file. Also made explicitly-set uid/gid values no longer ignored by a
daemon that was not run by a super-user.
+ - When replacing a non-dir with a symlink/hard-link/device/special-file,
+ the update should now be done in an atomic manner.
+
+ - When backing up a file, try to hard-link the file into place so that the
+ upcoming replacement of the destination file will be atomic.
+
EXTRAS:
- Added an "instant-rsyncd" script to the support directory, which makes
extern dev_t filesystem_dev;
extern mode_t orig_umask;
extern uid_t our_uid;
+extern char *tmpdir;
extern char *basis_dir[MAX_BASIS_DIRS+1];
extern struct file_list *cur_flist, *first_flist, *dir_flist;
extern filter_rule_list filter_list, daemon_filter_list;
int save_dry_run = dry_run;
dry_run = 0;
- if (!get_tmpname(fnametmp, "deldelay")
+ if (!get_tmpname(fnametmp, "deldelay", False)
|| (deldelay_fd = do_mkstemp(fnametmp, 0600)) < 0) {
rprintf(FINFO, "NOTE: Unable to create delete-delay temp file%s.\n",
inc_recurse ? "" : " -- switching to --delete-after");
char lnk[MAXPATHLEN];
int len;
- if (!S_ISLNK(sx.st.st_mode))
- statret = -1;
- else if ((len = readlink(fname, lnk, MAXPATHLEN-1)) > 0
- && strncmp(lnk, sl, len) == 0 && sl[len] == '\0') {
+ if (S_ISLNK(sx.st.st_mode)
+ && (len = readlink(fname, lnk, MAXPATHLEN-1)) > 0
+ && strncmp(lnk, sl, len) == 0 && sl[len] == '\0') {
/* The link is pointing to the right place. */
set_file_attrs(fname, file, &sx, NULL, maybe_ATTRS_REPORT);
if (itemizing)
goto return_with_success;
goto cleanup;
}
- /* Not the right symlink (or not a symlink), so
- * delete it. */
- if (delete_item(fname, sx.st.st_mode, del_opts | DEL_FOR_SYMLINK) != 0)
- goto cleanup;
} else if (basis_dir[0] != NULL) {
int j = try_dests_non(file, fname, ndx, fnamecmpbuf, &sx,
itemizing, code);
} else if (j >= 0)
statret = 1;
}
-#ifdef SUPPORT_HARD_LINKS
- if (preserve_hard_links && F_HLINK_NOT_LAST(file)) {
- cur_flist->in_progress++;
- goto cleanup;
- }
-#endif
- if (do_symlink(sl, fname) != 0) {
- rsyserr(FERROR_XFER, errno, "symlink %s -> \"%s\" failed",
- full_fname(fname), sl);
- } else {
+ if (atomic_create(file, fname, sl, MAKEDEV(0, 0), &sx, statret == 0 ? DEL_FOR_SYMLINK : 0)) {
set_file_attrs(fname, file, NULL, NULL, 0);
if (itemizing) {
+ if (statret == 0 && !S_ISLNK(sx.st.st_mode))
+ statret = -1;
itemize(fname, file, ndx, statret, &sx,
ITEM_LOCAL_CHANGE|ITEM_REPORT_CHANGE, 0, NULL);
}
if ((am_root && preserve_devices && IS_DEVICE(file->mode))
|| (preserve_specials && IS_SPECIAL(file->mode))) {
dev_t rdev;
+ int del_for_flag = 0;
if (IS_DEVICE(file->mode)) {
uint32 *devp = F_RDEV_P(file);
rdev = MAKEDEV(DEV_MAJOR(devp), DEV_MINOR(devp));
} else
rdev = 0;
if (statret == 0) {
- int del_for_flag;
if (IS_DEVICE(file->mode)) {
if (!IS_DEVICE(sx.st.st_mode))
statret = -1;
goto return_with_success;
goto cleanup;
}
- if (delete_item(fname, sx.st.st_mode, del_opts | del_for_flag) != 0)
- goto cleanup;
} else if (basis_dir[0] != NULL) {
int j = try_dests_non(file, fname, ndx, fnamecmpbuf, &sx,
itemizing, code);
} else if (j >= 0)
statret = 1;
}
-#ifdef SUPPORT_HARD_LINKS
- if (preserve_hard_links && F_HLINK_NOT_LAST(file)) {
- cur_flist->in_progress++;
- goto cleanup;
- }
-#endif
if (DEBUG_GTE(GENR, 1)) {
rprintf(FINFO, "mknod(%s, 0%o, [%ld,%ld])\n",
fname, (int)file->mode,
(long)major(rdev), (long)minor(rdev));
}
- if (do_mknod(fname, file->mode, rdev) < 0) {
- rsyserr(FERROR_XFER, errno, "mknod %s failed",
- full_fname(fname));
- } else {
+ if (atomic_create(file, fname, NULL, rdev, &sx, del_for_flag)) {
set_file_attrs(fname, file, NULL, NULL, 0);
if (itemizing) {
itemize(fname, file, ndx, statret, &sx,
return;
}
+/* If we are replacing an existing hard link, symlink, device, or special file,
+ * create a temp-name item and rename it into place. Only a symlink or hard
+ * link puts a non-NULL value into the lnk arg. Only a device puts a non-0
+ * value into the rdev arg. Specify 0 for the del_for_flag if there is not a
+ * file to replace. This returns 1 on success and 0 on failure. */
+int atomic_create(struct file_struct *file, char *fname, const char *lnk,
+ dev_t rdev, stat_x *sxp, int del_for_flag)
+{
+ char tmpname[MAXPATHLEN];
+ const char *create_name;
+ int skip_atomic, dir_in_the_way = del_for_flag && S_ISDIR(sxp->st.st_mode);
+
+ if (!del_for_flag || dir_in_the_way || tmpdir || !get_tmpname(tmpname, fname, True))
+ skip_atomic = 1;
+ else
+ skip_atomic = 0;
+
+ if (del_for_flag) {
+ if (make_backups > 0 && !dir_in_the_way) {
+ if (!make_backup(fname, skip_atomic))
+ return 0;
+ } else if (skip_atomic) {
+ int del_opts = delete_mode || force_delete ? DEL_RECURSE : 0;
+ if (delete_item(fname, sxp->st.st_mode, del_opts | del_for_flag) != 0)
+ return 0;
+ }
+ }
+
+ create_name = skip_atomic ? fname : tmpname;
+
+ if (lnk) {
+#ifdef SUPPORT_LINKS
+ if (S_ISLNK(file->mode)
+#ifdef SUPPORT_HARD_LINKS /* The first symlink in a hard-linked cluster is always created. */
+ && (!F_IS_HLINKED(file) || file->flags & FLAG_HLINK_FIRST)
+#endif
+ ) {
+ if (do_symlink(lnk, create_name) < 0) {
+ rsyserr(FERROR_XFER, errno, "symlink %s -> \"%s\" failed",
+ full_fname(create_name), lnk);
+ return 0;
+ }
+ } else
+#endif
+#ifdef SUPPORT_HARD_LINKS
+ if (!hard_link_one(file, create_name, lnk, 0))
+ return 0;
+#endif
+ } else {
+ if (do_mknod(create_name, file->mode, rdev) < 0) {
+ rsyserr(FERROR_XFER, errno, "mknod %s failed",
+ full_fname(create_name));
+ return 0;
+ }
+ }
+
+ if (!skip_atomic) {
+ if (do_rename(tmpname, fname) < 0) {
+ rsyserr(FERROR_XFER, errno, "rename %s -> \"%s\" failed",
+ full_fname(tmpname), full_fname(fname));
+ do_unlink(tmpname);
+ return 0;
+ }
+ }
+
+ return 1;
+}
+
#ifdef SUPPORT_HARD_LINKS
static void handle_skipped_hlink(struct file_struct *file, int itemizing,
enum logcode code, int f_out)
}
static int maybe_hard_link(struct file_struct *file, int ndx,
- const char *fname, int statret, stat_x *sxp,
+ char *fname, int statret, stat_x *sxp,
const char *oldname, STRUCT_STAT *old_stp,
const char *realname, int itemizing, enum logcode code)
{
if (statret == 0) {
- int ok = 0;
if (sxp->st.st_dev == old_stp->st_dev
&& sxp->st.st_ino == old_stp->st_ino) {
if (itemizing) {
file->flags |= FLAG_HLINK_DONE;
return 0;
}
- if (make_backups > 0 && (ok = make_backup(fname, True)) == 0)
- return -1;
- if (ok != 1 && robust_unlink(fname) && errno != ENOENT) {
- rsyserr(FERROR_XFER, errno, "unlink %s failed",
- full_fname(fname));
- return -1;
- }
}
- if (hard_link_one(file, fname, oldname, 0)) {
+ if (atomic_create(file, fname, oldname, MAKEDEV(0, 0), sxp, statret == 0 ? DEL_FOR_FILE : 0)) {
if (itemizing) {
itemize(fname, file, ndx, statret, sxp,
ITEM_LOCAL_CHANGE | ITEM_XNAME_FOLLOWS, 0,
rprintf(code, "%s => %s\n", fname, realname);
return 0;
}
+
return -1;
}
/* Only called if FLAG_HLINKED is set and FLAG_HLINK_FIRST is not. Returns:
* 0 = process the file, 1 = skip the file, -1 = error occurred. */
-int hard_link_check(struct file_struct *file, int ndx, const char *fname,
+int hard_link_check(struct file_struct *file, int ndx, char *fname,
int statret, stat_x *sxp, int itemizing,
enum logcode code)
{
/* We're either updating the basis file or an identical copy: */
static int updating_basis_or_equiv;
-/*
- * get_tmpname() - create a tmp filename for a given filename
+#define TMPNAME_SUFFIX ".XXXXXX"
+#define TMPNAME_SUFFIX_LEN ((int)sizeof TMPNAME_SUFFIX - 1)
+#define MAX_UNIQUE_NUMBER 999999
+#define MAX_UNIQUE_LOOP 100
+
+/* get_tmpname() - create a tmp filename for a given filename
*
- * If a tmpdir is defined, use that as the directory to
- * put it in. Otherwise, the tmp filename is in the same
- * directory as the given name. Note that there may be no
- * directory at all in the given name!
+ * If a tmpdir is defined, use that as the directory to put it in. Otherwise,
+ * the tmp filename is in the same directory as the given name. Note that
+ * there may be no directory at all in the given name!
*
- * The tmp filename is basically the given filename with a
- * dot prepended, and .XXXXXX appended (for mkstemp() to
- * put its unique gunk in). Take care to not exceed
- * either the MAXPATHLEN or NAME_MAX, esp. the last, as
- * the basename basically becomes 8 chars longer. In that
- * case, the original name is shortened sufficiently to
- * make it all fit.
+ * The tmp filename is basically the given filename with a dot prepended, and
+ * .XXXXXX appended (for mkstemp() to put its unique gunk in). We take care
+ * to not exceed either the MAXPATHLEN or NAME_MAX, especially the last, as
+ * the basename basically becomes 8 characters longer. In such a case, the
+ * original name is shortened sufficiently to make it all fit.
*
- * Of course, there's no real reason for the tmp name to
- * look like the original, except to satisfy us humans.
- * As long as it's unique, rsync will work.
- */
-
-int get_tmpname(char *fnametmp, const char *fname)
+ * If the make_unique arg is True, the XXXXXX string is replaced with a unique
+ * string that doesn't exist at the time of the check. This is intended to be
+ * used for creating hard links, symlinks, devices, and special files, since
+ * normal files should be handled by mkstemp() for safety.
+ *
+ * Of course, the only reason the file is based on the original name is to
+ * make it easier to figure out what purpose a temp file is serving when a
+ * transfer is in progress. */
+int get_tmpname(char *fnametmp, const char *fname, BOOL make_unique)
{
int maxname, added, length = 0;
const char *f;
+ char *suf;
if (tmpdir) {
/* Note: this can't overflow, so the return value is safe */
fnametmp[length++] = '.';
/* The maxname value is bufsize, and includes space for the '\0'.
- * (Note that NAME_MAX get -8 for the leading '.' above.) */
- maxname = MIN(MAXPATHLEN - 7 - length, NAME_MAX - 8);
+ * NAME_MAX needs an extra -1 for the name's leading dot. */
+ maxname = MIN(MAXPATHLEN - length - TMPNAME_SUFFIX_LEN,
+ NAME_MAX - 1 - TMPNAME_SUFFIX_LEN);
if (maxname < 1) {
rprintf(FERROR_XFER, "temporary filename too long: %s\n", fname);
added = strlcpy(fnametmp + length, f, maxname);
if (added >= maxname)
added = maxname - 1;
- memcpy(fnametmp + length + added, ".XXXXXX", 8);
+ suf = fnametmp + length + added;
+
+ if (make_unique) {
+ static unsigned counter_limit;
+ unsigned counter;
+
+ if (!counter_limit) {
+ counter_limit = (unsigned)getpid() + MAX_UNIQUE_LOOP;
+ if (counter_limit > MAX_UNIQUE_NUMBER || counter_limit < MAX_UNIQUE_LOOP)
+ counter_limit = MAX_UNIQUE_LOOP;
+ }
+ counter = counter_limit - MAX_UNIQUE_LOOP;
+
+ /* This doesn't have to be very good because we don't need
+ * to worry about someone trying to guess the values: all
+ * a conflict will do is cause a device, special file, hard
+ * link, or symlink to fail to be created. Also: avoid
+ * using mktemp() due to gcc's annoying warning. */
+ while (1) {
+ snprintf(suf, TMPNAME_SUFFIX_LEN+1, ".%d", counter);
+ if (access(fnametmp, 0) < 0)
+ break;
+ if (++counter >= counter_limit)
+ return 0;
+ }
+ } else
+ memcpy(suf, TMPNAME_SUFFIX, TMPNAME_SUFFIX_LEN+1);
return 1;
}
{
int fd;
- if (!get_tmpname(fnametmp, fname))
+ if (!get_tmpname(fnametmp, fname, False))
return -1;
/* We initially set the perms without the setuid/setgid bits or group
if (fd == -1 && relative_paths && errno == ENOENT
&& make_path(fnametmp, MKP_SKIP_SLASH | MKP_DROP_NAME) == 0) {
/* Get back to name with XXXXXX in it. */
- get_tmpname(fnametmp, fname);
+ get_tmpname(fnametmp, fname, False);
fd = do_mkstemp(fnametmp, file->mode & INITACCESSPERMS);
}
#endif
.d..t.$dots ./
cDc.t.$dots block
cDc...$dots block2
-cD$all_plus block3
-hD$all_plus block2.5 => block3
+cD$all_plus block2.5
+hD$all_plus block3 => block2.5
cD$all_plus char
cD$all_plus char2
cD$all_plus char3
Matt McCutchen's Web Site / rsync / rsync.git / commitdiff