1/*++
2/* NAME
3/*	dot_lockfile_as 3
4/* SUMMARY
5/*	dotlock file as user
6/* SYNOPSIS
7/*	#include <dot_lockfile_as.h>
8/*
9/*	int	dot_lockfile_as(path, why, euid, egid)
10/*	const char *path;
11/*	VSTRING *why;
12/*	uid_t	euid;
13/*	gid_t	egid;
14/*
15/*	void	dot_unlockfile_as(path, euid, egid)
16/*	const char *path;
17/*	uid_t	euid;
18/*	gid_t	egid;
19/* DESCRIPTION
20/*	dot_lockfile_as() and dot_unlockfile_as() are wrappers around
21/*	the dot_lockfile() and dot_unlockfile() routines. The routines
22/*	change privilege to the designated privilege, perform the
23/*	requested operation, and restore privileges.
24/* DIAGNOSTICS
25/*	Fatal error: no permission to change privilege level.
26/* SEE ALSO
27/*	dot_lockfile(3) dotlock file management
28/*	set_eugid(3) switch effective rights
29/* LICENSE
30/* .ad
31/* .fi
32/*	The Secure Mailer license must be distributed with this software.
33/* AUTHOR(S)
34/*	Wietse Venema
35/*	IBM T.J. Watson Research
36/*	P.O. Box 704
37/*	Yorktown Heights, NY 10598, USA
38/*--*/
39
40/* System library. */
41
42#include <sys_defs.h>
43#include <unistd.h>
44
45/* Utility library. */
46
47#include "msg.h"
48#include "set_eugid.h"
49#include "dot_lockfile.h"
50#include "dot_lockfile_as.h"
51
52/* dot_lockfile_as - dotlock file as user */
53
54int     dot_lockfile_as(const char *path, VSTRING *why, uid_t euid, gid_t egid)
55{
56    uid_t   saved_euid = geteuid();
57    gid_t   saved_egid = getegid();
58    int     result;
59
60    /*
61     * Switch to the target user privileges.
62     */
63    set_eugid(euid, egid);
64
65    /*
66     * Lock that file.
67     */
68    result = dot_lockfile(path, why);
69
70    /*
71     * Restore saved privileges.
72     */
73    set_eugid(saved_euid, saved_egid);
74
75    return (result);
76}
77
78/* dot_unlockfile_as - dotlock file as user */
79
80void     dot_unlockfile_as(const char *path, uid_t euid, gid_t egid)
81{
82    uid_t   saved_euid = geteuid();
83    gid_t   saved_egid = getegid();
84
85    /*
86     * Switch to the target user privileges.
87     */
88    set_eugid(euid, egid);
89
90    /*
91     * Lock that file.
92     */
93    dot_unlockfile(path);
94
95    /*
96     * Restore saved privileges.
97     */
98    set_eugid(saved_euid, saved_egid);
99}
100