Pull the file writing code for the wallet client into a separate file

so that the srvtab and keytab management can share it.  Write atomically
to a new file and then link and rename to do an atomic update.  Leave a
backup copy of any file that's replaced.

4 files changed, 59 insertions, 43 deletions

diff --git a/client/file.c b/client/file.c
new file mode 100644
index 0000000..621b49d
--- /dev/null
+++ b/client/file.c
@@ -0,0 +1,50 @@
+/*  $Id$
+**
+**  File handling for the wallet client.
+**
+**  Written by Russ Allbery <rra@stanford.edu>
+**  Copyright 2007 Board of Trustees, Leland Stanford Jr. University
+**
+**  See README for licensing terms.
+*/
+
+#include <config.h>
+#include <system.h>
+
+#include <fcntl.h>
+
+#include <client/internal.h>
+#include <util/util.h>
+
+/*
+**  Given a filename, some data, and a length, write that data to the given
+**  file safely and atomically by creating file.new, writing the data, linking
+**  file to file.bak, and then renaming file.new to file.
+*/
+void
+write_file(const char *name, const void *data, size_t length)
+{
+    int fd;
+    ssize_t status;
+    char *temp, *backup;
+
+    temp = concat(name, ".new", (char *) 0);
+    backup = concat(name, ".bak", (char *) 0);
+    fd = open(temp, O_WRONLY | O_CREAT | O_TRUNC, 0600);
+    if (fd < 0)
+        sysdie("open of %s failed", temp);
+    status = write(fd, data, length);
+    if (status < 0)
+        sysdie("write to %s failed", temp);
+    else if (status != (ssize_t) length)
+        die("write to %s truncated", temp);
+    if (close(fd) < 0)
+        sysdie("close of %s failed (file probably truncated)", temp);
+    if (access(name, F_OK) == 0)
+        if (link(name, backup) < 0)
+            sysdie("link of %s to %s failed", name, backup);
+    if (rename(temp, name) < 0)
+        sysdie("rename of %s to %s failed", temp, name);
+    free(temp);
+    free(backup);
+}
diff --git a/client/internal.h b/client/internal.h
index 834ec57..186d83f 100644
--- a/client/internal.h
+++ b/client/internal.h
@@ -11,29 +11,8 @@
 #ifndef CLIENT_INTERNAL_H
 #define CLIENT_INTERNAL_H 1
 
-/* __attribute__ is available in gcc 2.5 and later, but only with gcc 2.7
-   could you use the __format__ form of the attributes, which is what we use
-   (to avoid confusion with other macros). */
-#ifndef __attribute__
-# if __GNUC__ < 2 || (__GNUC__ == 2 && __GNUC_MINOR__ < 7)
-#  define __attribute__(spec)   /* empty */
-# endif
-#endif
-
-/* Used for unused parameters to silence gcc warnings. */
-#define UNUSED  __attribute__((__unused__))
-
-/* BEGIN_DECLS is used at the beginning of declarations so that C++
-   compilers don't mangle their names.  END_DECLS is used at the end. */
-#undef BEGIN_DECLS
-#undef END_DECLS
-#ifdef __cplusplus
-# define BEGIN_DECLS    extern "C" {
-# define END_DECLS      }
-#else
-# define BEGIN_DECLS    /* empty */
-# define END_DECLS      /* empty */
-#endif
+#include <sys/types.h>
+#include <util/util.h>
 
 /* Temporary until we have some real configuration. */
 #ifndef SERVER
@@ -45,6 +24,11 @@
 
 BEGIN_DECLS
 
+/* Given a filename, some data, and a length, write that data to the given
+   file safely and atomically by creating file.new, writing the data, linking
+   file to file.bak, and then renaming file.new to file. */
+void write_file(const char *name, const void *data, size_t length);
+
 /* Given a srvtab file, the Kerberos v5 principal, and the keytab file, write
    a srvtab file for the corresponding Kerberos v4 principal. */
 void write_srvtab(const char *srvtab, const char *principal,
diff --git a/client/srvtab.c b/client/srvtab.c
index b50193e..68a2618 100644
--- a/client/srvtab.c
+++ b/client/srvtab.c
@@ -148,14 +148,5 @@ write_srvtab(const char *srvtab, const char *principal, const char *keytab)
     krb5_free_keytab_entry_contents(ctx, &entry);
 
     /* Write out the srvtab file. */
-    fd = open(srvtab, O_WRONLY | O_CREAT | O_TRUNC, 0600);
-    if (fd < 0)
-        sysdie("open of %s failed", srvtab);
-    status = write(fd, data, length);
-    if (status < 0)
-        sysdie("write to %s failed", srvtab);
-    else if (status != (ssize_t) length)
-        die("write to %s truncated", srvtab);
-    if (close(fd) < 0)
-        sysdie("close of %s failed (file probably truncated)", srvtab);
+    write_file(srvtab, data, length);
 }
diff --git a/client/wallet.c b/client/wallet.c
index e3ca4dd..998ec30 100644
--- a/client/wallet.c
+++ b/client/wallet.c
@@ -140,16 +140,7 @@ main(int argc, char *argv[])
         fprintf(stderr, "wallet: ");
         fwrite(result->stderr_buf, 1, result->stderr_len, stderr);
     } else if (file != NULL && strcmp(command[1], "get") == 0) {
-        fd = open(file, O_WRONLY | O_CREAT | O_TRUNC, 0600);
-        if (fd < 0)
-            sysdie("open of %s failed", file);
-        status = write(fd, result->stdout_buf, result->stdout_len);
-        if (status < 0)
-            sysdie("write to %s failed", file);
-        else if (status != (ssize_t) result->stdout_len)
-            die("write to %s truncated", file);
-        if (close(fd) < 0)
-            sysdie("close of %s failed (file probably truncated)", file);
+        write_file(file, result->stdout_buf, result->stdout_len);
         if (srvtab != NULL)
             write_srvtab(srvtab, command[3], file);
     } else {