Atomic file writing

Patch-by: David Rees
MFC: for 1.2.1

2 files changed, 44 insertions, 10 deletions

diff --git a/etc/inc/config.inc b/etc/inc/config.inc
index 4f52b5f..8dd34c1 100644
--- a/etc/inc/config.inc
+++ b/etc/inc/config.inc
@@ -1260,11 +1260,9 @@ function write_config($desc="Unknown", $backup = true) {
 	conf_mount_rw();
 
 	/* write new configuration */
-	$fd = fopen("{$g['cf_conf_path']}/config.xml", "w");
-	if (!$fd)
+	if (!safe_write_file("{$g['cf_conf_path']}/config.xml", $xmlconfig, false)) {
 		die("Unable to open {$g['cf_conf_path']}/config.xml for writing in write_config()\n");
-	fwrite($fd, $xmlconfig);
-	fclose($fd);
+	}
 
 	if($g['platform'] == "embedded") {
 		cleanup_backupcache(5);
@@ -1281,11 +1279,7 @@ function write_config($desc="Unknown", $backup = true) {
 	$config = parse_xml_config("{$g['conf_path']}/config.xml", $g['xml_rootobj']);
 
 	/* write config cache */
-	$fd = @fopen("{$g['tmp_path']}/config.cache", "wb");
-	if ($fd) {
-		fwrite($fd, serialize($config));
-		fclose($fd);
-	}
+	safe_write_file("{$g['tmp_path']}/config.cache", serialize($config), true);
 
 	/* tell kernel to sync fs data */
 	mwexec("/bin/sync");
@@ -2117,4 +2111,4 @@ function set_device_perms() {
 if($g['booting']) echo ".";
 $config = parse_config();
 
-?>
\ No newline at end of file
+?>
diff --git a/etc/inc/pfsense-utils.inc b/etc/inc/pfsense-utils.inc
index 8c0228d..2b47d8c 100644
--- a/etc/inc/pfsense-utils.inc
+++ b/etc/inc/pfsense-utils.inc
@@ -4056,4 +4056,44 @@ function lookup_gateway_interface_by_name($name) {
 	}
 }
 
+/****f* pfsense-utils/safe_write_file
+ * NAME
+ *   safe_write_file - Write a file out atomically
+ * DESCRIPTION
+ *   safe_write_file() Writes a file out atomically by first writing to a
+ *   temporary file of the same name but ending with the pid of the current
+ *   process, them renaming the temporary file over the original.
+ * INPUTS
+ *   $filename  - string containing the filename of the file to write
+ *   $content   - string containing the file content to write to file
+ *   $force_binary      - boolean denoting whether we should force binary
+ *   mode writing.
+ * RESULT
+ *   boolean - true if successful, false if not
+ ******/
+function safe_write_file($file, $content, $force_binary) {
+        $tmp_file = $file . "." . getmypid();
+        $write_mode = $force_binary ? "wb" : "w";
+
+        $fd = fopen($tmp_file, $write_mode);
+        if (!$fd) {
+                // Unable to open temporary file for writing
+                return false;
+        }
+        if (!fwrite($fd, $content)) {
+                // Unable to write to temporary file
+                fclose($fd);
+                return false;
+        }
+        fclose($fd);
+
+        if (!rename($tmp_file, $file)) {
+                // Unable to move temporary file to original
+                unlink($tmp_file);
+                return false;
+        }
+        return true;
+}
+
+
 ?>