diff options
author | garga <garga@FreeBSD.org> | 2015-07-06 13:01:01 +0000 |
---|---|---|
committer | garga <garga@FreeBSD.org> | 2015-07-06 13:01:01 +0000 |
commit | c49abb198d367256a94da48fed297b82b5a11ad9 (patch) | |
tree | 405345f80080e535bfc241ee0b84241f929bdfc2 /lib | |
parent | 998834455cb651366ad087f0f5206af8a1b7823f (diff) | |
download | FreeBSD-src-c49abb198d367256a94da48fed297b82b5a11ad9.zip FreeBSD-src-c49abb198d367256a94da48fed297b82b5a11ad9.tar.gz |
MFC r285050, r285053, r285059:
When passwd or group information is changed (by pw, vipw, chpass, ...)
temporary file is created and then a rename() call move it to official file.
This operation didn't have any check to make sure data was written to disk
and if a power cycle happens system could end up with a 0 length passwd
or group database.
There is a pfSense bug with more information about it:
https://redmine.pfsense.org/issues/4523
The following changes were made to protect passwd and group operations:
* lib/libutil/gr_util.c:
- Replace mkstemp() by mkostemp() with O_SYNC flag to create temp file
- After rename(), fsync() call on directory for faster result
* lib/libutil/pw_util.c
- Replace mkstemp() by mkostemp() with O_SYNC flag to create temp file
* usr.sbin/pwd_mkdb/pwd_mkdb.c
- Added O_SYNC flag on dbopen() calls
- After rename(), fsync() call on directory for faster result
* lib/libutil/pw_util.3
- pw_lock() returns a file descriptor to master password file on success
Differential Revision: https://reviews.freebsd.org/D2978
Approved by: re (kib), bapt (implicit agreed)
Sponsored by: Netgate
Diffstat (limited to 'lib')
-rw-r--r-- | lib/libutil/gr_util.c | 22 | ||||
-rw-r--r-- | lib/libutil/pw_util.3 | 5 | ||||
-rw-r--r-- | lib/libutil/pw_util.c | 2 |
3 files changed, 24 insertions, 5 deletions
diff --git a/lib/libutil/gr_util.c b/lib/libutil/gr_util.c index 465efd9..80d9ee6 100644 --- a/lib/libutil/gr_util.c +++ b/lib/libutil/gr_util.c @@ -141,7 +141,7 @@ gr_tmp(int mfd) errno = ENAMETOOLONG; return (-1); } - if ((tfd = mkstemp(tempname)) == -1) + if ((tfd = mkostemp(tempname, O_SYNC)) == -1) return (-1); if (mfd != -1) { while ((nr = read(mfd, buf, sizeof(buf))) > 0) @@ -318,10 +318,28 @@ gr_copy(int ffd, int tfd, const struct group *gr, struct group *old_gr) int gr_mkdb(void) { + int fd; + if (chmod(tempname, 0644) != 0) return (-1); - return (rename(tempname, group_file)); + if (rename(tempname, group_file) != 0) + return (-1); + + /* + * Make sure new group file is safe on disk. To improve performance we + * will call fsync() to the directory where file lies + */ + if ((fd = open(group_dir, O_RDONLY|O_DIRECTORY)) == -1) + return (-1); + + if (fsync(fd) != 0) { + close(fd); + return (-1); + } + + close(fd); + return(0); } /* diff --git a/lib/libutil/pw_util.3 b/lib/libutil/pw_util.3 index 6c449ba..705fa2d 100644 --- a/lib/libutil/pw_util.3 +++ b/lib/libutil/pw_util.3 @@ -24,7 +24,7 @@ .\" .\" $FreeBSD$ .\" -.Dd October 30, 2012 +.Dd July 02, 2015 .Dt PW_UTIL 3 .Os .Sh NAME @@ -233,7 +233,8 @@ function returns 0 in case of success and -1 in case of failure. The .Fn pw_lock function locks the master password file. -It returns 0 in case of success and -1 in case of failure. +It returns a file descriptor to the master password file on success +and -1 on failure. .Pp The .Fn pw_scan diff --git a/lib/libutil/pw_util.c b/lib/libutil/pw_util.c index befd1fb..af749d5 100644 --- a/lib/libutil/pw_util.c +++ b/lib/libutil/pw_util.c @@ -226,7 +226,7 @@ pw_tmp(int mfd) errno = ENAMETOOLONG; return (-1); } - if ((tfd = mkstemp(tempname)) == -1) + if ((tfd = mkostemp(tempname, O_SYNC)) == -1) return (-1); if (mfd != -1) { while ((nr = read(mfd, buf, sizeof(buf))) > 0) |