Make cap_mkdb and services_mkdb file operations sync

Similar fix was done for passwd and group operations in r285050. When a temporary file is created and then renamed to replace official file there are no checks to make sure data was written to disk and if a power cycle happens at this time, system can end up with a 0 length file Approved by: bapt MFC after: 1 week Sponsored by: Netgate Differential Revision: https://reviews.freebsd.org/D2982
2016-01-07 10:39:13 +00:00 · 2016-01-07 10:39:13 +00:00 · cc39d2e41a
commit cc39d2e41a
parent 76a48b4688
2 changed files with 19 additions and 3 deletions
--- a/usr.bin/cap_mkdb/cap_mkdb.c
+++ b/usr.bin/cap_mkdb/cap_mkdb.c
@ -119,7 +119,7 @@ main(int argc, char *argv[])
 	(void)snprintf(buf, sizeof(buf), "%s.db", capname ? capname : *argv);
 	if ((capname = strdup(buf)) == NULL)
 		errx(1, "strdup failed");
-	if ((capdbp = dbopen(capname, O_CREAT | O_TRUNC | O_RDWR,
+	if ((capdbp = dbopen(capname, O_CREAT | O_TRUNC | O_RDWR | O_SYNC,
 	    DEFFILEMODE, DB_HASH, &openinfo)) == NULL)
 		err(1, "%s", buf);

--- a/usr.sbin/services_mkdb/services_mkdb.c
+++ b/usr.sbin/services_mkdb/services_mkdb.c
@ -44,6 +44,7 @@ __FBSDID("$FreeBSD$");
 #include <stdlib.h>
 #include <string.h>
 #include <unistd.h>
+#include <libgen.h>
 #include <libutil.h>
 #include <ctype.h>
 #include <errno.h>
@ -91,6 +92,8 @@ main(int argc, char *argv[])
 	size_t	 cnt = 0;
 	StringList *sl, ***svc;
 	size_t port, proto;
+	char *dbname_dir;
+	int dbname_dir_fd = -1;

 	setprogname(argv[0]);

@ -138,7 +141,7 @@ main(int argc, char *argv[])
 		err(1, "Cannot install exit handler");

 	(void)snprintf(tname, sizeof(tname), "%s.tmp", dbname);
-	db = dbopen(tname, O_RDWR | O_CREAT | O_EXCL,
+	db = dbopen(tname, O_RDWR | O_CREAT | O_EXCL | O_SYNC,
 	    (S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH), DB_HASH, &hinfo);
 	if (!db)
 		err(1, "Error opening temporary database `%s'", tname);
@ -164,8 +167,21 @@ main(int argc, char *argv[])
 	if ((db->close)(db))
 		err(1, "Error closing temporary database `%s'", tname);

-	if (rename(tname, dbname) == -1)
+	/*
+	 * Make sure file is safe on disk. To improve performance we will call
+	 * fsync() to the directory where file lies
+	 */
+	if (rename(tname, dbname) == -1 ||
+	    (dbname_dir = dirname(dbname)) == NULL ||
+	    (dbname_dir_fd = open(dbname_dir, O_RDONLY|O_DIRECTORY)) == -1 ||
+	    fsync(dbname_dir_fd) != 0) {
+		if (dbname_dir_fd != -1)
+			close(dbname_dir_fd);
 		err(1, "Cannot rename `%s' to `%s'", tname, dbname);
+	}
+
+	if (dbname_dir_fd != -1)
+		close(dbname_dir_fd);

 	return 0;
 }