# HG changeset patch
# User David Powell <David.Powell@sun.com>
# Date 1261019172 28800
# Node ID fc1223edbd8d9482fffd33d4ea31a8e6e59e2c6f
# Parent  6eb404d32758d0e8e87c59322b39e57651b51760
13421 apache: o.o.o.rad.ContainerException: system error: error talking to slave
13426 TLS transport auto-generates readable private keys
13429 file browsing API hard codes incorrect attributes

diff -r 6eb404d32758 -r fc1223edbd8d usr/src/apis/file.xml
--- a/usr/src/apis/file.xml	Wed Dec 16 14:25:49 2009 -0500
+++ b/usr/src/apis/file.xml	Wed Dec 16 19:06:12 2009 -0800
@@ -42,10 +42,10 @@
 		<field type="boolean" name="file" />
 		<field type="boolean" name="hidden" />
 		<field type="time" name="lastModified" />
-		<field type="integer" name="length" />
-		<field type="integer" name="freeSpace" />
-		<field type="integer" name="totalSpace" />
-		<field type="integer" name="usableSpace" />
+		<field type="long" name="length" />
+		<field type="long" name="freeSpace" />
+		<field type="long" name="totalSpace" />
+		<field type="long" name="usableSpace" />
 	</type>
 
 	<api name="fileBrowser">
diff -r 6eb404d32758 -r fc1223edbd8d usr/src/cmd/rad/mod/files/mod_files.c
--- a/usr/src/cmd/rad/mod/files/mod_files.c	Wed Dec 16 14:25:49 2009 -0500
+++ b/usr/src/cmd/rad/mod/files/mod_files.c	Wed Dec 16 19:06:12 2009 -0800
@@ -24,6 +24,17 @@
  * Use is subject to license terms.
  */
 
+/*
+ * Unfortunately, the behavior this module has inherited is not one
+ * of "get me information about file X or directory Y", but "tell me
+ * what calling 'new File(X)' would do in Java".  This includes
+ * nonsense like manufacturing correct fake data for nonexistent
+ * files.
+ *
+ * This sorely needs to be ripped out and replaced with a sane
+ * interface.
+ */
+
 #include <sys/stat.h>
 #include <sys/types.h>
 #include <string.h>
@@ -33,6 +44,7 @@
 #include <time.h>
 #include <dirent.h>
 #include <libgen.h>
+#include <limits.h>
 
 #include "rad_adr.h"
 #include "rad_object.h"
@@ -41,47 +53,72 @@
 #include "api_file.h"
 
 static data_t *
-read_file(const char *path)
+empty_file(data_t *data, const char *apath, const char *cpath)
 {
-	char foo[1000];
-	char bar[1000] = { 0 };
+	struct_set(data, "absolutePath", data_new_string(apath, lt_copy));
+	struct_set(data, "canonicalPath", data_new_string(cpath, lt_copy));
+	struct_set(data, "canonical", data_new_boolean(B_TRUE));
+	struct_set(data, "baseName", data_new_string("", lt_copy));
+	struct_set(data, "exists", data_new_boolean(B_FALSE));
+	struct_set(data, "readable", data_new_boolean(B_FALSE));
+	struct_set(data, "writable", data_new_boolean(B_FALSE));
+	struct_set(data, "hidden", data_new_boolean(B_FALSE));
+	struct_set(data, "directory", data_new_boolean(B_FALSE));
+	struct_set(data, "file", data_new_boolean(B_FALSE));
+	struct_set(data, "lastModified", data_new_time(0));
+	struct_set(data, "length", data_new_long(0));
+	struct_set(data, "freeSpace", data_new_long(0));
+	struct_set(data, "totalSpace", data_new_long(0));
+	struct_set(data, "usableSpace", data_new_long(0));
+	return (data_purify(data));
+}
 
-	data_t *root = data_new_struct(&t__FileSnapshot);
-	struct_set(root, "path", data_new_string(path, lt_copy));
+static data_t *
+read_file(const char *path, const char *file)
+{
+	struct stat64 st;
+	char apath[PATH_MAX] = "";
+	char cpath[PATH_MAX] = "";
+	const char *name = file != NULL ? file : path;
+
+	data_t *data = data_new_struct(&t__FileSnapshot);
+	struct_set(data, "path", data_new_string(name, lt_copy));
+	struct_set(data, "absolute", data_new_boolean(name[0] == '/'));
 
 	if (path[0] != '/') {
-		getcwd(foo, 1000);
-		strlcat(foo, "/", 1000);
-		strlcat(foo, path, 1000);
+		if (getcwd(apath, PATH_MAX) == NULL) {
+			data_free(data);
+			return (NULL);
+		}
+		if (apath[1] != '\0')
+			strlcat(apath, "/", PATH_MAX);
+		strlcat(apath, path, PATH_MAX);
 	} else {
-		strlcpy(foo, path, 1000);
-	}
-	struct_set(root, "absolutePath", data_new_string(foo, lt_copy));
-	struct_set(root, "baseName", data_new_string(basename(foo), lt_copy));
-
-	resolvepath(foo, bar, 1000);
-	struct_set(root, "canonicalPath", data_new_string(bar, lt_copy));
-	struct_set(root, "absolute", data_new_boolean(B_TRUE));
-	struct_set(root, "canonical", data_new_boolean(strcmp(foo, bar) == 0));
-	struct_set(root, "exists", data_new_boolean(B_TRUE));
-	struct_set(root, "readable", data_new_boolean(access(path, R_OK) == 0));
-	struct_set(root, "writable", data_new_boolean(access(path, W_OK) == 0));
-	struct_set(root, "directory", data_new_boolean(B_TRUE));
-	struct_set(root, "file", data_new_boolean(B_FALSE));
-	struct_set(root, "hidden", data_new_boolean(B_FALSE));
-	struct stat st;
-	if (stat(path, &st) == -1) {
-		data_free(root);
-		return (NULL);
+		strlcpy(apath, path, PATH_MAX);
 	}
 
-	struct_set(root, "lastModified", data_new_time(st.st_mtime));
+	if (resolvepath(apath, cpath, PATH_MAX) == -1 ||
+	    stat64(path, &st) == -1)
+		return (empty_file(data, apath, apath));
+
+	struct_set(data, "absolutePath", data_new_string(apath, lt_copy));
+	struct_set(data, "canonicalPath", data_new_string(cpath, lt_copy));
+	struct_set(data, "canonical",
+	    data_new_boolean(strcmp(apath, cpath) == 0));
+	struct_set(data, "baseName", data_new_string(basename(apath), lt_copy));
+	struct_set(data, "exists", data_new_boolean(B_TRUE));
+	struct_set(data, "readable", data_new_boolean(access(path, R_OK) == 0));
+	struct_set(data, "writable", data_new_boolean(access(path, W_OK) == 0));
+	struct_set(data, "hidden", data_new_boolean(B_FALSE));
+	struct_set(data, "directory", data_new_boolean(S_ISDIR(st.st_mode)));
+	struct_set(data, "file", data_new_boolean(S_ISREG(st.st_mode)));
+	struct_set(data, "lastModified", data_new_time(st.st_mtime));
 	/* XXX: 64-bitify */
-	struct_set(root, "length", data_new_integer(st.st_size));
-	struct_set(root, "freeSpace", data_new_integer(0));
-	struct_set(root, "totalSpace", data_new_integer(0));
-	struct_set(root, "usableSpace", data_new_integer(0));
-	return (root);
+	struct_set(data, "length", data_new_long(st.st_size));
+	struct_set(data, "freeSpace", data_new_long(0));
+	struct_set(data, "totalSpace", data_new_long(0));
+	struct_set(data, "usableSpace", data_new_long(0));
+	return (data_purify(data));
 }
 
 /* ARGSUSED */
@@ -90,8 +127,8 @@
     data_t **data, data_t **error)
 {
 	data_t *result = data_new_array(&t_array__FileSnapshot, 1);
-	array_add(result, read_file("/"));
-	*data = result;
+	array_add(result, read_file("/", NULL));
+	*data = data_purify(result);
 	return (ce_ok);
 }
 
@@ -100,7 +137,7 @@
 api_fileBrowser_invoke_getFile(struct instance *inst, struct method *meth,
     data_t **ret, data_t **args, int count, data_t **error)
 {
-	*ret = read_file(args[0]->d_data.string);
+	*ret = read_file(args[0]->d_data.string, NULL);
 	return (ce_ok);
 }
 
@@ -119,20 +156,20 @@
 
 	result = data_new_array(&t_array__FileSnapshot, 1);
 	while ((ent = readdir(d)) != NULL) {
-		char buf[1000];
+		char buf[PATH_MAX];
 		if (strcmp(ent->d_name, ".") == 0 ||
 		    strcmp(ent->d_name, "..") == 0)
 			continue;
 		int len = strlen(path);
 		while (len > 0 && path[len - 1] == '/')
 			len--;
-		snprintf(buf, 1000, "%.*s/%s", len, path, ent->d_name);
-		data_t *file = read_file(buf);
+		snprintf(buf, PATH_MAX, "%.*s/%s", len, path, ent->d_name);
+		data_t *file = read_file(buf, NULL);
 		if (file != NULL)
 			array_add(result, file);
 	}
-	closedir(d);
-	*ret = result;
+	(void) closedir(d);
+	*ret = data_purify(result);
 
 	return (ce_ok);
 }
diff -r 6eb404d32758 -r fc1223edbd8d usr/src/cmd/rad/mod/smf/mod_smf.c
--- a/usr/src/cmd/rad/mod/smf/mod_smf.c	Wed Dec 16 14:25:49 2009 -0500
+++ b/usr/src/cmd/rad/mod/smf/mod_smf.c	Wed Dec 16 19:06:12 2009 -0800
@@ -1147,7 +1147,7 @@
 	conerr_t err = ce_ok;
 	const char *pgname = args[0]->d_data.string;
 	const char *propname = args[1]->d_data.string;
-	const char *typename = args[2]->d_data.string;
+	scf_type_t type = enum_tovalue(args[2]);
 	int sret;
 
 	servinst_t *si = inst->i_data;
@@ -1158,7 +1158,6 @@
 	scf_propertygroup_t *pg = scf_pg_create(scfhandle);
 	scf_transaction_t *tx = scf_transaction_create(scfhandle);
 	scf_transaction_entry_t *ent = scf_entry_create(scfhandle);
-	scf_type_t type;
 
 	if (scfhandle == NULL || service == NULL || instance == NULL ||
 	    pg == NULL || tx == NULL || ent == NULL) {
@@ -1166,11 +1165,6 @@
 		goto out;
 	}
 
-	if ((type = scf_string_to_type(typename)) == SCF_TYPE_INVALID) {
-		err = error_scf(error, SCF_ERROR_INVALID_ARGUMENT);
-		goto out;
-	}
-
 	if (scf_handle_decode_fmri(scfhandle, si->fmri, NULL, service,
 	    instance, NULL, NULL, 0) != SCF_SUCCESS) {
 		rad_log(RL_WARN, "Couldn't decode '%s': %s\n",
diff -r 6eb404d32758 -r fc1223edbd8d usr/src/cmd/rad/mod/xport_tls/mod_xport_tls.c
--- a/usr/src/cmd/rad/mod/xport_tls/mod_xport_tls.c	Wed Dec 16 14:25:49 2009 -0500
+++ b/usr/src/cmd/rad/mod/xport_tls/mod_xport_tls.c	Wed Dec 16 19:06:12 2009 -0800
@@ -108,12 +108,16 @@
 
 	rad_log(RL_WARN, "generating key/certificate pair\n");
 	if (posix_spawn(&pid, args[0], NULL, NULL, (char **)args, NULL) != 0) {
-		rad_log(RL_WARN, "failed to exec openssl\n");
+		rad_log(RL_ERROR, "failed to create key pair\n");
 		return (B_FALSE);
 	}
 	while (waitpid(pid, NULL, 0) == -1 && errno == EINTR)
 		;
 
+	if (chmod(cert, 0644) == -1)
+		rad_log(RL_WARN, "failed to chmod '%s'; "
+		    "certificate only readable by owner: %s", strerror(errno));
+
 	return (B_TRUE);
 }
 
diff -r 6eb404d32758 -r fc1223edbd8d usr/src/cmd/rad/rad.c
--- a/usr/src/cmd/rad/rad.c	Wed Dec 16 14:25:49 2009 -0500
+++ b/usr/src/cmd/rad/rad.c	Wed Dec 16 19:06:12 2009 -0800
@@ -25,6 +25,7 @@
  */
 
 #include <sys/wait.h>
+#include <sys/stat.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <signal.h>
@@ -149,6 +150,7 @@
 	sigset_t hupset;
 	int svc_fd = -1;
 
+	(void) umask(077);
 	(void) setlocale(LC_ALL, "");
 	(void) textdomain(TEXT_DOMAIN);
 
diff -r 6eb404d32758 -r fc1223edbd8d usr/src/java/rad/org/opensolaris/os/rad/jmx/RadJMXConnector.java
--- a/usr/src/java/rad/org/opensolaris/os/rad/jmx/RadJMXConnector.java	Wed Dec 16 14:25:49 2009 -0500
+++ b/usr/src/java/rad/org/opensolaris/os/rad/jmx/RadJMXConnector.java	Wed Dec 16 19:06:12 2009 -0800
@@ -59,9 +59,7 @@
 	new NotificationBroadcasterSupport();
     private int serial_ = 0;
 
-    RadJMXConnector(JMXServiceURL url, Map<String, ?> env,
-	boolean usetls) {
-
+    RadJMXConnector(JMXServiceURL url, Map<String, ?> env, boolean usetls) {
 	host_ = url.getHost();
 	port_ = url.getPort();
 	env_ = env;
@@ -118,9 +116,11 @@
     public MBeanServerConnection getMBeanServerConnection(
 	Subject delegationSubject) throws IOException {
 
+	if (delegationSubject == null)
+	    return getMBeanServerConnection();
+
 	checkState(false);
-	/* XXX */
-	return getMBeanServerConnection();
+	throw new IOException("Subject delegation not supported");
     }
 
     public void close() throws IOException {