4 files changed, 43 insertions, 9 deletions

diff --git a/lib/libutil/gr_util.c b/lib/libutil/gr_util.c
index b0b0b36f08185..93b3eb2f92fc4 100644
--- a/lib/libutil/gr_util.c
+++ b/lib/libutil/gr_util.c
@@ -141,7 +141,7 @@ gr_tmp(int mfd)
 		errno = ENAMETOOLONG;
 		return (-1);
 	}
-	if ((tfd = mkstemp(tempname)) == -1)
+	if ((tfd = mkostemp(tempname, O_SYNC)) == -1)
 		return (-1);
 	if (mfd != -1) {
 		while ((nr = read(mfd, buf, sizeof(buf))) > 0)
@@ -318,10 +318,28 @@ gr_copy(int ffd, int tfd, const struct group *gr, struct group *old_gr)
 int
 gr_mkdb(void)
 {
+	int fd;
+
 	if (chmod(tempname, 0644) != 0)
 		return (-1);
 
-	return (rename(tempname, group_file));
+	if (rename(tempname, group_file) != 0)
+		return (-1);
+
+	/*
+	 * Make sure new group file is safe on disk. To improve performance we
+	 * will call fsync() to the directory where file lies
+	 */
+	if ((fd = open(group_dir, O_RDONLY|O_DIRECTORY)) == -1)
+		return (-1);
+
+	if (fsync(fd) != 0) {
+		close(fd);
+		return (-1);
+	}
+
+	close(fd);
+	return(0);
 }
 
 /*
diff --git a/lib/libutil/pw_util.3 b/lib/libutil/pw_util.3
index 706368fbffed0..b558916c82d57 100644
--- a/lib/libutil/pw_util.3
+++ b/lib/libutil/pw_util.3
@@ -233,7 +233,8 @@ function returns 0 in case of success and -1 in case of failure.
 The
 .Fn pw_lock
 function locks the master password file.
-It returns 0 in case of success and -1 in case of failure.
+It returns a file descriptor to master password file in case of success
+and -1 in case of failure.
 .Pp
 The
 .Fn pw_scan
diff --git a/lib/libutil/pw_util.c b/lib/libutil/pw_util.c
index befd1fb02d701..af749d5240de5 100644
--- a/lib/libutil/pw_util.c
+++ b/lib/libutil/pw_util.c
@@ -226,7 +226,7 @@ pw_tmp(int mfd)
 		errno = ENAMETOOLONG;
 		return (-1);
 	}
-	if ((tfd = mkstemp(tempname)) == -1)
+	if ((tfd = mkostemp(tempname, O_SYNC)) == -1)
 		return (-1);
 	if (mfd != -1) {
 		while ((nr = read(mfd, buf, sizeof(buf))) > 0)
diff --git a/usr.sbin/pwd_mkdb/pwd_mkdb.c b/usr.sbin/pwd_mkdb/pwd_mkdb.c
index 69a2faefa8e73..c382cb5a5e24d 100644
--- a/usr.sbin/pwd_mkdb/pwd_mkdb.c
+++ b/usr.sbin/pwd_mkdb/pwd_mkdb.c
@@ -51,6 +51,7 @@ __FBSDID("$FreeBSD$");
 #include <err.h>
 #include <errno.h>
 #include <fcntl.h>
+#include <libgen.h>
 #include <limits.h>
 #include <pwd.h>
 #include <signal.h>
@@ -227,14 +228,14 @@ main(int argc, char *argv[])
 		clean = FILE_INSECURE;
 		cp(buf2, buf, PERM_INSECURE);
 		dp = dbopen(buf,
-		    O_RDWR|O_EXCL, PERM_INSECURE, DB_HASH, &openinfo);
+		    O_RDWR|O_EXCL|O_SYNC, PERM_INSECURE, DB_HASH, &openinfo);
 		if (dp == NULL)
 			error(buf);
 
 		clean = FILE_SECURE;
 		cp(sbuf2, sbuf, PERM_SECURE);
 		sdp = dbopen(sbuf,
-		    O_RDWR|O_EXCL, PERM_SECURE, DB_HASH, &openinfo);
+		    O_RDWR|O_EXCL|O_SYNC, PERM_SECURE, DB_HASH, &openinfo);
 		if (sdp == NULL)
 			error(sbuf);
 
@@ -291,13 +292,13 @@ main(int argc, char *argv[])
 		method = 0;
 	} else {
 		dp = dbopen(buf,
-		    O_RDWR|O_CREAT|O_EXCL, PERM_INSECURE, DB_HASH, &openinfo);
+		    O_RDWR|O_CREAT|O_EXCL|O_SYNC, PERM_INSECURE, DB_HASH, &openinfo);
 		if (dp == NULL)
 			error(buf);
 		clean = FILE_INSECURE;
 
 		sdp = dbopen(sbuf,
-		    O_RDWR|O_CREAT|O_EXCL, PERM_SECURE, DB_HASH, &openinfo);
+		    O_RDWR|O_CREAT|O_EXCL|O_SYNC, PERM_SECURE, DB_HASH, &openinfo);
 		if (sdp == NULL)
 			error(sbuf);
 		clean = FILE_SECURE;
@@ -721,13 +722,27 @@ void
 mv(char *from, char *to)
 {
 	char buf[MAXPATHLEN];
+	char *to_dir;
+	int to_dir_fd = -1;
 
-	if (rename(from, to)) {
+	/*
+	 * Make sure file is safe on disk. To improve performance we will call
+	 * fsync() to the directory where file lies
+	 */
+	if (rename(from, to) != 0 ||
+	    (to_dir = dirname(to)) == NULL ||
+	    (to_dir_fd = open(to_dir, O_RDONLY|O_DIRECTORY)) == -1 ||
+	    fsync(to_dir_fd) != 0) {
 		int sverrno = errno;
 		(void)snprintf(buf, sizeof(buf), "%s to %s", from, to);
 		errno = sverrno;
+		if (to_dir_fd != -1)
+			close(to_dir_fd);
 		error(buf);
 	}
+
+	if (to_dir_fd != -1)
+		close(to_dir_fd);
 }
 
 void