2 posix1e - a python module exposing the posix acl functions
4 Copyright (C) 2002-2009, 2012, 2014, 2015 Iustin Pop <iustin@k1024.org>
6 This library is free software; you can redistribute it and/or
7 modify it under the terms of the GNU Lesser General Public
8 License as published by the Free Software Foundation; either
9 version 2.1 of the License, or (at your option) any later version.
11 This library is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 Lesser General Public License for more details.
16 You should have received a copy of the GNU Lesser General Public
17 License along with this library; if not, write to the Free Software
18 Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
23 #define PY_SSIZE_T_CLEAN
26 #include <sys/types.h>
30 #include <acl/libacl.h>
31 #define get_perm acl_get_perm
33 #define get_perm acl_get_perm_np
36 /* Used for cpychecker: */
37 /* The checker automatically defines this preprocessor name when creating
38 the custom attribute: */
39 #if defined(WITH_CPYCHECKER_TYPE_OBJECT_FOR_TYPEDEF_ATTRIBUTE)
40 #define CPYCHECKER_TYPE_OBJECT_FOR_TYPEDEF(typename) \
41 __attribute__((cpychecker_type_object_for_typedef(typename)))
43 /* This handles the case where we're compiling with a "vanilla"
44 compiler that doesn't supply this attribute: */
45 #define CPYCHECKER_TYPE_OBJECT_FOR_TYPEDEF(typename)
48 /* The checker automatically defines this preprocessor name when creating
49 the custom attribute: */
50 #if defined(WITH_CPYCHECKER_NEGATIVE_RESULT_SETS_EXCEPTION_ATTRIBUTE)
51 #define CPYCHECKER_NEGATIVE_RESULT_SETS_EXCEPTION \
52 __attribute__((cpychecker_negative_result_sets_exception))
54 #define CPYCHECKER_NEGATIVE_RESULT_SETS_EXCEPTION
57 static PyTypeObject ACL_Type
58 CPYCHECKER_TYPE_OBJECT_FOR_TYPEDEF("ACL_Object");
59 static PyObject* ACL_applyto(PyObject* obj, PyObject* args);
60 static PyObject* ACL_valid(PyObject* obj, PyObject* args);
62 #ifdef HAVE_ACL_COPY_EXT
63 static PyObject* ACL_get_state(PyObject *obj, PyObject* args);
64 static PyObject* ACL_set_state(PyObject *obj, PyObject* args);
68 static PyTypeObject Entry_Type
69 CPYCHECKER_TYPE_OBJECT_FOR_TYPEDEF("Entry_Object");
70 static PyTypeObject Permset_Type
71 CPYCHECKER_TYPE_OBJECT_FOR_TYPEDEF("Permset_Object");
72 static PyObject* Permset_new(PyTypeObject* type, PyObject* args,
76 static acl_perm_t holder_ACL_EXECUTE = ACL_EXECUTE;
77 static acl_perm_t holder_ACL_READ = ACL_READ;
78 static acl_perm_t holder_ACL_WRITE = ACL_WRITE;
92 PyObject *parent_acl; /* The parent acl, so it won't run out on us */
98 PyObject *parent_entry; /* The parent entry, so it won't run out on us */
99 acl_permset_t permset;
104 /* Creation of a new ACL instance */
105 static PyObject* ACL_new(PyTypeObject* type, PyObject* args,
110 newacl = type->tp_alloc(type, 0);
115 acl = (ACL_Object*) newacl;
117 acl->acl = acl_init(0);
118 if (acl->acl == NULL) {
119 PyErr_SetFromErrno(PyExc_IOError);
124 acl->entry_id = ACL_FIRST_ENTRY;
130 /* Initialization of a new ACL instance */
131 static int ACL_init(PyObject* obj, PyObject* args, PyObject *keywds) {
132 ACL_Object* self = (ACL_Object*) obj;
133 static char *kwlist[] = { "file", "fd", "text", "acl", "filedef",
138 char *format = "|O&OsO!O&"
144 PyObject *file = NULL;
145 PyObject *filedef = NULL;
148 ACL_Object* thesrc = NULL;
150 if(!PyTuple_Check(args) || PyTuple_Size(args) != 0 ||
151 (keywds != NULL && PyDict_Check(keywds) && PyDict_Size(keywds) > 1)) {
152 PyErr_SetString(PyExc_ValueError, "a max of one keyword argument"
156 if(!PyArg_ParseTupleAndKeywords(args, keywds, format, kwlist,
157 PyUnicode_FSConverter, &file,
158 &fd, &text, &ACL_Type, &thesrc,
159 PyUnicode_FSConverter, &filedef
166 /* Free the old acl_t without checking for error, we don't
168 if(self->acl != NULL)
174 fprintf(stderr, "foobar!\n");
175 char *path = PyBytes_AS_STRING(file);
176 self->acl = acl_get_file(path, ACL_TYPE_ACCESS);
178 } else if(text != NULL)
179 self->acl = acl_from_text(text);
180 else if(fd != NULL) {
182 if ((fdval = PyObject_AsFileDescriptor(fd)) != -1) {
183 self->acl = acl_get_fd(fdval);
185 } else if(thesrc != NULL)
186 self->acl = acl_dup(thesrc->acl);
187 else if(filedef != NULL) {
188 char *path = PyBytes_AS_STRING(filedef);
189 self->acl = acl_get_file(path, ACL_TYPE_DEFAULT);
194 self->acl = acl_from_mode(mode);
197 self->acl = acl_init(0);
199 if(self->acl == NULL) {
200 PyErr_SetFromErrno(PyExc_IOError);
207 /* Standard type functions */
208 static void ACL_dealloc(PyObject* obj) {
209 ACL_Object *self = (ACL_Object*) obj;
210 PyObject *err_type, *err_value, *err_traceback;
211 int have_error = PyErr_Occurred() ? 1 : 0;
214 PyErr_Fetch(&err_type, &err_value, &err_traceback);
215 if(self->acl != NULL && acl_free(self->acl) != 0)
216 PyErr_WriteUnraisable(obj);
218 PyErr_Restore(err_type, err_value, err_traceback);
222 /* Converts the acl to a text format */
223 static PyObject* ACL_str(PyObject *obj) {
225 ACL_Object *self = (ACL_Object*) obj;
228 text = acl_to_text(self->acl, NULL);
230 return PyErr_SetFromErrno(PyExc_IOError);
232 ret = PyUnicode_FromString(text);
233 if(acl_free(text) != 0) {
235 return PyErr_SetFromErrno(PyExc_IOError);
241 static char __to_any_text_doc__[] =
242 "to_any_text([prefix='', separator='n', options=0])\n"
243 "Convert the ACL to a custom text format.\n"
245 "This method encapsulates the ``acl_to_any_text()`` function.\n"
246 "It allows a customized text format to be generated for the ACL. See\n"
247 ":manpage:`acl_to_any_text(3)` for more details.\n"
249 ":param string prefix: if given, this string will be pre-pended to\n"
251 ":param string separator: a single character (defaults to '\\n'); this will"
252 " be used to separate the entries in the ACL\n"
253 ":param options: a bitwise combination of:\n\n"
254 " - :py:data:`TEXT_ABBREVIATE`: use 'u' instead of 'user', 'g' \n"
255 " instead of 'group', etc.\n"
256 " - :py:data:`TEXT_NUMERIC_IDS`: User and group IDs are included as\n"
257 " decimal numbers instead of names\n"
258 " - :py:data:`TEXT_SOME_EFFECTIVE`: Include comments denoting the\n"
259 " effective permissions when some are masked\n"
260 " - :py:data:`TEXT_ALL_EFFECTIVE`: Include comments after all ACL\n"
261 " entries affected by an ACL_MASK entry\n"
262 " - :py:data:`TEXT_SMART_INDENT`: Used in combination with the\n"
263 " _EFFECTIVE options, this will ensure that comments are aligned\n"
264 " to the fourth tab position (assuming one tab equals eight spaces)\n"
268 /* Converts the acl to a custom text format */
269 static PyObject* ACL_to_any_text(PyObject *obj, PyObject *args,
272 ACL_Object *self = (ACL_Object*) obj;
274 const char *arg_prefix = NULL;
275 char arg_separator = '\n';
277 static char *kwlist[] = {"prefix", "separator", "options", NULL};
279 if (!PyArg_ParseTupleAndKeywords(args, kwds, "|sci", kwlist, &arg_prefix,
280 &arg_separator, &arg_options))
283 text = acl_to_any_text(self->acl, arg_prefix, arg_separator, arg_options);
285 return PyErr_SetFromErrno(PyExc_IOError);
287 ret = PyBytes_FromString(text);
288 if(acl_free(text) != 0) {
290 return PyErr_SetFromErrno(PyExc_IOError);
295 static char __check_doc__[] =
296 "Check the ACL validity.\n"
298 "This is a non-portable, Linux specific extension that allow more\n"
299 "information to be retrieved in case an ACL is not valid than via the\n"
300 ":py:func:`valid` method.\n"
302 "This method will return either False (the ACL is valid), or a tuple\n"
303 "with two elements. The first element is one of the following\n"
305 " - :py:data:`ACL_MULTI_ERROR`: The ACL contains multiple entries that\n"
306 " have a tag type that may occur at most once\n"
307 " - :py:data:`ACL_DUPLICATE_ERROR`: The ACL contains multiple \n"
308 " :py:data:`ACL_USER` or :py:data:`ACL_GROUP` entries with the\n"
310 " - :py:data:`ACL_MISS_ERROR`: A required entry is missing\n"
311 " - :py:data:`ACL_ENTRY_ERROR`: The ACL contains an invalid entry\n"
314 "The second element of the tuple is the index of the entry that is\n"
315 "invalid (in the same order as by iterating over the ACL entry)\n"
318 /* The acl_check method */
319 static PyObject* ACL_check(PyObject* obj, PyObject* args) {
320 ACL_Object *self = (ACL_Object*) obj;
324 if((result = acl_check(self->acl, &eindex)) == -1)
325 return PyErr_SetFromErrno(PyExc_IOError);
329 return Py_BuildValue("(ii)", result, eindex);
332 /* Implementation of the rich compare for ACLs */
333 static PyObject* ACL_richcompare(PyObject* o1, PyObject* o2, int op) {
334 ACL_Object *acl1, *acl2;
338 if(!PyObject_IsInstance(o2, (PyObject*)&ACL_Type)) {
343 PyErr_SetString(PyExc_TypeError, "can only compare to an ACL");
347 acl1 = (ACL_Object*)o1;
348 acl2 = (ACL_Object*)o2;
349 if((n=acl_cmp(acl1->acl, acl2->acl))==-1)
350 return PyErr_SetFromErrno(PyExc_IOError);
353 ret = n == 0 ? Py_True : Py_False;
356 ret = n == 1 ? Py_True : Py_False;
359 PyErr_SetString(PyExc_TypeError, "ACLs are not orderable");
366 static char __equiv_mode_doc__[] =
367 "Return the octal mode the ACL is equivalent to.\n"
369 "This is a non-portable, Linux specific extension that checks\n"
370 "if the ACL is a basic ACL and returns the corresponding mode.\n"
373 ":raise IOError: An IOerror exception will be raised if the ACL is\n"
374 " an extended ACL.\n"
377 /* The acl_equiv_mode method */
378 static PyObject* ACL_equiv_mode(PyObject* obj, PyObject* args) {
379 ACL_Object *self = (ACL_Object*) obj;
382 if(acl_equiv_mode(self->acl, &mode) == -1)
383 return PyErr_SetFromErrno(PyExc_IOError);
384 return PyLong_FromLong(mode);
389 static char __applyto_doc__[] =
390 "applyto(item[, flag=ACL_TYPE_ACCESS])\n"
391 "Apply the ACL to a file or filehandle.\n"
393 ":param item: either a filename or a file-like object or an integer;\n"
394 " this represents the filesystem object on which to act\n"
395 ":param flag: optional flag representing the type of ACL to set, either\n"
396 " :py:data:`ACL_TYPE_ACCESS` (default) or :py:data:`ACL_TYPE_DEFAULT`\n"
399 /* Applies the ACL to a file */
400 static PyObject* ACL_applyto(PyObject* obj, PyObject* args) {
401 ACL_Object *self = (ACL_Object*) obj;
402 PyObject *target, *tmp;
403 acl_type_t type = ACL_TYPE_ACCESS;
407 if (!PyArg_ParseTuple(args, "O|I", &target, &type))
409 if ((fd = PyObject_AsFileDescriptor(target)) != -1) {
410 if((nret = acl_set_fd(fd, self->acl)) == -1) {
411 PyErr_SetFromErrno(PyExc_IOError);
414 // PyObject_AsFileDescriptor sets an error when failing, so clear
415 // it such that further code works; some method lookups fail if an
416 // error already occured when called, which breaks at least
417 // PyOS_FSPath (called by FSConverter).
419 if(PyUnicode_FSConverter(target, &tmp)) {
420 char *filename = PyBytes_AS_STRING(tmp);
421 if ((nret = acl_set_file(filename, type, self->acl)) == -1) {
422 PyErr_SetFromErrnoWithFilename(PyExc_IOError, filename);
436 static char __valid_doc__[] =
437 "Test the ACL for validity.\n"
439 "This method tests the ACL to see if it is a valid ACL\n"
440 "in terms of the file-system. More precisely, it checks that:\n"
442 "The ACL contains exactly one entry with each of the\n"
443 ":py:data:`ACL_USER_OBJ`, :py:data:`ACL_GROUP_OBJ`, and \n"
444 ":py:data:`ACL_OTHER` tag types. Entries\n"
445 "with :py:data:`ACL_USER` and :py:data:`ACL_GROUP` tag types may\n"
446 "appear zero or more\n"
447 "times in an ACL. An ACL that contains entries of :py:data:`ACL_USER` or\n"
448 ":py:data:`ACL_GROUP` tag types must contain exactly one entry of the \n"
449 ":py:data:`ACL_MASK` tag type. If an ACL contains no entries of\n"
450 ":py:data:`ACL_USER` or :py:data:`ACL_GROUP` tag types, the\n"
451 ":py:data:`ACL_MASK` entry is optional.\n"
453 "All user ID qualifiers must be unique among all entries of\n"
454 "the :py:data:`ACL_USER` tag type, and all group IDs must be unique\n"
455 "among all entries of :py:data:`ACL_GROUP` tag type.\n"
457 "The method will return 1 for a valid ACL and 0 for an invalid one.\n"
458 "This has been chosen because the specification for\n"
459 ":manpage:`acl_valid(3)`\n"
460 "in the POSIX.1e standard documents only one possible value for errno\n"
461 "in case of an invalid ACL, so we can't differentiate between\n"
462 "classes of errors. Other suggestions are welcome.\n"
468 /* Checks the ACL for validity */
469 static PyObject* ACL_valid(PyObject* obj, PyObject* args) {
470 ACL_Object *self = (ACL_Object*) obj;
472 if(acl_valid(self->acl) == -1) {
479 #ifdef HAVE_ACL_COPY_EXT
480 static PyObject* ACL_get_state(PyObject *obj, PyObject* args) {
481 ACL_Object *self = (ACL_Object*) obj;
486 size = acl_size(self->acl);
488 return PyErr_SetFromErrno(PyExc_IOError);
490 if((ret = PyBytes_FromStringAndSize(NULL, size)) == NULL)
492 buf = PyBytes_AsString(ret);
494 if((nsize = acl_copy_ext(buf, self->acl, size)) == -1) {
496 return PyErr_SetFromErrno(PyExc_IOError);
502 static PyObject* ACL_set_state(PyObject *obj, PyObject* args) {
503 ACL_Object *self = (ACL_Object*) obj;
508 /* Parse the argument */
509 if (!PyArg_ParseTuple(args, "y#", &buf, &bufsize))
512 /* Try to import the external representation */
513 if((ptr = acl_copy_int(buf)) == NULL)
514 return PyErr_SetFromErrno(PyExc_IOError);
516 /* Free the old acl. Should we ignore errors here? */
517 if(self->acl != NULL) {
518 if(acl_free(self->acl) == -1)
519 return PyErr_SetFromErrno(PyExc_IOError);
530 /* tp_iter for the ACL type; since it can be iterated only
531 * destructively, the type is its iterator
533 static PyObject* ACL_iter(PyObject *obj) {
534 ACL_Object *self = (ACL_Object*)obj;
535 self->entry_id = ACL_FIRST_ENTRY;
540 /* the tp_iternext function for the ACL type */
541 static PyObject* ACL_iternext(PyObject *obj) {
542 ACL_Object *self = (ACL_Object*)obj;
543 acl_entry_t the_entry_t;
544 Entry_Object *the_entry_obj;
547 nerr = acl_get_entry(self->acl, self->entry_id, &the_entry_t);
548 self->entry_id = ACL_NEXT_ENTRY;
550 return PyErr_SetFromErrno(PyExc_IOError);
552 /* Docs says this is not needed */
553 /*PyErr_SetObject(PyExc_StopIteration, Py_None);*/
557 the_entry_obj = (Entry_Object*) PyType_GenericNew(&Entry_Type, NULL, NULL);
558 if(the_entry_obj == NULL)
561 the_entry_obj->entry = the_entry_t;
563 the_entry_obj->parent_acl = obj;
564 Py_INCREF(obj); /* For the reference we have in entry->parent */
566 return (PyObject*)the_entry_obj;
569 static char __ACL_delete_entry_doc__[] =
570 "delete_entry(entry)\n"
571 "Deletes an entry from the ACL.\n"
573 ".. note:: Only available with level 2.\n"
575 ":param entry: the Entry object which should be deleted; note that after\n"
576 " this function is called, that object is unusable any longer\n"
577 " and should be deleted\n"
580 /* Deletes an entry from the ACL */
581 static PyObject* ACL_delete_entry(PyObject *obj, PyObject *args) {
582 ACL_Object *self = (ACL_Object*)obj;
585 if (!PyArg_ParseTuple(args, "O!", &Entry_Type, &e))
588 if (e->parent_acl != obj) {
589 PyErr_SetString(PyExc_ValueError,
590 "Can't remove un-owned entry");
593 if(acl_delete_entry(self->acl, e->entry) == -1)
594 return PyErr_SetFromErrno(PyExc_IOError);
599 static char __ACL_calc_mask_doc__[] =
600 "Compute the file group class mask.\n"
602 "The calc_mask() method calculates and sets the permissions \n"
603 "associated with the :py:data:`ACL_MASK` Entry of the ACL.\n"
604 "The value of the new permissions is the union of the permissions \n"
605 "granted by all entries of tag type :py:data:`ACL_GROUP`, \n"
606 ":py:data:`ACL_GROUP_OBJ`, or \n"
607 ":py:data:`ACL_USER`. If the ACL already contains an :py:data:`ACL_MASK`\n"
609 "permissions are overwritten; if it does not contain an \n"
610 ":py:data:`ACL_MASK` Entry, one is added.\n"
612 "The order of existing entries in the ACL is undefined after this \n"
616 /* Updates the mask entry in the ACL */
617 static PyObject* ACL_calc_mask(PyObject *obj, PyObject *args) {
618 ACL_Object *self = (ACL_Object*)obj;
620 if(acl_calc_mask(&self->acl) == -1)
621 return PyErr_SetFromErrno(PyExc_IOError);
626 static char __ACL_append_doc__[] =
628 "Append a new Entry to the ACL and return it.\n"
630 "This is a convenience function to create a new Entry \n"
631 "and append it to the ACL.\n"
632 "If a parameter of type Entry instance is given, the \n"
633 "entry will be a copy of that one (as if copied with \n"
634 ":py:func:`Entry.copy`), otherwise, the new entry will be empty.\n"
636 ":rtype: :py:class:`Entry`\n"
637 ":returns: the newly created entry\n"
640 /* Convenience method to create a new Entry */
641 static PyObject* ACL_append(PyObject *obj, PyObject *args) {
642 Entry_Object* newentry;
643 Entry_Object* oldentry = NULL;
646 if (!PyArg_ParseTuple(args, "|O!", &Entry_Type, &oldentry)) {
650 PyObject *new_arglist = Py_BuildValue("(O)", obj);
651 if (new_arglist == NULL) {
654 newentry = (Entry_Object*) PyObject_CallObject((PyObject*)&Entry_Type, new_arglist);
655 Py_DECREF(new_arglist);
656 if(newentry == NULL) {
660 if(oldentry != NULL) {
661 nret = acl_copy_entry(newentry->entry, oldentry->entry);
664 return PyErr_SetFromErrno(PyExc_IOError);
668 return (PyObject*)newentry;
671 /***** Entry type *****/
681 /* Pre-declaring the function is more friendly to cpychecker, sigh. */
682 static int get_tag_qualifier(acl_entry_t entry, tag_qual *tq)
683 CPYCHECKER_NEGATIVE_RESULT_SETS_EXCEPTION;
685 /* Helper function to get the tag and qualifier of an Entry at the
686 same time. This is "needed" because the acl_get_qualifier function
687 returns a pointer to different types, based on the tag value, and
688 thus it's not straightforward to get the right type.
690 It sets a Python exception if an error occurs, and returns -1 in
691 this case. If successful, the tag is set to the tag type, the
692 qualifier (if any) to either the uid or the gid entry in the
693 tag_qual structure, and the return value is 0.
695 static int get_tag_qualifier(acl_entry_t entry, tag_qual *tq) {
698 if(acl_get_tag_type(entry, &tq->tag) == -1) {
699 PyErr_SetFromErrno(PyExc_IOError);
702 if (tq->tag == ACL_USER || tq->tag == ACL_GROUP) {
703 if((p = acl_get_qualifier(entry)) == NULL) {
704 PyErr_SetFromErrno(PyExc_IOError);
707 if (tq->tag == ACL_USER) {
708 tq->uid = *(uid_t*)p;
710 tq->gid = *(gid_t*)p;
717 #define ENTRY_SET_CHECK(self, attr, value) \
718 if (value == NULL) { \
719 PyErr_SetString(PyExc_TypeError, \
720 attr " deletion is not supported"); \
724 /* Creation of a new Entry instance */
725 static PyObject* Entry_new(PyTypeObject* type, PyObject* args,
729 ACL_Object* parent = NULL;
731 if (!PyArg_ParseTuple(args, "O!", &ACL_Type, &parent))
734 newentry = PyType_GenericNew(type, args, keywds);
736 if(newentry == NULL) {
740 entry = (Entry_Object*)newentry;
742 if(acl_create_entry(&parent->acl, &entry->entry) == -1) {
743 PyErr_SetFromErrno(PyExc_IOError);
748 entry->parent_acl = (PyObject*)parent;
752 /* Initialization of a new Entry instance */
753 static int Entry_init(PyObject* obj, PyObject* args, PyObject *keywds) {
754 Entry_Object* self = (Entry_Object*) obj;
755 ACL_Object* parent = NULL;
757 if (!PyArg_ParseTuple(args, "O!", &ACL_Type, &parent))
760 if ((PyObject*)parent != self->parent_acl) {
761 PyErr_SetString(PyExc_ValueError,
762 "Can't reinitialize with a different parent");
768 /* Free the Entry instance */
769 static void Entry_dealloc(PyObject* obj) {
770 Entry_Object *self = (Entry_Object*) obj;
771 PyObject *err_type, *err_value, *err_traceback;
772 int have_error = PyErr_Occurred() ? 1 : 0;
775 PyErr_Fetch(&err_type, &err_value, &err_traceback);
776 if(self->parent_acl != NULL) {
777 Py_DECREF(self->parent_acl);
778 self->parent_acl = NULL;
781 PyErr_Restore(err_type, err_value, err_traceback);
785 /* Converts the entry to a text format */
786 static PyObject* Entry_str(PyObject *obj) {
787 PyObject *format, *kind;
788 Entry_Object *self = (Entry_Object*) obj;
791 if(get_tag_qualifier(self->entry, &tq) < 0) {
795 format = PyUnicode_FromString("ACL entry for ");
799 case ACL_UNDEFINED_TAG:
800 kind = PyUnicode_FromString("undefined type");
803 kind = PyUnicode_FromString("the owner");
806 kind = PyUnicode_FromString("the group");
809 kind = PyUnicode_FromString("the others");
812 /* FIXME: here and in the group case, we're formatting with
813 unsigned, because there's no way to automatically determine
814 the signed-ness of the types; on Linux(glibc) they're
815 unsigned, so we'll go along with that */
816 kind = PyUnicode_FromFormat("user with uid %u", tq.uid);
819 kind = PyUnicode_FromFormat("group with gid %u", tq.gid);
822 kind = PyUnicode_FromString("the mask");
825 kind = PyUnicode_FromString("UNKNOWN_TAG_TYPE!");
832 PyObject *ret = PyUnicode_Concat(format, kind);
838 /* Sets the tag type of the entry */
839 static int Entry_set_tag_type(PyObject* obj, PyObject* value, void* arg) {
840 Entry_Object *self = (Entry_Object*) obj;
842 ENTRY_SET_CHECK(self, "tag type", value);
844 if(!PyLong_Check(value)) {
845 PyErr_SetString(PyExc_TypeError,
846 "tag type must be integer");
849 if(acl_set_tag_type(self->entry, (acl_tag_t)PyLong_AsLong(value)) == -1) {
850 PyErr_SetFromErrno(PyExc_IOError);
857 /* Returns the tag type of the entry */
858 static PyObject* Entry_get_tag_type(PyObject *obj, void* arg) {
859 Entry_Object *self = (Entry_Object*) obj;
862 if(acl_get_tag_type(self->entry, &value) == -1) {
863 PyErr_SetFromErrno(PyExc_IOError);
867 return PyLong_FromLong(value);
870 /* Sets the qualifier (either uid_t or gid_t) for the entry,
871 * usable only if the tag type if ACL_USER or ACL_GROUP
873 static int Entry_set_qualifier(PyObject* obj, PyObject* value, void* arg) {
874 Entry_Object *self = (Entry_Object*) obj;
875 unsigned long uidgid;
881 ENTRY_SET_CHECK(self, "qualifier", value);
883 if(!PyLong_Check(value)) {
884 PyErr_SetString(PyExc_TypeError,
885 "qualifier must be integer");
888 /* This is the negative value check, and larger than long
889 check. If uid_t/gid_t are long-sized, this is enough to check
890 for both over and underflow. */
891 if((uidgid = PyLong_AsUnsignedLong(value)) == (unsigned long) -1) {
892 if(PyErr_Occurred() != NULL) {
896 /* Due to how acl_set_qualifier takes its argument, we have to do
897 this ugly dance with two variables and a pointer that will
898 point to one of them. */
899 if(acl_get_tag_type(self->entry, &tag) == -1) {
900 PyErr_SetFromErrno(PyExc_IOError);
905 /* This is an extra overflow check, in case uid_t/gid_t are
906 int-sized (and int size smaller than long size). */
909 if((unsigned long)uid != uidgid) {
910 PyErr_SetString(PyExc_OverflowError, "Can't assign given qualifier");
917 if((unsigned long)gid != uidgid) {
918 PyErr_SetString(PyExc_OverflowError, "Can't assign given qualifier");
925 PyErr_SetString(PyExc_TypeError,
926 "Can only set qualifiers on ACL_USER or ACL_GROUP entries");
929 if(acl_set_qualifier(self->entry, p) == -1) {
930 PyErr_SetFromErrno(PyExc_IOError);
937 /* Returns the qualifier of the entry */
938 static PyObject* Entry_get_qualifier(PyObject *obj, void* arg) {
939 Entry_Object *self = (Entry_Object*) obj;
943 if (self->entry == NULL) {
944 PyErr_SetString(PyExc_ValueError, "Can't get qualifier on uninitalized Entry object");
947 if(get_tag_qualifier(self->entry, &tq) < 0) {
950 if (tq.tag == ACL_USER) {
952 } else if (tq.tag == ACL_GROUP) {
955 PyErr_SetString(PyExc_TypeError,
956 "Given entry doesn't have an user or"
960 return PyLong_FromUnsignedLong(value);
963 /* Returns the parent ACL of the entry */
964 static PyObject* Entry_get_parent(PyObject *obj, void* arg) {
965 Entry_Object *self = (Entry_Object*) obj;
967 Py_INCREF(self->parent_acl);
968 return self->parent_acl;
971 /* Returns the a new Permset representing the permset of the entry
972 * FIXME: Should return a new reference to the same object, which
973 * should be created at init time!
975 static PyObject* Entry_get_permset(PyObject *obj, void* arg) {
978 PyObject *perm_arglist = Py_BuildValue("(O)", obj);
979 if (perm_arglist == NULL) {
982 p = PyObject_CallObject((PyObject*)&Permset_Type, perm_arglist);
983 Py_DECREF(perm_arglist);
987 /* Sets the permset of the entry to the passed Permset */
988 static int Entry_set_permset(PyObject* obj, PyObject* value, void* arg) {
989 Entry_Object *self = (Entry_Object*)obj;
992 ENTRY_SET_CHECK(self, "permset", value);
994 if(!PyObject_IsInstance(value, (PyObject*)&Permset_Type)) {
995 PyErr_SetString(PyExc_TypeError, "argument 1 must be posix1e.Permset");
998 p = (Permset_Object*)value;
999 if(acl_set_permset(self->entry, p->permset) == -1) {
1000 PyErr_SetFromErrno(PyExc_IOError);
1006 static char __Entry_copy_doc__[] =
1008 "Copies an ACL entry.\n"
1010 "This method sets all the parameters to those of another\n"
1011 "entry (either of the same ACL or belonging to another ACL).\n"
1013 ":param Entry src: instance of type Entry\n"
1016 /* Sets all the entry parameters to another entry */
1017 static PyObject* Entry_copy(PyObject *obj, PyObject *args) {
1018 Entry_Object *self = (Entry_Object*)obj;
1019 Entry_Object *other;
1021 if(!PyArg_ParseTuple(args, "O!", &Entry_Type, &other))
1024 if(acl_copy_entry(self->entry, other->entry) == -1)
1025 return PyErr_SetFromErrno(PyExc_IOError);
1030 /**** Permset type *****/
1032 /* Creation of a new Permset instance */
1033 static PyObject* Permset_new(PyTypeObject* type, PyObject* args,
1035 PyObject* newpermset;
1036 Permset_Object* permset;
1037 Entry_Object* parent = NULL;
1039 if (!PyArg_ParseTuple(args, "O!", &Entry_Type, &parent)) {
1043 newpermset = PyType_GenericNew(type, args, keywds);
1045 if(newpermset == NULL) {
1049 permset = (Permset_Object*)newpermset;
1051 if(acl_get_permset(parent->entry, &permset->permset) == -1) {
1052 PyErr_SetFromErrno(PyExc_IOError);
1053 Py_DECREF(newpermset);
1057 permset->parent_entry = (PyObject*)parent;
1063 /* Initialization of a new Permset instance */
1064 static int Permset_init(PyObject* obj, PyObject* args, PyObject *keywds) {
1065 Permset_Object* self = (Permset_Object*) obj;
1066 Entry_Object* parent = NULL;
1068 if (!PyArg_ParseTuple(args, "O!", &Entry_Type, &parent))
1071 if ((PyObject*)parent != self->parent_entry) {
1072 PyErr_SetString(PyExc_ValueError,
1073 "Can't reinitialize with a different parent");
1080 /* Free the Permset instance */
1081 static void Permset_dealloc(PyObject* obj) {
1082 Permset_Object *self = (Permset_Object*) obj;
1083 PyObject *err_type, *err_value, *err_traceback;
1084 int have_error = PyErr_Occurred() ? 1 : 0;
1087 PyErr_Fetch(&err_type, &err_value, &err_traceback);
1088 if(self->parent_entry != NULL) {
1089 Py_DECREF(self->parent_entry);
1090 self->parent_entry = NULL;
1093 PyErr_Restore(err_type, err_value, err_traceback);
1097 /* Permset string representation */
1098 static PyObject* Permset_str(PyObject *obj) {
1099 Permset_Object *self = (Permset_Object*) obj;
1102 pstr[0] = get_perm(self->permset, ACL_READ) ? 'r' : '-';
1103 pstr[1] = get_perm(self->permset, ACL_WRITE) ? 'w' : '-';
1104 pstr[2] = get_perm(self->permset, ACL_EXECUTE) ? 'x' : '-';
1105 return PyUnicode_FromStringAndSize(pstr, 3);
1108 static char __Permset_clear_doc__[] =
1109 "Clears all permissions from the permission set.\n"
1112 /* Clears all permissions from the permset */
1113 static PyObject* Permset_clear(PyObject* obj, PyObject* args) {
1114 Permset_Object *self = (Permset_Object*) obj;
1116 if(acl_clear_perms(self->permset) == -1)
1117 return PyErr_SetFromErrno(PyExc_IOError);
1122 static PyObject* Permset_get_right(PyObject *obj, void* arg) {
1123 Permset_Object *self = (Permset_Object*) obj;
1125 if(get_perm(self->permset, *(acl_perm_t*)arg)) {
1132 static int Permset_set_right(PyObject* obj, PyObject* value, void* arg) {
1133 Permset_Object *self = (Permset_Object*) obj;
1137 if(!PyLong_Check(value)) {
1138 PyErr_SetString(PyExc_ValueError, "invalid argument, an integer"
1142 on = PyLong_AsLong(value);
1144 nerr = acl_add_perm(self->permset, *(acl_perm_t*)arg);
1146 nerr = acl_delete_perm(self->permset, *(acl_perm_t*)arg);
1148 PyErr_SetFromErrno(PyExc_IOError);
1154 static char __Permset_add_doc__[] =
1156 "Add a permission to the permission set.\n"
1158 "This function adds the permission contained in \n"
1159 "the argument perm to the permission set. An attempt \n"
1160 "to add a permission that is already contained in the \n"
1161 "permission set is not considered an error.\n"
1163 ":param perm: a permission (:py:data:`ACL_WRITE`, :py:data:`ACL_READ`,\n"
1164 " :py:data:`ACL_EXECUTE`, ...)\n"
1165 ":raises IOError: in case the argument is not a valid descriptor\n"
1168 static PyObject* Permset_add(PyObject* obj, PyObject* args) {
1169 Permset_Object *self = (Permset_Object*) obj;
1172 if (!PyArg_ParseTuple(args, "i", &right))
1175 if(acl_add_perm(self->permset, (acl_perm_t) right) == -1)
1176 return PyErr_SetFromErrno(PyExc_IOError);
1181 static char __Permset_delete_doc__[] =
1183 "Delete a permission from the permission set.\n"
1185 "This function deletes the permission contained in \n"
1186 "the argument perm from the permission set. An attempt \n"
1187 "to delete a permission that is not contained in the \n"
1188 "permission set is not considered an error.\n"
1190 ":param perm: a permission (:py:data:`ACL_WRITE`, :py:data:`ACL_READ`,\n"
1191 " :py:data:`ACL_EXECUTE`, ...)\n"
1192 ":raises IOError: in case the argument is not a valid descriptor\n"
1195 static PyObject* Permset_delete(PyObject* obj, PyObject* args) {
1196 Permset_Object *self = (Permset_Object*) obj;
1199 if (!PyArg_ParseTuple(args, "i", &right))
1202 if(acl_delete_perm(self->permset, (acl_perm_t) right) == -1)
1203 return PyErr_SetFromErrno(PyExc_IOError);
1208 static char __Permset_test_doc__[] =
1210 "Test if a permission exists in the permission set.\n"
1212 "The test() function tests if the permission represented by\n"
1213 "the argument perm exists in the permission set.\n"
1215 ":param perm: a permission (:py:data:`ACL_WRITE`, :py:data:`ACL_READ`,\n"
1216 " :py:data:`ACL_EXECUTE`, ...)\n"
1218 ":raises IOError: in case the argument is not a valid descriptor\n"
1221 static PyObject* Permset_test(PyObject* obj, PyObject* args) {
1222 Permset_Object *self = (Permset_Object*) obj;
1226 if (!PyArg_ParseTuple(args, "i", &right))
1229 ret = get_perm(self->permset, (acl_perm_t) right);
1231 return PyErr_SetFromErrno(PyExc_IOError);
1242 static char __ACL_Type_doc__[] =
1243 "Type which represents a POSIX ACL\n"
1245 ".. note:: only one keyword parameter should be provided\n"
1247 ":param string/bytes/path-like file: creates an ACL representing\n"
1248 " the access ACL of the specified file or directory.\n"
1249 ":param string/bytes/path-like filedef: creates an ACL representing\n"
1250 " the default ACL of the given directory.\n"
1251 ":param int/iostream fd: creates an ACL representing\n"
1252 " the access ACL of the given file descriptor.\n"
1253 ":param string text: creates an ACL from a \n"
1254 " textual description; note the ACL must be valid, which\n"
1255 " means including a mask for extended ACLs, similar to\n"
1256 " ``setfacl --no-mask``\n"
1257 ":param ACL acl: creates a copy of an existing ACL instance.\n"
1258 ":param int mode: creates an ACL from a numeric mode\n"
1259 " (e.g. ``mode=0644``); this is valid only when the C library\n"
1260 " provides the ``acl_from_mode call``, and\n"
1261 " note that no validation is done on the given value.\n"
1263 "If no parameters are passed, an empty ACL will be created; this\n"
1264 "makes sense only when your OS supports ACL modification\n"
1265 "(i.e. it implements full POSIX.1e support), otherwise the ACL won't\n"
1269 /* ACL type methods */
1270 static PyMethodDef ACL_methods[] = {
1271 {"applyto", ACL_applyto, METH_VARARGS, __applyto_doc__},
1272 {"valid", ACL_valid, METH_NOARGS, __valid_doc__},
1274 {"to_any_text", (PyCFunction)ACL_to_any_text, METH_VARARGS | METH_KEYWORDS,
1275 __to_any_text_doc__},
1276 {"check", ACL_check, METH_NOARGS, __check_doc__},
1277 {"equiv_mode", ACL_equiv_mode, METH_NOARGS, __equiv_mode_doc__},
1279 #ifdef HAVE_ACL_COPY_EXT
1280 {"__getstate__", ACL_get_state, METH_NOARGS,
1281 "Dumps the ACL to an external format."},
1282 {"__setstate__", ACL_set_state, METH_VARARGS,
1283 "Loads the ACL from an external format."},
1286 {"delete_entry", ACL_delete_entry, METH_VARARGS, __ACL_delete_entry_doc__},
1287 {"calc_mask", ACL_calc_mask, METH_NOARGS, __ACL_calc_mask_doc__},
1288 {"append", ACL_append, METH_VARARGS, __ACL_append_doc__},
1290 {NULL, NULL, 0, NULL}
1294 /* The definition of the ACL Type */
1295 static PyTypeObject ACL_Type = {
1296 PyVarObject_HEAD_INIT(NULL, 0)
1300 ACL_dealloc, /* tp_dealloc */
1304 0, /* formerly tp_compare, in 3.0 deprecated, in
1307 0, /* tp_as_number */
1308 0, /* tp_as_sequence */
1309 0, /* tp_as_mapping */
1312 ACL_str, /* tp_str */
1313 0, /* tp_getattro */
1314 0, /* tp_setattro */
1315 0, /* tp_as_buffer */
1316 Py_TPFLAGS_DEFAULT, /* tp_flags */
1317 __ACL_Type_doc__, /* tp_doc */
1318 0, /* tp_traverse */
1321 ACL_richcompare, /* tp_richcompare */
1323 0, /* tp_richcompare */
1325 0, /* tp_weaklistoffset */
1331 0, /* tp_iternext */
1333 ACL_methods, /* tp_methods */
1338 0, /* tp_descr_get */
1339 0, /* tp_descr_set */
1340 0, /* tp_dictoffset */
1341 ACL_init, /* tp_init */
1343 ACL_new, /* tp_new */
1348 /* Entry type methods */
1349 static PyMethodDef Entry_methods[] = {
1350 {"copy", Entry_copy, METH_VARARGS, __Entry_copy_doc__},
1351 {NULL, NULL, 0, NULL}
1354 static char __Entry_tagtype_doc__[] =
1355 "The tag type of the current entry\n"
1358 " - :py:data:`ACL_UNDEFINED_TAG`\n"
1359 " - :py:data:`ACL_USER_OBJ`\n"
1360 " - :py:data:`ACL_USER`\n"
1361 " - :py:data:`ACL_GROUP_OBJ`\n"
1362 " - :py:data:`ACL_GROUP`\n"
1363 " - :py:data:`ACL_MASK`\n"
1364 " - :py:data:`ACL_OTHER`\n"
1367 static char __Entry_qualifier_doc__[] =
1368 "The qualifier of the current entry\n"
1370 "If the tag type is :py:data:`ACL_USER`, this should be a user id.\n"
1371 "If the tag type if :py:data:`ACL_GROUP`, this should be a group id.\n"
1372 "Else it doesn't matter.\n"
1375 static char __Entry_parent_doc__[] =
1376 "The parent ACL of this entry\n"
1379 static char __Entry_permset_doc__[] =
1380 "The permission set of this ACL entry\n"
1384 static PyGetSetDef Entry_getsets[] = {
1385 {"tag_type", Entry_get_tag_type, Entry_set_tag_type,
1386 __Entry_tagtype_doc__},
1387 {"qualifier", Entry_get_qualifier, Entry_set_qualifier,
1388 __Entry_qualifier_doc__},
1389 {"parent", Entry_get_parent, NULL, __Entry_parent_doc__},
1390 {"permset", Entry_get_permset, Entry_set_permset, __Entry_permset_doc__},
1394 static char __Entry_Type_doc__[] =
1395 "Type which represents an entry in an ACL.\n"
1397 "The type exists only if the OS has full support for POSIX.1e\n"
1398 "Can be created either by:\n"
1400 " >>> e = posix1e.Entry(myACL) # this creates a new entry in the ACL\n"
1401 " >>> e = myACL.append() # another way for doing the same thing\n"
1405 " >>> for entry in myACL:\n"
1406 " ... print entry\n"
1408 "Note that the Entry keeps a reference to its ACL, so even if \n"
1409 "you delete the ACL, it won't be cleaned up and will continue to \n"
1410 "exist until its Entry(ies) will be deleted.\n"
1412 /* The definition of the Entry Type */
1413 static PyTypeObject Entry_Type = {
1414 PyVarObject_HEAD_INIT(NULL, 0)
1416 sizeof(Entry_Object),
1418 Entry_dealloc, /* tp_dealloc */
1424 0, /* tp_as_number */
1425 0, /* tp_as_sequence */
1426 0, /* tp_as_mapping */
1429 Entry_str, /* tp_str */
1430 0, /* tp_getattro */
1431 0, /* tp_setattro */
1432 0, /* tp_as_buffer */
1433 Py_TPFLAGS_DEFAULT, /* tp_flags */
1434 __Entry_Type_doc__, /* tp_doc */
1435 0, /* tp_traverse */
1437 0, /* tp_richcompare */
1438 0, /* tp_weaklistoffset */
1440 0, /* tp_iternext */
1441 Entry_methods, /* tp_methods */
1443 Entry_getsets, /* tp_getset */
1446 0, /* tp_descr_get */
1447 0, /* tp_descr_set */
1448 0, /* tp_dictoffset */
1449 Entry_init, /* tp_init */
1451 Entry_new, /* tp_new */
1454 /* Permset type methods */
1455 static PyMethodDef Permset_methods[] = {
1456 {"clear", Permset_clear, METH_NOARGS, __Permset_clear_doc__, },
1457 {"add", Permset_add, METH_VARARGS, __Permset_add_doc__, },
1458 {"delete", Permset_delete, METH_VARARGS, __Permset_delete_doc__, },
1459 {"test", Permset_test, METH_VARARGS, __Permset_test_doc__, },
1460 {NULL, NULL, 0, NULL}
1463 static char __Permset_execute_doc__[] =
1464 "Execute permission property\n"
1466 "This is a convenience method of retrieving and setting the execute\n"
1467 "permission in the permission set; the \n"
1468 "same effect can be achieved using the functions\n"
1469 "add(), test(), delete(), and those can take any \n"
1470 "permission defined by your platform.\n"
1473 static char __Permset_read_doc__[] =
1474 "Read permission property\n"
1476 "This is a convenience method of retrieving and setting the read\n"
1477 "permission in the permission set; the \n"
1478 "same effect can be achieved using the functions\n"
1479 "add(), test(), delete(), and those can take any \n"
1480 "permission defined by your platform.\n"
1483 static char __Permset_write_doc__[] =
1484 "Write permission property\n"
1486 "This is a convenience method of retrieving and setting the write\n"
1487 "permission in the permission set; the \n"
1488 "same effect can be achieved using the functions\n"
1489 "add(), test(), delete(), and those can take any \n"
1490 "permission defined by your platform.\n"
1493 /* Permset getset */
1494 static PyGetSetDef Permset_getsets[] = {
1495 {"execute", Permset_get_right, Permset_set_right,
1496 __Permset_execute_doc__, &holder_ACL_EXECUTE},
1497 {"read", Permset_get_right, Permset_set_right,
1498 __Permset_read_doc__, &holder_ACL_READ},
1499 {"write", Permset_get_right, Permset_set_right,
1500 __Permset_write_doc__, &holder_ACL_WRITE},
1504 static char __Permset_Type_doc__[] =
1505 "Type which represents the permission set in an ACL entry\n"
1507 "The type exists only if the OS has full support for POSIX.1e\n"
1508 "Can be retrieved either by:\n\n"
1509 ">>> perms = myEntry.permset\n"
1512 ">>> perms = posix1e.Permset(myEntry)\n"
1514 "Note that the Permset keeps a reference to its Entry, so even if \n"
1515 "you delete the entry, it won't be cleaned up and will continue to \n"
1516 "exist until its Permset will be deleted.\n"
1519 /* The definition of the Permset Type */
1520 static PyTypeObject Permset_Type = {
1521 PyVarObject_HEAD_INIT(NULL, 0)
1523 sizeof(Permset_Object),
1525 Permset_dealloc, /* tp_dealloc */
1531 0, /* tp_as_number */
1532 0, /* tp_as_sequence */
1533 0, /* tp_as_mapping */
1536 Permset_str, /* tp_str */
1537 0, /* tp_getattro */
1538 0, /* tp_setattro */
1539 0, /* tp_as_buffer */
1540 Py_TPFLAGS_DEFAULT, /* tp_flags */
1541 __Permset_Type_doc__,/* tp_doc */
1542 0, /* tp_traverse */
1544 0, /* tp_richcompare */
1545 0, /* tp_weaklistoffset */
1547 0, /* tp_iternext */
1548 Permset_methods, /* tp_methods */
1550 Permset_getsets, /* tp_getset */
1553 0, /* tp_descr_get */
1554 0, /* tp_descr_set */
1555 0, /* tp_dictoffset */
1556 Permset_init, /* tp_init */
1558 Permset_new, /* tp_new */
1563 /* Module methods */
1565 static char __deletedef_doc__[] =
1566 "delete_default(path)\n"
1567 "Delete the default ACL from a directory.\n"
1569 "This function deletes the default ACL associated with\n"
1570 "a directory (the ACL which will be ANDed with the mode\n"
1571 "parameter to the open, creat functions).\n"
1573 ":param string path: the directory whose default ACL should be deleted\n"
1576 /* Deletes the default ACL from a directory */
1577 static PyObject* aclmodule_delete_default(PyObject* obj, PyObject* args) {
1580 /* Parse the arguments */
1581 if (!PyArg_ParseTuple(args, "et", NULL, &filename))
1584 if(acl_delete_def_file(filename) == -1) {
1585 return PyErr_SetFromErrnoWithFilename(PyExc_IOError, filename);
1592 static char __has_extended_doc__[] =
1593 "has_extended(item)\n"
1594 "Check if a file or file handle has an extended ACL.\n"
1596 ":param item: either a file name or a file-like object or an integer;\n"
1597 " it represents the file-system object on which to act\n"
1600 /* Check for extended ACL a file or fd */
1601 static PyObject* aclmodule_has_extended(PyObject* obj, PyObject* args) {
1602 PyObject *item, *tmp;
1606 if (!PyArg_ParseTuple(args, "O", &item))
1609 if((fd = PyObject_AsFileDescriptor(item)) != -1) {
1610 if((nret = acl_extended_fd(fd)) == -1) {
1611 PyErr_SetFromErrno(PyExc_IOError);
1614 // PyObject_AsFileDescriptor sets an error when failing, so clear
1615 // it such that further code works; some method lookups fail if an
1616 // error already occured when called, which breaks at least
1617 // PyOS_FSPath (called by FSConverter).
1619 if(PyUnicode_FSConverter(item, &tmp)) {
1620 char *filename = PyBytes_AS_STRING(tmp);
1621 if ((nret = acl_extended_file(filename)) == -1) {
1622 PyErr_SetFromErrnoWithFilename(PyExc_IOError, filename);
1633 return PyBool_FromLong(nret);
1638 /* The module methods */
1639 static PyMethodDef aclmodule_methods[] = {
1640 {"delete_default", aclmodule_delete_default, METH_VARARGS,
1643 {"has_extended", aclmodule_has_extended, METH_VARARGS,
1644 __has_extended_doc__},
1646 {NULL, NULL, 0, NULL}
1649 static char __posix1e_doc__[] =
1650 "POSIX.1e ACLs manipulation\n"
1651 "==========================\n"
1653 "This module provides support for manipulating POSIX.1e ACLS\n"
1655 "Depending on the operating system support for POSIX.1e, \n"
1656 "the ACL type will have more or less capabilities:\n\n"
1657 " - level 1, only basic support, you can create\n"
1658 " ACLs from files and text descriptions;\n"
1659 " once created, the type is immutable\n"
1660 " - level 2, complete support, you can alter\n"
1661 " the ACL once it is created\n"
1663 "Also, in level 2, more types are available, corresponding\n"
1664 "to acl_entry_t (the Entry type), acl_permset_t (the Permset type).\n"
1666 "The existence of level 2 support and other extensions can be\n"
1667 "checked by the constants:\n\n"
1668 " - :py:data:`HAS_ACL_ENTRY` for level 2 and the Entry/Permset classes\n"
1669 " - :py:data:`HAS_ACL_FROM_MODE` for ``ACL(mode=...)`` usage\n"
1670 " - :py:data:`HAS_ACL_CHECK` for the :py:func:`ACL.check` function\n"
1671 " - :py:data:`HAS_EXTENDED_CHECK` for the module-level\n"
1672 " :py:func:`has_extended` function\n"
1673 " - :py:data:`HAS_EQUIV_MODE` for the :py:func:`ACL.equiv_mode` method\n"
1674 " - :py:data:`HAS_COPY_EXT` for the :py:func:`ACL.__getstate__` and\n"
1675 " :py:func:`ACL.__setstate__` functions (pickle protocol)\n"
1679 ">>> import posix1e\n"
1680 ">>> acl1 = posix1e.ACL(file=\"file.txt\") \n"
1686 ">>> b = posix1e.ACL(text=\"u::rx,g::-,o::-\")\n"
1692 ">>> b.applyto(\"file.txt\")\n"
1693 ">>> print posix1e.ACL(file=\"file.txt\")\n"
1699 ".. py:data:: ACL_USER\n\n"
1700 " Denotes a specific user entry in an ACL.\n"
1702 ".. py:data:: ACL_USER_OBJ\n\n"
1703 " Denotes the user owner entry in an ACL.\n"
1705 ".. py:data:: ACL_GROUP\n\n"
1706 " Denotes the a group entry in an ACL.\n"
1708 ".. py:data:: ACL_GROUP_OBJ\n\n"
1709 " Denotes the group owner entry in an ACL.\n"
1711 ".. py:data:: ACL_OTHER\n\n"
1712 " Denotes the 'others' entry in an ACL.\n"
1714 ".. py:data:: ACL_MASK\n\n"
1715 " Denotes the mask entry in an ACL, representing the maximum\n"
1716 " access granted other users, the owner group and other groups.\n"
1718 ".. py:data:: ACL_UNDEFINED_TAG\n\n"
1719 " An undefined tag in an ACL.\n"
1721 ".. py:data:: ACL_READ\n\n"
1722 " Read permission in a permission set.\n"
1724 ".. py:data:: ACL_WRITE\n\n"
1725 " Write permission in a permission set.\n"
1727 ".. py:data:: ACL_EXECUTE\n\n"
1728 " Execute permission in a permission set.\n"
1730 ".. py:data:: HAS_ACL_ENTRY\n\n"
1731 " denotes support for level 2 and the Entry/Permset classes\n"
1733 ".. py:data:: HAS_ACL_FROM_MODE\n\n"
1734 " denotes support for building an ACL from an octal mode\n"
1736 ".. py:data:: HAS_ACL_CHECK\n\n"
1737 " denotes support for extended checks of an ACL's validity\n"
1739 ".. py:data:: HAS_EXTENDED_CHECK\n\n"
1740 " denotes support for checking whether an ACL is basic or extended\n"
1742 ".. py:data:: HAS_EQUIV_MODE\n\n"
1743 " denotes support for the equiv_mode function\n"
1745 ".. py:data:: HAS_COPY_EXT\n\n"
1746 " denotes support for __getstate__()/__setstate__() on an ACL\n"
1750 static struct PyModuleDef posix1emodule = {
1751 PyModuleDef_HEAD_INIT,
1759 PyInit_posix1e(void)
1763 Py_TYPE(&ACL_Type) = &PyType_Type;
1764 if(PyType_Ready(&ACL_Type) < 0)
1768 Py_TYPE(&Entry_Type) = &PyType_Type;
1769 if(PyType_Ready(&Entry_Type) < 0)
1772 Py_TYPE(&Permset_Type) = &PyType_Type;
1773 if(PyType_Ready(&Permset_Type) < 0)
1777 m = PyModule_Create(&posix1emodule);
1781 d = PyModule_GetDict(m);
1785 Py_INCREF(&ACL_Type);
1786 if (PyDict_SetItemString(d, "ACL",
1787 (PyObject *) &ACL_Type) < 0)
1790 /* 23.3.6 acl_type_t values */
1791 PyModule_AddIntConstant(m, "ACL_TYPE_ACCESS", ACL_TYPE_ACCESS);
1792 PyModule_AddIntConstant(m, "ACL_TYPE_DEFAULT", ACL_TYPE_DEFAULT);
1796 Py_INCREF(&Entry_Type);
1797 if (PyDict_SetItemString(d, "Entry",
1798 (PyObject *) &Entry_Type) < 0)
1801 Py_INCREF(&Permset_Type);
1802 if (PyDict_SetItemString(d, "Permset",
1803 (PyObject *) &Permset_Type) < 0)
1806 /* 23.2.2 acl_perm_t values */
1807 PyModule_AddIntConstant(m, "ACL_READ", ACL_READ);
1808 PyModule_AddIntConstant(m, "ACL_WRITE", ACL_WRITE);
1809 PyModule_AddIntConstant(m, "ACL_EXECUTE", ACL_EXECUTE);
1811 /* 23.2.5 acl_tag_t values */
1812 PyModule_AddIntConstant(m, "ACL_UNDEFINED_TAG", ACL_UNDEFINED_TAG);
1813 PyModule_AddIntConstant(m, "ACL_USER_OBJ", ACL_USER_OBJ);
1814 PyModule_AddIntConstant(m, "ACL_USER", ACL_USER);
1815 PyModule_AddIntConstant(m, "ACL_GROUP_OBJ", ACL_GROUP_OBJ);
1816 PyModule_AddIntConstant(m, "ACL_GROUP", ACL_GROUP);
1817 PyModule_AddIntConstant(m, "ACL_MASK", ACL_MASK);
1818 PyModule_AddIntConstant(m, "ACL_OTHER", ACL_OTHER);
1820 /* Document extended functionality via easy-to-use constants */
1821 PyModule_AddIntConstant(m, "HAS_ACL_ENTRY", 1);
1823 PyModule_AddIntConstant(m, "HAS_ACL_ENTRY", 0);
1827 /* Linux libacl specific acl_to_any_text constants */
1828 PyModule_AddIntConstant(m, "TEXT_ABBREVIATE", TEXT_ABBREVIATE);
1829 PyModule_AddIntConstant(m, "TEXT_NUMERIC_IDS", TEXT_NUMERIC_IDS);
1830 PyModule_AddIntConstant(m, "TEXT_SOME_EFFECTIVE", TEXT_SOME_EFFECTIVE);
1831 PyModule_AddIntConstant(m, "TEXT_ALL_EFFECTIVE", TEXT_ALL_EFFECTIVE);
1832 PyModule_AddIntConstant(m, "TEXT_SMART_INDENT", TEXT_SMART_INDENT);
1834 /* Linux libacl specific acl_check constants */
1835 PyModule_AddIntConstant(m, "ACL_MULTI_ERROR", ACL_MULTI_ERROR);
1836 PyModule_AddIntConstant(m, "ACL_DUPLICATE_ERROR", ACL_DUPLICATE_ERROR);
1837 PyModule_AddIntConstant(m, "ACL_MISS_ERROR", ACL_MISS_ERROR);
1838 PyModule_AddIntConstant(m, "ACL_ENTRY_ERROR", ACL_ENTRY_ERROR);
1840 #define LINUX_EXT_VAL 1
1842 #define LINUX_EXT_VAL 0
1844 /* declare the Linux extensions */
1845 PyModule_AddIntConstant(m, "HAS_ACL_FROM_MODE", LINUX_EXT_VAL);
1846 PyModule_AddIntConstant(m, "HAS_ACL_CHECK", LINUX_EXT_VAL);
1847 PyModule_AddIntConstant(m, "HAS_EXTENDED_CHECK", LINUX_EXT_VAL);
1848 PyModule_AddIntConstant(m, "HAS_EQUIV_MODE", LINUX_EXT_VAL);
1850 PyModule_AddIntConstant(m, "HAS_COPY_EXT",
1851 #ifdef HAVE_ACL_COPY_EXT