/* Subtract one set of user and group ids from another Copyright (C) 1997 Free Software Foundation, Inc. Written by Miles Bader <miles@gnu.ai.mit.edu> This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ #include <errno.h> #include "idvec.h" #include "ugids.h" /* Remove the gids in SUB from those in GIDS, except where they are implied in SUB (as represented by SUB_IMP), but not in GIDS (as represented by GIDS_IMP). */ static error_t _sub_gids (struct idvec *gids, struct idvec *gids_imp, const struct idvec *sub, const struct idvec *sub_imp) { error_t err; /* What we'll remove from GIDS. */ struct idvec delta = IDVEC_INIT; /* Those implied ids in SUB that we *won't* remove, because they're not also implied in GIDS. */ struct idvec delta_suppress = IDVEC_INIT; err = idvec_set (&delta, sub); if (! err) err = idvec_set (&delta_suppress, sub_imp); if (! err) { /* Don't suppress those implied ids that are implied in both. */ idvec_subtract (&delta_suppress, gids_imp); idvec_subtract (&delta, &delta_suppress); /* Actually remove the gids. */ idvec_subtract (gids, &delta); } idvec_fini (&delta); idvec_fini (&delta_suppress); return err; } /* Remove the in SUB from those in GIDS, except where they are implied in SUB (as represented by SUB_IMP), but not in GIDS (as represented by GIDS_IMP). */ static error_t _sub (struct idvec *uids, struct idvec *gids, struct idvec *gids_imp, const struct idvec *sub_uids, const struct idvec *sub_gids, const struct idvec *sub_gids_imp) { error_t err; struct idvec new_uids = IDVEC_INIT; /* The set of uids after subtraction. */ struct idvec no_sub_gids = IDVEC_INIT; /* Gids we *don't* want to remove from GIDS, despite what's in SUB_GIDS. */ struct idvec new_sub_gids = IDVEC_INIT; struct idvec new_sub_gids_imp = IDVEC_INIT; err = idvec_set (&new_uids, uids); if (! err) err = idvec_set (&new_sub_gids, sub_gids); if (! err) err = idvec_set (&new_sub_gids_imp, sub_gids_imp); if (! err) { idvec_subtract (&new_uids, sub_uids); err = idvec_merge_implied_gids (&no_sub_gids, &new_uids); if (! err) { /* NO_SUB_GIDS is the intersection of implied gids in GIDS, implied gids in SUB_GIDS, and implied gids after the subtraction of uids -- we don't want to remove those implied gids because we can't be sure which uids implied them (as there will be appropriately implicative uids left after the subtraction). */ idvec_keep (&no_sub_gids, gids_imp); idvec_keep (&no_sub_gids, sub_gids_imp); /* Remove those gids we don't want to subtract. */ idvec_subtract (&new_sub_gids, &no_sub_gids); idvec_subtract (&new_sub_gids_imp, &no_sub_gids); /* Do the group subtraction. */ err = _sub_gids (gids, gids_imp, &new_sub_gids, &new_sub_gids_imp); if (! err) /* Finally, if no problems, do the uid subtraction. */ err = idvec_set (uids, &new_uids); } } idvec_fini (&new_uids); idvec_fini (&no_sub_gids); idvec_fini (&new_sub_gids); idvec_fini (&new_sub_gids_imp); return err; } /* Remove the ids in SUB from those in UGIDS. */ error_t ugids_subtract (struct ugids *ugids, const struct ugids *sub) { error_t err = _sub (&ugids->eff_uids, &ugids->eff_gids, &ugids->imp_eff_gids, &sub->eff_uids, &sub->eff_gids, &sub->imp_eff_gids); if (! err) /* If this second call to _sub fails, ugids will be in an inconsistent state, but oh well. */ err = _sub (&ugids->avail_uids, &ugids->avail_gids, &ugids->imp_avail_gids, &sub->avail_uids, &sub->avail_gids, &sub->imp_avail_gids); return err; }