HEX

File: //opt/saltstack/salt/lib/python3.10/site-packages/salt/states/__pycache__/linux_acl.cpython-310.pyc
o

�N�g-e�@sjdZddlZddlZddlZddlmZe�e�Z	dZ
dd�Zdd	d
�Zddd�Z
dd
d�Zddd�ZdS)a�
Linux File Access Control Lists

The Linux ACL state module requires the `getfacl` and `setfacl` binaries.

Ensure a Linux ACL is present

.. code-block:: yaml

     root:
       acl.present:
         - name: /root
         - acl_type: user
         - acl_name: damian
         - perms: rwx

Ensure a Linux ACL does not exist

.. code-block:: yaml

     root:
       acl.absent:
         - name: /root
         - acl_type: user
         - acl_name: damian
         - perms: rwx

Ensure a Linux ACL list is present

.. code-block:: yaml

     root:
       acl.list_present:
         - name: /root
         - acl_type: user
         - acl_names:
           - damian
           - homer
         - perms: rwx

Ensure a Linux ACL list does not exist

.. code-block:: yaml

     root:
       acl.list_absent:
         - name: /root
         - acl_type: user
         - acl_names:
           - damian
           - homer
         - perms: rwx

.. warning::

    The effective permissions of Linux file access control lists (ACLs) are
    governed by the "effective rights mask" (the `mask` line in the output of
    the `getfacl` command) combined with the `perms` set by this module: any
    permission bits (for example, r=read) present in an ACL but not in the mask
    are ignored.  The mask is automatically recomputed when setting an ACL, so
    normally this isn't important.  However, if the file permissions are
    changed (with `chmod` or `file.managed`, for example), the mask will
    generally be set based on just the group bits of the file permissions.

    As a result, when using `file.managed` or similar to control file
    permissions as well as this module, you should set your group permissions
    to be at least as broad as any permissions in your ACL. Otherwise, the two
    state declarations will each register changes each run, and if the `file`
    declaration runs later, your ACL will be ineffective.

�N)�CommandExecutionErrorZaclcCs$tjj�d�rtjj�d�rtSdS)z(
    Ensure getfacl & setfacl exist
    ZgetfaclZsetfacl)FzWThe linux_acl state cannot be loaded: the getfacl or setfacl binary is not in the path.)�salt�utils�path�which�__virtualname__�rr�I/opt/saltstack/salt/lib/python3.10/site-packages/salt/states/linux_acl.py�__virtual__Tsr
�Fcs�|didd�}ddddd��d	d
ddd
�}tj�|�s(|�d�|d<d|d<|Std||d�}|�d�rLd�|�d�dd��}	||�di�}
d}n|}	||}
d}|dkrd||�d��|	d��n|�|
�|	d�so|�r�z�fdd�|
|	D���}Wnt	t
ttfy�d}Ynw|�r}t
�fdd�|D��}
d}|r�|D]7}d}|r�tj�|�s�q�||�di�}n||}|�|	g�D]}�|vr�|�d|
kr�d}q�|s�d}nq�n|�dt
�fdd�|D��kr�d}nd}|s�d|d<|S|�d}d�||d@||d@||d@�}|||d �|||d �d!�}td"�r4|�d#�|||�d|d$��|Sz'|�rAtd%||dd&�td'|||||dd&�|�d(|��d|d$��W|St�y|}z|�d)�||j�dd*��WYd}~|Sd}~wwd+|||d �i}td"�r�|�d,�||�d|d$��d|d<|Sz'|�r�td%||dd&�td'|||||dd&�|�d-|��d|d$��W|St�y�}z|�d)�||j�dd*��WYd}~|Sd}~wwd.|d<d|d<|S)/a�
    Ensure a Linux ACL is present

    name
        The acl path

    acl_type
        The type of the acl is used for it can be 'user' or 'group'

    acl_name
        The  user or group

    perms
        Set the permissions eg.: rwx

    recurse
        Set the permissions recursive in the path

    force
        Wipe out old permissions and ensure only the new permissions are set
    Tr��name�result�changes�comment���r��r�w�x�-rrrr)rrrr� does not existrFr�acl.getfacl��	recursive�zd:zdefault:�:N�defaultsc�$g|]}tt|�����kr|�qSr��next�iter�keys��.0�i��_search_namerr	�
<listcomp>��
�zpresent.<locals>.<listcomp>c3��|]	}��||�VqdS�N��getr%��_octalrr	�	<genexpr>���zpresent.<locals>.<genexpr>�octalc3r,r-r.r%r0rr	r2�r3�$Permissions are in the desired statez{}{}{}��acl_name�acl_type�perms��new�old�test�4Updated permissions will be applied for {}: {} -> {}�rrr�
acl.wipefacls�rZ	raise_err�acl.modfaclzUpdated permissions for �%Error updating permissions for {}: {}�rrr;�*New permissions will be applied for {}: {}zApplied new permissions for �ACL Type does not exist)�osr�exists�__salt__�
startswith�join�splitr/�pop�AttributeError�
IndexError�
StopIteration�KeyError�sum�isdir�format�__opts__�updater�strerror)r
r8r7r9�recurse�force�retZ
_octal_lookup�__current_perms�	_acl_type�_current_perms�_default�userZ	octal_sum�need_refreshr�	acl_foundZ_current_perms_path�user_aclZ_numZ	new_permsr�excr)r1r)r	�presentbs&


������"i�


�
��
	
��
����>����6���
���	�������
��rdcs�|didd�}tj�|�s|�d�|d<d|d<|Std||d	�}|�d
�r>d�|�d�dd
��}||�di�}d}	n|}||}d}	|dkrV||�d��|d��n|�|�|d
�s`|	r�z�fdd�||D���}
Wnt	t
ttfy~d
}
Ynwd}|D]}d}
||�|g�D]
}�|vr�d}
nq�|
r�d}nq�|
s�|r�d|d<t
dr�d
|d<|Std|||||d	�|Sd|d<|Sd|d<d|d<|S)a7
    Ensure a Linux ACL does not exist

    name
        The acl path

    acl_type
        The type of the acl is used for, it can be 'user' or 'group'

    acl_name
        The user or group

    perms
        Remove the permissions eg.: rwx

    recurse
        Set the permissions recursive in the path
    TrrrrFrrrrrrNrcr rr!r%r(rr	r*dr+zabsent.<locals>.<listcomp>�Removing permissionsr=�acl.delfaclr5rF)rGrrHrIrJrKrLr/rMrNrOrPrQrU)r
r8r7r9rXrZr[r\r]r^r_r`rrarbrr(r	�absent0sd


�������rgcs�|durg}|didd�}ddddd	��t�fd
d�|D��}tj�|�s2|�d�|d
<d|d<|Std|�}|�d�rTd�|�d�dd��}	||�di�}
d}n~|}	||}
d}|
�d
i��dd�}|
�d
i��dd�}
g}d}|
|D]}|�	�D]}|�
|�d��|||dk}q~qx|dkr�z|�|
�Wnt
y�Ynwz|�|�Wn	t
y�Ynwt|�t|�A}|s�|r�|s�|did�|�d�}|S|dkr�||�d
��|	d�}n|}|
�|	d�s�|�r�zi}|
|	D]}|�r	tt|�	���|v�r	|�|�q�Wnttf�yd}Ynw|�rFi}t|�D�]\}}||v�r�||dt�fdd�|D��k�rEd|d
<�q#|�d�|�||d�d�|�|t||d�d�d��td�r~|�d �|t||d�|�d|d!��|Sz-|�r�td"||dd#�|D]}td$|||||dd#��q�|�d%�|�d|d!��W�q#t�y�}z|�d&�||j�dd'��WYd}~�q#d}~wwd(d�|�||d�i}td�r�|�d)�||�d|d!��d|d<|Sz0|�r�td"||dd#�|D]}td$|||||dd#��q|�d*�d�|��d|d!��W�q#t�yC}z|�d&�||j�dd'��WYd}~�q#d}~ww|Sd(d�|�||d�i}td�ri|�d)�||�d|d!��d|d<|Sz0|�rvtd"||dd#�|D]}td$|||||dd#��qx|�d*�d�|��d|d!��W|St�y�}z|�d&�||j�dd'��WYd}~|Sd}~wwd+|d
<d|d<|S),a�
    Ensure a Linux ACL list is present

    Takes a list of acl names and add them to the given path

    name
        The acl path

    acl_type
        The type of the acl is used for it can be 'user' or 'group'

    acl_names
        The list of users or groups

    perms
        Set the permissions eg.: rwx

    recurse
        Set the permissions recursive in the path

    force
        Wipe out old permissions and ensure only the new permissions are set
    NTrrrrrrrc3r,r-r.r%r0rr	r2�r3zlist_present.<locals>.<genexpr>rrFrrrrr�group�ownerzutf-8r4r_z,Permissions and {}s are in the desired statec3r,r-r.r%r0rr	r2�s�
�r5z, r6r:r=r>r?r@rArBzUpdated permissions for {}rCrDr;rEzApplied new permissions for {}rF)rRrGrrHrIrJrKrLr/r$�append�encode�remove�
ValueError�setrTr"r#rVrNrQ�	enumerate�strrUrrW)r
r8�	acl_namesr9rXrYrZZ_octal_permsr[r\r]r^Z
_origin_groupZ
_origin_ownerZ_current_acl_typesZ
diff_perms�keyZcurrent_acl_nameZ	diff_acls�
_search_names�usersr'r�countZsearch_namer7rcrr0r	�list_present�s�
�����	
���
�����
����
���
�	�����
��
����
���
�	�����F���
���	
��������
��rvc
	Cs�|durg}|didd�}tj�|�s |�d�|d<d|d<|Std	|�}|�d
�rBd�|�d�dd��}||�d
i�}d}n|}||}d}|sZt||�d��|d��}	nt|�}	|�|d�sf|r�zi}
||D]}|r�t	t
|����|	vr�|
�|�qmWn
t
tfy�d}
Ynw|
r�d|d<tdr�d|d<|S|D]}td||||d�q�|Sd|d<|Sd|d<d|d<|S)aX
    Ensure a Linux ACL list does not exist

    Takes a list of acl names and remove them from the given path

    name
        The acl path

    acl_type
        The type of the acl is used for, it can be 'user' or 'group'

    acl_names
        The list of users or groups

    recurse
        Set the permissions recursive in the path

    NTrrrrFrrrrrrrer=rfrr5rF)rGrrHrIrJrKrLr/rnr"r#r$rVrNrQrU)
r
r8rqrXrZr[r\r]r^rsrtr'r7rrr	�list_absent�sT
	
�����rw)rrFF)rrF)NrFF)NF)�__doc__�loggingrGZsalt.utils.pathrZsalt.exceptionsr�	getLogger�__name__�logrr
rdrgrvrwrrrr	�<module>sH


O
Y&