2014-04-13 18:26:46 +00:00
|
|
|
import os
|
2014-04-13 21:41:04 +00:00
|
|
|
import re
|
2014-08-01 13:50:18 +00:00
|
|
|
from stat import S_ISLNK
|
2014-04-27 12:17:09 +00:00
|
|
|
from attic.helpers import posix_acl_use_stored_uid_gid, user2uid, group2gid
|
2014-04-13 18:26:46 +00:00
|
|
|
|
2014-08-01 13:50:18 +00:00
|
|
|
API_VERSION = 2
|
2014-04-13 18:26:46 +00:00
|
|
|
|
|
|
|
cdef extern from "sys/types.h":
|
|
|
|
int ACL_TYPE_ACCESS
|
|
|
|
int ACL_TYPE_DEFAULT
|
|
|
|
|
|
|
|
cdef extern from "sys/acl.h":
|
|
|
|
ctypedef struct _acl_t:
|
|
|
|
pass
|
|
|
|
ctypedef _acl_t *acl_t
|
|
|
|
|
|
|
|
int acl_free(void *obj)
|
|
|
|
acl_t acl_get_file(const char *path, int type)
|
|
|
|
acl_t acl_set_file(const char *path, int type, acl_t acl)
|
|
|
|
acl_t acl_from_text(const char *buf)
|
|
|
|
char *acl_to_text(acl_t acl, ssize_t *len)
|
|
|
|
|
|
|
|
cdef extern from "acl/libacl.h":
|
2014-08-01 13:50:18 +00:00
|
|
|
int acl_extended_file(const char *path)
|
2014-04-13 18:26:46 +00:00
|
|
|
|
|
|
|
|
2014-04-13 21:41:04 +00:00
|
|
|
_comment_re = re.compile(' *#.*', re.M)
|
|
|
|
|
2014-04-27 12:17:09 +00:00
|
|
|
|
2014-04-27 12:29:03 +00:00
|
|
|
def acl_use_local_uid_gid(acl):
|
2014-04-27 12:17:09 +00:00
|
|
|
"""Replace the user/group field with the local uid/gid if possible
|
|
|
|
"""
|
|
|
|
entries = []
|
|
|
|
for entry in acl.decode('ascii').split('\n'):
|
|
|
|
if entry:
|
|
|
|
fields = entry.split(':')
|
|
|
|
if fields[0] == 'user' and fields[1]:
|
|
|
|
fields[1] = user2uid(fields[1], fields[3])
|
|
|
|
elif fields[0] == 'group' and fields[1]:
|
|
|
|
fields[1] = group2gid(fields[1], fields[3])
|
|
|
|
entries.append(':'.join(entry.split(':')[:3]))
|
|
|
|
return ('\n'.join(entries)).encode('ascii')
|
|
|
|
|
|
|
|
|
|
|
|
cdef acl_append_numeric_ids(acl):
|
2014-04-13 18:26:46 +00:00
|
|
|
"""Extend the "POSIX 1003.1e draft standard 17" format with an additional uid/gid field
|
|
|
|
"""
|
|
|
|
entries = []
|
2014-04-13 21:41:04 +00:00
|
|
|
for entry in _comment_re.sub('', acl.decode('ascii')).split('\n'):
|
2014-04-13 18:26:46 +00:00
|
|
|
if entry:
|
|
|
|
type, name, permission = entry.split(':')
|
|
|
|
if name and type == 'user':
|
|
|
|
entries.append(':'.join([type, name, permission, str(user2uid(name, name))]))
|
|
|
|
elif name and type == 'group':
|
|
|
|
entries.append(':'.join([type, name, permission, str(group2gid(name, name))]))
|
|
|
|
else:
|
|
|
|
entries.append(entry)
|
|
|
|
return ('\n'.join(entries)).encode('ascii')
|
|
|
|
|
|
|
|
|
2014-04-27 12:17:09 +00:00
|
|
|
cdef acl_numeric_ids(acl):
|
2014-04-13 18:26:46 +00:00
|
|
|
"""Replace the "POSIX 1003.1e draft standard 17" user/group field with uid/gid
|
|
|
|
"""
|
|
|
|
entries = []
|
2014-04-13 21:41:04 +00:00
|
|
|
for entry in _comment_re.sub('', acl.decode('ascii')).split('\n'):
|
2014-04-13 18:26:46 +00:00
|
|
|
if entry:
|
|
|
|
type, name, permission = entry.split(':')
|
|
|
|
if name and type == 'user':
|
2014-04-29 20:29:26 +00:00
|
|
|
uid = str(user2uid(name, name))
|
|
|
|
entries.append(':'.join([type, uid, permission, uid]))
|
2014-04-13 18:26:46 +00:00
|
|
|
elif name and type == 'group':
|
2014-04-29 20:29:26 +00:00
|
|
|
gid = str(group2gid(name, name))
|
|
|
|
entries.append(':'.join([type, gid, permission, gid]))
|
2014-04-13 18:26:46 +00:00
|
|
|
else:
|
|
|
|
entries.append(entry)
|
|
|
|
return ('\n'.join(entries)).encode('ascii')
|
|
|
|
|
|
|
|
|
2014-08-01 13:50:18 +00:00
|
|
|
def acl_get(path, item, st, numeric_owner=False):
|
2014-04-13 18:26:46 +00:00
|
|
|
"""Saves ACL Entries
|
|
|
|
|
|
|
|
If `numeric_owner` is True the user/group field is not preserved only uid/gid
|
|
|
|
"""
|
|
|
|
cdef acl_t default_acl = NULL
|
|
|
|
cdef acl_t access_acl = NULL
|
|
|
|
cdef char *default_text = NULL
|
|
|
|
cdef char *access_text = NULL
|
|
|
|
|
2014-08-01 13:50:18 +00:00
|
|
|
if S_ISLNK(st.st_mode) or acl_extended_file(<bytes>os.fsencode(path)) <= 0:
|
2014-04-13 18:26:46 +00:00
|
|
|
return
|
|
|
|
if numeric_owner:
|
|
|
|
converter = acl_numeric_ids
|
|
|
|
else:
|
|
|
|
converter = acl_append_numeric_ids
|
|
|
|
try:
|
|
|
|
access_acl = acl_get_file(<bytes>os.fsencode(path), ACL_TYPE_ACCESS)
|
|
|
|
if access_acl:
|
|
|
|
access_text = acl_to_text(access_acl, NULL)
|
|
|
|
if access_text:
|
2014-04-29 20:29:26 +00:00
|
|
|
item[b'acl_access'] = converter(access_text)
|
2014-04-13 18:26:46 +00:00
|
|
|
default_acl = acl_get_file(<bytes>os.fsencode(path), ACL_TYPE_DEFAULT)
|
|
|
|
if default_acl:
|
|
|
|
default_text = acl_to_text(default_acl, NULL)
|
|
|
|
if default_text:
|
2014-04-29 20:29:26 +00:00
|
|
|
item[b'acl_default'] = converter(default_text)
|
2014-04-13 18:26:46 +00:00
|
|
|
finally:
|
|
|
|
acl_free(default_text)
|
|
|
|
acl_free(default_acl)
|
|
|
|
acl_free(access_text)
|
|
|
|
acl_free(access_acl)
|
|
|
|
|
|
|
|
|
|
|
|
def acl_set(path, item, numeric_owner=False):
|
|
|
|
"""Restore ACL Entries
|
|
|
|
|
|
|
|
If `numeric_owner` is True the stored uid/gid is used instead
|
|
|
|
of the user/group names
|
|
|
|
"""
|
|
|
|
cdef acl_t access_acl = NULL
|
|
|
|
cdef acl_t default_acl = NULL
|
|
|
|
if numeric_owner:
|
2014-04-27 12:17:09 +00:00
|
|
|
converter = posix_acl_use_stored_uid_gid
|
2014-04-13 18:26:46 +00:00
|
|
|
else:
|
|
|
|
converter = acl_use_local_uid_gid
|
|
|
|
access_text = item.get(b'acl_access')
|
|
|
|
default_text = item.get(b'acl_default')
|
|
|
|
if access_text:
|
|
|
|
try:
|
|
|
|
access_acl = acl_from_text(<bytes>converter(access_text))
|
|
|
|
if access_acl:
|
|
|
|
acl_set_file(<bytes>os.fsencode(path), ACL_TYPE_ACCESS, access_acl)
|
|
|
|
finally:
|
|
|
|
acl_free(access_acl)
|
|
|
|
if default_text:
|
|
|
|
try:
|
|
|
|
default_acl = acl_from_text(<bytes>converter(default_text))
|
|
|
|
if default_acl:
|
|
|
|
acl_set_file(<bytes>os.fsencode(path), ACL_TYPE_DEFAULT, default_acl)
|
|
|
|
finally:
|
|
|
|
acl_free(default_acl)
|