) # this creates a new entry in the ACL\n"
1422 " >>> e = myACL.append() # another way for doing the same thing\n"
1426 " >>> for entry in myACL:\n"
1427 " ... print entry\n"
1429 "Note that the Entry keeps a reference to its ACL, so even if \n"
1430 "you delete the ACL, it won't be cleaned up and will continue to \n"
1431 "exist until its Entry(ies) will be deleted.\n"
1433 /* The definition of the Entry Type */
1434 static PyTypeObject Entry_Type = {
1435 PyVarObject_HEAD_INIT(NULL, 0)
1437 sizeof(Entry_Object),
1439 Entry_dealloc, /* tp_dealloc */
1445 0, /* tp_as_number */
1446 0, /* tp_as_sequence */
1447 0, /* tp_as_mapping */
1450 Entry_str, /* tp_str */
1451 0, /* tp_getattro */
1452 0, /* tp_setattro */
1453 0, /* tp_as_buffer */
1454 Py_TPFLAGS_DEFAULT, /* tp_flags */
1455 __Entry_Type_doc__, /* tp_doc */
1456 0, /* tp_traverse */
1458 0, /* tp_richcompare */
1459 0, /* tp_weaklistoffset */
1461 0, /* tp_iternext */
1462 Entry_methods, /* tp_methods */
1464 Entry_getsets, /* tp_getset */
1467 0, /* tp_descr_get */
1468 0, /* tp_descr_set */
1469 0, /* tp_dictoffset */
1470 Entry_init, /* tp_init */
1472 Entry_new, /* tp_new */
1475 /* Permset type methods */
1476 static PyMethodDef Permset_methods[] = {
1477 {"clear", Permset_clear, METH_NOARGS, __Permset_clear_doc__, },
1478 {"add", Permset_add, METH_VARARGS, __Permset_add_doc__, },
1479 {"delete", Permset_delete, METH_VARARGS, __Permset_delete_doc__, },
1480 {"test", Permset_test, METH_VARARGS, __Permset_test_doc__, },
1481 {NULL, NULL, 0, NULL}
1484 static char __Permset_execute_doc__[] =
1485 "Execute permission property\n"
1487 "This is a convenience method of retrieving and setting the execute\n"
1488 "permission in the permission set; the \n"
1489 "same effect can be achieved using the functions\n"
1490 "add(), test(), delete(), and those can take any \n"
1491 "permission defined by your platform.\n"
1494 static char __Permset_read_doc__[] =
1495 "Read permission property\n"
1497 "This is a convenience method of retrieving and setting the read\n"
1498 "permission in the permission set; the \n"
1499 "same effect can be achieved using the functions\n"
1500 "add(), test(), delete(), and those can take any \n"
1501 "permission defined by your platform.\n"
1504 static char __Permset_write_doc__[] =
1505 "Write permission property\n"
1507 "This is a convenience method of retrieving and setting the write\n"
1508 "permission in the permission set; the \n"
1509 "same effect can be achieved using the functions\n"
1510 "add(), test(), delete(), and those can take any \n"
1511 "permission defined by your platform.\n"
1514 /* Permset getset */
1515 static PyGetSetDef Permset_getsets[] = {
1516 {"execute", Permset_get_right, Permset_set_right,
1517 __Permset_execute_doc__, &holder_ACL_EXECUTE},
1518 {"read", Permset_get_right, Permset_set_right,
1519 __Permset_read_doc__, &holder_ACL_READ},
1520 {"write", Permset_get_right, Permset_set_right,
1521 __Permset_write_doc__, &holder_ACL_WRITE},
1525 static char __Permset_Type_doc__[] =
1526 "Type which represents the permission set in an ACL entry\n"
1528 "The type exists only if the OS has full support for POSIX.1e\n"
1529 "Can be retrieved either by:\n\n"
1530 ">>> perms = myEntry.permset\n"
1533 ">>> perms = posix1e.Permset(myEntry)\n"
1535 "Note that the Permset keeps a reference to its Entry, so even if \n"
1536 "you delete the entry, it won't be cleaned up and will continue to \n"
1537 "exist until its Permset will be deleted.\n"
1540 /* The definition of the Permset Type */
1541 static PyTypeObject Permset_Type = {
1542 PyVarObject_HEAD_INIT(NULL, 0)
1544 sizeof(Permset_Object),
1546 Permset_dealloc, /* tp_dealloc */
1552 0, /* tp_as_number */
1553 0, /* tp_as_sequence */
1554 0, /* tp_as_mapping */
1557 Permset_str, /* tp_str */
1558 0, /* tp_getattro */
1559 0, /* tp_setattro */
1560 0, /* tp_as_buffer */
1561 Py_TPFLAGS_DEFAULT, /* tp_flags */
1562 __Permset_Type_doc__,/* tp_doc */
1563 0, /* tp_traverse */
1565 0, /* tp_richcompare */
1566 0, /* tp_weaklistoffset */
1568 0, /* tp_iternext */
1569 Permset_methods, /* tp_methods */
1571 Permset_getsets, /* tp_getset */
1574 0, /* tp_descr_get */
1575 0, /* tp_descr_set */
1576 0, /* tp_dictoffset */
1577 Permset_init, /* tp_init */
1579 Permset_new, /* tp_new */
1584 /* Module methods */
1586 static char __deletedef_doc__[] =
1587 "delete_default(path)\n"
1588 "Delete the default ACL from a directory.\n"
1590 "This function deletes the default ACL associated with\n"
1591 "a directory (the ACL which will be ANDed with the mode\n"
1592 "parameter to the open, creat functions).\n"
1594 ":param string path: the directory whose default ACL should be deleted\n"
1597 /* Deletes the default ACL from a directory */
1598 static PyObject* aclmodule_delete_default(PyObject* obj, PyObject* args) {
1601 /* Parse the arguments */
1602 if (!PyArg_ParseTuple(args, "et", NULL, &filename))
1605 if(acl_delete_def_file(filename) == -1) {
1606 return PyErr_SetFromErrnoWithFilename(PyExc_IOError, filename);
1613 static char __has_extended_doc__[] =
1614 "has_extended(item)\n"
1615 "Check if a file or file handle has an extended ACL.\n"
1617 ":param item: either a file name or a file-like object or an integer;\n"
1618 " it represents the file-system object on which to act\n"
1621 /* Check for extended ACL a file or fd */
1622 static PyObject* aclmodule_has_extended(PyObject* obj, PyObject* args) {
1623 PyObject *item, *tmp;
1627 if (!PyArg_ParseTuple(args, "O", &item))
1630 if((fd = PyObject_AsFileDescriptor(item)) != -1) {
1631 if((nret = acl_extended_fd(fd)) == -1) {
1632 PyErr_SetFromErrno(PyExc_IOError);
1635 // PyObject_AsFileDescriptor sets an error when failing, so clear
1636 // it such that further code works; some method lookups fail if an
1637 // error already occured when called, which breaks at least
1638 // PyOS_FSPath (called by FSConverter).
1640 if(PyUnicode_FSConverter(item, &tmp)) {
1641 char *filename = PyBytes_AS_STRING(tmp);
1642 if ((nret = acl_extended_file(filename)) == -1) {
1643 PyErr_SetFromErrnoWithFilename(PyExc_IOError, filename);
1654 return PyBool_FromLong(nret);
1659 /* The module methods */
1660 static PyMethodDef aclmodule_methods[] = {
1661 {"delete_default", aclmodule_delete_default, METH_VARARGS,
1664 {"has_extended", aclmodule_has_extended, METH_VARARGS,
1665 __has_extended_doc__},
1667 {NULL, NULL, 0, NULL}
1670 static char __posix1e_doc__[] =
1671 "POSIX.1e ACLs manipulation\n"
1672 "==========================\n"
1674 "This module provides support for manipulating POSIX.1e ACLS\n"
1676 "Depending on the operating system support for POSIX.1e, \n"
1677 "the ACL type will have more or less capabilities:\n\n"
1678 " - level 1, only basic support, you can create\n"
1679 " ACLs from files and text descriptions;\n"
1680 " once created, the type is immutable\n"
1681 " - level 2, complete support, you can alter\n"
1682 " the ACL once it is created\n"
1684 "Also, in level 2, more types are available, corresponding\n"
1685 "to acl_entry_t (the Entry type), acl_permset_t (the Permset type).\n"
1687 "The existence of level 2 support and other extensions can be\n"
1688 "checked by the constants:\n\n"
1689 " - :py:data:`HAS_ACL_ENTRY` for level 2 and the Entry/Permset classes\n"
1690 " - :py:data:`HAS_ACL_FROM_MODE` for ``ACL(mode=...)`` usage\n"
1691 " - :py:data:`HAS_ACL_CHECK` for the :py:func:`ACL.check` function\n"
1692 " - :py:data:`HAS_EXTENDED_CHECK` for the module-level\n"
1693 " :py:func:`has_extended` function\n"
1694 " - :py:data:`HAS_EQUIV_MODE` for the :py:func:`ACL.equiv_mode` method\n"
1695 " - :py:data:`HAS_COPY_EXT` for the :py:func:`ACL.__getstate__` and\n"
1696 " :py:func:`ACL.__setstate__` functions (pickle protocol)\n"
1700 ">>> import posix1e\n"
1701 ">>> acl1 = posix1e.ACL(file=\"file.txt\") \n"
1707 ">>> b = posix1e.ACL(text=\"u::rx,g::-,o::-\")\n"
1713 ">>> b.applyto(\"file.txt\")\n"
1714 ">>> print posix1e.ACL(file=\"file.txt\")\n"
1720 ".. py:data:: ACL_USER\n\n"
1721 " Denotes a specific user entry in an ACL.\n"
1723 ".. py:data:: ACL_USER_OBJ\n\n"
1724 " Denotes the user owner entry in an ACL.\n"
1726 ".. py:data:: ACL_GROUP\n\n"
1727 " Denotes the a group entry in an ACL.\n"
1729 ".. py:data:: ACL_GROUP_OBJ\n\n"
1730 " Denotes the group owner entry in an ACL.\n"
1732 ".. py:data:: ACL_OTHER\n\n"
1733 " Denotes the 'others' entry in an ACL.\n"
1735 ".. py:data:: ACL_MASK\n\n"
1736 " Denotes the mask entry in an ACL, representing the maximum\n"
1737 " access granted other users, the owner group and other groups.\n"
1739 ".. py:data:: ACL_UNDEFINED_TAG\n\n"
1740 " An undefined tag in an ACL.\n"
1742 ".. py:data:: ACL_READ\n\n"
1743 " Read permission in a permission set.\n"
1745 ".. py:data:: ACL_WRITE\n\n"
1746 " Write permission in a permission set.\n"
1748 ".. py:data:: ACL_EXECUTE\n\n"
1749 " Execute permission in a permission set.\n"
1751 ".. py:data:: HAS_ACL_ENTRY\n\n"
1752 " denotes support for level 2 and the Entry/Permset classes\n"
1754 ".. py:data:: HAS_ACL_FROM_MODE\n\n"
1755 " denotes support for building an ACL from an octal mode\n"
1757 ".. py:data:: HAS_ACL_CHECK\n\n"
1758 " denotes support for extended checks of an ACL's validity\n"
1760 ".. py:data:: HAS_EXTENDED_CHECK\n\n"
1761 " denotes support for checking whether an ACL is basic or extended\n"
1763 ".. py:data:: HAS_EQUIV_MODE\n\n"
1764 " denotes support for the equiv_mode function\n"
1766 ".. py:data:: HAS_COPY_EXT\n\n"
1767 " denotes support for __getstate__()/__setstate__() on an ACL\n"
1771 static struct PyModuleDef posix1emodule = {
1772 PyModuleDef_HEAD_INIT,
1780 PyInit_posix1e(void)
1784 Py_TYPE(&ACL_Type) = &PyType_Type;
1785 if(PyType_Ready(&ACL_Type) < 0)
1789 Py_TYPE(&Entry_Type) = &PyType_Type;
1790 if(PyType_Ready(&Entry_Type) < 0)
1793 Py_TYPE(&Permset_Type) = &PyType_Type;
1794 if(PyType_Ready(&Permset_Type) < 0)
1798 m = PyModule_Create(&posix1emodule);
1802 d = PyModule_GetDict(m);
1806 Py_INCREF(&ACL_Type);
1807 if (PyDict_SetItemString(d, "ACL",
1808 (PyObject *) &ACL_Type) < 0)
1811 /* 23.3.6 acl_type_t values */
1812 PyModule_AddIntConstant(m, "ACL_TYPE_ACCESS", ACL_TYPE_ACCESS);
1813 PyModule_AddIntConstant(m, "ACL_TYPE_DEFAULT", ACL_TYPE_DEFAULT);
1817 Py_INCREF(&Entry_Type);
1818 if (PyDict_SetItemString(d, "Entry",
1819 (PyObject *) &Entry_Type) < 0)
1822 Py_INCREF(&Permset_Type);
1823 if (PyDict_SetItemString(d, "Permset",
1824 (PyObject *) &Permset_Type) < 0)
1827 /* 23.2.2 acl_perm_t values */
1828 PyModule_AddIntConstant(m, "ACL_READ", ACL_READ);
1829 PyModule_AddIntConstant(m, "ACL_WRITE", ACL_WRITE);
1830 PyModule_AddIntConstant(m, "ACL_EXECUTE", ACL_EXECUTE);
1832 /* 23.2.5 acl_tag_t values */
1833 PyModule_AddIntConstant(m, "ACL_UNDEFINED_TAG", ACL_UNDEFINED_TAG);
1834 PyModule_AddIntConstant(m, "ACL_USER_OBJ", ACL_USER_OBJ);
1835 PyModule_AddIntConstant(m, "ACL_USER", ACL_USER);
1836 PyModule_AddIntConstant(m, "ACL_GROUP_OBJ", ACL_GROUP_OBJ);
1837 PyModule_AddIntConstant(m, "ACL_GROUP", ACL_GROUP);
1838 PyModule_AddIntConstant(m, "ACL_MASK", ACL_MASK);
1839 PyModule_AddIntConstant(m, "ACL_OTHER", ACL_OTHER);
1841 /* Document extended functionality via easy-to-use constants */
1842 PyModule_AddIntConstant(m, "HAS_ACL_ENTRY", 1);
1844 PyModule_AddIntConstant(m, "HAS_ACL_ENTRY", 0);
1848 /* Linux libacl specific acl_to_any_text constants */
1849 PyModule_AddIntConstant(m, "TEXT_ABBREVIATE", TEXT_ABBREVIATE);
1850 PyModule_AddIntConstant(m, "TEXT_NUMERIC_IDS", TEXT_NUMERIC_IDS);
1851 PyModule_AddIntConstant(m, "TEXT_SOME_EFFECTIVE", TEXT_SOME_EFFECTIVE);
1852 PyModule_AddIntConstant(m, "TEXT_ALL_EFFECTIVE", TEXT_ALL_EFFECTIVE);
1853 PyModule_AddIntConstant(m, "TEXT_SMART_INDENT", TEXT_SMART_INDENT);
1855 /* Linux libacl specific acl_check constants */
1856 PyModule_AddIntConstant(m, "ACL_MULTI_ERROR", ACL_MULTI_ERROR);
1857 PyModule_AddIntConstant(m, "ACL_DUPLICATE_ERROR", ACL_DUPLICATE_ERROR);
1858 PyModule_AddIntConstant(m, "ACL_MISS_ERROR", ACL_MISS_ERROR);
1859 PyModule_AddIntConstant(m, "ACL_ENTRY_ERROR", ACL_ENTRY_ERROR);
1861 #define LINUX_EXT_VAL 1
1863 #define LINUX_EXT_VAL 0
1865 /* declare the Linux extensions */
1866 PyModule_AddIntConstant(m, "HAS_ACL_FROM_MODE", LINUX_EXT_VAL);
1867 PyModule_AddIntConstant(m, "HAS_ACL_CHECK", LINUX_EXT_VAL);
1868 PyModule_AddIntConstant(m, "HAS_EXTENDED_CHECK", LINUX_EXT_VAL);
1869 PyModule_AddIntConstant(m, "HAS_EQUIV_MODE", LINUX_EXT_VAL);
1871 PyModule_AddIntConstant(m, "HAS_COPY_EXT",
1872 #ifdef HAVE_ACL_COPY_EXT