MFC of changeset [22584]

Atomic file writing
Patch-by: David Rees

3 files changed, 45 insertions, 11 deletions

diff --git a/etc/inc/config.inc b/etc/inc/config.inc
index f38cfc1..e5fbf38 100644
--- a/etc/inc/config.inc
+++ b/etc/inc/config.inc
@@ -1061,11 +1061,9 @@ function write_config($desc="Unknown", $backup = true) {
 	conf_mount_rw();
 
 	/* write new configuration */
-	$fd = fopen("{$g['cf_conf_path']}/config.xml", "w");
-	if (!$fd)
+	if (!safe_write_file("{$g['cf_conf_path']}/config.xml", $xmlconfig, false)) {
 		die("Unable to open {$g['cf_conf_path']}/config.xml for writing in write_config()\n");
-	fwrite($fd, $xmlconfig);
-	fclose($fd);
+	}
 
 	if($g['platform'] == "embedded") {
 		cleanup_backupcache(5);
@@ -1082,11 +1080,7 @@ function write_config($desc="Unknown", $backup = true) {
 	$config = parse_xml_config("{$g['conf_path']}/config.xml", $g['xml_rootobj']);
 
 	/* write config cache */
-	$fd = @fopen("{$g['tmp_path']}/config.cache", "wb");
-	if ($fd) {
-		fwrite($fd, serialize($config));
-		fclose($fd);
-	}
+	safe_write_file("{$g['tmp_path']}/config.cache", serialize($config), true);
 
 	/* tell kernel to sync fs data */
 	mwexec("/bin/sync");
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc
index 9b9563c..cd20ea1 100644
--- a/etc/inc/filter.inc
+++ b/etc/inc/filter.inc
@@ -1578,7 +1578,7 @@ function generate_user_filter_rule($rule, $ngcounter) {
 			}
 
 			/* do not process reply-to for gateway'd rules */
-			if(($rule['gateway'] == "") and ($ri != "") and ($rg != "") and (stristr($rule['interface'],"opt") == true)) {
+			if(($rule['gateway'] == "") and ($ri != "") and ($rg != "")) {
 				$aline['reply'] = "reply-to (" . $ri . " " . $rg . ") ";
 			}
 
@@ -3316,4 +3316,4 @@ function return_vpn_subnet($adr) {
 
 }
 
-?>
\ No newline at end of file
+?>
diff --git a/etc/inc/pfsense-utils.inc b/etc/inc/pfsense-utils.inc
index 7c92560..47854d5 100644
--- a/etc/inc/pfsense-utils.inc
+++ b/etc/inc/pfsense-utils.inc
@@ -3621,4 +3621,44 @@ function is_wan_interface_up($interface) {
 	return false;
 }
 
+/****f* pfsense-utils/safe_write_file
+ * NAME
+ *   safe_write_file - Write a file out atomically
+ * DESCRIPTION
+ *   safe_write_file() Writes a file out atomically by first writing to a
+ *   temporary file of the same name but ending with the pid of the current
+ *   process, them renaming the temporary file over the original.
+ * INPUTS
+ *   $filename  - string containing the filename of the file to write
+ *   $content   - string containing the file content to write to file
+ *   $force_binary      - boolean denoting whether we should force binary
+ *   mode writing.
+ * RESULT
+ *   boolean - true if successful, false if not
+ ******/
+function safe_write_file($file, $content, $force_binary) {
+        $tmp_file = $file . "." . getmypid();
+        $write_mode = $force_binary ? "wb" : "w";
+
+        $fd = fopen($tmp_file, $write_mode);
+        if (!$fd) {
+                // Unable to open temporary file for writing
+                return false;
+        }
+        if (!fwrite($fd, $content)) {
+                // Unable to write to temporary file
+                fclose($fd);
+                return false;
+        }
+        fclose($fd);
+
+        if (!rename($tmp_file, $file)) {
+                // Unable to move temporary file to original
+                unlink($tmp_file);
+                return false;
+        }
+        return true;
+}
+
+
 ?>