1/*	$NetBSD$	*/
2
3/*++
4/* NAME
5/*	dot_lockfile_as 3
6/* SUMMARY
7/*	dotlock file as user
8/* SYNOPSIS
9/*	#include <dot_lockfile_as.h>
10/*
11/*	int	dot_lockfile_as(path, why, euid, egid)
12/*	const char *path;
13/*	VSTRING *why;
14/*	uid_t	euid;
15/*	gid_t	egid;
16/*
17/*	void	dot_unlockfile_as(path, euid, egid)
18/*	const char *path;
19/*	uid_t	euid;
20/*	gid_t	egid;
21/* DESCRIPTION
22/*	dot_lockfile_as() and dot_unlockfile_as() are wrappers around
23/*	the dot_lockfile() and dot_unlockfile() routines. The routines
24/*	change privilege to the designated privilege, perform the
25/*	requested operation, and restore privileges.
26/* DIAGNOSTICS
27/*	Fatal error: no permission to change privilege level.
28/* SEE ALSO
29/*	dot_lockfile(3) dotlock file management
30/*	set_eugid(3) switch effective rights
31/* LICENSE
32/* .ad
33/* .fi
34/*	The Secure Mailer license must be distributed with this software.
35/* AUTHOR(S)
36/*	Wietse Venema
37/*	IBM T.J. Watson Research
38/*	P.O. Box 704
39/*	Yorktown Heights, NY 10598, USA
40/*--*/
41
42/* System library. */
43
44#include <sys_defs.h>
45#include <unistd.h>
46
47/* Utility library. */
48
49#include "msg.h"
50#include "set_eugid.h"
51#include "dot_lockfile.h"
52#include "dot_lockfile_as.h"
53
54/* dot_lockfile_as - dotlock file as user */
55
56int     dot_lockfile_as(const char *path, VSTRING *why, uid_t euid, gid_t egid)
57{
58    uid_t   saved_euid = geteuid();
59    gid_t   saved_egid = getegid();
60    int     result;
61
62    /*
63     * Switch to the target user privileges.
64     */
65    set_eugid(euid, egid);
66
67    /*
68     * Lock that file.
69     */
70    result = dot_lockfile(path, why);
71
72    /*
73     * Restore saved privileges.
74     */
75    set_eugid(saved_euid, saved_egid);
76
77    return (result);
78}
79
80/* dot_unlockfile_as - dotlock file as user */
81
82void     dot_unlockfile_as(const char *path, uid_t euid, gid_t egid)
83{
84    uid_t   saved_euid = geteuid();
85    gid_t   saved_egid = getegid();
86
87    /*
88     * Switch to the target user privileges.
89     */
90    set_eugid(euid, egid);
91
92    /*
93     * Lock that file.
94     */
95    dot_unlockfile(path);
96
97    /*
98     * Restore saved privileges.
99     */
100    set_eugid(saved_euid, saved_egid);
101}
102