xref: /titanic_44/usr/src/cmd/zonecfg/zonecfg.c (revision 944b13ecd074fe0d43ed6f80c816ca862c3cd6eb)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 
22 /*
23  * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
24  * Copyright 2014 Nexenta Systems, Inc.  All rights reserved.
25  * Copyright 2014 Gary Mills
26  */
27 
28 /*
29  * zonecfg is a lex/yacc based command interpreter used to manage zone
30  * configurations.  The lexer (see zonecfg_lex.l) builds up tokens, which
31  * the grammar (see zonecfg_grammar.y) builds up into commands, some of
32  * which takes resources and/or properties as arguments.  See the block
33  * comments near the end of zonecfg_grammar.y for how the data structures
34  * which keep track of these resources and properties are built up.
35  *
36  * The resource/property data structures are inserted into a command
37  * structure (see zonecfg.h), which also keeps track of command names,
38  * miscellaneous arguments, and function handlers.  The grammar selects
39  * the appropriate function handler, each of which takes a pointer to a
40  * command structure as its sole argument, and invokes it.  The grammar
41  * itself is "entered" (a la the Matrix) by yyparse(), which is called
42  * from read_input(), our main driving function.  That in turn is called
43  * by one of do_interactive(), cmd_file() or one_command_at_a_time(), each
44  * of which is called from main() depending on how the program was invoked.
45  *
46  * The rest of this module consists of the various function handlers and
47  * their helper functions.  Some of these functions, particularly the
48  * X_to_str() functions, which maps command, resource and property numbers
49  * to strings, are used quite liberally, as doing so results in a better
50  * program w/rt I18N, reducing the need for translation notes.
51  */
52 
53 #include <sys/mntent.h>
54 #include <sys/varargs.h>
55 #include <sys/sysmacros.h>
56 
57 #include <errno.h>
58 #include <fcntl.h>
59 #include <strings.h>
60 #include <unistd.h>
61 #include <ctype.h>
62 #include <stdlib.h>
63 #include <assert.h>
64 #include <sys/stat.h>
65 #include <zone.h>
66 #include <arpa/inet.h>
67 #include <netdb.h>
68 #include <locale.h>
69 #include <libintl.h>
70 #include <alloca.h>
71 #include <signal.h>
72 #include <wait.h>
73 #include <libtecla.h>
74 #include <libzfs.h>
75 #include <sys/brand.h>
76 #include <libbrand.h>
77 #include <sys/systeminfo.h>
78 #include <libdladm.h>
79 #include <libinetutil.h>
80 #include <pwd.h>
81 #include <inet/ip.h>
82 
83 #include <libzonecfg.h>
84 #include "zonecfg.h"
85 
86 #if !defined(TEXT_DOMAIN)		/* should be defined by cc -D */
87 #define	TEXT_DOMAIN	"SYS_TEST"	/* Use this only if it wasn't */
88 #endif
89 
90 #define	PAGER	"/usr/bin/more"
91 #define	EXEC_PREFIX	"exec "
92 #define	EXEC_LEN	(strlen(EXEC_PREFIX))
93 
94 struct help {
95 	uint_t	cmd_num;
96 	char	*cmd_name;
97 	uint_t	flags;
98 	char	*short_usage;
99 };
100 
101 extern int yyparse(void);
102 extern int lex_lineno;
103 
104 #define	MAX_LINE_LEN	1024
105 #define	MAX_CMD_HIST	1024
106 #define	MAX_CMD_LEN	1024
107 
108 #define	ONE_MB		1048576
109 
110 /*
111  * Each SHELP_ should be a simple string.
112  */
113 
114 #define	SHELP_ADD	"add <resource-type>\n\t(global scope)\n" \
115 	"add <property-name> <property-value>\n\t(resource scope)"
116 #define	SHELP_CANCEL	"cancel"
117 #define	SHELP_CLEAR	"clear <property-name>"
118 #define	SHELP_COMMIT	"commit"
119 #define	SHELP_CREATE	"create [-F] [ -a <path> | -b | -t <template> ]"
120 #define	SHELP_DELETE	"delete [-F]"
121 #define	SHELP_END	"end"
122 #define	SHELP_EXIT	"exit [-F]"
123 #define	SHELP_EXPORT	"export [-f output-file]"
124 #define	SHELP_HELP	"help [commands] [syntax] [usage] [<command-name>]"
125 #define	SHELP_INFO	"info [<resource-type> [property-name=property-value]*]"
126 #define	SHELP_REMOVE	"remove [-F] <resource-type> " \
127 	"[ <property-name>=<property-value> ]*\n" \
128 	"\t(global scope)\n" \
129 	"remove <property-name> <property-value>\n" \
130 	"\t(resource scope)"
131 #define	SHELP_REVERT	"revert [-F]"
132 #define	SHELP_SELECT	"select <resource-type> { <property-name>=" \
133 	"<property-value> }"
134 #define	SHELP_SET	"set <property-name>=<property-value>"
135 #define	SHELP_VERIFY	"verify"
136 
137 static struct help helptab[] = {
138 	{ CMD_ADD,	"add",		HELP_RES_PROPS,	SHELP_ADD, },
139 	{ CMD_CANCEL,	"cancel",	0,		SHELP_CANCEL, },
140 	{ CMD_CLEAR,	"clear",	HELP_PROPS,	SHELP_CLEAR, },
141 	{ CMD_COMMIT,	"commit",	0,		SHELP_COMMIT, },
142 	{ CMD_CREATE,	"create",	0,		SHELP_CREATE, },
143 	{ CMD_DELETE,	"delete",	0,		SHELP_DELETE, },
144 	{ CMD_END,	"end",		0,		SHELP_END, },
145 	{ CMD_EXIT,	"exit",		0,		SHELP_EXIT, },
146 	{ CMD_EXPORT,	"export",	0,		SHELP_EXPORT, },
147 	{ CMD_HELP,	"help",		0,		SHELP_HELP },
148 	{ CMD_INFO,	"info",		HELP_RES_PROPS,	SHELP_INFO, },
149 	{ CMD_REMOVE,	"remove",	HELP_RES_PROPS,	SHELP_REMOVE, },
150 	{ CMD_REVERT,	"revert",	0,		SHELP_REVERT, },
151 	{ CMD_SELECT,	"select",	HELP_RES_PROPS,	SHELP_SELECT, },
152 	{ CMD_SET,	"set",		HELP_PROPS,	SHELP_SET, },
153 	{ CMD_VERIFY,	"verify",	0,		SHELP_VERIFY, },
154 	{ 0 },
155 };
156 
157 #define	MAX_RT_STRLEN	16
158 
159 /* These *must* match the order of the RT_ define's from zonecfg.h */
160 char *res_types[] = {
161 	"unknown",
162 	"zonename",
163 	"zonepath",
164 	"autoboot",
165 	"pool",
166 	"fs",
167 	"net",
168 	"device",
169 	"rctl",
170 	"attr",
171 	"dataset",
172 	"limitpriv",
173 	"bootargs",
174 	"brand",
175 	"dedicated-cpu",
176 	"capped-memory",
177 	ALIAS_MAXLWPS,
178 	ALIAS_MAXSHMMEM,
179 	ALIAS_MAXSHMIDS,
180 	ALIAS_MAXMSGIDS,
181 	ALIAS_MAXSEMIDS,
182 	ALIAS_SHARES,
183 	"scheduling-class",
184 	"ip-type",
185 	"capped-cpu",
186 	"hostid",
187 	"admin",
188 	"fs-allowed",
189 	ALIAS_MAXPROCS,
190 	NULL
191 };
192 
193 /* These *must* match the order of the PT_ define's from zonecfg.h */
194 char *prop_types[] = {
195 	"unknown",
196 	"zonename",
197 	"zonepath",
198 	"autoboot",
199 	"pool",
200 	"dir",
201 	"special",
202 	"type",
203 	"options",
204 	"address",
205 	"physical",
206 	"name",
207 	"value",
208 	"match",
209 	"priv",
210 	"limit",
211 	"action",
212 	"raw",
213 	"limitpriv",
214 	"bootargs",
215 	"brand",
216 	"ncpus",
217 	"importance",
218 	"swap",
219 	"locked",
220 	ALIAS_SHARES,
221 	ALIAS_MAXLWPS,
222 	ALIAS_MAXSHMMEM,
223 	ALIAS_MAXSHMIDS,
224 	ALIAS_MAXMSGIDS,
225 	ALIAS_MAXSEMIDS,
226 	ALIAS_MAXLOCKEDMEM,
227 	ALIAS_MAXSWAP,
228 	"scheduling-class",
229 	"ip-type",
230 	"defrouter",
231 	"hostid",
232 	"user",
233 	"auths",
234 	"fs-allowed",
235 	ALIAS_MAXPROCS,
236 	"allowed-address",
237 	NULL
238 };
239 
240 /* These *must* match the order of the PROP_VAL_ define's from zonecfg.h */
241 static char *prop_val_types[] = {
242 	"simple",
243 	"complex",
244 	"list",
245 };
246 
247 /*
248  * The various _cmds[] lists below are for command tab-completion.
249  */
250 
251 /*
252  * remove has a space afterwards because it has qualifiers; the other commands
253  * that have qualifiers (add, select, etc.) don't need a space here because
254  * they have their own _cmds[] lists below.
255  */
256 static const char *global_scope_cmds[] = {
257 	"add",
258 	"clear",
259 	"commit",
260 	"create",
261 	"delete",
262 	"exit",
263 	"export",
264 	"help",
265 	"info",
266 	"remove ",
267 	"revert",
268 	"select",
269 	"set",
270 	"verify",
271 	NULL
272 };
273 
274 static const char *add_cmds[] = {
275 	"add fs",
276 	"add net",
277 	"add device",
278 	"add rctl",
279 	"add attr",
280 	"add dataset",
281 	"add dedicated-cpu",
282 	"add capped-cpu",
283 	"add capped-memory",
284 	"add admin",
285 	NULL
286 };
287 
288 static const char *clear_cmds[] = {
289 	"clear autoboot",
290 	"clear pool",
291 	"clear limitpriv",
292 	"clear bootargs",
293 	"clear scheduling-class",
294 	"clear ip-type",
295 	"clear " ALIAS_MAXLWPS,
296 	"clear " ALIAS_MAXSHMMEM,
297 	"clear " ALIAS_MAXSHMIDS,
298 	"clear " ALIAS_MAXMSGIDS,
299 	"clear " ALIAS_MAXSEMIDS,
300 	"clear " ALIAS_SHARES,
301 	"clear " ALIAS_MAXPROCS,
302 	NULL
303 };
304 
305 static const char *remove_cmds[] = {
306 	"remove fs ",
307 	"remove net ",
308 	"remove device ",
309 	"remove rctl ",
310 	"remove attr ",
311 	"remove dataset ",
312 	"remove dedicated-cpu ",
313 	"remove capped-cpu ",
314 	"remove capped-memory ",
315 	"remove admin ",
316 	NULL
317 };
318 
319 static const char *select_cmds[] = {
320 	"select fs ",
321 	"select net ",
322 	"select device ",
323 	"select rctl ",
324 	"select attr ",
325 	"select dataset ",
326 	"select dedicated-cpu",
327 	"select capped-cpu",
328 	"select capped-memory",
329 	"select admin",
330 	NULL
331 };
332 
333 static const char *set_cmds[] = {
334 	"set zonename=",
335 	"set zonepath=",
336 	"set brand=",
337 	"set autoboot=",
338 	"set pool=",
339 	"set limitpriv=",
340 	"set bootargs=",
341 	"set scheduling-class=",
342 	"set ip-type=",
343 	"set " ALIAS_MAXLWPS "=",
344 	"set " ALIAS_MAXSHMMEM "=",
345 	"set " ALIAS_MAXSHMIDS "=",
346 	"set " ALIAS_MAXMSGIDS "=",
347 	"set " ALIAS_MAXSEMIDS "=",
348 	"set " ALIAS_SHARES "=",
349 	"set hostid=",
350 	"set fs-allowed=",
351 	"set " ALIAS_MAXPROCS "=",
352 	NULL
353 };
354 
355 static const char *info_cmds[] = {
356 	"info fs ",
357 	"info net ",
358 	"info device ",
359 	"info rctl ",
360 	"info attr ",
361 	"info dataset ",
362 	"info capped-memory",
363 	"info dedicated-cpu",
364 	"info capped-cpu",
365 	"info zonename",
366 	"info zonepath",
367 	"info autoboot",
368 	"info pool",
369 	"info limitpriv",
370 	"info bootargs",
371 	"info brand",
372 	"info scheduling-class",
373 	"info ip-type",
374 	"info max-lwps",
375 	"info max-shm-memory",
376 	"info max-shm-ids",
377 	"info max-msg-ids",
378 	"info max-sem-ids",
379 	"info cpu-shares",
380 	"info hostid",
381 	"info admin",
382 	"info fs-allowed",
383 	"info max-processes",
384 	NULL
385 };
386 
387 static const char *fs_res_scope_cmds[] = {
388 	"add options ",
389 	"cancel",
390 	"end",
391 	"exit",
392 	"help",
393 	"info",
394 	"remove options ",
395 	"set dir=",
396 	"set raw=",
397 	"set special=",
398 	"set type=",
399 	"clear raw",
400 	NULL
401 };
402 
403 static const char *net_res_scope_cmds[] = {
404 	"cancel",
405 	"end",
406 	"exit",
407 	"help",
408 	"info",
409 	"set address=",
410 	"set physical=",
411 	"set defrouter=",
412 	NULL
413 };
414 
415 static const char *device_res_scope_cmds[] = {
416 	"cancel",
417 	"end",
418 	"exit",
419 	"help",
420 	"info",
421 	"set match=",
422 	NULL
423 };
424 
425 static const char *attr_res_scope_cmds[] = {
426 	"cancel",
427 	"end",
428 	"exit",
429 	"help",
430 	"info",
431 	"set name=",
432 	"set type=",
433 	"set value=",
434 	NULL
435 };
436 
437 static const char *rctl_res_scope_cmds[] = {
438 	"add value ",
439 	"cancel",
440 	"end",
441 	"exit",
442 	"help",
443 	"info",
444 	"remove value ",
445 	"set name=",
446 	NULL
447 };
448 
449 static const char *dataset_res_scope_cmds[] = {
450 	"cancel",
451 	"end",
452 	"exit",
453 	"help",
454 	"info",
455 	"set name=",
456 	NULL
457 };
458 
459 static const char *pset_res_scope_cmds[] = {
460 	"cancel",
461 	"end",
462 	"exit",
463 	"help",
464 	"info",
465 	"set ncpus=",
466 	"set importance=",
467 	"clear importance",
468 	NULL
469 };
470 
471 static const char *pcap_res_scope_cmds[] = {
472 	"cancel",
473 	"end",
474 	"exit",
475 	"help",
476 	"info",
477 	"set ncpus=",
478 	NULL
479 };
480 
481 static const char *mcap_res_scope_cmds[] = {
482 	"cancel",
483 	"end",
484 	"exit",
485 	"help",
486 	"info",
487 	"set physical=",
488 	"set swap=",
489 	"set locked=",
490 	"clear physical",
491 	"clear swap",
492 	"clear locked",
493 	NULL
494 };
495 
496 static const char *admin_res_scope_cmds[] = {
497 	"cancel",
498 	"end",
499 	"exit",
500 	"help",
501 	"info",
502 	"set user=",
503 	"set auths=",
504 	NULL
505 };
506 
507 struct xif {
508 	struct xif	*xif_next;
509 	char		xif_name[LIFNAMSIZ];
510 	boolean_t	xif_has_address;
511 	boolean_t	xif_has_defrouter;
512 };
513 
514 /* Global variables */
515 
516 /* list of network interfaces specified for exclusive IP zone */
517 struct xif *xif;
518 
519 /* set early in main(), never modified thereafter, used all over the place */
520 static char *execname;
521 
522 /* set in main(), used all over the place */
523 static zone_dochandle_t handle;
524 
525 /* used all over the place */
526 static char zone[ZONENAME_MAX];
527 static char revert_zone[ZONENAME_MAX];
528 
529 /* global brand operations */
530 static brand_handle_t brand;
531 
532 /* set in modifying functions, checked in read_input() */
533 static boolean_t need_to_commit = B_FALSE;
534 boolean_t saw_error;
535 
536 /* set in yacc parser, checked in read_input() */
537 boolean_t newline_terminated;
538 
539 /* set in main(), checked in lex error handler */
540 boolean_t cmd_file_mode;
541 
542 /* set in exit_func(), checked in read_input() */
543 static boolean_t time_to_exit = B_FALSE, force_exit = B_FALSE;
544 
545 /* used in short_usage() and zerr() */
546 static char *cmd_file_name = NULL;
547 
548 /* checked in read_input() and other places */
549 static boolean_t ok_to_prompt = B_FALSE;
550 
551 /* set and checked in initialize() */
552 static boolean_t got_handle = B_FALSE;
553 
554 /* initialized in do_interactive(), checked in initialize() */
555 static boolean_t interactive_mode;
556 
557 /* set if configuring the global zone */
558 static boolean_t global_zone = B_FALSE;
559 
560 /* set in main(), checked in multiple places */
561 static boolean_t read_only_mode;
562 
563 /* scope is outer/global or inner/resource */
564 static boolean_t global_scope = B_TRUE;
565 static int resource_scope;	/* should be in the RT_ list from zonecfg.h */
566 static int end_op = -1;		/* operation on end is either add or modify */
567 
568 int num_prop_vals;		/* for grammar */
569 
570 /*
571  * These are for keeping track of resources as they are specified as part of
572  * the multi-step process.  They should be initialized by add_resource() or
573  * select_func() and filled in by add_property() or set_func().
574  */
575 static struct zone_fstab	old_fstab, in_progress_fstab;
576 static struct zone_nwiftab	old_nwiftab, in_progress_nwiftab;
577 static struct zone_devtab	old_devtab, in_progress_devtab;
578 static struct zone_rctltab	old_rctltab, in_progress_rctltab;
579 static struct zone_attrtab	old_attrtab, in_progress_attrtab;
580 static struct zone_dstab	old_dstab, in_progress_dstab;
581 static struct zone_psettab	old_psettab, in_progress_psettab;
582 static struct zone_mcaptab	old_mcaptab, in_progress_mcaptab;
583 static struct zone_admintab	old_admintab, in_progress_admintab;
584 
585 static GetLine *gl;	/* The gl_get_line() resource object */
586 
587 static void bytes_to_units(char *str, char *buf, int bufsize);
588 
589 /* Functions begin here */
590 
591 static boolean_t
initial_match(const char * line1,const char * line2,int word_end)592 initial_match(const char *line1, const char *line2, int word_end)
593 {
594 	if (word_end <= 0)
595 		return (B_TRUE);
596 	return (strncmp(line1, line2, word_end) == 0);
597 }
598 
599 static int
add_stuff(WordCompletion * cpl,const char * line1,const char ** list,int word_end)600 add_stuff(WordCompletion *cpl, const char *line1, const char **list,
601     int word_end)
602 {
603 	int i, err;
604 
605 	for (i = 0; list[i] != NULL; i++) {
606 		if (initial_match(line1, list[i], word_end)) {
607 			err = cpl_add_completion(cpl, line1, 0, word_end,
608 			    list[i] + word_end, "", "");
609 			if (err != 0)
610 				return (err);
611 		}
612 	}
613 	return (0);
614 }
615 
616 static
617 /* ARGSUSED */
CPL_MATCH_FN(cmd_cpl_fn)618 CPL_MATCH_FN(cmd_cpl_fn)
619 {
620 	if (global_scope) {
621 		/*
622 		 * The MAX/MIN tests below are to make sure we have at least
623 		 * enough characters to distinguish from other prefixes (MAX)
624 		 * but only check MIN(what we have, what we're checking).
625 		 */
626 		if (strncmp(line, "add ", MAX(MIN(word_end, 4), 1)) == 0)
627 			return (add_stuff(cpl, line, add_cmds, word_end));
628 		if (strncmp(line, "clear ", MAX(MIN(word_end, 6), 2)) == 0)
629 			return (add_stuff(cpl, line, clear_cmds, word_end));
630 		if (strncmp(line, "select ", MAX(MIN(word_end, 7), 3)) == 0)
631 			return (add_stuff(cpl, line, select_cmds, word_end));
632 		if (strncmp(line, "set ", MAX(MIN(word_end, 4), 3)) == 0)
633 			return (add_stuff(cpl, line, set_cmds, word_end));
634 		if (strncmp(line, "remove ", MAX(MIN(word_end, 7), 1)) == 0)
635 			return (add_stuff(cpl, line, remove_cmds, word_end));
636 		if (strncmp(line, "info ", MAX(MIN(word_end, 5), 1)) == 0)
637 			return (add_stuff(cpl, line, info_cmds, word_end));
638 		return (add_stuff(cpl, line, global_scope_cmds, word_end));
639 	}
640 	switch (resource_scope) {
641 	case RT_FS:
642 		return (add_stuff(cpl, line, fs_res_scope_cmds, word_end));
643 	case RT_NET:
644 		return (add_stuff(cpl, line, net_res_scope_cmds, word_end));
645 	case RT_DEVICE:
646 		return (add_stuff(cpl, line, device_res_scope_cmds, word_end));
647 	case RT_RCTL:
648 		return (add_stuff(cpl, line, rctl_res_scope_cmds, word_end));
649 	case RT_ATTR:
650 		return (add_stuff(cpl, line, attr_res_scope_cmds, word_end));
651 	case RT_DATASET:
652 		return (add_stuff(cpl, line, dataset_res_scope_cmds, word_end));
653 	case RT_DCPU:
654 		return (add_stuff(cpl, line, pset_res_scope_cmds, word_end));
655 	case RT_PCAP:
656 		return (add_stuff(cpl, line, pcap_res_scope_cmds, word_end));
657 	case RT_MCAP:
658 		return (add_stuff(cpl, line, mcap_res_scope_cmds, word_end));
659 	case RT_ADMIN:
660 		return (add_stuff(cpl, line, admin_res_scope_cmds, word_end));
661 	}
662 	return (0);
663 }
664 
665 /*
666  * For the main CMD_func() functions below, several of them call getopt()
667  * then check optind against argc to make sure an extra parameter was not
668  * passed in.  The reason this is not caught in the grammar is that the
669  * grammar just checks for a miscellaneous TOKEN, which is *expected* to
670  * be "-F" (for example), but could be anything.  So (for example) this
671  * check will prevent "create bogus".
672  */
673 
674 cmd_t *
alloc_cmd(void)675 alloc_cmd(void)
676 {
677 	return (calloc(1, sizeof (cmd_t)));
678 }
679 
680 void
free_cmd(cmd_t * cmd)681 free_cmd(cmd_t *cmd)
682 {
683 	int i;
684 
685 	for (i = 0; i < MAX_EQ_PROP_PAIRS; i++)
686 		if (cmd->cmd_property_ptr[i] != NULL) {
687 			property_value_ptr_t pp = cmd->cmd_property_ptr[i];
688 
689 			switch (pp->pv_type) {
690 			case PROP_VAL_SIMPLE:
691 				free(pp->pv_simple);
692 				break;
693 			case PROP_VAL_COMPLEX:
694 				free_complex(pp->pv_complex);
695 				break;
696 			case PROP_VAL_LIST:
697 				free_list(pp->pv_list);
698 				break;
699 			}
700 		}
701 	for (i = 0; i < cmd->cmd_argc; i++)
702 		free(cmd->cmd_argv[i]);
703 	free(cmd);
704 }
705 
706 complex_property_ptr_t
alloc_complex(void)707 alloc_complex(void)
708 {
709 	return (calloc(1, sizeof (complex_property_t)));
710 }
711 
712 void
free_complex(complex_property_ptr_t complex)713 free_complex(complex_property_ptr_t complex)
714 {
715 	if (complex == NULL)
716 		return;
717 	free_complex(complex->cp_next);
718 	if (complex->cp_value != NULL)
719 		free(complex->cp_value);
720 	free(complex);
721 }
722 
723 list_property_ptr_t
alloc_list(void)724 alloc_list(void)
725 {
726 	return (calloc(1, sizeof (list_property_t)));
727 }
728 
729 void
free_list(list_property_ptr_t list)730 free_list(list_property_ptr_t list)
731 {
732 	if (list == NULL)
733 		return;
734 	if (list->lp_simple != NULL)
735 		free(list->lp_simple);
736 	free_complex(list->lp_complex);
737 	free_list(list->lp_next);
738 	free(list);
739 }
740 
741 void
free_outer_list(list_property_ptr_t list)742 free_outer_list(list_property_ptr_t list)
743 {
744 	if (list == NULL)
745 		return;
746 	free_outer_list(list->lp_next);
747 	free(list);
748 }
749 
750 static struct zone_rctlvaltab *
alloc_rctlvaltab(void)751 alloc_rctlvaltab(void)
752 {
753 	return (calloc(1, sizeof (struct zone_rctlvaltab)));
754 }
755 
756 static char *
rt_to_str(int res_type)757 rt_to_str(int res_type)
758 {
759 	assert(res_type >= RT_MIN && res_type <= RT_MAX);
760 	return (res_types[res_type]);
761 }
762 
763 static char *
pt_to_str(int prop_type)764 pt_to_str(int prop_type)
765 {
766 	assert(prop_type >= PT_MIN && prop_type <= PT_MAX);
767 	return (prop_types[prop_type]);
768 }
769 
770 static char *
pvt_to_str(int pv_type)771 pvt_to_str(int pv_type)
772 {
773 	assert(pv_type >= PROP_VAL_MIN && pv_type <= PROP_VAL_MAX);
774 	return (prop_val_types[pv_type]);
775 }
776 
777 static char *
cmd_to_str(int cmd_num)778 cmd_to_str(int cmd_num)
779 {
780 	assert(cmd_num >= CMD_MIN && cmd_num <= CMD_MAX);
781 	return (helptab[cmd_num].cmd_name);
782 }
783 
784 /* PRINTFLIKE1 */
785 static void
zerr(const char * fmt,...)786 zerr(const char *fmt, ...)
787 {
788 	va_list alist;
789 	static int last_lineno;
790 
791 	/* lex_lineno has already been incremented in the lexer; compensate */
792 	if (cmd_file_mode && lex_lineno > last_lineno) {
793 		if (strcmp(cmd_file_name, "-") == 0)
794 			(void) fprintf(stderr, gettext("On line %d:\n"),
795 			    lex_lineno - 1);
796 		else
797 			(void) fprintf(stderr, gettext("On line %d of %s:\n"),
798 			    lex_lineno - 1, cmd_file_name);
799 		last_lineno = lex_lineno;
800 	}
801 	va_start(alist, fmt);
802 	(void) vfprintf(stderr, fmt, alist);
803 	(void) fprintf(stderr, "\n");
804 	va_end(alist);
805 }
806 
807 /*
808  * This is a separate function rather than a set of define's because of the
809  * gettext() wrapping.
810  */
811 
812 /*
813  * TRANSLATION_NOTE
814  * Each string below should have \t follow \n whenever needed; the
815  * initial \t and the terminal \n will be provided by the calling function.
816  */
817 
818 static char *
long_help(int cmd_num)819 long_help(int cmd_num)
820 {
821 	static char line[1024];	/* arbitrary large amount */
822 
823 	assert(cmd_num >= CMD_MIN && cmd_num <= CMD_MAX);
824 	switch (cmd_num) {
825 		case CMD_HELP:
826 			return (gettext("Prints help message."));
827 		case CMD_CREATE:
828 			(void) snprintf(line, sizeof (line),
829 			    gettext("Creates a configuration for the "
830 			    "specified zone.  %s should be\n\tused to "
831 			    "begin configuring a new zone.  If overwriting an "
832 			    "existing\n\tconfiguration, the -F flag can be "
833 			    "used to force the action.  If\n\t-t template is "
834 			    "given, creates a configuration identical to the\n"
835 			    "\tspecified template, except that the zone name "
836 			    "is changed from\n\ttemplate to zonename.  '%s -a' "
837 			    "creates a configuration from a\n\tdetached "
838 			    "zonepath.  '%s -b' results in a blank "
839 			    "configuration.\n\t'%s' with no arguments applies "
840 			    "the Sun default settings."),
841 			    cmd_to_str(CMD_CREATE), cmd_to_str(CMD_CREATE),
842 			    cmd_to_str(CMD_CREATE), cmd_to_str(CMD_CREATE));
843 			return (line);
844 		case CMD_EXIT:
845 			return (gettext("Exits the program.  The -F flag can "
846 			    "be used to force the action."));
847 		case CMD_EXPORT:
848 			return (gettext("Prints configuration to standard "
849 			    "output, or to output-file if\n\tspecified, in "
850 			    "a form suitable for use in a command-file."));
851 		case CMD_ADD:
852 			return (gettext("Add specified resource to "
853 			    "configuration."));
854 		case CMD_DELETE:
855 			return (gettext("Deletes the specified zone.  The -F "
856 			    "flag can be used to force the\n\taction."));
857 		case CMD_REMOVE:
858 			return (gettext("Remove specified resource from "
859 			    "configuration.  The -F flag can be used\n\tto "
860 			    "force the action."));
861 		case CMD_SELECT:
862 			(void) snprintf(line, sizeof (line),
863 			    gettext("Selects a resource to modify.  "
864 			    "Resource modification is completed\n\twith the "
865 			    "command \"%s\".  The property name/value pairs "
866 			    "must uniquely\n\tidentify a resource.  Note that "
867 			    "the curly braces ('{', '}') mean one\n\tor more "
868 			    "of whatever is between them."),
869 			    cmd_to_str(CMD_END));
870 			return (line);
871 		case CMD_SET:
872 			return (gettext("Sets property values."));
873 		case CMD_CLEAR:
874 			return (gettext("Clears property values."));
875 		case CMD_INFO:
876 			return (gettext("Displays information about the "
877 			    "current configuration.  If resource\n\ttype is "
878 			    "specified, displays only information about "
879 			    "resources of\n\tthe relevant type.  If resource "
880 			    "id is specified, displays only\n\tinformation "
881 			    "about that resource."));
882 		case CMD_VERIFY:
883 			return (gettext("Verifies current configuration "
884 			    "for correctness (some resource types\n\thave "
885 			    "required properties)."));
886 		case CMD_COMMIT:
887 			(void) snprintf(line, sizeof (line),
888 			    gettext("Commits current configuration.  "
889 			    "Configuration must be committed to\n\tbe used by "
890 			    "%s.  Until the configuration is committed, "
891 			    "changes \n\tcan be removed with the %s "
892 			    "command.  This operation is\n\tattempted "
893 			    "automatically upon completion of a %s "
894 			    "session."), "zoneadm", cmd_to_str(CMD_REVERT),
895 			    "zonecfg");
896 			return (line);
897 		case CMD_REVERT:
898 			return (gettext("Reverts configuration back to the "
899 			    "last committed state.  The -F flag\n\tcan be "
900 			    "used to force the action."));
901 		case CMD_CANCEL:
902 			return (gettext("Cancels resource/property "
903 			    "specification."));
904 		case CMD_END:
905 			return (gettext("Ends resource/property "
906 			    "specification."));
907 	}
908 	/* NOTREACHED */
909 	return (NULL);
910 }
911 
912 /*
913  * Return the input filename appended to each component of the path
914  * or the filename itself if it is absolute.
915  * Parameters: path string, file name, output string.
916  */
917 /* Copied almost verbatim from libtnfctl/prb_findexec.c */
918 static const char *
exec_cat(const char * s1,const char * s2,char * si)919 exec_cat(const char *s1, const char *s2, char *si)
920 {
921 	char		   *s;
922 	/* Number of remaining characters in s */
923 	int			 cnt = PATH_MAX + 1;
924 
925 	s = si;
926 	while (*s1 && *s1 != ':') { /* Copy first component of path to si */
927 		if (cnt > 0) {
928 			*s++ = *s1++;
929 			cnt--;
930 		} else {
931 			s1++;
932 		}
933 	}
934 	if (si != s && cnt > 0) { /* Add slash if s2 is not absolute */
935 		*s++ = '/';
936 		cnt--;
937 	}
938 	while (*s2 && cnt > 0) { /* Copy s2 to si */
939 		*s++ = *s2++;
940 		cnt--;
941 	}
942 	*s = '\0';  /* Terminate the output string */
943 	return (*s1 ? ++s1 : NULL);  /* Return next path component or NULL */
944 }
945 
946 /* Determine that a name exists in PATH */
947 /* Copied with changes from libtnfctl/prb_findexec.c */
948 static int
path_find(const char * name)949 path_find(const char *name)
950 {
951 	const char	 *pathstr;
952 	char		fname[PATH_MAX + 2];
953 	const char	 *cp;
954 	struct stat	 stat_buf;
955 
956 	if ((pathstr = getenv("PATH")) == NULL) {
957 		if (geteuid() == 0 || getuid() == 0)
958 			pathstr = "/usr/sbin:/usr/bin";
959 		else
960 			pathstr = "/usr/bin:";
961 	}
962 	cp = strchr(name, '/') ? (const char *) "" : pathstr;
963 
964 	do {
965 		cp = exec_cat(cp, name, fname);
966 		if (stat(fname, &stat_buf) != -1) {
967 			/* successful find of the file */
968 			return (0);
969 		}
970 	} while (cp != NULL);
971 
972 	return (-1);
973 }
974 
975 static FILE *
pager_open(void)976 pager_open(void) {
977 	FILE *newfp;
978 	char *pager, *space;
979 
980 	pager = getenv("PAGER");
981 	if (pager == NULL || *pager == '\0')
982 		pager = PAGER;
983 
984 	space = strchr(pager, ' ');
985 	if (space)
986 		*space = '\0';
987 	if (path_find(pager) == 0) {
988 		if (space)
989 			*space = ' ';
990 		if ((newfp = popen(pager, "w")) == NULL)
991 			zerr(gettext("PAGER open failed (%s)."),
992 			    strerror(errno));
993 		return (newfp);
994 	} else {
995 		zerr(gettext("PAGER %s does not exist (%s)."),
996 		    pager, strerror(errno));
997 	}
998 	return (NULL);
999 }
1000 
1001 static void
pager_close(FILE * fp)1002 pager_close(FILE *fp) {
1003 	int status;
1004 
1005 	status = pclose(fp);
1006 	if (status == -1)
1007 		zerr(gettext("PAGER close failed (%s)."),
1008 		    strerror(errno));
1009 }
1010 
1011 /*
1012  * Called with verbose TRUE when help is explicitly requested, FALSE for
1013  * unexpected errors.
1014  */
1015 
1016 void
usage(boolean_t verbose,uint_t flags)1017 usage(boolean_t verbose, uint_t flags)
1018 {
1019 	FILE *fp = verbose ? stdout : stderr;
1020 	FILE *newfp;
1021 	boolean_t need_to_close = B_FALSE;
1022 	int i;
1023 
1024 	/* don't page error output */
1025 	if (verbose && interactive_mode) {
1026 		if ((newfp = pager_open()) != NULL) {
1027 			need_to_close = B_TRUE;
1028 			fp = newfp;
1029 		}
1030 	}
1031 
1032 	if (flags & HELP_META) {
1033 		(void) fprintf(fp, gettext("More help is available for the "
1034 		    "following:\n"));
1035 		(void) fprintf(fp, "\n\tcommands ('%s commands')\n",
1036 		    cmd_to_str(CMD_HELP));
1037 		(void) fprintf(fp, "\tsyntax ('%s syntax')\n",
1038 		    cmd_to_str(CMD_HELP));
1039 		(void) fprintf(fp, "\tusage ('%s usage')\n\n",
1040 		    cmd_to_str(CMD_HELP));
1041 		(void) fprintf(fp, gettext("You may also obtain help on any "
1042 		    "command by typing '%s <command-name>.'\n"),
1043 		    cmd_to_str(CMD_HELP));
1044 	}
1045 	if (flags & HELP_RES_SCOPE) {
1046 		switch (resource_scope) {
1047 		case RT_FS:
1048 			(void) fprintf(fp, gettext("The '%s' resource scope is "
1049 			    "used to configure a file-system.\n"),
1050 			    rt_to_str(resource_scope));
1051 			(void) fprintf(fp, gettext("Valid commands:\n"));
1052 			(void) fprintf(fp, "\t%s %s=%s\n", cmd_to_str(CMD_SET),
1053 			    pt_to_str(PT_DIR), gettext("<path>"));
1054 			(void) fprintf(fp, "\t%s %s=%s\n", cmd_to_str(CMD_SET),
1055 			    pt_to_str(PT_SPECIAL), gettext("<path>"));
1056 			(void) fprintf(fp, "\t%s %s=%s\n", cmd_to_str(CMD_SET),
1057 			    pt_to_str(PT_RAW), gettext("<raw-device>"));
1058 			(void) fprintf(fp, "\t%s %s=%s\n", cmd_to_str(CMD_SET),
1059 			    pt_to_str(PT_TYPE), gettext("<file-system type>"));
1060 			(void) fprintf(fp, "\t%s %s %s\n", cmd_to_str(CMD_ADD),
1061 			    pt_to_str(PT_OPTIONS),
1062 			    gettext("<file-system options>"));
1063 			(void) fprintf(fp, "\t%s %s %s\n",
1064 			    cmd_to_str(CMD_REMOVE), pt_to_str(PT_OPTIONS),
1065 			    gettext("<file-system options>"));
1066 			(void) fprintf(fp, gettext("Consult the file-system "
1067 			    "specific manual page, such as mount_ufs(1M), "
1068 			    "for\ndetails about file-system options.  Note "
1069 			    "that any file-system options with an\nembedded "
1070 			    "'=' character must be enclosed in double quotes, "
1071 			    /*CSTYLED*/
1072 			    "such as \"%s=5\".\n"), MNTOPT_RETRY);
1073 			break;
1074 		case RT_NET:
1075 			(void) fprintf(fp, gettext("The '%s' resource scope is "
1076 			    "used to configure a network interface.\n"),
1077 			    rt_to_str(resource_scope));
1078 			(void) fprintf(fp, gettext("Valid commands:\n"));
1079 			(void) fprintf(fp, "\t%s %s=%s\n", cmd_to_str(CMD_SET),
1080 			    pt_to_str(PT_ADDRESS), gettext("<IP-address>"));
1081 			(void) fprintf(fp, "\t%s %s=%s\n", cmd_to_str(CMD_SET),
1082 			    pt_to_str(PT_ALLOWED_ADDRESS),
1083 			    gettext("<IP-address>"));
1084 			(void) fprintf(fp, "\t%s %s=%s\n", cmd_to_str(CMD_SET),
1085 			    pt_to_str(PT_PHYSICAL), gettext("<interface>"));
1086 			(void) fprintf(fp, gettext("See ifconfig(1M) for "
1087 			    "details of the <interface> string.\n"));
1088 			(void) fprintf(fp, gettext("%s %s is valid "
1089 			    "if the %s property is set to %s, otherwise it "
1090 			    "must not be set.\n"),
1091 			    cmd_to_str(CMD_SET), pt_to_str(PT_ADDRESS),
1092 			    pt_to_str(PT_IPTYPE), gettext("shared"));
1093 			(void) fprintf(fp, gettext("%s %s is valid "
1094 			    "if the %s property is set to %s, otherwise it "
1095 			    "must not be set.\n"),
1096 			    cmd_to_str(CMD_SET), pt_to_str(PT_ALLOWED_ADDRESS),
1097 			    pt_to_str(PT_IPTYPE), gettext("exclusive"));
1098 			(void) fprintf(fp, gettext("\t%s %s=%s\n%s %s "
1099 			    "is valid if the %s or %s property is set, "
1100 			    "otherwise it must not be set\n"),
1101 			    cmd_to_str(CMD_SET),
1102 			    pt_to_str(PT_DEFROUTER), gettext("<IP-address>"),
1103 			    cmd_to_str(CMD_SET), pt_to_str(PT_DEFROUTER),
1104 			    gettext(pt_to_str(PT_ADDRESS)),
1105 			    gettext(pt_to_str(PT_ALLOWED_ADDRESS)));
1106 			break;
1107 		case RT_DEVICE:
1108 			(void) fprintf(fp, gettext("The '%s' resource scope is "
1109 			    "used to configure a device node.\n"),
1110 			    rt_to_str(resource_scope));
1111 			(void) fprintf(fp, gettext("Valid commands:\n"));
1112 			(void) fprintf(fp, "\t%s %s=%s\n", cmd_to_str(CMD_SET),
1113 			    pt_to_str(PT_MATCH), gettext("<device-path>"));
1114 			break;
1115 		case RT_RCTL:
1116 			(void) fprintf(fp, gettext("The '%s' resource scope is "
1117 			    "used to configure a resource control.\n"),
1118 			    rt_to_str(resource_scope));
1119 			(void) fprintf(fp, gettext("Valid commands:\n"));
1120 			(void) fprintf(fp, "\t%s %s=%s\n", cmd_to_str(CMD_SET),
1121 			    pt_to_str(PT_NAME), gettext("<string>"));
1122 			(void) fprintf(fp, "\t%s %s (%s=%s,%s=%s,%s=%s)\n",
1123 			    cmd_to_str(CMD_ADD), pt_to_str(PT_VALUE),
1124 			    pt_to_str(PT_PRIV), gettext("<priv-value>"),
1125 			    pt_to_str(PT_LIMIT), gettext("<number>"),
1126 			    pt_to_str(PT_ACTION), gettext("<action-value>"));
1127 			(void) fprintf(fp, "\t%s %s (%s=%s,%s=%s,%s=%s)\n",
1128 			    cmd_to_str(CMD_REMOVE), pt_to_str(PT_VALUE),
1129 			    pt_to_str(PT_PRIV), gettext("<priv-value>"),
1130 			    pt_to_str(PT_LIMIT), gettext("<number>"),
1131 			    pt_to_str(PT_ACTION), gettext("<action-value>"));
1132 			(void) fprintf(fp, "%s\n\t%s := privileged\n"
1133 			    "\t%s := none | deny\n", gettext("Where"),
1134 			    gettext("<priv-value>"), gettext("<action-value>"));
1135 			break;
1136 		case RT_ATTR:
1137 			(void) fprintf(fp, gettext("The '%s' resource scope is "
1138 			    "used to configure a generic attribute.\n"),
1139 			    rt_to_str(resource_scope));
1140 			(void) fprintf(fp, gettext("Valid commands:\n"));
1141 			(void) fprintf(fp, "\t%s %s=%s\n", cmd_to_str(CMD_SET),
1142 			    pt_to_str(PT_NAME), gettext("<name>"));
1143 			(void) fprintf(fp, "\t%s %s=boolean\n",
1144 			    cmd_to_str(CMD_SET), pt_to_str(PT_TYPE));
1145 			(void) fprintf(fp, "\t%s %s=true | false\n",
1146 			    cmd_to_str(CMD_SET), pt_to_str(PT_VALUE));
1147 			(void) fprintf(fp, gettext("or\n"));
1148 			(void) fprintf(fp, "\t%s %s=int\n", cmd_to_str(CMD_SET),
1149 			    pt_to_str(PT_TYPE));
1150 			(void) fprintf(fp, "\t%s %s=%s\n", cmd_to_str(CMD_SET),
1151 			    pt_to_str(PT_VALUE), gettext("<integer>"));
1152 			(void) fprintf(fp, gettext("or\n"));
1153 			(void) fprintf(fp, "\t%s %s=string\n",
1154 			    cmd_to_str(CMD_SET), pt_to_str(PT_TYPE));
1155 			(void) fprintf(fp, "\t%s %s=%s\n", cmd_to_str(CMD_SET),
1156 			    pt_to_str(PT_VALUE), gettext("<string>"));
1157 			(void) fprintf(fp, gettext("or\n"));
1158 			(void) fprintf(fp, "\t%s %s=uint\n",
1159 			    cmd_to_str(CMD_SET), pt_to_str(PT_TYPE));
1160 			(void) fprintf(fp, "\t%s %s=%s\n", cmd_to_str(CMD_SET),
1161 			    pt_to_str(PT_VALUE), gettext("<unsigned integer>"));
1162 			break;
1163 		case RT_DATASET:
1164 			(void) fprintf(fp, gettext("The '%s' resource scope is "
1165 			    "used to export ZFS datasets.\n"),
1166 			    rt_to_str(resource_scope));
1167 			(void) fprintf(fp, gettext("Valid commands:\n"));
1168 			(void) fprintf(fp, "\t%s %s=%s\n", cmd_to_str(CMD_SET),
1169 			    pt_to_str(PT_NAME), gettext("<name>"));
1170 			break;
1171 		case RT_DCPU:
1172 			(void) fprintf(fp, gettext("The '%s' resource scope "
1173 			    "configures the 'pools' facility to dedicate\na "
1174 			    "subset of the system's processors to this zone "
1175 			    "while it is running.\n"),
1176 			    rt_to_str(resource_scope));
1177 			(void) fprintf(fp, gettext("Valid commands:\n"));
1178 			(void) fprintf(fp, "\t%s %s=%s\n", cmd_to_str(CMD_SET),
1179 			    pt_to_str(PT_NCPUS),
1180 			    gettext("<unsigned integer | range>"));
1181 			(void) fprintf(fp, "\t%s %s=%s\n", cmd_to_str(CMD_SET),
1182 			    pt_to_str(PT_IMPORTANCE),
1183 			    gettext("<unsigned integer>"));
1184 			break;
1185 		case RT_PCAP:
1186 			(void) fprintf(fp, gettext("The '%s' resource scope is "
1187 			    "used to set an upper limit (a cap) on the\n"
1188 			    "percentage of CPU that can be used by this zone.  "
1189 			    "A '%s' value of 1\ncorresponds to one cpu.  The "
1190 			    "value can be set higher than 1, up to the total\n"
1191 			    "number of CPUs on the system.  The value can "
1192 			    "also be less than 1,\nrepresenting a fraction of "
1193 			    "a cpu.\n"),
1194 			    rt_to_str(resource_scope), pt_to_str(PT_NCPUS));
1195 			(void) fprintf(fp, gettext("Valid commands:\n"));
1196 			(void) fprintf(fp, "\t%s %s=%s\n", cmd_to_str(CMD_SET),
1197 			    pt_to_str(PT_NCPUS), gettext("<unsigned decimal>"));
1198 			break;
1199 		case RT_MCAP:
1200 			(void) fprintf(fp, gettext("The '%s' resource scope is "
1201 			    "used to set an upper limit (a cap) on the\n"
1202 			    "amount of physical memory, swap space and locked "
1203 			    "memory that can be used by\nthis zone.\n"),
1204 			    rt_to_str(resource_scope));
1205 			(void) fprintf(fp, gettext("Valid commands:\n"));
1206 			(void) fprintf(fp, "\t%s %s=%s\n", cmd_to_str(CMD_SET),
1207 			    pt_to_str(PT_PHYSICAL),
1208 			    gettext("<qualified unsigned decimal>"));
1209 			(void) fprintf(fp, "\t%s %s=%s\n", cmd_to_str(CMD_SET),
1210 			    pt_to_str(PT_SWAP),
1211 			    gettext("<qualified unsigned decimal>"));
1212 			(void) fprintf(fp, "\t%s %s=%s\n", cmd_to_str(CMD_SET),
1213 			    pt_to_str(PT_LOCKED),
1214 			    gettext("<qualified unsigned decimal>"));
1215 			break;
1216 		case RT_ADMIN:
1217 			(void) fprintf(fp, gettext("The '%s' resource scope is "
1218 			    "used to delegate specific zone management\n"
1219 			    "rights to users and roles. These rights are "
1220 			    "only applicable to this zone.\n"),
1221 			    rt_to_str(resource_scope));
1222 			(void) fprintf(fp, gettext("Valid commands:\n"));
1223 			(void) fprintf(fp, "\t%s %s=%s\n", cmd_to_str(CMD_SET),
1224 			    pt_to_str(PT_USER),
1225 			    gettext("<single user or role name>"));
1226 			(void) fprintf(fp, "\t%s %s=%s\n", cmd_to_str(CMD_SET),
1227 			    pt_to_str(PT_AUTHS),
1228 			    gettext("<comma separated list>"));
1229 			break;
1230 		}
1231 		(void) fprintf(fp, gettext("And from any resource scope, you "
1232 		    "can:\n"));
1233 		(void) fprintf(fp, "\t%s\t%s\n", cmd_to_str(CMD_END),
1234 		    gettext("(to conclude this operation)"));
1235 		(void) fprintf(fp, "\t%s\t%s\n", cmd_to_str(CMD_CANCEL),
1236 		    gettext("(to cancel this operation)"));
1237 		(void) fprintf(fp, "\t%s\t%s\n", cmd_to_str(CMD_EXIT),
1238 		    gettext("(to exit the zonecfg utility)"));
1239 	}
1240 	if (flags & HELP_USAGE) {
1241 		(void) fprintf(fp, "%s:\t%s %s\n", gettext("usage"),
1242 		    execname, cmd_to_str(CMD_HELP));
1243 		(void) fprintf(fp, "\t%s -z <zone>\t\t\t(%s)\n",
1244 		    execname, gettext("interactive"));
1245 		(void) fprintf(fp, "\t%s -z <zone> <command>\n", execname);
1246 		(void) fprintf(fp, "\t%s -z <zone> -f <command-file>\n",
1247 		    execname);
1248 	}
1249 	if (flags & HELP_SUBCMDS) {
1250 		(void) fprintf(fp, "%s:\n\n", gettext("Commands"));
1251 		for (i = 0; i <= CMD_MAX; i++) {
1252 			(void) fprintf(fp, "%s\n", helptab[i].short_usage);
1253 			if (verbose)
1254 				(void) fprintf(fp, "\t%s\n\n", long_help(i));
1255 		}
1256 	}
1257 	if (flags & HELP_SYNTAX) {
1258 		if (!verbose)
1259 			(void) fprintf(fp, "\n");
1260 		(void) fprintf(fp, "<zone> := [A-Za-z0-9][A-Za-z0-9_.-]*\n");
1261 		(void) fprintf(fp, gettext("\t(except the reserved words "
1262 		    "'%s' and anything starting with '%s')\n"), "global",
1263 		    "SUNW");
1264 		(void) fprintf(fp,
1265 		    gettext("\tName must be less than %d characters.\n"),
1266 		    ZONENAME_MAX);
1267 		if (verbose)
1268 			(void) fprintf(fp, "\n");
1269 	}
1270 	if (flags & HELP_NETADDR) {
1271 		(void) fprintf(fp, gettext("\n<net-addr> :="));
1272 		(void) fprintf(fp,
1273 		    gettext("\t<IPv4-address>[/<IPv4-prefix-length>] |\n"));
1274 		(void) fprintf(fp,
1275 		    gettext("\t\t<IPv6-address>/<IPv6-prefix-length> |\n"));
1276 		(void) fprintf(fp,
1277 		    gettext("\t\t<hostname>[/<IPv4-prefix-length>]\n"));
1278 		(void) fprintf(fp, gettext("See inet(3SOCKET) for IPv4 and "
1279 		    "IPv6 address syntax.\n"));
1280 		(void) fprintf(fp, gettext("<IPv4-prefix-length> := [0-32]\n"));
1281 		(void) fprintf(fp,
1282 		    gettext("<IPv6-prefix-length> := [0-128]\n"));
1283 		(void) fprintf(fp,
1284 		    gettext("<hostname> := [A-Za-z0-9][A-Za-z0-9-.]*\n"));
1285 	}
1286 	if (flags & HELP_RESOURCES) {
1287 		(void) fprintf(fp, "<%s> := %s | %s | %s | %s | %s |\n\t"
1288 		    "%s | %s | %s | %s | %s\n\n",
1289 		    gettext("resource type"), rt_to_str(RT_FS),
1290 		    rt_to_str(RT_NET), rt_to_str(RT_DEVICE),
1291 		    rt_to_str(RT_RCTL), rt_to_str(RT_ATTR),
1292 		    rt_to_str(RT_DATASET), rt_to_str(RT_DCPU),
1293 		    rt_to_str(RT_PCAP), rt_to_str(RT_MCAP),
1294 		    rt_to_str(RT_ADMIN));
1295 	}
1296 	if (flags & HELP_PROPS) {
1297 		(void) fprintf(fp, gettext("For resource type ... there are "
1298 		    "property types ...:\n"));
1299 		(void) fprintf(fp, "\t%s\t%s\n", gettext("(global)"),
1300 		    pt_to_str(PT_ZONENAME));
1301 		(void) fprintf(fp, "\t%s\t%s\n", gettext("(global)"),
1302 		    pt_to_str(PT_ZONEPATH));
1303 		(void) fprintf(fp, "\t%s\t%s\n", gettext("(global)"),
1304 		    pt_to_str(PT_BRAND));
1305 		(void) fprintf(fp, "\t%s\t%s\n", gettext("(global)"),
1306 		    pt_to_str(PT_AUTOBOOT));
1307 		(void) fprintf(fp, "\t%s\t%s\n", gettext("(global)"),
1308 		    pt_to_str(PT_BOOTARGS));
1309 		(void) fprintf(fp, "\t%s\t%s\n", gettext("(global)"),
1310 		    pt_to_str(PT_POOL));
1311 		(void) fprintf(fp, "\t%s\t%s\n", gettext("(global)"),
1312 		    pt_to_str(PT_LIMITPRIV));
1313 		(void) fprintf(fp, "\t%s\t%s\n", gettext("(global)"),
1314 		    pt_to_str(PT_SCHED));
1315 		(void) fprintf(fp, "\t%s\t%s\n", gettext("(global)"),
1316 		    pt_to_str(PT_IPTYPE));
1317 		(void) fprintf(fp, "\t%s\t%s\n", gettext("(global)"),
1318 		    pt_to_str(PT_HOSTID));
1319 		(void) fprintf(fp, "\t%s\t%s\n", gettext("(global)"),
1320 		    pt_to_str(PT_FS_ALLOWED));
1321 		(void) fprintf(fp, "\t%s\t%s\n", gettext("(global)"),
1322 		    pt_to_str(PT_MAXLWPS));
1323 		(void) fprintf(fp, "\t%s\t%s\n", gettext("(global)"),
1324 		    pt_to_str(PT_MAXPROCS));
1325 		(void) fprintf(fp, "\t%s\t%s\n", gettext("(global)"),
1326 		    pt_to_str(PT_MAXSHMMEM));
1327 		(void) fprintf(fp, "\t%s\t%s\n", gettext("(global)"),
1328 		    pt_to_str(PT_MAXSHMIDS));
1329 		(void) fprintf(fp, "\t%s\t%s\n", gettext("(global)"),
1330 		    pt_to_str(PT_MAXMSGIDS));
1331 		(void) fprintf(fp, "\t%s\t%s\n", gettext("(global)"),
1332 		    pt_to_str(PT_MAXSEMIDS));
1333 		(void) fprintf(fp, "\t%s\t%s\n", gettext("(global)"),
1334 		    pt_to_str(PT_SHARES));
1335 		(void) fprintf(fp, "\t%s\t\t%s, %s, %s, %s, %s\n",
1336 		    rt_to_str(RT_FS), pt_to_str(PT_DIR),
1337 		    pt_to_str(PT_SPECIAL), pt_to_str(PT_RAW),
1338 		    pt_to_str(PT_TYPE), pt_to_str(PT_OPTIONS));
1339 		(void) fprintf(fp, "\t%s\t\t%s, %s, %s|%s\n", rt_to_str(RT_NET),
1340 		    pt_to_str(PT_ADDRESS), pt_to_str(PT_ALLOWED_ADDRESS),
1341 		    pt_to_str(PT_PHYSICAL), pt_to_str(PT_DEFROUTER));
1342 		(void) fprintf(fp, "\t%s\t\t%s\n", rt_to_str(RT_DEVICE),
1343 		    pt_to_str(PT_MATCH));
1344 		(void) fprintf(fp, "\t%s\t\t%s, %s\n", rt_to_str(RT_RCTL),
1345 		    pt_to_str(PT_NAME), pt_to_str(PT_VALUE));
1346 		(void) fprintf(fp, "\t%s\t\t%s, %s, %s\n", rt_to_str(RT_ATTR),
1347 		    pt_to_str(PT_NAME), pt_to_str(PT_TYPE),
1348 		    pt_to_str(PT_VALUE));
1349 		(void) fprintf(fp, "\t%s\t\t%s\n", rt_to_str(RT_DATASET),
1350 		    pt_to_str(PT_NAME));
1351 		(void) fprintf(fp, "\t%s\t%s, %s\n", rt_to_str(RT_DCPU),
1352 		    pt_to_str(PT_NCPUS), pt_to_str(PT_IMPORTANCE));
1353 		(void) fprintf(fp, "\t%s\t%s\n", rt_to_str(RT_PCAP),
1354 		    pt_to_str(PT_NCPUS));
1355 		(void) fprintf(fp, "\t%s\t%s, %s, %s\n", rt_to_str(RT_MCAP),
1356 		    pt_to_str(PT_PHYSICAL), pt_to_str(PT_SWAP),
1357 		    pt_to_str(PT_LOCKED));
1358 		(void) fprintf(fp, "\t%s\t\t%s, %s\n", rt_to_str(RT_ADMIN),
1359 		    pt_to_str(PT_USER), pt_to_str(PT_AUTHS));
1360 	}
1361 	if (need_to_close)
1362 		(void) pager_close(fp);
1363 }
1364 
1365 static void
zone_perror(char * prefix,int err,boolean_t set_saw)1366 zone_perror(char *prefix, int err, boolean_t set_saw)
1367 {
1368 	zerr("%s: %s", prefix, zonecfg_strerror(err));
1369 	if (set_saw)
1370 		saw_error = B_TRUE;
1371 }
1372 
1373 /*
1374  * zone_perror() expects a single string, but for remove and select
1375  * we have both the command and the resource type, so this wrapper
1376  * function serves the same purpose in a slightly different way.
1377  */
1378 
1379 static void
z_cmd_rt_perror(int cmd_num,int res_num,int err,boolean_t set_saw)1380 z_cmd_rt_perror(int cmd_num, int res_num, int err, boolean_t set_saw)
1381 {
1382 	zerr("%s %s: %s", cmd_to_str(cmd_num), rt_to_str(res_num),
1383 	    zonecfg_strerror(err));
1384 	if (set_saw)
1385 		saw_error = B_TRUE;
1386 }
1387 
1388 /* returns Z_OK if successful, Z_foo from <libzonecfg.h> otherwise */
1389 static int
initialize(boolean_t handle_expected)1390 initialize(boolean_t handle_expected)
1391 {
1392 	int err;
1393 	char brandname[MAXNAMELEN];
1394 
1395 	if (zonecfg_check_handle(handle) != Z_OK) {
1396 		if ((err = zonecfg_get_handle(zone, handle)) == Z_OK) {
1397 			got_handle = B_TRUE;
1398 			if (zonecfg_get_brand(handle, brandname,
1399 			    sizeof (brandname)) != Z_OK) {
1400 				zerr("Zone %s is inconsistent: missing "
1401 				    "brand attribute", zone);
1402 				exit(Z_ERR);
1403 			}
1404 			if ((brand = brand_open(brandname)) == NULL) {
1405 				zerr("Zone %s uses non-existent brand \"%s\"."
1406 				    "  Unable to continue", zone, brandname);
1407 				exit(Z_ERR);
1408 			}
1409 			/*
1410 			 * If the user_attr file is newer than
1411 			 * the zone config file, the admins
1412 			 * may need to be updated since the
1413 			 * RBAC files are authoritative for
1414 			 * authorization checks.
1415 			 */
1416 			err = zonecfg_update_userauths(handle, zone);
1417 			if (err == Z_OK) {
1418 				zerr(gettext("The administrative rights "
1419 				    "were updated to match "
1420 				    "the current RBAC configuration.\n"
1421 				    "Use \"info admin\" and \"revert\" to "
1422 				    "compare with the previous settings."));
1423 				need_to_commit = B_TRUE;
1424 			} else if (err != Z_NO_ENTRY) {
1425 				zerr(gettext("failed to update "
1426 				    "admin  rights."));
1427 				exit(Z_ERR);
1428 			} else if (need_to_commit) {
1429 				zerr(gettext("admin rights were updated "
1430 				    "to match RBAC configuration."));
1431 			}
1432 
1433 		} else if (global_zone && err == Z_NO_ZONE && !got_handle &&
1434 		    !read_only_mode) {
1435 			/*
1436 			 * We implicitly create the global zone config if it
1437 			 * doesn't exist.
1438 			 */
1439 			zone_dochandle_t tmphandle;
1440 
1441 			if ((tmphandle = zonecfg_init_handle()) == NULL) {
1442 				zone_perror(execname, Z_NOMEM, B_TRUE);
1443 				exit(Z_ERR);
1444 			}
1445 
1446 			err = zonecfg_get_template_handle("SUNWblank", zone,
1447 			    tmphandle);
1448 
1449 			if (err != Z_OK) {
1450 				zonecfg_fini_handle(tmphandle);
1451 				zone_perror("SUNWblank", err, B_TRUE);
1452 				return (err);
1453 			}
1454 
1455 			need_to_commit = B_TRUE;
1456 			zonecfg_fini_handle(handle);
1457 			handle = tmphandle;
1458 			got_handle = B_TRUE;
1459 
1460 		} else {
1461 			zone_perror(zone, err, handle_expected || got_handle);
1462 			if (err == Z_NO_ZONE && !got_handle &&
1463 			    interactive_mode && !read_only_mode)
1464 				(void) printf(gettext("Use '%s' to begin "
1465 				    "configuring a new zone.\n"),
1466 				    cmd_to_str(CMD_CREATE));
1467 			return (err);
1468 		}
1469 	}
1470 	return (Z_OK);
1471 }
1472 
1473 static boolean_t
state_atleast(zone_state_t state)1474 state_atleast(zone_state_t state)
1475 {
1476 	zone_state_t state_num;
1477 	int err;
1478 
1479 	if ((err = zone_get_state(zone, &state_num)) != Z_OK) {
1480 		/* all states are greater than "non-existent" */
1481 		if (err == Z_NO_ZONE)
1482 			return (B_FALSE);
1483 		zerr(gettext("Unexpectedly failed to determine state "
1484 		    "of zone %s: %s"), zone, zonecfg_strerror(err));
1485 		exit(Z_ERR);
1486 	}
1487 	return (state_num >= state);
1488 }
1489 
1490 /*
1491  * short_usage() is for bad syntax: getopt() issues, too many arguments, etc.
1492  */
1493 
1494 void
short_usage(int command)1495 short_usage(int command)
1496 {
1497 	/* lex_lineno has already been incremented in the lexer; compensate */
1498 	if (cmd_file_mode) {
1499 		if (strcmp(cmd_file_name, "-") == 0)
1500 			(void) fprintf(stderr,
1501 			    gettext("syntax error on line %d\n"),
1502 			    lex_lineno - 1);
1503 		else
1504 			(void) fprintf(stderr,
1505 			    gettext("syntax error on line %d of %s\n"),
1506 			    lex_lineno - 1, cmd_file_name);
1507 	}
1508 	(void) fprintf(stderr, "%s:\n%s\n", gettext("usage"),
1509 	    helptab[command].short_usage);
1510 	saw_error = B_TRUE;
1511 }
1512 
1513 /*
1514  * long_usage() is for bad semantics: e.g., wrong property type for a given
1515  * resource type.  It is also used by longer_usage() below.
1516  */
1517 
1518 void
long_usage(uint_t cmd_num,boolean_t set_saw)1519 long_usage(uint_t cmd_num, boolean_t set_saw)
1520 {
1521 	(void) fprintf(set_saw ? stderr : stdout, "%s:\n%s\n", gettext("usage"),
1522 	    helptab[cmd_num].short_usage);
1523 	(void) fprintf(set_saw ? stderr : stdout, "\t%s\n", long_help(cmd_num));
1524 	if (set_saw)
1525 		saw_error = B_TRUE;
1526 }
1527 
1528 /*
1529  * longer_usage() is for 'help foo' and 'foo -?': call long_usage() and also
1530  * any extra usage() flags as appropriate for whatever command.
1531  */
1532 
1533 void
longer_usage(uint_t cmd_num)1534 longer_usage(uint_t cmd_num)
1535 {
1536 	long_usage(cmd_num, B_FALSE);
1537 	if (helptab[cmd_num].flags != 0) {
1538 		(void) printf("\n");
1539 		usage(B_TRUE, helptab[cmd_num].flags);
1540 	}
1541 }
1542 
1543 /*
1544  * scope_usage() is simply used when a command is called from the wrong scope.
1545  */
1546 
1547 static void
scope_usage(uint_t cmd_num)1548 scope_usage(uint_t cmd_num)
1549 {
1550 	zerr(gettext("The %s command only makes sense in the %s scope."),
1551 	    cmd_to_str(cmd_num),
1552 	    global_scope ?  gettext("resource") : gettext("global"));
1553 	saw_error = B_TRUE;
1554 }
1555 
1556 /*
1557  * On input, B_TRUE => yes, B_FALSE => no.
1558  * On return, B_TRUE => 1, B_FALSE => no, could not ask => -1.
1559  */
1560 
1561 static int
ask_yesno(boolean_t default_answer,const char * question)1562 ask_yesno(boolean_t default_answer, const char *question)
1563 {
1564 	char line[64];	/* should be enough to answer yes or no */
1565 
1566 	if (!ok_to_prompt) {
1567 		saw_error = B_TRUE;
1568 		return (-1);
1569 	}
1570 	for (;;) {
1571 		if (printf("%s (%s)? ", question,
1572 		    default_answer ? "[y]/n" : "y/[n]") < 0)
1573 			return (-1);
1574 		if (fgets(line, sizeof (line), stdin) == NULL)
1575 			return (-1);
1576 
1577 		if (line[0] == '\n')
1578 			return (default_answer ? 1 : 0);
1579 		if (tolower(line[0]) == 'y')
1580 			return (1);
1581 		if (tolower(line[0]) == 'n')
1582 			return (0);
1583 	}
1584 }
1585 
1586 /*
1587  * Prints warning if zone already exists.
1588  * In interactive mode, prompts if we should continue anyway and returns Z_OK
1589  * if so, Z_ERR if not.  In non-interactive mode, exits with Z_ERR.
1590  *
1591  * Note that if a zone exists and its state is >= INSTALLED, an error message
1592  * will be printed and this function will return Z_ERR regardless of mode.
1593  */
1594 
1595 static int
check_if_zone_already_exists(boolean_t force)1596 check_if_zone_already_exists(boolean_t force)
1597 {
1598 	char line[ZONENAME_MAX + 128];	/* enough to ask a question */
1599 	zone_dochandle_t tmphandle;
1600 	int res, answer;
1601 
1602 	if ((tmphandle = zonecfg_init_handle()) == NULL) {
1603 		zone_perror(execname, Z_NOMEM, B_TRUE);
1604 		exit(Z_ERR);
1605 	}
1606 	res = zonecfg_get_handle(zone, tmphandle);
1607 	zonecfg_fini_handle(tmphandle);
1608 	if (res != Z_OK)
1609 		return (Z_OK);
1610 
1611 	if (state_atleast(ZONE_STATE_INSTALLED)) {
1612 		zerr(gettext("Zone %s already installed; %s not allowed."),
1613 		    zone, cmd_to_str(CMD_CREATE));
1614 		return (Z_ERR);
1615 	}
1616 
1617 	if (force) {
1618 		(void) printf(gettext("Zone %s already exists; overwriting.\n"),
1619 		    zone);
1620 		return (Z_OK);
1621 	}
1622 	(void) snprintf(line, sizeof (line),
1623 	    gettext("Zone %s already exists; %s anyway"), zone,
1624 	    cmd_to_str(CMD_CREATE));
1625 	if ((answer = ask_yesno(B_FALSE, line)) == -1) {
1626 		zerr(gettext("Zone exists, input not from terminal and -F not "
1627 		    "specified:\n%s command ignored, exiting."),
1628 		    cmd_to_str(CMD_CREATE));
1629 		exit(Z_ERR);
1630 	}
1631 	return (answer == 1 ? Z_OK : Z_ERR);
1632 }
1633 
1634 static boolean_t
zone_is_read_only(int cmd_num)1635 zone_is_read_only(int cmd_num)
1636 {
1637 	if (strncmp(zone, "SUNW", 4) == 0) {
1638 		zerr(gettext("%s: zones beginning with SUNW are read-only."),
1639 		    zone);
1640 		saw_error = B_TRUE;
1641 		return (B_TRUE);
1642 	}
1643 	if (read_only_mode) {
1644 		zerr(gettext("%s: cannot %s in read-only mode."), zone,
1645 		    cmd_to_str(cmd_num));
1646 		saw_error = B_TRUE;
1647 		return (B_TRUE);
1648 	}
1649 	return (B_FALSE);
1650 }
1651 
1652 /*
1653  * Create a new configuration.
1654  */
1655 void
create_func(cmd_t * cmd)1656 create_func(cmd_t *cmd)
1657 {
1658 	int err, arg;
1659 	char zone_template[ZONENAME_MAX];
1660 	char attach_path[MAXPATHLEN];
1661 	zone_dochandle_t tmphandle;
1662 	boolean_t force = B_FALSE;
1663 	boolean_t attach = B_FALSE;
1664 	boolean_t arg_err = B_FALSE;
1665 
1666 	assert(cmd != NULL);
1667 
1668 	/* This is the default if no arguments are given. */
1669 	(void) strlcpy(zone_template, "SUNWdefault", sizeof (zone_template));
1670 
1671 	optind = 0;
1672 	while ((arg = getopt(cmd->cmd_argc, cmd->cmd_argv, "?a:bFt:"))
1673 	    != EOF) {
1674 		switch (arg) {
1675 		case '?':
1676 			if (optopt == '?')
1677 				longer_usage(CMD_CREATE);
1678 			else
1679 				short_usage(CMD_CREATE);
1680 			arg_err = B_TRUE;
1681 			break;
1682 		case 'a':
1683 			(void) strlcpy(attach_path, optarg,
1684 			    sizeof (attach_path));
1685 			attach = B_TRUE;
1686 			break;
1687 		case 'b':
1688 			(void) strlcpy(zone_template, "SUNWblank",
1689 			    sizeof (zone_template));
1690 			break;
1691 		case 'F':
1692 			force = B_TRUE;
1693 			break;
1694 		case 't':
1695 			(void) strlcpy(zone_template, optarg,
1696 			    sizeof (zone_template));
1697 			break;
1698 		default:
1699 			short_usage(CMD_CREATE);
1700 			arg_err = B_TRUE;
1701 			break;
1702 		}
1703 	}
1704 	if (arg_err)
1705 		return;
1706 
1707 	if (optind != cmd->cmd_argc) {
1708 		short_usage(CMD_CREATE);
1709 		return;
1710 	}
1711 
1712 	if (zone_is_read_only(CMD_CREATE))
1713 		return;
1714 
1715 	if (check_if_zone_already_exists(force) != Z_OK)
1716 		return;
1717 
1718 	/*
1719 	 * Get a temporary handle first.  If that fails, the old handle
1720 	 * will not be lost.  Then finish whichever one we don't need,
1721 	 * to avoid leaks.  Then get the handle for zone_template, and
1722 	 * set the name to zone: this "copy, rename" method is how
1723 	 * create -[b|t] works.
1724 	 */
1725 	if ((tmphandle = zonecfg_init_handle()) == NULL) {
1726 		zone_perror(execname, Z_NOMEM, B_TRUE);
1727 		exit(Z_ERR);
1728 	}
1729 
1730 	if (attach)
1731 		err = zonecfg_get_attach_handle(attach_path, ZONE_DETACHED,
1732 		    zone, B_FALSE, tmphandle);
1733 	else
1734 		err = zonecfg_get_template_handle(zone_template, zone,
1735 		    tmphandle);
1736 
1737 	if (err != Z_OK) {
1738 		zonecfg_fini_handle(tmphandle);
1739 		if (attach && err == Z_NO_ZONE)
1740 			(void) fprintf(stderr, gettext("invalid path to "
1741 			    "detached zone\n"));
1742 		else if (attach && err == Z_INVALID_DOCUMENT)
1743 			(void) fprintf(stderr, gettext("Cannot attach to an "
1744 			    "earlier release of the operating system\n"));
1745 		else
1746 			zone_perror(zone_template, err, B_TRUE);
1747 		return;
1748 	}
1749 
1750 	need_to_commit = B_TRUE;
1751 	zonecfg_fini_handle(handle);
1752 	handle = tmphandle;
1753 	got_handle = B_TRUE;
1754 }
1755 
1756 /*
1757  * This malloc()'s memory, which must be freed by the caller.
1758  */
1759 static char *
quoteit(char * instr)1760 quoteit(char *instr)
1761 {
1762 	char *outstr;
1763 	size_t outstrsize = strlen(instr) + 3;	/* 2 quotes + '\0' */
1764 
1765 	if ((outstr = malloc(outstrsize)) == NULL) {
1766 		zone_perror(zone, Z_NOMEM, B_FALSE);
1767 		exit(Z_ERR);
1768 	}
1769 	if (strchr(instr, ' ') == NULL) {
1770 		(void) strlcpy(outstr, instr, outstrsize);
1771 		return (outstr);
1772 	}
1773 	(void) snprintf(outstr, outstrsize, "\"%s\"", instr);
1774 	return (outstr);
1775 }
1776 
1777 static void
export_prop(FILE * of,int prop_num,char * prop_id)1778 export_prop(FILE *of, int prop_num, char *prop_id)
1779 {
1780 	char *quote_str;
1781 
1782 	if (strlen(prop_id) == 0)
1783 		return;
1784 	quote_str = quoteit(prop_id);
1785 	(void) fprintf(of, "%s %s=%s\n", cmd_to_str(CMD_SET),
1786 	    pt_to_str(prop_num), quote_str);
1787 	free(quote_str);
1788 }
1789 
1790 void
export_func(cmd_t * cmd)1791 export_func(cmd_t *cmd)
1792 {
1793 	struct zone_nwiftab nwiftab;
1794 	struct zone_fstab fstab;
1795 	struct zone_devtab devtab;
1796 	struct zone_attrtab attrtab;
1797 	struct zone_rctltab rctltab;
1798 	struct zone_dstab dstab;
1799 	struct zone_psettab psettab;
1800 	struct zone_mcaptab mcaptab;
1801 	struct zone_rctlvaltab *valptr;
1802 	struct zone_admintab admintab;
1803 	int err, arg;
1804 	char zonepath[MAXPATHLEN], outfile[MAXPATHLEN], pool[MAXNAMELEN];
1805 	char bootargs[BOOTARGS_MAX];
1806 	char sched[MAXNAMELEN];
1807 	char brand[MAXNAMELEN];
1808 	char hostidp[HW_HOSTID_LEN];
1809 	char fsallowedp[ZONE_FS_ALLOWED_MAX];
1810 	char *limitpriv;
1811 	FILE *of;
1812 	boolean_t autoboot;
1813 	zone_iptype_t iptype;
1814 	boolean_t need_to_close = B_FALSE;
1815 	boolean_t arg_err = B_FALSE;
1816 
1817 	assert(cmd != NULL);
1818 
1819 	outfile[0] = '\0';
1820 	optind = 0;
1821 	while ((arg = getopt(cmd->cmd_argc, cmd->cmd_argv, "?f:")) != EOF) {
1822 		switch (arg) {
1823 		case '?':
1824 			if (optopt == '?')
1825 				longer_usage(CMD_EXPORT);
1826 			else
1827 				short_usage(CMD_EXPORT);
1828 			arg_err = B_TRUE;
1829 			break;
1830 		case 'f':
1831 			(void) strlcpy(outfile, optarg, sizeof (outfile));
1832 			break;
1833 		default:
1834 			short_usage(CMD_EXPORT);
1835 			arg_err = B_TRUE;
1836 			break;
1837 		}
1838 	}
1839 	if (arg_err)
1840 		return;
1841 
1842 	if (optind != cmd->cmd_argc) {
1843 		short_usage(CMD_EXPORT);
1844 		return;
1845 	}
1846 	if (strlen(outfile) == 0) {
1847 		of = stdout;
1848 	} else {
1849 		if ((of = fopen(outfile, "w")) == NULL) {
1850 			zerr(gettext("opening file %s: %s"),
1851 			    outfile, strerror(errno));
1852 			goto done;
1853 		}
1854 		setbuf(of, NULL);
1855 		need_to_close = B_TRUE;
1856 	}
1857 
1858 	if ((err = initialize(B_TRUE)) != Z_OK)
1859 		goto done;
1860 
1861 	(void) fprintf(of, "%s -b\n", cmd_to_str(CMD_CREATE));
1862 
1863 	if (zonecfg_get_zonepath(handle, zonepath, sizeof (zonepath)) == Z_OK &&
1864 	    strlen(zonepath) > 0)
1865 		(void) fprintf(of, "%s %s=%s\n", cmd_to_str(CMD_SET),
1866 		    pt_to_str(PT_ZONEPATH), zonepath);
1867 
1868 	if ((zone_get_brand(zone, brand, sizeof (brand)) == Z_OK) &&
1869 	    (strcmp(brand, NATIVE_BRAND_NAME) != 0))
1870 		(void) fprintf(of, "%s %s=%s\n", cmd_to_str(CMD_SET),
1871 		    pt_to_str(PT_BRAND), brand);
1872 
1873 	if (zonecfg_get_autoboot(handle, &autoboot) == Z_OK)
1874 		(void) fprintf(of, "%s %s=%s\n", cmd_to_str(CMD_SET),
1875 		    pt_to_str(PT_AUTOBOOT), autoboot ? "true" : "false");
1876 
1877 	if (zonecfg_get_bootargs(handle, bootargs, sizeof (bootargs)) == Z_OK &&
1878 	    strlen(bootargs) > 0) {
1879 		(void) fprintf(of, "%s %s=%s\n", cmd_to_str(CMD_SET),
1880 		    pt_to_str(PT_BOOTARGS), bootargs);
1881 	}
1882 
1883 	if (zonecfg_get_pool(handle, pool, sizeof (pool)) == Z_OK &&
1884 	    strlen(pool) > 0)
1885 		(void) fprintf(of, "%s %s=%s\n", cmd_to_str(CMD_SET),
1886 		    pt_to_str(PT_POOL), pool);
1887 
1888 	if (zonecfg_get_limitpriv(handle, &limitpriv) == Z_OK &&
1889 	    strlen(limitpriv) > 0) {
1890 		(void) fprintf(of, "%s %s=%s\n", cmd_to_str(CMD_SET),
1891 		    pt_to_str(PT_LIMITPRIV), limitpriv);
1892 		free(limitpriv);
1893 	}
1894 
1895 	if (zonecfg_get_sched_class(handle, sched, sizeof (sched)) == Z_OK &&
1896 	    strlen(sched) > 0)
1897 		(void) fprintf(of, "%s %s=%s\n", cmd_to_str(CMD_SET),
1898 		    pt_to_str(PT_SCHED), sched);
1899 
1900 	if (zonecfg_get_iptype(handle, &iptype) == Z_OK) {
1901 		switch (iptype) {
1902 		case ZS_SHARED:
1903 			(void) fprintf(of, "%s %s=%s\n", cmd_to_str(CMD_SET),
1904 			    pt_to_str(PT_IPTYPE), "shared");
1905 			break;
1906 		case ZS_EXCLUSIVE:
1907 			(void) fprintf(of, "%s %s=%s\n", cmd_to_str(CMD_SET),
1908 			    pt_to_str(PT_IPTYPE), "exclusive");
1909 			break;
1910 		}
1911 	}
1912 
1913 	if (zonecfg_get_hostid(handle, hostidp, sizeof (hostidp)) == Z_OK) {
1914 		(void) fprintf(of, "%s %s=%s\n", cmd_to_str(CMD_SET),
1915 		    pt_to_str(PT_HOSTID), hostidp);
1916 	}
1917 
1918 	if (zonecfg_get_fs_allowed(handle, fsallowedp,
1919 	    sizeof (fsallowedp)) == Z_OK) {
1920 		(void) fprintf(of, "%s %s=%s\n", cmd_to_str(CMD_SET),
1921 		    pt_to_str(PT_FS_ALLOWED), fsallowedp);
1922 	}
1923 
1924 	if ((err = zonecfg_setfsent(handle)) != Z_OK) {
1925 		zone_perror(zone, err, B_FALSE);
1926 		goto done;
1927 	}
1928 	while (zonecfg_getfsent(handle, &fstab) == Z_OK) {
1929 		zone_fsopt_t *optptr;
1930 
1931 		(void) fprintf(of, "%s %s\n", cmd_to_str(CMD_ADD),
1932 		    rt_to_str(RT_FS));
1933 		export_prop(of, PT_DIR, fstab.zone_fs_dir);
1934 		export_prop(of, PT_SPECIAL, fstab.zone_fs_special);
1935 		export_prop(of, PT_RAW, fstab.zone_fs_raw);
1936 		export_prop(of, PT_TYPE, fstab.zone_fs_type);
1937 		for (optptr = fstab.zone_fs_options; optptr != NULL;
1938 		    optptr = optptr->zone_fsopt_next) {
1939 			/*
1940 			 * Simple property values with embedded equal signs
1941 			 * need to be quoted to prevent the lexer from
1942 			 * mis-parsing them as complex name=value pairs.
1943 			 */
1944 			if (strchr(optptr->zone_fsopt_opt, '='))
1945 				(void) fprintf(of, "%s %s \"%s\"\n",
1946 				    cmd_to_str(CMD_ADD),
1947 				    pt_to_str(PT_OPTIONS),
1948 				    optptr->zone_fsopt_opt);
1949 			else
1950 				(void) fprintf(of, "%s %s %s\n",
1951 				    cmd_to_str(CMD_ADD),
1952 				    pt_to_str(PT_OPTIONS),
1953 				    optptr->zone_fsopt_opt);
1954 		}
1955 		(void) fprintf(of, "%s\n", cmd_to_str(CMD_END));
1956 		zonecfg_free_fs_option_list(fstab.zone_fs_options);
1957 	}
1958 	(void) zonecfg_endfsent(handle);
1959 
1960 	if ((err = zonecfg_setnwifent(handle)) != Z_OK) {
1961 		zone_perror(zone, err, B_FALSE);
1962 		goto done;
1963 	}
1964 	while (zonecfg_getnwifent(handle, &nwiftab) == Z_OK) {
1965 		(void) fprintf(of, "%s %s\n", cmd_to_str(CMD_ADD),
1966 		    rt_to_str(RT_NET));
1967 		export_prop(of, PT_ADDRESS, nwiftab.zone_nwif_address);
1968 		export_prop(of, PT_ALLOWED_ADDRESS,
1969 		    nwiftab.zone_nwif_allowed_address);
1970 		export_prop(of, PT_PHYSICAL, nwiftab.zone_nwif_physical);
1971 		export_prop(of, PT_DEFROUTER, nwiftab.zone_nwif_defrouter);
1972 		(void) fprintf(of, "%s\n", cmd_to_str(CMD_END));
1973 	}
1974 	(void) zonecfg_endnwifent(handle);
1975 
1976 	if ((err = zonecfg_setdevent(handle)) != Z_OK) {
1977 		zone_perror(zone, err, B_FALSE);
1978 		goto done;
1979 	}
1980 	while (zonecfg_getdevent(handle, &devtab) == Z_OK) {
1981 		(void) fprintf(of, "%s %s\n", cmd_to_str(CMD_ADD),
1982 		    rt_to_str(RT_DEVICE));
1983 		export_prop(of, PT_MATCH, devtab.zone_dev_match);
1984 		(void) fprintf(of, "%s\n", cmd_to_str(CMD_END));
1985 	}
1986 	(void) zonecfg_enddevent(handle);
1987 
1988 	if (zonecfg_getmcapent(handle, &mcaptab) == Z_OK) {
1989 		char buf[128];
1990 
1991 		(void) fprintf(of, "%s %s\n", cmd_to_str(CMD_ADD),
1992 		    rt_to_str(RT_MCAP));
1993 		bytes_to_units(mcaptab.zone_physmem_cap, buf, sizeof (buf));
1994 		(void) fprintf(of, "%s %s=%s\n", cmd_to_str(CMD_SET),
1995 		    pt_to_str(PT_PHYSICAL), buf);
1996 		(void) fprintf(of, "%s\n", cmd_to_str(CMD_END));
1997 	}
1998 
1999 	if ((err = zonecfg_setrctlent(handle)) != Z_OK) {
2000 		zone_perror(zone, err, B_FALSE);
2001 		goto done;
2002 	}
2003 	while (zonecfg_getrctlent(handle, &rctltab) == Z_OK) {
2004 		(void) fprintf(of, "%s rctl\n", cmd_to_str(CMD_ADD));
2005 		export_prop(of, PT_NAME, rctltab.zone_rctl_name);
2006 		for (valptr = rctltab.zone_rctl_valptr; valptr != NULL;
2007 		    valptr = valptr->zone_rctlval_next) {
2008 			fprintf(of, "%s %s (%s=%s,%s=%s,%s=%s)\n",
2009 			    cmd_to_str(CMD_ADD), pt_to_str(PT_VALUE),
2010 			    pt_to_str(PT_PRIV), valptr->zone_rctlval_priv,
2011 			    pt_to_str(PT_LIMIT), valptr->zone_rctlval_limit,
2012 			    pt_to_str(PT_ACTION), valptr->zone_rctlval_action);
2013 		}
2014 		(void) fprintf(of, "%s\n", cmd_to_str(CMD_END));
2015 		zonecfg_free_rctl_value_list(rctltab.zone_rctl_valptr);
2016 	}
2017 	(void) zonecfg_endrctlent(handle);
2018 
2019 	if ((err = zonecfg_setattrent(handle)) != Z_OK) {
2020 		zone_perror(zone, err, B_FALSE);
2021 		goto done;
2022 	}
2023 	while (zonecfg_getattrent(handle, &attrtab) == Z_OK) {
2024 		(void) fprintf(of, "%s %s\n", cmd_to_str(CMD_ADD),
2025 		    rt_to_str(RT_ATTR));
2026 		export_prop(of, PT_NAME, attrtab.zone_attr_name);
2027 		export_prop(of, PT_TYPE, attrtab.zone_attr_type);
2028 		export_prop(of, PT_VALUE, attrtab.zone_attr_value);
2029 		(void) fprintf(of, "%s\n", cmd_to_str(CMD_END));
2030 	}
2031 	(void) zonecfg_endattrent(handle);
2032 
2033 	if ((err = zonecfg_setdsent(handle)) != Z_OK) {
2034 		zone_perror(zone, err, B_FALSE);
2035 		goto done;
2036 	}
2037 	while (zonecfg_getdsent(handle, &dstab) == Z_OK) {
2038 		(void) fprintf(of, "%s %s\n", cmd_to_str(CMD_ADD),
2039 		    rt_to_str(RT_DATASET));
2040 		export_prop(of, PT_NAME, dstab.zone_dataset_name);
2041 		(void) fprintf(of, "%s\n", cmd_to_str(CMD_END));
2042 	}
2043 	(void) zonecfg_enddsent(handle);
2044 
2045 	if (zonecfg_getpsetent(handle, &psettab) == Z_OK) {
2046 		(void) fprintf(of, "%s %s\n", cmd_to_str(CMD_ADD),
2047 		    rt_to_str(RT_DCPU));
2048 		if (strcmp(psettab.zone_ncpu_min, psettab.zone_ncpu_max) == 0)
2049 			(void) fprintf(of, "%s %s=%s\n", cmd_to_str(CMD_SET),
2050 			    pt_to_str(PT_NCPUS), psettab.zone_ncpu_max);
2051 		else
2052 			(void) fprintf(of, "%s %s=%s-%s\n", cmd_to_str(CMD_SET),
2053 			    pt_to_str(PT_NCPUS), psettab.zone_ncpu_min,
2054 			    psettab.zone_ncpu_max);
2055 		if (psettab.zone_importance[0] != '\0')
2056 			(void) fprintf(of, "%s %s=%s\n", cmd_to_str(CMD_SET),
2057 			    pt_to_str(PT_IMPORTANCE), psettab.zone_importance);
2058 		(void) fprintf(of, "%s\n", cmd_to_str(CMD_END));
2059 	}
2060 
2061 	if ((err = zonecfg_setadminent(handle)) != Z_OK) {
2062 		zone_perror(zone, err, B_FALSE);
2063 		goto done;
2064 	}
2065 	while (zonecfg_getadminent(handle, &admintab) == Z_OK) {
2066 		(void) fprintf(of, "%s %s\n", cmd_to_str(CMD_ADD),
2067 		    rt_to_str(RT_ADMIN));
2068 		export_prop(of, PT_USER, admintab.zone_admin_user);
2069 		export_prop(of, PT_AUTHS, admintab.zone_admin_auths);
2070 		(void) fprintf(of, "%s\n", cmd_to_str(CMD_END));
2071 	}
2072 	(void) zonecfg_endadminent(handle);
2073 
2074 	/*
2075 	 * There is nothing to export for pcap since this resource is just
2076 	 * a container for an rctl alias.
2077 	 */
2078 
2079 done:
2080 	if (need_to_close)
2081 		(void) fclose(of);
2082 }
2083 
2084 void
exit_func(cmd_t * cmd)2085 exit_func(cmd_t *cmd)
2086 {
2087 	int arg, answer;
2088 	boolean_t arg_err = B_FALSE;
2089 
2090 	optind = 0;
2091 	while ((arg = getopt(cmd->cmd_argc, cmd->cmd_argv, "?F")) != EOF) {
2092 		switch (arg) {
2093 		case '?':
2094 			longer_usage(CMD_EXIT);
2095 			arg_err = B_TRUE;
2096 			break;
2097 		case 'F':
2098 			force_exit = B_TRUE;
2099 			break;
2100 		default:
2101 			short_usage(CMD_EXIT);
2102 			arg_err = B_TRUE;
2103 			break;
2104 		}
2105 	}
2106 	if (arg_err)
2107 		return;
2108 
2109 	if (optind < cmd->cmd_argc) {
2110 		short_usage(CMD_EXIT);
2111 		return;
2112 	}
2113 
2114 	if (global_scope || force_exit) {
2115 		time_to_exit = B_TRUE;
2116 		return;
2117 	}
2118 
2119 	answer = ask_yesno(B_FALSE, "Resource incomplete; really quit");
2120 	if (answer == -1) {
2121 		zerr(gettext("Resource incomplete, input "
2122 		    "not from terminal and -F not specified:\n%s command "
2123 		    "ignored, but exiting anyway."), cmd_to_str(CMD_EXIT));
2124 		exit(Z_ERR);
2125 	} else if (answer == 1) {
2126 		time_to_exit = B_TRUE;
2127 	}
2128 	/* (answer == 0) => just return */
2129 }
2130 
2131 static int
validate_zonepath_syntax(char * path)2132 validate_zonepath_syntax(char *path)
2133 {
2134 	if (path[0] != '/') {
2135 		zerr(gettext("%s is not an absolute path."), path);
2136 		return (Z_ERR);
2137 	}
2138 	/* If path is all slashes, then fail */
2139 	if (strspn(path, "/") == strlen(path)) {
2140 		zerr(gettext("/ is not allowed as a %s."),
2141 		    pt_to_str(PT_ZONEPATH));
2142 		return (Z_ERR);
2143 	}
2144 	return (Z_OK);
2145 }
2146 
2147 static void
add_resource(cmd_t * cmd)2148 add_resource(cmd_t *cmd)
2149 {
2150 	int type;
2151 	struct zone_psettab tmp_psettab;
2152 	struct zone_mcaptab tmp_mcaptab;
2153 	uint64_t tmp;
2154 	uint64_t tmp_mcap;
2155 	char pool[MAXNAMELEN];
2156 
2157 	if ((type = cmd->cmd_res_type) == RT_UNKNOWN) {
2158 		long_usage(CMD_ADD, B_TRUE);
2159 		goto bad;
2160 	}
2161 
2162 	switch (type) {
2163 	case RT_FS:
2164 		bzero(&in_progress_fstab, sizeof (in_progress_fstab));
2165 		return;
2166 	case RT_NET:
2167 		bzero(&in_progress_nwiftab, sizeof (in_progress_nwiftab));
2168 		return;
2169 	case RT_DEVICE:
2170 		bzero(&in_progress_devtab, sizeof (in_progress_devtab));
2171 		return;
2172 	case RT_RCTL:
2173 		if (global_zone)
2174 			zerr(gettext("WARNING: Setting a global zone resource "
2175 			    "control too low could deny\nservice "
2176 			    "to even the root user; "
2177 			    "this could render the system impossible\n"
2178 			    "to administer.  Please use caution."));
2179 		bzero(&in_progress_rctltab, sizeof (in_progress_rctltab));
2180 		return;
2181 	case RT_ATTR:
2182 		bzero(&in_progress_attrtab, sizeof (in_progress_attrtab));
2183 		return;
2184 	case RT_DATASET:
2185 		bzero(&in_progress_dstab, sizeof (in_progress_dstab));
2186 		return;
2187 	case RT_DCPU:
2188 		/* Make sure there isn't already a cpu-set or cpu-cap entry. */
2189 		if (zonecfg_lookup_pset(handle, &tmp_psettab) == Z_OK) {
2190 			zerr(gettext("The %s resource already exists."),
2191 			    rt_to_str(RT_DCPU));
2192 			goto bad;
2193 		}
2194 		if (zonecfg_get_aliased_rctl(handle, ALIAS_CPUCAP, &tmp) !=
2195 		    Z_NO_ENTRY) {
2196 			zerr(gettext("The %s resource already exists."),
2197 			    rt_to_str(RT_PCAP));
2198 			goto bad;
2199 		}
2200 
2201 		/* Make sure the pool property isn't set. */
2202 		if (zonecfg_get_pool(handle, pool, sizeof (pool)) == Z_OK &&
2203 		    strlen(pool) > 0) {
2204 			zerr(gettext("The %s property is already set.  "
2205 			    "A persistent pool is incompatible with\nthe %s "
2206 			    "resource."),
2207 			    pt_to_str(PT_POOL), rt_to_str(RT_DCPU));
2208 			goto bad;
2209 		}
2210 
2211 		bzero(&in_progress_psettab, sizeof (in_progress_psettab));
2212 		return;
2213 	case RT_PCAP:
2214 		/*
2215 		 * Make sure there isn't already a cpu-set or incompatible
2216 		 * cpu-cap rctls.
2217 		 */
2218 		if (zonecfg_lookup_pset(handle, &tmp_psettab) == Z_OK) {
2219 			zerr(gettext("The %s resource already exists."),
2220 			    rt_to_str(RT_DCPU));
2221 			goto bad;
2222 		}
2223 
2224 		switch (zonecfg_get_aliased_rctl(handle, ALIAS_CPUCAP, &tmp)) {
2225 		case Z_ALIAS_DISALLOW:
2226 			zone_perror(rt_to_str(RT_PCAP), Z_ALIAS_DISALLOW,
2227 			    B_FALSE);
2228 			goto bad;
2229 
2230 		case Z_OK:
2231 			zerr(gettext("The %s resource already exists."),
2232 			    rt_to_str(RT_PCAP));
2233 			goto bad;
2234 
2235 		default:
2236 			break;
2237 		}
2238 		return;
2239 	case RT_MCAP:
2240 		/*
2241 		 * Make sure there isn't already a mem-cap entry or max-swap
2242 		 * or max-locked rctl.
2243 		 */
2244 		if (zonecfg_lookup_mcap(handle, &tmp_mcaptab) == Z_OK ||
2245 		    zonecfg_get_aliased_rctl(handle, ALIAS_MAXSWAP, &tmp_mcap)
2246 		    == Z_OK ||
2247 		    zonecfg_get_aliased_rctl(handle, ALIAS_MAXLOCKEDMEM,
2248 		    &tmp_mcap) == Z_OK) {
2249 			zerr(gettext("The %s resource or a related resource "
2250 			    "control already exists."), rt_to_str(RT_MCAP));
2251 			goto bad;
2252 		}
2253 		if (global_zone)
2254 			zerr(gettext("WARNING: Setting a global zone memory "
2255 			    "cap too low could deny\nservice "
2256 			    "to even the root user; "
2257 			    "this could render the system impossible\n"
2258 			    "to administer.  Please use caution."));
2259 		bzero(&in_progress_mcaptab, sizeof (in_progress_mcaptab));
2260 		return;
2261 	case RT_ADMIN:
2262 		bzero(&in_progress_admintab, sizeof (in_progress_admintab));
2263 		return;
2264 	default:
2265 		zone_perror(rt_to_str(type), Z_NO_RESOURCE_TYPE, B_TRUE);
2266 		long_usage(CMD_ADD, B_TRUE);
2267 		usage(B_FALSE, HELP_RESOURCES);
2268 	}
2269 bad:
2270 	global_scope = B_TRUE;
2271 	end_op = -1;
2272 }
2273 
2274 static void
do_complex_rctl_val(complex_property_ptr_t cp)2275 do_complex_rctl_val(complex_property_ptr_t cp)
2276 {
2277 	struct zone_rctlvaltab *rctlvaltab;
2278 	complex_property_ptr_t cx;
2279 	boolean_t seen_priv = B_FALSE, seen_limit = B_FALSE,
2280 	    seen_action = B_FALSE;
2281 	rctlblk_t *rctlblk;
2282 	int err;
2283 
2284 	if ((rctlvaltab = alloc_rctlvaltab()) == NULL) {
2285 		zone_perror(zone, Z_NOMEM, B_TRUE);
2286 		exit(Z_ERR);
2287 	}
2288 	for (cx = cp; cx != NULL; cx = cx->cp_next) {
2289 		switch (cx->cp_type) {
2290 		case PT_PRIV:
2291 			if (seen_priv) {
2292 				zerr(gettext("%s already specified"),
2293 				    pt_to_str(PT_PRIV));
2294 				goto bad;
2295 			}
2296 			(void) strlcpy(rctlvaltab->zone_rctlval_priv,
2297 			    cx->cp_value,
2298 			    sizeof (rctlvaltab->zone_rctlval_priv));
2299 			seen_priv = B_TRUE;
2300 			break;
2301 		case PT_LIMIT:
2302 			if (seen_limit) {
2303 				zerr(gettext("%s already specified"),
2304 				    pt_to_str(PT_LIMIT));
2305 				goto bad;
2306 			}
2307 			(void) strlcpy(rctlvaltab->zone_rctlval_limit,
2308 			    cx->cp_value,
2309 			    sizeof (rctlvaltab->zone_rctlval_limit));
2310 			seen_limit = B_TRUE;
2311 			break;
2312 		case PT_ACTION:
2313 			if (seen_action) {
2314 				zerr(gettext("%s already specified"),
2315 				    pt_to_str(PT_ACTION));
2316 				goto bad;
2317 			}
2318 			(void) strlcpy(rctlvaltab->zone_rctlval_action,
2319 			    cx->cp_value,
2320 			    sizeof (rctlvaltab->zone_rctlval_action));
2321 			seen_action = B_TRUE;
2322 			break;
2323 		default:
2324 			zone_perror(pt_to_str(PT_VALUE),
2325 			    Z_NO_PROPERTY_TYPE, B_TRUE);
2326 			long_usage(CMD_ADD, B_TRUE);
2327 			usage(B_FALSE, HELP_PROPS);
2328 			zonecfg_free_rctl_value_list(rctlvaltab);
2329 			return;
2330 		}
2331 	}
2332 	if (!seen_priv)
2333 		zerr(gettext("%s not specified"), pt_to_str(PT_PRIV));
2334 	if (!seen_limit)
2335 		zerr(gettext("%s not specified"), pt_to_str(PT_LIMIT));
2336 	if (!seen_action)
2337 		zerr(gettext("%s not specified"), pt_to_str(PT_ACTION));
2338 	if (!seen_priv || !seen_limit || !seen_action)
2339 		goto bad;
2340 	rctlvaltab->zone_rctlval_next = NULL;
2341 	rctlblk = alloca(rctlblk_size());
2342 	/*
2343 	 * Make sure the rctl value looks roughly correct; we won't know if
2344 	 * it's truly OK until we verify the configuration on the target
2345 	 * system.
2346 	 */
2347 	if (zonecfg_construct_rctlblk(rctlvaltab, rctlblk) != Z_OK ||
2348 	    !zonecfg_valid_rctlblk(rctlblk)) {
2349 		zerr(gettext("Invalid %s %s specification"), rt_to_str(RT_RCTL),
2350 		    pt_to_str(PT_VALUE));
2351 		goto bad;
2352 	}
2353 	err = zonecfg_add_rctl_value(&in_progress_rctltab, rctlvaltab);
2354 	if (err != Z_OK)
2355 		zone_perror(pt_to_str(PT_VALUE), err, B_TRUE);
2356 	return;
2357 
2358 bad:
2359 	zonecfg_free_rctl_value_list(rctlvaltab);
2360 }
2361 
2362 static void
add_property(cmd_t * cmd)2363 add_property(cmd_t *cmd)
2364 {
2365 	char *prop_id;
2366 	int err, res_type, prop_type;
2367 	property_value_ptr_t pp;
2368 	list_property_ptr_t l;
2369 
2370 	res_type = resource_scope;
2371 	prop_type = cmd->cmd_prop_name[0];
2372 	if (res_type == RT_UNKNOWN || prop_type == PT_UNKNOWN) {
2373 		long_usage(CMD_ADD, B_TRUE);
2374 		return;
2375 	}
2376 
2377 	if (cmd->cmd_prop_nv_pairs != 1) {
2378 		long_usage(CMD_ADD, B_TRUE);
2379 		return;
2380 	}
2381 
2382 	if (initialize(B_TRUE) != Z_OK)
2383 		return;
2384 
2385 	switch (res_type) {
2386 	case RT_FS:
2387 		if (prop_type != PT_OPTIONS) {
2388 			zone_perror(pt_to_str(prop_type), Z_NO_PROPERTY_TYPE,
2389 			    B_TRUE);
2390 			long_usage(CMD_ADD, B_TRUE);
2391 			usage(B_FALSE, HELP_PROPS);
2392 			return;
2393 		}
2394 		pp = cmd->cmd_property_ptr[0];
2395 		if (pp->pv_type != PROP_VAL_SIMPLE &&
2396 		    pp->pv_type != PROP_VAL_LIST) {
2397 			zerr(gettext("A %s or %s value was expected here."),
2398 			    pvt_to_str(PROP_VAL_SIMPLE),
2399 			    pvt_to_str(PROP_VAL_LIST));
2400 			saw_error = B_TRUE;
2401 			return;
2402 		}
2403 		if (pp->pv_type == PROP_VAL_SIMPLE) {
2404 			if (pp->pv_simple == NULL) {
2405 				long_usage(CMD_ADD, B_TRUE);
2406 				return;
2407 			}
2408 			prop_id = pp->pv_simple;
2409 			err = zonecfg_add_fs_option(&in_progress_fstab,
2410 			    prop_id);
2411 			if (err != Z_OK)
2412 				zone_perror(pt_to_str(prop_type), err, B_TRUE);
2413 		} else {
2414 			list_property_ptr_t list;
2415 
2416 			for (list = pp->pv_list; list != NULL;
2417 			    list = list->lp_next) {
2418 				prop_id = list->lp_simple;
2419 				if (prop_id == NULL)
2420 					break;
2421 				err = zonecfg_add_fs_option(
2422 				    &in_progress_fstab, prop_id);
2423 				if (err != Z_OK)
2424 					zone_perror(pt_to_str(prop_type), err,
2425 					    B_TRUE);
2426 			}
2427 		}
2428 		return;
2429 	case RT_RCTL:
2430 		if (prop_type != PT_VALUE) {
2431 			zone_perror(pt_to_str(prop_type), Z_NO_PROPERTY_TYPE,
2432 			    B_TRUE);
2433 			long_usage(CMD_ADD, B_TRUE);
2434 			usage(B_FALSE, HELP_PROPS);
2435 			return;
2436 		}
2437 		pp = cmd->cmd_property_ptr[0];
2438 		if (pp->pv_type != PROP_VAL_COMPLEX &&
2439 		    pp->pv_type != PROP_VAL_LIST) {
2440 			zerr(gettext("A %s or %s value was expected here."),
2441 			    pvt_to_str(PROP_VAL_COMPLEX),
2442 			    pvt_to_str(PROP_VAL_LIST));
2443 			saw_error = B_TRUE;
2444 			return;
2445 		}
2446 		if (pp->pv_type == PROP_VAL_COMPLEX) {
2447 			do_complex_rctl_val(pp->pv_complex);
2448 			return;
2449 		}
2450 		for (l = pp->pv_list; l != NULL; l = l->lp_next)
2451 			do_complex_rctl_val(l->lp_complex);
2452 		return;
2453 	default:
2454 		zone_perror(rt_to_str(res_type), Z_NO_RESOURCE_TYPE, B_TRUE);
2455 		long_usage(CMD_ADD, B_TRUE);
2456 		usage(B_FALSE, HELP_RESOURCES);
2457 		return;
2458 	}
2459 }
2460 
2461 static boolean_t
gz_invalid_resource(int type)2462 gz_invalid_resource(int type)
2463 {
2464 	return (global_zone && (type == RT_FS ||
2465 	    type == RT_NET || type == RT_DEVICE || type == RT_ATTR ||
2466 	    type == RT_DATASET));
2467 }
2468 
2469 static boolean_t
gz_invalid_rt_property(int type)2470 gz_invalid_rt_property(int type)
2471 {
2472 	return (global_zone && (type == RT_ZONENAME || type == RT_ZONEPATH ||
2473 	    type == RT_AUTOBOOT || type == RT_LIMITPRIV ||
2474 	    type == RT_BOOTARGS || type == RT_BRAND || type == RT_SCHED ||
2475 	    type == RT_IPTYPE || type == RT_HOSTID || type == RT_FS_ALLOWED));
2476 }
2477 
2478 static boolean_t
gz_invalid_property(int type)2479 gz_invalid_property(int type)
2480 {
2481 	return (global_zone && (type == PT_ZONENAME || type == PT_ZONEPATH ||
2482 	    type == PT_AUTOBOOT || type == PT_LIMITPRIV ||
2483 	    type == PT_BOOTARGS || type == PT_BRAND || type == PT_SCHED ||
2484 	    type == PT_IPTYPE || type == PT_HOSTID || type == PT_FS_ALLOWED));
2485 }
2486 
2487 void
add_func(cmd_t * cmd)2488 add_func(cmd_t *cmd)
2489 {
2490 	int arg;
2491 	boolean_t arg_err = B_FALSE;
2492 
2493 	assert(cmd != NULL);
2494 
2495 	optind = 0;
2496 	while ((arg = getopt(cmd->cmd_argc, cmd->cmd_argv, "?")) != EOF) {
2497 		switch (arg) {
2498 		case '?':
2499 			longer_usage(CMD_ADD);
2500 			arg_err = B_TRUE;
2501 			break;
2502 		default:
2503 			short_usage(CMD_ADD);
2504 			arg_err = B_TRUE;
2505 			break;
2506 		}
2507 	}
2508 	if (arg_err)
2509 		return;
2510 
2511 	if (optind != cmd->cmd_argc) {
2512 		short_usage(CMD_ADD);
2513 		return;
2514 	}
2515 
2516 	if (zone_is_read_only(CMD_ADD))
2517 		return;
2518 
2519 	if (initialize(B_TRUE) != Z_OK)
2520 		return;
2521 	if (global_scope) {
2522 		if (gz_invalid_resource(cmd->cmd_res_type)) {
2523 			zerr(gettext("Cannot add a %s resource to the "
2524 			    "global zone."), rt_to_str(cmd->cmd_res_type));
2525 			saw_error = B_TRUE;
2526 			return;
2527 		}
2528 
2529 		global_scope = B_FALSE;
2530 		resource_scope = cmd->cmd_res_type;
2531 		end_op = CMD_ADD;
2532 		add_resource(cmd);
2533 	} else
2534 		add_property(cmd);
2535 }
2536 
2537 /*
2538  * This routine has an unusual implementation, because it tries very
2539  * hard to succeed in the face of a variety of failure modes.
2540  * The most common and most vexing occurs when the index file and
2541  * the /etc/zones/<zonename.xml> file are not both present.  In
2542  * this case, delete must eradicate as much of the zone state as is left
2543  * so that the user can later create a new zone with the same name.
2544  */
2545 void
delete_func(cmd_t * cmd)2546 delete_func(cmd_t *cmd)
2547 {
2548 	int err, arg, answer;
2549 	char line[ZONENAME_MAX + 128];	/* enough to ask a question */
2550 	boolean_t force = B_FALSE;
2551 	boolean_t arg_err = B_FALSE;
2552 
2553 	optind = 0;
2554 	while ((arg = getopt(cmd->cmd_argc, cmd->cmd_argv, "?F")) != EOF) {
2555 		switch (arg) {
2556 		case '?':
2557 			longer_usage(CMD_DELETE);
2558 			arg_err = B_TRUE;
2559 			break;
2560 		case 'F':
2561 			force = B_TRUE;
2562 			break;
2563 		default:
2564 			short_usage(CMD_DELETE);
2565 			arg_err = B_TRUE;
2566 			break;
2567 		}
2568 	}
2569 	if (arg_err)
2570 		return;
2571 
2572 	if (optind != cmd->cmd_argc) {
2573 		short_usage(CMD_DELETE);
2574 		return;
2575 	}
2576 
2577 	if (zone_is_read_only(CMD_DELETE))
2578 		return;
2579 
2580 	if (!force) {
2581 		/*
2582 		 * Initialize sets up the global called "handle" and warns the
2583 		 * user if the zone is not configured.  In force mode, we don't
2584 		 * trust that evaluation, and hence skip it.  (We don't need the
2585 		 * handle to be loaded anyway, since zonecfg_destroy is done by
2586 		 * zonename). However, we also have to take care to emulate the
2587 		 * messages spit out by initialize; see below.
2588 		 */
2589 		if (initialize(B_TRUE) != Z_OK)
2590 			return;
2591 
2592 		(void) snprintf(line, sizeof (line),
2593 		    gettext("Are you sure you want to delete zone %s"), zone);
2594 		if ((answer = ask_yesno(B_FALSE, line)) == -1) {
2595 			zerr(gettext("Input not from terminal and -F not "
2596 			    "specified:\n%s command ignored, exiting."),
2597 			    cmd_to_str(CMD_DELETE));
2598 			exit(Z_ERR);
2599 		}
2600 		if (answer != 1)
2601 			return;
2602 	}
2603 
2604 	/*
2605 	 * This function removes the authorizations from user_attr
2606 	 * that correspond to those specified in the configuration
2607 	 */
2608 	if (initialize(B_TRUE) == Z_OK) {
2609 		(void) zonecfg_deauthorize_users(handle, zone);
2610 	}
2611 	if ((err = zonecfg_destroy(zone, force)) != Z_OK) {
2612 		if ((err == Z_BAD_ZONE_STATE) && !force) {
2613 			zerr(gettext("Zone %s not in %s state; %s not "
2614 			    "allowed.  Use -F to force %s."),
2615 			    zone, zone_state_str(ZONE_STATE_CONFIGURED),
2616 			    cmd_to_str(CMD_DELETE), cmd_to_str(CMD_DELETE));
2617 		} else {
2618 			zone_perror(zone, err, B_TRUE);
2619 		}
2620 	}
2621 	need_to_commit = B_FALSE;
2622 
2623 	/*
2624 	 * Emulate initialize's messaging; if there wasn't a valid handle to
2625 	 * begin with, then user had typed delete (or delete -F) multiple
2626 	 * times.  So we emit a message.
2627 	 *
2628 	 * We only do this in the 'force' case because normally, initialize()
2629 	 * takes care of this for us.
2630 	 */
2631 	if (force && zonecfg_check_handle(handle) != Z_OK && interactive_mode)
2632 		(void) printf(gettext("Use '%s' to begin "
2633 		    "configuring a new zone.\n"), cmd_to_str(CMD_CREATE));
2634 
2635 	/*
2636 	 * Time for a new handle: finish the old one off first
2637 	 * then get a new one properly to avoid leaks.
2638 	 */
2639 	if (got_handle) {
2640 		zonecfg_fini_handle(handle);
2641 		if ((handle = zonecfg_init_handle()) == NULL) {
2642 			zone_perror(execname, Z_NOMEM, B_TRUE);
2643 			exit(Z_ERR);
2644 		}
2645 		if ((err = zonecfg_get_handle(zone, handle)) != Z_OK) {
2646 			/* If there was no zone before, that's OK */
2647 			if (err != Z_NO_ZONE)
2648 				zone_perror(zone, err, B_TRUE);
2649 			got_handle = B_FALSE;
2650 		}
2651 	}
2652 }
2653 
2654 static int
fill_in_fstab(cmd_t * cmd,struct zone_fstab * fstab,boolean_t fill_in_only)2655 fill_in_fstab(cmd_t *cmd, struct zone_fstab *fstab, boolean_t fill_in_only)
2656 {
2657 	int err, i;
2658 	property_value_ptr_t pp;
2659 
2660 	if ((err = initialize(B_TRUE)) != Z_OK)
2661 		return (err);
2662 
2663 	bzero(fstab, sizeof (*fstab));
2664 	for (i = 0; i < cmd->cmd_prop_nv_pairs; i++) {
2665 		pp = cmd->cmd_property_ptr[i];
2666 		if (pp->pv_type != PROP_VAL_SIMPLE || pp->pv_simple == NULL) {
2667 			zerr(gettext("A simple value was expected here."));
2668 			saw_error = B_TRUE;
2669 			return (Z_INSUFFICIENT_SPEC);
2670 		}
2671 		switch (cmd->cmd_prop_name[i]) {
2672 		case PT_DIR:
2673 			(void) strlcpy(fstab->zone_fs_dir, pp->pv_simple,
2674 			    sizeof (fstab->zone_fs_dir));
2675 			break;
2676 		case PT_SPECIAL:
2677 			(void) strlcpy(fstab->zone_fs_special, pp->pv_simple,
2678 			    sizeof (fstab->zone_fs_special));
2679 			break;
2680 		case PT_RAW:
2681 			(void) strlcpy(fstab->zone_fs_raw, pp->pv_simple,
2682 			    sizeof (fstab->zone_fs_raw));
2683 			break;
2684 		case PT_TYPE:
2685 			(void) strlcpy(fstab->zone_fs_type, pp->pv_simple,
2686 			    sizeof (fstab->zone_fs_type));
2687 			break;
2688 		default:
2689 			zone_perror(pt_to_str(cmd->cmd_prop_name[i]),
2690 			    Z_NO_PROPERTY_TYPE, B_TRUE);
2691 			return (Z_INSUFFICIENT_SPEC);
2692 		}
2693 	}
2694 	if (fill_in_only)
2695 		return (Z_OK);
2696 	return (zonecfg_lookup_filesystem(handle, fstab));
2697 }
2698 
2699 static int
fill_in_nwiftab(cmd_t * cmd,struct zone_nwiftab * nwiftab,boolean_t fill_in_only)2700 fill_in_nwiftab(cmd_t *cmd, struct zone_nwiftab *nwiftab,
2701     boolean_t fill_in_only)
2702 {
2703 	int err, i;
2704 	property_value_ptr_t pp;
2705 
2706 	if ((err = initialize(B_TRUE)) != Z_OK)
2707 		return (err);
2708 
2709 	bzero(nwiftab, sizeof (*nwiftab));
2710 	for (i = 0; i < cmd->cmd_prop_nv_pairs; i++) {
2711 		pp = cmd->cmd_property_ptr[i];
2712 		if (pp->pv_type != PROP_VAL_SIMPLE || pp->pv_simple == NULL) {
2713 			zerr(gettext("A simple value was expected here."));
2714 			saw_error = B_TRUE;
2715 			return (Z_INSUFFICIENT_SPEC);
2716 		}
2717 		switch (cmd->cmd_prop_name[i]) {
2718 		case PT_ADDRESS:
2719 			(void) strlcpy(nwiftab->zone_nwif_address,
2720 			    pp->pv_simple, sizeof (nwiftab->zone_nwif_address));
2721 			break;
2722 		case PT_ALLOWED_ADDRESS:
2723 			(void) strlcpy(nwiftab->zone_nwif_allowed_address,
2724 			    pp->pv_simple,
2725 			    sizeof (nwiftab->zone_nwif_allowed_address));
2726 			break;
2727 		case PT_PHYSICAL:
2728 			(void) strlcpy(nwiftab->zone_nwif_physical,
2729 			    pp->pv_simple,
2730 			    sizeof (nwiftab->zone_nwif_physical));
2731 			break;
2732 		case PT_DEFROUTER:
2733 			(void) strlcpy(nwiftab->zone_nwif_defrouter,
2734 			    pp->pv_simple,
2735 			    sizeof (nwiftab->zone_nwif_defrouter));
2736 			break;
2737 		default:
2738 			zone_perror(pt_to_str(cmd->cmd_prop_name[i]),
2739 			    Z_NO_PROPERTY_TYPE, B_TRUE);
2740 			return (Z_INSUFFICIENT_SPEC);
2741 		}
2742 	}
2743 	if (fill_in_only)
2744 		return (Z_OK);
2745 	err = zonecfg_lookup_nwif(handle, nwiftab);
2746 	return (err);
2747 }
2748 
2749 static int
fill_in_devtab(cmd_t * cmd,struct zone_devtab * devtab,boolean_t fill_in_only)2750 fill_in_devtab(cmd_t *cmd, struct zone_devtab *devtab, boolean_t fill_in_only)
2751 {
2752 	int err, i;
2753 	property_value_ptr_t pp;
2754 
2755 	if ((err = initialize(B_TRUE)) != Z_OK)
2756 		return (err);
2757 
2758 	bzero(devtab, sizeof (*devtab));
2759 	for (i = 0; i < cmd->cmd_prop_nv_pairs; i++) {
2760 		pp = cmd->cmd_property_ptr[i];
2761 		if (pp->pv_type != PROP_VAL_SIMPLE || pp->pv_simple == NULL) {
2762 			zerr(gettext("A simple value was expected here."));
2763 			saw_error = B_TRUE;
2764 			return (Z_INSUFFICIENT_SPEC);
2765 		}
2766 		switch (cmd->cmd_prop_name[i]) {
2767 		case PT_MATCH:
2768 			(void) strlcpy(devtab->zone_dev_match, pp->pv_simple,
2769 			    sizeof (devtab->zone_dev_match));
2770 			break;
2771 		default:
2772 			zone_perror(pt_to_str(cmd->cmd_prop_name[i]),
2773 			    Z_NO_PROPERTY_TYPE, B_TRUE);
2774 			return (Z_INSUFFICIENT_SPEC);
2775 		}
2776 	}
2777 	if (fill_in_only)
2778 		return (Z_OK);
2779 	err = zonecfg_lookup_dev(handle, devtab);
2780 	return (err);
2781 }
2782 
2783 static int
fill_in_rctltab(cmd_t * cmd,struct zone_rctltab * rctltab,boolean_t fill_in_only)2784 fill_in_rctltab(cmd_t *cmd, struct zone_rctltab *rctltab,
2785     boolean_t fill_in_only)
2786 {
2787 	int err, i;
2788 	property_value_ptr_t pp;
2789 
2790 	if ((err = initialize(B_TRUE)) != Z_OK)
2791 		return (err);
2792 
2793 	bzero(rctltab, sizeof (*rctltab));
2794 	for (i = 0; i < cmd->cmd_prop_nv_pairs; i++) {
2795 		pp = cmd->cmd_property_ptr[i];
2796 		if (pp->pv_type != PROP_VAL_SIMPLE || pp->pv_simple == NULL) {
2797 			zerr(gettext("A simple value was expected here."));
2798 			saw_error = B_TRUE;
2799 			return (Z_INSUFFICIENT_SPEC);
2800 		}
2801 		switch (cmd->cmd_prop_name[i]) {
2802 		case PT_NAME:
2803 			(void) strlcpy(rctltab->zone_rctl_name, pp->pv_simple,
2804 			    sizeof (rctltab->zone_rctl_name));
2805 			break;
2806 		default:
2807 			zone_perror(pt_to_str(cmd->cmd_prop_name[i]),
2808 			    Z_NO_PROPERTY_TYPE, B_TRUE);
2809 			return (Z_INSUFFICIENT_SPEC);
2810 		}
2811 	}
2812 	if (fill_in_only)
2813 		return (Z_OK);
2814 	err = zonecfg_lookup_rctl(handle, rctltab);
2815 	return (err);
2816 }
2817 
2818 static int
fill_in_attrtab(cmd_t * cmd,struct zone_attrtab * attrtab,boolean_t fill_in_only)2819 fill_in_attrtab(cmd_t *cmd, struct zone_attrtab *attrtab,
2820     boolean_t fill_in_only)
2821 {
2822 	int err, i;
2823 	property_value_ptr_t pp;
2824 
2825 	if ((err = initialize(B_TRUE)) != Z_OK)
2826 		return (err);
2827 
2828 	bzero(attrtab, sizeof (*attrtab));
2829 	for (i = 0; i < cmd->cmd_prop_nv_pairs; i++) {
2830 		pp = cmd->cmd_property_ptr[i];
2831 		if (pp->pv_type != PROP_VAL_SIMPLE || pp->pv_simple == NULL) {
2832 			zerr(gettext("A simple value was expected here."));
2833 			saw_error = B_TRUE;
2834 			return (Z_INSUFFICIENT_SPEC);
2835 		}
2836 		switch (cmd->cmd_prop_name[i]) {
2837 		case PT_NAME:
2838 			(void) strlcpy(attrtab->zone_attr_name, pp->pv_simple,
2839 			    sizeof (attrtab->zone_attr_name));
2840 			break;
2841 		case PT_TYPE:
2842 			(void) strlcpy(attrtab->zone_attr_type, pp->pv_simple,
2843 			    sizeof (attrtab->zone_attr_type));
2844 			break;
2845 		case PT_VALUE:
2846 			(void) strlcpy(attrtab->zone_attr_value, pp->pv_simple,
2847 			    sizeof (attrtab->zone_attr_value));
2848 			break;
2849 		default:
2850 			zone_perror(pt_to_str(cmd->cmd_prop_name[i]),
2851 			    Z_NO_PROPERTY_TYPE, B_TRUE);
2852 			return (Z_INSUFFICIENT_SPEC);
2853 		}
2854 	}
2855 	if (fill_in_only)
2856 		return (Z_OK);
2857 	err = zonecfg_lookup_attr(handle, attrtab);
2858 	return (err);
2859 }
2860 
2861 static int
fill_in_dstab(cmd_t * cmd,struct zone_dstab * dstab,boolean_t fill_in_only)2862 fill_in_dstab(cmd_t *cmd, struct zone_dstab *dstab, boolean_t fill_in_only)
2863 {
2864 	int err, i;
2865 	property_value_ptr_t pp;
2866 
2867 	if ((err = initialize(B_TRUE)) != Z_OK)
2868 		return (err);
2869 
2870 	dstab->zone_dataset_name[0] = '\0';
2871 	for (i = 0; i < cmd->cmd_prop_nv_pairs; i++) {
2872 		pp = cmd->cmd_property_ptr[i];
2873 		if (pp->pv_type != PROP_VAL_SIMPLE || pp->pv_simple == NULL) {
2874 			zerr(gettext("A simple value was expected here."));
2875 			saw_error = B_TRUE;
2876 			return (Z_INSUFFICIENT_SPEC);
2877 		}
2878 		switch (cmd->cmd_prop_name[i]) {
2879 		case PT_NAME:
2880 			(void) strlcpy(dstab->zone_dataset_name, pp->pv_simple,
2881 			    sizeof (dstab->zone_dataset_name));
2882 			break;
2883 		default:
2884 			zone_perror(pt_to_str(cmd->cmd_prop_name[i]),
2885 			    Z_NO_PROPERTY_TYPE, B_TRUE);
2886 			return (Z_INSUFFICIENT_SPEC);
2887 		}
2888 	}
2889 	if (fill_in_only)
2890 		return (Z_OK);
2891 	return (zonecfg_lookup_ds(handle, dstab));
2892 }
2893 
2894 static int
fill_in_admintab(cmd_t * cmd,struct zone_admintab * admintab,boolean_t fill_in_only)2895 fill_in_admintab(cmd_t *cmd, struct zone_admintab *admintab,
2896     boolean_t fill_in_only)
2897 {
2898 	int err, i;
2899 	property_value_ptr_t pp;
2900 
2901 	if ((err = initialize(B_TRUE)) != Z_OK)
2902 		return (err);
2903 
2904 	bzero(admintab, sizeof (*admintab));
2905 	for (i = 0; i < cmd->cmd_prop_nv_pairs; i++) {
2906 		pp = cmd->cmd_property_ptr[i];
2907 		if (pp->pv_type != PROP_VAL_SIMPLE || pp->pv_simple == NULL) {
2908 			zerr(gettext("A simple value was expected here."));
2909 			saw_error = B_TRUE;
2910 			return (Z_INSUFFICIENT_SPEC);
2911 		}
2912 		switch (cmd->cmd_prop_name[i]) {
2913 		case PT_USER:
2914 			(void) strlcpy(admintab->zone_admin_user, pp->pv_simple,
2915 			    sizeof (admintab->zone_admin_user));
2916 			break;
2917 		case PT_AUTHS:
2918 			(void) strlcpy(admintab->zone_admin_auths,
2919 			    pp->pv_simple, sizeof (admintab->zone_admin_auths));
2920 			break;
2921 		default:
2922 			zone_perror(pt_to_str(cmd->cmd_prop_name[i]),
2923 			    Z_NO_PROPERTY_TYPE, B_TRUE);
2924 			return (Z_INSUFFICIENT_SPEC);
2925 		}
2926 	}
2927 	if (fill_in_only)
2928 		return (Z_OK);
2929 	err = zonecfg_lookup_admin(handle, admintab);
2930 	return (err);
2931 }
2932 
2933 static void
remove_aliased_rctl(int type,char * name)2934 remove_aliased_rctl(int type, char *name)
2935 {
2936 	int err;
2937 	uint64_t tmp;
2938 
2939 	if ((err = zonecfg_get_aliased_rctl(handle, name, &tmp)) != Z_OK) {
2940 		zerr("%s %s: %s", cmd_to_str(CMD_CLEAR), pt_to_str(type),
2941 		    zonecfg_strerror(err));
2942 		saw_error = B_TRUE;
2943 		return;
2944 	}
2945 	if ((err = zonecfg_rm_aliased_rctl(handle, name)) != Z_OK) {
2946 		zerr("%s %s: %s", cmd_to_str(CMD_CLEAR), pt_to_str(type),
2947 		    zonecfg_strerror(err));
2948 		saw_error = B_TRUE;
2949 	} else {
2950 		need_to_commit = B_TRUE;
2951 	}
2952 }
2953 
2954 static boolean_t
prompt_remove_resource(cmd_t * cmd,char * rsrc)2955 prompt_remove_resource(cmd_t *cmd, char *rsrc)
2956 {
2957 	int num;
2958 	int answer;
2959 	int arg;
2960 	boolean_t force = B_FALSE;
2961 	char prompt[128];
2962 	boolean_t arg_err = B_FALSE;
2963 
2964 	optind = 0;
2965 	while ((arg = getopt(cmd->cmd_argc, cmd->cmd_argv, "F")) != EOF) {
2966 		switch (arg) {
2967 		case 'F':
2968 			force = B_TRUE;
2969 			break;
2970 		default:
2971 			arg_err = B_TRUE;
2972 			break;
2973 		}
2974 	}
2975 	if (arg_err)
2976 		return (B_FALSE);
2977 
2978 
2979 	num = zonecfg_num_resources(handle, rsrc);
2980 
2981 	if (num == 0) {
2982 		z_cmd_rt_perror(CMD_REMOVE, cmd->cmd_res_type, Z_NO_ENTRY,
2983 		    B_TRUE);
2984 		return (B_FALSE);
2985 	}
2986 	if (num > 1 && !force) {
2987 		if (!interactive_mode) {
2988 			zerr(gettext("There are multiple instances of this "
2989 			    "resource.  Either qualify the resource to\n"
2990 			    "remove a single instance or use the -F option to "
2991 			    "remove all instances."));
2992 			saw_error = B_TRUE;
2993 			return (B_FALSE);
2994 		}
2995 		(void) snprintf(prompt, sizeof (prompt), gettext(
2996 		    "Are you sure you want to remove ALL '%s' resources"),
2997 		    rsrc);
2998 		answer = ask_yesno(B_FALSE, prompt);
2999 		if (answer == -1) {
3000 			zerr(gettext("Resource incomplete."));
3001 			return (B_FALSE);
3002 		}
3003 		if (answer != 1)
3004 			return (B_FALSE);
3005 	}
3006 	return (B_TRUE);
3007 }
3008 
3009 static void
remove_fs(cmd_t * cmd)3010 remove_fs(cmd_t *cmd)
3011 {
3012 	int err;
3013 
3014 	/* traditional, qualified fs removal */
3015 	if (cmd->cmd_prop_nv_pairs > 0) {
3016 		struct zone_fstab fstab;
3017 
3018 		if ((err = fill_in_fstab(cmd, &fstab, B_FALSE)) != Z_OK) {
3019 			z_cmd_rt_perror(CMD_REMOVE, RT_FS, err, B_TRUE);
3020 			return;
3021 		}
3022 		if ((err = zonecfg_delete_filesystem(handle, &fstab)) != Z_OK)
3023 			z_cmd_rt_perror(CMD_REMOVE, RT_FS, err, B_TRUE);
3024 		else
3025 			need_to_commit = B_TRUE;
3026 		zonecfg_free_fs_option_list(fstab.zone_fs_options);
3027 		return;
3028 	}
3029 
3030 	/*
3031 	 * unqualified fs removal.  remove all fs's but prompt if more
3032 	 * than one.
3033 	 */
3034 	if (!prompt_remove_resource(cmd, "fs"))
3035 		return;
3036 
3037 	if ((err = zonecfg_del_all_resources(handle, "fs")) != Z_OK)
3038 		z_cmd_rt_perror(CMD_REMOVE, RT_FS, err, B_TRUE);
3039 	else
3040 		need_to_commit = B_TRUE;
3041 }
3042 
3043 static void
remove_net(cmd_t * cmd)3044 remove_net(cmd_t *cmd)
3045 {
3046 	int err;
3047 
3048 	/* traditional, qualified net removal */
3049 	if (cmd->cmd_prop_nv_pairs > 0) {
3050 		struct zone_nwiftab nwiftab;
3051 
3052 		if ((err = fill_in_nwiftab(cmd, &nwiftab, B_FALSE)) != Z_OK) {
3053 			z_cmd_rt_perror(CMD_REMOVE, RT_NET, err, B_TRUE);
3054 			return;
3055 		}
3056 		if ((err = zonecfg_delete_nwif(handle, &nwiftab)) != Z_OK)
3057 			z_cmd_rt_perror(CMD_REMOVE, RT_NET, err, B_TRUE);
3058 		else
3059 			need_to_commit = B_TRUE;
3060 		return;
3061 	}
3062 
3063 	/*
3064 	 * unqualified net removal.  remove all nets but prompt if more
3065 	 * than one.
3066 	 */
3067 	if (!prompt_remove_resource(cmd, "net"))
3068 		return;
3069 
3070 	if ((err = zonecfg_del_all_resources(handle, "net")) != Z_OK)
3071 		z_cmd_rt_perror(CMD_REMOVE, RT_NET, err, B_TRUE);
3072 	else
3073 		need_to_commit = B_TRUE;
3074 }
3075 
3076 static void
remove_device(cmd_t * cmd)3077 remove_device(cmd_t *cmd)
3078 {
3079 	int err;
3080 
3081 	/* traditional, qualified device removal */
3082 	if (cmd->cmd_prop_nv_pairs > 0) {
3083 		struct zone_devtab devtab;
3084 
3085 		if ((err = fill_in_devtab(cmd, &devtab, B_FALSE)) != Z_OK) {
3086 			z_cmd_rt_perror(CMD_REMOVE, RT_DEVICE, err, B_TRUE);
3087 			return;
3088 		}
3089 		if ((err = zonecfg_delete_dev(handle, &devtab)) != Z_OK)
3090 			z_cmd_rt_perror(CMD_REMOVE, RT_DEVICE, err, B_TRUE);
3091 		else
3092 			need_to_commit = B_TRUE;
3093 		return;
3094 	}
3095 
3096 	/*
3097 	 * unqualified device removal.  remove all devices but prompt if more
3098 	 * than one.
3099 	 */
3100 	if (!prompt_remove_resource(cmd, "device"))
3101 		return;
3102 
3103 	if ((err = zonecfg_del_all_resources(handle, "device")) != Z_OK)
3104 		z_cmd_rt_perror(CMD_REMOVE, RT_DEVICE, err, B_TRUE);
3105 	else
3106 		need_to_commit = B_TRUE;
3107 }
3108 
3109 static void
remove_attr(cmd_t * cmd)3110 remove_attr(cmd_t *cmd)
3111 {
3112 	int err;
3113 
3114 	/* traditional, qualified attr removal */
3115 	if (cmd->cmd_prop_nv_pairs > 0) {
3116 		struct zone_attrtab attrtab;
3117 
3118 		if ((err = fill_in_attrtab(cmd, &attrtab, B_FALSE)) != Z_OK) {
3119 			z_cmd_rt_perror(CMD_REMOVE, RT_ATTR, err, B_TRUE);
3120 			return;
3121 		}
3122 		if ((err = zonecfg_delete_attr(handle, &attrtab)) != Z_OK)
3123 			z_cmd_rt_perror(CMD_REMOVE, RT_ATTR, err, B_TRUE);
3124 		else
3125 			need_to_commit = B_TRUE;
3126 		return;
3127 	}
3128 
3129 	/*
3130 	 * unqualified attr removal.  remove all attrs but prompt if more
3131 	 * than one.
3132 	 */
3133 	if (!prompt_remove_resource(cmd, "attr"))
3134 		return;
3135 
3136 	if ((err = zonecfg_del_all_resources(handle, "attr")) != Z_OK)
3137 		z_cmd_rt_perror(CMD_REMOVE, RT_ATTR, err, B_TRUE);
3138 	else
3139 		need_to_commit = B_TRUE;
3140 }
3141 
3142 static void
remove_dataset(cmd_t * cmd)3143 remove_dataset(cmd_t *cmd)
3144 {
3145 	int err;
3146 
3147 	/* traditional, qualified dataset removal */
3148 	if (cmd->cmd_prop_nv_pairs > 0) {
3149 		struct zone_dstab dstab;
3150 
3151 		if ((err = fill_in_dstab(cmd, &dstab, B_FALSE)) != Z_OK) {
3152 			z_cmd_rt_perror(CMD_REMOVE, RT_DATASET, err, B_TRUE);
3153 			return;
3154 		}
3155 		if ((err = zonecfg_delete_ds(handle, &dstab)) != Z_OK)
3156 			z_cmd_rt_perror(CMD_REMOVE, RT_DATASET, err, B_TRUE);
3157 		else
3158 			need_to_commit = B_TRUE;
3159 		return;
3160 	}
3161 
3162 	/*
3163 	 * unqualified dataset removal.  remove all datasets but prompt if more
3164 	 * than one.
3165 	 */
3166 	if (!prompt_remove_resource(cmd, "dataset"))
3167 		return;
3168 
3169 	if ((err = zonecfg_del_all_resources(handle, "dataset")) != Z_OK)
3170 		z_cmd_rt_perror(CMD_REMOVE, RT_DATASET, err, B_TRUE);
3171 	else
3172 		need_to_commit = B_TRUE;
3173 }
3174 
3175 static void
remove_rctl(cmd_t * cmd)3176 remove_rctl(cmd_t *cmd)
3177 {
3178 	int err;
3179 
3180 	/* traditional, qualified rctl removal */
3181 	if (cmd->cmd_prop_nv_pairs > 0) {
3182 		struct zone_rctltab rctltab;
3183 
3184 		if ((err = fill_in_rctltab(cmd, &rctltab, B_FALSE)) != Z_OK) {
3185 			z_cmd_rt_perror(CMD_REMOVE, RT_RCTL, err, B_TRUE);
3186 			return;
3187 		}
3188 		if ((err = zonecfg_delete_rctl(handle, &rctltab)) != Z_OK)
3189 			z_cmd_rt_perror(CMD_REMOVE, RT_RCTL, err, B_TRUE);
3190 		else
3191 			need_to_commit = B_TRUE;
3192 		zonecfg_free_rctl_value_list(rctltab.zone_rctl_valptr);
3193 		return;
3194 	}
3195 
3196 	/*
3197 	 * unqualified rctl removal.  remove all rctls but prompt if more
3198 	 * than one.
3199 	 */
3200 	if (!prompt_remove_resource(cmd, "rctl"))
3201 		return;
3202 
3203 	if ((err = zonecfg_del_all_resources(handle, "rctl")) != Z_OK)
3204 		z_cmd_rt_perror(CMD_REMOVE, RT_RCTL, err, B_TRUE);
3205 	else
3206 		need_to_commit = B_TRUE;
3207 }
3208 
3209 static void
remove_pset()3210 remove_pset()
3211 {
3212 	int err;
3213 	struct zone_psettab psettab;
3214 
3215 	if ((err = zonecfg_lookup_pset(handle, &psettab)) != Z_OK) {
3216 		z_cmd_rt_perror(CMD_REMOVE, RT_DCPU, err, B_TRUE);
3217 		return;
3218 	}
3219 	if ((err = zonecfg_delete_pset(handle)) != Z_OK)
3220 		z_cmd_rt_perror(CMD_REMOVE, RT_DCPU, err, B_TRUE);
3221 	else
3222 		need_to_commit = B_TRUE;
3223 }
3224 
3225 static void
remove_pcap()3226 remove_pcap()
3227 {
3228 	int err;
3229 	uint64_t tmp;
3230 
3231 	if (zonecfg_get_aliased_rctl(handle, ALIAS_CPUCAP, &tmp) != Z_OK) {
3232 		zerr("%s %s: %s", cmd_to_str(CMD_REMOVE), rt_to_str(RT_PCAP),
3233 		    zonecfg_strerror(Z_NO_RESOURCE_TYPE));
3234 		saw_error = B_TRUE;
3235 		return;
3236 	}
3237 
3238 	if ((err = zonecfg_rm_aliased_rctl(handle, ALIAS_CPUCAP)) != Z_OK)
3239 		z_cmd_rt_perror(CMD_REMOVE, RT_PCAP, err, B_TRUE);
3240 	else
3241 		need_to_commit = B_TRUE;
3242 }
3243 
3244 static void
remove_mcap()3245 remove_mcap()
3246 {
3247 	int err, res1, res2, res3;
3248 	uint64_t tmp;
3249 	struct zone_mcaptab mcaptab;
3250 	boolean_t revert = B_FALSE;
3251 
3252 	res1 = zonecfg_lookup_mcap(handle, &mcaptab);
3253 	res2 = zonecfg_get_aliased_rctl(handle, ALIAS_MAXSWAP, &tmp);
3254 	res3 = zonecfg_get_aliased_rctl(handle, ALIAS_MAXLOCKEDMEM, &tmp);
3255 
3256 	/* if none of these exist, there is no resource to remove */
3257 	if (res1 != Z_OK && res2 != Z_OK && res3 != Z_OK) {
3258 		zerr("%s %s: %s", cmd_to_str(CMD_REMOVE), rt_to_str(RT_MCAP),
3259 		    zonecfg_strerror(Z_NO_RESOURCE_TYPE));
3260 		saw_error = B_TRUE;
3261 		return;
3262 	}
3263 	if (res1 == Z_OK) {
3264 		if ((err = zonecfg_delete_mcap(handle)) != Z_OK) {
3265 			z_cmd_rt_perror(CMD_REMOVE, RT_MCAP, err, B_TRUE);
3266 			revert = B_TRUE;
3267 		} else {
3268 			need_to_commit = B_TRUE;
3269 		}
3270 	}
3271 	if (res2 == Z_OK) {
3272 		if ((err = zonecfg_rm_aliased_rctl(handle, ALIAS_MAXSWAP))
3273 		    != Z_OK) {
3274 			z_cmd_rt_perror(CMD_REMOVE, RT_MCAP, err, B_TRUE);
3275 			revert = B_TRUE;
3276 		} else {
3277 			need_to_commit = B_TRUE;
3278 		}
3279 	}
3280 	if (res3 == Z_OK) {
3281 		if ((err = zonecfg_rm_aliased_rctl(handle, ALIAS_MAXLOCKEDMEM))
3282 		    != Z_OK) {
3283 			z_cmd_rt_perror(CMD_REMOVE, RT_MCAP, err, B_TRUE);
3284 			revert = B_TRUE;
3285 		} else {
3286 			need_to_commit = B_TRUE;
3287 		}
3288 	}
3289 
3290 	if (revert)
3291 		need_to_commit = B_FALSE;
3292 }
3293 
3294 static void
remove_admin(cmd_t * cmd)3295 remove_admin(cmd_t *cmd)
3296 {
3297 	int err;
3298 
3299 	/* traditional, qualified attr removal */
3300 	if (cmd->cmd_prop_nv_pairs > 0) {
3301 		struct zone_admintab admintab;
3302 
3303 		if ((err = fill_in_admintab(cmd, &admintab, B_FALSE)) != Z_OK) {
3304 			z_cmd_rt_perror(CMD_REMOVE, RT_ADMIN,
3305 			    err, B_TRUE);
3306 			return;
3307 		}
3308 		if ((err = zonecfg_delete_admin(handle, &admintab,
3309 		    zone))
3310 		    != Z_OK)
3311 			z_cmd_rt_perror(CMD_REMOVE, RT_ADMIN,
3312 			    err, B_TRUE);
3313 		else
3314 			need_to_commit = B_TRUE;
3315 		return;
3316 	} else {
3317 		/*
3318 		 * unqualified admin removal.
3319 		 * remove all admins but prompt if more
3320 		 * than one.
3321 		 */
3322 		if (!prompt_remove_resource(cmd, "admin"))
3323 			return;
3324 
3325 		if ((err = zonecfg_delete_admins(handle, zone))
3326 		    != Z_OK)
3327 			z_cmd_rt_perror(CMD_REMOVE, RT_ADMIN,
3328 			    err, B_TRUE);
3329 		else
3330 			need_to_commit = B_TRUE;
3331 	}
3332 }
3333 
3334 static void
remove_resource(cmd_t * cmd)3335 remove_resource(cmd_t *cmd)
3336 {
3337 	int type;
3338 	int arg;
3339 	boolean_t arg_err = B_FALSE;
3340 
3341 	if ((type = cmd->cmd_res_type) == RT_UNKNOWN) {
3342 		long_usage(CMD_REMOVE, B_TRUE);
3343 		return;
3344 	}
3345 
3346 	optind = 0;
3347 	while ((arg = getopt(cmd->cmd_argc, cmd->cmd_argv, "?F")) != EOF) {
3348 		switch (arg) {
3349 		case '?':
3350 			longer_usage(CMD_REMOVE);
3351 			arg_err = B_TRUE;
3352 			break;
3353 		case 'F':
3354 			break;
3355 		default:
3356 			short_usage(CMD_REMOVE);
3357 			arg_err = B_TRUE;
3358 			break;
3359 		}
3360 	}
3361 	if (arg_err)
3362 		return;
3363 
3364 	if (initialize(B_TRUE) != Z_OK)
3365 		return;
3366 
3367 	switch (type) {
3368 	case RT_FS:
3369 		remove_fs(cmd);
3370 		return;
3371 	case RT_NET:
3372 		remove_net(cmd);
3373 		return;
3374 	case RT_DEVICE:
3375 		remove_device(cmd);
3376 		return;
3377 	case RT_RCTL:
3378 		remove_rctl(cmd);
3379 		return;
3380 	case RT_ATTR:
3381 		remove_attr(cmd);
3382 		return;
3383 	case RT_DATASET:
3384 		remove_dataset(cmd);
3385 		return;
3386 	case RT_DCPU:
3387 		remove_pset();
3388 		return;
3389 	case RT_PCAP:
3390 		remove_pcap();
3391 		return;
3392 	case RT_MCAP:
3393 		remove_mcap();
3394 		return;
3395 	case RT_ADMIN:
3396 		remove_admin(cmd);
3397 		return;
3398 	default:
3399 		zone_perror(rt_to_str(type), Z_NO_RESOURCE_TYPE, B_TRUE);
3400 		long_usage(CMD_REMOVE, B_TRUE);
3401 		usage(B_FALSE, HELP_RESOURCES);
3402 		return;
3403 	}
3404 }
3405 
3406 static void
remove_property(cmd_t * cmd)3407 remove_property(cmd_t *cmd)
3408 {
3409 	char *prop_id;
3410 	int err, res_type, prop_type;
3411 	property_value_ptr_t pp;
3412 	struct zone_rctlvaltab *rctlvaltab;
3413 	complex_property_ptr_t cx;
3414 
3415 	res_type = resource_scope;
3416 	prop_type = cmd->cmd_prop_name[0];
3417 	if (res_type == RT_UNKNOWN || prop_type == PT_UNKNOWN) {
3418 		long_usage(CMD_REMOVE, B_TRUE);
3419 		return;
3420 	}
3421 
3422 	if (cmd->cmd_prop_nv_pairs != 1) {
3423 		long_usage(CMD_ADD, B_TRUE);
3424 		return;
3425 	}
3426 
3427 	if (initialize(B_TRUE) != Z_OK)
3428 		return;
3429 
3430 	switch (res_type) {
3431 	case RT_FS:
3432 		if (prop_type != PT_OPTIONS) {
3433 			zone_perror(pt_to_str(prop_type), Z_NO_PROPERTY_TYPE,
3434 			    B_TRUE);
3435 			long_usage(CMD_REMOVE, B_TRUE);
3436 			usage(B_FALSE, HELP_PROPS);
3437 			return;
3438 		}
3439 		pp = cmd->cmd_property_ptr[0];
3440 		if (pp->pv_type == PROP_VAL_COMPLEX) {
3441 			zerr(gettext("A %s or %s value was expected here."),
3442 			    pvt_to_str(PROP_VAL_SIMPLE),
3443 			    pvt_to_str(PROP_VAL_LIST));
3444 			saw_error = B_TRUE;
3445 			return;
3446 		}
3447 		if (pp->pv_type == PROP_VAL_SIMPLE) {
3448 			if (pp->pv_simple == NULL) {
3449 				long_usage(CMD_ADD, B_TRUE);
3450 				return;
3451 			}
3452 			prop_id = pp->pv_simple;
3453 			err = zonecfg_remove_fs_option(&in_progress_fstab,
3454 			    prop_id);
3455 			if (err != Z_OK)
3456 				zone_perror(pt_to_str(prop_type), err, B_TRUE);
3457 		} else {
3458 			list_property_ptr_t list;
3459 
3460 			for (list = pp->pv_list; list != NULL;
3461 			    list = list->lp_next) {
3462 				prop_id = list->lp_simple;
3463 				if (prop_id == NULL)
3464 					break;
3465 				err = zonecfg_remove_fs_option(
3466 				    &in_progress_fstab, prop_id);
3467 				if (err != Z_OK)
3468 					zone_perror(pt_to_str(prop_type), err,
3469 					    B_TRUE);
3470 			}
3471 		}
3472 		return;
3473 	case RT_RCTL:
3474 		if (prop_type != PT_VALUE) {
3475 			zone_perror(pt_to_str(prop_type), Z_NO_PROPERTY_TYPE,
3476 			    B_TRUE);
3477 			long_usage(CMD_REMOVE, B_TRUE);
3478 			usage(B_FALSE, HELP_PROPS);
3479 			return;
3480 		}
3481 		pp = cmd->cmd_property_ptr[0];
3482 		if (pp->pv_type != PROP_VAL_COMPLEX) {
3483 			zerr(gettext("A %s value was expected here."),
3484 			    pvt_to_str(PROP_VAL_COMPLEX));
3485 			saw_error = B_TRUE;
3486 			return;
3487 		}
3488 		if ((rctlvaltab = alloc_rctlvaltab()) == NULL) {
3489 			zone_perror(zone, Z_NOMEM, B_TRUE);
3490 			exit(Z_ERR);
3491 		}
3492 		for (cx = pp->pv_complex; cx != NULL; cx = cx->cp_next) {
3493 			switch (cx->cp_type) {
3494 			case PT_PRIV:
3495 				(void) strlcpy(rctlvaltab->zone_rctlval_priv,
3496 				    cx->cp_value,
3497 				    sizeof (rctlvaltab->zone_rctlval_priv));
3498 				break;
3499 			case PT_LIMIT:
3500 				(void) strlcpy(rctlvaltab->zone_rctlval_limit,
3501 				    cx->cp_value,
3502 				    sizeof (rctlvaltab->zone_rctlval_limit));
3503 				break;
3504 			case PT_ACTION:
3505 				(void) strlcpy(rctlvaltab->zone_rctlval_action,
3506 				    cx->cp_value,
3507 				    sizeof (rctlvaltab->zone_rctlval_action));
3508 				break;
3509 			default:
3510 				zone_perror(pt_to_str(prop_type),
3511 				    Z_NO_PROPERTY_TYPE, B_TRUE);
3512 				long_usage(CMD_ADD, B_TRUE);
3513 				usage(B_FALSE, HELP_PROPS);
3514 				zonecfg_free_rctl_value_list(rctlvaltab);
3515 				return;
3516 			}
3517 		}
3518 		rctlvaltab->zone_rctlval_next = NULL;
3519 		err = zonecfg_remove_rctl_value(&in_progress_rctltab,
3520 		    rctlvaltab);
3521 		if (err != Z_OK)
3522 			zone_perror(pt_to_str(prop_type), err, B_TRUE);
3523 		zonecfg_free_rctl_value_list(rctlvaltab);
3524 		return;
3525 	case RT_NET:
3526 		if (prop_type != PT_DEFROUTER) {
3527 			zone_perror(pt_to_str(prop_type), Z_NO_PROPERTY_TYPE,
3528 			    B_TRUE);
3529 			long_usage(CMD_REMOVE, B_TRUE);
3530 			usage(B_FALSE, HELP_PROPS);
3531 			return;
3532 		} else {
3533 			bzero(&in_progress_nwiftab.zone_nwif_defrouter,
3534 			    sizeof (in_progress_nwiftab.zone_nwif_defrouter));
3535 			return;
3536 		}
3537 	default:
3538 		zone_perror(rt_to_str(res_type), Z_NO_RESOURCE_TYPE, B_TRUE);
3539 		long_usage(CMD_REMOVE, B_TRUE);
3540 		usage(B_FALSE, HELP_RESOURCES);
3541 		return;
3542 	}
3543 }
3544 
3545 void
remove_func(cmd_t * cmd)3546 remove_func(cmd_t *cmd)
3547 {
3548 	if (zone_is_read_only(CMD_REMOVE))
3549 		return;
3550 
3551 	assert(cmd != NULL);
3552 
3553 	if (global_scope) {
3554 		if (gz_invalid_resource(cmd->cmd_res_type)) {
3555 			zerr(gettext("%s is not a valid resource for the "
3556 			    "global zone."), rt_to_str(cmd->cmd_res_type));
3557 			saw_error = B_TRUE;
3558 			return;
3559 		}
3560 		remove_resource(cmd);
3561 	} else {
3562 		remove_property(cmd);
3563 	}
3564 }
3565 
3566 static void
clear_property(cmd_t * cmd)3567 clear_property(cmd_t *cmd)
3568 {
3569 	int res_type, prop_type;
3570 
3571 	res_type = resource_scope;
3572 	prop_type = cmd->cmd_res_type;
3573 	if (res_type == RT_UNKNOWN || prop_type == PT_UNKNOWN) {
3574 		long_usage(CMD_CLEAR, B_TRUE);
3575 		return;
3576 	}
3577 
3578 	if (initialize(B_TRUE) != Z_OK)
3579 		return;
3580 
3581 	switch (res_type) {
3582 	case RT_FS:
3583 		if (prop_type == PT_RAW) {
3584 			in_progress_fstab.zone_fs_raw[0] = '\0';
3585 			need_to_commit = B_TRUE;
3586 			return;
3587 		}
3588 		break;
3589 	case RT_DCPU:
3590 		if (prop_type == PT_IMPORTANCE) {
3591 			in_progress_psettab.zone_importance[0] = '\0';
3592 			need_to_commit = B_TRUE;
3593 			return;
3594 		}
3595 		break;
3596 	case RT_MCAP:
3597 		switch (prop_type) {
3598 		case PT_PHYSICAL:
3599 			in_progress_mcaptab.zone_physmem_cap[0] = '\0';
3600 			need_to_commit = B_TRUE;
3601 			return;
3602 		case PT_SWAP:
3603 			remove_aliased_rctl(PT_SWAP, ALIAS_MAXSWAP);
3604 			return;
3605 		case PT_LOCKED:
3606 			remove_aliased_rctl(PT_LOCKED, ALIAS_MAXLOCKEDMEM);
3607 			return;
3608 		}
3609 		break;
3610 	default:
3611 		break;
3612 	}
3613 
3614 	zone_perror(pt_to_str(prop_type), Z_CLEAR_DISALLOW, B_TRUE);
3615 }
3616 
3617 static void
clear_global(cmd_t * cmd)3618 clear_global(cmd_t *cmd)
3619 {
3620 	int err, type;
3621 
3622 	if ((type = cmd->cmd_res_type) == RT_UNKNOWN) {
3623 		long_usage(CMD_CLEAR, B_TRUE);
3624 		return;
3625 	}
3626 
3627 	if (initialize(B_TRUE) != Z_OK)
3628 		return;
3629 
3630 	switch (type) {
3631 	case PT_ZONENAME:
3632 		/* FALLTHRU */
3633 	case PT_ZONEPATH:
3634 		/* FALLTHRU */
3635 	case PT_BRAND:
3636 		zone_perror(pt_to_str(type), Z_CLEAR_DISALLOW, B_TRUE);
3637 		return;
3638 	case PT_AUTOBOOT:
3639 		/* false is default; we'll treat as equivalent to clearing */
3640 		if ((err = zonecfg_set_autoboot(handle, B_FALSE)) != Z_OK)
3641 			z_cmd_rt_perror(CMD_CLEAR, RT_AUTOBOOT, err, B_TRUE);
3642 		else
3643 			need_to_commit = B_TRUE;
3644 		return;
3645 	case PT_POOL:
3646 		if ((err = zonecfg_set_pool(handle, NULL)) != Z_OK)
3647 			z_cmd_rt_perror(CMD_CLEAR, RT_POOL, err, B_TRUE);
3648 		else
3649 			need_to_commit = B_TRUE;
3650 		return;
3651 	case PT_LIMITPRIV:
3652 		if ((err = zonecfg_set_limitpriv(handle, NULL)) != Z_OK)
3653 			z_cmd_rt_perror(CMD_CLEAR, RT_LIMITPRIV, err, B_TRUE);
3654 		else
3655 			need_to_commit = B_TRUE;
3656 		return;
3657 	case PT_BOOTARGS:
3658 		if ((err = zonecfg_set_bootargs(handle, NULL)) != Z_OK)
3659 			z_cmd_rt_perror(CMD_CLEAR, RT_BOOTARGS, err, B_TRUE);
3660 		else
3661 			need_to_commit = B_TRUE;
3662 		return;
3663 	case PT_SCHED:
3664 		if ((err = zonecfg_set_sched(handle, NULL)) != Z_OK)
3665 			z_cmd_rt_perror(CMD_CLEAR, RT_SCHED, err, B_TRUE);
3666 		else
3667 			need_to_commit = B_TRUE;
3668 		return;
3669 	case PT_IPTYPE:
3670 		/* shared is default; we'll treat as equivalent to clearing */
3671 		if ((err = zonecfg_set_iptype(handle, ZS_SHARED)) != Z_OK)
3672 			z_cmd_rt_perror(CMD_CLEAR, RT_IPTYPE, err, B_TRUE);
3673 		else
3674 			need_to_commit = B_TRUE;
3675 		return;
3676 	case PT_MAXLWPS:
3677 		remove_aliased_rctl(PT_MAXLWPS, ALIAS_MAXLWPS);
3678 		return;
3679 	case PT_MAXPROCS:
3680 		remove_aliased_rctl(PT_MAXPROCS, ALIAS_MAXPROCS);
3681 		return;
3682 	case PT_MAXSHMMEM:
3683 		remove_aliased_rctl(PT_MAXSHMMEM, ALIAS_MAXSHMMEM);
3684 		return;
3685 	case PT_MAXSHMIDS:
3686 		remove_aliased_rctl(PT_MAXSHMIDS, ALIAS_MAXSHMIDS);
3687 		return;
3688 	case PT_MAXMSGIDS:
3689 		remove_aliased_rctl(PT_MAXMSGIDS, ALIAS_MAXMSGIDS);
3690 		return;
3691 	case PT_MAXSEMIDS:
3692 		remove_aliased_rctl(PT_MAXSEMIDS, ALIAS_MAXSEMIDS);
3693 		return;
3694 	case PT_SHARES:
3695 		remove_aliased_rctl(PT_SHARES, ALIAS_SHARES);
3696 		return;
3697 	case PT_HOSTID:
3698 		if ((err = zonecfg_set_hostid(handle, NULL)) != Z_OK)
3699 			z_cmd_rt_perror(CMD_CLEAR, RT_HOSTID, err, B_TRUE);
3700 		else
3701 			need_to_commit = B_TRUE;
3702 		return;
3703 	case PT_FS_ALLOWED:
3704 		if ((err = zonecfg_set_fs_allowed(handle, NULL)) != Z_OK)
3705 			z_cmd_rt_perror(CMD_CLEAR, RT_FS_ALLOWED, err, B_TRUE);
3706 		else
3707 			need_to_commit = B_TRUE;
3708 		return;
3709 	default:
3710 		zone_perror(pt_to_str(type), Z_NO_PROPERTY_TYPE, B_TRUE);
3711 		long_usage(CMD_CLEAR, B_TRUE);
3712 		usage(B_FALSE, HELP_PROPS);
3713 		return;
3714 	}
3715 }
3716 
3717 void
clear_func(cmd_t * cmd)3718 clear_func(cmd_t *cmd)
3719 {
3720 	if (zone_is_read_only(CMD_CLEAR))
3721 		return;
3722 
3723 	assert(cmd != NULL);
3724 
3725 	if (global_scope) {
3726 		if (gz_invalid_property(cmd->cmd_res_type)) {
3727 			zerr(gettext("%s is not a valid property for the "
3728 			    "global zone."), pt_to_str(cmd->cmd_res_type));
3729 			saw_error = B_TRUE;
3730 			return;
3731 		}
3732 
3733 		clear_global(cmd);
3734 	} else {
3735 		clear_property(cmd);
3736 	}
3737 }
3738 
3739 void
select_func(cmd_t * cmd)3740 select_func(cmd_t *cmd)
3741 {
3742 	int type, err, res;
3743 	uint64_t limit;
3744 	uint64_t tmp;
3745 
3746 	if (zone_is_read_only(CMD_SELECT))
3747 		return;
3748 
3749 	assert(cmd != NULL);
3750 
3751 	if (global_scope) {
3752 		global_scope = B_FALSE;
3753 		resource_scope = cmd->cmd_res_type;
3754 		end_op = CMD_SELECT;
3755 	} else {
3756 		scope_usage(CMD_SELECT);
3757 		return;
3758 	}
3759 
3760 	if ((type = cmd->cmd_res_type) == RT_UNKNOWN) {
3761 		long_usage(CMD_SELECT, B_TRUE);
3762 		return;
3763 	}
3764 
3765 	if (initialize(B_TRUE) != Z_OK)
3766 		return;
3767 
3768 	switch (type) {
3769 	case RT_FS:
3770 		if ((err = fill_in_fstab(cmd, &old_fstab, B_FALSE)) != Z_OK) {
3771 			z_cmd_rt_perror(CMD_SELECT, RT_FS, err, B_TRUE);
3772 			global_scope = B_TRUE;
3773 		}
3774 		bcopy(&old_fstab, &in_progress_fstab,
3775 		    sizeof (struct zone_fstab));
3776 		return;
3777 	case RT_NET:
3778 		if ((err = fill_in_nwiftab(cmd, &old_nwiftab, B_FALSE))
3779 		    != Z_OK) {
3780 			z_cmd_rt_perror(CMD_SELECT, RT_NET, err, B_TRUE);
3781 			global_scope = B_TRUE;
3782 		}
3783 		bcopy(&old_nwiftab, &in_progress_nwiftab,
3784 		    sizeof (struct zone_nwiftab));
3785 		return;
3786 	case RT_DEVICE:
3787 		if ((err = fill_in_devtab(cmd, &old_devtab, B_FALSE)) != Z_OK) {
3788 			z_cmd_rt_perror(CMD_SELECT, RT_DEVICE, err, B_TRUE);
3789 			global_scope = B_TRUE;
3790 		}
3791 		bcopy(&old_devtab, &in_progress_devtab,
3792 		    sizeof (struct zone_devtab));
3793 		return;
3794 	case RT_RCTL:
3795 		if ((err = fill_in_rctltab(cmd, &old_rctltab, B_FALSE))
3796 		    != Z_OK) {
3797 			z_cmd_rt_perror(CMD_SELECT, RT_RCTL, err, B_TRUE);
3798 			global_scope = B_TRUE;
3799 		}
3800 		bcopy(&old_rctltab, &in_progress_rctltab,
3801 		    sizeof (struct zone_rctltab));
3802 		return;
3803 	case RT_ATTR:
3804 		if ((err = fill_in_attrtab(cmd, &old_attrtab, B_FALSE))
3805 		    != Z_OK) {
3806 			z_cmd_rt_perror(CMD_SELECT, RT_ATTR, err, B_TRUE);
3807 			global_scope = B_TRUE;
3808 		}
3809 		bcopy(&old_attrtab, &in_progress_attrtab,
3810 		    sizeof (struct zone_attrtab));
3811 		return;
3812 	case RT_DATASET:
3813 		if ((err = fill_in_dstab(cmd, &old_dstab, B_FALSE)) != Z_OK) {
3814 			z_cmd_rt_perror(CMD_SELECT, RT_DATASET, err, B_TRUE);
3815 			global_scope = B_TRUE;
3816 		}
3817 		bcopy(&old_dstab, &in_progress_dstab,
3818 		    sizeof (struct zone_dstab));
3819 		return;
3820 	case RT_DCPU:
3821 		if ((err = zonecfg_lookup_pset(handle, &old_psettab)) != Z_OK) {
3822 			z_cmd_rt_perror(CMD_SELECT, RT_DCPU, err, B_TRUE);
3823 			global_scope = B_TRUE;
3824 		}
3825 		bcopy(&old_psettab, &in_progress_psettab,
3826 		    sizeof (struct zone_psettab));
3827 		return;
3828 	case RT_PCAP:
3829 		if ((err = zonecfg_get_aliased_rctl(handle, ALIAS_CPUCAP, &tmp))
3830 		    != Z_OK) {
3831 			z_cmd_rt_perror(CMD_SELECT, RT_PCAP, err, B_TRUE);
3832 			global_scope = B_TRUE;
3833 		}
3834 		return;
3835 	case RT_MCAP:
3836 		/* if none of these exist, there is no resource to select */
3837 		if ((res = zonecfg_lookup_mcap(handle, &old_mcaptab)) != Z_OK &&
3838 		    zonecfg_get_aliased_rctl(handle, ALIAS_MAXSWAP, &limit)
3839 		    != Z_OK &&
3840 		    zonecfg_get_aliased_rctl(handle, ALIAS_MAXLOCKEDMEM, &limit)
3841 		    != Z_OK) {
3842 			z_cmd_rt_perror(CMD_SELECT, RT_MCAP, Z_NO_RESOURCE_TYPE,
3843 			    B_TRUE);
3844 			global_scope = B_TRUE;
3845 		}
3846 		if (res == Z_OK)
3847 			bcopy(&old_mcaptab, &in_progress_mcaptab,
3848 			    sizeof (struct zone_mcaptab));
3849 		else
3850 			bzero(&in_progress_mcaptab,
3851 			    sizeof (in_progress_mcaptab));
3852 		return;
3853 	case RT_ADMIN:
3854 		if ((err = fill_in_admintab(cmd, &old_admintab, B_FALSE))
3855 		    != Z_OK) {
3856 			z_cmd_rt_perror(CMD_SELECT, RT_ADMIN, err,
3857 			    B_TRUE);
3858 			global_scope = B_TRUE;
3859 		}
3860 		bcopy(&old_admintab, &in_progress_admintab,
3861 		    sizeof (struct zone_admintab));
3862 		return;
3863 	default:
3864 		zone_perror(rt_to_str(type), Z_NO_RESOURCE_TYPE, B_TRUE);
3865 		long_usage(CMD_SELECT, B_TRUE);
3866 		usage(B_FALSE, HELP_RESOURCES);
3867 		return;
3868 	}
3869 }
3870 
3871 /*
3872  * Network "addresses" can be one of the following forms:
3873  *	<IPv4 address>
3874  *	<IPv4 address>/<prefix length>
3875  *	<IPv6 address>/<prefix length>
3876  *	<host name>
3877  *	<host name>/<prefix length>
3878  * In other words, the "/" followed by a prefix length is allowed but not
3879  * required for IPv4 addresses and host names, and required for IPv6 addresses.
3880  * If a prefix length is given, it must be in the allowable range: 0 to 32 for
3881  * IPv4 addresses and host names, 0 to 128 for IPv6 addresses.
3882  * Host names must start with an alpha-numeric character, and all subsequent
3883  * characters must be either alpha-numeric or "-".
3884  *
3885  * In some cases, e.g., the nexthop for the defrouter, the context indicates
3886  * that this is the IPV4_ABITS or IPV6_ABITS netmask, in which case we don't
3887  * require the /<prefix length> (and should ignore it if provided).
3888  */
3889 
3890 static int
validate_net_address_syntax(char * address,boolean_t ishost)3891 validate_net_address_syntax(char *address, boolean_t ishost)
3892 {
3893 	char *slashp, part1[MAXHOSTNAMELEN];
3894 	struct in6_addr in6;
3895 	struct in_addr in4;
3896 	int prefixlen, i;
3897 
3898 	/*
3899 	 * Copy the part before any '/' into part1 or copy the whole
3900 	 * thing if there is no '/'.
3901 	 */
3902 	if ((slashp = strchr(address, '/')) != NULL) {
3903 		*slashp = '\0';
3904 		(void) strlcpy(part1, address, sizeof (part1));
3905 		*slashp = '/';
3906 		prefixlen = atoi(++slashp);
3907 	} else {
3908 		(void) strlcpy(part1, address, sizeof (part1));
3909 	}
3910 
3911 	if (ishost && slashp != NULL) {
3912 		zerr(gettext("Warning: prefix length in %s is not required and "
3913 		    "will be ignored. The default host-prefix length "
3914 		    "will be used"), address);
3915 	}
3916 
3917 
3918 	if (inet_pton(AF_INET6, part1, &in6) == 1) {
3919 		if (ishost) {
3920 			prefixlen = IPV6_ABITS;
3921 		} else if (slashp == NULL) {
3922 			zerr(gettext("%s: IPv6 addresses "
3923 			    "require /prefix-length suffix."), address);
3924 			return (Z_ERR);
3925 		}
3926 		if (prefixlen < 0 || prefixlen > 128) {
3927 			zerr(gettext("%s: IPv6 address "
3928 			    "prefix lengths must be 0 - 128."), address);
3929 			return (Z_ERR);
3930 		}
3931 		return (Z_OK);
3932 	}
3933 
3934 	/* At this point, any /prefix must be for IPv4. */
3935 	if (ishost)
3936 		prefixlen = IPV4_ABITS;
3937 	else if (slashp != NULL) {
3938 		if (prefixlen < 0 || prefixlen > 32) {
3939 			zerr(gettext("%s: IPv4 address "
3940 			    "prefix lengths must be 0 - 32."), address);
3941 			return (Z_ERR);
3942 		}
3943 	}
3944 
3945 	if (inet_pton(AF_INET, part1, &in4) == 1)
3946 		return (Z_OK);
3947 
3948 	/* address may also be a host name */
3949 	if (!isalnum(part1[0])) {
3950 		zerr(gettext("%s: bogus host name or network address syntax"),
3951 		    part1);
3952 		saw_error = B_TRUE;
3953 		usage(B_FALSE, HELP_NETADDR);
3954 		return (Z_ERR);
3955 	}
3956 	for (i = 1; part1[i]; i++)
3957 		if (!isalnum(part1[i]) && part1[i] != '-' && part1[i] != '.') {
3958 			zerr(gettext("%s: bogus host name or "
3959 			    "network address syntax"), part1);
3960 			saw_error = B_TRUE;
3961 			usage(B_FALSE, HELP_NETADDR);
3962 			return (Z_ERR);
3963 		}
3964 	return (Z_OK);
3965 }
3966 
3967 static int
validate_net_physical_syntax(const char * ifname)3968 validate_net_physical_syntax(const char *ifname)
3969 {
3970 	ifspec_t ifnameprop;
3971 	zone_iptype_t iptype;
3972 
3973 	if (zonecfg_get_iptype(handle, &iptype) != Z_OK) {
3974 		zerr(gettext("zone configuration has an invalid or nonexistent "
3975 		    "ip-type property"));
3976 		return (Z_ERR);
3977 	}
3978 	switch (iptype) {
3979 	case ZS_SHARED:
3980 		if (ifparse_ifspec(ifname, &ifnameprop) == B_FALSE) {
3981 			zerr(gettext("%s: invalid physical interface name"),
3982 			    ifname);
3983 			return (Z_ERR);
3984 		}
3985 		if (ifnameprop.ifsp_lunvalid) {
3986 			zerr(gettext("%s: LUNs not allowed in physical "
3987 			    "interface names"), ifname);
3988 			return (Z_ERR);
3989 		}
3990 		break;
3991 	case ZS_EXCLUSIVE:
3992 		if (dladm_valid_linkname(ifname) == B_FALSE) {
3993 			if (strchr(ifname, ':') != NULL)
3994 				zerr(gettext("%s: physical interface name "
3995 				    "required; logical interface name not "
3996 				    "allowed"), ifname);
3997 			else
3998 				zerr(gettext("%s: invalid physical interface "
3999 				    "name"), ifname);
4000 			return (Z_ERR);
4001 		}
4002 		break;
4003 	}
4004 	return (Z_OK);
4005 }
4006 
4007 static boolean_t
valid_fs_type(const char * type)4008 valid_fs_type(const char *type)
4009 {
4010 	/*
4011 	 * Is this a valid path component?
4012 	 */
4013 	if (strlen(type) + 1 > MAXNAMELEN)
4014 		return (B_FALSE);
4015 	/*
4016 	 * Make sure a bad value for "type" doesn't make
4017 	 * /usr/lib/fs/<type>/mount turn into something else.
4018 	 */
4019 	if (strchr(type, '/') != NULL || type[0] == '\0' ||
4020 	    strcmp(type, ".") == 0 || strcmp(type, "..") == 0)
4021 		return (B_FALSE);
4022 	/*
4023 	 * More detailed verification happens later by zoneadm(1m).
4024 	 */
4025 	return (B_TRUE);
4026 }
4027 
4028 static boolean_t
allow_exclusive()4029 allow_exclusive()
4030 {
4031 	brand_handle_t	bh;
4032 	char		brand[MAXNAMELEN];
4033 	boolean_t	ret;
4034 
4035 	if (zonecfg_get_brand(handle, brand, sizeof (brand)) != Z_OK) {
4036 		zerr("%s: %s\n", zone, gettext("could not get zone brand"));
4037 		return (B_FALSE);
4038 	}
4039 	if ((bh = brand_open(brand)) == NULL) {
4040 		zerr("%s: %s\n", zone, gettext("unknown brand."));
4041 		return (B_FALSE);
4042 	}
4043 	ret = brand_allow_exclusive_ip(bh);
4044 	brand_close(bh);
4045 	if (!ret)
4046 		zerr(gettext("%s cannot be '%s' when %s is '%s'."),
4047 		    pt_to_str(PT_IPTYPE), "exclusive",
4048 		    pt_to_str(PT_BRAND), brand);
4049 	return (ret);
4050 }
4051 
4052 static void
set_aliased_rctl(char * alias,int prop_type,char * s)4053 set_aliased_rctl(char *alias, int prop_type, char *s)
4054 {
4055 	uint64_t limit;
4056 	int err;
4057 	char tmp[128];
4058 
4059 	if (global_zone && strcmp(alias, ALIAS_SHARES) != 0)
4060 		zerr(gettext("WARNING: Setting a global zone resource "
4061 		    "control too low could deny\nservice "
4062 		    "to even the root user; "
4063 		    "this could render the system impossible\n"
4064 		    "to administer.  Please use caution."));
4065 
4066 	/* convert memory based properties */
4067 	if (prop_type == PT_MAXSHMMEM) {
4068 		if (!zonecfg_valid_memlimit(s, &limit)) {
4069 			zerr(gettext("A non-negative number with a required "
4070 			    "scale suffix (K, M, G or T) was expected\nhere."));
4071 			saw_error = B_TRUE;
4072 			return;
4073 		}
4074 
4075 		(void) snprintf(tmp, sizeof (tmp), "%llu", limit);
4076 		s = tmp;
4077 	}
4078 
4079 	if (!zonecfg_aliased_rctl_ok(handle, alias)) {
4080 		zone_perror(pt_to_str(prop_type), Z_ALIAS_DISALLOW, B_FALSE);
4081 		saw_error = B_TRUE;
4082 	} else if (!zonecfg_valid_alias_limit(alias, s, &limit)) {
4083 		zerr(gettext("%s property is out of range."),
4084 		    pt_to_str(prop_type));
4085 		saw_error = B_TRUE;
4086 	} else if ((err = zonecfg_set_aliased_rctl(handle, alias, limit))
4087 	    != Z_OK) {
4088 		zone_perror(zone, err, B_TRUE);
4089 		saw_error = B_TRUE;
4090 	} else {
4091 		need_to_commit = B_TRUE;
4092 	}
4093 }
4094 
4095 static void
set_in_progress_nwiftab_address(char * prop_id,int prop_type)4096 set_in_progress_nwiftab_address(char *prop_id, int prop_type)
4097 {
4098 	if (prop_type == PT_ADDRESS) {
4099 		(void) strlcpy(in_progress_nwiftab.zone_nwif_address, prop_id,
4100 		    sizeof (in_progress_nwiftab.zone_nwif_address));
4101 	} else {
4102 		assert(prop_type == PT_ALLOWED_ADDRESS);
4103 		(void) strlcpy(in_progress_nwiftab.zone_nwif_allowed_address,
4104 		    prop_id,
4105 		    sizeof (in_progress_nwiftab.zone_nwif_allowed_address));
4106 	}
4107 }
4108 
4109 void
set_func(cmd_t * cmd)4110 set_func(cmd_t *cmd)
4111 {
4112 	char *prop_id;
4113 	int arg, err, res_type, prop_type;
4114 	property_value_ptr_t pp;
4115 	boolean_t autoboot;
4116 	zone_iptype_t iptype;
4117 	boolean_t force_set = B_FALSE;
4118 	size_t physmem_size = sizeof (in_progress_mcaptab.zone_physmem_cap);
4119 	uint64_t mem_cap, mem_limit;
4120 	float cap;
4121 	char *unitp;
4122 	struct zone_psettab tmp_psettab;
4123 	boolean_t arg_err = B_FALSE;
4124 
4125 	if (zone_is_read_only(CMD_SET))
4126 		return;
4127 
4128 	assert(cmd != NULL);
4129 
4130 	optind = opterr = 0;
4131 	while ((arg = getopt(cmd->cmd_argc, cmd->cmd_argv, "F")) != EOF) {
4132 		switch (arg) {
4133 		case 'F':
4134 			force_set = B_TRUE;
4135 			break;
4136 		default:
4137 			if (optopt == '?')
4138 				longer_usage(CMD_SET);
4139 			else
4140 				short_usage(CMD_SET);
4141 			arg_err = B_TRUE;
4142 			break;
4143 		}
4144 	}
4145 	if (arg_err)
4146 		return;
4147 
4148 	prop_type = cmd->cmd_prop_name[0];
4149 	if (global_scope) {
4150 		if (gz_invalid_property(prop_type)) {
4151 			zerr(gettext("%s is not a valid property for the "
4152 			    "global zone."), pt_to_str(prop_type));
4153 			saw_error = B_TRUE;
4154 			return;
4155 		}
4156 
4157 		if (prop_type == PT_ZONENAME) {
4158 			res_type = RT_ZONENAME;
4159 		} else if (prop_type == PT_ZONEPATH) {
4160 			res_type = RT_ZONEPATH;
4161 		} else if (prop_type == PT_AUTOBOOT) {
4162 			res_type = RT_AUTOBOOT;
4163 		} else if (prop_type == PT_BRAND) {
4164 			res_type = RT_BRAND;
4165 		} else if (prop_type == PT_POOL) {
4166 			res_type = RT_POOL;
4167 		} else if (prop_type == PT_LIMITPRIV) {
4168 			res_type = RT_LIMITPRIV;
4169 		} else if (prop_type == PT_BOOTARGS) {
4170 			res_type = RT_BOOTARGS;
4171 		} else if (prop_type == PT_SCHED) {
4172 			res_type = RT_SCHED;
4173 		} else if (prop_type == PT_IPTYPE) {
4174 			res_type = RT_IPTYPE;
4175 		} else if (prop_type == PT_MAXLWPS) {
4176 			res_type = RT_MAXLWPS;
4177 		} else if (prop_type == PT_MAXPROCS) {
4178 			res_type = RT_MAXPROCS;
4179 		} else if (prop_type == PT_MAXSHMMEM) {
4180 			res_type = RT_MAXSHMMEM;
4181 		} else if (prop_type == PT_MAXSHMIDS) {
4182 			res_type = RT_MAXSHMIDS;
4183 		} else if (prop_type == PT_MAXMSGIDS) {
4184 			res_type = RT_MAXMSGIDS;
4185 		} else if (prop_type == PT_MAXSEMIDS) {
4186 			res_type = RT_MAXSEMIDS;
4187 		} else if (prop_type == PT_SHARES) {
4188 			res_type = RT_SHARES;
4189 		} else if (prop_type == PT_HOSTID) {
4190 			res_type = RT_HOSTID;
4191 		} else if (prop_type == PT_FS_ALLOWED) {
4192 			res_type = RT_FS_ALLOWED;
4193 		} else {
4194 			zerr(gettext("Cannot set a resource-specific property "
4195 			    "from the global scope."));
4196 			saw_error = B_TRUE;
4197 			return;
4198 		}
4199 	} else {
4200 		res_type = resource_scope;
4201 	}
4202 
4203 	if (force_set) {
4204 		if (res_type != RT_ZONEPATH) {
4205 			zerr(gettext("Only zonepath setting can be forced."));
4206 			saw_error = B_TRUE;
4207 			return;
4208 		}
4209 		if (!zonecfg_in_alt_root()) {
4210 			zerr(gettext("Zonepath is changeable only in an "
4211 			    "alternate root."));
4212 			saw_error = B_TRUE;
4213 			return;
4214 		}
4215 	}
4216 
4217 	pp = cmd->cmd_property_ptr[0];
4218 	/*
4219 	 * A nasty expression but not that complicated:
4220 	 * 1. fs options are simple or list (tested below)
4221 	 * 2. rctl value's are complex or list (tested below)
4222 	 * Anything else should be simple.
4223 	 */
4224 	if (!(res_type == RT_FS && prop_type == PT_OPTIONS) &&
4225 	    !(res_type == RT_RCTL && prop_type == PT_VALUE) &&
4226 	    (pp->pv_type != PROP_VAL_SIMPLE ||
4227 	    (prop_id = pp->pv_simple) == NULL)) {
4228 		zerr(gettext("A %s value was expected here."),
4229 		    pvt_to_str(PROP_VAL_SIMPLE));
4230 		saw_error = B_TRUE;
4231 		return;
4232 	}
4233 	if (prop_type == PT_UNKNOWN) {
4234 		long_usage(CMD_SET, B_TRUE);
4235 		return;
4236 	}
4237 
4238 	/*
4239 	 * Special case: the user can change the zone name prior to 'create';
4240 	 * if the zone already exists, we fall through letting initialize()
4241 	 * and the rest of the logic run.
4242 	 */
4243 	if (res_type == RT_ZONENAME && got_handle == B_FALSE &&
4244 	    !state_atleast(ZONE_STATE_CONFIGURED)) {
4245 		if ((err = zonecfg_validate_zonename(prop_id)) != Z_OK) {
4246 			zone_perror(prop_id, err, B_TRUE);
4247 			usage(B_FALSE, HELP_SYNTAX);
4248 			return;
4249 		}
4250 		(void) strlcpy(zone, prop_id, sizeof (zone));
4251 		return;
4252 	}
4253 
4254 	if (initialize(B_TRUE) != Z_OK)
4255 		return;
4256 
4257 	switch (res_type) {
4258 	case RT_ZONENAME:
4259 		if ((err = zonecfg_set_name(handle, prop_id)) != Z_OK) {
4260 			/*
4261 			 * Use prop_id instead of 'zone' here, since we're
4262 			 * reporting a problem about the *new* zonename.
4263 			 */
4264 			zone_perror(prop_id, err, B_TRUE);
4265 			usage(B_FALSE, HELP_SYNTAX);
4266 		} else {
4267 			need_to_commit = B_TRUE;
4268 			(void) strlcpy(zone, prop_id, sizeof (zone));
4269 		}
4270 		return;
4271 	case RT_ZONEPATH:
4272 		if (!force_set && state_atleast(ZONE_STATE_INSTALLED)) {
4273 			zerr(gettext("Zone %s already installed; %s %s not "
4274 			    "allowed."), zone, cmd_to_str(CMD_SET),
4275 			    rt_to_str(RT_ZONEPATH));
4276 			return;
4277 		}
4278 		if (validate_zonepath_syntax(prop_id) != Z_OK) {
4279 			saw_error = B_TRUE;
4280 			return;
4281 		}
4282 		if ((err = zonecfg_set_zonepath(handle, prop_id)) != Z_OK)
4283 			zone_perror(zone, err, B_TRUE);
4284 		else
4285 			need_to_commit = B_TRUE;
4286 		return;
4287 	case RT_BRAND:
4288 		if (state_atleast(ZONE_STATE_INSTALLED)) {
4289 			zerr(gettext("Zone %s already installed; %s %s not "
4290 			    "allowed."), zone, cmd_to_str(CMD_SET),
4291 			    rt_to_str(RT_BRAND));
4292 			return;
4293 		}
4294 		if ((err = zonecfg_set_brand(handle, prop_id)) != Z_OK)
4295 			zone_perror(zone, err, B_TRUE);
4296 		else
4297 			need_to_commit = B_TRUE;
4298 		return;
4299 	case RT_AUTOBOOT:
4300 		if (strcmp(prop_id, "true") == 0) {
4301 			autoboot = B_TRUE;
4302 		} else if (strcmp(prop_id, "false") == 0) {
4303 			autoboot = B_FALSE;
4304 		} else {
4305 			zerr(gettext("%s value must be '%s' or '%s'."),
4306 			    pt_to_str(PT_AUTOBOOT), "true", "false");
4307 			saw_error = B_TRUE;
4308 			return;
4309 		}
4310 		if ((err = zonecfg_set_autoboot(handle, autoboot)) != Z_OK)
4311 			zone_perror(zone, err, B_TRUE);
4312 		else
4313 			need_to_commit = B_TRUE;
4314 		return;
4315 	case RT_POOL:
4316 		/* don't allow use of the reserved temporary pool names */
4317 		if (strncmp("SUNW", prop_id, 4) == 0) {
4318 			zerr(gettext("pool names starting with SUNW are "
4319 			    "reserved."));
4320 			saw_error = B_TRUE;
4321 			return;
4322 		}
4323 
4324 		/* can't set pool if dedicated-cpu exists */
4325 		if (zonecfg_lookup_pset(handle, &tmp_psettab) == Z_OK) {
4326 			zerr(gettext("The %s resource already exists.  "
4327 			    "A persistent pool is incompatible\nwith the %s "
4328 			    "resource."), rt_to_str(RT_DCPU),
4329 			    rt_to_str(RT_DCPU));
4330 			saw_error = B_TRUE;
4331 			return;
4332 		}
4333 
4334 		if ((err = zonecfg_set_pool(handle, prop_id)) != Z_OK)
4335 			zone_perror(zone, err, B_TRUE);
4336 		else
4337 			need_to_commit = B_TRUE;
4338 		return;
4339 	case RT_LIMITPRIV:
4340 		if ((err = zonecfg_set_limitpriv(handle, prop_id)) != Z_OK)
4341 			zone_perror(zone, err, B_TRUE);
4342 		else
4343 			need_to_commit = B_TRUE;
4344 		return;
4345 	case RT_BOOTARGS:
4346 		if ((err = zonecfg_set_bootargs(handle, prop_id)) != Z_OK)
4347 			zone_perror(zone, err, B_TRUE);
4348 		else
4349 			need_to_commit = B_TRUE;
4350 		return;
4351 	case RT_SCHED:
4352 		if ((err = zonecfg_set_sched(handle, prop_id)) != Z_OK)
4353 			zone_perror(zone, err, B_TRUE);
4354 		else
4355 			need_to_commit = B_TRUE;
4356 		return;
4357 	case RT_IPTYPE:
4358 		if (strcmp(prop_id, "shared") == 0) {
4359 			iptype = ZS_SHARED;
4360 		} else if (strcmp(prop_id, "exclusive") == 0) {
4361 			iptype = ZS_EXCLUSIVE;
4362 		} else {
4363 			zerr(gettext("%s value must be '%s' or '%s'."),
4364 			    pt_to_str(PT_IPTYPE), "shared", "exclusive");
4365 			saw_error = B_TRUE;
4366 			return;
4367 		}
4368 		if (iptype == ZS_EXCLUSIVE && !allow_exclusive()) {
4369 			saw_error = B_TRUE;
4370 			return;
4371 		}
4372 		if ((err = zonecfg_set_iptype(handle, iptype)) != Z_OK)
4373 			zone_perror(zone, err, B_TRUE);
4374 		else
4375 			need_to_commit = B_TRUE;
4376 		return;
4377 	case RT_MAXLWPS:
4378 		set_aliased_rctl(ALIAS_MAXLWPS, prop_type, prop_id);
4379 		return;
4380 	case RT_MAXPROCS:
4381 		set_aliased_rctl(ALIAS_MAXPROCS, prop_type, prop_id);
4382 		return;
4383 	case RT_MAXSHMMEM:
4384 		set_aliased_rctl(ALIAS_MAXSHMMEM, prop_type, prop_id);
4385 		return;
4386 	case RT_MAXSHMIDS:
4387 		set_aliased_rctl(ALIAS_MAXSHMIDS, prop_type, prop_id);
4388 		return;
4389 	case RT_MAXMSGIDS:
4390 		set_aliased_rctl(ALIAS_MAXMSGIDS, prop_type, prop_id);
4391 		return;
4392 	case RT_MAXSEMIDS:
4393 		set_aliased_rctl(ALIAS_MAXSEMIDS, prop_type, prop_id);
4394 		return;
4395 	case RT_SHARES:
4396 		set_aliased_rctl(ALIAS_SHARES, prop_type, prop_id);
4397 		return;
4398 	case RT_HOSTID:
4399 		if ((err = zonecfg_set_hostid(handle, prop_id)) != Z_OK) {
4400 			if (err == Z_TOO_BIG) {
4401 				zerr(gettext("hostid string is too large: %s"),
4402 				    prop_id);
4403 				saw_error = B_TRUE;
4404 			} else {
4405 				zone_perror(pt_to_str(prop_type), err, B_TRUE);
4406 			}
4407 			return;
4408 		}
4409 		need_to_commit = B_TRUE;
4410 		return;
4411 	case RT_FS_ALLOWED:
4412 		if ((err = zonecfg_set_fs_allowed(handle, prop_id)) != Z_OK)
4413 			zone_perror(zone, err, B_TRUE);
4414 		else
4415 			need_to_commit = B_TRUE;
4416 		return;
4417 	case RT_FS:
4418 		switch (prop_type) {
4419 		case PT_DIR:
4420 			(void) strlcpy(in_progress_fstab.zone_fs_dir, prop_id,
4421 			    sizeof (in_progress_fstab.zone_fs_dir));
4422 			return;
4423 		case PT_SPECIAL:
4424 			(void) strlcpy(in_progress_fstab.zone_fs_special,
4425 			    prop_id,
4426 			    sizeof (in_progress_fstab.zone_fs_special));
4427 			return;
4428 		case PT_RAW:
4429 			(void) strlcpy(in_progress_fstab.zone_fs_raw,
4430 			    prop_id, sizeof (in_progress_fstab.zone_fs_raw));
4431 			return;
4432 		case PT_TYPE:
4433 			if (!valid_fs_type(prop_id)) {
4434 				zerr(gettext("\"%s\" is not a valid %s."),
4435 				    prop_id, pt_to_str(PT_TYPE));
4436 				saw_error = B_TRUE;
4437 				return;
4438 			}
4439 			(void) strlcpy(in_progress_fstab.zone_fs_type, prop_id,
4440 			    sizeof (in_progress_fstab.zone_fs_type));
4441 			return;
4442 		case PT_OPTIONS:
4443 			if (pp->pv_type != PROP_VAL_SIMPLE &&
4444 			    pp->pv_type != PROP_VAL_LIST) {
4445 				zerr(gettext("A %s or %s value was expected "
4446 				    "here."), pvt_to_str(PROP_VAL_SIMPLE),
4447 				    pvt_to_str(PROP_VAL_LIST));
4448 				saw_error = B_TRUE;
4449 				return;
4450 			}
4451 			zonecfg_free_fs_option_list(
4452 			    in_progress_fstab.zone_fs_options);
4453 			in_progress_fstab.zone_fs_options = NULL;
4454 			if (!(pp->pv_type == PROP_VAL_LIST &&
4455 			    pp->pv_list == NULL))
4456 				add_property(cmd);
4457 			return;
4458 		default:
4459 			break;
4460 		}
4461 		zone_perror(pt_to_str(prop_type), Z_NO_PROPERTY_TYPE, B_TRUE);
4462 		long_usage(CMD_SET, B_TRUE);
4463 		usage(B_FALSE, HELP_PROPS);
4464 		return;
4465 	case RT_NET:
4466 		switch (prop_type) {
4467 		case PT_ADDRESS:
4468 		case PT_ALLOWED_ADDRESS:
4469 			if (validate_net_address_syntax(prop_id, B_FALSE)
4470 			    != Z_OK) {
4471 				saw_error = B_TRUE;
4472 				return;
4473 			}
4474 			set_in_progress_nwiftab_address(prop_id, prop_type);
4475 			break;
4476 		case PT_PHYSICAL:
4477 			if (validate_net_physical_syntax(prop_id) != Z_OK) {
4478 				saw_error = B_TRUE;
4479 				return;
4480 			}
4481 			(void) strlcpy(in_progress_nwiftab.zone_nwif_physical,
4482 			    prop_id,
4483 			    sizeof (in_progress_nwiftab.zone_nwif_physical));
4484 			break;
4485 		case PT_DEFROUTER:
4486 			if (validate_net_address_syntax(prop_id, B_TRUE)
4487 			    != Z_OK) {
4488 				saw_error = B_TRUE;
4489 				return;
4490 			}
4491 			(void) strlcpy(in_progress_nwiftab.zone_nwif_defrouter,
4492 			    prop_id,
4493 			    sizeof (in_progress_nwiftab.zone_nwif_defrouter));
4494 			break;
4495 		default:
4496 			zone_perror(pt_to_str(prop_type), Z_NO_PROPERTY_TYPE,
4497 			    B_TRUE);
4498 			long_usage(CMD_SET, B_TRUE);
4499 			usage(B_FALSE, HELP_PROPS);
4500 			return;
4501 		}
4502 		return;
4503 	case RT_DEVICE:
4504 		switch (prop_type) {
4505 		case PT_MATCH:
4506 			(void) strlcpy(in_progress_devtab.zone_dev_match,
4507 			    prop_id,
4508 			    sizeof (in_progress_devtab.zone_dev_match));
4509 			break;
4510 		default:
4511 			zone_perror(pt_to_str(prop_type), Z_NO_PROPERTY_TYPE,
4512 			    B_TRUE);
4513 			long_usage(CMD_SET, B_TRUE);
4514 			usage(B_FALSE, HELP_PROPS);
4515 			return;
4516 		}
4517 		return;
4518 	case RT_RCTL:
4519 		switch (prop_type) {
4520 		case PT_NAME:
4521 			if (!zonecfg_valid_rctlname(prop_id)) {
4522 				zerr(gettext("'%s' is not a valid zone %s "
4523 				    "name."), prop_id, rt_to_str(RT_RCTL));
4524 				return;
4525 			}
4526 			(void) strlcpy(in_progress_rctltab.zone_rctl_name,
4527 			    prop_id,
4528 			    sizeof (in_progress_rctltab.zone_rctl_name));
4529 			break;
4530 		case PT_VALUE:
4531 			if (pp->pv_type != PROP_VAL_COMPLEX &&
4532 			    pp->pv_type != PROP_VAL_LIST) {
4533 				zerr(gettext("A %s or %s value was expected "
4534 				    "here."), pvt_to_str(PROP_VAL_COMPLEX),
4535 				    pvt_to_str(PROP_VAL_LIST));
4536 				saw_error = B_TRUE;
4537 				return;
4538 			}
4539 			zonecfg_free_rctl_value_list(
4540 			    in_progress_rctltab.zone_rctl_valptr);
4541 			in_progress_rctltab.zone_rctl_valptr = NULL;
4542 			if (!(pp->pv_type == PROP_VAL_LIST &&
4543 			    pp->pv_list == NULL))
4544 				add_property(cmd);
4545 			break;
4546 		default:
4547 			zone_perror(pt_to_str(prop_type), Z_NO_PROPERTY_TYPE,
4548 			    B_TRUE);
4549 			long_usage(CMD_SET, B_TRUE);
4550 			usage(B_FALSE, HELP_PROPS);
4551 			return;
4552 		}
4553 		return;
4554 	case RT_ATTR:
4555 		switch (prop_type) {
4556 		case PT_NAME:
4557 			(void) strlcpy(in_progress_attrtab.zone_attr_name,
4558 			    prop_id,
4559 			    sizeof (in_progress_attrtab.zone_attr_name));
4560 			break;
4561 		case PT_TYPE:
4562 			(void) strlcpy(in_progress_attrtab.zone_attr_type,
4563 			    prop_id,
4564 			    sizeof (in_progress_attrtab.zone_attr_type));
4565 			break;
4566 		case PT_VALUE:
4567 			(void) strlcpy(in_progress_attrtab.zone_attr_value,
4568 			    prop_id,
4569 			    sizeof (in_progress_attrtab.zone_attr_value));
4570 			break;
4571 		default:
4572 			zone_perror(pt_to_str(prop_type), Z_NO_PROPERTY_TYPE,
4573 			    B_TRUE);
4574 			long_usage(CMD_SET, B_TRUE);
4575 			usage(B_FALSE, HELP_PROPS);
4576 			return;
4577 		}
4578 		return;
4579 	case RT_DATASET:
4580 		switch (prop_type) {
4581 		case PT_NAME:
4582 			(void) strlcpy(in_progress_dstab.zone_dataset_name,
4583 			    prop_id,
4584 			    sizeof (in_progress_dstab.zone_dataset_name));
4585 			return;
4586 		default:
4587 			break;
4588 		}
4589 		zone_perror(pt_to_str(prop_type), Z_NO_PROPERTY_TYPE, B_TRUE);
4590 		long_usage(CMD_SET, B_TRUE);
4591 		usage(B_FALSE, HELP_PROPS);
4592 		return;
4593 	case RT_DCPU:
4594 		switch (prop_type) {
4595 		char *lowp, *highp;
4596 
4597 		case PT_NCPUS:
4598 			lowp = prop_id;
4599 			if ((highp = strchr(prop_id, '-')) != NULL)
4600 				*highp++ = '\0';
4601 			else
4602 				highp = lowp;
4603 
4604 			/* Make sure the input makes sense. */
4605 			if (!zonecfg_valid_ncpus(lowp, highp)) {
4606 				zerr(gettext("%s property is out of range."),
4607 				    pt_to_str(PT_NCPUS));
4608 				saw_error = B_TRUE;
4609 				return;
4610 			}
4611 
4612 			(void) strlcpy(
4613 			    in_progress_psettab.zone_ncpu_min, lowp,
4614 			    sizeof (in_progress_psettab.zone_ncpu_min));
4615 			(void) strlcpy(
4616 			    in_progress_psettab.zone_ncpu_max, highp,
4617 			    sizeof (in_progress_psettab.zone_ncpu_max));
4618 			return;
4619 		case PT_IMPORTANCE:
4620 			/* Make sure the value makes sense. */
4621 			if (!zonecfg_valid_importance(prop_id)) {
4622 				zerr(gettext("%s property is out of range."),
4623 				    pt_to_str(PT_IMPORTANCE));
4624 				saw_error = B_TRUE;
4625 				return;
4626 			}
4627 
4628 			(void) strlcpy(in_progress_psettab.zone_importance,
4629 			    prop_id,
4630 			    sizeof (in_progress_psettab.zone_importance));
4631 			return;
4632 		default:
4633 			break;
4634 		}
4635 		zone_perror(pt_to_str(prop_type), Z_NO_PROPERTY_TYPE, B_TRUE);
4636 		long_usage(CMD_SET, B_TRUE);
4637 		usage(B_FALSE, HELP_PROPS);
4638 		return;
4639 	case RT_PCAP:
4640 		if (prop_type != PT_NCPUS) {
4641 			zone_perror(pt_to_str(prop_type), Z_NO_PROPERTY_TYPE,
4642 			    B_TRUE);
4643 			long_usage(CMD_SET, B_TRUE);
4644 			usage(B_FALSE, HELP_PROPS);
4645 			return;
4646 		}
4647 
4648 		/*
4649 		 * We already checked that an rctl alias is allowed in
4650 		 * the add_resource() function.
4651 		 */
4652 
4653 		if ((cap = strtof(prop_id, &unitp)) <= 0 || *unitp != '\0' ||
4654 		    (int)(cap * 100) < 1) {
4655 			zerr(gettext("%s property is out of range."),
4656 			    pt_to_str(PT_NCPUS));
4657 			saw_error = B_TRUE;
4658 			return;
4659 		}
4660 
4661 		if ((err = zonecfg_set_aliased_rctl(handle, ALIAS_CPUCAP,
4662 		    (int)(cap * 100))) != Z_OK)
4663 			zone_perror(zone, err, B_TRUE);
4664 		else
4665 			need_to_commit = B_TRUE;
4666 		return;
4667 	case RT_MCAP:
4668 		switch (prop_type) {
4669 		case PT_PHYSICAL:
4670 			if (!zonecfg_valid_memlimit(prop_id, &mem_cap)) {
4671 				zerr(gettext("A positive number with a "
4672 				    "required scale suffix (K, M, G or T) was "
4673 				    "expected here."));
4674 				saw_error = B_TRUE;
4675 			} else if (mem_cap < ONE_MB) {
4676 				zerr(gettext("%s value is too small.  It must "
4677 				    "be at least 1M."), pt_to_str(PT_PHYSICAL));
4678 				saw_error = B_TRUE;
4679 			} else {
4680 				snprintf(in_progress_mcaptab.zone_physmem_cap,
4681 				    physmem_size, "%llu", mem_cap);
4682 			}
4683 			break;
4684 		case PT_SWAP:
4685 			/*
4686 			 * We have to check if an rctl is allowed here since
4687 			 * there might already be a rctl defined that blocks
4688 			 * the alias.
4689 			 */
4690 			if (!zonecfg_aliased_rctl_ok(handle, ALIAS_MAXSWAP)) {
4691 				zone_perror(pt_to_str(PT_MAXSWAP),
4692 				    Z_ALIAS_DISALLOW, B_FALSE);
4693 				saw_error = B_TRUE;
4694 				return;
4695 			}
4696 
4697 			if (global_zone)
4698 				mem_limit = ONE_MB * 100;
4699 			else
4700 				mem_limit = ONE_MB * 50;
4701 
4702 			if (!zonecfg_valid_memlimit(prop_id, &mem_cap)) {
4703 				zerr(gettext("A positive number with a "
4704 				    "required scale suffix (K, M, G or T) was "
4705 				    "expected here."));
4706 				saw_error = B_TRUE;
4707 			} else if (mem_cap < mem_limit) {
4708 				char buf[128];
4709 
4710 				(void) snprintf(buf, sizeof (buf), "%llu",
4711 				    mem_limit);
4712 				bytes_to_units(buf, buf, sizeof (buf));
4713 				zerr(gettext("%s value is too small.  It must "
4714 				    "be at least %s."), pt_to_str(PT_SWAP),
4715 				    buf);
4716 				saw_error = B_TRUE;
4717 			} else {
4718 				if ((err = zonecfg_set_aliased_rctl(handle,
4719 				    ALIAS_MAXSWAP, mem_cap)) != Z_OK)
4720 					zone_perror(zone, err, B_TRUE);
4721 				else
4722 					need_to_commit = B_TRUE;
4723 			}
4724 			break;
4725 		case PT_LOCKED:
4726 			/*
4727 			 * We have to check if an rctl is allowed here since
4728 			 * there might already be a rctl defined that blocks
4729 			 * the alias.
4730 			 */
4731 			if (!zonecfg_aliased_rctl_ok(handle,
4732 			    ALIAS_MAXLOCKEDMEM)) {
4733 				zone_perror(pt_to_str(PT_LOCKED),
4734 				    Z_ALIAS_DISALLOW, B_FALSE);
4735 				saw_error = B_TRUE;
4736 				return;
4737 			}
4738 
4739 			if (!zonecfg_valid_memlimit(prop_id, &mem_cap)) {
4740 				zerr(gettext("A non-negative number with a "
4741 				    "required scale suffix (K, M, G or T) was "
4742 				    "expected\nhere."));
4743 				saw_error = B_TRUE;
4744 			} else {
4745 				if ((err = zonecfg_set_aliased_rctl(handle,
4746 				    ALIAS_MAXLOCKEDMEM, mem_cap)) != Z_OK)
4747 					zone_perror(zone, err, B_TRUE);
4748 				else
4749 					need_to_commit = B_TRUE;
4750 			}
4751 			break;
4752 		default:
4753 			zone_perror(pt_to_str(prop_type), Z_NO_PROPERTY_TYPE,
4754 			    B_TRUE);
4755 			long_usage(CMD_SET, B_TRUE);
4756 			usage(B_FALSE, HELP_PROPS);
4757 			return;
4758 		}
4759 		return;
4760 	case RT_ADMIN:
4761 		switch (prop_type) {
4762 		case PT_USER:
4763 			(void) strlcpy(in_progress_admintab.zone_admin_user,
4764 			    prop_id,
4765 			    sizeof (in_progress_admintab.zone_admin_user));
4766 			return;
4767 		case PT_AUTHS:
4768 			(void) strlcpy(in_progress_admintab.zone_admin_auths,
4769 			    prop_id,
4770 			    sizeof (in_progress_admintab.zone_admin_auths));
4771 			return;
4772 		default:
4773 			zone_perror(pt_to_str(prop_type), Z_NO_PROPERTY_TYPE,
4774 			    B_TRUE);
4775 			long_usage(CMD_SET, B_TRUE);
4776 			usage(B_FALSE, HELP_PROPS);
4777 			return;
4778 		}
4779 	default:
4780 		zone_perror(rt_to_str(res_type), Z_NO_RESOURCE_TYPE, B_TRUE);
4781 		long_usage(CMD_SET, B_TRUE);
4782 		usage(B_FALSE, HELP_RESOURCES);
4783 		return;
4784 	}
4785 }
4786 
4787 static void
output_prop(FILE * fp,int pnum,char * pval,boolean_t print_notspec)4788 output_prop(FILE *fp, int pnum, char *pval, boolean_t print_notspec)
4789 {
4790 	char *qstr;
4791 
4792 	if (*pval != '\0') {
4793 		qstr = quoteit(pval);
4794 		if (pnum == PT_SWAP || pnum == PT_LOCKED)
4795 			(void) fprintf(fp, "\t[%s: %s]\n", pt_to_str(pnum),
4796 			    qstr);
4797 		else
4798 			(void) fprintf(fp, "\t%s: %s\n", pt_to_str(pnum), qstr);
4799 		free(qstr);
4800 	} else if (print_notspec)
4801 		(void) fprintf(fp, gettext("\t%s not specified\n"),
4802 		    pt_to_str(pnum));
4803 }
4804 
4805 static void
info_zonename(zone_dochandle_t handle,FILE * fp)4806 info_zonename(zone_dochandle_t handle, FILE *fp)
4807 {
4808 	char zonename[ZONENAME_MAX];
4809 
4810 	if (zonecfg_get_name(handle, zonename, sizeof (zonename)) == Z_OK)
4811 		(void) fprintf(fp, "%s: %s\n", pt_to_str(PT_ZONENAME),
4812 		    zonename);
4813 	else
4814 		(void) fprintf(fp, gettext("%s not specified\n"),
4815 		    pt_to_str(PT_ZONENAME));
4816 }
4817 
4818 static void
info_zonepath(zone_dochandle_t handle,FILE * fp)4819 info_zonepath(zone_dochandle_t handle, FILE *fp)
4820 {
4821 	char zonepath[MAXPATHLEN];
4822 
4823 	if (zonecfg_get_zonepath(handle, zonepath, sizeof (zonepath)) == Z_OK)
4824 		(void) fprintf(fp, "%s: %s\n", pt_to_str(PT_ZONEPATH),
4825 		    zonepath);
4826 	else {
4827 		(void) fprintf(fp, gettext("%s not specified\n"),
4828 		    pt_to_str(PT_ZONEPATH));
4829 	}
4830 }
4831 
4832 static void
info_brand(zone_dochandle_t handle,FILE * fp)4833 info_brand(zone_dochandle_t handle, FILE *fp)
4834 {
4835 	char brand[MAXNAMELEN];
4836 
4837 	if (zonecfg_get_brand(handle, brand, sizeof (brand)) == Z_OK)
4838 		(void) fprintf(fp, "%s: %s\n", pt_to_str(PT_BRAND),
4839 		    brand);
4840 	else
4841 		(void) fprintf(fp, "%s %s\n", pt_to_str(PT_BRAND),
4842 		    gettext("not specified"));
4843 }
4844 
4845 static void
info_autoboot(zone_dochandle_t handle,FILE * fp)4846 info_autoboot(zone_dochandle_t handle, FILE *fp)
4847 {
4848 	boolean_t autoboot;
4849 	int err;
4850 
4851 	if ((err = zonecfg_get_autoboot(handle, &autoboot)) == Z_OK)
4852 		(void) fprintf(fp, "%s: %s\n", pt_to_str(PT_AUTOBOOT),
4853 		    autoboot ? "true" : "false");
4854 	else
4855 		zone_perror(zone, err, B_TRUE);
4856 }
4857 
4858 static void
info_pool(zone_dochandle_t handle,FILE * fp)4859 info_pool(zone_dochandle_t handle, FILE *fp)
4860 {
4861 	char pool[MAXNAMELEN];
4862 	int err;
4863 
4864 	if ((err = zonecfg_get_pool(handle, pool, sizeof (pool))) == Z_OK)
4865 		(void) fprintf(fp, "%s: %s\n", pt_to_str(PT_POOL), pool);
4866 	else
4867 		zone_perror(zone, err, B_TRUE);
4868 }
4869 
4870 static void
info_limitpriv(zone_dochandle_t handle,FILE * fp)4871 info_limitpriv(zone_dochandle_t handle, FILE *fp)
4872 {
4873 	char *limitpriv;
4874 	int err;
4875 
4876 	if ((err = zonecfg_get_limitpriv(handle, &limitpriv)) == Z_OK) {
4877 		(void) fprintf(fp, "%s: %s\n", pt_to_str(PT_LIMITPRIV),
4878 		    limitpriv);
4879 		free(limitpriv);
4880 	} else {
4881 		zone_perror(zone, err, B_TRUE);
4882 	}
4883 }
4884 
4885 static void
info_bootargs(zone_dochandle_t handle,FILE * fp)4886 info_bootargs(zone_dochandle_t handle, FILE *fp)
4887 {
4888 	char bootargs[BOOTARGS_MAX];
4889 	int err;
4890 
4891 	if ((err = zonecfg_get_bootargs(handle, bootargs,
4892 	    sizeof (bootargs))) == Z_OK) {
4893 		(void) fprintf(fp, "%s: %s\n", pt_to_str(PT_BOOTARGS),
4894 		    bootargs);
4895 	} else {
4896 		zone_perror(zone, err, B_TRUE);
4897 	}
4898 }
4899 
4900 static void
info_sched(zone_dochandle_t handle,FILE * fp)4901 info_sched(zone_dochandle_t handle, FILE *fp)
4902 {
4903 	char sched[MAXNAMELEN];
4904 	int err;
4905 
4906 	if ((err = zonecfg_get_sched_class(handle, sched, sizeof (sched)))
4907 	    == Z_OK) {
4908 		(void) fprintf(fp, "%s: %s\n", pt_to_str(PT_SCHED), sched);
4909 	} else {
4910 		zone_perror(zone, err, B_TRUE);
4911 	}
4912 }
4913 
4914 static void
info_iptype(zone_dochandle_t handle,FILE * fp)4915 info_iptype(zone_dochandle_t handle, FILE *fp)
4916 {
4917 	zone_iptype_t iptype;
4918 	int err;
4919 
4920 	if ((err = zonecfg_get_iptype(handle, &iptype)) == Z_OK) {
4921 		switch (iptype) {
4922 		case ZS_SHARED:
4923 			(void) fprintf(fp, "%s: %s\n", pt_to_str(PT_IPTYPE),
4924 			    "shared");
4925 			break;
4926 		case ZS_EXCLUSIVE:
4927 			(void) fprintf(fp, "%s: %s\n", pt_to_str(PT_IPTYPE),
4928 			    "exclusive");
4929 			break;
4930 		}
4931 	} else {
4932 		zone_perror(zone, err, B_TRUE);
4933 	}
4934 }
4935 
4936 static void
info_hostid(zone_dochandle_t handle,FILE * fp)4937 info_hostid(zone_dochandle_t handle, FILE *fp)
4938 {
4939 	char hostidp[HW_HOSTID_LEN];
4940 	int err;
4941 
4942 	if ((err = zonecfg_get_hostid(handle, hostidp,
4943 	    sizeof (hostidp))) == Z_OK) {
4944 		(void) fprintf(fp, "%s: %s\n", pt_to_str(PT_HOSTID), hostidp);
4945 	} else if (err == Z_BAD_PROPERTY) {
4946 		(void) fprintf(fp, "%s: \n", pt_to_str(PT_HOSTID));
4947 	} else {
4948 		zone_perror(zone, err, B_TRUE);
4949 	}
4950 }
4951 
4952 static void
info_fs_allowed(zone_dochandle_t handle,FILE * fp)4953 info_fs_allowed(zone_dochandle_t handle, FILE *fp)
4954 {
4955 	char fsallowedp[ZONE_FS_ALLOWED_MAX];
4956 	int err;
4957 
4958 	if ((err = zonecfg_get_fs_allowed(handle, fsallowedp,
4959 	    sizeof (fsallowedp))) == Z_OK) {
4960 		(void) fprintf(fp, "%s: %s\n", pt_to_str(PT_FS_ALLOWED),
4961 		    fsallowedp);
4962 	} else if (err == Z_BAD_PROPERTY) {
4963 		(void) fprintf(fp, "%s: \n", pt_to_str(PT_FS_ALLOWED));
4964 	} else {
4965 		zone_perror(zone, err, B_TRUE);
4966 	}
4967 }
4968 
4969 static void
output_fs(FILE * fp,struct zone_fstab * fstab)4970 output_fs(FILE *fp, struct zone_fstab *fstab)
4971 {
4972 	zone_fsopt_t *this;
4973 
4974 	(void) fprintf(fp, "%s:\n", rt_to_str(RT_FS));
4975 	output_prop(fp, PT_DIR, fstab->zone_fs_dir, B_TRUE);
4976 	output_prop(fp, PT_SPECIAL, fstab->zone_fs_special, B_TRUE);
4977 	output_prop(fp, PT_RAW, fstab->zone_fs_raw, B_TRUE);
4978 	output_prop(fp, PT_TYPE, fstab->zone_fs_type, B_TRUE);
4979 	(void) fprintf(fp, "\t%s: [", pt_to_str(PT_OPTIONS));
4980 	for (this = fstab->zone_fs_options; this != NULL;
4981 	    this = this->zone_fsopt_next) {
4982 		if (strchr(this->zone_fsopt_opt, '='))
4983 			(void) fprintf(fp, "\"%s\"", this->zone_fsopt_opt);
4984 		else
4985 			(void) fprintf(fp, "%s", this->zone_fsopt_opt);
4986 		if (this->zone_fsopt_next != NULL)
4987 			(void) fprintf(fp, ",");
4988 	}
4989 	(void) fprintf(fp, "]\n");
4990 }
4991 
4992 static void
info_fs(zone_dochandle_t handle,FILE * fp,cmd_t * cmd)4993 info_fs(zone_dochandle_t handle, FILE *fp, cmd_t *cmd)
4994 {
4995 	struct zone_fstab lookup, user;
4996 	boolean_t output = B_FALSE;
4997 
4998 	if (zonecfg_setfsent(handle) != Z_OK)
4999 		return;
5000 	while (zonecfg_getfsent(handle, &lookup) == Z_OK) {
5001 		if (cmd->cmd_prop_nv_pairs == 0) {
5002 			output_fs(fp, &lookup);
5003 			goto loopend;
5004 		}
5005 		if (fill_in_fstab(cmd, &user, B_TRUE) != Z_OK)
5006 			goto loopend;
5007 		if (strlen(user.zone_fs_dir) > 0 &&
5008 		    strcmp(user.zone_fs_dir, lookup.zone_fs_dir) != 0)
5009 			goto loopend;	/* no match */
5010 		if (strlen(user.zone_fs_special) > 0 &&
5011 		    strcmp(user.zone_fs_special, lookup.zone_fs_special) != 0)
5012 			goto loopend;	/* no match */
5013 		if (strlen(user.zone_fs_type) > 0 &&
5014 		    strcmp(user.zone_fs_type, lookup.zone_fs_type) != 0)
5015 			goto loopend;	/* no match */
5016 		output_fs(fp, &lookup);
5017 		output = B_TRUE;
5018 loopend:
5019 		zonecfg_free_fs_option_list(lookup.zone_fs_options);
5020 	}
5021 	(void) zonecfg_endfsent(handle);
5022 	/*
5023 	 * If a property n/v pair was specified, warn the user if there was
5024 	 * nothing to output.
5025 	 */
5026 	if (!output && cmd->cmd_prop_nv_pairs > 0)
5027 		(void) printf(gettext("No such %s resource.\n"),
5028 		    rt_to_str(RT_FS));
5029 }
5030 
5031 static void
output_net(FILE * fp,struct zone_nwiftab * nwiftab)5032 output_net(FILE *fp, struct zone_nwiftab *nwiftab)
5033 {
5034 	(void) fprintf(fp, "%s:\n", rt_to_str(RT_NET));
5035 	output_prop(fp, PT_ADDRESS, nwiftab->zone_nwif_address, B_TRUE);
5036 	output_prop(fp, PT_ALLOWED_ADDRESS,
5037 	    nwiftab->zone_nwif_allowed_address, B_TRUE);
5038 	output_prop(fp, PT_PHYSICAL, nwiftab->zone_nwif_physical, B_TRUE);
5039 	output_prop(fp, PT_DEFROUTER, nwiftab->zone_nwif_defrouter, B_TRUE);
5040 }
5041 
5042 static void
info_net(zone_dochandle_t handle,FILE * fp,cmd_t * cmd)5043 info_net(zone_dochandle_t handle, FILE *fp, cmd_t *cmd)
5044 {
5045 	struct zone_nwiftab lookup, user;
5046 	boolean_t output = B_FALSE;
5047 
5048 	if (zonecfg_setnwifent(handle) != Z_OK)
5049 		return;
5050 	while (zonecfg_getnwifent(handle, &lookup) == Z_OK) {
5051 		if (cmd->cmd_prop_nv_pairs == 0) {
5052 			output_net(fp, &lookup);
5053 			continue;
5054 		}
5055 		if (fill_in_nwiftab(cmd, &user, B_TRUE) != Z_OK)
5056 			continue;
5057 		if (strlen(user.zone_nwif_physical) > 0 &&
5058 		    strcmp(user.zone_nwif_physical,
5059 		    lookup.zone_nwif_physical) != 0)
5060 			continue;	/* no match */
5061 		/* If present make sure it matches */
5062 		if (strlen(user.zone_nwif_address) > 0 &&
5063 		    !zonecfg_same_net_address(user.zone_nwif_address,
5064 		    lookup.zone_nwif_address))
5065 			continue;	/* no match */
5066 		output_net(fp, &lookup);
5067 		output = B_TRUE;
5068 	}
5069 	(void) zonecfg_endnwifent(handle);
5070 	/*
5071 	 * If a property n/v pair was specified, warn the user if there was
5072 	 * nothing to output.
5073 	 */
5074 	if (!output && cmd->cmd_prop_nv_pairs > 0)
5075 		(void) printf(gettext("No such %s resource.\n"),
5076 		    rt_to_str(RT_NET));
5077 }
5078 
5079 static void
output_dev(FILE * fp,struct zone_devtab * devtab)5080 output_dev(FILE *fp, struct zone_devtab *devtab)
5081 {
5082 	(void) fprintf(fp, "%s:\n", rt_to_str(RT_DEVICE));
5083 	output_prop(fp, PT_MATCH, devtab->zone_dev_match, B_TRUE);
5084 }
5085 
5086 static void
info_dev(zone_dochandle_t handle,FILE * fp,cmd_t * cmd)5087 info_dev(zone_dochandle_t handle, FILE *fp, cmd_t *cmd)
5088 {
5089 	struct zone_devtab lookup, user;
5090 	boolean_t output = B_FALSE;
5091 
5092 	if (zonecfg_setdevent(handle) != Z_OK)
5093 		return;
5094 	while (zonecfg_getdevent(handle, &lookup) == Z_OK) {
5095 		if (cmd->cmd_prop_nv_pairs == 0) {
5096 			output_dev(fp, &lookup);
5097 			continue;
5098 		}
5099 		if (fill_in_devtab(cmd, &user, B_TRUE) != Z_OK)
5100 			continue;
5101 		if (strlen(user.zone_dev_match) > 0 &&
5102 		    strcmp(user.zone_dev_match, lookup.zone_dev_match) != 0)
5103 			continue;	/* no match */
5104 		output_dev(fp, &lookup);
5105 		output = B_TRUE;
5106 	}
5107 	(void) zonecfg_enddevent(handle);
5108 	/*
5109 	 * If a property n/v pair was specified, warn the user if there was
5110 	 * nothing to output.
5111 	 */
5112 	if (!output && cmd->cmd_prop_nv_pairs > 0)
5113 		(void) printf(gettext("No such %s resource.\n"),
5114 		    rt_to_str(RT_DEVICE));
5115 }
5116 
5117 static void
output_rctl(FILE * fp,struct zone_rctltab * rctltab)5118 output_rctl(FILE *fp, struct zone_rctltab *rctltab)
5119 {
5120 	struct zone_rctlvaltab *valptr;
5121 
5122 	(void) fprintf(fp, "%s:\n", rt_to_str(RT_RCTL));
5123 	output_prop(fp, PT_NAME, rctltab->zone_rctl_name, B_TRUE);
5124 	for (valptr = rctltab->zone_rctl_valptr; valptr != NULL;
5125 	    valptr = valptr->zone_rctlval_next) {
5126 		fprintf(fp, "\t%s: (%s=%s,%s=%s,%s=%s)\n",
5127 		    pt_to_str(PT_VALUE),
5128 		    pt_to_str(PT_PRIV), valptr->zone_rctlval_priv,
5129 		    pt_to_str(PT_LIMIT), valptr->zone_rctlval_limit,
5130 		    pt_to_str(PT_ACTION), valptr->zone_rctlval_action);
5131 	}
5132 }
5133 
5134 static void
info_rctl(zone_dochandle_t handle,FILE * fp,cmd_t * cmd)5135 info_rctl(zone_dochandle_t handle, FILE *fp, cmd_t *cmd)
5136 {
5137 	struct zone_rctltab lookup, user;
5138 	boolean_t output = B_FALSE;
5139 
5140 	if (zonecfg_setrctlent(handle) != Z_OK)
5141 		return;
5142 	while (zonecfg_getrctlent(handle, &lookup) == Z_OK) {
5143 		if (cmd->cmd_prop_nv_pairs == 0) {
5144 			output_rctl(fp, &lookup);
5145 		} else if (fill_in_rctltab(cmd, &user, B_TRUE) == Z_OK &&
5146 		    (strlen(user.zone_rctl_name) == 0 ||
5147 		    strcmp(user.zone_rctl_name, lookup.zone_rctl_name) == 0)) {
5148 			output_rctl(fp, &lookup);
5149 			output = B_TRUE;
5150 		}
5151 		zonecfg_free_rctl_value_list(lookup.zone_rctl_valptr);
5152 	}
5153 	(void) zonecfg_endrctlent(handle);
5154 	/*
5155 	 * If a property n/v pair was specified, warn the user if there was
5156 	 * nothing to output.
5157 	 */
5158 	if (!output && cmd->cmd_prop_nv_pairs > 0)
5159 		(void) printf(gettext("No such %s resource.\n"),
5160 		    rt_to_str(RT_RCTL));
5161 }
5162 
5163 static void
output_attr(FILE * fp,struct zone_attrtab * attrtab)5164 output_attr(FILE *fp, struct zone_attrtab *attrtab)
5165 {
5166 	(void) fprintf(fp, "%s:\n", rt_to_str(RT_ATTR));
5167 	output_prop(fp, PT_NAME, attrtab->zone_attr_name, B_TRUE);
5168 	output_prop(fp, PT_TYPE, attrtab->zone_attr_type, B_TRUE);
5169 	output_prop(fp, PT_VALUE, attrtab->zone_attr_value, B_TRUE);
5170 }
5171 
5172 static void
info_attr(zone_dochandle_t handle,FILE * fp,cmd_t * cmd)5173 info_attr(zone_dochandle_t handle, FILE *fp, cmd_t *cmd)
5174 {
5175 	struct zone_attrtab lookup, user;
5176 	boolean_t output = B_FALSE;
5177 
5178 	if (zonecfg_setattrent(handle) != Z_OK)
5179 		return;
5180 	while (zonecfg_getattrent(handle, &lookup) == Z_OK) {
5181 		if (cmd->cmd_prop_nv_pairs == 0) {
5182 			output_attr(fp, &lookup);
5183 			continue;
5184 		}
5185 		if (fill_in_attrtab(cmd, &user, B_TRUE) != Z_OK)
5186 			continue;
5187 		if (strlen(user.zone_attr_name) > 0 &&
5188 		    strcmp(user.zone_attr_name, lookup.zone_attr_name) != 0)
5189 			continue;	/* no match */
5190 		if (strlen(user.zone_attr_type) > 0 &&
5191 		    strcmp(user.zone_attr_type, lookup.zone_attr_type) != 0)
5192 			continue;	/* no match */
5193 		if (strlen(user.zone_attr_value) > 0 &&
5194 		    strcmp(user.zone_attr_value, lookup.zone_attr_value) != 0)
5195 			continue;	/* no match */
5196 		output_attr(fp, &lookup);
5197 		output = B_TRUE;
5198 	}
5199 	(void) zonecfg_endattrent(handle);
5200 	/*
5201 	 * If a property n/v pair was specified, warn the user if there was
5202 	 * nothing to output.
5203 	 */
5204 	if (!output && cmd->cmd_prop_nv_pairs > 0)
5205 		(void) printf(gettext("No such %s resource.\n"),
5206 		    rt_to_str(RT_ATTR));
5207 }
5208 
5209 static void
output_ds(FILE * fp,struct zone_dstab * dstab)5210 output_ds(FILE *fp, struct zone_dstab *dstab)
5211 {
5212 	(void) fprintf(fp, "%s:\n", rt_to_str(RT_DATASET));
5213 	output_prop(fp, PT_NAME, dstab->zone_dataset_name, B_TRUE);
5214 }
5215 
5216 static void
info_ds(zone_dochandle_t handle,FILE * fp,cmd_t * cmd)5217 info_ds(zone_dochandle_t handle, FILE *fp, cmd_t *cmd)
5218 {
5219 	struct zone_dstab lookup, user;
5220 	boolean_t output = B_FALSE;
5221 
5222 	if (zonecfg_setdsent(handle) != Z_OK)
5223 		return;
5224 	while (zonecfg_getdsent(handle, &lookup) == Z_OK) {
5225 		if (cmd->cmd_prop_nv_pairs == 0) {
5226 			output_ds(fp, &lookup);
5227 			continue;
5228 		}
5229 		if (fill_in_dstab(cmd, &user, B_TRUE) != Z_OK)
5230 			continue;
5231 		if (strlen(user.zone_dataset_name) > 0 &&
5232 		    strcmp(user.zone_dataset_name,
5233 		    lookup.zone_dataset_name) != 0)
5234 			continue;	/* no match */
5235 		output_ds(fp, &lookup);
5236 		output = B_TRUE;
5237 	}
5238 	(void) zonecfg_enddsent(handle);
5239 	/*
5240 	 * If a property n/v pair was specified, warn the user if there was
5241 	 * nothing to output.
5242 	 */
5243 	if (!output && cmd->cmd_prop_nv_pairs > 0)
5244 		(void) printf(gettext("No such %s resource.\n"),
5245 		    rt_to_str(RT_DATASET));
5246 }
5247 
5248 static void
output_pset(FILE * fp,struct zone_psettab * psettab)5249 output_pset(FILE *fp, struct zone_psettab *psettab)
5250 {
5251 	(void) fprintf(fp, "%s:\n", rt_to_str(RT_DCPU));
5252 	if (strcmp(psettab->zone_ncpu_min, psettab->zone_ncpu_max) == 0)
5253 		(void) fprintf(fp, "\t%s: %s\n", pt_to_str(PT_NCPUS),
5254 		    psettab->zone_ncpu_max);
5255 	else
5256 		(void) fprintf(fp, "\t%s: %s-%s\n", pt_to_str(PT_NCPUS),
5257 		    psettab->zone_ncpu_min, psettab->zone_ncpu_max);
5258 	if (psettab->zone_importance[0] != '\0')
5259 		(void) fprintf(fp, "\t%s: %s\n", pt_to_str(PT_IMPORTANCE),
5260 		    psettab->zone_importance);
5261 }
5262 
5263 static void
info_pset(zone_dochandle_t handle,FILE * fp)5264 info_pset(zone_dochandle_t handle, FILE *fp)
5265 {
5266 	struct zone_psettab lookup;
5267 
5268 	if (zonecfg_getpsetent(handle, &lookup) == Z_OK)
5269 		output_pset(fp, &lookup);
5270 }
5271 
5272 static void
output_pcap(FILE * fp)5273 output_pcap(FILE *fp)
5274 {
5275 	uint64_t cap;
5276 
5277 	if (zonecfg_get_aliased_rctl(handle, ALIAS_CPUCAP, &cap) == Z_OK) {
5278 		float scaled = (float)cap / 100;
5279 		(void) fprintf(fp, "%s:\n", rt_to_str(RT_PCAP));
5280 		(void) fprintf(fp, "\t[%s: %.2f]\n", pt_to_str(PT_NCPUS),
5281 		    scaled);
5282 	}
5283 }
5284 
5285 static void
info_pcap(FILE * fp)5286 info_pcap(FILE *fp)
5287 {
5288 	output_pcap(fp);
5289 }
5290 
5291 
5292 static void
info_aliased_rctl(zone_dochandle_t handle,FILE * fp,char * alias)5293 info_aliased_rctl(zone_dochandle_t handle, FILE *fp, char *alias)
5294 {
5295 	uint64_t limit;
5296 
5297 	if (zonecfg_get_aliased_rctl(handle, alias, &limit) == Z_OK) {
5298 		/* convert memory based properties */
5299 		if (strcmp(alias, ALIAS_MAXSHMMEM) == 0) {
5300 			char buf[128];
5301 
5302 			(void) snprintf(buf, sizeof (buf), "%llu", limit);
5303 			bytes_to_units(buf, buf, sizeof (buf));
5304 			(void) fprintf(fp, "[%s: %s]\n", alias, buf);
5305 			return;
5306 		}
5307 
5308 		(void) fprintf(fp, "[%s: %llu]\n", alias, limit);
5309 	}
5310 }
5311 
5312 static void
bytes_to_units(char * str,char * buf,int bufsize)5313 bytes_to_units(char *str, char *buf, int bufsize)
5314 {
5315 	unsigned long long num;
5316 	unsigned long long save = 0;
5317 	char *units = "BKMGT";
5318 	char *up = units;
5319 
5320 	num = strtoll(str, NULL, 10);
5321 
5322 	if (num < 1024) {
5323 		(void) snprintf(buf, bufsize, "%llu", num);
5324 		return;
5325 	}
5326 
5327 	while ((num >= 1024) && (*up != 'T')) {
5328 		up++; /* next unit of measurement */
5329 		save = num;
5330 		num = (num + 512) >> 10;
5331 	}
5332 
5333 	/* check if we should output a fraction.  snprintf will round for us */
5334 	if (save % 1024 != 0 && ((save >> 10) < 10))
5335 		(void) snprintf(buf, bufsize, "%2.1f%c", ((float)save / 1024),
5336 		    *up);
5337 	else
5338 		(void) snprintf(buf, bufsize, "%llu%c", num, *up);
5339 }
5340 
5341 static void
output_mcap(FILE * fp,struct zone_mcaptab * mcaptab,int showswap,uint64_t maxswap,int showlocked,uint64_t maxlocked)5342 output_mcap(FILE *fp, struct zone_mcaptab *mcaptab, int showswap,
5343     uint64_t maxswap, int showlocked, uint64_t maxlocked)
5344 {
5345 	char buf[128];
5346 
5347 	(void) fprintf(fp, "%s:\n", rt_to_str(RT_MCAP));
5348 	if (mcaptab->zone_physmem_cap[0] != '\0') {
5349 		bytes_to_units(mcaptab->zone_physmem_cap, buf, sizeof (buf));
5350 		output_prop(fp, PT_PHYSICAL, buf, B_TRUE);
5351 	}
5352 
5353 	if (showswap == Z_OK) {
5354 		(void) snprintf(buf, sizeof (buf), "%llu", maxswap);
5355 		bytes_to_units(buf, buf, sizeof (buf));
5356 		output_prop(fp, PT_SWAP, buf, B_TRUE);
5357 	}
5358 
5359 	if (showlocked == Z_OK) {
5360 		(void) snprintf(buf, sizeof (buf), "%llu", maxlocked);
5361 		bytes_to_units(buf, buf, sizeof (buf));
5362 		output_prop(fp, PT_LOCKED, buf, B_TRUE);
5363 	}
5364 }
5365 
5366 static void
info_mcap(zone_dochandle_t handle,FILE * fp)5367 info_mcap(zone_dochandle_t handle, FILE *fp)
5368 {
5369 	int res1, res2, res3;
5370 	uint64_t swap_limit;
5371 	uint64_t locked_limit;
5372 	struct zone_mcaptab lookup;
5373 
5374 	bzero(&lookup, sizeof (lookup));
5375 	res1 = zonecfg_getmcapent(handle, &lookup);
5376 	res2 = zonecfg_get_aliased_rctl(handle, ALIAS_MAXSWAP, &swap_limit);
5377 	res3 = zonecfg_get_aliased_rctl(handle, ALIAS_MAXLOCKEDMEM,
5378 	    &locked_limit);
5379 
5380 	if (res1 == Z_OK || res2 == Z_OK || res3 == Z_OK)
5381 		output_mcap(fp, &lookup, res2, swap_limit, res3, locked_limit);
5382 }
5383 
5384 static void
output_auth(FILE * fp,struct zone_admintab * admintab)5385 output_auth(FILE *fp, struct zone_admintab *admintab)
5386 {
5387 	(void) fprintf(fp, "%s:\n", rt_to_str(RT_ADMIN));
5388 	output_prop(fp, PT_USER, admintab->zone_admin_user, B_TRUE);
5389 	output_prop(fp, PT_AUTHS, admintab->zone_admin_auths, B_TRUE);
5390 }
5391 
5392 static void
info_auth(zone_dochandle_t handle,FILE * fp,cmd_t * cmd)5393 info_auth(zone_dochandle_t handle, FILE *fp, cmd_t *cmd)
5394 {
5395 	struct zone_admintab lookup, user;
5396 	boolean_t output = B_FALSE;
5397 	int err;
5398 
5399 	if ((err = zonecfg_setadminent(handle)) != Z_OK) {
5400 		zone_perror(zone, err, B_TRUE);
5401 		return;
5402 	}
5403 	while (zonecfg_getadminent(handle, &lookup) == Z_OK) {
5404 		if (cmd->cmd_prop_nv_pairs == 0) {
5405 			output_auth(fp, &lookup);
5406 			continue;
5407 		}
5408 		if (fill_in_admintab(cmd, &user, B_TRUE) != Z_OK)
5409 			continue;
5410 		if (strlen(user.zone_admin_user) > 0 &&
5411 		    strcmp(user.zone_admin_user, lookup.zone_admin_user) != 0)
5412 			continue;	/* no match */
5413 		output_auth(fp, &lookup);
5414 		output = B_TRUE;
5415 	}
5416 	(void) zonecfg_endadminent(handle);
5417 	/*
5418 	 * If a property n/v pair was specified, warn the user if there was
5419 	 * nothing to output.
5420 	 */
5421 	if (!output && cmd->cmd_prop_nv_pairs > 0)
5422 		(void) printf(gettext("No such %s resource.\n"),
5423 		    rt_to_str(RT_ADMIN));
5424 }
5425 
5426 void
info_func(cmd_t * cmd)5427 info_func(cmd_t *cmd)
5428 {
5429 	FILE *fp = stdout;
5430 	boolean_t need_to_close = B_FALSE;
5431 	int type;
5432 	int res1, res2;
5433 	uint64_t swap_limit;
5434 	uint64_t locked_limit;
5435 
5436 	assert(cmd != NULL);
5437 
5438 	if (initialize(B_TRUE) != Z_OK)
5439 		return;
5440 
5441 	/* don't page error output */
5442 	if (interactive_mode) {
5443 		if ((fp = pager_open()) != NULL)
5444 			need_to_close = B_TRUE;
5445 		else
5446 			fp = stdout;
5447 
5448 		setbuf(fp, NULL);
5449 	}
5450 
5451 	if (!global_scope) {
5452 		switch (resource_scope) {
5453 		case RT_FS:
5454 			output_fs(fp, &in_progress_fstab);
5455 			break;
5456 		case RT_NET:
5457 			output_net(fp, &in_progress_nwiftab);
5458 			break;
5459 		case RT_DEVICE:
5460 			output_dev(fp, &in_progress_devtab);
5461 			break;
5462 		case RT_RCTL:
5463 			output_rctl(fp, &in_progress_rctltab);
5464 			break;
5465 		case RT_ATTR:
5466 			output_attr(fp, &in_progress_attrtab);
5467 			break;
5468 		case RT_DATASET:
5469 			output_ds(fp, &in_progress_dstab);
5470 			break;
5471 		case RT_DCPU:
5472 			output_pset(fp, &in_progress_psettab);
5473 			break;
5474 		case RT_PCAP:
5475 			output_pcap(fp);
5476 			break;
5477 		case RT_MCAP:
5478 			res1 = zonecfg_get_aliased_rctl(handle, ALIAS_MAXSWAP,
5479 			    &swap_limit);
5480 			res2 = zonecfg_get_aliased_rctl(handle,
5481 			    ALIAS_MAXLOCKEDMEM, &locked_limit);
5482 			output_mcap(fp, &in_progress_mcaptab, res1, swap_limit,
5483 			    res2, locked_limit);
5484 			break;
5485 		case RT_ADMIN:
5486 			output_auth(fp, &in_progress_admintab);
5487 			break;
5488 		}
5489 		goto cleanup;
5490 	}
5491 
5492 	type = cmd->cmd_res_type;
5493 
5494 	if (gz_invalid_rt_property(type)) {
5495 		zerr(gettext("%s is not a valid property for the global zone."),
5496 		    rt_to_str(type));
5497 		goto cleanup;
5498 	}
5499 
5500 	if (gz_invalid_resource(type)) {
5501 		zerr(gettext("%s is not a valid resource for the global zone."),
5502 		    rt_to_str(type));
5503 		goto cleanup;
5504 	}
5505 
5506 	switch (cmd->cmd_res_type) {
5507 	case RT_UNKNOWN:
5508 		info_zonename(handle, fp);
5509 		if (!global_zone) {
5510 			info_zonepath(handle, fp);
5511 			info_brand(handle, fp);
5512 			info_autoboot(handle, fp);
5513 			info_bootargs(handle, fp);
5514 		}
5515 		info_pool(handle, fp);
5516 		if (!global_zone) {
5517 			info_limitpriv(handle, fp);
5518 			info_sched(handle, fp);
5519 			info_iptype(handle, fp);
5520 			info_hostid(handle, fp);
5521 			info_fs_allowed(handle, fp);
5522 		}
5523 		info_aliased_rctl(handle, fp, ALIAS_MAXLWPS);
5524 		info_aliased_rctl(handle, fp, ALIAS_MAXPROCS);
5525 		info_aliased_rctl(handle, fp, ALIAS_MAXSHMMEM);
5526 		info_aliased_rctl(handle, fp, ALIAS_MAXSHMIDS);
5527 		info_aliased_rctl(handle, fp, ALIAS_MAXMSGIDS);
5528 		info_aliased_rctl(handle, fp, ALIAS_MAXSEMIDS);
5529 		info_aliased_rctl(handle, fp, ALIAS_SHARES);
5530 		if (!global_zone) {
5531 			info_fs(handle, fp, cmd);
5532 			info_net(handle, fp, cmd);
5533 			info_dev(handle, fp, cmd);
5534 		}
5535 		info_pset(handle, fp);
5536 		info_pcap(fp);
5537 		info_mcap(handle, fp);
5538 		if (!global_zone) {
5539 			info_attr(handle, fp, cmd);
5540 			info_ds(handle, fp, cmd);
5541 			info_auth(handle, fp, cmd);
5542 		}
5543 		info_rctl(handle, fp, cmd);
5544 		break;
5545 	case RT_ZONENAME:
5546 		info_zonename(handle, fp);
5547 		break;
5548 	case RT_ZONEPATH:
5549 		info_zonepath(handle, fp);
5550 		break;
5551 	case RT_BRAND:
5552 		info_brand(handle, fp);
5553 		break;
5554 	case RT_AUTOBOOT:
5555 		info_autoboot(handle, fp);
5556 		break;
5557 	case RT_POOL:
5558 		info_pool(handle, fp);
5559 		break;
5560 	case RT_LIMITPRIV:
5561 		info_limitpriv(handle, fp);
5562 		break;
5563 	case RT_BOOTARGS:
5564 		info_bootargs(handle, fp);
5565 		break;
5566 	case RT_SCHED:
5567 		info_sched(handle, fp);
5568 		break;
5569 	case RT_IPTYPE:
5570 		info_iptype(handle, fp);
5571 		break;
5572 	case RT_MAXLWPS:
5573 		info_aliased_rctl(handle, fp, ALIAS_MAXLWPS);
5574 		break;
5575 	case RT_MAXPROCS:
5576 		info_aliased_rctl(handle, fp, ALIAS_MAXPROCS);
5577 		break;
5578 	case RT_MAXSHMMEM:
5579 		info_aliased_rctl(handle, fp, ALIAS_MAXSHMMEM);
5580 		break;
5581 	case RT_MAXSHMIDS:
5582 		info_aliased_rctl(handle, fp, ALIAS_MAXSHMIDS);
5583 		break;
5584 	case RT_MAXMSGIDS:
5585 		info_aliased_rctl(handle, fp, ALIAS_MAXMSGIDS);
5586 		break;
5587 	case RT_MAXSEMIDS:
5588 		info_aliased_rctl(handle, fp, ALIAS_MAXSEMIDS);
5589 		break;
5590 	case RT_SHARES:
5591 		info_aliased_rctl(handle, fp, ALIAS_SHARES);
5592 		break;
5593 	case RT_FS:
5594 		info_fs(handle, fp, cmd);
5595 		break;
5596 	case RT_NET:
5597 		info_net(handle, fp, cmd);
5598 		break;
5599 	case RT_DEVICE:
5600 		info_dev(handle, fp, cmd);
5601 		break;
5602 	case RT_RCTL:
5603 		info_rctl(handle, fp, cmd);
5604 		break;
5605 	case RT_ATTR:
5606 		info_attr(handle, fp, cmd);
5607 		break;
5608 	case RT_DATASET:
5609 		info_ds(handle, fp, cmd);
5610 		break;
5611 	case RT_DCPU:
5612 		info_pset(handle, fp);
5613 		break;
5614 	case RT_PCAP:
5615 		info_pcap(fp);
5616 		break;
5617 	case RT_MCAP:
5618 		info_mcap(handle, fp);
5619 		break;
5620 	case RT_HOSTID:
5621 		info_hostid(handle, fp);
5622 		break;
5623 	case RT_ADMIN:
5624 		info_auth(handle, fp, cmd);
5625 		break;
5626 	case RT_FS_ALLOWED:
5627 		info_fs_allowed(handle, fp);
5628 		break;
5629 	default:
5630 		zone_perror(rt_to_str(cmd->cmd_res_type), Z_NO_RESOURCE_TYPE,
5631 		    B_TRUE);
5632 	}
5633 
5634 cleanup:
5635 	if (need_to_close)
5636 		(void) pager_close(fp);
5637 }
5638 
5639 /*
5640  * Helper function for verify-- checks that a required string property
5641  * exists.
5642  */
5643 static void
check_reqd_prop(char * attr,int rt,int pt,int * ret_val)5644 check_reqd_prop(char *attr, int rt, int pt, int *ret_val)
5645 {
5646 	if (strlen(attr) == 0) {
5647 		zerr(gettext("%s: %s not specified"), rt_to_str(rt),
5648 		    pt_to_str(pt));
5649 		saw_error = B_TRUE;
5650 		if (*ret_val == Z_OK)
5651 			*ret_val = Z_REQD_PROPERTY_MISSING;
5652 	}
5653 }
5654 
5655 static int
do_subproc(char * cmdbuf)5656 do_subproc(char *cmdbuf)
5657 {
5658 	char inbuf[MAX_CMD_LEN];
5659 	FILE *file;
5660 	int status;
5661 
5662 	file = popen(cmdbuf, "r");
5663 	if (file == NULL) {
5664 		zerr(gettext("Could not launch: %s"), cmdbuf);
5665 		return (-1);
5666 	}
5667 
5668 	while (fgets(inbuf, sizeof (inbuf), file) != NULL)
5669 		fprintf(stderr, "%s", inbuf);
5670 	status = pclose(file);
5671 
5672 	if (WIFSIGNALED(status)) {
5673 		zerr(gettext("%s unexpectedly terminated due to signal %d"),
5674 		    cmdbuf, WTERMSIG(status));
5675 		return (-1);
5676 	}
5677 	assert(WIFEXITED(status));
5678 	return (WEXITSTATUS(status));
5679 }
5680 
5681 static int
brand_verify(zone_dochandle_t handle)5682 brand_verify(zone_dochandle_t handle)
5683 {
5684 	char xml_file[32];
5685 	char cmdbuf[MAX_CMD_LEN];
5686 	brand_handle_t bh;
5687 	char brand[MAXNAMELEN];
5688 	int err;
5689 
5690 	if (zonecfg_get_brand(handle, brand, sizeof (brand)) != Z_OK) {
5691 		zerr("%s: %s\n", zone, gettext("could not get zone brand"));
5692 		return (Z_INVALID_DOCUMENT);
5693 	}
5694 	if ((bh = brand_open(brand)) == NULL) {
5695 		zerr("%s: %s\n", zone, gettext("unknown brand."));
5696 		return (Z_INVALID_DOCUMENT);
5697 	}
5698 
5699 	/*
5700 	 * Fetch the verify command, if any, from the brand configuration
5701 	 * and build the command line to execute it.
5702 	 */
5703 	strcpy(cmdbuf, EXEC_PREFIX);
5704 	err = brand_get_verify_cfg(bh, cmdbuf + EXEC_LEN,
5705 	    sizeof (cmdbuf) - (EXEC_LEN + (strlen(xml_file) + 1)));
5706 	brand_close(bh);
5707 	if (err != Z_OK) {
5708 		zerr("%s: %s\n", zone,
5709 		    gettext("could not get brand verification command"));
5710 		return (Z_INVALID_DOCUMENT);
5711 	}
5712 
5713 	/*
5714 	 * If the brand doesn't provide a verification routine, we just
5715 	 * return success.
5716 	 */
5717 	if (strlen(cmdbuf) == EXEC_LEN)
5718 		return (Z_OK);
5719 
5720 	/*
5721 	 * Dump the current config information for this zone to a file.
5722 	 */
5723 	strcpy(xml_file, "/tmp/zonecfg_verify.XXXXXX");
5724 	if (mkstemp(xml_file) == NULL)
5725 		return (Z_TEMP_FILE);
5726 	if ((err = zonecfg_verify_save(handle, xml_file)) != Z_OK) {
5727 		(void) unlink(xml_file);
5728 		return (err);
5729 	}
5730 
5731 	/*
5732 	 * Execute the verification command.
5733 	 */
5734 	if ((strlcat(cmdbuf, " ", MAX_CMD_LEN) >= MAX_CMD_LEN) ||
5735 	    (strlcat(cmdbuf, xml_file, MAX_CMD_LEN) >= MAX_CMD_LEN)) {
5736 		err = Z_BRAND_ERROR;
5737 	} else {
5738 		err = do_subproc(cmdbuf);
5739 	}
5740 
5741 	(void) unlink(xml_file);
5742 	return ((err == Z_OK) ? Z_OK : Z_BRAND_ERROR);
5743 }
5744 
5745 /*
5746  * Track the network interfaces listed in zonecfg(1m) in a linked list
5747  * so that we can later check that defrouter is specified for an exclusive IP
5748  * zone if and only if at least one allowed-address has been specified.
5749  */
5750 static boolean_t
add_nwif(struct zone_nwiftab * nwif)5751 add_nwif(struct zone_nwiftab *nwif)
5752 {
5753 	struct xif *tmp;
5754 
5755 	for (tmp = xif; tmp != NULL; tmp = tmp->xif_next) {
5756 		if (strcmp(tmp->xif_name, nwif->zone_nwif_physical) == 0) {
5757 			if (strlen(nwif->zone_nwif_allowed_address) > 0)
5758 				tmp->xif_has_address = B_TRUE;
5759 			if (strlen(nwif->zone_nwif_defrouter) > 0)
5760 				tmp->xif_has_defrouter = B_TRUE;
5761 			return (B_TRUE);
5762 		}
5763 	}
5764 
5765 	tmp = malloc(sizeof (*tmp));
5766 	if (tmp == NULL) {
5767 		zerr(gettext("memory allocation failed for %s"),
5768 		    nwif->zone_nwif_physical);
5769 		return (B_FALSE);
5770 	}
5771 	strlcpy(tmp->xif_name, nwif->zone_nwif_physical,
5772 	    sizeof (tmp->xif_name));
5773 	tmp->xif_has_defrouter = (strlen(nwif->zone_nwif_defrouter) > 0);
5774 	tmp->xif_has_address = (strlen(nwif->zone_nwif_allowed_address) > 0);
5775 	tmp->xif_next = xif;
5776 	xif = tmp;
5777 	return (B_TRUE);
5778 }
5779 
5780 /*
5781  * See the DTD for which attributes are required for which resources.
5782  *
5783  * This function can be called by commit_func(), which needs to save things,
5784  * in addition to the general call from parse_and_run(), which doesn't need
5785  * things saved.  Since the parameters are standardized, we distinguish by
5786  * having commit_func() call here with cmd->cmd_arg set to "save" to indicate
5787  * that a save is needed.
5788  */
5789 void
verify_func(cmd_t * cmd)5790 verify_func(cmd_t *cmd)
5791 {
5792 	struct zone_nwiftab nwiftab;
5793 	struct zone_fstab fstab;
5794 	struct zone_attrtab attrtab;
5795 	struct zone_rctltab rctltab;
5796 	struct zone_dstab dstab;
5797 	struct zone_psettab psettab;
5798 	struct zone_admintab admintab;
5799 	char zonepath[MAXPATHLEN];
5800 	char sched[MAXNAMELEN];
5801 	char brand[MAXNAMELEN];
5802 	char hostidp[HW_HOSTID_LEN];
5803 	char fsallowedp[ZONE_FS_ALLOWED_MAX];
5804 	priv_set_t *privs;
5805 	char *privname = NULL;
5806 	int err, ret_val = Z_OK, arg;
5807 	int pset_res;
5808 	boolean_t save = B_FALSE;
5809 	boolean_t arg_err = B_FALSE;
5810 	zone_iptype_t iptype;
5811 	boolean_t has_cpu_shares = B_FALSE;
5812 	boolean_t has_cpu_cap = B_FALSE;
5813 	struct xif *tmp;
5814 
5815 	optind = 0;
5816 	while ((arg = getopt(cmd->cmd_argc, cmd->cmd_argv, "?")) != EOF) {
5817 		switch (arg) {
5818 		case '?':
5819 			longer_usage(CMD_VERIFY);
5820 			arg_err = B_TRUE;
5821 			break;
5822 		default:
5823 			short_usage(CMD_VERIFY);
5824 			arg_err = B_TRUE;
5825 			break;
5826 		}
5827 	}
5828 	if (arg_err)
5829 		return;
5830 
5831 	if (optind > cmd->cmd_argc) {
5832 		short_usage(CMD_VERIFY);
5833 		return;
5834 	}
5835 
5836 	if (zone_is_read_only(CMD_VERIFY))
5837 		return;
5838 
5839 	assert(cmd != NULL);
5840 
5841 	if (cmd->cmd_argc > 0 && (strcmp(cmd->cmd_argv[0], "save") == 0))
5842 		save = B_TRUE;
5843 	if (initialize(B_TRUE) != Z_OK)
5844 		return;
5845 
5846 	if (zonecfg_get_zonepath(handle, zonepath, sizeof (zonepath)) != Z_OK &&
5847 	    !global_zone) {
5848 		zerr(gettext("%s not specified"), pt_to_str(PT_ZONEPATH));
5849 		ret_val = Z_REQD_RESOURCE_MISSING;
5850 		saw_error = B_TRUE;
5851 	}
5852 	if (strlen(zonepath) == 0 && !global_zone) {
5853 		zerr(gettext("%s cannot be empty."), pt_to_str(PT_ZONEPATH));
5854 		ret_val = Z_REQD_RESOURCE_MISSING;
5855 		saw_error = B_TRUE;
5856 	}
5857 
5858 	if ((err = zonecfg_get_brand(handle, brand, sizeof (brand))) != Z_OK) {
5859 		zone_perror(zone, err, B_TRUE);
5860 		return;
5861 	}
5862 	if ((err = brand_verify(handle)) != Z_OK) {
5863 		zone_perror(zone, err, B_TRUE);
5864 		return;
5865 	}
5866 
5867 	if (zonecfg_get_iptype(handle, &iptype) != Z_OK) {
5868 		zerr("%s %s", gettext("cannot get"), pt_to_str(PT_IPTYPE));
5869 		ret_val = Z_REQD_RESOURCE_MISSING;
5870 		saw_error = B_TRUE;
5871 	}
5872 
5873 	if ((privs = priv_allocset()) == NULL) {
5874 		zerr(gettext("%s: priv_allocset failed"), zone);
5875 		return;
5876 	}
5877 	if (zonecfg_get_privset(handle, privs, &privname) != Z_OK) {
5878 		zerr(gettext("%s: invalid privilege: %s"), zone, privname);
5879 		priv_freeset(privs);
5880 		free(privname);
5881 		return;
5882 	}
5883 	priv_freeset(privs);
5884 
5885 	if (zonecfg_get_hostid(handle, hostidp,
5886 	    sizeof (hostidp)) == Z_INVALID_PROPERTY) {
5887 		zerr(gettext("%s: invalid hostid: %s"),
5888 		    zone, hostidp);
5889 		return;
5890 	}
5891 
5892 	if (zonecfg_get_fs_allowed(handle, fsallowedp,
5893 	    sizeof (fsallowedp)) == Z_INVALID_PROPERTY) {
5894 		zerr(gettext("%s: invalid fs-allowed: %s"),
5895 		    zone, fsallowedp);
5896 		return;
5897 	}
5898 
5899 	if ((err = zonecfg_setfsent(handle)) != Z_OK) {
5900 		zone_perror(zone, err, B_TRUE);
5901 		return;
5902 	}
5903 	while (zonecfg_getfsent(handle, &fstab) == Z_OK) {
5904 		check_reqd_prop(fstab.zone_fs_dir, RT_FS, PT_DIR, &ret_val);
5905 		check_reqd_prop(fstab.zone_fs_special, RT_FS, PT_SPECIAL,
5906 		    &ret_val);
5907 		check_reqd_prop(fstab.zone_fs_type, RT_FS, PT_TYPE, &ret_val);
5908 
5909 		zonecfg_free_fs_option_list(fstab.zone_fs_options);
5910 	}
5911 	(void) zonecfg_endfsent(handle);
5912 
5913 	if ((err = zonecfg_setnwifent(handle)) != Z_OK) {
5914 		zone_perror(zone, err, B_TRUE);
5915 		return;
5916 	}
5917 	while (zonecfg_getnwifent(handle, &nwiftab) == Z_OK) {
5918 		/*
5919 		 * physical is required in all cases.
5920 		 * A shared IP requires an address,
5921 		 * and may include a default router, while
5922 		 * an exclusive IP must have neither an address
5923 		 * nor a default router.
5924 		 * The physical interface name must be valid in all cases.
5925 		 */
5926 		check_reqd_prop(nwiftab.zone_nwif_physical, RT_NET,
5927 		    PT_PHYSICAL, &ret_val);
5928 		if (validate_net_physical_syntax(nwiftab.zone_nwif_physical) !=
5929 		    Z_OK) {
5930 			saw_error = B_TRUE;
5931 			if (ret_val == Z_OK)
5932 				ret_val = Z_INVAL;
5933 		}
5934 
5935 		switch (iptype) {
5936 		case ZS_SHARED:
5937 			check_reqd_prop(nwiftab.zone_nwif_address, RT_NET,
5938 			    PT_ADDRESS, &ret_val);
5939 			if (strlen(nwiftab.zone_nwif_allowed_address) > 0) {
5940 				zerr(gettext("%s: %s cannot be specified "
5941 				    "for a shared IP type"),
5942 				    rt_to_str(RT_NET),
5943 				    pt_to_str(PT_ALLOWED_ADDRESS));
5944 				saw_error = B_TRUE;
5945 				if (ret_val == Z_OK)
5946 					ret_val = Z_INVAL;
5947 			}
5948 			break;
5949 		case ZS_EXCLUSIVE:
5950 			if (strlen(nwiftab.zone_nwif_address) > 0) {
5951 				zerr(gettext("%s: %s cannot be specified "
5952 				    "for an exclusive IP type"),
5953 				    rt_to_str(RT_NET), pt_to_str(PT_ADDRESS));
5954 				saw_error = B_TRUE;
5955 				if (ret_val == Z_OK)
5956 					ret_val = Z_INVAL;
5957 			} else {
5958 				if (!add_nwif(&nwiftab)) {
5959 					saw_error = B_TRUE;
5960 					if (ret_val == Z_OK)
5961 						ret_val = Z_INVAL;
5962 				}
5963 			}
5964 			break;
5965 		}
5966 	}
5967 	for (tmp = xif; tmp != NULL; tmp = tmp->xif_next) {
5968 		if (!tmp->xif_has_address && tmp->xif_has_defrouter) {
5969 			zerr(gettext("%s: %s for %s cannot be specified "
5970 			    "without %s for an exclusive IP type"),
5971 			    rt_to_str(RT_NET), pt_to_str(PT_DEFROUTER),
5972 			    tmp->xif_name, pt_to_str(PT_ALLOWED_ADDRESS));
5973 			saw_error = B_TRUE;
5974 			ret_val = Z_INVAL;
5975 		}
5976 	}
5977 	free(xif);
5978 	xif = NULL;
5979 	(void) zonecfg_endnwifent(handle);
5980 
5981 	if ((err = zonecfg_setrctlent(handle)) != Z_OK) {
5982 		zone_perror(zone, err, B_TRUE);
5983 		return;
5984 	}
5985 	while (zonecfg_getrctlent(handle, &rctltab) == Z_OK) {
5986 		check_reqd_prop(rctltab.zone_rctl_name, RT_RCTL, PT_NAME,
5987 		    &ret_val);
5988 
5989 		if (strcmp(rctltab.zone_rctl_name, "zone.cpu-shares") == 0)
5990 			has_cpu_shares = B_TRUE;
5991 
5992 		if (strcmp(rctltab.zone_rctl_name, "zone.cpu-cap") == 0)
5993 			has_cpu_cap = B_TRUE;
5994 
5995 		if (rctltab.zone_rctl_valptr == NULL) {
5996 			zerr(gettext("%s: no %s specified"),
5997 			    rt_to_str(RT_RCTL), pt_to_str(PT_VALUE));
5998 			saw_error = B_TRUE;
5999 			if (ret_val == Z_OK)
6000 				ret_val = Z_REQD_PROPERTY_MISSING;
6001 		} else {
6002 			zonecfg_free_rctl_value_list(rctltab.zone_rctl_valptr);
6003 		}
6004 	}
6005 	(void) zonecfg_endrctlent(handle);
6006 
6007 	if ((pset_res = zonecfg_lookup_pset(handle, &psettab)) == Z_OK &&
6008 	    has_cpu_shares) {
6009 		zerr(gettext("%s zone.cpu-shares and %s are incompatible."),
6010 		    rt_to_str(RT_RCTL), rt_to_str(RT_DCPU));
6011 		saw_error = B_TRUE;
6012 		if (ret_val == Z_OK)
6013 			ret_val = Z_INCOMPATIBLE;
6014 	}
6015 
6016 	if (has_cpu_shares && zonecfg_get_sched_class(handle, sched,
6017 	    sizeof (sched)) == Z_OK && strlen(sched) > 0 &&
6018 	    strcmp(sched, "FSS") != 0) {
6019 		zerr(gettext("WARNING: %s zone.cpu-shares and %s=%s are "
6020 		    "incompatible"),
6021 		    rt_to_str(RT_RCTL), rt_to_str(RT_SCHED), sched);
6022 		saw_error = B_TRUE;
6023 		if (ret_val == Z_OK)
6024 			ret_val = Z_INCOMPATIBLE;
6025 	}
6026 
6027 	if (pset_res == Z_OK && has_cpu_cap) {
6028 		zerr(gettext("%s zone.cpu-cap and the %s are incompatible."),
6029 		    rt_to_str(RT_RCTL), rt_to_str(RT_DCPU));
6030 		saw_error = B_TRUE;
6031 		if (ret_val == Z_OK)
6032 			ret_val = Z_INCOMPATIBLE;
6033 	}
6034 
6035 	if ((err = zonecfg_setattrent(handle)) != Z_OK) {
6036 		zone_perror(zone, err, B_TRUE);
6037 		return;
6038 	}
6039 	while (zonecfg_getattrent(handle, &attrtab) == Z_OK) {
6040 		check_reqd_prop(attrtab.zone_attr_name, RT_ATTR, PT_NAME,
6041 		    &ret_val);
6042 		check_reqd_prop(attrtab.zone_attr_type, RT_ATTR, PT_TYPE,
6043 		    &ret_val);
6044 		check_reqd_prop(attrtab.zone_attr_value, RT_ATTR, PT_VALUE,
6045 		    &ret_val);
6046 	}
6047 	(void) zonecfg_endattrent(handle);
6048 
6049 	if ((err = zonecfg_setdsent(handle)) != Z_OK) {
6050 		zone_perror(zone, err, B_TRUE);
6051 		return;
6052 	}
6053 	while (zonecfg_getdsent(handle, &dstab) == Z_OK) {
6054 		if (strlen(dstab.zone_dataset_name) == 0) {
6055 			zerr("%s: %s %s", rt_to_str(RT_DATASET),
6056 			    pt_to_str(PT_NAME), gettext("not specified"));
6057 			saw_error = B_TRUE;
6058 			if (ret_val == Z_OK)
6059 				ret_val = Z_REQD_PROPERTY_MISSING;
6060 		} else if (!zfs_name_valid(dstab.zone_dataset_name,
6061 		    ZFS_TYPE_FILESYSTEM)) {
6062 			zerr("%s: %s %s", rt_to_str(RT_DATASET),
6063 			    pt_to_str(PT_NAME), gettext("invalid"));
6064 			saw_error = B_TRUE;
6065 			if (ret_val == Z_OK)
6066 				ret_val = Z_BAD_PROPERTY;
6067 		}
6068 
6069 	}
6070 	(void) zonecfg_enddsent(handle);
6071 
6072 	if ((err = zonecfg_setadminent(handle)) != Z_OK) {
6073 		zone_perror(zone, err, B_TRUE);
6074 		return;
6075 	}
6076 	while (zonecfg_getadminent(handle, &admintab) == Z_OK) {
6077 		check_reqd_prop(admintab.zone_admin_user, RT_ADMIN,
6078 		    PT_USER, &ret_val);
6079 		check_reqd_prop(admintab.zone_admin_auths, RT_ADMIN,
6080 		    PT_AUTHS, &ret_val);
6081 		if ((ret_val == Z_OK) && (getpwnam(admintab.zone_admin_user)
6082 		    == NULL)) {
6083 			zerr(gettext("%s %s is not a valid username"),
6084 			    pt_to_str(PT_USER),
6085 			    admintab.zone_admin_user);
6086 			ret_val = Z_BAD_PROPERTY;
6087 		}
6088 		if ((ret_val == Z_OK) && (!zonecfg_valid_auths(
6089 		    admintab.zone_admin_auths, zone))) {
6090 			ret_val = Z_BAD_PROPERTY;
6091 		}
6092 	}
6093 	(void) zonecfg_endadminent(handle);
6094 
6095 	if (!global_scope) {
6096 		zerr(gettext("resource specification incomplete"));
6097 		saw_error = B_TRUE;
6098 		if (ret_val == Z_OK)
6099 			ret_val = Z_INSUFFICIENT_SPEC;
6100 	}
6101 
6102 	if (save) {
6103 		if (ret_val == Z_OK) {
6104 			if ((ret_val = zonecfg_save(handle)) == Z_OK) {
6105 				need_to_commit = B_FALSE;
6106 				(void) strlcpy(revert_zone, zone,
6107 				    sizeof (revert_zone));
6108 			}
6109 		} else {
6110 			zerr(gettext("Zone %s failed to verify"), zone);
6111 		}
6112 	}
6113 	if (ret_val != Z_OK)
6114 		zone_perror(zone, ret_val, B_TRUE);
6115 }
6116 
6117 void
cancel_func(cmd_t * cmd)6118 cancel_func(cmd_t *cmd)
6119 {
6120 	int arg;
6121 	boolean_t arg_err = B_FALSE;
6122 
6123 	assert(cmd != NULL);
6124 
6125 	optind = 0;
6126 	while ((arg = getopt(cmd->cmd_argc, cmd->cmd_argv, "?")) != EOF) {
6127 		switch (arg) {
6128 		case '?':
6129 			longer_usage(CMD_CANCEL);
6130 			arg_err = B_TRUE;
6131 			break;
6132 		default:
6133 			short_usage(CMD_CANCEL);
6134 			arg_err = B_TRUE;
6135 			break;
6136 		}
6137 	}
6138 	if (arg_err)
6139 		return;
6140 
6141 	if (optind != cmd->cmd_argc) {
6142 		short_usage(CMD_CANCEL);
6143 		return;
6144 	}
6145 
6146 	if (global_scope)
6147 		scope_usage(CMD_CANCEL);
6148 	global_scope = B_TRUE;
6149 	zonecfg_free_fs_option_list(in_progress_fstab.zone_fs_options);
6150 	bzero(&in_progress_fstab, sizeof (in_progress_fstab));
6151 	bzero(&in_progress_nwiftab, sizeof (in_progress_nwiftab));
6152 	bzero(&in_progress_devtab, sizeof (in_progress_devtab));
6153 	zonecfg_free_rctl_value_list(in_progress_rctltab.zone_rctl_valptr);
6154 	bzero(&in_progress_rctltab, sizeof (in_progress_rctltab));
6155 	bzero(&in_progress_attrtab, sizeof (in_progress_attrtab));
6156 	bzero(&in_progress_dstab, sizeof (in_progress_dstab));
6157 }
6158 
6159 static int
validate_attr_name(char * name)6160 validate_attr_name(char *name)
6161 {
6162 	int i;
6163 
6164 	if (!isalnum(name[0])) {
6165 		zerr(gettext("Invalid %s %s %s: must start with an alpha-"
6166 		    "numeric character."), rt_to_str(RT_ATTR),
6167 		    pt_to_str(PT_NAME), name);
6168 		return (Z_INVAL);
6169 	}
6170 	for (i = 1; name[i]; i++)
6171 		if (!isalnum(name[i]) && name[i] != '-' && name[i] != '.') {
6172 			zerr(gettext("Invalid %s %s %s: can only contain "
6173 			    "alpha-numeric characters, plus '-' and '.'."),
6174 			    rt_to_str(RT_ATTR), pt_to_str(PT_NAME), name);
6175 			return (Z_INVAL);
6176 		}
6177 	return (Z_OK);
6178 }
6179 
6180 static int
validate_attr_type_val(struct zone_attrtab * attrtab)6181 validate_attr_type_val(struct zone_attrtab *attrtab)
6182 {
6183 	boolean_t boolval;
6184 	int64_t intval;
6185 	char strval[MAXNAMELEN];
6186 	uint64_t uintval;
6187 
6188 	if (strcmp(attrtab->zone_attr_type, "boolean") == 0) {
6189 		if (zonecfg_get_attr_boolean(attrtab, &boolval) == Z_OK)
6190 			return (Z_OK);
6191 		zerr(gettext("invalid %s value for %s=%s"),
6192 		    rt_to_str(RT_ATTR), pt_to_str(PT_TYPE), "boolean");
6193 		return (Z_ERR);
6194 	}
6195 
6196 	if (strcmp(attrtab->zone_attr_type, "int") == 0) {
6197 		if (zonecfg_get_attr_int(attrtab, &intval) == Z_OK)
6198 			return (Z_OK);
6199 		zerr(gettext("invalid %s value for %s=%s"),
6200 		    rt_to_str(RT_ATTR), pt_to_str(PT_TYPE), "int");
6201 		return (Z_ERR);
6202 	}
6203 
6204 	if (strcmp(attrtab->zone_attr_type, "string") == 0) {
6205 		if (zonecfg_get_attr_string(attrtab, strval,
6206 		    sizeof (strval)) == Z_OK)
6207 			return (Z_OK);
6208 		zerr(gettext("invalid %s value for %s=%s"),
6209 		    rt_to_str(RT_ATTR), pt_to_str(PT_TYPE), "string");
6210 		return (Z_ERR);
6211 	}
6212 
6213 	if (strcmp(attrtab->zone_attr_type, "uint") == 0) {
6214 		if (zonecfg_get_attr_uint(attrtab, &uintval) == Z_OK)
6215 			return (Z_OK);
6216 		zerr(gettext("invalid %s value for %s=%s"),
6217 		    rt_to_str(RT_ATTR), pt_to_str(PT_TYPE), "uint");
6218 		return (Z_ERR);
6219 	}
6220 
6221 	zerr(gettext("invalid %s %s '%s'"), rt_to_str(RT_ATTR),
6222 	    pt_to_str(PT_TYPE), attrtab->zone_attr_type);
6223 	return (Z_ERR);
6224 }
6225 
6226 /*
6227  * Helper function for end_func-- checks the existence of a given property
6228  * and emits a message if not specified.
6229  */
6230 static int
end_check_reqd(char * attr,int pt,boolean_t * validation_failed)6231 end_check_reqd(char *attr, int pt, boolean_t *validation_failed)
6232 {
6233 	if (strlen(attr) == 0) {
6234 		*validation_failed = B_TRUE;
6235 		zerr(gettext("%s not specified"), pt_to_str(pt));
6236 		return (Z_ERR);
6237 	}
6238 	return (Z_OK);
6239 }
6240 
6241 static void
net_exists_error(struct zone_nwiftab nwif)6242 net_exists_error(struct zone_nwiftab nwif)
6243 {
6244 	if (strlen(nwif.zone_nwif_address) > 0) {
6245 		zerr(gettext("A %s resource with the %s '%s', "
6246 		    "and %s '%s' already exists."),
6247 		    rt_to_str(RT_NET),
6248 		    pt_to_str(PT_PHYSICAL),
6249 		    nwif.zone_nwif_physical,
6250 		    pt_to_str(PT_ADDRESS),
6251 		    in_progress_nwiftab.zone_nwif_address);
6252 	} else {
6253 		zerr(gettext("A %s resource with the %s '%s', "
6254 		    "and %s '%s' already exists."),
6255 		    rt_to_str(RT_NET),
6256 		    pt_to_str(PT_PHYSICAL),
6257 		    nwif.zone_nwif_physical,
6258 		    pt_to_str(PT_ALLOWED_ADDRESS),
6259 		    nwif.zone_nwif_allowed_address);
6260 	}
6261 }
6262 
6263 void
end_func(cmd_t * cmd)6264 end_func(cmd_t *cmd)
6265 {
6266 	boolean_t validation_failed = B_FALSE;
6267 	boolean_t arg_err = B_FALSE;
6268 	struct zone_fstab tmp_fstab;
6269 	struct zone_nwiftab tmp_nwiftab;
6270 	struct zone_devtab tmp_devtab;
6271 	struct zone_rctltab tmp_rctltab;
6272 	struct zone_attrtab tmp_attrtab;
6273 	struct zone_dstab tmp_dstab;
6274 	struct zone_admintab tmp_admintab;
6275 	int err, arg, res1, res2, res3;
6276 	uint64_t swap_limit;
6277 	uint64_t locked_limit;
6278 	uint64_t proc_cap;
6279 
6280 	assert(cmd != NULL);
6281 
6282 	optind = 0;
6283 	while ((arg = getopt(cmd->cmd_argc, cmd->cmd_argv, "?")) != EOF) {
6284 		switch (arg) {
6285 		case '?':
6286 			longer_usage(CMD_END);
6287 			arg_err = B_TRUE;
6288 			break;
6289 		default:
6290 			short_usage(CMD_END);
6291 			arg_err = B_TRUE;
6292 			break;
6293 		}
6294 	}
6295 	if (arg_err)
6296 		return;
6297 
6298 	if (optind != cmd->cmd_argc) {
6299 		short_usage(CMD_END);
6300 		return;
6301 	}
6302 
6303 	if (global_scope) {
6304 		scope_usage(CMD_END);
6305 		return;
6306 	}
6307 
6308 	assert(end_op == CMD_ADD || end_op == CMD_SELECT);
6309 
6310 	switch (resource_scope) {
6311 	case RT_FS:
6312 		/* First make sure everything was filled in. */
6313 		if (end_check_reqd(in_progress_fstab.zone_fs_dir,
6314 		    PT_DIR, &validation_failed) == Z_OK) {
6315 			if (in_progress_fstab.zone_fs_dir[0] != '/') {
6316 				zerr(gettext("%s %s is not an absolute path."),
6317 				    pt_to_str(PT_DIR),
6318 				    in_progress_fstab.zone_fs_dir);
6319 				validation_failed = B_TRUE;
6320 			}
6321 		}
6322 
6323 		(void) end_check_reqd(in_progress_fstab.zone_fs_special,
6324 		    PT_SPECIAL, &validation_failed);
6325 
6326 		if (in_progress_fstab.zone_fs_raw[0] != '\0' &&
6327 		    in_progress_fstab.zone_fs_raw[0] != '/') {
6328 			zerr(gettext("%s %s is not an absolute path."),
6329 			    pt_to_str(PT_RAW),
6330 			    in_progress_fstab.zone_fs_raw);
6331 			validation_failed = B_TRUE;
6332 		}
6333 
6334 		(void) end_check_reqd(in_progress_fstab.zone_fs_type, PT_TYPE,
6335 		    &validation_failed);
6336 
6337 		if (validation_failed) {
6338 			saw_error = B_TRUE;
6339 			return;
6340 		}
6341 
6342 		if (end_op == CMD_ADD) {
6343 			/* Make sure there isn't already one like this. */
6344 			bzero(&tmp_fstab, sizeof (tmp_fstab));
6345 			(void) strlcpy(tmp_fstab.zone_fs_dir,
6346 			    in_progress_fstab.zone_fs_dir,
6347 			    sizeof (tmp_fstab.zone_fs_dir));
6348 			err = zonecfg_lookup_filesystem(handle, &tmp_fstab);
6349 			zonecfg_free_fs_option_list(tmp_fstab.zone_fs_options);
6350 			if (err == Z_OK) {
6351 				zerr(gettext("A %s resource "
6352 				    "with the %s '%s' already exists."),
6353 				    rt_to_str(RT_FS), pt_to_str(PT_DIR),
6354 				    in_progress_fstab.zone_fs_dir);
6355 				saw_error = B_TRUE;
6356 				return;
6357 			}
6358 			err = zonecfg_add_filesystem(handle,
6359 			    &in_progress_fstab);
6360 		} else {
6361 			err = zonecfg_modify_filesystem(handle, &old_fstab,
6362 			    &in_progress_fstab);
6363 		}
6364 		zonecfg_free_fs_option_list(in_progress_fstab.zone_fs_options);
6365 		in_progress_fstab.zone_fs_options = NULL;
6366 		break;
6367 
6368 	case RT_NET:
6369 		/*
6370 		 * First make sure everything was filled in.
6371 		 * Since we don't know whether IP will be shared
6372 		 * or exclusive here, some checks are deferred until
6373 		 * the verify command.
6374 		 */
6375 		(void) end_check_reqd(in_progress_nwiftab.zone_nwif_physical,
6376 		    PT_PHYSICAL, &validation_failed);
6377 
6378 		if (validation_failed) {
6379 			saw_error = B_TRUE;
6380 			return;
6381 		}
6382 		if (end_op == CMD_ADD) {
6383 			/* Make sure there isn't already one like this. */
6384 			bzero(&tmp_nwiftab, sizeof (tmp_nwiftab));
6385 			(void) strlcpy(tmp_nwiftab.zone_nwif_physical,
6386 			    in_progress_nwiftab.zone_nwif_physical,
6387 			    sizeof (tmp_nwiftab.zone_nwif_physical));
6388 			(void) strlcpy(tmp_nwiftab.zone_nwif_address,
6389 			    in_progress_nwiftab.zone_nwif_address,
6390 			    sizeof (tmp_nwiftab.zone_nwif_address));
6391 			(void) strlcpy(tmp_nwiftab.zone_nwif_allowed_address,
6392 			    in_progress_nwiftab.zone_nwif_allowed_address,
6393 			    sizeof (tmp_nwiftab.zone_nwif_allowed_address));
6394 			(void) strlcpy(tmp_nwiftab.zone_nwif_defrouter,
6395 			    in_progress_nwiftab.zone_nwif_defrouter,
6396 			    sizeof (tmp_nwiftab.zone_nwif_defrouter));
6397 			if (zonecfg_lookup_nwif(handle, &tmp_nwiftab) == Z_OK) {
6398 				net_exists_error(in_progress_nwiftab);
6399 				saw_error = B_TRUE;
6400 				return;
6401 			}
6402 			err = zonecfg_add_nwif(handle, &in_progress_nwiftab);
6403 		} else {
6404 			err = zonecfg_modify_nwif(handle, &old_nwiftab,
6405 			    &in_progress_nwiftab);
6406 		}
6407 		break;
6408 
6409 	case RT_DEVICE:
6410 		/* First make sure everything was filled in. */
6411 		(void) end_check_reqd(in_progress_devtab.zone_dev_match,
6412 		    PT_MATCH, &validation_failed);
6413 
6414 		if (validation_failed) {
6415 			saw_error = B_TRUE;
6416 			return;
6417 		}
6418 
6419 		if (end_op == CMD_ADD) {
6420 			/* Make sure there isn't already one like this. */
6421 			(void) strlcpy(tmp_devtab.zone_dev_match,
6422 			    in_progress_devtab.zone_dev_match,
6423 			    sizeof (tmp_devtab.zone_dev_match));
6424 			if (zonecfg_lookup_dev(handle, &tmp_devtab) == Z_OK) {
6425 				zerr(gettext("A %s resource with the %s '%s' "
6426 				    "already exists."), rt_to_str(RT_DEVICE),
6427 				    pt_to_str(PT_MATCH),
6428 				    in_progress_devtab.zone_dev_match);
6429 				saw_error = B_TRUE;
6430 				return;
6431 			}
6432 			err = zonecfg_add_dev(handle, &in_progress_devtab);
6433 		} else {
6434 			err = zonecfg_modify_dev(handle, &old_devtab,
6435 			    &in_progress_devtab);
6436 		}
6437 		break;
6438 
6439 	case RT_RCTL:
6440 		/* First make sure everything was filled in. */
6441 		(void) end_check_reqd(in_progress_rctltab.zone_rctl_name,
6442 		    PT_NAME, &validation_failed);
6443 
6444 		if (in_progress_rctltab.zone_rctl_valptr == NULL) {
6445 			zerr(gettext("no %s specified"), pt_to_str(PT_VALUE));
6446 			validation_failed = B_TRUE;
6447 		}
6448 
6449 		if (validation_failed) {
6450 			saw_error = B_TRUE;
6451 			return;
6452 		}
6453 
6454 		if (end_op == CMD_ADD) {
6455 			/* Make sure there isn't already one like this. */
6456 			(void) strlcpy(tmp_rctltab.zone_rctl_name,
6457 			    in_progress_rctltab.zone_rctl_name,
6458 			    sizeof (tmp_rctltab.zone_rctl_name));
6459 			tmp_rctltab.zone_rctl_valptr = NULL;
6460 			err = zonecfg_lookup_rctl(handle, &tmp_rctltab);
6461 			zonecfg_free_rctl_value_list(
6462 			    tmp_rctltab.zone_rctl_valptr);
6463 			if (err == Z_OK) {
6464 				zerr(gettext("A %s resource "
6465 				    "with the %s '%s' already exists."),
6466 				    rt_to_str(RT_RCTL), pt_to_str(PT_NAME),
6467 				    in_progress_rctltab.zone_rctl_name);
6468 				saw_error = B_TRUE;
6469 				return;
6470 			}
6471 			err = zonecfg_add_rctl(handle, &in_progress_rctltab);
6472 		} else {
6473 			err = zonecfg_modify_rctl(handle, &old_rctltab,
6474 			    &in_progress_rctltab);
6475 		}
6476 		if (err == Z_OK) {
6477 			zonecfg_free_rctl_value_list(
6478 			    in_progress_rctltab.zone_rctl_valptr);
6479 			in_progress_rctltab.zone_rctl_valptr = NULL;
6480 		}
6481 		break;
6482 
6483 	case RT_ATTR:
6484 		/* First make sure everything was filled in. */
6485 		(void) end_check_reqd(in_progress_attrtab.zone_attr_name,
6486 		    PT_NAME, &validation_failed);
6487 		(void) end_check_reqd(in_progress_attrtab.zone_attr_type,
6488 		    PT_TYPE, &validation_failed);
6489 		(void) end_check_reqd(in_progress_attrtab.zone_attr_value,
6490 		    PT_VALUE, &validation_failed);
6491 
6492 		if (validate_attr_name(in_progress_attrtab.zone_attr_name) !=
6493 		    Z_OK)
6494 			validation_failed = B_TRUE;
6495 
6496 		if (validate_attr_type_val(&in_progress_attrtab) != Z_OK)
6497 			validation_failed = B_TRUE;
6498 
6499 		if (validation_failed) {
6500 			saw_error = B_TRUE;
6501 			return;
6502 		}
6503 		if (end_op == CMD_ADD) {
6504 			/* Make sure there isn't already one like this. */
6505 			bzero(&tmp_attrtab, sizeof (tmp_attrtab));
6506 			(void) strlcpy(tmp_attrtab.zone_attr_name,
6507 			    in_progress_attrtab.zone_attr_name,
6508 			    sizeof (tmp_attrtab.zone_attr_name));
6509 			if (zonecfg_lookup_attr(handle, &tmp_attrtab) == Z_OK) {
6510 				zerr(gettext("An %s resource "
6511 				    "with the %s '%s' already exists."),
6512 				    rt_to_str(RT_ATTR), pt_to_str(PT_NAME),
6513 				    in_progress_attrtab.zone_attr_name);
6514 				saw_error = B_TRUE;
6515 				return;
6516 			}
6517 			err = zonecfg_add_attr(handle, &in_progress_attrtab);
6518 		} else {
6519 			err = zonecfg_modify_attr(handle, &old_attrtab,
6520 			    &in_progress_attrtab);
6521 		}
6522 		break;
6523 	case RT_DATASET:
6524 		/* First make sure everything was filled in. */
6525 		if (strlen(in_progress_dstab.zone_dataset_name) == 0) {
6526 			zerr("%s %s", pt_to_str(PT_NAME),
6527 			    gettext("not specified"));
6528 			saw_error = B_TRUE;
6529 			validation_failed = B_TRUE;
6530 		}
6531 		if (validation_failed)
6532 			return;
6533 		if (end_op == CMD_ADD) {
6534 			/* Make sure there isn't already one like this. */
6535 			bzero(&tmp_dstab, sizeof (tmp_dstab));
6536 			(void) strlcpy(tmp_dstab.zone_dataset_name,
6537 			    in_progress_dstab.zone_dataset_name,
6538 			    sizeof (tmp_dstab.zone_dataset_name));
6539 			err = zonecfg_lookup_ds(handle, &tmp_dstab);
6540 			if (err == Z_OK) {
6541 				zerr(gettext("A %s resource "
6542 				    "with the %s '%s' already exists."),
6543 				    rt_to_str(RT_DATASET), pt_to_str(PT_NAME),
6544 				    in_progress_dstab.zone_dataset_name);
6545 				saw_error = B_TRUE;
6546 				return;
6547 			}
6548 			err = zonecfg_add_ds(handle, &in_progress_dstab);
6549 		} else {
6550 			err = zonecfg_modify_ds(handle, &old_dstab,
6551 			    &in_progress_dstab);
6552 		}
6553 		break;
6554 	case RT_DCPU:
6555 		/* Make sure everything was filled in. */
6556 		if (end_check_reqd(in_progress_psettab.zone_ncpu_min,
6557 		    PT_NCPUS, &validation_failed) != Z_OK) {
6558 			saw_error = B_TRUE;
6559 			return;
6560 		}
6561 
6562 		if (end_op == CMD_ADD) {
6563 			err = zonecfg_add_pset(handle, &in_progress_psettab);
6564 		} else {
6565 			err = zonecfg_modify_pset(handle, &in_progress_psettab);
6566 		}
6567 		break;
6568 	case RT_PCAP:
6569 		/* Make sure everything was filled in. */
6570 		if (zonecfg_get_aliased_rctl(handle, ALIAS_CPUCAP, &proc_cap)
6571 		    != Z_OK) {
6572 			zerr(gettext("%s not specified"), pt_to_str(PT_NCPUS));
6573 			saw_error = B_TRUE;
6574 			validation_failed = B_TRUE;
6575 			return;
6576 		}
6577 		err = Z_OK;
6578 		break;
6579 	case RT_MCAP:
6580 		/* Make sure everything was filled in. */
6581 		res1 = strlen(in_progress_mcaptab.zone_physmem_cap) == 0 ?
6582 		    Z_ERR : Z_OK;
6583 		res2 = zonecfg_get_aliased_rctl(handle, ALIAS_MAXSWAP,
6584 		    &swap_limit);
6585 		res3 = zonecfg_get_aliased_rctl(handle, ALIAS_MAXLOCKEDMEM,
6586 		    &locked_limit);
6587 
6588 		if (res1 != Z_OK && res2 != Z_OK && res3 != Z_OK) {
6589 			zerr(gettext("No property was specified.  One of %s, "
6590 			    "%s or %s is required."), pt_to_str(PT_PHYSICAL),
6591 			    pt_to_str(PT_SWAP), pt_to_str(PT_LOCKED));
6592 			saw_error = B_TRUE;
6593 			return;
6594 		}
6595 
6596 		/* if phys & locked are both set, verify locked <= phys */
6597 		if (res1 == Z_OK && res3 == Z_OK) {
6598 			uint64_t phys_limit;
6599 			char *endp;
6600 
6601 			phys_limit = strtoull(
6602 			    in_progress_mcaptab.zone_physmem_cap, &endp, 10);
6603 			if (phys_limit < locked_limit) {
6604 				zerr(gettext("The %s cap must be less than or "
6605 				    "equal to the %s cap."),
6606 				    pt_to_str(PT_LOCKED),
6607 				    pt_to_str(PT_PHYSICAL));
6608 				saw_error = B_TRUE;
6609 				return;
6610 			}
6611 		}
6612 
6613 		err = Z_OK;
6614 		if (res1 == Z_OK) {
6615 			/*
6616 			 * We could be ending from either an add operation
6617 			 * or a select operation.  Since all of the properties
6618 			 * within this resource are optional, we always use
6619 			 * modify on the mcap entry.  zonecfg_modify_mcap()
6620 			 * will handle both adding and modifying a memory cap.
6621 			 */
6622 			err = zonecfg_modify_mcap(handle, &in_progress_mcaptab);
6623 		} else if (end_op == CMD_SELECT) {
6624 			/*
6625 			 * If we're ending from a select and the physical
6626 			 * memory cap is empty then the user could have cleared
6627 			 * the physical cap value, so try to delete the entry.
6628 			 */
6629 			(void) zonecfg_delete_mcap(handle);
6630 		}
6631 		break;
6632 	case RT_ADMIN:
6633 		/* First make sure everything was filled in. */
6634 		if (end_check_reqd(in_progress_admintab.zone_admin_user,
6635 		    PT_USER, &validation_failed) == Z_OK) {
6636 			if (getpwnam(in_progress_admintab.zone_admin_user)
6637 			    == NULL) {
6638 				zerr(gettext("%s %s is not a valid username"),
6639 				    pt_to_str(PT_USER),
6640 				    in_progress_admintab.zone_admin_user);
6641 				validation_failed = B_TRUE;
6642 			}
6643 		}
6644 
6645 		if (end_check_reqd(in_progress_admintab.zone_admin_auths,
6646 		    PT_AUTHS, &validation_failed) == Z_OK) {
6647 			if (!zonecfg_valid_auths(
6648 			    in_progress_admintab.zone_admin_auths,
6649 			    zone)) {
6650 				validation_failed = B_TRUE;
6651 			}
6652 		}
6653 
6654 		if (validation_failed) {
6655 			saw_error = B_TRUE;
6656 			return;
6657 		}
6658 
6659 		if (end_op == CMD_ADD) {
6660 			/* Make sure there isn't already one like this. */
6661 			bzero(&tmp_admintab, sizeof (tmp_admintab));
6662 			(void) strlcpy(tmp_admintab.zone_admin_user,
6663 			    in_progress_admintab.zone_admin_user,
6664 			    sizeof (tmp_admintab.zone_admin_user));
6665 			err = zonecfg_lookup_admin(
6666 			    handle, &tmp_admintab);
6667 			if (err == Z_OK) {
6668 				zerr(gettext("A %s resource "
6669 				    "with the %s '%s' already exists."),
6670 				    rt_to_str(RT_ADMIN),
6671 				    pt_to_str(PT_USER),
6672 				    in_progress_admintab.zone_admin_user);
6673 				saw_error = B_TRUE;
6674 				return;
6675 			}
6676 			err = zonecfg_add_admin(handle,
6677 			    &in_progress_admintab, zone);
6678 		} else {
6679 			err = zonecfg_modify_admin(handle,
6680 			    &old_admintab, &in_progress_admintab,
6681 			    zone);
6682 		}
6683 		break;
6684 	default:
6685 		zone_perror(rt_to_str(resource_scope), Z_NO_RESOURCE_TYPE,
6686 		    B_TRUE);
6687 		saw_error = B_TRUE;
6688 		return;
6689 	}
6690 
6691 	if (err != Z_OK) {
6692 		zone_perror(zone, err, B_TRUE);
6693 	} else {
6694 		need_to_commit = B_TRUE;
6695 		global_scope = B_TRUE;
6696 		end_op = -1;
6697 	}
6698 }
6699 
6700 void
commit_func(cmd_t * cmd)6701 commit_func(cmd_t *cmd)
6702 {
6703 	int arg;
6704 	boolean_t arg_err = B_FALSE;
6705 
6706 	optind = 0;
6707 	while ((arg = getopt(cmd->cmd_argc, cmd->cmd_argv, "?")) != EOF) {
6708 		switch (arg) {
6709 		case '?':
6710 			longer_usage(CMD_COMMIT);
6711 			arg_err = B_TRUE;
6712 			break;
6713 		default:
6714 			short_usage(CMD_COMMIT);
6715 			arg_err = B_TRUE;
6716 			break;
6717 		}
6718 	}
6719 	if (arg_err)
6720 		return;
6721 
6722 	if (optind != cmd->cmd_argc) {
6723 		short_usage(CMD_COMMIT);
6724 		return;
6725 	}
6726 
6727 	if (zone_is_read_only(CMD_COMMIT))
6728 		return;
6729 
6730 	assert(cmd != NULL);
6731 
6732 	cmd->cmd_argc = 1;
6733 	/*
6734 	 * cmd_arg normally comes from a strdup() in the lexer, and the
6735 	 * whole cmd structure and its (char *) attributes are freed at
6736 	 * the completion of each command, so the strdup() below is needed
6737 	 * to match this and prevent a core dump from trying to free()
6738 	 * something that can't be.
6739 	 */
6740 	if ((cmd->cmd_argv[0] = strdup("save")) == NULL) {
6741 		zone_perror(zone, Z_NOMEM, B_TRUE);
6742 		exit(Z_ERR);
6743 	}
6744 	cmd->cmd_argv[1] = NULL;
6745 	verify_func(cmd);
6746 }
6747 
6748 void
revert_func(cmd_t * cmd)6749 revert_func(cmd_t *cmd)
6750 {
6751 	char line[128];	/* enough to ask a question */
6752 	boolean_t force = B_FALSE;
6753 	boolean_t arg_err = B_FALSE;
6754 	int err, arg, answer;
6755 
6756 	optind = 0;
6757 	while ((arg = getopt(cmd->cmd_argc, cmd->cmd_argv, "?F")) != EOF) {
6758 		switch (arg) {
6759 		case '?':
6760 			longer_usage(CMD_REVERT);
6761 			arg_err = B_TRUE;
6762 			break;
6763 		case 'F':
6764 			force = B_TRUE;
6765 			break;
6766 		default:
6767 			short_usage(CMD_REVERT);
6768 			arg_err = B_TRUE;
6769 			break;
6770 		}
6771 	}
6772 	if (arg_err)
6773 		return;
6774 
6775 	if (optind != cmd->cmd_argc) {
6776 		short_usage(CMD_REVERT);
6777 		return;
6778 	}
6779 
6780 	if (zone_is_read_only(CMD_REVERT))
6781 		return;
6782 
6783 	if (!global_scope) {
6784 		zerr(gettext("You can only use %s in the global scope.\nUse"
6785 		    " '%s' to cancel changes to a resource specification."),
6786 		    cmd_to_str(CMD_REVERT), cmd_to_str(CMD_CANCEL));
6787 		saw_error = B_TRUE;
6788 		return;
6789 	}
6790 
6791 	if (zonecfg_check_handle(handle) != Z_OK) {
6792 		zerr(gettext("No changes to revert."));
6793 		saw_error = B_TRUE;
6794 		return;
6795 	}
6796 
6797 	if (!force) {
6798 		(void) snprintf(line, sizeof (line),
6799 		    gettext("Are you sure you want to revert"));
6800 		if ((answer = ask_yesno(B_FALSE, line)) == -1) {
6801 			zerr(gettext("Input not from terminal and -F not "
6802 			    "specified:\n%s command ignored, exiting."),
6803 			    cmd_to_str(CMD_REVERT));
6804 			exit(Z_ERR);
6805 		}
6806 		if (answer != 1)
6807 			return;
6808 	}
6809 
6810 	/*
6811 	 * Reset any pending admins that were
6812 	 * removed from the previous zone
6813 	 */
6814 	zonecfg_remove_userauths(handle, "", zone, B_FALSE);
6815 
6816 	/*
6817 	 * Time for a new handle: finish the old one off first
6818 	 * then get a new one properly to avoid leaks.
6819 	 */
6820 	zonecfg_fini_handle(handle);
6821 	if ((handle = zonecfg_init_handle()) == NULL) {
6822 		zone_perror(execname, Z_NOMEM, B_TRUE);
6823 		exit(Z_ERR);
6824 	}
6825 
6826 	if ((err = zonecfg_get_handle(revert_zone, handle)) != Z_OK) {
6827 		saw_error = B_TRUE;
6828 		got_handle = B_FALSE;
6829 		if (err == Z_NO_ZONE)
6830 			zerr(gettext("%s: no such saved zone to revert to."),
6831 			    revert_zone);
6832 		else
6833 			zone_perror(zone, err, B_TRUE);
6834 	}
6835 	(void) strlcpy(zone, revert_zone, sizeof (zone));
6836 }
6837 
6838 void
help_func(cmd_t * cmd)6839 help_func(cmd_t *cmd)
6840 {
6841 	int i;
6842 
6843 	assert(cmd != NULL);
6844 
6845 	if (cmd->cmd_argc == 0) {
6846 		usage(B_TRUE, global_scope ? HELP_SUBCMDS : HELP_RES_SCOPE);
6847 		return;
6848 	}
6849 	if (strcmp(cmd->cmd_argv[0], "usage") == 0) {
6850 		usage(B_TRUE, HELP_USAGE);
6851 		return;
6852 	}
6853 	if (strcmp(cmd->cmd_argv[0], "commands") == 0) {
6854 		usage(B_TRUE, HELP_SUBCMDS);
6855 		return;
6856 	}
6857 	if (strcmp(cmd->cmd_argv[0], "syntax") == 0) {
6858 		usage(B_TRUE, HELP_SYNTAX | HELP_RES_PROPS);
6859 		return;
6860 	}
6861 	if (strcmp(cmd->cmd_argv[0], "-?") == 0) {
6862 		longer_usage(CMD_HELP);
6863 		return;
6864 	}
6865 
6866 	for (i = 0; i <= CMD_MAX; i++) {
6867 		if (strcmp(cmd->cmd_argv[0], cmd_to_str(i)) == 0) {
6868 			longer_usage(i);
6869 			return;
6870 		}
6871 	}
6872 	/* We do not use zerr() here because we do not want its extra \n. */
6873 	(void) fprintf(stderr, gettext("Unknown help subject %s.  "),
6874 	    cmd->cmd_argv[0]);
6875 	usage(B_FALSE, HELP_META);
6876 }
6877 
6878 static int
string_to_yyin(char * string)6879 string_to_yyin(char *string)
6880 {
6881 	if ((yyin = tmpfile()) == NULL) {
6882 		zone_perror(execname, Z_TEMP_FILE, B_TRUE);
6883 		return (Z_ERR);
6884 	}
6885 	if (fwrite(string, strlen(string), 1, yyin) != 1) {
6886 		zone_perror(execname, Z_TEMP_FILE, B_TRUE);
6887 		return (Z_ERR);
6888 	}
6889 	if (fseek(yyin, 0, SEEK_SET) != 0) {
6890 		zone_perror(execname, Z_TEMP_FILE, B_TRUE);
6891 		return (Z_ERR);
6892 	}
6893 	return (Z_OK);
6894 }
6895 
6896 /* This is the back-end helper function for read_input() below. */
6897 
6898 static int
cleanup()6899 cleanup()
6900 {
6901 	int answer;
6902 	cmd_t *cmd;
6903 
6904 	if (!interactive_mode && !cmd_file_mode) {
6905 		/*
6906 		 * If we're not in interactive mode, and we're not in command
6907 		 * file mode, then we must be in commands-from-the-command-line
6908 		 * mode.  As such, we can't loop back and ask for more input.
6909 		 * It was OK to prompt for such things as whether or not to
6910 		 * really delete a zone in the command handler called from
6911 		 * yyparse() above, but "really quit?" makes no sense in this
6912 		 * context.  So disable prompting.
6913 		 */
6914 		ok_to_prompt = B_FALSE;
6915 	}
6916 	if (!global_scope) {
6917 		if (!time_to_exit) {
6918 			/*
6919 			 * Just print a simple error message in the -1 case,
6920 			 * since exit_func() already handles that case, and
6921 			 * EOF means we are finished anyway.
6922 			 */
6923 			answer = ask_yesno(B_FALSE,
6924 			    gettext("Resource incomplete; really quit"));
6925 			if (answer == -1) {
6926 				zerr(gettext("Resource incomplete."));
6927 				return (Z_ERR);
6928 			}
6929 			if (answer != 1) {
6930 				yyin = stdin;
6931 				return (Z_REPEAT);
6932 			}
6933 		} else {
6934 			saw_error = B_TRUE;
6935 		}
6936 	}
6937 	/*
6938 	 * Make sure we tried something and that the handle checks
6939 	 * out, or we would get a false error trying to commit.
6940 	 */
6941 	if (need_to_commit && zonecfg_check_handle(handle) == Z_OK) {
6942 		if ((cmd = alloc_cmd()) == NULL) {
6943 			zone_perror(zone, Z_NOMEM, B_TRUE);
6944 			return (Z_ERR);
6945 		}
6946 		cmd->cmd_argc = 0;
6947 		cmd->cmd_argv[0] = NULL;
6948 		commit_func(cmd);
6949 		free_cmd(cmd);
6950 		/*
6951 		 * need_to_commit will get set back to FALSE if the
6952 		 * configuration is saved successfully.
6953 		 */
6954 		if (need_to_commit) {
6955 			if (force_exit) {
6956 				zerr(gettext("Configuration not saved."));
6957 				return (Z_ERR);
6958 			}
6959 			answer = ask_yesno(B_FALSE,
6960 			    gettext("Configuration not saved; really quit"));
6961 			if (answer == -1) {
6962 				zerr(gettext("Configuration not saved."));
6963 				return (Z_ERR);
6964 			}
6965 			if (answer != 1) {
6966 				time_to_exit = B_FALSE;
6967 				yyin = stdin;
6968 				return (Z_REPEAT);
6969 			}
6970 		}
6971 	}
6972 	return ((need_to_commit || saw_error) ? Z_ERR : Z_OK);
6973 }
6974 
6975 /*
6976  * read_input() is the driver of this program.  It is a wrapper around
6977  * yyparse(), printing appropriate prompts when needed, checking for
6978  * exit conditions and reacting appropriately [the latter in its cleanup()
6979  * helper function].
6980  *
6981  * Like most zonecfg functions, it returns Z_OK or Z_ERR, *or* Z_REPEAT
6982  * so do_interactive() knows that we are not really done (i.e, we asked
6983  * the user if we should really quit and the user said no).
6984  */
6985 static int
read_input()6986 read_input()
6987 {
6988 	boolean_t yyin_is_a_tty = isatty(fileno(yyin));
6989 	/*
6990 	 * The prompt is "e:z> " or "e:z:r> " where e is execname, z is zone
6991 	 * and r is resource_scope: 5 is for the two ":"s + "> " + terminator.
6992 	 */
6993 	char prompt[MAXPATHLEN + ZONENAME_MAX + MAX_RT_STRLEN + 5], *line;
6994 
6995 	/* yyin should have been set to the appropriate (FILE *) if not stdin */
6996 	newline_terminated = B_TRUE;
6997 	for (;;) {
6998 		if (yyin_is_a_tty) {
6999 			if (newline_terminated) {
7000 				if (global_scope)
7001 					(void) snprintf(prompt, sizeof (prompt),
7002 					    "%s:%s> ", execname, zone);
7003 				else
7004 					(void) snprintf(prompt, sizeof (prompt),
7005 					    "%s:%s:%s> ", execname, zone,
7006 					    rt_to_str(resource_scope));
7007 			}
7008 			/*
7009 			 * If the user hits ^C then we want to catch it and
7010 			 * start over.  If the user hits EOF then we want to
7011 			 * bail out.
7012 			 */
7013 			line = gl_get_line(gl, prompt, NULL, -1);
7014 			if (gl_return_status(gl) == GLR_SIGNAL) {
7015 				gl_abandon_line(gl);
7016 				continue;
7017 			}
7018 			if (line == NULL)
7019 				break;
7020 			(void) string_to_yyin(line);
7021 			while (!feof(yyin))
7022 				yyparse();
7023 		} else {
7024 			yyparse();
7025 		}
7026 		/* Bail out on an error in command file mode. */
7027 		if (saw_error && cmd_file_mode && !interactive_mode)
7028 			time_to_exit = B_TRUE;
7029 		if (time_to_exit || (!yyin_is_a_tty && feof(yyin)))
7030 			break;
7031 	}
7032 	return (cleanup());
7033 }
7034 
7035 /*
7036  * This function is used in the zonecfg-interactive-mode scenario: it just
7037  * calls read_input() until we are done.
7038  */
7039 
7040 static int
do_interactive(void)7041 do_interactive(void)
7042 {
7043 	int err;
7044 
7045 	interactive_mode = B_TRUE;
7046 	if (!read_only_mode) {
7047 		/*
7048 		 * Try to set things up proactively in interactive mode, so
7049 		 * that if the zone in question does not exist yet, we can
7050 		 * provide the user with a clue.
7051 		 */
7052 		(void) initialize(B_FALSE);
7053 	}
7054 	do {
7055 		err = read_input();
7056 	} while (err == Z_REPEAT);
7057 	return (err);
7058 }
7059 
7060 /*
7061  * cmd_file is slightly more complicated, as it has to open the command file
7062  * and set yyin appropriately.  Once that is done, though, it just calls
7063  * read_input(), and only once, since prompting is not possible.
7064  */
7065 
7066 static int
cmd_file(char * file)7067 cmd_file(char *file)
7068 {
7069 	FILE *infile;
7070 	int err;
7071 	struct stat statbuf;
7072 	boolean_t using_real_file = (strcmp(file, "-") != 0);
7073 
7074 	if (using_real_file) {
7075 		/*
7076 		 * zerr() prints a line number in cmd_file_mode, which we do
7077 		 * not want here, so temporarily unset it.
7078 		 */
7079 		cmd_file_mode = B_FALSE;
7080 		if ((infile = fopen(file, "r")) == NULL) {
7081 			zerr(gettext("could not open file %s: %s"),
7082 			    file, strerror(errno));
7083 			return (Z_ERR);
7084 		}
7085 		if ((err = fstat(fileno(infile), &statbuf)) != 0) {
7086 			zerr(gettext("could not stat file %s: %s"),
7087 			    file, strerror(errno));
7088 			err = Z_ERR;
7089 			goto done;
7090 		}
7091 		if (!S_ISREG(statbuf.st_mode)) {
7092 			zerr(gettext("%s is not a regular file."), file);
7093 			err = Z_ERR;
7094 			goto done;
7095 		}
7096 		yyin = infile;
7097 		cmd_file_mode = B_TRUE;
7098 		ok_to_prompt = B_FALSE;
7099 	} else {
7100 		/*
7101 		 * "-f -" is essentially the same as interactive mode,
7102 		 * so treat it that way.
7103 		 */
7104 		interactive_mode = B_TRUE;
7105 	}
7106 	/* Z_REPEAT is for interactive mode; treat it like Z_ERR here. */
7107 	if ((err = read_input()) == Z_REPEAT)
7108 		err = Z_ERR;
7109 done:
7110 	if (using_real_file)
7111 		(void) fclose(infile);
7112 	return (err);
7113 }
7114 
7115 /*
7116  * Since yacc is based on reading from a (FILE *) whereas what we get from
7117  * the command line is in argv format, we need to convert when the user
7118  * gives us commands directly from the command line.  That is done here by
7119  * concatenating the argv list into a space-separated string, writing it
7120  * to a temp file, and rewinding the file so yyin can be set to it.  Then
7121  * we call read_input(), and only once, since prompting about whether to
7122  * continue or quit would make no sense in this context.
7123  */
7124 
7125 static int
one_command_at_a_time(int argc,char * argv[])7126 one_command_at_a_time(int argc, char *argv[])
7127 {
7128 	char *command;
7129 	size_t len = 2; /* terminal \n\0 */
7130 	int i, err;
7131 
7132 	for (i = 0; i < argc; i++)
7133 		len += strlen(argv[i]) + 1;
7134 	if ((command = malloc(len)) == NULL) {
7135 		zone_perror(execname, Z_NOMEM, B_TRUE);
7136 		return (Z_ERR);
7137 	}
7138 	(void) strlcpy(command, argv[0], len);
7139 	for (i = 1; i < argc; i++) {
7140 		(void) strlcat(command, " ", len);
7141 		(void) strlcat(command, argv[i], len);
7142 	}
7143 	(void) strlcat(command, "\n", len);
7144 	err = string_to_yyin(command);
7145 	free(command);
7146 	if (err != Z_OK)
7147 		return (err);
7148 	while (!feof(yyin))
7149 		yyparse();
7150 	return (cleanup());
7151 }
7152 
7153 static char *
get_execbasename(char * execfullname)7154 get_execbasename(char *execfullname)
7155 {
7156 	char *last_slash, *execbasename;
7157 
7158 	/* guard against '/' at end of command invocation */
7159 	for (;;) {
7160 		last_slash = strrchr(execfullname, '/');
7161 		if (last_slash == NULL) {
7162 			execbasename = execfullname;
7163 			break;
7164 		} else {
7165 			execbasename = last_slash + 1;
7166 			if (*execbasename == '\0') {
7167 				*last_slash = '\0';
7168 				continue;
7169 			}
7170 			break;
7171 		}
7172 	}
7173 	return (execbasename);
7174 }
7175 
7176 int
main(int argc,char * argv[])7177 main(int argc, char *argv[])
7178 {
7179 	int err, arg;
7180 	struct stat st;
7181 
7182 	/* This must be before anything goes to stdout. */
7183 	setbuf(stdout, NULL);
7184 
7185 	saw_error = B_FALSE;
7186 	cmd_file_mode = B_FALSE;
7187 	execname = get_execbasename(argv[0]);
7188 
7189 	(void) setlocale(LC_ALL, "");
7190 	(void) textdomain(TEXT_DOMAIN);
7191 
7192 	if (getzoneid() != GLOBAL_ZONEID) {
7193 		zerr(gettext("%s can only be run from the global zone."),
7194 		    execname);
7195 		exit(Z_ERR);
7196 	}
7197 
7198 	if (argc < 2) {
7199 		usage(B_FALSE, HELP_USAGE | HELP_SUBCMDS);
7200 		exit(Z_USAGE);
7201 	}
7202 	if (strcmp(argv[1], cmd_to_str(CMD_HELP)) == 0) {
7203 		(void) one_command_at_a_time(argc - 1, &(argv[1]));
7204 		exit(Z_OK);
7205 	}
7206 
7207 	while ((arg = getopt(argc, argv, "?f:R:z:")) != EOF) {
7208 		switch (arg) {
7209 		case '?':
7210 			if (optopt == '?')
7211 				usage(B_TRUE, HELP_USAGE | HELP_SUBCMDS);
7212 			else
7213 				usage(B_FALSE, HELP_USAGE);
7214 			exit(Z_USAGE);
7215 			/* NOTREACHED */
7216 		case 'f':
7217 			cmd_file_name = optarg;
7218 			cmd_file_mode = B_TRUE;
7219 			break;
7220 		case 'R':
7221 			if (*optarg != '/') {
7222 				zerr(gettext("root path must be absolute: %s"),
7223 				    optarg);
7224 				exit(Z_USAGE);
7225 			}
7226 			if (stat(optarg, &st) == -1 || !S_ISDIR(st.st_mode)) {
7227 				zerr(gettext(
7228 				    "root path must be a directory: %s"),
7229 				    optarg);
7230 				exit(Z_USAGE);
7231 			}
7232 			zonecfg_set_root(optarg);
7233 			break;
7234 		case 'z':
7235 			if (strcmp(optarg, GLOBAL_ZONENAME) == 0) {
7236 				global_zone = B_TRUE;
7237 			} else if (zonecfg_validate_zonename(optarg) != Z_OK) {
7238 				zone_perror(optarg, Z_BOGUS_ZONE_NAME, B_TRUE);
7239 				usage(B_FALSE, HELP_SYNTAX);
7240 				exit(Z_USAGE);
7241 			}
7242 			(void) strlcpy(zone, optarg, sizeof (zone));
7243 			(void) strlcpy(revert_zone, optarg, sizeof (zone));
7244 			break;
7245 		default:
7246 			usage(B_FALSE, HELP_USAGE);
7247 			exit(Z_USAGE);
7248 		}
7249 	}
7250 
7251 	if (optind > argc || strcmp(zone, "") == 0) {
7252 		usage(B_FALSE, HELP_USAGE);
7253 		exit(Z_USAGE);
7254 	}
7255 
7256 	if ((err = zonecfg_access(zone, W_OK)) == Z_OK) {
7257 		read_only_mode = B_FALSE;
7258 	} else if (err == Z_ACCES) {
7259 		read_only_mode = B_TRUE;
7260 		/* skip this message in one-off from command line mode */
7261 		if (optind == argc)
7262 			(void) fprintf(stderr, gettext("WARNING: you do not "
7263 			    "have write access to this zone's configuration "
7264 			    "file;\ngoing into read-only mode.\n"));
7265 	} else {
7266 		fprintf(stderr, "%s: Could not access zone configuration "
7267 		    "store: %s\n", execname, zonecfg_strerror(err));
7268 		exit(Z_ERR);
7269 	}
7270 
7271 	if ((handle = zonecfg_init_handle()) == NULL) {
7272 		zone_perror(execname, Z_NOMEM, B_TRUE);
7273 		exit(Z_ERR);
7274 	}
7275 
7276 	/*
7277 	 * This may get set back to FALSE again in cmd_file() if cmd_file_name
7278 	 * is a "real" file as opposed to "-" (i.e. meaning use stdin).
7279 	 */
7280 	if (isatty(STDIN_FILENO))
7281 		ok_to_prompt = B_TRUE;
7282 	if ((gl = new_GetLine(MAX_LINE_LEN, MAX_CMD_HIST)) == NULL)
7283 		exit(Z_ERR);
7284 	if (gl_customize_completion(gl, NULL, cmd_cpl_fn) != 0)
7285 		exit(Z_ERR);
7286 	(void) sigset(SIGINT, SIG_IGN);
7287 	if (optind == argc) {
7288 		if (!cmd_file_mode)
7289 			err = do_interactive();
7290 		else
7291 			err = cmd_file(cmd_file_name);
7292 	} else {
7293 		err = one_command_at_a_time(argc - optind, &(argv[optind]));
7294 	}
7295 	zonecfg_fini_handle(handle);
7296 	if (brand != NULL)
7297 		brand_close(brand);
7298 	(void) del_GetLine(gl);
7299 	return (err);
7300 }
7301