1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21
22 /*
23 * Copyright 2014 Gary Mills
24 * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
25 * Copyright (c) 2018, Joyent, Inc.
26 * Copyright 2015 Nexenta Systems, Inc. All rights reserved.
27 * Copyright 2021 OmniOS Community Edition (OmniOSce) Association.
28 */
29
30 #include <libsysevent.h>
31 #include <pthread.h>
32 #include <stdlib.h>
33 #include <errno.h>
34 #include <fnmatch.h>
35 #include <strings.h>
36 #include <unistd.h>
37 #include <assert.h>
38 #include <libgen.h>
39 #include <libintl.h>
40 #include <alloca.h>
41 #include <ctype.h>
42 #include <sys/acl.h>
43 #include <sys/stat.h>
44 #include <sys/brand.h>
45 #include <sys/mntio.h>
46 #include <sys/mnttab.h>
47 #include <sys/nvpair.h>
48 #include <sys/types.h>
49 #include <sys/sockio.h>
50 #include <sys/systeminfo.h>
51 #include <ftw.h>
52 #include <pool.h>
53 #include <libscf.h>
54 #include <libproc.h>
55 #include <sys/priocntl.h>
56 #include <libuutil.h>
57 #include <wait.h>
58 #include <bsm/adt.h>
59 #include <auth_attr.h>
60 #include <auth_list.h>
61 #include <secdb.h>
62 #include <user_attr.h>
63 #include <prof_attr.h>
64 #include <definit.h>
65
66 #include <arpa/inet.h>
67 #include <netdb.h>
68
69 #include <libxml/xmlmemory.h>
70 #include <libxml/parser.h>
71
72 #include <libdevinfo.h>
73 #include <uuid/uuid.h>
74 #include <dirent.h>
75 #include <libbrand.h>
76
77 #include <libzonecfg.h>
78 #include "zonecfg_impl.h"
79
80 #define _PATH_TMPFILE "/zonecfg.XXXXXX"
81 #define ZONE_CB_RETRY_COUNT 10
82 #define ZONE_EVENT_PING_SUBCLASS "ping"
83 #define ZONE_EVENT_PING_PUBLISHER "solaris"
84
85 /* Hard-code the DTD element/attribute/entity names just once, here. */
86 #define DTD_ELEM_ATTR (const xmlChar *) "attr"
87 #define DTD_ELEM_COMMENT (const xmlChar *) "comment"
88 #define DTD_ELEM_DEVICE (const xmlChar *) "device"
89 #define DTD_ELEM_FS (const xmlChar *) "filesystem"
90 #define DTD_ELEM_FSOPTION (const xmlChar *) "fsoption"
91 #define DTD_ELEM_NET (const xmlChar *) "network"
92 #define DTD_ELEM_RCTL (const xmlChar *) "rctl"
93 #define DTD_ELEM_RCTLVALUE (const xmlChar *) "rctl-value"
94 #define DTD_ELEM_ZONE (const xmlChar *) "zone"
95 #define DTD_ELEM_DATASET (const xmlChar *) "dataset"
96 #define DTD_ELEM_TMPPOOL (const xmlChar *) "tmp_pool"
97 #define DTD_ELEM_PSET (const xmlChar *) "pset"
98 #define DTD_ELEM_MCAP (const xmlChar *) "mcap"
99 #define DTD_ELEM_PACKAGE (const xmlChar *) "package"
100 #define DTD_ELEM_OBSOLETES (const xmlChar *) "obsoletes"
101 #define DTD_ELEM_DEV_PERM (const xmlChar *) "dev-perm"
102 #define DTD_ELEM_ADMIN (const xmlChar *) "admin"
103 #define DTD_ELEM_SECFLAGS (const xmlChar *) "security-flags"
104
105 #define DTD_ATTR_ACTION (const xmlChar *) "action"
106 #define DTD_ATTR_ADDRESS (const xmlChar *) "address"
107 #define DTD_ATTR_ALLOWED_ADDRESS (const xmlChar *) "allowed-address"
108 #define DTD_ATTR_AUTOBOOT (const xmlChar *) "autoboot"
109 #define DTD_ATTR_IPTYPE (const xmlChar *) "ip-type"
110 #define DTD_ATTR_DEFROUTER (const xmlChar *) "defrouter"
111 #define DTD_ATTR_DIR (const xmlChar *) "directory"
112 #define DTD_ATTR_LIMIT (const xmlChar *) "limit"
113 #define DTD_ATTR_LIMITPRIV (const xmlChar *) "limitpriv"
114 #define DTD_ATTR_BOOTARGS (const xmlChar *) "bootargs"
115 #define DTD_ATTR_SCHED (const xmlChar *) "scheduling-class"
116 #define DTD_ATTR_MATCH (const xmlChar *) "match"
117 #define DTD_ATTR_NAME (const xmlChar *) "name"
118 #define DTD_ATTR_PHYSICAL (const xmlChar *) "physical"
119 #define DTD_ATTR_POOL (const xmlChar *) "pool"
120 #define DTD_ATTR_PRIV (const xmlChar *) "priv"
121 #define DTD_ATTR_RAW (const xmlChar *) "raw"
122 #define DTD_ATTR_SPECIAL (const xmlChar *) "special"
123 #define DTD_ATTR_TYPE (const xmlChar *) "type"
124 #define DTD_ATTR_VALUE (const xmlChar *) "value"
125 #define DTD_ATTR_ZONEPATH (const xmlChar *) "zonepath"
126 #define DTD_ATTR_NCPU_MIN (const xmlChar *) "ncpu_min"
127 #define DTD_ATTR_NCPU_MAX (const xmlChar *) "ncpu_max"
128 #define DTD_ATTR_IMPORTANCE (const xmlChar *) "importance"
129 #define DTD_ATTR_PHYSCAP (const xmlChar *) "physcap"
130 #define DTD_ATTR_VERSION (const xmlChar *) "version"
131 #define DTD_ATTR_ID (const xmlChar *) "id"
132 #define DTD_ATTR_UID (const xmlChar *) "uid"
133 #define DTD_ATTR_GID (const xmlChar *) "gid"
134 #define DTD_ATTR_MODE (const xmlChar *) "mode"
135 #define DTD_ATTR_ACL (const xmlChar *) "acl"
136 #define DTD_ATTR_BRAND (const xmlChar *) "brand"
137 #define DTD_ATTR_HOSTID (const xmlChar *) "hostid"
138 #define DTD_ATTR_USER (const xmlChar *) "user"
139 #define DTD_ATTR_AUTHS (const xmlChar *) "auths"
140 #define DTD_ATTR_FS_ALLOWED (const xmlChar *) "fs-allowed"
141 #define DTD_ATTR_DEFAULT (const xmlChar *) "default"
142 #define DTD_ATTR_LOWER (const xmlChar *) "lower"
143 #define DTD_ATTR_UPPER (const xmlChar *) "upper"
144
145
146 #define DTD_ENTITY_BOOLEAN "boolean"
147 #define DTD_ENTITY_DEVPATH "devpath"
148 #define DTD_ENTITY_DRIVER "driver"
149 #define DTD_ENTITY_DRVMIN "drv_min"
150 #define DTD_ENTITY_FALSE "false"
151 #define DTD_ENTITY_INT "int"
152 #define DTD_ENTITY_STRING "string"
153 #define DTD_ENTITY_TRUE "true"
154 #define DTD_ENTITY_UINT "uint"
155
156 #define DTD_ENTITY_BOOL_LEN 6 /* "false" */
157
158 #define ATTACH_FORCED "SUNWattached.xml"
159
160 #define TMP_POOL_NAME "SUNWtmp_%s"
161 #define MAX_TMP_POOL_NAME (ZONENAME_MAX + 9)
162 #define RCAP_SERVICE "system/rcap:default"
163 #define POOLD_SERVICE "system/pools/dynamic:default"
164
165 #define XML_PARSER_OPTIONS (XML_PARSE_DTDLOAD | XML_PARSE_DTDVALID | \
166 XML_PARSE_NOBLANKS | XML_PARSE_NOWARNING)
167
168 /*
169 * rctl alias definitions
170 *
171 * This holds the alias, the full rctl name, the default priv value, action
172 * and lower limit. The functions that handle rctl aliases step through
173 * this table, matching on the alias, and using the full values for setting
174 * the rctl entry as well the limit for validation.
175 */
176 static struct alias {
177 char *shortname;
178 char *realname;
179 char *priv;
180 char *action;
181 uint64_t low_limit;
182 } aliases[] = {
183 {ALIAS_MAXLWPS, "zone.max-lwps", "privileged", "deny", 100},
184 {ALIAS_MAXSHMMEM, "zone.max-shm-memory", "privileged", "deny", 0},
185 {ALIAS_MAXSHMIDS, "zone.max-shm-ids", "privileged", "deny", 0},
186 {ALIAS_MAXMSGIDS, "zone.max-msg-ids", "privileged", "deny", 0},
187 {ALIAS_MAXSEMIDS, "zone.max-sem-ids", "privileged", "deny", 0},
188 {ALIAS_MAXLOCKEDMEM, "zone.max-locked-memory", "privileged", "deny", 0},
189 {ALIAS_MAXSWAP, "zone.max-swap", "privileged", "deny", 0},
190 {ALIAS_SHARES, "zone.cpu-shares", "privileged", "none", 0},
191 {ALIAS_CPUCAP, "zone.cpu-cap", "privileged", "deny", 0},
192 {ALIAS_MAXPROCS, "zone.max-processes", "privileged", "deny", 100},
193 {NULL, NULL, NULL, NULL, 0}
194 };
195
196 /*
197 * Structure for applying rctls to a running zone. It allows important
198 * process values to be passed together easily.
199 */
200 typedef struct pr_info_handle {
201 struct ps_prochandle *pr;
202 pid_t pid;
203 } pr_info_handle_t;
204
205 struct zone_dochandle {
206 char *zone_dh_rootdir;
207 xmlDocPtr zone_dh_doc;
208 xmlNodePtr zone_dh_cur;
209 xmlNodePtr zone_dh_top;
210 boolean_t zone_dh_newzone;
211 boolean_t zone_dh_snapshot;
212 boolean_t zone_dh_sw_inv;
213 zone_userauths_t *zone_dh_userauths;
214 char zone_dh_delete_name[ZONENAME_MAX];
215 };
216
217 struct znotify {
218 void * zn_private;
219 evchan_t *zn_eventchan;
220 int (*zn_callback)(const char *zonename, zoneid_t zid,
221 const char *newstate, const char *oldstate, hrtime_t when, void *p);
222 pthread_mutex_t zn_mutex;
223 pthread_cond_t zn_cond;
224 pthread_mutex_t zn_bigmutex;
225 volatile enum {ZN_UNLOCKED, ZN_LOCKED, ZN_PING_INFLIGHT,
226 ZN_PING_RECEIVED} zn_state;
227 char zn_subscriber_id[MAX_SUBID_LEN];
228 volatile boolean_t zn_failed;
229 int zn_failure_count;
230 };
231
232 /* used to track nested zone-lock operations */
233 static int zone_lock_cnt = 0;
234
235 /* used to communicate lock status to children */
236 #define LOCK_ENV_VAR "_ZONEADM_LOCK_HELD"
237 static char zoneadm_lock_held[] = LOCK_ENV_VAR"=1";
238 static char zoneadm_lock_not_held[] = LOCK_ENV_VAR"=0";
239
240 char *zonecfg_root = "";
241
242 /*
243 * For functions which return int, which is most of the functions herein,
244 * the return values should be from the Z_foo set defined in <libzonecfg.h>.
245 * In some instances, we take pains mapping some libc errno values to Z_foo
246 * values from this set.
247 */
248
249 /*
250 * Set the root (/) path for all zonecfg configuration files. This is a
251 * private interface used by Live Upgrade extensions to access zone
252 * configuration inside mounted alternate boot environments.
253 * This interface is also used by zoneadm mount and unmount subcommands.
254 */
255 void
zonecfg_set_root(const char * rootpath)256 zonecfg_set_root(const char *rootpath)
257 {
258 if (*zonecfg_root != '\0')
259 free(zonecfg_root);
260 if (rootpath == NULL || rootpath[0] == '\0' || rootpath[1] == '\0' ||
261 (zonecfg_root = strdup(rootpath)) == NULL)
262 zonecfg_root = "";
263 }
264
265 const char *
zonecfg_get_root(void)266 zonecfg_get_root(void)
267 {
268 return (zonecfg_root);
269 }
270
271 boolean_t
zonecfg_in_alt_root(void)272 zonecfg_in_alt_root(void)
273 {
274 return (*zonecfg_root != '\0');
275 }
276
277 /*
278 * Callers of the _file_path() functions are expected to have the second
279 * parameter be a (char foo[MAXPATHLEN]).
280 */
281
282 static boolean_t
config_file_path(const char * zonename,char * answer)283 config_file_path(const char *zonename, char *answer)
284 {
285 return (snprintf(answer, MAXPATHLEN, "%s%s/%s.xml", zonecfg_root,
286 ZONE_CONFIG_ROOT, zonename) < MAXPATHLEN);
287 }
288
289 static boolean_t
snap_file_path(const char * zonename,char * answer)290 snap_file_path(const char *zonename, char *answer)
291 {
292 return (snprintf(answer, MAXPATHLEN, "%s%s/%s.snapshot.xml",
293 zonecfg_root, ZONE_SNAPSHOT_ROOT, zonename) < MAXPATHLEN);
294 }
295
296 /*ARGSUSED*/
297 static void
zonecfg_error_func(void * ctx,const char * msg,...)298 zonecfg_error_func(void *ctx, const char *msg, ...)
299 {
300 /*
301 * This function does nothing by design. Its purpose is to prevent
302 * libxml from dumping unwanted messages to stdout/stderr.
303 */
304 }
305
306 zone_dochandle_t
zonecfg_init_handle(void)307 zonecfg_init_handle(void)
308 {
309 zone_dochandle_t handle = calloc(1, sizeof (struct zone_dochandle));
310 if (handle == NULL) {
311 errno = Z_NOMEM;
312 return (NULL);
313 }
314
315 xmlSetGenericErrorFunc(NULL, zonecfg_error_func);
316
317 return (handle);
318 }
319
320 int
zonecfg_check_handle(zone_dochandle_t handle)321 zonecfg_check_handle(zone_dochandle_t handle)
322 {
323 if (handle == NULL || handle->zone_dh_doc == NULL)
324 return (Z_BAD_HANDLE);
325 return (Z_OK);
326 }
327
328 void
zonecfg_fini_handle(zone_dochandle_t handle)329 zonecfg_fini_handle(zone_dochandle_t handle)
330 {
331 if (zonecfg_check_handle(handle) == Z_OK)
332 xmlFreeDoc(handle->zone_dh_doc);
333 if (handle != NULL)
334 free(handle);
335 }
336
337 static int
zonecfg_destroy_impl(char * filename)338 zonecfg_destroy_impl(char *filename)
339 {
340 if (unlink(filename) == -1) {
341 if (errno == EACCES)
342 return (Z_ACCES);
343 if (errno == ENOENT)
344 return (Z_NO_ZONE);
345 return (Z_MISC_FS);
346 }
347 return (Z_OK);
348 }
349
350 int
zonecfg_destroy(const char * zonename,boolean_t force)351 zonecfg_destroy(const char *zonename, boolean_t force)
352 {
353 char path[MAXPATHLEN];
354 struct zoneent ze;
355 int err, state_err;
356 zone_state_t state;
357
358 if (!config_file_path(zonename, path))
359 return (Z_MISC_FS);
360
361 state_err = zone_get_state((char *)zonename, &state);
362 err = access(path, W_OK);
363
364 /*
365 * If there is no file, and no index entry, reliably indicate that no
366 * such zone exists.
367 */
368 if ((state_err == Z_NO_ZONE) && (err == -1) && (errno == ENOENT))
369 return (Z_NO_ZONE);
370
371 /*
372 * Handle any other filesystem related errors (except if the XML
373 * file is missing, which we treat silently), unless we're forcing,
374 * in which case we plow on.
375 */
376 if (err == -1 && errno != ENOENT) {
377 if (errno == EACCES)
378 return (Z_ACCES);
379 else if (!force)
380 return (Z_MISC_FS);
381 }
382
383 if (state > ZONE_STATE_INSTALLED)
384 return (Z_BAD_ZONE_STATE);
385
386 if (!force && state > ZONE_STATE_CONFIGURED)
387 return (Z_BAD_ZONE_STATE);
388
389 /*
390 * Index deletion succeeds even if the entry doesn't exist. So this
391 * will fail only if we've had some more severe problem.
392 */
393 bzero(&ze, sizeof (ze));
394 (void) strlcpy(ze.zone_name, zonename, sizeof (ze.zone_name));
395 if ((err = putzoneent(&ze, PZE_REMOVE)) != Z_OK)
396 if (!force)
397 return (err);
398
399 err = zonecfg_destroy_impl(path);
400
401 /*
402 * Treat failure to find the XML file silently, since, well, it's
403 * gone, and with the index file cleaned up, we're done.
404 */
405 if (err == Z_OK || err == Z_NO_ZONE)
406 return (Z_OK);
407 return (err);
408 }
409
410 int
zonecfg_destroy_snapshot(const char * zonename)411 zonecfg_destroy_snapshot(const char *zonename)
412 {
413 char path[MAXPATHLEN];
414
415 if (!snap_file_path(zonename, path))
416 return (Z_MISC_FS);
417 return (zonecfg_destroy_impl(path));
418 }
419
420 static int
getroot(zone_dochandle_t handle,xmlNodePtr * root)421 getroot(zone_dochandle_t handle, xmlNodePtr *root)
422 {
423 if (zonecfg_check_handle(handle) == Z_BAD_HANDLE)
424 return (Z_BAD_HANDLE);
425
426 *root = xmlDocGetRootElement(handle->zone_dh_doc);
427
428 if (*root == NULL)
429 return (Z_EMPTY_DOCUMENT);
430
431 if (xmlStrcmp((*root)->name, DTD_ELEM_ZONE))
432 return (Z_WRONG_DOC_TYPE);
433
434 return (Z_OK);
435 }
436
437 static int
operation_prep(zone_dochandle_t handle)438 operation_prep(zone_dochandle_t handle)
439 {
440 xmlNodePtr root;
441 int err;
442
443 if ((err = getroot(handle, &root)) != 0)
444 return (err);
445
446 handle->zone_dh_cur = root;
447 handle->zone_dh_top = root;
448 return (Z_OK);
449 }
450
451 static int
fetchprop(xmlNodePtr cur,const xmlChar * propname,char * dst,size_t dstsize)452 fetchprop(xmlNodePtr cur, const xmlChar *propname, char *dst, size_t dstsize)
453 {
454 xmlChar *property;
455 size_t srcsize;
456
457 if ((property = xmlGetProp(cur, propname)) == NULL)
458 return (Z_BAD_PROPERTY);
459 srcsize = strlcpy(dst, (char *)property, dstsize);
460 xmlFree(property);
461 if (srcsize >= dstsize)
462 return (Z_TOO_BIG);
463 return (Z_OK);
464 }
465
466 static int
fetch_alloc_prop(xmlNodePtr cur,const xmlChar * propname,char ** dst)467 fetch_alloc_prop(xmlNodePtr cur, const xmlChar *propname, char **dst)
468 {
469 xmlChar *property;
470
471 if ((property = xmlGetProp(cur, propname)) == NULL)
472 return (Z_BAD_PROPERTY);
473 if ((*dst = strdup((char *)property)) == NULL) {
474 xmlFree(property);
475 return (Z_NOMEM);
476 }
477 xmlFree(property);
478 return (Z_OK);
479 }
480
481 static int
getrootattr(zone_dochandle_t handle,const xmlChar * propname,char * propval,size_t propsize)482 getrootattr(zone_dochandle_t handle, const xmlChar *propname,
483 char *propval, size_t propsize)
484 {
485 xmlNodePtr root;
486 int err;
487
488 if ((err = getroot(handle, &root)) != 0)
489 return (err);
490
491 return (fetchprop(root, propname, propval, propsize));
492 }
493
494 static int
get_alloc_rootattr(zone_dochandle_t handle,const xmlChar * propname,char ** propval)495 get_alloc_rootattr(zone_dochandle_t handle, const xmlChar *propname,
496 char **propval)
497 {
498 xmlNodePtr root;
499 int err;
500
501 if ((err = getroot(handle, &root)) != 0)
502 return (err);
503
504 return (fetch_alloc_prop(root, propname, propval));
505 }
506
507 static int
setrootattr(zone_dochandle_t handle,const xmlChar * propname,const char * propval)508 setrootattr(zone_dochandle_t handle, const xmlChar *propname,
509 const char *propval)
510 {
511 int err;
512 xmlNodePtr root;
513
514 if ((err = getroot(handle, &root)) != Z_OK)
515 return (err);
516
517 /*
518 * If we get a null propval remove the property (ignore return since it
519 * may not be set to begin with).
520 */
521 if (propval == NULL) {
522 (void) xmlUnsetProp(root, propname);
523 } else {
524 if (xmlSetProp(root, propname, (const xmlChar *) propval)
525 == NULL)
526 return (Z_INVAL);
527 }
528 return (Z_OK);
529 }
530
531 static void
addcomment(zone_dochandle_t handle,const char * comment)532 addcomment(zone_dochandle_t handle, const char *comment)
533 {
534 xmlNodePtr node;
535 node = xmlNewComment((xmlChar *) comment);
536
537 if (node != NULL)
538 (void) xmlAddPrevSibling(handle->zone_dh_top, node);
539 }
540
541 static void
stripcomments(zone_dochandle_t handle)542 stripcomments(zone_dochandle_t handle)
543 {
544 xmlDocPtr top;
545 xmlNodePtr child, next;
546
547 top = handle->zone_dh_doc;
548 for (child = top->xmlChildrenNode; child != NULL; child = next) {
549 next = child->next;
550 if (child->name == NULL)
551 continue;
552 if (xmlStrcmp(child->name, DTD_ELEM_COMMENT) == 0) {
553 next = child->next;
554 xmlUnlinkNode(child);
555 xmlFreeNode(child);
556 }
557 }
558 }
559
560 static void
strip_sw_inv(zone_dochandle_t handle)561 strip_sw_inv(zone_dochandle_t handle)
562 {
563 xmlNodePtr root, child, next;
564
565 root = xmlDocGetRootElement(handle->zone_dh_doc);
566 for (child = root->xmlChildrenNode; child != NULL; child = next) {
567 next = child->next;
568 if (child->name == NULL)
569 continue;
570 if (xmlStrcmp(child->name, DTD_ELEM_PACKAGE) == 0) {
571 next = child->next;
572 xmlUnlinkNode(child);
573 xmlFreeNode(child);
574 }
575 }
576 }
577
578 static int
zonecfg_get_handle_impl(const char * zonename,const char * filename,zone_dochandle_t handle)579 zonecfg_get_handle_impl(const char *zonename, const char *filename,
580 zone_dochandle_t handle)
581 {
582 xmlValidCtxtPtr cvp;
583 struct stat statbuf;
584 int valid;
585
586 if (zonename == NULL)
587 return (Z_NO_ZONE);
588
589 handle->zone_dh_doc = xmlReadFile(filename, NULL, XML_PARSER_OPTIONS);
590 if (handle->zone_dh_doc == NULL) {
591 /* distinguish file not found vs. found but not parsed */
592 if (stat(filename, &statbuf) == 0)
593 return (Z_INVALID_DOCUMENT);
594 return (Z_NO_ZONE);
595 }
596 if ((cvp = xmlNewValidCtxt()) == NULL)
597 return (Z_NOMEM);
598 cvp->error = zonecfg_error_func;
599 cvp->warning = zonecfg_error_func;
600 valid = xmlValidateDocument(cvp, handle->zone_dh_doc);
601 xmlFreeValidCtxt(cvp);
602 if (valid == 0)
603 return (Z_INVALID_DOCUMENT);
604
605 /* delete any comments such as inherited Sun copyright / ident str */
606 stripcomments(handle);
607 return (Z_OK);
608 }
609
610 int
zonecfg_get_handle(const char * zonename,zone_dochandle_t handle)611 zonecfg_get_handle(const char *zonename, zone_dochandle_t handle)
612 {
613 char path[MAXPATHLEN];
614
615 if (!config_file_path(zonename, path))
616 return (Z_MISC_FS);
617 handle->zone_dh_newzone = B_FALSE;
618
619 return (zonecfg_get_handle_impl(zonename, path, handle));
620 }
621
622 int
zonecfg_get_attach_handle(const char * path,const char * fname,const char * zonename,boolean_t preserve_sw,zone_dochandle_t handle)623 zonecfg_get_attach_handle(const char *path, const char *fname,
624 const char *zonename, boolean_t preserve_sw, zone_dochandle_t handle)
625 {
626 char migpath[MAXPATHLEN];
627 int err;
628 struct stat buf;
629
630 if (snprintf(migpath, sizeof (migpath), "%s/root", path) >=
631 sizeof (migpath))
632 return (Z_NOMEM);
633
634 if (stat(migpath, &buf) == -1 || !S_ISDIR(buf.st_mode))
635 return (Z_NO_ZONE);
636
637 if (snprintf(migpath, sizeof (migpath), "%s/%s", path, fname) >=
638 sizeof (migpath))
639 return (Z_NOMEM);
640
641 if ((err = zonecfg_get_handle_impl(zonename, migpath, handle)) != Z_OK)
642 return (err);
643
644 if (!preserve_sw)
645 strip_sw_inv(handle);
646
647 handle->zone_dh_newzone = B_TRUE;
648 if ((err = setrootattr(handle, DTD_ATTR_ZONEPATH, path)) != Z_OK)
649 return (err);
650
651 return (setrootattr(handle, DTD_ATTR_NAME, zonename));
652 }
653
654 int
zonecfg_get_snapshot_handle(const char * zonename,zone_dochandle_t handle)655 zonecfg_get_snapshot_handle(const char *zonename, zone_dochandle_t handle)
656 {
657 char path[MAXPATHLEN];
658
659 if (!snap_file_path(zonename, path))
660 return (Z_MISC_FS);
661 handle->zone_dh_newzone = B_FALSE;
662 return (zonecfg_get_handle_impl(zonename, path, handle));
663 }
664
665 int
zonecfg_get_template_handle(const char * template,const char * zonename,zone_dochandle_t handle)666 zonecfg_get_template_handle(const char *template, const char *zonename,
667 zone_dochandle_t handle)
668 {
669 char path[MAXPATHLEN];
670 int err;
671
672 if (!config_file_path(template, path))
673 return (Z_MISC_FS);
674
675 if ((err = zonecfg_get_handle_impl(template, path, handle)) != Z_OK)
676 return (err);
677 handle->zone_dh_newzone = B_TRUE;
678 return (setrootattr(handle, DTD_ATTR_NAME, zonename));
679 }
680
681 int
zonecfg_get_xml_handle(const char * path,zone_dochandle_t handle)682 zonecfg_get_xml_handle(const char *path, zone_dochandle_t handle)
683 {
684 struct stat buf;
685 int err;
686
687 if (stat(path, &buf) == -1)
688 return (Z_MISC_FS);
689
690 if ((err = zonecfg_get_handle_impl("xml", path, handle)) != Z_OK)
691 return (err);
692 handle->zone_dh_newzone = B_TRUE;
693 return (Z_OK);
694 }
695
696 /*
697 * Initialize two handles from the manifest read on fd. The rem_handle
698 * is initialized from the input file, including the sw inventory. The
699 * local_handle is initialized with the same zone configuration but with
700 * no sw inventory.
701 */
702 int
zonecfg_attach_manifest(int fd,zone_dochandle_t local_handle,zone_dochandle_t rem_handle)703 zonecfg_attach_manifest(int fd, zone_dochandle_t local_handle,
704 zone_dochandle_t rem_handle)
705 {
706 xmlValidCtxtPtr cvp;
707 int valid;
708
709 /* load the manifest into the handle for the remote system */
710 rem_handle->zone_dh_doc = xmlReadFd(fd, NULL, NULL, XML_PARSER_OPTIONS);
711 if (rem_handle->zone_dh_doc == NULL) {
712 return (Z_INVALID_DOCUMENT);
713 }
714 if ((cvp = xmlNewValidCtxt()) == NULL)
715 return (Z_NOMEM);
716 cvp->error = zonecfg_error_func;
717 cvp->warning = zonecfg_error_func;
718 valid = xmlValidateDocument(cvp, rem_handle->zone_dh_doc);
719 xmlFreeValidCtxt(cvp);
720 if (valid == 0)
721 return (Z_INVALID_DOCUMENT);
722
723 /* delete any comments such as inherited Sun copyright / ident str */
724 stripcomments(rem_handle);
725
726 rem_handle->zone_dh_newzone = B_TRUE;
727 rem_handle->zone_dh_sw_inv = B_TRUE;
728
729 /*
730 * Now use the remote system handle to generate a local system handle
731 * with an identical zones configuration but no sw inventory.
732 */
733 if ((local_handle->zone_dh_doc = xmlCopyDoc(rem_handle->zone_dh_doc,
734 1)) == NULL) {
735 return (Z_INVALID_DOCUMENT);
736 }
737
738 /*
739 * We need to re-run xmlValidateDocument on local_handle to properly
740 * update the in-core representation of the configuration.
741 */
742 if ((cvp = xmlNewValidCtxt()) == NULL)
743 return (Z_NOMEM);
744 cvp->error = zonecfg_error_func;
745 cvp->warning = zonecfg_error_func;
746 valid = xmlValidateDocument(cvp, local_handle->zone_dh_doc);
747 xmlFreeValidCtxt(cvp);
748 if (valid == 0)
749 return (Z_INVALID_DOCUMENT);
750
751 strip_sw_inv(local_handle);
752
753 local_handle->zone_dh_newzone = B_TRUE;
754 local_handle->zone_dh_sw_inv = B_FALSE;
755
756 return (Z_OK);
757 }
758
759 static boolean_t
is_renaming(zone_dochandle_t handle)760 is_renaming(zone_dochandle_t handle)
761 {
762 if (handle->zone_dh_newzone)
763 return (B_FALSE);
764 if (strlen(handle->zone_dh_delete_name) > 0)
765 return (B_TRUE);
766 return (B_FALSE);
767 }
768
769 static boolean_t
is_new(zone_dochandle_t handle)770 is_new(zone_dochandle_t handle)
771 {
772 return (handle->zone_dh_newzone || handle->zone_dh_snapshot);
773 }
774
775 static boolean_t
is_snapshot(zone_dochandle_t handle)776 is_snapshot(zone_dochandle_t handle)
777 {
778 return (handle->zone_dh_snapshot);
779 }
780
781 /*
782 * It would be great to be able to use libc's ctype(3c) macros, but we
783 * can't, as they are locale sensitive, and it would break our limited thread
784 * safety if this routine had to change the app locale on the fly.
785 */
786 int
zonecfg_validate_zonename(const char * zone)787 zonecfg_validate_zonename(const char *zone)
788 {
789 int i;
790
791 if (strcmp(zone, GLOBAL_ZONENAME) == 0)
792 return (Z_BOGUS_ZONE_NAME);
793
794 if (strlen(zone) >= ZONENAME_MAX)
795 return (Z_BOGUS_ZONE_NAME);
796
797 if (!((zone[0] >= 'a' && zone[0] <= 'z') ||
798 (zone[0] >= 'A' && zone[0] <= 'Z') ||
799 (zone[0] >= '0' && zone[0] <= '9')))
800 return (Z_BOGUS_ZONE_NAME);
801
802 for (i = 1; zone[i] != '\0'; i++) {
803 if (!((zone[i] >= 'a' && zone[i] <= 'z') ||
804 (zone[i] >= 'A' && zone[i] <= 'Z') ||
805 (zone[i] >= '0' && zone[i] <= '9') ||
806 (zone[i] == '-') || (zone[i] == '_') || (zone[i] == '.')))
807 return (Z_BOGUS_ZONE_NAME);
808 }
809
810 return (Z_OK);
811 }
812
813 /*
814 * Changing the zone name requires us to track both the old and new
815 * name of the zone until commit time.
816 */
817 int
zonecfg_get_name(zone_dochandle_t handle,char * name,size_t namesize)818 zonecfg_get_name(zone_dochandle_t handle, char *name, size_t namesize)
819 {
820 return (getrootattr(handle, DTD_ATTR_NAME, name, namesize));
821 }
822
823 static int
insert_admins(zone_dochandle_t handle,char * zonename)824 insert_admins(zone_dochandle_t handle, char *zonename)
825 {
826 int err;
827 struct zone_admintab admintab;
828
829 if ((err = zonecfg_setadminent(handle)) != Z_OK) {
830 return (err);
831 }
832 while (zonecfg_getadminent(handle, &admintab) == Z_OK) {
833 err = zonecfg_insert_userauths(handle,
834 admintab.zone_admin_user, zonename);
835 if (err != Z_OK) {
836 (void) zonecfg_endadminent(handle);
837 return (err);
838 }
839 }
840 (void) zonecfg_endadminent(handle);
841 return (Z_OK);
842 }
843
844 int
zonecfg_set_name(zone_dochandle_t handle,char * name)845 zonecfg_set_name(zone_dochandle_t handle, char *name)
846 {
847 zone_state_t state;
848 char curname[ZONENAME_MAX], old_delname[ZONENAME_MAX];
849 int err;
850
851 if ((err = getrootattr(handle, DTD_ATTR_NAME, curname,
852 sizeof (curname))) != Z_OK)
853 return (err);
854
855 if (strcmp(name, curname) == 0)
856 return (Z_OK);
857
858 /*
859 * Switching zone names to one beginning with SUNW is not permitted.
860 */
861 if (strncmp(name, "SUNW", 4) == 0)
862 return (Z_BOGUS_ZONE_NAME);
863
864 if ((err = zonecfg_validate_zonename(name)) != Z_OK)
865 return (err);
866
867 /*
868 * Setting the name back to the original name (effectively a revert of
869 * the name) is fine. But if we carry on, we'll falsely identify the
870 * name as "in use," so special case here.
871 */
872 if (strcmp(name, handle->zone_dh_delete_name) == 0) {
873 err = setrootattr(handle, DTD_ATTR_NAME, name);
874 handle->zone_dh_delete_name[0] = '\0';
875 return (err);
876 }
877
878 /* Check to see if new name chosen is already in use */
879 if (zone_get_state(name, &state) != Z_NO_ZONE)
880 return (Z_NAME_IN_USE);
881
882 /*
883 * If this isn't already "new" or in a renaming transition, then
884 * we're initiating a rename here; so stash the "delete name"
885 * (i.e. the name of the zone we'll be removing) for the rename.
886 */
887 (void) strlcpy(old_delname, handle->zone_dh_delete_name,
888 sizeof (old_delname));
889 if (!is_new(handle) && !is_renaming(handle)) {
890 /*
891 * Name change is allowed only when the zone we're altering
892 * is not ready or running.
893 */
894 err = zone_get_state(curname, &state);
895 if (err == Z_OK) {
896 if (state > ZONE_STATE_INSTALLED)
897 return (Z_BAD_ZONE_STATE);
898 } else if (err != Z_NO_ZONE) {
899 return (err);
900 }
901
902 (void) strlcpy(handle->zone_dh_delete_name, curname,
903 sizeof (handle->zone_dh_delete_name));
904 assert(is_renaming(handle));
905 } else if (is_renaming(handle)) {
906 err = zone_get_state(handle->zone_dh_delete_name, &state);
907 if (err == Z_OK) {
908 if (state > ZONE_STATE_INSTALLED)
909 return (Z_BAD_ZONE_STATE);
910 } else if (err != Z_NO_ZONE) {
911 return (err);
912 }
913 }
914
915 if ((err = setrootattr(handle, DTD_ATTR_NAME, name)) != Z_OK) {
916 /*
917 * Restore the deletename to whatever it was at the
918 * top of the routine, since we've had a failure.
919 */
920 (void) strlcpy(handle->zone_dh_delete_name, old_delname,
921 sizeof (handle->zone_dh_delete_name));
922 return (err);
923 }
924
925 /*
926 * Record the old admins from the old zonename
927 * so that they can be deleted when the operation is committed.
928 */
929 if ((err = insert_admins(handle, curname)) != Z_OK)
930 return (err);
931 else
932 return (Z_OK);
933 }
934
935 int
zonecfg_get_zonepath(zone_dochandle_t handle,char * path,size_t pathsize)936 zonecfg_get_zonepath(zone_dochandle_t handle, char *path, size_t pathsize)
937 {
938 size_t len;
939
940 if ((len = strlcpy(path, zonecfg_root, pathsize)) >= pathsize)
941 return (Z_TOO_BIG);
942 return (getrootattr(handle, DTD_ATTR_ZONEPATH, path + len,
943 pathsize - len));
944 }
945
946 int
zonecfg_set_zonepath(zone_dochandle_t handle,char * zonepath)947 zonecfg_set_zonepath(zone_dochandle_t handle, char *zonepath)
948 {
949 size_t len;
950 char *modpath, *copy_mp, *curr_mp; /* modified path ptrs */
951 char last_copied;
952 int ret;
953
954 /*
955 * Collapse multiple contiguous slashes and remove trailing slash.
956 */
957 modpath = strdup(zonepath);
958 if (modpath == NULL)
959 return (Z_NOMEM);
960 last_copied = '\0';
961 for (copy_mp = curr_mp = modpath; *curr_mp != '\0'; curr_mp++) {
962 if (*curr_mp != '/' || last_copied != '/') {
963 last_copied = *copy_mp = *curr_mp;
964 copy_mp++;
965 }
966 }
967 if (last_copied == '/')
968 copy_mp--;
969 *copy_mp = '\0';
970
971 /*
972 * The user deals in absolute paths in the running global zone, but the
973 * internal configuration files deal with boot environment relative
974 * paths. Strip out the alternate root when specified.
975 */
976 len = strlen(zonecfg_root);
977 if (strncmp(modpath, zonecfg_root, len) != 0 || modpath[len] != '/') {
978 free(modpath);
979 return (Z_BAD_PROPERTY);
980 }
981 curr_mp = modpath + len;
982 ret = setrootattr(handle, DTD_ATTR_ZONEPATH, curr_mp);
983 free(modpath);
984 return (ret);
985 }
986
987 static int
i_zonecfg_get_brand(zone_dochandle_t handle,char * brand,size_t brandsize,boolean_t default_query)988 i_zonecfg_get_brand(zone_dochandle_t handle, char *brand, size_t brandsize,
989 boolean_t default_query)
990 {
991 int ret, sz;
992
993 ret = getrootattr(handle, DTD_ATTR_BRAND, brand, brandsize);
994
995 /*
996 * If the lookup failed, or succeeded in finding a non-null brand
997 * string then return.
998 */
999 if (ret != Z_OK || brand[0] != '\0')
1000 return (ret);
1001
1002 if (!default_query) {
1003 /* If the zone has no brand, it is the default brand. */
1004 return (zonecfg_default_brand(brand, brandsize));
1005 }
1006
1007 /* if SUNWdefault didn't specify a brand, fallback to "native" */
1008 sz = strlcpy(brand, NATIVE_BRAND_NAME, brandsize);
1009 if (sz >= brandsize)
1010 return (Z_TOO_BIG);
1011 return (Z_OK);
1012 }
1013
1014 int
zonecfg_get_brand(zone_dochandle_t handle,char * brand,size_t brandsize)1015 zonecfg_get_brand(zone_dochandle_t handle, char *brand, size_t brandsize)
1016 {
1017 return (i_zonecfg_get_brand(handle, brand, brandsize, B_FALSE));
1018 }
1019
1020 int
zonecfg_set_brand(zone_dochandle_t handle,char * brand)1021 zonecfg_set_brand(zone_dochandle_t handle, char *brand)
1022 {
1023 return (setrootattr(handle, DTD_ATTR_BRAND, brand));
1024 }
1025
1026 int
zonecfg_get_autoboot(zone_dochandle_t handle,boolean_t * autoboot)1027 zonecfg_get_autoboot(zone_dochandle_t handle, boolean_t *autoboot)
1028 {
1029 char autobootstr[DTD_ENTITY_BOOL_LEN];
1030 int ret;
1031
1032 if ((ret = getrootattr(handle, DTD_ATTR_AUTOBOOT, autobootstr,
1033 sizeof (autobootstr))) != Z_OK)
1034 return (ret);
1035
1036 if (strcmp(autobootstr, DTD_ENTITY_TRUE) == 0)
1037 *autoboot = B_TRUE;
1038 else if (strcmp(autobootstr, DTD_ENTITY_FALSE) == 0)
1039 *autoboot = B_FALSE;
1040 else
1041 ret = Z_BAD_PROPERTY;
1042 return (ret);
1043 }
1044
1045 int
zonecfg_set_autoboot(zone_dochandle_t handle,boolean_t autoboot)1046 zonecfg_set_autoboot(zone_dochandle_t handle, boolean_t autoboot)
1047 {
1048 return (setrootattr(handle, DTD_ATTR_AUTOBOOT,
1049 autoboot ? DTD_ENTITY_TRUE : DTD_ENTITY_FALSE));
1050 }
1051
1052 int
zonecfg_get_pool(zone_dochandle_t handle,char * pool,size_t poolsize)1053 zonecfg_get_pool(zone_dochandle_t handle, char *pool, size_t poolsize)
1054 {
1055 return (getrootattr(handle, DTD_ATTR_POOL, pool, poolsize));
1056 }
1057
1058 int
zonecfg_set_pool(zone_dochandle_t handle,char * pool)1059 zonecfg_set_pool(zone_dochandle_t handle, char *pool)
1060 {
1061 return (setrootattr(handle, DTD_ATTR_POOL, pool));
1062 }
1063
1064 int
zonecfg_get_limitpriv(zone_dochandle_t handle,char ** limitpriv)1065 zonecfg_get_limitpriv(zone_dochandle_t handle, char **limitpriv)
1066 {
1067 return (get_alloc_rootattr(handle, DTD_ATTR_LIMITPRIV, limitpriv));
1068 }
1069
1070 int
zonecfg_set_limitpriv(zone_dochandle_t handle,char * limitpriv)1071 zonecfg_set_limitpriv(zone_dochandle_t handle, char *limitpriv)
1072 {
1073 return (setrootattr(handle, DTD_ATTR_LIMITPRIV, limitpriv));
1074 }
1075
1076 int
zonecfg_get_bootargs(zone_dochandle_t handle,char * bargs,size_t bargssize)1077 zonecfg_get_bootargs(zone_dochandle_t handle, char *bargs, size_t bargssize)
1078 {
1079 return (getrootattr(handle, DTD_ATTR_BOOTARGS, bargs, bargssize));
1080 }
1081
1082 int
zonecfg_set_bootargs(zone_dochandle_t handle,char * bargs)1083 zonecfg_set_bootargs(zone_dochandle_t handle, char *bargs)
1084 {
1085 return (setrootattr(handle, DTD_ATTR_BOOTARGS, bargs));
1086 }
1087
1088 int
zonecfg_get_sched_class(zone_dochandle_t handle,char * sched,size_t schedsize)1089 zonecfg_get_sched_class(zone_dochandle_t handle, char *sched, size_t schedsize)
1090 {
1091 return (getrootattr(handle, DTD_ATTR_SCHED, sched, schedsize));
1092 }
1093
1094 int
zonecfg_set_sched(zone_dochandle_t handle,char * sched)1095 zonecfg_set_sched(zone_dochandle_t handle, char *sched)
1096 {
1097 return (setrootattr(handle, DTD_ATTR_SCHED, sched));
1098 }
1099
1100 /*
1101 * /etc/zones/index caches a vital piece of information which is also
1102 * in the <zonename>.xml file: the path to the zone. This is for performance,
1103 * since we need to walk all zonepath's in order to be able to detect conflicts
1104 * (see crosscheck_zonepaths() in the zoneadm command).
1105 *
1106 * An additional complexity is that when doing a rename, we'd like the entire
1107 * index update operation (rename, and potential state changes) to be atomic.
1108 * In general, the operation of this function should succeed or fail as
1109 * a unit.
1110 */
1111 int
zonecfg_refresh_index_file(zone_dochandle_t handle)1112 zonecfg_refresh_index_file(zone_dochandle_t handle)
1113 {
1114 char name[ZONENAME_MAX], zonepath[MAXPATHLEN];
1115 struct zoneent ze;
1116 int err;
1117 int opcode;
1118 char *zn;
1119
1120 bzero(&ze, sizeof (ze));
1121 ze.zone_state = -1; /* Preserve existing state in index */
1122
1123 if ((err = zonecfg_get_name(handle, name, sizeof (name))) != Z_OK)
1124 return (err);
1125 (void) strlcpy(ze.zone_name, name, sizeof (ze.zone_name));
1126
1127 if ((err = zonecfg_get_zonepath(handle, zonepath,
1128 sizeof (zonepath))) != Z_OK)
1129 return (err);
1130 (void) strlcpy(ze.zone_path, zonepath + strlen(zonecfg_root),
1131 sizeof (ze.zone_path));
1132
1133 if (is_renaming(handle)) {
1134 opcode = PZE_MODIFY;
1135 (void) strlcpy(ze.zone_name, handle->zone_dh_delete_name,
1136 sizeof (ze.zone_name));
1137 (void) strlcpy(ze.zone_newname, name, sizeof (ze.zone_newname));
1138 } else if (is_new(handle)) {
1139 FILE *cookie;
1140 /*
1141 * Be tolerant of the zone already existing in the index file,
1142 * since we might be forcibly overwriting an existing
1143 * configuration with a new one (for example 'create -F'
1144 * in zonecfg).
1145 */
1146 opcode = PZE_ADD;
1147 cookie = setzoneent();
1148 while ((zn = getzoneent(cookie)) != NULL) {
1149 if (strcmp(zn, name) == 0) {
1150 opcode = PZE_MODIFY;
1151 free(zn);
1152 break;
1153 }
1154 free(zn);
1155 }
1156 endzoneent(cookie);
1157 ze.zone_state = ZONE_STATE_CONFIGURED;
1158 } else {
1159 opcode = PZE_MODIFY;
1160 }
1161
1162 if ((err = putzoneent(&ze, opcode)) != Z_OK)
1163 return (err);
1164
1165 return (Z_OK);
1166 }
1167
1168 /*
1169 * The goal of this routine is to cause the index file update and the
1170 * document save to happen as an atomic operation. We do the document
1171 * first, saving a backup copy using a hard link; if that succeeds, we go
1172 * on to the index. If that fails, we roll the document back into place.
1173 *
1174 * Strategy:
1175 *
1176 * New zone 'foo' configuration:
1177 * Create tmpfile (zonecfg.xxxxxx)
1178 * Write XML to tmpfile
1179 * Rename tmpfile to xmlfile (zonecfg.xxxxxx -> foo.xml)
1180 * Add entry to index file
1181 * If it fails, delete foo.xml, leaving nothing behind.
1182 *
1183 * Save existing zone 'foo':
1184 * Make backup of foo.xml -> .backup
1185 * Create tmpfile (zonecfg.xxxxxx)
1186 * Write XML to tmpfile
1187 * Rename tmpfile to xmlfile (zonecfg.xxxxxx -> foo.xml)
1188 * Modify index file as needed
1189 * If it fails, recover from .backup -> foo.xml
1190 *
1191 * Rename 'foo' to 'bar':
1192 * Create tmpfile (zonecfg.xxxxxx)
1193 * Write XML to tmpfile
1194 * Rename tmpfile to xmlfile (zonecfg.xxxxxx -> bar.xml)
1195 * Add entry for 'bar' to index file, Remove entry for 'foo' (refresh)
1196 * If it fails, delete bar.xml; foo.xml is left behind.
1197 */
1198 static int
zonecfg_save_impl(zone_dochandle_t handle,char * filename)1199 zonecfg_save_impl(zone_dochandle_t handle, char *filename)
1200 {
1201 char tmpfile[MAXPATHLEN];
1202 char bakdir[MAXPATHLEN], bakbase[MAXPATHLEN], bakfile[MAXPATHLEN];
1203 int tmpfd, err, valid;
1204 xmlValidCtxt cvp = { NULL };
1205 boolean_t backup;
1206
1207 (void) strlcpy(tmpfile, filename, sizeof (tmpfile));
1208 (void) dirname(tmpfile);
1209 (void) strlcat(tmpfile, _PATH_TMPFILE, sizeof (tmpfile));
1210
1211 tmpfd = mkstemp(tmpfile);
1212 if (tmpfd == -1) {
1213 (void) unlink(tmpfile);
1214 return (Z_TEMP_FILE);
1215 }
1216 (void) close(tmpfd);
1217
1218 cvp.error = zonecfg_error_func;
1219 cvp.warning = zonecfg_error_func;
1220
1221 /*
1222 * We do a final validation of the document. Since the library has
1223 * malfunctioned if it fails to validate, we follow-up with an
1224 * assert() that the doc is valid.
1225 */
1226 valid = xmlValidateDocument(&cvp, handle->zone_dh_doc);
1227 assert(valid != 0);
1228
1229 if (xmlSaveFormatFile(tmpfile, handle->zone_dh_doc, 1) <= 0)
1230 goto err;
1231
1232 (void) chmod(tmpfile, 0644);
1233
1234 /*
1235 * In the event we are doing a standard save, hard link a copy of the
1236 * original file in .backup.<pid>.filename so we can restore it if
1237 * something goes wrong.
1238 */
1239 if (!is_new(handle) && !is_renaming(handle)) {
1240 backup = B_TRUE;
1241
1242 (void) strlcpy(bakdir, filename, sizeof (bakdir));
1243 (void) strlcpy(bakbase, filename, sizeof (bakbase));
1244 (void) snprintf(bakfile, sizeof (bakfile), "%s/.backup.%d.%s",
1245 dirname(bakdir), getpid(), basename(bakbase));
1246
1247 if (link(filename, bakfile) == -1) {
1248 err = errno;
1249 (void) unlink(tmpfile);
1250 if (errno == EACCES)
1251 return (Z_ACCES);
1252 return (Z_MISC_FS);
1253 }
1254 }
1255
1256 /*
1257 * Move the new document over top of the old.
1258 * i.e.: zonecfg.XXXXXX -> myzone.xml
1259 */
1260 if (rename(tmpfile, filename) == -1) {
1261 err = errno;
1262 (void) unlink(tmpfile);
1263 if (backup)
1264 (void) unlink(bakfile);
1265 if (err == EACCES)
1266 return (Z_ACCES);
1267 return (Z_MISC_FS);
1268 }
1269
1270 /*
1271 * If this is a snapshot, we're done-- don't add an index entry.
1272 */
1273 if (is_snapshot(handle))
1274 return (Z_OK);
1275
1276 /* now update the index file to reflect whatever we just did */
1277 if ((err = zonecfg_refresh_index_file(handle)) != Z_OK) {
1278 if (backup) {
1279 /*
1280 * Try to restore from our backup.
1281 */
1282 (void) unlink(filename);
1283 (void) rename(bakfile, filename);
1284 } else {
1285 /*
1286 * Either the zone is new, in which case we can delete
1287 * new.xml, or we're doing a rename, so ditto.
1288 */
1289 assert(is_new(handle) || is_renaming(handle));
1290 (void) unlink(filename);
1291 }
1292 return (Z_UPDATING_INDEX);
1293 }
1294
1295 if (backup)
1296 (void) unlink(bakfile);
1297
1298 return (Z_OK);
1299
1300 err:
1301 (void) unlink(tmpfile);
1302 return (Z_SAVING_FILE);
1303 }
1304
1305 int
zonecfg_save(zone_dochandle_t handle)1306 zonecfg_save(zone_dochandle_t handle)
1307 {
1308 char zname[ZONENAME_MAX], path[MAXPATHLEN];
1309 char delpath[MAXPATHLEN];
1310 int err = Z_SAVING_FILE;
1311
1312 if (zonecfg_check_handle(handle) != Z_OK)
1313 return (Z_BAD_HANDLE);
1314
1315 /*
1316 * We don't support saving snapshots or a tree containing a sw
1317 * inventory at this time.
1318 */
1319 if (handle->zone_dh_snapshot || handle->zone_dh_sw_inv)
1320 return (Z_INVAL);
1321
1322 if ((err = zonecfg_get_name(handle, zname, sizeof (zname))) != Z_OK)
1323 return (err);
1324
1325 if (!config_file_path(zname, path))
1326 return (Z_MISC_FS);
1327
1328 addcomment(handle, "\n DO NOT EDIT THIS "
1329 "FILE. Use zonecfg(8) instead.\n");
1330
1331 /*
1332 * Update user_attr first so that it will be older
1333 * than the config file.
1334 */
1335 (void) zonecfg_authorize_users(handle, zname);
1336 err = zonecfg_save_impl(handle, path);
1337
1338 stripcomments(handle);
1339
1340 if (err != Z_OK)
1341 return (err);
1342
1343 handle->zone_dh_newzone = B_FALSE;
1344
1345 if (is_renaming(handle)) {
1346 if (config_file_path(handle->zone_dh_delete_name, delpath))
1347 (void) unlink(delpath);
1348 handle->zone_dh_delete_name[0] = '\0';
1349 }
1350
1351 return (Z_OK);
1352 }
1353
1354 int
zonecfg_verify_save(zone_dochandle_t handle,char * filename)1355 zonecfg_verify_save(zone_dochandle_t handle, char *filename)
1356 {
1357 int valid;
1358
1359 xmlValidCtxt cvp = { NULL };
1360
1361 if (zonecfg_check_handle(handle) != Z_OK)
1362 return (Z_BAD_HANDLE);
1363
1364 cvp.error = zonecfg_error_func;
1365 cvp.warning = zonecfg_error_func;
1366
1367 /*
1368 * We do a final validation of the document. Since the library has
1369 * malfunctioned if it fails to validate, we follow-up with an
1370 * assert() that the doc is valid.
1371 */
1372 valid = xmlValidateDocument(&cvp, handle->zone_dh_doc);
1373 assert(valid != 0);
1374
1375 if (xmlSaveFormatFile(filename, handle->zone_dh_doc, 1) <= 0)
1376 return (Z_SAVING_FILE);
1377
1378 return (Z_OK);
1379 }
1380
1381 int
zonecfg_detach_save(zone_dochandle_t handle,uint_t flags)1382 zonecfg_detach_save(zone_dochandle_t handle, uint_t flags)
1383 {
1384 char zname[ZONENAME_MAX];
1385 char path[MAXPATHLEN];
1386 char migpath[MAXPATHLEN];
1387 xmlValidCtxt cvp = { NULL };
1388 int err = Z_SAVING_FILE;
1389 int valid;
1390
1391 if (zonecfg_check_handle(handle) != Z_OK)
1392 return (Z_BAD_HANDLE);
1393
1394 if (flags & ZONE_DRY_RUN) {
1395 (void) strlcpy(migpath, "-", sizeof (migpath));
1396 } else {
1397 if ((err = zonecfg_get_name(handle, zname, sizeof (zname)))
1398 != Z_OK)
1399 return (err);
1400
1401 if ((err = zone_get_zonepath(zname, path, sizeof (path)))
1402 != Z_OK)
1403 return (err);
1404
1405 if (snprintf(migpath, sizeof (migpath), "%s/%s", path,
1406 ZONE_DETACHED) >= sizeof (migpath))
1407 return (Z_NOMEM);
1408 }
1409
1410 if ((err = operation_prep(handle)) != Z_OK)
1411 return (err);
1412
1413 addcomment(handle, "\n DO NOT EDIT THIS FILE. "
1414 "Use zonecfg(8) and zoneadm(8) attach.\n");
1415
1416 cvp.error = zonecfg_error_func;
1417 cvp.warning = zonecfg_error_func;
1418
1419 /*
1420 * We do a final validation of the document. Since the library has
1421 * malfunctioned if it fails to validate, we follow-up with an
1422 * assert() that the doc is valid.
1423 */
1424 valid = xmlValidateDocument(&cvp, handle->zone_dh_doc);
1425 assert(valid != 0);
1426
1427 if (xmlSaveFormatFile(migpath, handle->zone_dh_doc, 1) <= 0)
1428 return (Z_SAVING_FILE);
1429
1430 if (!(flags & ZONE_DRY_RUN))
1431 (void) chmod(migpath, 0644);
1432
1433 stripcomments(handle);
1434
1435 handle->zone_dh_newzone = B_FALSE;
1436
1437 return (Z_OK);
1438 }
1439
1440 boolean_t
zonecfg_detached(const char * path)1441 zonecfg_detached(const char *path)
1442 {
1443 char migpath[MAXPATHLEN];
1444 struct stat buf;
1445
1446 if (snprintf(migpath, sizeof (migpath), "%s/%s", path, ZONE_DETACHED) >=
1447 sizeof (migpath))
1448 return (B_FALSE);
1449
1450 if (stat(migpath, &buf) != -1)
1451 return (B_TRUE);
1452
1453 return (B_FALSE);
1454 }
1455
1456 void
zonecfg_rm_detached(zone_dochandle_t handle,boolean_t forced)1457 zonecfg_rm_detached(zone_dochandle_t handle, boolean_t forced)
1458 {
1459 char zname[ZONENAME_MAX];
1460 char path[MAXPATHLEN];
1461 char detached[MAXPATHLEN];
1462 char attached[MAXPATHLEN];
1463
1464 if (zonecfg_check_handle(handle) != Z_OK)
1465 return;
1466
1467 if (zonecfg_get_name(handle, zname, sizeof (zname)) != Z_OK)
1468 return;
1469
1470 if (zone_get_zonepath(zname, path, sizeof (path)) != Z_OK)
1471 return;
1472
1473 (void) snprintf(detached, sizeof (detached), "%s/%s", path,
1474 ZONE_DETACHED);
1475 (void) snprintf(attached, sizeof (attached), "%s/%s", path,
1476 ATTACH_FORCED);
1477
1478 if (forced) {
1479 (void) rename(detached, attached);
1480 } else {
1481 (void) unlink(attached);
1482 (void) unlink(detached);
1483 }
1484 }
1485
1486 /*
1487 * Special case: if access(2) fails with ENOENT, then try again using
1488 * ZONE_CONFIG_ROOT instead of config_file_path(zonename). This is how we
1489 * work around the case of a config file which has not been created yet:
1490 * the user will need access to the directory so use that as a heuristic.
1491 */
1492
1493 int
zonecfg_access(const char * zonename,int amode)1494 zonecfg_access(const char *zonename, int amode)
1495 {
1496 char path[MAXPATHLEN];
1497
1498 if (!config_file_path(zonename, path))
1499 return (Z_INVAL);
1500 if (access(path, amode) == 0)
1501 return (Z_OK);
1502 if (errno == ENOENT) {
1503 if (snprintf(path, sizeof (path), "%s%s", zonecfg_root,
1504 ZONE_CONFIG_ROOT) >= sizeof (path))
1505 return (Z_INVAL);
1506 if (access(path, amode) == 0)
1507 return (Z_OK);
1508 }
1509 if (errno == EACCES)
1510 return (Z_ACCES);
1511 if (errno == EINVAL)
1512 return (Z_INVAL);
1513 return (Z_MISC_FS);
1514 }
1515
1516 int
zonecfg_create_snapshot(const char * zonename)1517 zonecfg_create_snapshot(const char *zonename)
1518 {
1519 zone_dochandle_t handle;
1520 char path[MAXPATHLEN], zonepath[MAXPATHLEN], rpath[MAXPATHLEN];
1521 int error = Z_OK, res;
1522
1523 if ((handle = zonecfg_init_handle()) == NULL) {
1524 return (Z_NOMEM);
1525 }
1526
1527 handle->zone_dh_newzone = B_TRUE;
1528 handle->zone_dh_snapshot = B_TRUE;
1529
1530 if ((error = zonecfg_get_handle(zonename, handle)) != Z_OK)
1531 goto out;
1532 if ((error = operation_prep(handle)) != Z_OK)
1533 goto out;
1534 error = zonecfg_get_zonepath(handle, zonepath, sizeof (zonepath));
1535 if (error != Z_OK)
1536 goto out;
1537 if ((res = resolvepath(zonepath, rpath, sizeof (rpath))) == -1) {
1538 error = Z_RESOLVED_PATH;
1539 goto out;
1540 }
1541 /*
1542 * If the resolved path is not the same as the original path, then
1543 * save the resolved path in the snapshot, thus preventing any
1544 * potential problems down the line when zoneadmd goes to unmount
1545 * file systems and depends on initial string matches with resolved
1546 * paths.
1547 */
1548 rpath[res] = '\0';
1549 if (strcmp(zonepath, rpath) != 0) {
1550 if ((error = zonecfg_set_zonepath(handle, rpath)) != Z_OK)
1551 goto out;
1552 }
1553 if (snprintf(path, sizeof (path), "%s%s", zonecfg_root,
1554 ZONE_SNAPSHOT_ROOT) >= sizeof (path)) {
1555 error = Z_MISC_FS;
1556 goto out;
1557 }
1558 if ((mkdir(path, S_IRWXU) == -1) && (errno != EEXIST)) {
1559 error = Z_MISC_FS;
1560 goto out;
1561 }
1562
1563 if (!snap_file_path(zonename, path)) {
1564 error = Z_MISC_FS;
1565 goto out;
1566 }
1567
1568 addcomment(handle, "\n DO NOT EDIT THIS FILE. "
1569 "It is a snapshot of running zone state.\n");
1570
1571 error = zonecfg_save_impl(handle, path);
1572
1573 stripcomments(handle);
1574
1575 out:
1576 zonecfg_fini_handle(handle);
1577 return (error);
1578 }
1579
1580 int
zonecfg_get_iptype(zone_dochandle_t handle,zone_iptype_t * iptypep)1581 zonecfg_get_iptype(zone_dochandle_t handle, zone_iptype_t *iptypep)
1582 {
1583 char property[10]; /* 10 is big enough for "shared"/"exclusive" */
1584 int err;
1585
1586 err = getrootattr(handle, DTD_ATTR_IPTYPE, property, sizeof (property));
1587 if (err == Z_BAD_PROPERTY) {
1588 /* Return default value */
1589 *iptypep = ZS_SHARED;
1590 return (Z_OK);
1591 } else if (err != Z_OK) {
1592 return (err);
1593 }
1594
1595 if (strlen(property) == 0 ||
1596 strcmp(property, "shared") == 0)
1597 *iptypep = ZS_SHARED;
1598 else if (strcmp(property, "exclusive") == 0)
1599 *iptypep = ZS_EXCLUSIVE;
1600 else
1601 return (Z_INVAL);
1602
1603 return (Z_OK);
1604 }
1605
1606 int
zonecfg_set_iptype(zone_dochandle_t handle,zone_iptype_t iptype)1607 zonecfg_set_iptype(zone_dochandle_t handle, zone_iptype_t iptype)
1608 {
1609 xmlNodePtr cur;
1610
1611 if (handle == NULL)
1612 return (Z_INVAL);
1613
1614 cur = xmlDocGetRootElement(handle->zone_dh_doc);
1615 if (cur == NULL) {
1616 return (Z_EMPTY_DOCUMENT);
1617 }
1618
1619 if (xmlStrcmp(cur->name, DTD_ELEM_ZONE) != 0) {
1620 return (Z_WRONG_DOC_TYPE);
1621 }
1622 switch (iptype) {
1623 case ZS_SHARED:
1624 /*
1625 * Since "shared" is the default, we don't write it to the
1626 * configuration file, so that it's easier to migrate those
1627 * zones elsewhere, eg., to systems which are not IP-Instances
1628 * aware.
1629 * xmlUnsetProp only fails when the attribute doesn't exist,
1630 * which we don't care.
1631 */
1632 (void) xmlUnsetProp(cur, DTD_ATTR_IPTYPE);
1633 break;
1634 case ZS_EXCLUSIVE:
1635 if (xmlSetProp(cur, DTD_ATTR_IPTYPE,
1636 (const xmlChar *) "exclusive") == NULL)
1637 return (Z_INVAL);
1638 break;
1639 }
1640 return (Z_OK);
1641 }
1642
1643 static int
newprop(xmlNodePtr node,const xmlChar * attrname,char * src)1644 newprop(xmlNodePtr node, const xmlChar *attrname, char *src)
1645 {
1646 xmlAttrPtr newattr;
1647
1648 newattr = xmlNewProp(node, attrname, (xmlChar *)src);
1649 if (newattr == NULL) {
1650 xmlUnlinkNode(node);
1651 xmlFreeNode(node);
1652 return (Z_BAD_PROPERTY);
1653 }
1654 return (Z_OK);
1655 }
1656
1657 static int
zonecfg_add_filesystem_core(zone_dochandle_t handle,struct zone_fstab * tabptr)1658 zonecfg_add_filesystem_core(zone_dochandle_t handle, struct zone_fstab *tabptr)
1659 {
1660 xmlNodePtr newnode, cur = handle->zone_dh_cur, options_node;
1661 zone_fsopt_t *ptr;
1662 int err;
1663
1664 newnode = xmlNewTextChild(cur, NULL, DTD_ELEM_FS, NULL);
1665 if ((err = newprop(newnode, DTD_ATTR_SPECIAL,
1666 tabptr->zone_fs_special)) != Z_OK)
1667 return (err);
1668 if (tabptr->zone_fs_raw[0] != '\0' &&
1669 (err = newprop(newnode, DTD_ATTR_RAW, tabptr->zone_fs_raw)) != Z_OK)
1670 return (err);
1671 if ((err = newprop(newnode, DTD_ATTR_DIR, tabptr->zone_fs_dir)) != Z_OK)
1672 return (err);
1673 if ((err = newprop(newnode, DTD_ATTR_TYPE,
1674 tabptr->zone_fs_type)) != Z_OK)
1675 return (err);
1676 if (tabptr->zone_fs_options != NULL) {
1677 for (ptr = tabptr->zone_fs_options; ptr != NULL;
1678 ptr = ptr->zone_fsopt_next) {
1679 options_node = xmlNewTextChild(newnode, NULL,
1680 DTD_ELEM_FSOPTION, NULL);
1681 if ((err = newprop(options_node, DTD_ATTR_NAME,
1682 ptr->zone_fsopt_opt)) != Z_OK)
1683 return (err);
1684 }
1685 }
1686 return (Z_OK);
1687 }
1688
1689 int
zonecfg_add_filesystem(zone_dochandle_t handle,struct zone_fstab * tabptr)1690 zonecfg_add_filesystem(zone_dochandle_t handle, struct zone_fstab *tabptr)
1691 {
1692 int err;
1693
1694 if (tabptr == NULL)
1695 return (Z_INVAL);
1696
1697 if ((err = operation_prep(handle)) != Z_OK)
1698 return (err);
1699
1700 if ((err = zonecfg_add_filesystem_core(handle, tabptr)) != Z_OK)
1701 return (err);
1702
1703 return (Z_OK);
1704 }
1705
1706 int
zonecfg_add_fs_option(struct zone_fstab * tabptr,char * option)1707 zonecfg_add_fs_option(struct zone_fstab *tabptr, char *option)
1708 {
1709 zone_fsopt_t *last, *old, *new;
1710
1711 last = tabptr->zone_fs_options;
1712 for (old = last; old != NULL; old = old->zone_fsopt_next)
1713 last = old; /* walk to the end of the list */
1714 new = (zone_fsopt_t *)malloc(sizeof (zone_fsopt_t));
1715 if (new == NULL)
1716 return (Z_NOMEM);
1717 (void) strlcpy(new->zone_fsopt_opt, option,
1718 sizeof (new->zone_fsopt_opt));
1719 new->zone_fsopt_next = NULL;
1720 if (last == NULL)
1721 tabptr->zone_fs_options = new;
1722 else
1723 last->zone_fsopt_next = new;
1724 return (Z_OK);
1725 }
1726
1727 int
zonecfg_remove_fs_option(struct zone_fstab * tabptr,char * option)1728 zonecfg_remove_fs_option(struct zone_fstab *tabptr, char *option)
1729 {
1730 zone_fsopt_t *last, *this, *next;
1731
1732 last = tabptr->zone_fs_options;
1733 for (this = last; this != NULL; this = this->zone_fsopt_next) {
1734 if (strcmp(this->zone_fsopt_opt, option) == 0) {
1735 next = this->zone_fsopt_next;
1736 if (this == tabptr->zone_fs_options)
1737 tabptr->zone_fs_options = next;
1738 else
1739 last->zone_fsopt_next = next;
1740 free(this);
1741 return (Z_OK);
1742 } else
1743 last = this;
1744 }
1745 return (Z_NO_PROPERTY_ID);
1746 }
1747
1748 void
zonecfg_free_fs_option_list(zone_fsopt_t * list)1749 zonecfg_free_fs_option_list(zone_fsopt_t *list)
1750 {
1751 zone_fsopt_t *this, *next;
1752
1753 for (this = list; this != NULL; this = next) {
1754 next = this->zone_fsopt_next;
1755 free(this);
1756 }
1757 }
1758
1759 void
zonecfg_free_rctl_value_list(struct zone_rctlvaltab * valtab)1760 zonecfg_free_rctl_value_list(struct zone_rctlvaltab *valtab)
1761 {
1762 if (valtab == NULL)
1763 return;
1764 zonecfg_free_rctl_value_list(valtab->zone_rctlval_next);
1765 free(valtab);
1766 }
1767
1768 static boolean_t
match_prop(xmlNodePtr cur,const xmlChar * attr,char * user_prop)1769 match_prop(xmlNodePtr cur, const xmlChar *attr, char *user_prop)
1770 {
1771 xmlChar *gotten_prop;
1772 int prop_result;
1773
1774 gotten_prop = xmlGetProp(cur, attr);
1775 if (gotten_prop == NULL) /* shouldn't happen */
1776 return (B_FALSE);
1777 prop_result = xmlStrcmp(gotten_prop, (const xmlChar *) user_prop);
1778 xmlFree(gotten_prop);
1779 return ((prop_result == 0)); /* empty strings will match */
1780 }
1781
1782 static int
zonecfg_delete_filesystem_core(zone_dochandle_t handle,struct zone_fstab * tabptr)1783 zonecfg_delete_filesystem_core(zone_dochandle_t handle,
1784 struct zone_fstab *tabptr)
1785 {
1786 xmlNodePtr cur = handle->zone_dh_cur;
1787 boolean_t dir_match, spec_match, raw_match, type_match;
1788
1789 for (cur = cur->xmlChildrenNode; cur != NULL; cur = cur->next) {
1790 if (xmlStrcmp(cur->name, DTD_ELEM_FS))
1791 continue;
1792 dir_match = match_prop(cur, DTD_ATTR_DIR, tabptr->zone_fs_dir);
1793 spec_match = match_prop(cur, DTD_ATTR_SPECIAL,
1794 tabptr->zone_fs_special);
1795 raw_match = match_prop(cur, DTD_ATTR_RAW,
1796 tabptr->zone_fs_raw);
1797 type_match = match_prop(cur, DTD_ATTR_TYPE,
1798 tabptr->zone_fs_type);
1799 if (dir_match && spec_match && raw_match && type_match) {
1800 xmlUnlinkNode(cur);
1801 xmlFreeNode(cur);
1802 return (Z_OK);
1803 }
1804 }
1805 return (Z_NO_RESOURCE_ID);
1806 }
1807
1808 int
zonecfg_delete_filesystem(zone_dochandle_t handle,struct zone_fstab * tabptr)1809 zonecfg_delete_filesystem(zone_dochandle_t handle, struct zone_fstab *tabptr)
1810 {
1811 int err;
1812
1813 if (tabptr == NULL)
1814 return (Z_INVAL);
1815
1816 if ((err = operation_prep(handle)) != Z_OK)
1817 return (err);
1818
1819 if ((err = zonecfg_delete_filesystem_core(handle, tabptr)) != Z_OK)
1820 return (err);
1821
1822 return (Z_OK);
1823 }
1824
1825 int
zonecfg_modify_filesystem(zone_dochandle_t handle,struct zone_fstab * oldtabptr,struct zone_fstab * newtabptr)1826 zonecfg_modify_filesystem(
1827 zone_dochandle_t handle,
1828 struct zone_fstab *oldtabptr,
1829 struct zone_fstab *newtabptr)
1830 {
1831 int err;
1832
1833 if (oldtabptr == NULL || newtabptr == NULL)
1834 return (Z_INVAL);
1835
1836 if ((err = operation_prep(handle)) != Z_OK)
1837 return (err);
1838
1839 if ((err = zonecfg_delete_filesystem_core(handle, oldtabptr)) != Z_OK)
1840 return (err);
1841
1842 if ((err = zonecfg_add_filesystem_core(handle, newtabptr)) != Z_OK)
1843 return (err);
1844
1845 return (Z_OK);
1846 }
1847
1848 int
zonecfg_lookup_filesystem(zone_dochandle_t handle,struct zone_fstab * tabptr)1849 zonecfg_lookup_filesystem(
1850 zone_dochandle_t handle,
1851 struct zone_fstab *tabptr)
1852 {
1853 xmlNodePtr cur, options, firstmatch;
1854 int err;
1855 char dirname[MAXPATHLEN], special[MAXPATHLEN], raw[MAXPATHLEN];
1856 char type[FSTYPSZ];
1857 char options_str[MAX_MNTOPT_STR];
1858
1859 if (tabptr == NULL)
1860 return (Z_INVAL);
1861
1862 if ((err = operation_prep(handle)) != Z_OK)
1863 return (err);
1864
1865 /*
1866 * Walk the list of children looking for matches on any properties
1867 * specified in the fstab parameter. If more than one resource
1868 * matches, we return Z_INSUFFICIENT_SPEC; if none match, we return
1869 * Z_NO_RESOURCE_ID.
1870 */
1871 cur = handle->zone_dh_cur;
1872 firstmatch = NULL;
1873 for (cur = cur->xmlChildrenNode; cur != NULL; cur = cur->next) {
1874 if (xmlStrcmp(cur->name, DTD_ELEM_FS))
1875 continue;
1876 if (strlen(tabptr->zone_fs_dir) > 0) {
1877 if ((fetchprop(cur, DTD_ATTR_DIR, dirname,
1878 sizeof (dirname)) == Z_OK) &&
1879 (strcmp(tabptr->zone_fs_dir, dirname) == 0)) {
1880 if (firstmatch == NULL)
1881 firstmatch = cur;
1882 else
1883 return (Z_INSUFFICIENT_SPEC);
1884 }
1885 }
1886 if (strlen(tabptr->zone_fs_special) > 0) {
1887 if ((fetchprop(cur, DTD_ATTR_SPECIAL, special,
1888 sizeof (special)) == Z_OK)) {
1889 if (strcmp(tabptr->zone_fs_special,
1890 special) == 0) {
1891 if (firstmatch == NULL)
1892 firstmatch = cur;
1893 else if (firstmatch != cur)
1894 return (Z_INSUFFICIENT_SPEC);
1895 } else {
1896 /*
1897 * If another property matched but this
1898 * one doesn't then reset firstmatch.
1899 */
1900 if (firstmatch == cur)
1901 firstmatch = NULL;
1902 }
1903 }
1904 }
1905 if (strlen(tabptr->zone_fs_raw) > 0) {
1906 if ((fetchprop(cur, DTD_ATTR_RAW, raw,
1907 sizeof (raw)) == Z_OK)) {
1908 if (strcmp(tabptr->zone_fs_raw, raw) == 0) {
1909 if (firstmatch == NULL)
1910 firstmatch = cur;
1911 else if (firstmatch != cur)
1912 return (Z_INSUFFICIENT_SPEC);
1913 } else {
1914 /*
1915 * If another property matched but this
1916 * one doesn't then reset firstmatch.
1917 */
1918 if (firstmatch == cur)
1919 firstmatch = NULL;
1920 }
1921 }
1922 }
1923 if (strlen(tabptr->zone_fs_type) > 0) {
1924 if ((fetchprop(cur, DTD_ATTR_TYPE, type,
1925 sizeof (type)) == Z_OK)) {
1926 if (strcmp(tabptr->zone_fs_type, type) == 0) {
1927 if (firstmatch == NULL)
1928 firstmatch = cur;
1929 else if (firstmatch != cur)
1930 return (Z_INSUFFICIENT_SPEC);
1931 } else {
1932 /*
1933 * If another property matched but this
1934 * one doesn't then reset firstmatch.
1935 */
1936 if (firstmatch == cur)
1937 firstmatch = NULL;
1938 }
1939 }
1940 }
1941 }
1942
1943 if (firstmatch == NULL)
1944 return (Z_NO_RESOURCE_ID);
1945
1946 cur = firstmatch;
1947
1948 if ((err = fetchprop(cur, DTD_ATTR_DIR, tabptr->zone_fs_dir,
1949 sizeof (tabptr->zone_fs_dir))) != Z_OK)
1950 return (err);
1951
1952 if ((err = fetchprop(cur, DTD_ATTR_SPECIAL, tabptr->zone_fs_special,
1953 sizeof (tabptr->zone_fs_special))) != Z_OK)
1954 return (err);
1955
1956 if ((err = fetchprop(cur, DTD_ATTR_RAW, tabptr->zone_fs_raw,
1957 sizeof (tabptr->zone_fs_raw))) != Z_OK)
1958 return (err);
1959
1960 if ((err = fetchprop(cur, DTD_ATTR_TYPE, tabptr->zone_fs_type,
1961 sizeof (tabptr->zone_fs_type))) != Z_OK)
1962 return (err);
1963
1964 /* options are optional */
1965 tabptr->zone_fs_options = NULL;
1966 for (options = cur->xmlChildrenNode; options != NULL;
1967 options = options->next) {
1968 if ((fetchprop(options, DTD_ATTR_NAME, options_str,
1969 sizeof (options_str)) != Z_OK))
1970 break;
1971 if (zonecfg_add_fs_option(tabptr, options_str) != Z_OK)
1972 break;
1973 }
1974 return (Z_OK);
1975 }
1976
1977 /*
1978 * Compare two IP addresses in string form. Allow for the possibility that
1979 * one might have "/<prefix-length>" at the end: allow a match on just the
1980 * IP address (or host name) part.
1981 */
1982
1983 boolean_t
zonecfg_same_net_address(char * a1,char * a2)1984 zonecfg_same_net_address(char *a1, char *a2)
1985 {
1986 char *slashp, *slashp1, *slashp2;
1987 int result;
1988
1989 if (strcmp(a1, a2) == 0)
1990 return (B_TRUE);
1991
1992 /*
1993 * If neither has a slash or both do, they need to match to be
1994 * considered the same, but they did not match above, so fail.
1995 */
1996 slashp1 = strchr(a1, '/');
1997 slashp2 = strchr(a2, '/');
1998 if ((slashp1 == NULL && slashp2 == NULL) ||
1999 (slashp1 != NULL && slashp2 != NULL))
2000 return (B_FALSE);
2001
2002 /*
2003 * Only one had a slash: pick that one, zero out the slash, compare
2004 * the "address only" strings, restore the slash, and return the
2005 * result of the comparison.
2006 */
2007 slashp = (slashp1 == NULL) ? slashp2 : slashp1;
2008 *slashp = '\0';
2009 result = strcmp(a1, a2);
2010 *slashp = '/';
2011 return ((result == 0));
2012 }
2013
2014 int
zonecfg_valid_net_address(char * address,struct lifreq * lifr)2015 zonecfg_valid_net_address(char *address, struct lifreq *lifr)
2016 {
2017 struct sockaddr_in *sin4;
2018 struct sockaddr_in6 *sin6;
2019 struct addrinfo hints, *result;
2020 char *slashp = strchr(address, '/');
2021
2022 bzero(lifr, sizeof (struct lifreq));
2023 sin4 = (struct sockaddr_in *)&lifr->lifr_addr;
2024 sin6 = (struct sockaddr_in6 *)&lifr->lifr_addr;
2025 if (slashp != NULL)
2026 *slashp = '\0';
2027 if (inet_pton(AF_INET, address, &sin4->sin_addr) == 1) {
2028 sin4->sin_family = AF_INET;
2029 } else if (inet_pton(AF_INET6, address, &sin6->sin6_addr) == 1) {
2030 if (slashp == NULL)
2031 return (Z_IPV6_ADDR_PREFIX_LEN);
2032 sin6->sin6_family = AF_INET6;
2033 } else {
2034 /* "address" may be a host name */
2035 (void) memset(&hints, 0, sizeof (hints));
2036 hints.ai_family = PF_INET;
2037 if (getaddrinfo(address, NULL, &hints, &result) != 0)
2038 return (Z_BOGUS_ADDRESS);
2039 sin4->sin_family = result->ai_family;
2040
2041 (void) memcpy(&sin4->sin_addr,
2042 /* LINTED E_BAD_PTR_CAST_ALIGN */
2043 &((struct sockaddr_in *)result->ai_addr)->sin_addr,
2044 sizeof (struct in_addr));
2045
2046 freeaddrinfo(result);
2047 }
2048 return (Z_OK);
2049 }
2050
2051 boolean_t
zonecfg_ifname_exists(sa_family_t af,char * ifname)2052 zonecfg_ifname_exists(sa_family_t af, char *ifname)
2053 {
2054 struct lifreq lifr;
2055 int so;
2056 int save_errno;
2057
2058 (void) memset(&lifr, 0, sizeof (lifr));
2059 (void) strlcpy(lifr.lifr_name, ifname, sizeof (lifr.lifr_name));
2060 lifr.lifr_addr.ss_family = af;
2061 if ((so = socket(af, SOCK_DGRAM, 0)) < 0) {
2062 /* Odd - can't tell if the ifname exists */
2063 return (B_FALSE);
2064 }
2065 if (ioctl(so, SIOCGLIFFLAGS, (caddr_t)&lifr) < 0) {
2066 save_errno = errno;
2067 (void) close(so);
2068 errno = save_errno;
2069 return (B_FALSE);
2070 }
2071 (void) close(so);
2072 return (B_TRUE);
2073 }
2074
2075 /*
2076 * Determines whether there is a net resource with the physical interface, IP
2077 * address, and default router specified by 'tabptr' in the zone configuration
2078 * to which 'handle' refers. 'tabptr' must have an interface, an address, a
2079 * default router, or a combination of the three. This function returns Z_OK
2080 * iff there is exactly one net resource matching the query specified by
2081 * 'tabptr'. The function returns Z_INSUFFICIENT_SPEC if there are multiple
2082 * matches or 'tabptr' does not specify a physical interface, address, or
2083 * default router. The function returns Z_NO_RESOURCE_ID if are no matches.
2084 *
2085 * Errors might also be returned if the entry that exactly matches the
2086 * query lacks critical network resource information.
2087 *
2088 * If there is a single match, then the matching entry's physical interface, IP
2089 * address, and default router information are stored in 'tabptr'.
2090 */
2091 int
zonecfg_lookup_nwif(zone_dochandle_t handle,struct zone_nwiftab * tabptr)2092 zonecfg_lookup_nwif(zone_dochandle_t handle, struct zone_nwiftab *tabptr)
2093 {
2094 xmlNodePtr cur;
2095 xmlNodePtr firstmatch;
2096 int err;
2097 char address[INET6_ADDRSTRLEN];
2098 char physical[LIFNAMSIZ];
2099 size_t addrspec; /* nonzero if tabptr has IP addr */
2100 size_t physspec; /* nonzero if tabptr has interface */
2101 size_t defrouterspec; /* nonzero if tabptr has def. router */
2102 size_t allowed_addrspec;
2103 zone_iptype_t iptype;
2104
2105 if (tabptr == NULL)
2106 return (Z_INVAL);
2107
2108 /*
2109 * Determine the fields that will be searched. There must be at least
2110 * one.
2111 *
2112 * zone_nwif_address, zone_nwif_physical, and zone_nwif_defrouter are
2113 * arrays, so no NULL checks are necessary.
2114 */
2115 addrspec = strlen(tabptr->zone_nwif_address);
2116 physspec = strlen(tabptr->zone_nwif_physical);
2117 defrouterspec = strlen(tabptr->zone_nwif_defrouter);
2118 allowed_addrspec = strlen(tabptr->zone_nwif_allowed_address);
2119 if (addrspec != 0 && allowed_addrspec != 0)
2120 return (Z_INVAL); /* can't specify both */
2121 if (addrspec == 0 && physspec == 0 && defrouterspec == 0 &&
2122 allowed_addrspec == 0)
2123 return (Z_INSUFFICIENT_SPEC);
2124
2125 if ((err = operation_prep(handle)) != Z_OK)
2126 return (err);
2127
2128 if ((err = zonecfg_get_iptype(handle, &iptype)) != Z_OK)
2129 return (err);
2130 /*
2131 * Iterate over the configuration's elements and look for net elements
2132 * that match the query.
2133 */
2134 firstmatch = NULL;
2135 cur = handle->zone_dh_cur;
2136 for (cur = cur->xmlChildrenNode; cur != NULL; cur = cur->next) {
2137 /* Skip non-net elements */
2138 if (xmlStrcmp(cur->name, DTD_ELEM_NET))
2139 continue;
2140
2141 /*
2142 * If any relevant fields don't match the query, then skip
2143 * the current net element.
2144 */
2145 if (physspec != 0 && (fetchprop(cur, DTD_ATTR_PHYSICAL,
2146 physical, sizeof (physical)) != Z_OK ||
2147 strcmp(tabptr->zone_nwif_physical, physical) != 0))
2148 continue;
2149 if (iptype == ZS_SHARED && addrspec != 0 &&
2150 (fetchprop(cur, DTD_ATTR_ADDRESS, address,
2151 sizeof (address)) != Z_OK ||
2152 !zonecfg_same_net_address(tabptr->zone_nwif_address,
2153 address)))
2154 continue;
2155 if (iptype == ZS_EXCLUSIVE && allowed_addrspec != 0 &&
2156 (fetchprop(cur, DTD_ATTR_ALLOWED_ADDRESS, address,
2157 sizeof (address)) != Z_OK ||
2158 !zonecfg_same_net_address(tabptr->zone_nwif_allowed_address,
2159 address)))
2160 continue;
2161 if (defrouterspec != 0 && (fetchprop(cur, DTD_ATTR_DEFROUTER,
2162 address, sizeof (address)) != Z_OK ||
2163 !zonecfg_same_net_address(tabptr->zone_nwif_defrouter,
2164 address)))
2165 continue;
2166
2167 /*
2168 * The current net element matches the query. Select it if
2169 * it's the first match; otherwise, abort the search.
2170 */
2171 if (firstmatch == NULL)
2172 firstmatch = cur;
2173 else
2174 return (Z_INSUFFICIENT_SPEC);
2175 }
2176 if (firstmatch == NULL)
2177 return (Z_NO_RESOURCE_ID);
2178
2179 cur = firstmatch;
2180
2181 if ((err = fetchprop(cur, DTD_ATTR_PHYSICAL, tabptr->zone_nwif_physical,
2182 sizeof (tabptr->zone_nwif_physical))) != Z_OK)
2183 return (err);
2184
2185 if (iptype == ZS_SHARED &&
2186 (err = fetchprop(cur, DTD_ATTR_ADDRESS, tabptr->zone_nwif_address,
2187 sizeof (tabptr->zone_nwif_address))) != Z_OK)
2188 return (err);
2189
2190 if (iptype == ZS_EXCLUSIVE &&
2191 (err = fetchprop(cur, DTD_ATTR_ALLOWED_ADDRESS,
2192 tabptr->zone_nwif_allowed_address,
2193 sizeof (tabptr->zone_nwif_allowed_address))) != Z_OK)
2194 return (err);
2195
2196 if ((err = fetchprop(cur, DTD_ATTR_DEFROUTER,
2197 tabptr->zone_nwif_defrouter,
2198 sizeof (tabptr->zone_nwif_defrouter))) != Z_OK)
2199 return (err);
2200
2201 return (Z_OK);
2202 }
2203
2204 static int
zonecfg_add_nwif_core(zone_dochandle_t handle,struct zone_nwiftab * tabptr)2205 zonecfg_add_nwif_core(zone_dochandle_t handle, struct zone_nwiftab *tabptr)
2206 {
2207 xmlNodePtr newnode, cur = handle->zone_dh_cur;
2208 int err;
2209
2210 newnode = xmlNewTextChild(cur, NULL, DTD_ELEM_NET, NULL);
2211 if (strlen(tabptr->zone_nwif_address) > 0 &&
2212 (err = newprop(newnode, DTD_ATTR_ADDRESS,
2213 tabptr->zone_nwif_address)) != Z_OK)
2214 return (err);
2215 if (strlen(tabptr->zone_nwif_allowed_address) > 0 &&
2216 (err = newprop(newnode, DTD_ATTR_ALLOWED_ADDRESS,
2217 tabptr->zone_nwif_allowed_address)) != Z_OK)
2218 return (err);
2219 if ((err = newprop(newnode, DTD_ATTR_PHYSICAL,
2220 tabptr->zone_nwif_physical)) != Z_OK)
2221 return (err);
2222 /*
2223 * Do not add this property when it is not set, for backwards
2224 * compatibility and because it is optional.
2225 */
2226 if ((strlen(tabptr->zone_nwif_defrouter) > 0) &&
2227 ((err = newprop(newnode, DTD_ATTR_DEFROUTER,
2228 tabptr->zone_nwif_defrouter)) != Z_OK))
2229 return (err);
2230 return (Z_OK);
2231 }
2232
2233 int
zonecfg_add_nwif(zone_dochandle_t handle,struct zone_nwiftab * tabptr)2234 zonecfg_add_nwif(zone_dochandle_t handle, struct zone_nwiftab *tabptr)
2235 {
2236 int err;
2237
2238 if (tabptr == NULL)
2239 return (Z_INVAL);
2240
2241 if ((err = operation_prep(handle)) != Z_OK)
2242 return (err);
2243
2244 if ((err = zonecfg_add_nwif_core(handle, tabptr)) != Z_OK)
2245 return (err);
2246
2247 return (Z_OK);
2248 }
2249
2250 static int
zonecfg_delete_nwif_core(zone_dochandle_t handle,struct zone_nwiftab * tabptr)2251 zonecfg_delete_nwif_core(zone_dochandle_t handle, struct zone_nwiftab *tabptr)
2252 {
2253 xmlNodePtr cur = handle->zone_dh_cur;
2254 boolean_t addr_match, phys_match, allowed_addr_match;
2255
2256 for (cur = cur->xmlChildrenNode; cur != NULL; cur = cur->next) {
2257 if (xmlStrcmp(cur->name, DTD_ELEM_NET))
2258 continue;
2259
2260 addr_match = match_prop(cur, DTD_ATTR_ADDRESS,
2261 tabptr->zone_nwif_address);
2262 allowed_addr_match = match_prop(cur, DTD_ATTR_ALLOWED_ADDRESS,
2263 tabptr->zone_nwif_allowed_address);
2264 phys_match = match_prop(cur, DTD_ATTR_PHYSICAL,
2265 tabptr->zone_nwif_physical);
2266
2267 if (addr_match && allowed_addr_match && phys_match) {
2268 xmlUnlinkNode(cur);
2269 xmlFreeNode(cur);
2270 return (Z_OK);
2271 }
2272 }
2273 return (Z_NO_RESOURCE_ID);
2274 }
2275
2276 int
zonecfg_delete_nwif(zone_dochandle_t handle,struct zone_nwiftab * tabptr)2277 zonecfg_delete_nwif(zone_dochandle_t handle, struct zone_nwiftab *tabptr)
2278 {
2279 int err;
2280
2281 if (tabptr == NULL)
2282 return (Z_INVAL);
2283
2284 if ((err = operation_prep(handle)) != Z_OK)
2285 return (err);
2286
2287 if ((err = zonecfg_delete_nwif_core(handle, tabptr)) != Z_OK)
2288 return (err);
2289
2290 return (Z_OK);
2291 }
2292
2293 int
zonecfg_modify_nwif(zone_dochandle_t handle,struct zone_nwiftab * oldtabptr,struct zone_nwiftab * newtabptr)2294 zonecfg_modify_nwif(
2295 zone_dochandle_t handle,
2296 struct zone_nwiftab *oldtabptr,
2297 struct zone_nwiftab *newtabptr)
2298 {
2299 int err;
2300
2301 if (oldtabptr == NULL || newtabptr == NULL)
2302 return (Z_INVAL);
2303
2304 if ((err = operation_prep(handle)) != Z_OK)
2305 return (err);
2306
2307 if ((err = zonecfg_delete_nwif_core(handle, oldtabptr)) != Z_OK)
2308 return (err);
2309
2310 if ((err = zonecfg_add_nwif_core(handle, newtabptr)) != Z_OK)
2311 return (err);
2312
2313 return (Z_OK);
2314 }
2315
2316 /*
2317 * Must be a comma-separated list of alpha-numeric file system names.
2318 */
2319 static int
zonecfg_valid_fs_allowed(const char * fsallowedp)2320 zonecfg_valid_fs_allowed(const char *fsallowedp)
2321 {
2322 char tmp[ZONE_FS_ALLOWED_MAX];
2323 char *cp = tmp;
2324 char *p;
2325
2326 if (strlen(fsallowedp) > ZONE_FS_ALLOWED_MAX)
2327 return (Z_TOO_BIG);
2328
2329 (void) strlcpy(tmp, fsallowedp, sizeof (tmp));
2330
2331 while (*cp != '\0') {
2332 p = cp;
2333 while (*p != '\0' && *p != ',') {
2334 if (!isalnum(*p) && *p != '-')
2335 return (Z_INVALID_PROPERTY);
2336 p++;
2337 }
2338
2339 if (*p == ',') {
2340 if (p == cp)
2341 return (Z_INVALID_PROPERTY);
2342
2343 p++;
2344
2345 if (*p == '\0')
2346 return (Z_INVALID_PROPERTY);
2347 }
2348
2349 cp = p;
2350 }
2351
2352 return (Z_OK);
2353 }
2354
2355 int
zonecfg_get_fs_allowed(zone_dochandle_t handle,char * bufp,size_t buflen)2356 zonecfg_get_fs_allowed(zone_dochandle_t handle, char *bufp, size_t buflen)
2357 {
2358 int err;
2359
2360 if ((err = getrootattr(handle, DTD_ATTR_FS_ALLOWED,
2361 bufp, buflen)) != Z_OK)
2362 return (err);
2363 if (bufp[0] == '\0')
2364 return (Z_BAD_PROPERTY);
2365 return (zonecfg_valid_fs_allowed(bufp));
2366 }
2367
2368 int
zonecfg_set_fs_allowed(zone_dochandle_t handle,const char * bufp)2369 zonecfg_set_fs_allowed(zone_dochandle_t handle, const char *bufp)
2370 {
2371 int err;
2372
2373 if (bufp == NULL || (err = zonecfg_valid_fs_allowed(bufp)) == Z_OK)
2374 return (setrootattr(handle, DTD_ATTR_FS_ALLOWED, bufp));
2375 return (err);
2376 }
2377
2378 /*
2379 * Determines if the specified string is a valid hostid string. This function
2380 * returns Z_OK if the string is a valid hostid string. It returns Z_INVAL if
2381 * 'hostidp' is NULL, Z_TOO_BIG if 'hostidp' refers to a string buffer
2382 * containing a hex string with more than 8 digits, and Z_INVALID_PROPERTY if
2383 * the string has an invalid format.
2384 */
2385 static int
zonecfg_valid_hostid(const char * hostidp)2386 zonecfg_valid_hostid(const char *hostidp)
2387 {
2388 char *currentp;
2389 u_longlong_t hostidval;
2390 size_t len;
2391
2392 if (hostidp == NULL)
2393 return (Z_INVAL);
2394
2395 /* Empty strings and strings with whitespace are invalid. */
2396 if (*hostidp == '\0')
2397 return (Z_INVALID_PROPERTY);
2398 for (currentp = (char *)hostidp; *currentp != '\0'; ++currentp) {
2399 if (isspace(*currentp))
2400 return (Z_INVALID_PROPERTY);
2401 }
2402 len = (size_t)(currentp - hostidp);
2403
2404 /*
2405 * The caller might pass a hostid that is larger than the maximum
2406 * unsigned 32-bit integral value. Check for this! Also, make sure
2407 * that the whole string is converted (this helps us find illegal
2408 * characters) and that the whole string fits within a buffer of size
2409 * HW_HOSTID_LEN.
2410 */
2411 currentp = (char *)hostidp;
2412 if (strncmp(hostidp, "0x", 2) == 0 || strncmp(hostidp, "0X", 2) == 0)
2413 currentp += 2;
2414 hostidval = strtoull(currentp, ¤tp, 16);
2415 if ((size_t)(currentp - hostidp) >= HW_HOSTID_LEN)
2416 return (Z_TOO_BIG);
2417 if (hostidval > UINT_MAX || hostidval == HW_INVALID_HOSTID ||
2418 currentp != hostidp + len)
2419 return (Z_INVALID_PROPERTY);
2420 return (Z_OK);
2421 }
2422
2423 /*
2424 * Gets the zone hostid string stored in the specified zone configuration
2425 * document. This function returns Z_OK on success. Z_BAD_PROPERTY is returned
2426 * if the config file doesn't specify a hostid or if the hostid is blank.
2427 *
2428 * Note that buflen should be at least HW_HOSTID_LEN.
2429 */
2430 int
zonecfg_get_hostid(zone_dochandle_t handle,char * bufp,size_t buflen)2431 zonecfg_get_hostid(zone_dochandle_t handle, char *bufp, size_t buflen)
2432 {
2433 int err;
2434
2435 if ((err = getrootattr(handle, DTD_ATTR_HOSTID, bufp, buflen)) != Z_OK)
2436 return (err);
2437 if (bufp[0] == '\0')
2438 return (Z_BAD_PROPERTY);
2439 return (zonecfg_valid_hostid(bufp));
2440 }
2441
2442 /*
2443 * Sets the hostid string in the specified zone config document to the given
2444 * string value. If 'hostidp' is NULL, then the config document's hostid
2445 * attribute is cleared. Non-NULL hostids are validated. This function returns
2446 * Z_OK on success. Any other return value indicates failure.
2447 */
2448 int
zonecfg_set_hostid(zone_dochandle_t handle,const char * hostidp)2449 zonecfg_set_hostid(zone_dochandle_t handle, const char *hostidp)
2450 {
2451 int err;
2452
2453 /*
2454 * A NULL hostid string is interpreted as a request to clear the
2455 * hostid.
2456 */
2457 if (hostidp == NULL || (err = zonecfg_valid_hostid(hostidp)) == Z_OK)
2458 return (setrootattr(handle, DTD_ATTR_HOSTID, hostidp));
2459 return (err);
2460 }
2461
2462 int
zonecfg_lookup_dev(zone_dochandle_t handle,struct zone_devtab * tabptr)2463 zonecfg_lookup_dev(zone_dochandle_t handle, struct zone_devtab *tabptr)
2464 {
2465 xmlNodePtr cur, firstmatch;
2466 int err;
2467 char match[MAXPATHLEN];
2468
2469 if (tabptr == NULL)
2470 return (Z_INVAL);
2471
2472 if ((err = operation_prep(handle)) != Z_OK)
2473 return (err);
2474
2475 cur = handle->zone_dh_cur;
2476 firstmatch = NULL;
2477 for (cur = cur->xmlChildrenNode; cur != NULL; cur = cur->next) {
2478 if (xmlStrcmp(cur->name, DTD_ELEM_DEVICE))
2479 continue;
2480 if (strlen(tabptr->zone_dev_match) == 0)
2481 continue;
2482
2483 if ((fetchprop(cur, DTD_ATTR_MATCH, match,
2484 sizeof (match)) == Z_OK)) {
2485 if (strcmp(tabptr->zone_dev_match,
2486 match) == 0) {
2487 if (firstmatch == NULL)
2488 firstmatch = cur;
2489 else if (firstmatch != cur)
2490 return (Z_INSUFFICIENT_SPEC);
2491 } else {
2492 /*
2493 * If another property matched but this
2494 * one doesn't then reset firstmatch.
2495 */
2496 if (firstmatch == cur)
2497 firstmatch = NULL;
2498 }
2499 }
2500 }
2501 if (firstmatch == NULL)
2502 return (Z_NO_RESOURCE_ID);
2503
2504 cur = firstmatch;
2505
2506 if ((err = fetchprop(cur, DTD_ATTR_MATCH, tabptr->zone_dev_match,
2507 sizeof (tabptr->zone_dev_match))) != Z_OK)
2508 return (err);
2509
2510 return (Z_OK);
2511 }
2512
2513 static int
zonecfg_add_dev_core(zone_dochandle_t handle,struct zone_devtab * tabptr)2514 zonecfg_add_dev_core(zone_dochandle_t handle, struct zone_devtab *tabptr)
2515 {
2516 xmlNodePtr newnode, cur = handle->zone_dh_cur;
2517 int err;
2518
2519 newnode = xmlNewTextChild(cur, NULL, DTD_ELEM_DEVICE, NULL);
2520
2521 if ((err = newprop(newnode, DTD_ATTR_MATCH,
2522 tabptr->zone_dev_match)) != Z_OK)
2523 return (err);
2524
2525 return (Z_OK);
2526 }
2527
2528 int
zonecfg_add_dev(zone_dochandle_t handle,struct zone_devtab * tabptr)2529 zonecfg_add_dev(zone_dochandle_t handle, struct zone_devtab *tabptr)
2530 {
2531 int err;
2532
2533 if (tabptr == NULL)
2534 return (Z_INVAL);
2535
2536 if ((err = operation_prep(handle)) != Z_OK)
2537 return (err);
2538
2539 if ((err = zonecfg_add_dev_core(handle, tabptr)) != Z_OK)
2540 return (err);
2541
2542 return (Z_OK);
2543 }
2544
2545 static int
zonecfg_delete_dev_core(zone_dochandle_t handle,struct zone_devtab * tabptr)2546 zonecfg_delete_dev_core(zone_dochandle_t handle, struct zone_devtab *tabptr)
2547 {
2548 xmlNodePtr cur = handle->zone_dh_cur;
2549 int match_match;
2550
2551 for (cur = cur->xmlChildrenNode; cur != NULL; cur = cur->next) {
2552 if (xmlStrcmp(cur->name, DTD_ELEM_DEVICE))
2553 continue;
2554
2555 match_match = match_prop(cur, DTD_ATTR_MATCH,
2556 tabptr->zone_dev_match);
2557
2558 if (match_match) {
2559 xmlUnlinkNode(cur);
2560 xmlFreeNode(cur);
2561 return (Z_OK);
2562 }
2563 }
2564 return (Z_NO_RESOURCE_ID);
2565 }
2566
2567 int
zonecfg_delete_dev(zone_dochandle_t handle,struct zone_devtab * tabptr)2568 zonecfg_delete_dev(zone_dochandle_t handle, struct zone_devtab *tabptr)
2569 {
2570 int err;
2571
2572 if (tabptr == NULL)
2573 return (Z_INVAL);
2574
2575 if ((err = operation_prep(handle)) != Z_OK)
2576 return (err);
2577
2578 if ((err = zonecfg_delete_dev_core(handle, tabptr)) != Z_OK)
2579 return (err);
2580
2581 return (Z_OK);
2582 }
2583
2584 int
zonecfg_modify_dev(zone_dochandle_t handle,struct zone_devtab * oldtabptr,struct zone_devtab * newtabptr)2585 zonecfg_modify_dev(
2586 zone_dochandle_t handle,
2587 struct zone_devtab *oldtabptr,
2588 struct zone_devtab *newtabptr)
2589 {
2590 int err;
2591
2592 if (oldtabptr == NULL || newtabptr == NULL)
2593 return (Z_INVAL);
2594
2595 if ((err = operation_prep(handle)) != Z_OK)
2596 return (err);
2597
2598 if ((err = zonecfg_delete_dev_core(handle, oldtabptr)) != Z_OK)
2599 return (err);
2600
2601 if ((err = zonecfg_add_dev_core(handle, newtabptr)) != Z_OK)
2602 return (err);
2603
2604 return (Z_OK);
2605 }
2606
2607 static int
zonecfg_add_auth_core(zone_dochandle_t handle,struct zone_admintab * tabptr,char * zonename)2608 zonecfg_add_auth_core(zone_dochandle_t handle, struct zone_admintab *tabptr,
2609 char *zonename)
2610 {
2611 xmlNodePtr newnode, cur = handle->zone_dh_cur;
2612 int err;
2613
2614 newnode = xmlNewTextChild(cur, NULL, DTD_ELEM_ADMIN, NULL);
2615 err = newprop(newnode, DTD_ATTR_USER, tabptr->zone_admin_user);
2616 if (err != Z_OK)
2617 return (err);
2618 err = newprop(newnode, DTD_ATTR_AUTHS, tabptr->zone_admin_auths);
2619 if (err != Z_OK)
2620 return (err);
2621 if ((err = zonecfg_remove_userauths(
2622 handle, tabptr->zone_admin_user, zonename, B_FALSE)) != Z_OK)
2623 return (err);
2624 return (Z_OK);
2625 }
2626
2627 int
zonecfg_add_admin(zone_dochandle_t handle,struct zone_admintab * tabptr,char * zonename)2628 zonecfg_add_admin(zone_dochandle_t handle, struct zone_admintab *tabptr,
2629 char *zonename)
2630 {
2631 int err;
2632
2633 if (tabptr == NULL)
2634 return (Z_INVAL);
2635
2636 if ((err = operation_prep(handle)) != Z_OK)
2637 return (err);
2638
2639 if ((err = zonecfg_add_auth_core(handle, tabptr,
2640 zonename)) != Z_OK)
2641 return (err);
2642
2643 return (Z_OK);
2644 }
2645
2646 static int
zonecfg_delete_auth_core(zone_dochandle_t handle,struct zone_admintab * tabptr,char * zonename)2647 zonecfg_delete_auth_core(zone_dochandle_t handle, struct zone_admintab *tabptr,
2648 char *zonename)
2649 {
2650 xmlNodePtr cur = handle->zone_dh_cur;
2651 boolean_t auth_match;
2652 int err;
2653
2654 for (cur = cur->xmlChildrenNode; cur != NULL; cur = cur->next) {
2655 if (xmlStrcmp(cur->name, DTD_ELEM_ADMIN))
2656 continue;
2657 auth_match = match_prop(cur, DTD_ATTR_USER,
2658 tabptr->zone_admin_user);
2659 if (auth_match) {
2660 if ((err = zonecfg_insert_userauths(
2661 handle, tabptr->zone_admin_user,
2662 zonename)) != Z_OK)
2663 return (err);
2664 xmlUnlinkNode(cur);
2665 xmlFreeNode(cur);
2666 return (Z_OK);
2667 }
2668 }
2669 return (Z_NO_RESOURCE_ID);
2670 }
2671
2672 int
zonecfg_delete_admin(zone_dochandle_t handle,struct zone_admintab * tabptr,char * zonename)2673 zonecfg_delete_admin(zone_dochandle_t handle, struct zone_admintab *tabptr,
2674 char *zonename)
2675 {
2676 int err;
2677
2678 if (tabptr == NULL)
2679 return (Z_INVAL);
2680
2681 if ((err = operation_prep(handle)) != Z_OK)
2682 return (err);
2683
2684 if ((err = zonecfg_delete_auth_core(handle, tabptr, zonename)) != Z_OK)
2685 return (err);
2686
2687 return (Z_OK);
2688 }
2689
2690 int
zonecfg_modify_admin(zone_dochandle_t handle,struct zone_admintab * oldtabptr,struct zone_admintab * newtabptr,char * zonename)2691 zonecfg_modify_admin(zone_dochandle_t handle, struct zone_admintab *oldtabptr,
2692 struct zone_admintab *newtabptr, char *zonename)
2693 {
2694 int err;
2695
2696 if (oldtabptr == NULL || newtabptr == NULL)
2697 return (Z_INVAL);
2698
2699 if ((err = operation_prep(handle)) != Z_OK)
2700 return (err);
2701
2702 if ((err = zonecfg_delete_auth_core(handle, oldtabptr, zonename))
2703 != Z_OK)
2704 return (err);
2705
2706 if ((err = zonecfg_add_auth_core(handle, newtabptr,
2707 zonename)) != Z_OK)
2708 return (err);
2709
2710 return (Z_OK);
2711 }
2712
2713 int
zonecfg_lookup_admin(zone_dochandle_t handle,struct zone_admintab * tabptr)2714 zonecfg_lookup_admin(zone_dochandle_t handle, struct zone_admintab *tabptr)
2715 {
2716 xmlNodePtr cur, firstmatch;
2717 int err;
2718 char user[MAXUSERNAME];
2719
2720 if (tabptr == NULL)
2721 return (Z_INVAL);
2722
2723 if ((err = operation_prep(handle)) != Z_OK)
2724 return (err);
2725
2726 cur = handle->zone_dh_cur;
2727 firstmatch = NULL;
2728 for (cur = cur->xmlChildrenNode; cur != NULL; cur = cur->next) {
2729 if (xmlStrcmp(cur->name, DTD_ELEM_ADMIN))
2730 continue;
2731 if (strlen(tabptr->zone_admin_user) > 0) {
2732 if ((fetchprop(cur, DTD_ATTR_USER, user,
2733 sizeof (user)) == Z_OK) &&
2734 (strcmp(tabptr->zone_admin_user, user) == 0)) {
2735 if (firstmatch == NULL)
2736 firstmatch = cur;
2737 else
2738 return (Z_INSUFFICIENT_SPEC);
2739 }
2740 }
2741 }
2742 if (firstmatch == NULL)
2743 return (Z_NO_RESOURCE_ID);
2744
2745 cur = firstmatch;
2746
2747 if ((err = fetchprop(cur, DTD_ATTR_USER, tabptr->zone_admin_user,
2748 sizeof (tabptr->zone_admin_user))) != Z_OK)
2749 return (err);
2750
2751 if ((err = fetchprop(cur, DTD_ATTR_AUTHS, tabptr->zone_admin_auths,
2752 sizeof (tabptr->zone_admin_auths))) != Z_OK)
2753 return (err);
2754
2755 return (Z_OK);
2756 }
2757
2758 static int
zonecfg_add_secflags_core(zone_dochandle_t handle,struct zone_secflagstab * tabptr)2759 zonecfg_add_secflags_core(zone_dochandle_t handle,
2760 struct zone_secflagstab *tabptr)
2761 {
2762 xmlNodePtr newnode, cur = handle->zone_dh_cur;
2763 int err;
2764
2765 newnode = xmlNewTextChild(cur, NULL, DTD_ELEM_SECFLAGS, NULL);
2766 err = newprop(newnode, DTD_ATTR_DEFAULT, tabptr->zone_secflags_default);
2767 if (err != Z_OK)
2768 return (err);
2769 err = newprop(newnode, DTD_ATTR_LOWER, tabptr->zone_secflags_lower);
2770 if (err != Z_OK)
2771 return (err);
2772 err = newprop(newnode, DTD_ATTR_UPPER, tabptr->zone_secflags_upper);
2773 if (err != Z_OK)
2774 return (err);
2775
2776 return (Z_OK);
2777 }
2778
2779 int
zonecfg_add_secflags(zone_dochandle_t handle,struct zone_secflagstab * tabptr)2780 zonecfg_add_secflags(zone_dochandle_t handle, struct zone_secflagstab *tabptr)
2781 {
2782 int err;
2783
2784
2785 if (tabptr == NULL)
2786 return (Z_INVAL);
2787
2788 if ((err = operation_prep(handle)) != Z_OK)
2789 return (err);
2790
2791 if ((err = zonecfg_add_secflags_core(handle, tabptr)) != Z_OK)
2792 return (err);
2793
2794 return (Z_OK);
2795 }
2796
2797 static int
zonecfg_delete_secflags_core(zone_dochandle_t handle,struct zone_secflagstab * tabptr)2798 zonecfg_delete_secflags_core(zone_dochandle_t handle,
2799 struct zone_secflagstab *tabptr)
2800 {
2801 xmlNodePtr cur = handle->zone_dh_cur;
2802 boolean_t def_match, low_match, up_match;
2803
2804 for (cur = cur->xmlChildrenNode; cur != NULL; cur = cur->next) {
2805 if (xmlStrcmp(cur->name, DTD_ELEM_SECFLAGS) != 0)
2806 continue;
2807
2808 def_match = match_prop(cur, DTD_ATTR_DEFAULT,
2809 tabptr->zone_secflags_default);
2810 low_match = match_prop(cur, DTD_ATTR_LOWER,
2811 tabptr->zone_secflags_lower);
2812 up_match = match_prop(cur, DTD_ATTR_UPPER,
2813 tabptr->zone_secflags_upper);
2814
2815 if (def_match && low_match && up_match) {
2816 xmlUnlinkNode(cur);
2817 xmlFreeNode(cur);
2818 return (Z_OK);
2819 }
2820
2821 }
2822 return (Z_NO_RESOURCE_ID);
2823 }
2824
2825 int
zonecfg_delete_secflags(zone_dochandle_t handle,struct zone_secflagstab * tabptr)2826 zonecfg_delete_secflags(zone_dochandle_t handle,
2827 struct zone_secflagstab *tabptr)
2828 {
2829 int err;
2830
2831 if (tabptr == NULL)
2832 return (Z_INVAL);
2833
2834 if ((err = operation_prep(handle)) != Z_OK)
2835 return (err);
2836
2837 if ((err = zonecfg_delete_secflags_core(handle, tabptr)) != Z_OK)
2838 return (err);
2839
2840 return (Z_OK);
2841 }
2842
2843 int
zonecfg_modify_secflags(zone_dochandle_t handle,struct zone_secflagstab * oldtabptr,struct zone_secflagstab * newtabptr)2844 zonecfg_modify_secflags(zone_dochandle_t handle,
2845 struct zone_secflagstab *oldtabptr,
2846 struct zone_secflagstab *newtabptr)
2847 {
2848 int err;
2849
2850 if (oldtabptr == NULL || newtabptr == NULL)
2851 return (Z_INVAL);
2852
2853 if ((err = operation_prep(handle)) != Z_OK)
2854 return (err);
2855
2856 if ((err = zonecfg_delete_secflags_core(handle, oldtabptr))
2857 != Z_OK)
2858 return (err);
2859
2860 if ((err = zonecfg_add_secflags_core(handle, newtabptr)) != Z_OK)
2861 return (err);
2862
2863 return (Z_OK);
2864 }
2865
2866 int
zonecfg_lookup_secflags(zone_dochandle_t handle,struct zone_secflagstab * tabptr)2867 zonecfg_lookup_secflags(zone_dochandle_t handle,
2868 struct zone_secflagstab *tabptr)
2869 {
2870 xmlNodePtr cur;
2871 int err;
2872
2873 if (tabptr == NULL)
2874 return (Z_INVAL);
2875
2876 if ((err = operation_prep(handle)) != Z_OK)
2877 return (err);
2878
2879 cur = handle->zone_dh_cur;
2880
2881 for (cur = cur->xmlChildrenNode; cur != NULL; cur = cur->next) {
2882 if (xmlStrcmp(cur->name, DTD_ELEM_SECFLAGS) != 0)
2883 continue;
2884
2885 if ((err = fetchprop(cur, DTD_ATTR_DEFAULT,
2886 tabptr->zone_secflags_default,
2887 sizeof (tabptr->zone_secflags_default))) != Z_OK) {
2888 handle->zone_dh_cur = handle->zone_dh_top;
2889 return (err);
2890 }
2891
2892 if ((err = fetchprop(cur, DTD_ATTR_LOWER,
2893 tabptr->zone_secflags_lower,
2894 sizeof (tabptr->zone_secflags_lower))) != Z_OK) {
2895 handle->zone_dh_cur = handle->zone_dh_top;
2896 return (err);
2897 }
2898
2899 if ((err = fetchprop(cur, DTD_ATTR_UPPER,
2900 tabptr->zone_secflags_upper,
2901 sizeof (tabptr->zone_secflags_upper))) != Z_OK) {
2902 handle->zone_dh_cur = handle->zone_dh_top;
2903 return (err);
2904 }
2905
2906 return (Z_OK);
2907 }
2908
2909 return (Z_NO_ENTRY);
2910 }
2911
2912 /* Lock to serialize all devwalks */
2913 static pthread_mutex_t zonecfg_devwalk_lock = PTHREAD_MUTEX_INITIALIZER;
2914 /*
2915 * Global variables used to pass data from zonecfg_dev_manifest to the nftw
2916 * call-back (zonecfg_devwalk_cb). g_devwalk_data is really the void*
2917 * parameter and g_devwalk_cb is really the *cb parameter from
2918 * zonecfg_dev_manifest.
2919 */
2920 typedef struct __g_devwalk_data *g_devwalk_data_t;
2921 static g_devwalk_data_t g_devwalk_data;
2922 static int (*g_devwalk_cb)(const char *, uid_t, gid_t, mode_t, const char *,
2923 void *);
2924 static size_t g_devwalk_skip_prefix;
2925
2926 /*
2927 * zonecfg_dev_manifest call-back function used during detach to generate the
2928 * dev info in the manifest.
2929 */
2930 static int
get_detach_dev_entry(const char * name,uid_t uid,gid_t gid,mode_t mode,const char * acl,void * hdl)2931 get_detach_dev_entry(const char *name, uid_t uid, gid_t gid, mode_t mode,
2932 const char *acl, void *hdl)
2933 {
2934 zone_dochandle_t handle = (zone_dochandle_t)hdl;
2935 xmlNodePtr newnode;
2936 xmlNodePtr cur;
2937 int err;
2938 char buf[128];
2939
2940 if ((err = operation_prep(handle)) != Z_OK)
2941 return (err);
2942
2943 cur = handle->zone_dh_cur;
2944 newnode = xmlNewTextChild(cur, NULL, DTD_ELEM_DEV_PERM, NULL);
2945 if ((err = newprop(newnode, DTD_ATTR_NAME, (char *)name)) != Z_OK)
2946 return (err);
2947 (void) snprintf(buf, sizeof (buf), "%lu", uid);
2948 if ((err = newprop(newnode, DTD_ATTR_UID, buf)) != Z_OK)
2949 return (err);
2950 (void) snprintf(buf, sizeof (buf), "%lu", gid);
2951 if ((err = newprop(newnode, DTD_ATTR_GID, buf)) != Z_OK)
2952 return (err);
2953 (void) snprintf(buf, sizeof (buf), "%o", mode);
2954 if ((err = newprop(newnode, DTD_ATTR_MODE, buf)) != Z_OK)
2955 return (err);
2956 if ((err = newprop(newnode, DTD_ATTR_ACL, (char *)acl)) != Z_OK)
2957 return (err);
2958 return (Z_OK);
2959 }
2960
2961 /*
2962 * This is the nftw call-back function used by zonecfg_dev_manifest. It is
2963 * responsible for calling the actual call-back.
2964 */
2965 /* ARGSUSED2 */
2966 static int
zonecfg_devwalk_cb(const char * path,const struct stat * st,int f,struct FTW * ftw)2967 zonecfg_devwalk_cb(const char *path, const struct stat *st, int f,
2968 struct FTW *ftw)
2969 {
2970 acl_t *acl;
2971 char *acl_txt = NULL;
2972
2973 /* skip all but character and block devices */
2974 if (!S_ISBLK(st->st_mode) && !S_ISCHR(st->st_mode))
2975 return (0);
2976
2977 if ((acl_get(path, ACL_NO_TRIVIAL, &acl) == 0) &&
2978 acl != NULL) {
2979 acl_txt = acl_totext(acl, ACL_NORESOLVE);
2980 acl_free(acl);
2981 }
2982
2983 if (strlen(path) <= g_devwalk_skip_prefix)
2984 return (0);
2985
2986 (void) g_devwalk_cb(path + g_devwalk_skip_prefix, st->st_uid,
2987 st->st_gid, st->st_mode & S_IAMB, acl_txt != NULL ? acl_txt : "",
2988 g_devwalk_data);
2989 free(acl_txt);
2990 return (0);
2991 }
2992
2993 /*
2994 * Walk the dev tree for the zone specified by hdl and call the
2995 * get_detach_dev_entry call-back function for each entry in the tree. The
2996 * call-back will be passed the name, uid, gid, mode, acl string and the
2997 * handle input parameter for each dev entry.
2998 *
2999 * Data is passed to get_detach_dev_entry through the global variables
3000 * g_devwalk_data, *g_devwalk_cb, and g_devwalk_skip_prefix. The
3001 * zonecfg_devwalk_cb function will actually call get_detach_dev_entry.
3002 */
3003 int
zonecfg_dev_manifest(zone_dochandle_t hdl)3004 zonecfg_dev_manifest(zone_dochandle_t hdl)
3005 {
3006 char path[MAXPATHLEN];
3007 int ret;
3008
3009 if ((ret = zonecfg_get_zonepath(hdl, path, sizeof (path))) != Z_OK)
3010 return (ret);
3011
3012 if (strlcat(path, "/dev", sizeof (path)) >= sizeof (path))
3013 return (Z_TOO_BIG);
3014
3015 /*
3016 * We have to serialize all devwalks in the same process
3017 * (which should be fine), since nftw() is so badly designed.
3018 */
3019 (void) pthread_mutex_lock(&zonecfg_devwalk_lock);
3020
3021 g_devwalk_skip_prefix = strlen(path) + 1;
3022 g_devwalk_data = (g_devwalk_data_t)hdl;
3023 g_devwalk_cb = get_detach_dev_entry;
3024 (void) nftw(path, zonecfg_devwalk_cb, 0, FTW_PHYS);
3025
3026 (void) pthread_mutex_unlock(&zonecfg_devwalk_lock);
3027 return (Z_OK);
3028 }
3029
3030 /*
3031 * Update the owner, group, mode and acl on the specified dev (inpath) for
3032 * the zone (hdl). This function can be used to fix up the dev tree after
3033 * attaching a migrated zone.
3034 */
3035 int
zonecfg_devperms_apply(zone_dochandle_t hdl,const char * inpath,uid_t owner,gid_t group,mode_t mode,const char * acltxt)3036 zonecfg_devperms_apply(zone_dochandle_t hdl, const char *inpath, uid_t owner,
3037 gid_t group, mode_t mode, const char *acltxt)
3038 {
3039 int ret;
3040 char path[MAXPATHLEN];
3041 struct stat st;
3042 acl_t *aclp;
3043
3044 if ((ret = zonecfg_get_zonepath(hdl, path, sizeof (path))) != Z_OK)
3045 return (ret);
3046
3047 if (strlcat(path, "/dev/", sizeof (path)) >= sizeof (path))
3048 return (Z_TOO_BIG);
3049 if (strlcat(path, inpath, sizeof (path)) >= sizeof (path))
3050 return (Z_TOO_BIG);
3051
3052 if (stat(path, &st) == -1)
3053 return (Z_INVAL);
3054
3055 /* make sure we're only touching device nodes */
3056 if (!S_ISCHR(st.st_mode) && !S_ISBLK(st.st_mode))
3057 return (Z_INVAL);
3058
3059 if (chown(path, owner, group) == -1)
3060 return (Z_SYSTEM);
3061
3062 if (chmod(path, mode) == -1)
3063 return (Z_SYSTEM);
3064
3065 if ((acltxt == NULL) || (strcmp(acltxt, "") == 0))
3066 return (Z_OK);
3067
3068 if (acl_fromtext(acltxt, &aclp) != 0) {
3069 errno = EINVAL;
3070 return (Z_SYSTEM);
3071 }
3072
3073 errno = 0;
3074 if (acl_set(path, aclp) == -1) {
3075 free(aclp);
3076 return (Z_SYSTEM);
3077 }
3078
3079 free(aclp);
3080 return (Z_OK);
3081 }
3082
3083 /*
3084 * This function finds everything mounted under a zone's rootpath.
3085 * This returns the number of mounts under rootpath, or -1 on error.
3086 * callback is called once per mount found with the first argument
3087 * pointing to a mnttab structure containing the mount's information.
3088 *
3089 * If the callback function returns non-zero zonecfg_find_mounts
3090 * aborts with an error.
3091 */
3092 int
zonecfg_find_mounts(char * rootpath,int (* callback)(const struct mnttab *,void *),void * priv)3093 zonecfg_find_mounts(char *rootpath, int (*callback)(const struct mnttab *,
3094 void *), void *priv)
3095 {
3096 FILE *mnttab;
3097 struct mnttab m;
3098 size_t l;
3099 int zfsl;
3100 int rv = 0;
3101 char zfs_path[MAXPATHLEN];
3102
3103 assert(rootpath != NULL);
3104
3105 if ((zfsl = snprintf(zfs_path, sizeof (zfs_path), "%s/.zfs/", rootpath))
3106 >= sizeof (zfs_path))
3107 return (-1);
3108
3109 l = strlen(rootpath);
3110
3111 mnttab = fopen("/etc/mnttab", "r");
3112
3113 if (mnttab == NULL)
3114 return (-1);
3115
3116 if (ioctl(fileno(mnttab), MNTIOC_SHOWHIDDEN, NULL) < 0) {
3117 rv = -1;
3118 goto out;
3119 }
3120
3121 while (!getmntent(mnttab, &m)) {
3122 if ((strncmp(rootpath, m.mnt_mountp, l) == 0) &&
3123 (m.mnt_mountp[l] == '/') &&
3124 (strncmp(zfs_path, m.mnt_mountp, zfsl) != 0)) {
3125 rv++;
3126 if (callback == NULL)
3127 continue;
3128 if (callback(&m, priv)) {
3129 rv = -1;
3130 goto out;
3131
3132 }
3133 }
3134 }
3135
3136 out:
3137 (void) fclose(mnttab);
3138 return (rv);
3139 }
3140
3141 int
zonecfg_lookup_attr(zone_dochandle_t handle,struct zone_attrtab * tabptr)3142 zonecfg_lookup_attr(zone_dochandle_t handle, struct zone_attrtab *tabptr)
3143 {
3144 xmlNodePtr cur, firstmatch;
3145 int err;
3146 char name[MAXNAMELEN], type[MAXNAMELEN], value[MAXNAMELEN];
3147
3148 if (tabptr == NULL)
3149 return (Z_INVAL);
3150
3151 if ((err = operation_prep(handle)) != Z_OK)
3152 return (err);
3153
3154 cur = handle->zone_dh_cur;
3155 firstmatch = NULL;
3156 for (cur = cur->xmlChildrenNode; cur != NULL; cur = cur->next) {
3157 if (xmlStrcmp(cur->name, DTD_ELEM_ATTR))
3158 continue;
3159 if (strlen(tabptr->zone_attr_name) > 0) {
3160 if ((fetchprop(cur, DTD_ATTR_NAME, name,
3161 sizeof (name)) == Z_OK) &&
3162 (strcmp(tabptr->zone_attr_name, name) == 0)) {
3163 if (firstmatch == NULL)
3164 firstmatch = cur;
3165 else
3166 return (Z_INSUFFICIENT_SPEC);
3167 }
3168 }
3169 if (strlen(tabptr->zone_attr_type) > 0) {
3170 if ((fetchprop(cur, DTD_ATTR_TYPE, type,
3171 sizeof (type)) == Z_OK)) {
3172 if (strcmp(tabptr->zone_attr_type, type) == 0) {
3173 if (firstmatch == NULL)
3174 firstmatch = cur;
3175 else if (firstmatch != cur)
3176 return (Z_INSUFFICIENT_SPEC);
3177 } else {
3178 /*
3179 * If another property matched but this
3180 * one doesn't then reset firstmatch.
3181 */
3182 if (firstmatch == cur)
3183 firstmatch = NULL;
3184 }
3185 }
3186 }
3187 if (strlen(tabptr->zone_attr_value) > 0) {
3188 if ((fetchprop(cur, DTD_ATTR_VALUE, value,
3189 sizeof (value)) == Z_OK)) {
3190 if (strcmp(tabptr->zone_attr_value, value) ==
3191 0) {
3192 if (firstmatch == NULL)
3193 firstmatch = cur;
3194 else if (firstmatch != cur)
3195 return (Z_INSUFFICIENT_SPEC);
3196 } else {
3197 /*
3198 * If another property matched but this
3199 * one doesn't then reset firstmatch.
3200 */
3201 if (firstmatch == cur)
3202 firstmatch = NULL;
3203 }
3204 }
3205 }
3206 }
3207 if (firstmatch == NULL)
3208 return (Z_NO_RESOURCE_ID);
3209
3210 cur = firstmatch;
3211
3212 if ((err = fetchprop(cur, DTD_ATTR_NAME, tabptr->zone_attr_name,
3213 sizeof (tabptr->zone_attr_name))) != Z_OK)
3214 return (err);
3215
3216 if ((err = fetchprop(cur, DTD_ATTR_TYPE, tabptr->zone_attr_type,
3217 sizeof (tabptr->zone_attr_type))) != Z_OK)
3218 return (err);
3219
3220 if ((err = fetchprop(cur, DTD_ATTR_VALUE, tabptr->zone_attr_value,
3221 sizeof (tabptr->zone_attr_value))) != Z_OK)
3222 return (err);
3223
3224 return (Z_OK);
3225 }
3226
3227 static int
zonecfg_add_attr_core(zone_dochandle_t handle,struct zone_attrtab * tabptr)3228 zonecfg_add_attr_core(zone_dochandle_t handle, struct zone_attrtab *tabptr)
3229 {
3230 xmlNodePtr newnode, cur = handle->zone_dh_cur;
3231 int err;
3232
3233 newnode = xmlNewTextChild(cur, NULL, DTD_ELEM_ATTR, NULL);
3234 err = newprop(newnode, DTD_ATTR_NAME, tabptr->zone_attr_name);
3235 if (err != Z_OK)
3236 return (err);
3237 err = newprop(newnode, DTD_ATTR_TYPE, tabptr->zone_attr_type);
3238 if (err != Z_OK)
3239 return (err);
3240 err = newprop(newnode, DTD_ATTR_VALUE, tabptr->zone_attr_value);
3241 if (err != Z_OK)
3242 return (err);
3243 return (Z_OK);
3244 }
3245
3246 int
zonecfg_add_attr(zone_dochandle_t handle,struct zone_attrtab * tabptr)3247 zonecfg_add_attr(zone_dochandle_t handle, struct zone_attrtab *tabptr)
3248 {
3249 int err;
3250
3251 if (tabptr == NULL)
3252 return (Z_INVAL);
3253
3254 if ((err = operation_prep(handle)) != Z_OK)
3255 return (err);
3256
3257 if ((err = zonecfg_add_attr_core(handle, tabptr)) != Z_OK)
3258 return (err);
3259
3260 return (Z_OK);
3261 }
3262
3263 static int
zonecfg_delete_attr_core(zone_dochandle_t handle,struct zone_attrtab * tabptr)3264 zonecfg_delete_attr_core(zone_dochandle_t handle, struct zone_attrtab *tabptr)
3265 {
3266 xmlNodePtr cur = handle->zone_dh_cur;
3267 int name_match, type_match, value_match;
3268
3269 for (cur = cur->xmlChildrenNode; cur != NULL; cur = cur->next) {
3270 if (xmlStrcmp(cur->name, DTD_ELEM_ATTR))
3271 continue;
3272
3273 name_match = match_prop(cur, DTD_ATTR_NAME,
3274 tabptr->zone_attr_name);
3275 type_match = match_prop(cur, DTD_ATTR_TYPE,
3276 tabptr->zone_attr_type);
3277 value_match = match_prop(cur, DTD_ATTR_VALUE,
3278 tabptr->zone_attr_value);
3279
3280 if (name_match && type_match && value_match) {
3281 xmlUnlinkNode(cur);
3282 xmlFreeNode(cur);
3283 return (Z_OK);
3284 }
3285 }
3286 return (Z_NO_RESOURCE_ID);
3287 }
3288
3289 int
zonecfg_delete_attr(zone_dochandle_t handle,struct zone_attrtab * tabptr)3290 zonecfg_delete_attr(zone_dochandle_t handle, struct zone_attrtab *tabptr)
3291 {
3292 int err;
3293
3294 if (tabptr == NULL)
3295 return (Z_INVAL);
3296
3297 if ((err = operation_prep(handle)) != Z_OK)
3298 return (err);
3299
3300 if ((err = zonecfg_delete_attr_core(handle, tabptr)) != Z_OK)
3301 return (err);
3302
3303 return (Z_OK);
3304 }
3305
3306 int
zonecfg_modify_attr(zone_dochandle_t handle,struct zone_attrtab * oldtabptr,struct zone_attrtab * newtabptr)3307 zonecfg_modify_attr(
3308 zone_dochandle_t handle,
3309 struct zone_attrtab *oldtabptr,
3310 struct zone_attrtab *newtabptr)
3311 {
3312 int err;
3313
3314 if (oldtabptr == NULL || newtabptr == NULL)
3315 return (Z_INVAL);
3316
3317 if ((err = operation_prep(handle)) != Z_OK)
3318 return (err);
3319
3320 if ((err = zonecfg_delete_attr_core(handle, oldtabptr)) != Z_OK)
3321 return (err);
3322
3323 if ((err = zonecfg_add_attr_core(handle, newtabptr)) != Z_OK)
3324 return (err);
3325
3326 return (Z_OK);
3327 }
3328
3329 int
zonecfg_get_attr_boolean(const struct zone_attrtab * attr,boolean_t * value)3330 zonecfg_get_attr_boolean(const struct zone_attrtab *attr, boolean_t *value)
3331 {
3332 if (attr == NULL)
3333 return (Z_INVAL);
3334
3335 if (strcmp(attr->zone_attr_type, DTD_ENTITY_BOOLEAN) != 0)
3336 return (Z_INVAL);
3337
3338 if (strcmp(attr->zone_attr_value, DTD_ENTITY_TRUE) == 0) {
3339 *value = B_TRUE;
3340 return (Z_OK);
3341 }
3342 if (strcmp(attr->zone_attr_value, DTD_ENTITY_FALSE) == 0) {
3343 *value = B_FALSE;
3344 return (Z_OK);
3345 }
3346 return (Z_INVAL);
3347 }
3348
3349 int
zonecfg_get_attr_int(const struct zone_attrtab * attr,int64_t * value)3350 zonecfg_get_attr_int(const struct zone_attrtab *attr, int64_t *value)
3351 {
3352 long long result;
3353 char *endptr;
3354
3355 if (attr == NULL)
3356 return (Z_INVAL);
3357
3358 if (strcmp(attr->zone_attr_type, DTD_ENTITY_INT) != 0)
3359 return (Z_INVAL);
3360
3361 errno = 0;
3362 result = strtoll(attr->zone_attr_value, &endptr, 10);
3363 if (errno != 0 || *endptr != '\0')
3364 return (Z_INVAL);
3365 *value = result;
3366 return (Z_OK);
3367 }
3368
3369 int
zonecfg_get_attr_string(const struct zone_attrtab * attr,char * value,size_t val_sz)3370 zonecfg_get_attr_string(const struct zone_attrtab *attr, char *value,
3371 size_t val_sz)
3372 {
3373 if (attr == NULL)
3374 return (Z_INVAL);
3375
3376 if (strcmp(attr->zone_attr_type, DTD_ENTITY_STRING) != 0)
3377 return (Z_INVAL);
3378
3379 if (strlcpy(value, attr->zone_attr_value, val_sz) >= val_sz)
3380 return (Z_TOO_BIG);
3381 return (Z_OK);
3382 }
3383
3384 int
zonecfg_get_attr_uint(const struct zone_attrtab * attr,uint64_t * value)3385 zonecfg_get_attr_uint(const struct zone_attrtab *attr, uint64_t *value)
3386 {
3387 unsigned long long result;
3388 long long neg_result;
3389 char *endptr;
3390
3391 if (attr == NULL)
3392 return (Z_INVAL);
3393
3394 if (strcmp(attr->zone_attr_type, DTD_ENTITY_UINT) != 0)
3395 return (Z_INVAL);
3396
3397 errno = 0;
3398 result = strtoull(attr->zone_attr_value, &endptr, 10);
3399 if (errno != 0 || *endptr != '\0')
3400 return (Z_INVAL);
3401 errno = 0;
3402 neg_result = strtoll(attr->zone_attr_value, &endptr, 10);
3403 /*
3404 * Incredibly, strtoull("<negative number>", ...) will not fail but
3405 * return whatever (negative) number cast as a u_longlong_t, so we
3406 * need to look for this here.
3407 */
3408 if (errno == 0 && neg_result < 0)
3409 return (Z_INVAL);
3410 *value = result;
3411 return (Z_OK);
3412 }
3413
3414 int
zonecfg_lookup_rctl(zone_dochandle_t handle,struct zone_rctltab * tabptr)3415 zonecfg_lookup_rctl(zone_dochandle_t handle, struct zone_rctltab *tabptr)
3416 {
3417 xmlNodePtr cur, val;
3418 char savedname[MAXNAMELEN];
3419 struct zone_rctlvaltab *valptr;
3420 int err;
3421
3422 if (strlen(tabptr->zone_rctl_name) == 0)
3423 return (Z_INVAL);
3424
3425 if ((err = operation_prep(handle)) != Z_OK)
3426 return (err);
3427
3428 cur = handle->zone_dh_cur;
3429 for (cur = cur->xmlChildrenNode; cur != NULL; cur = cur->next) {
3430 if (xmlStrcmp(cur->name, DTD_ELEM_RCTL))
3431 continue;
3432 if ((fetchprop(cur, DTD_ATTR_NAME, savedname,
3433 sizeof (savedname)) == Z_OK) &&
3434 (strcmp(savedname, tabptr->zone_rctl_name) == 0)) {
3435 tabptr->zone_rctl_valptr = NULL;
3436 for (val = cur->xmlChildrenNode; val != NULL;
3437 val = val->next) {
3438 valptr = (struct zone_rctlvaltab *)malloc(
3439 sizeof (struct zone_rctlvaltab));
3440 if (valptr == NULL)
3441 return (Z_NOMEM);
3442 if ((fetchprop(val, DTD_ATTR_PRIV,
3443 valptr->zone_rctlval_priv,
3444 sizeof (valptr->zone_rctlval_priv)) !=
3445 Z_OK))
3446 break;
3447 if ((fetchprop(val, DTD_ATTR_LIMIT,
3448 valptr->zone_rctlval_limit,
3449 sizeof (valptr->zone_rctlval_limit)) !=
3450 Z_OK))
3451 break;
3452 if ((fetchprop(val, DTD_ATTR_ACTION,
3453 valptr->zone_rctlval_action,
3454 sizeof (valptr->zone_rctlval_action)) !=
3455 Z_OK))
3456 break;
3457 if (zonecfg_add_rctl_value(tabptr, valptr) !=
3458 Z_OK)
3459 break;
3460 }
3461 return (Z_OK);
3462 }
3463 }
3464 return (Z_NO_RESOURCE_ID);
3465 }
3466
3467 static int
zonecfg_add_rctl_core(zone_dochandle_t handle,struct zone_rctltab * tabptr)3468 zonecfg_add_rctl_core(zone_dochandle_t handle, struct zone_rctltab *tabptr)
3469 {
3470 xmlNodePtr newnode, cur = handle->zone_dh_cur, valnode;
3471 struct zone_rctlvaltab *valptr;
3472 int err;
3473
3474 newnode = xmlNewTextChild(cur, NULL, DTD_ELEM_RCTL, NULL);
3475 err = newprop(newnode, DTD_ATTR_NAME, tabptr->zone_rctl_name);
3476 if (err != Z_OK)
3477 return (err);
3478 for (valptr = tabptr->zone_rctl_valptr; valptr != NULL;
3479 valptr = valptr->zone_rctlval_next) {
3480 valnode = xmlNewTextChild(newnode, NULL,
3481 DTD_ELEM_RCTLVALUE, NULL);
3482 err = newprop(valnode, DTD_ATTR_PRIV,
3483 valptr->zone_rctlval_priv);
3484 if (err != Z_OK)
3485 return (err);
3486 err = newprop(valnode, DTD_ATTR_LIMIT,
3487 valptr->zone_rctlval_limit);
3488 if (err != Z_OK)
3489 return (err);
3490 err = newprop(valnode, DTD_ATTR_ACTION,
3491 valptr->zone_rctlval_action);
3492 if (err != Z_OK)
3493 return (err);
3494 }
3495 return (Z_OK);
3496 }
3497
3498 int
zonecfg_add_rctl(zone_dochandle_t handle,struct zone_rctltab * tabptr)3499 zonecfg_add_rctl(zone_dochandle_t handle, struct zone_rctltab *tabptr)
3500 {
3501 int err;
3502
3503 if (tabptr == NULL)
3504 return (Z_INVAL);
3505
3506 if ((err = operation_prep(handle)) != Z_OK)
3507 return (err);
3508
3509 if ((err = zonecfg_add_rctl_core(handle, tabptr)) != Z_OK)
3510 return (err);
3511
3512 return (Z_OK);
3513 }
3514
3515 static int
zonecfg_delete_rctl_core(zone_dochandle_t handle,struct zone_rctltab * tabptr)3516 zonecfg_delete_rctl_core(zone_dochandle_t handle, struct zone_rctltab *tabptr)
3517 {
3518 xmlNodePtr cur = handle->zone_dh_cur;
3519 xmlChar *savedname;
3520 int name_result;
3521
3522 for (cur = cur->xmlChildrenNode; cur != NULL; cur = cur->next) {
3523 if (xmlStrcmp(cur->name, DTD_ELEM_RCTL))
3524 continue;
3525
3526 savedname = xmlGetProp(cur, DTD_ATTR_NAME);
3527 if (savedname == NULL) /* shouldn't happen */
3528 continue;
3529 name_result = xmlStrcmp(savedname,
3530 (const xmlChar *) tabptr->zone_rctl_name);
3531 xmlFree(savedname);
3532
3533 if (name_result == 0) {
3534 xmlUnlinkNode(cur);
3535 xmlFreeNode(cur);
3536 return (Z_OK);
3537 }
3538 }
3539 return (Z_NO_RESOURCE_ID);
3540 }
3541
3542 int
zonecfg_delete_rctl(zone_dochandle_t handle,struct zone_rctltab * tabptr)3543 zonecfg_delete_rctl(zone_dochandle_t handle, struct zone_rctltab *tabptr)
3544 {
3545 int err;
3546
3547 if (tabptr == NULL)
3548 return (Z_INVAL);
3549
3550 if ((err = operation_prep(handle)) != Z_OK)
3551 return (err);
3552
3553 if ((err = zonecfg_delete_rctl_core(handle, tabptr)) != Z_OK)
3554 return (err);
3555
3556 return (Z_OK);
3557 }
3558
3559 int
zonecfg_modify_rctl(zone_dochandle_t handle,struct zone_rctltab * oldtabptr,struct zone_rctltab * newtabptr)3560 zonecfg_modify_rctl(
3561 zone_dochandle_t handle,
3562 struct zone_rctltab *oldtabptr,
3563 struct zone_rctltab *newtabptr)
3564 {
3565 int err;
3566
3567 if (oldtabptr == NULL || newtabptr == NULL)
3568 return (Z_INVAL);
3569
3570 if ((err = operation_prep(handle)) != Z_OK)
3571 return (err);
3572
3573 if ((err = zonecfg_delete_rctl_core(handle, oldtabptr)) != Z_OK)
3574 return (err);
3575
3576 if ((err = zonecfg_add_rctl_core(handle, newtabptr)) != Z_OK)
3577 return (err);
3578
3579 return (Z_OK);
3580 }
3581
3582 int
zonecfg_add_rctl_value(struct zone_rctltab * tabptr,struct zone_rctlvaltab * valtabptr)3583 zonecfg_add_rctl_value(
3584 struct zone_rctltab *tabptr,
3585 struct zone_rctlvaltab *valtabptr)
3586 {
3587 struct zone_rctlvaltab *last, *old, *new;
3588 rctlblk_t *rctlblk = alloca(rctlblk_size());
3589
3590 last = tabptr->zone_rctl_valptr;
3591 for (old = last; old != NULL; old = old->zone_rctlval_next)
3592 last = old; /* walk to the end of the list */
3593 new = valtabptr; /* alloc'd by caller */
3594 new->zone_rctlval_next = NULL;
3595 if (zonecfg_construct_rctlblk(valtabptr, rctlblk) != Z_OK)
3596 return (Z_INVAL);
3597 if (!zonecfg_valid_rctlblk(rctlblk))
3598 return (Z_INVAL);
3599 if (last == NULL)
3600 tabptr->zone_rctl_valptr = new;
3601 else
3602 last->zone_rctlval_next = new;
3603 return (Z_OK);
3604 }
3605
3606 int
zonecfg_remove_rctl_value(struct zone_rctltab * tabptr,struct zone_rctlvaltab * valtabptr)3607 zonecfg_remove_rctl_value(
3608 struct zone_rctltab *tabptr,
3609 struct zone_rctlvaltab *valtabptr)
3610 {
3611 struct zone_rctlvaltab *last, *this, *next;
3612
3613 last = tabptr->zone_rctl_valptr;
3614 for (this = last; this != NULL; this = this->zone_rctlval_next) {
3615 if (strcmp(this->zone_rctlval_priv,
3616 valtabptr->zone_rctlval_priv) == 0 &&
3617 strcmp(this->zone_rctlval_limit,
3618 valtabptr->zone_rctlval_limit) == 0 &&
3619 strcmp(this->zone_rctlval_action,
3620 valtabptr->zone_rctlval_action) == 0) {
3621 next = this->zone_rctlval_next;
3622 if (this == tabptr->zone_rctl_valptr)
3623 tabptr->zone_rctl_valptr = next;
3624 else
3625 last->zone_rctlval_next = next;
3626 free(this);
3627 return (Z_OK);
3628 } else
3629 last = this;
3630 }
3631 return (Z_NO_PROPERTY_ID);
3632 }
3633
3634 void
zonecfg_set_swinv(zone_dochandle_t handle)3635 zonecfg_set_swinv(zone_dochandle_t handle)
3636 {
3637 handle->zone_dh_sw_inv = B_TRUE;
3638 }
3639
3640 /*
3641 * Add the pkg to the sw inventory on the handle.
3642 */
3643 int
zonecfg_add_pkg(zone_dochandle_t handle,char * name,char * version)3644 zonecfg_add_pkg(zone_dochandle_t handle, char *name, char *version)
3645 {
3646 xmlNodePtr newnode;
3647 xmlNodePtr cur;
3648 int err;
3649
3650 if ((err = operation_prep(handle)) != Z_OK)
3651 return (err);
3652
3653 cur = handle->zone_dh_cur;
3654 newnode = xmlNewTextChild(cur, NULL, DTD_ELEM_PACKAGE, NULL);
3655 if ((err = newprop(newnode, DTD_ATTR_NAME, name)) != Z_OK)
3656 return (err);
3657 if ((err = newprop(newnode, DTD_ATTR_VERSION, version)) != Z_OK)
3658 return (err);
3659 return (Z_OK);
3660 }
3661
3662 char *
zonecfg_strerror(int errnum)3663 zonecfg_strerror(int errnum)
3664 {
3665 switch (errnum) {
3666 case Z_OK:
3667 return (dgettext(TEXT_DOMAIN, "OK"));
3668 case Z_EMPTY_DOCUMENT:
3669 return (dgettext(TEXT_DOMAIN, "Empty document"));
3670 case Z_WRONG_DOC_TYPE:
3671 return (dgettext(TEXT_DOMAIN, "Wrong document type"));
3672 case Z_BAD_PROPERTY:
3673 return (dgettext(TEXT_DOMAIN, "Bad document property"));
3674 case Z_TEMP_FILE:
3675 return (dgettext(TEXT_DOMAIN,
3676 "Problem creating temporary file"));
3677 case Z_SAVING_FILE:
3678 return (dgettext(TEXT_DOMAIN, "Problem saving file"));
3679 case Z_NO_ENTRY:
3680 return (dgettext(TEXT_DOMAIN, "No such entry"));
3681 case Z_BOGUS_ZONE_NAME:
3682 return (dgettext(TEXT_DOMAIN, "Bogus zone name"));
3683 case Z_REQD_RESOURCE_MISSING:
3684 return (dgettext(TEXT_DOMAIN, "Required resource missing"));
3685 case Z_REQD_PROPERTY_MISSING:
3686 return (dgettext(TEXT_DOMAIN, "Required property missing"));
3687 case Z_BAD_HANDLE:
3688 return (dgettext(TEXT_DOMAIN, "Bad handle"));
3689 case Z_NOMEM:
3690 return (dgettext(TEXT_DOMAIN, "Out of memory"));
3691 case Z_INVAL:
3692 return (dgettext(TEXT_DOMAIN, "Invalid argument"));
3693 case Z_ACCES:
3694 return (dgettext(TEXT_DOMAIN, "Permission denied"));
3695 case Z_TOO_BIG:
3696 return (dgettext(TEXT_DOMAIN, "Argument list too long"));
3697 case Z_MISC_FS:
3698 return (dgettext(TEXT_DOMAIN,
3699 "Miscellaneous file system error"));
3700 case Z_NO_ZONE:
3701 return (dgettext(TEXT_DOMAIN, "No such zone configured"));
3702 case Z_NO_RESOURCE_TYPE:
3703 return (dgettext(TEXT_DOMAIN, "No such resource type"));
3704 case Z_NO_RESOURCE_ID:
3705 return (dgettext(TEXT_DOMAIN, "No such resource with that id"));
3706 case Z_NO_PROPERTY_TYPE:
3707 return (dgettext(TEXT_DOMAIN, "No such property type"));
3708 case Z_NO_PROPERTY_ID:
3709 return (dgettext(TEXT_DOMAIN, "No such property with that id"));
3710 case Z_BAD_ZONE_STATE:
3711 return (dgettext(TEXT_DOMAIN,
3712 "Zone state is invalid for the requested operation"));
3713 case Z_INVALID_DOCUMENT:
3714 return (dgettext(TEXT_DOMAIN, "Invalid document"));
3715 case Z_NAME_IN_USE:
3716 return (dgettext(TEXT_DOMAIN, "Zone name already in use"));
3717 case Z_NO_SUCH_ID:
3718 return (dgettext(TEXT_DOMAIN, "No such zone ID"));
3719 case Z_UPDATING_INDEX:
3720 return (dgettext(TEXT_DOMAIN, "Problem updating index file"));
3721 case Z_LOCKING_FILE:
3722 return (dgettext(TEXT_DOMAIN, "Locking index file"));
3723 case Z_UNLOCKING_FILE:
3724 return (dgettext(TEXT_DOMAIN, "Unlocking index file"));
3725 case Z_INSUFFICIENT_SPEC:
3726 return (dgettext(TEXT_DOMAIN, "Insufficient specification"));
3727 case Z_RESOLVED_PATH:
3728 return (dgettext(TEXT_DOMAIN, "Resolved path mismatch"));
3729 case Z_IPV6_ADDR_PREFIX_LEN:
3730 return (dgettext(TEXT_DOMAIN,
3731 "IPv6 address missing required prefix length"));
3732 case Z_BOGUS_ADDRESS:
3733 return (dgettext(TEXT_DOMAIN,
3734 "Neither an IPv4 nor an IPv6 address nor a host name"));
3735 case Z_PRIV_PROHIBITED:
3736 return (dgettext(TEXT_DOMAIN,
3737 "Specified privilege is prohibited"));
3738 case Z_PRIV_REQUIRED:
3739 return (dgettext(TEXT_DOMAIN,
3740 "Required privilege is missing"));
3741 case Z_PRIV_UNKNOWN:
3742 return (dgettext(TEXT_DOMAIN,
3743 "Specified privilege is unknown"));
3744 case Z_BRAND_ERROR:
3745 return (dgettext(TEXT_DOMAIN,
3746 "Brand-specific error"));
3747 case Z_INCOMPATIBLE:
3748 return (dgettext(TEXT_DOMAIN, "Incompatible settings"));
3749 case Z_ALIAS_DISALLOW:
3750 return (dgettext(TEXT_DOMAIN,
3751 "An incompatible rctl already exists for this property"));
3752 case Z_CLEAR_DISALLOW:
3753 return (dgettext(TEXT_DOMAIN,
3754 "Clearing this property is not allowed"));
3755 case Z_POOL:
3756 return (dgettext(TEXT_DOMAIN, "libpool(3LIB) error"));
3757 case Z_POOLS_NOT_ACTIVE:
3758 return (dgettext(TEXT_DOMAIN, "Pools facility not active; "
3759 "zone will not be bound to pool"));
3760 case Z_POOL_ENABLE:
3761 return (dgettext(TEXT_DOMAIN,
3762 "Could not enable pools facility"));
3763 case Z_NO_POOL:
3764 return (dgettext(TEXT_DOMAIN,
3765 "Pool not found; using default pool"));
3766 case Z_POOL_CREATE:
3767 return (dgettext(TEXT_DOMAIN,
3768 "Could not create a temporary pool"));
3769 case Z_POOL_BIND:
3770 return (dgettext(TEXT_DOMAIN, "Could not bind zone to pool"));
3771 case Z_INVALID_PROPERTY:
3772 return (dgettext(TEXT_DOMAIN, "Specified property is invalid"));
3773 case Z_SYSTEM:
3774 return (strerror(errno));
3775 default:
3776 return (dgettext(TEXT_DOMAIN, "Unknown error"));
3777 }
3778 }
3779
3780 /*
3781 * Note that the zonecfg_setXent() and zonecfg_endXent() calls are all the
3782 * same, as they just turn around and call zonecfg_setent() / zonecfg_endent().
3783 */
3784
3785 static int
zonecfg_setent(zone_dochandle_t handle)3786 zonecfg_setent(zone_dochandle_t handle)
3787 {
3788 xmlNodePtr cur;
3789 int err;
3790
3791 if (handle == NULL)
3792 return (Z_INVAL);
3793
3794 if ((err = operation_prep(handle)) != Z_OK) {
3795 handle->zone_dh_cur = NULL;
3796 return (err);
3797 }
3798 cur = handle->zone_dh_cur;
3799 cur = cur->xmlChildrenNode;
3800 handle->zone_dh_cur = cur;
3801 return (Z_OK);
3802 }
3803
3804 static int
zonecfg_endent(zone_dochandle_t handle)3805 zonecfg_endent(zone_dochandle_t handle)
3806 {
3807 if (handle == NULL)
3808 return (Z_INVAL);
3809
3810 handle->zone_dh_cur = handle->zone_dh_top;
3811 return (Z_OK);
3812 }
3813
3814 /*
3815 * Do the work required to manipulate a process through libproc.
3816 * If grab_process() returns no errors (0), then release_process()
3817 * must eventually be called.
3818 *
3819 * Return values:
3820 * 0 Successful creation of agent thread
3821 * 1 Error grabbing
3822 * 2 Error creating agent
3823 */
3824 static int
grab_process(pr_info_handle_t * p)3825 grab_process(pr_info_handle_t *p)
3826 {
3827 int ret;
3828
3829 if ((p->pr = Pgrab(p->pid, 0, &ret)) != NULL) {
3830
3831 if (Psetflags(p->pr, PR_RLC) != 0) {
3832 Prelease(p->pr, 0);
3833 return (1);
3834 }
3835 if (Pcreate_agent(p->pr) == 0) {
3836 return (0);
3837
3838 } else {
3839 Prelease(p->pr, 0);
3840 return (2);
3841 }
3842 } else {
3843 return (1);
3844 }
3845 }
3846
3847 /*
3848 * Release the specified process. This destroys the agent
3849 * and releases the process. If the process is NULL, nothing
3850 * is done. This function should only be called if grab_process()
3851 * has previously been called and returned success.
3852 *
3853 * This function is Pgrab-safe.
3854 */
3855 static void
release_process(struct ps_prochandle * Pr)3856 release_process(struct ps_prochandle *Pr)
3857 {
3858 if (Pr == NULL)
3859 return;
3860
3861 Pdestroy_agent(Pr);
3862 Prelease(Pr, 0);
3863 }
3864
3865 static boolean_t
grab_zone_proc(char * zonename,pr_info_handle_t * p)3866 grab_zone_proc(char *zonename, pr_info_handle_t *p)
3867 {
3868 DIR *dirp;
3869 struct dirent *dentp;
3870 zoneid_t zoneid;
3871 int pid_self;
3872 psinfo_t psinfo;
3873
3874 if (zone_get_id(zonename, &zoneid) != 0)
3875 return (B_FALSE);
3876
3877 pid_self = getpid();
3878
3879 if ((dirp = opendir("/proc")) == NULL)
3880 return (B_FALSE);
3881
3882 while (dentp = readdir(dirp)) {
3883 p->pid = atoi(dentp->d_name);
3884
3885 /* Skip self */
3886 if (p->pid == pid_self)
3887 continue;
3888
3889 if (proc_get_psinfo(p->pid, &psinfo) != 0)
3890 continue;
3891
3892 if (psinfo.pr_zoneid != zoneid)
3893 continue;
3894
3895 /* attempt to grab process */
3896 if (grab_process(p) != 0)
3897 continue;
3898
3899 if (pr_getzoneid(p->pr) != zoneid) {
3900 release_process(p->pr);
3901 continue;
3902 }
3903
3904 (void) closedir(dirp);
3905 return (B_TRUE);
3906 }
3907
3908 (void) closedir(dirp);
3909 return (B_FALSE);
3910 }
3911
3912 static boolean_t
get_priv_rctl(struct ps_prochandle * pr,char * name,rctlblk_t * rblk)3913 get_priv_rctl(struct ps_prochandle *pr, char *name, rctlblk_t *rblk)
3914 {
3915 if (pr_getrctl(pr, name, NULL, rblk, RCTL_FIRST))
3916 return (B_FALSE);
3917
3918 if (rctlblk_get_privilege(rblk) == RCPRIV_PRIVILEGED)
3919 return (B_TRUE);
3920
3921 while (pr_getrctl(pr, name, rblk, rblk, RCTL_NEXT) == 0) {
3922 if (rctlblk_get_privilege(rblk) == RCPRIV_PRIVILEGED)
3923 return (B_TRUE);
3924 }
3925
3926 return (B_FALSE);
3927 }
3928
3929 /*
3930 * Apply the current rctl settings to the specified, running zone.
3931 */
3932 int
zonecfg_apply_rctls(char * zone_name,zone_dochandle_t handle)3933 zonecfg_apply_rctls(char *zone_name, zone_dochandle_t handle)
3934 {
3935 int err;
3936 int res = Z_OK;
3937 rctlblk_t *rblk;
3938 pr_info_handle_t p;
3939 struct zone_rctltab rctl;
3940
3941 if ((err = zonecfg_setrctlent(handle)) != Z_OK)
3942 return (err);
3943
3944 if ((rblk = (rctlblk_t *)malloc(rctlblk_size())) == NULL) {
3945 (void) zonecfg_endrctlent(handle);
3946 return (Z_NOMEM);
3947 }
3948
3949 if (!grab_zone_proc(zone_name, &p)) {
3950 (void) zonecfg_endrctlent(handle);
3951 free(rblk);
3952 return (Z_SYSTEM);
3953 }
3954
3955 while (zonecfg_getrctlent(handle, &rctl) == Z_OK) {
3956 char *rname;
3957 struct zone_rctlvaltab *valptr;
3958
3959 rname = rctl.zone_rctl_name;
3960
3961 /* first delete all current privileged settings for this rctl */
3962 while (get_priv_rctl(p.pr, rname, rblk)) {
3963 if (pr_setrctl(p.pr, rname, NULL, rblk, RCTL_DELETE) !=
3964 0) {
3965 res = Z_SYSTEM;
3966 goto done;
3967 }
3968 }
3969
3970 /* now set each new value for the rctl */
3971 for (valptr = rctl.zone_rctl_valptr; valptr != NULL;
3972 valptr = valptr->zone_rctlval_next) {
3973 if ((err = zonecfg_construct_rctlblk(valptr, rblk))
3974 != Z_OK) {
3975 res = errno = err;
3976 goto done;
3977 }
3978
3979 if (pr_setrctl(p.pr, rname, NULL, rblk, RCTL_INSERT)) {
3980 res = Z_SYSTEM;
3981 goto done;
3982 }
3983 }
3984 }
3985
3986 done:
3987 release_process(p.pr);
3988 free(rblk);
3989 (void) zonecfg_endrctlent(handle);
3990
3991 return (res);
3992 }
3993
3994 static const xmlChar *
nm_to_dtd(char * nm)3995 nm_to_dtd(char *nm)
3996 {
3997 if (strcmp(nm, "device") == 0)
3998 return (DTD_ELEM_DEVICE);
3999 if (strcmp(nm, "fs") == 0)
4000 return (DTD_ELEM_FS);
4001 if (strcmp(nm, "net") == 0)
4002 return (DTD_ELEM_NET);
4003 if (strcmp(nm, "attr") == 0)
4004 return (DTD_ELEM_ATTR);
4005 if (strcmp(nm, "rctl") == 0)
4006 return (DTD_ELEM_RCTL);
4007 if (strcmp(nm, "dataset") == 0)
4008 return (DTD_ELEM_DATASET);
4009 if (strcmp(nm, "admin") == 0)
4010 return (DTD_ELEM_ADMIN);
4011
4012 return (NULL);
4013 }
4014
4015 int
zonecfg_num_resources(zone_dochandle_t handle,char * rsrc)4016 zonecfg_num_resources(zone_dochandle_t handle, char *rsrc)
4017 {
4018 int num = 0;
4019 const xmlChar *dtd;
4020 xmlNodePtr cur;
4021
4022 if ((dtd = nm_to_dtd(rsrc)) == NULL)
4023 return (num);
4024
4025 if (zonecfg_setent(handle) != Z_OK)
4026 return (num);
4027
4028 for (cur = handle->zone_dh_cur; cur != NULL; cur = cur->next)
4029 if (xmlStrcmp(cur->name, dtd) == 0)
4030 num++;
4031
4032 (void) zonecfg_endent(handle);
4033
4034 return (num);
4035 }
4036
4037 int
zonecfg_del_all_resources(zone_dochandle_t handle,char * rsrc)4038 zonecfg_del_all_resources(zone_dochandle_t handle, char *rsrc)
4039 {
4040 int err;
4041 const xmlChar *dtd;
4042 xmlNodePtr cur;
4043
4044 if ((dtd = nm_to_dtd(rsrc)) == NULL)
4045 return (Z_NO_RESOURCE_TYPE);
4046
4047 if ((err = zonecfg_setent(handle)) != Z_OK)
4048 return (err);
4049
4050 cur = handle->zone_dh_cur;
4051 while (cur != NULL) {
4052 xmlNodePtr tmp;
4053
4054 if (xmlStrcmp(cur->name, dtd)) {
4055 cur = cur->next;
4056 continue;
4057 }
4058
4059 tmp = cur->next;
4060 xmlUnlinkNode(cur);
4061 xmlFreeNode(cur);
4062 cur = tmp;
4063 }
4064
4065 (void) zonecfg_endent(handle);
4066 return (Z_OK);
4067 }
4068
4069 static boolean_t
valid_uint(char * s,uint64_t * n)4070 valid_uint(char *s, uint64_t *n)
4071 {
4072 char *endp;
4073
4074 /* strtoull accepts '-'?! so we want to flag that as an error */
4075 if (strchr(s, '-') != NULL)
4076 return (B_FALSE);
4077
4078 errno = 0;
4079 *n = strtoull(s, &endp, 10);
4080
4081 if (errno != 0 || *endp != '\0')
4082 return (B_FALSE);
4083 return (B_TRUE);
4084 }
4085
4086 /*
4087 * Convert a string representing a number (possibly a fraction) into an integer.
4088 * The string can have a modifier (K, M, G or T). The modifiers are treated
4089 * as powers of two (not 10).
4090 */
4091 int
zonecfg_str_to_bytes(char * str,uint64_t * bytes)4092 zonecfg_str_to_bytes(char *str, uint64_t *bytes)
4093 {
4094 long double val;
4095 char *unitp;
4096 uint64_t scale;
4097
4098 if ((val = strtold(str, &unitp)) < 0)
4099 return (-1);
4100
4101 /* remove any leading white space from units string */
4102 while (isspace(*unitp) != 0)
4103 ++unitp;
4104
4105 /* if no units explicitly set, error */
4106 if (unitp == NULL || *unitp == '\0') {
4107 scale = 1;
4108 } else {
4109 int i;
4110 char *units[] = {"K", "M", "G", "T", NULL};
4111
4112 scale = 1024;
4113
4114 /* update scale based on units */
4115 for (i = 0; units[i] != NULL; i++) {
4116 if (strcasecmp(unitp, units[i]) == 0)
4117 break;
4118 scale <<= 10;
4119 }
4120
4121 if (units[i] == NULL)
4122 return (-1);
4123 }
4124
4125 *bytes = (uint64_t)(val * scale);
4126 return (0);
4127 }
4128
4129 boolean_t
zonecfg_valid_ncpus(char * lowstr,char * highstr)4130 zonecfg_valid_ncpus(char *lowstr, char *highstr)
4131 {
4132 uint64_t low, high;
4133
4134 if (!valid_uint(lowstr, &low) || !valid_uint(highstr, &high) ||
4135 low < 1 || low > high)
4136 return (B_FALSE);
4137
4138 return (B_TRUE);
4139 }
4140
4141 boolean_t
zonecfg_valid_importance(char * impstr)4142 zonecfg_valid_importance(char *impstr)
4143 {
4144 uint64_t num;
4145
4146 if (!valid_uint(impstr, &num))
4147 return (B_FALSE);
4148
4149 return (B_TRUE);
4150 }
4151
4152 boolean_t
zonecfg_valid_alias_limit(char * name,char * limitstr,uint64_t * limit)4153 zonecfg_valid_alias_limit(char *name, char *limitstr, uint64_t *limit)
4154 {
4155 int i;
4156
4157 for (i = 0; aliases[i].shortname != NULL; i++)
4158 if (strcmp(name, aliases[i].shortname) == 0)
4159 break;
4160
4161 if (aliases[i].shortname == NULL)
4162 return (B_FALSE);
4163
4164 if (!valid_uint(limitstr, limit) || *limit < aliases[i].low_limit)
4165 return (B_FALSE);
4166
4167 return (B_TRUE);
4168 }
4169
4170 boolean_t
zonecfg_valid_memlimit(char * memstr,uint64_t * mem_val)4171 zonecfg_valid_memlimit(char *memstr, uint64_t *mem_val)
4172 {
4173 if (zonecfg_str_to_bytes(memstr, mem_val) != 0)
4174 return (B_FALSE);
4175
4176 return (B_TRUE);
4177 }
4178
4179 static int
zerr_pool(char * pool_err,int err_size,int res)4180 zerr_pool(char *pool_err, int err_size, int res)
4181 {
4182 (void) strlcpy(pool_err, pool_strerror(pool_error()), err_size);
4183 return (res);
4184 }
4185
4186 static int
create_tmp_pset(char * pool_err,int err_size,pool_conf_t * pconf,pool_t * pool,char * name,int min,int max)4187 create_tmp_pset(char *pool_err, int err_size, pool_conf_t *pconf, pool_t *pool,
4188 char *name, int min, int max)
4189 {
4190 pool_resource_t *res;
4191 pool_elem_t *elem;
4192 pool_value_t *val;
4193
4194 if ((res = pool_resource_create(pconf, "pset", name)) == NULL)
4195 return (zerr_pool(pool_err, err_size, Z_POOL));
4196
4197 if (pool_associate(pconf, pool, res) != PO_SUCCESS)
4198 return (zerr_pool(pool_err, err_size, Z_POOL));
4199
4200 if ((elem = pool_resource_to_elem(pconf, res)) == NULL)
4201 return (zerr_pool(pool_err, err_size, Z_POOL));
4202
4203 if ((val = pool_value_alloc()) == NULL)
4204 return (zerr_pool(pool_err, err_size, Z_POOL));
4205
4206 /* set the maximum number of cpus for the pset */
4207 pool_value_set_uint64(val, (uint64_t)max);
4208
4209 if (pool_put_property(pconf, elem, "pset.max", val) != PO_SUCCESS) {
4210 pool_value_free(val);
4211 return (zerr_pool(pool_err, err_size, Z_POOL));
4212 }
4213
4214 /* set the minimum number of cpus for the pset */
4215 pool_value_set_uint64(val, (uint64_t)min);
4216
4217 if (pool_put_property(pconf, elem, "pset.min", val) != PO_SUCCESS) {
4218 pool_value_free(val);
4219 return (zerr_pool(pool_err, err_size, Z_POOL));
4220 }
4221
4222 pool_value_free(val);
4223
4224 return (Z_OK);
4225 }
4226
4227 static int
create_tmp_pool(char * pool_err,int err_size,pool_conf_t * pconf,char * name,struct zone_psettab * pset_tab)4228 create_tmp_pool(char *pool_err, int err_size, pool_conf_t *pconf, char *name,
4229 struct zone_psettab *pset_tab)
4230 {
4231 pool_t *pool;
4232 int res = Z_OK;
4233
4234 /* create a temporary pool configuration */
4235 if (pool_conf_open(pconf, NULL, PO_TEMP) != PO_SUCCESS) {
4236 res = zerr_pool(pool_err, err_size, Z_POOL);
4237 return (res);
4238 }
4239
4240 if ((pool = pool_create(pconf, name)) == NULL) {
4241 res = zerr_pool(pool_err, err_size, Z_POOL_CREATE);
4242 goto done;
4243 }
4244
4245 /* set pool importance */
4246 if (pset_tab->zone_importance[0] != '\0') {
4247 pool_elem_t *elem;
4248 pool_value_t *val;
4249
4250 if ((elem = pool_to_elem(pconf, pool)) == NULL) {
4251 res = zerr_pool(pool_err, err_size, Z_POOL);
4252 goto done;
4253 }
4254
4255 if ((val = pool_value_alloc()) == NULL) {
4256 res = zerr_pool(pool_err, err_size, Z_POOL);
4257 goto done;
4258 }
4259
4260 pool_value_set_int64(val,
4261 (int64_t)atoi(pset_tab->zone_importance));
4262
4263 if (pool_put_property(pconf, elem, "pool.importance", val)
4264 != PO_SUCCESS) {
4265 res = zerr_pool(pool_err, err_size, Z_POOL);
4266 pool_value_free(val);
4267 goto done;
4268 }
4269
4270 pool_value_free(val);
4271 }
4272
4273 if ((res = create_tmp_pset(pool_err, err_size, pconf, pool, name,
4274 atoi(pset_tab->zone_ncpu_min),
4275 atoi(pset_tab->zone_ncpu_max))) != Z_OK)
4276 goto done;
4277
4278 /* validation */
4279 if (pool_conf_status(pconf) == POF_INVALID) {
4280 res = zerr_pool(pool_err, err_size, Z_POOL);
4281 goto done;
4282 }
4283
4284 /*
4285 * This validation is the one we expect to fail if the user specified
4286 * an invalid configuration (too many cpus) for this system.
4287 */
4288 if (pool_conf_validate(pconf, POV_RUNTIME) != PO_SUCCESS) {
4289 res = zerr_pool(pool_err, err_size, Z_POOL_CREATE);
4290 goto done;
4291 }
4292
4293 /*
4294 * Commit the dynamic configuration but not the pool configuration
4295 * file.
4296 */
4297 if (pool_conf_commit(pconf, 1) != PO_SUCCESS)
4298 res = zerr_pool(pool_err, err_size, Z_POOL);
4299
4300 done:
4301 (void) pool_conf_close(pconf);
4302 return (res);
4303 }
4304
4305 static int
get_running_tmp_pset(pool_conf_t * pconf,pool_t * pool,pool_resource_t * pset,struct zone_psettab * pset_tab)4306 get_running_tmp_pset(pool_conf_t *pconf, pool_t *pool, pool_resource_t *pset,
4307 struct zone_psettab *pset_tab)
4308 {
4309 int nfound = 0;
4310 pool_elem_t *pe;
4311 pool_value_t *pv = pool_value_alloc();
4312 uint64_t val_uint;
4313
4314 if (pool != NULL) {
4315 pe = pool_to_elem(pconf, pool);
4316 if (pool_get_property(pconf, pe, "pool.importance", pv)
4317 != POC_INVAL) {
4318 int64_t val_int;
4319
4320 (void) pool_value_get_int64(pv, &val_int);
4321 (void) snprintf(pset_tab->zone_importance,
4322 sizeof (pset_tab->zone_importance), "%d", val_int);
4323 nfound++;
4324 }
4325 }
4326
4327 if (pset != NULL) {
4328 pe = pool_resource_to_elem(pconf, pset);
4329 if (pool_get_property(pconf, pe, "pset.min", pv) != POC_INVAL) {
4330 (void) pool_value_get_uint64(pv, &val_uint);
4331 (void) snprintf(pset_tab->zone_ncpu_min,
4332 sizeof (pset_tab->zone_ncpu_min), "%u", val_uint);
4333 nfound++;
4334 }
4335
4336 if (pool_get_property(pconf, pe, "pset.max", pv) != POC_INVAL) {
4337 (void) pool_value_get_uint64(pv, &val_uint);
4338 (void) snprintf(pset_tab->zone_ncpu_max,
4339 sizeof (pset_tab->zone_ncpu_max), "%u", val_uint);
4340 nfound++;
4341 }
4342 }
4343
4344 pool_value_free(pv);
4345
4346 if (nfound == 3)
4347 return (PO_SUCCESS);
4348
4349 return (PO_FAIL);
4350 }
4351
4352 /*
4353 * Determine if a tmp pool is configured and if so, if the configuration is
4354 * still valid or if it has been changed since the tmp pool was created.
4355 * If the tmp pool configuration is no longer valid, delete the tmp pool.
4356 *
4357 * Set *valid=B_TRUE if there is an existing, valid tmp pool configuration.
4358 */
4359 static int
verify_del_tmp_pool(pool_conf_t * pconf,char * tmp_name,char * pool_err,int err_size,struct zone_psettab * pset_tab,boolean_t * exists)4360 verify_del_tmp_pool(pool_conf_t *pconf, char *tmp_name, char *pool_err,
4361 int err_size, struct zone_psettab *pset_tab, boolean_t *exists)
4362 {
4363 int res = Z_OK;
4364 pool_t *pool;
4365 pool_resource_t *pset;
4366 struct zone_psettab pset_current;
4367
4368 *exists = B_FALSE;
4369
4370 if (pool_conf_open(pconf, pool_dynamic_location(), PO_RDWR)
4371 != PO_SUCCESS) {
4372 res = zerr_pool(pool_err, err_size, Z_POOL);
4373 return (res);
4374 }
4375
4376 pool = pool_get_pool(pconf, tmp_name);
4377 pset = pool_get_resource(pconf, "pset", tmp_name);
4378
4379 if (pool == NULL && pset == NULL) {
4380 /* no tmp pool configured */
4381 goto done;
4382 }
4383
4384 /*
4385 * If an existing tmp pool for this zone is configured with the proper
4386 * settings, then the tmp pool is valid.
4387 */
4388 if (get_running_tmp_pset(pconf, pool, pset, &pset_current)
4389 == PO_SUCCESS &&
4390 strcmp(pset_tab->zone_ncpu_min,
4391 pset_current.zone_ncpu_min) == 0 &&
4392 strcmp(pset_tab->zone_ncpu_max,
4393 pset_current.zone_ncpu_max) == 0 &&
4394 strcmp(pset_tab->zone_importance,
4395 pset_current.zone_importance) == 0) {
4396 *exists = B_TRUE;
4397
4398 } else {
4399 /*
4400 * An out-of-date tmp pool configuration exists. Delete it
4401 * so that we can create the correct tmp pool config.
4402 */
4403 if (pset != NULL &&
4404 pool_resource_destroy(pconf, pset) != PO_SUCCESS) {
4405 res = zerr_pool(pool_err, err_size, Z_POOL);
4406 goto done;
4407 }
4408
4409 if (pool != NULL &&
4410 pool_destroy(pconf, pool) != PO_SUCCESS) {
4411 res = zerr_pool(pool_err, err_size, Z_POOL);
4412 goto done;
4413 }
4414
4415 /* commit dynamic config */
4416 if (pool_conf_commit(pconf, 0) != PO_SUCCESS)
4417 res = zerr_pool(pool_err, err_size, Z_POOL);
4418 }
4419
4420 done:
4421 (void) pool_conf_close(pconf);
4422
4423 return (res);
4424 }
4425
4426 /*
4427 * Destroy any existing tmp pool.
4428 */
4429 int
zonecfg_destroy_tmp_pool(char * zone_name,char * pool_err,int err_size)4430 zonecfg_destroy_tmp_pool(char *zone_name, char *pool_err, int err_size)
4431 {
4432 int status;
4433 int res = Z_OK;
4434 pool_conf_t *pconf;
4435 pool_t *pool;
4436 pool_resource_t *pset;
4437 char tmp_name[MAX_TMP_POOL_NAME];
4438
4439 /* if pools not enabled then nothing to do */
4440 if (pool_get_status(&status) != PO_SUCCESS || status != POOL_ENABLED)
4441 return (Z_OK);
4442
4443 if ((pconf = pool_conf_alloc()) == NULL)
4444 return (zerr_pool(pool_err, err_size, Z_POOL));
4445
4446 (void) snprintf(tmp_name, sizeof (tmp_name), TMP_POOL_NAME, zone_name);
4447
4448 if (pool_conf_open(pconf, pool_dynamic_location(), PO_RDWR)
4449 != PO_SUCCESS) {
4450 res = zerr_pool(pool_err, err_size, Z_POOL);
4451 pool_conf_free(pconf);
4452 return (res);
4453 }
4454
4455 pool = pool_get_pool(pconf, tmp_name);
4456 pset = pool_get_resource(pconf, "pset", tmp_name);
4457
4458 if (pool == NULL && pset == NULL) {
4459 /* nothing to destroy, we're done */
4460 goto done;
4461 }
4462
4463 if (pset != NULL && pool_resource_destroy(pconf, pset) != PO_SUCCESS) {
4464 res = zerr_pool(pool_err, err_size, Z_POOL);
4465 goto done;
4466 }
4467
4468 if (pool != NULL && pool_destroy(pconf, pool) != PO_SUCCESS) {
4469 res = zerr_pool(pool_err, err_size, Z_POOL);
4470 goto done;
4471 }
4472
4473 /* commit dynamic config */
4474 if (pool_conf_commit(pconf, 0) != PO_SUCCESS)
4475 res = zerr_pool(pool_err, err_size, Z_POOL);
4476
4477 done:
4478 (void) pool_conf_close(pconf);
4479 pool_conf_free(pconf);
4480
4481 return (res);
4482 }
4483
4484 /*
4485 * Attempt to bind to a tmp pool for this zone. If there is no tmp pool
4486 * configured, we just return Z_OK.
4487 *
4488 * We either attempt to create the tmp pool for this zone or rebind to an
4489 * existing tmp pool for this zone.
4490 *
4491 * Rebinding is used when a zone with a tmp pool reboots so that we don't have
4492 * to recreate the tmp pool. To do this we need to be sure we work correctly
4493 * for the following cases:
4494 *
4495 * - there is an existing, properly configured tmp pool.
4496 * - zonecfg added tmp pool after zone was booted, must now create.
4497 * - zonecfg updated tmp pool config after zone was booted, in this case
4498 * we destroy the old tmp pool and create a new one.
4499 */
4500 int
zonecfg_bind_tmp_pool(zone_dochandle_t handle,zoneid_t zoneid,char * pool_err,int err_size)4501 zonecfg_bind_tmp_pool(zone_dochandle_t handle, zoneid_t zoneid, char *pool_err,
4502 int err_size)
4503 {
4504 struct zone_psettab pset_tab;
4505 int err;
4506 int status;
4507 pool_conf_t *pconf;
4508 boolean_t exists;
4509 char zone_name[ZONENAME_MAX];
4510 char tmp_name[MAX_TMP_POOL_NAME];
4511
4512 (void) getzonenamebyid(zoneid, zone_name, sizeof (zone_name));
4513
4514 err = zonecfg_lookup_pset(handle, &pset_tab);
4515
4516 /* if no temporary pool configured, we're done */
4517 if (err == Z_NO_ENTRY)
4518 return (Z_OK);
4519
4520 /*
4521 * importance might not have a value but we need to validate it here,
4522 * so set the default.
4523 */
4524 if (pset_tab.zone_importance[0] == '\0')
4525 (void) strlcpy(pset_tab.zone_importance, "1",
4526 sizeof (pset_tab.zone_importance));
4527
4528 /* if pools not enabled, enable them now */
4529 if (pool_get_status(&status) != PO_SUCCESS || status != POOL_ENABLED) {
4530 if (pool_set_status(POOL_ENABLED) != PO_SUCCESS)
4531 return (Z_POOL_ENABLE);
4532 }
4533
4534 if ((pconf = pool_conf_alloc()) == NULL)
4535 return (zerr_pool(pool_err, err_size, Z_POOL));
4536
4537 (void) snprintf(tmp_name, sizeof (tmp_name), TMP_POOL_NAME, zone_name);
4538
4539 /*
4540 * Check if a valid tmp pool/pset already exists. If so, we just
4541 * reuse it.
4542 */
4543 if ((err = verify_del_tmp_pool(pconf, tmp_name, pool_err, err_size,
4544 &pset_tab, &exists)) != Z_OK) {
4545 pool_conf_free(pconf);
4546 return (err);
4547 }
4548
4549 if (!exists)
4550 err = create_tmp_pool(pool_err, err_size, pconf, tmp_name,
4551 &pset_tab);
4552
4553 pool_conf_free(pconf);
4554
4555 if (err != Z_OK)
4556 return (err);
4557
4558 /* Bind the zone to the pool. */
4559 if (pool_set_binding(tmp_name, P_ZONEID, zoneid) != PO_SUCCESS)
4560 return (zerr_pool(pool_err, err_size, Z_POOL_BIND));
4561
4562 return (Z_OK);
4563 }
4564
4565 /*
4566 * Attempt to bind to a permanent pool for this zone. If there is no
4567 * permanent pool configured, we just return Z_OK.
4568 */
4569 int
zonecfg_bind_pool(zone_dochandle_t handle,zoneid_t zoneid,char * pool_err,int err_size)4570 zonecfg_bind_pool(zone_dochandle_t handle, zoneid_t zoneid, char *pool_err,
4571 int err_size)
4572 {
4573 pool_conf_t *poolconf;
4574 pool_t *pool;
4575 char poolname[MAXPATHLEN];
4576 int status;
4577 int error;
4578
4579 /*
4580 * Find the pool mentioned in the zone configuration, and bind to it.
4581 */
4582 error = zonecfg_get_pool(handle, poolname, sizeof (poolname));
4583 if (error == Z_NO_ENTRY || (error == Z_OK && strlen(poolname) == 0)) {
4584 /*
4585 * The property is not set on the zone, so the pool
4586 * should be bound to the default pool. But that's
4587 * already done by the kernel, so we can just return.
4588 */
4589 return (Z_OK);
4590 }
4591 if (error != Z_OK) {
4592 /*
4593 * Not an error, even though it shouldn't be happening.
4594 */
4595 return (Z_OK);
4596 }
4597 /*
4598 * Don't do anything if pools aren't enabled.
4599 */
4600 if (pool_get_status(&status) != PO_SUCCESS || status != POOL_ENABLED)
4601 return (Z_POOLS_NOT_ACTIVE);
4602
4603 /*
4604 * Try to provide a sane error message if the requested pool doesn't
4605 * exist.
4606 */
4607 if ((poolconf = pool_conf_alloc()) == NULL)
4608 return (zerr_pool(pool_err, err_size, Z_POOL));
4609
4610 if (pool_conf_open(poolconf, pool_dynamic_location(), PO_RDONLY) !=
4611 PO_SUCCESS) {
4612 pool_conf_free(poolconf);
4613 return (zerr_pool(pool_err, err_size, Z_POOL));
4614 }
4615 pool = pool_get_pool(poolconf, poolname);
4616 (void) pool_conf_close(poolconf);
4617 pool_conf_free(poolconf);
4618 if (pool == NULL)
4619 return (Z_NO_POOL);
4620
4621 /*
4622 * Bind the zone to the pool.
4623 */
4624 if (pool_set_binding(poolname, P_ZONEID, zoneid) != PO_SUCCESS) {
4625 /* if bind fails, return poolname for the error msg */
4626 (void) strlcpy(pool_err, poolname, err_size);
4627 return (Z_POOL_BIND);
4628 }
4629
4630 return (Z_OK);
4631 }
4632
4633 int
zonecfg_get_poolname(zone_dochandle_t handle,char * zone,char * pool,size_t poolsize)4634 zonecfg_get_poolname(zone_dochandle_t handle, char *zone, char *pool,
4635 size_t poolsize)
4636 {
4637 int err;
4638 struct zone_psettab pset_tab;
4639
4640 err = zonecfg_lookup_pset(handle, &pset_tab);
4641 if ((err != Z_NO_ENTRY) && (err != Z_OK))
4642 return (err);
4643
4644 /* pset was found so a temporary pool was created */
4645 if (err == Z_OK) {
4646 (void) snprintf(pool, poolsize, TMP_POOL_NAME, zone);
4647 return (Z_OK);
4648 }
4649
4650 /* lookup the poolname in zonecfg */
4651 return (zonecfg_get_pool(handle, pool, poolsize));
4652 }
4653
4654 static boolean_t
svc_enabled(char * svc_name)4655 svc_enabled(char *svc_name)
4656 {
4657 scf_simple_prop_t *prop;
4658 boolean_t found = B_FALSE;
4659
4660 prop = scf_simple_prop_get(NULL, svc_name, SCF_PG_GENERAL,
4661 SCF_PROPERTY_ENABLED);
4662
4663 if (scf_simple_prop_numvalues(prop) == 1 &&
4664 *scf_simple_prop_next_boolean(prop) != 0)
4665 found = B_TRUE;
4666
4667 scf_simple_prop_free(prop);
4668
4669 return (found);
4670 }
4671
4672 /*
4673 * If the zone has capped-memory, make sure the rcap service is enabled.
4674 */
4675 int
zonecfg_enable_rcapd(char * err,int size)4676 zonecfg_enable_rcapd(char *err, int size)
4677 {
4678 if (!svc_enabled(RCAP_SERVICE) &&
4679 smf_enable_instance(RCAP_SERVICE, 0) == -1) {
4680 (void) strlcpy(err, scf_strerror(scf_error()), size);
4681 return (Z_SYSTEM);
4682 }
4683
4684 return (Z_OK);
4685 }
4686
4687 /*
4688 * Return true if pset has cpu range specified and poold is not enabled.
4689 */
4690 boolean_t
zonecfg_warn_poold(zone_dochandle_t handle)4691 zonecfg_warn_poold(zone_dochandle_t handle)
4692 {
4693 struct zone_psettab pset_tab;
4694 int min, max;
4695 int err;
4696
4697 err = zonecfg_lookup_pset(handle, &pset_tab);
4698
4699 /* if no temporary pool configured, we're done */
4700 if (err == Z_NO_ENTRY)
4701 return (B_FALSE);
4702
4703 min = atoi(pset_tab.zone_ncpu_min);
4704 max = atoi(pset_tab.zone_ncpu_max);
4705
4706 /* range not specified, no need for poold */
4707 if (min == max)
4708 return (B_FALSE);
4709
4710 /* we have a range, check if poold service is enabled */
4711 if (svc_enabled(POOLD_SERVICE))
4712 return (B_FALSE);
4713
4714 return (B_TRUE);
4715 }
4716
4717 /*
4718 * Retrieve the specified pool's thread scheduling class. 'poolname' must
4719 * refer to the name of a configured resource pool. The thread scheduling
4720 * class specified by the pool will be stored in the buffer to which 'class'
4721 * points. 'clsize' is the byte size of the buffer to which 'class' points.
4722 *
4723 * This function returns Z_OK if it successfully stored the specified pool's
4724 * thread scheduling class into the buffer to which 'class' points. It returns
4725 * Z_NO_POOL if resource pools are not enabled, the function is unable to
4726 * access the system's resource pools configuration, or the specified pool
4727 * does not exist. The function returns Z_TOO_BIG if the buffer to which
4728 * 'class' points is not large enough to contain the thread scheduling class'
4729 * name. The function returns Z_NO_ENTRY if the pool does not specify a thread
4730 * scheduling class.
4731 */
4732 static int
get_pool_sched_class(char * poolname,char * class,int clsize)4733 get_pool_sched_class(char *poolname, char *class, int clsize)
4734 {
4735 int status;
4736 pool_conf_t *poolconf;
4737 pool_t *pool;
4738 pool_elem_t *pe;
4739 pool_value_t *pv = pool_value_alloc();
4740 const char *sched_str;
4741
4742 if (pool_get_status(&status) != PO_SUCCESS || status != POOL_ENABLED)
4743 return (Z_NO_POOL);
4744
4745 if ((poolconf = pool_conf_alloc()) == NULL)
4746 return (Z_NO_POOL);
4747
4748 if (pool_conf_open(poolconf, pool_dynamic_location(), PO_RDONLY) !=
4749 PO_SUCCESS) {
4750 pool_conf_free(poolconf);
4751 return (Z_NO_POOL);
4752 }
4753
4754 if ((pool = pool_get_pool(poolconf, poolname)) == NULL) {
4755 (void) pool_conf_close(poolconf);
4756 pool_conf_free(poolconf);
4757 return (Z_NO_POOL);
4758 }
4759
4760 pe = pool_to_elem(poolconf, pool);
4761 if (pool_get_property(poolconf, pe, "pool.scheduler", pv) !=
4762 POC_STRING) {
4763 (void) pool_conf_close(poolconf);
4764 pool_conf_free(poolconf);
4765 return (Z_NO_ENTRY);
4766 }
4767 (void) pool_value_get_string(pv, &sched_str);
4768 (void) pool_conf_close(poolconf);
4769 pool_conf_free(poolconf);
4770 if (strlcpy(class, sched_str, clsize) >= clsize)
4771 return (Z_TOO_BIG);
4772 return (Z_OK);
4773 }
4774
4775 /*
4776 * Get the default scheduling class for the zone. This will either be the
4777 * class set on the zone's pool or the system default scheduling class.
4778 */
4779 int
zonecfg_get_dflt_sched_class(zone_dochandle_t handle,char * class,int clsize)4780 zonecfg_get_dflt_sched_class(zone_dochandle_t handle, char *class, int clsize)
4781 {
4782 char poolname[MAXPATHLEN];
4783
4784 if (zonecfg_get_pool(handle, poolname, sizeof (poolname)) == Z_OK) {
4785 /* check if the zone's pool specified a sched class */
4786 if (get_pool_sched_class(poolname, class, clsize) == Z_OK)
4787 return (Z_OK);
4788 }
4789
4790 if (priocntl(0, 0, PC_GETDFLCL, class, (uint64_t)clsize) == -1)
4791 return (Z_TOO_BIG);
4792
4793 return (Z_OK);
4794 }
4795
4796 int
zonecfg_setfsent(zone_dochandle_t handle)4797 zonecfg_setfsent(zone_dochandle_t handle)
4798 {
4799 return (zonecfg_setent(handle));
4800 }
4801
4802 int
zonecfg_getfsent(zone_dochandle_t handle,struct zone_fstab * tabptr)4803 zonecfg_getfsent(zone_dochandle_t handle, struct zone_fstab *tabptr)
4804 {
4805 xmlNodePtr cur, options;
4806 char options_str[MAX_MNTOPT_STR];
4807 int err;
4808
4809 if (handle == NULL)
4810 return (Z_INVAL);
4811
4812 if ((cur = handle->zone_dh_cur) == NULL)
4813 return (Z_NO_ENTRY);
4814
4815 for (; cur != NULL; cur = cur->next)
4816 if (!xmlStrcmp(cur->name, DTD_ELEM_FS))
4817 break;
4818 if (cur == NULL) {
4819 handle->zone_dh_cur = handle->zone_dh_top;
4820 return (Z_NO_ENTRY);
4821 }
4822
4823 if ((err = fetchprop(cur, DTD_ATTR_SPECIAL, tabptr->zone_fs_special,
4824 sizeof (tabptr->zone_fs_special))) != Z_OK) {
4825 handle->zone_dh_cur = handle->zone_dh_top;
4826 return (err);
4827 }
4828
4829 if ((err = fetchprop(cur, DTD_ATTR_RAW, tabptr->zone_fs_raw,
4830 sizeof (tabptr->zone_fs_raw))) != Z_OK) {
4831 handle->zone_dh_cur = handle->zone_dh_top;
4832 return (err);
4833 }
4834
4835 if ((err = fetchprop(cur, DTD_ATTR_DIR, tabptr->zone_fs_dir,
4836 sizeof (tabptr->zone_fs_dir))) != Z_OK) {
4837 handle->zone_dh_cur = handle->zone_dh_top;
4838 return (err);
4839 }
4840
4841 if ((err = fetchprop(cur, DTD_ATTR_TYPE, tabptr->zone_fs_type,
4842 sizeof (tabptr->zone_fs_type))) != Z_OK) {
4843 handle->zone_dh_cur = handle->zone_dh_top;
4844 return (err);
4845 }
4846
4847 /* OK for options to be NULL */
4848 tabptr->zone_fs_options = NULL;
4849 for (options = cur->xmlChildrenNode; options != NULL;
4850 options = options->next) {
4851 if (fetchprop(options, DTD_ATTR_NAME, options_str,
4852 sizeof (options_str)) != Z_OK)
4853 break;
4854 if (zonecfg_add_fs_option(tabptr, options_str) != Z_OK)
4855 break;
4856 }
4857
4858 handle->zone_dh_cur = cur->next;
4859 return (Z_OK);
4860 }
4861
4862 int
zonecfg_endfsent(zone_dochandle_t handle)4863 zonecfg_endfsent(zone_dochandle_t handle)
4864 {
4865 return (zonecfg_endent(handle));
4866 }
4867
4868 int
zonecfg_setnwifent(zone_dochandle_t handle)4869 zonecfg_setnwifent(zone_dochandle_t handle)
4870 {
4871 return (zonecfg_setent(handle));
4872 }
4873
4874 int
zonecfg_getnwifent(zone_dochandle_t handle,struct zone_nwiftab * tabptr)4875 zonecfg_getnwifent(zone_dochandle_t handle, struct zone_nwiftab *tabptr)
4876 {
4877 xmlNodePtr cur;
4878 int err;
4879
4880 if (handle == NULL)
4881 return (Z_INVAL);
4882
4883 if ((cur = handle->zone_dh_cur) == NULL)
4884 return (Z_NO_ENTRY);
4885
4886 for (; cur != NULL; cur = cur->next)
4887 if (!xmlStrcmp(cur->name, DTD_ELEM_NET))
4888 break;
4889 if (cur == NULL) {
4890 handle->zone_dh_cur = handle->zone_dh_top;
4891 return (Z_NO_ENTRY);
4892 }
4893
4894 if ((err = fetchprop(cur, DTD_ATTR_ADDRESS, tabptr->zone_nwif_address,
4895 sizeof (tabptr->zone_nwif_address))) != Z_OK) {
4896 handle->zone_dh_cur = handle->zone_dh_top;
4897 return (err);
4898 }
4899
4900 if ((err = fetchprop(cur, DTD_ATTR_ALLOWED_ADDRESS,
4901 tabptr->zone_nwif_allowed_address,
4902 sizeof (tabptr->zone_nwif_allowed_address))) != Z_OK) {
4903 handle->zone_dh_cur = handle->zone_dh_top;
4904 return (err);
4905 }
4906
4907 if ((err = fetchprop(cur, DTD_ATTR_PHYSICAL, tabptr->zone_nwif_physical,
4908 sizeof (tabptr->zone_nwif_physical))) != Z_OK) {
4909 handle->zone_dh_cur = handle->zone_dh_top;
4910 return (err);
4911 }
4912
4913 if ((err = fetchprop(cur, DTD_ATTR_DEFROUTER,
4914 tabptr->zone_nwif_defrouter,
4915 sizeof (tabptr->zone_nwif_defrouter))) != Z_OK) {
4916 handle->zone_dh_cur = handle->zone_dh_top;
4917 return (err);
4918 }
4919
4920 handle->zone_dh_cur = cur->next;
4921 return (Z_OK);
4922 }
4923
4924 int
zonecfg_endnwifent(zone_dochandle_t handle)4925 zonecfg_endnwifent(zone_dochandle_t handle)
4926 {
4927 return (zonecfg_endent(handle));
4928 }
4929
4930 int
zonecfg_setdevent(zone_dochandle_t handle)4931 zonecfg_setdevent(zone_dochandle_t handle)
4932 {
4933 return (zonecfg_setent(handle));
4934 }
4935
4936 int
zonecfg_getdevent(zone_dochandle_t handle,struct zone_devtab * tabptr)4937 zonecfg_getdevent(zone_dochandle_t handle, struct zone_devtab *tabptr)
4938 {
4939 xmlNodePtr cur;
4940 int err;
4941
4942 if (handle == NULL)
4943 return (Z_INVAL);
4944
4945 if ((cur = handle->zone_dh_cur) == NULL)
4946 return (Z_NO_ENTRY);
4947
4948 for (; cur != NULL; cur = cur->next)
4949 if (!xmlStrcmp(cur->name, DTD_ELEM_DEVICE))
4950 break;
4951 if (cur == NULL) {
4952 handle->zone_dh_cur = handle->zone_dh_top;
4953 return (Z_NO_ENTRY);
4954 }
4955
4956 if ((err = fetchprop(cur, DTD_ATTR_MATCH, tabptr->zone_dev_match,
4957 sizeof (tabptr->zone_dev_match))) != Z_OK) {
4958 handle->zone_dh_cur = handle->zone_dh_top;
4959 return (err);
4960 }
4961
4962 handle->zone_dh_cur = cur->next;
4963 return (Z_OK);
4964 }
4965
4966 int
zonecfg_enddevent(zone_dochandle_t handle)4967 zonecfg_enddevent(zone_dochandle_t handle)
4968 {
4969 return (zonecfg_endent(handle));
4970 }
4971
4972 int
zonecfg_setrctlent(zone_dochandle_t handle)4973 zonecfg_setrctlent(zone_dochandle_t handle)
4974 {
4975 return (zonecfg_setent(handle));
4976 }
4977
4978 int
zonecfg_getrctlent(zone_dochandle_t handle,struct zone_rctltab * tabptr)4979 zonecfg_getrctlent(zone_dochandle_t handle, struct zone_rctltab *tabptr)
4980 {
4981 xmlNodePtr cur, val;
4982 struct zone_rctlvaltab *valptr;
4983 int err;
4984
4985 if (handle == NULL)
4986 return (Z_INVAL);
4987
4988 if ((cur = handle->zone_dh_cur) == NULL)
4989 return (Z_NO_ENTRY);
4990
4991 for (; cur != NULL; cur = cur->next)
4992 if (!xmlStrcmp(cur->name, DTD_ELEM_RCTL))
4993 break;
4994 if (cur == NULL) {
4995 handle->zone_dh_cur = handle->zone_dh_top;
4996 return (Z_NO_ENTRY);
4997 }
4998
4999 if ((err = fetchprop(cur, DTD_ATTR_NAME, tabptr->zone_rctl_name,
5000 sizeof (tabptr->zone_rctl_name))) != Z_OK) {
5001 handle->zone_dh_cur = handle->zone_dh_top;
5002 return (err);
5003 }
5004
5005 tabptr->zone_rctl_valptr = NULL;
5006 for (val = cur->xmlChildrenNode; val != NULL; val = val->next) {
5007 valptr = (struct zone_rctlvaltab *)malloc(
5008 sizeof (struct zone_rctlvaltab));
5009 if (valptr == NULL)
5010 return (Z_NOMEM);
5011 if (fetchprop(val, DTD_ATTR_PRIV, valptr->zone_rctlval_priv,
5012 sizeof (valptr->zone_rctlval_priv)) != Z_OK)
5013 break;
5014 if (fetchprop(val, DTD_ATTR_LIMIT, valptr->zone_rctlval_limit,
5015 sizeof (valptr->zone_rctlval_limit)) != Z_OK)
5016 break;
5017 if (fetchprop(val, DTD_ATTR_ACTION, valptr->zone_rctlval_action,
5018 sizeof (valptr->zone_rctlval_action)) != Z_OK)
5019 break;
5020 if (zonecfg_add_rctl_value(tabptr, valptr) != Z_OK)
5021 break;
5022 }
5023
5024 handle->zone_dh_cur = cur->next;
5025 return (Z_OK);
5026 }
5027
5028 int
zonecfg_endrctlent(zone_dochandle_t handle)5029 zonecfg_endrctlent(zone_dochandle_t handle)
5030 {
5031 return (zonecfg_endent(handle));
5032 }
5033
5034 int
zonecfg_setattrent(zone_dochandle_t handle)5035 zonecfg_setattrent(zone_dochandle_t handle)
5036 {
5037 return (zonecfg_setent(handle));
5038 }
5039
5040 int
zonecfg_getattrent(zone_dochandle_t handle,struct zone_attrtab * tabptr)5041 zonecfg_getattrent(zone_dochandle_t handle, struct zone_attrtab *tabptr)
5042 {
5043 xmlNodePtr cur;
5044 int err;
5045
5046 if (handle == NULL)
5047 return (Z_INVAL);
5048
5049 if ((cur = handle->zone_dh_cur) == NULL)
5050 return (Z_NO_ENTRY);
5051
5052 for (; cur != NULL; cur = cur->next)
5053 if (!xmlStrcmp(cur->name, DTD_ELEM_ATTR))
5054 break;
5055 if (cur == NULL) {
5056 handle->zone_dh_cur = handle->zone_dh_top;
5057 return (Z_NO_ENTRY);
5058 }
5059
5060 if ((err = fetchprop(cur, DTD_ATTR_NAME, tabptr->zone_attr_name,
5061 sizeof (tabptr->zone_attr_name))) != Z_OK) {
5062 handle->zone_dh_cur = handle->zone_dh_top;
5063 return (err);
5064 }
5065
5066 if ((err = fetchprop(cur, DTD_ATTR_TYPE, tabptr->zone_attr_type,
5067 sizeof (tabptr->zone_attr_type))) != Z_OK) {
5068 handle->zone_dh_cur = handle->zone_dh_top;
5069 return (err);
5070 }
5071
5072 if ((err = fetchprop(cur, DTD_ATTR_VALUE, tabptr->zone_attr_value,
5073 sizeof (tabptr->zone_attr_value))) != Z_OK) {
5074 handle->zone_dh_cur = handle->zone_dh_top;
5075 return (err);
5076 }
5077
5078 handle->zone_dh_cur = cur->next;
5079 return (Z_OK);
5080 }
5081
5082 int
zonecfg_endattrent(zone_dochandle_t handle)5083 zonecfg_endattrent(zone_dochandle_t handle)
5084 {
5085 return (zonecfg_endent(handle));
5086 }
5087
5088 int
zonecfg_setadminent(zone_dochandle_t handle)5089 zonecfg_setadminent(zone_dochandle_t handle)
5090 {
5091 return (zonecfg_setent(handle));
5092 }
5093
5094 int
zonecfg_getadminent(zone_dochandle_t handle,struct zone_admintab * tabptr)5095 zonecfg_getadminent(zone_dochandle_t handle, struct zone_admintab *tabptr)
5096 {
5097 xmlNodePtr cur;
5098 int err;
5099
5100 if (handle == NULL)
5101 return (Z_INVAL);
5102
5103 if ((cur = handle->zone_dh_cur) == NULL)
5104 return (Z_NO_ENTRY);
5105
5106 for (; cur != NULL; cur = cur->next)
5107 if (!xmlStrcmp(cur->name, DTD_ELEM_ADMIN))
5108 break;
5109 if (cur == NULL) {
5110 handle->zone_dh_cur = handle->zone_dh_top;
5111 return (Z_NO_ENTRY);
5112 }
5113
5114 if ((err = fetchprop(cur, DTD_ATTR_USER, tabptr->zone_admin_user,
5115 sizeof (tabptr->zone_admin_user))) != Z_OK) {
5116 handle->zone_dh_cur = handle->zone_dh_top;
5117 return (err);
5118 }
5119
5120
5121 if ((err = fetchprop(cur, DTD_ATTR_AUTHS, tabptr->zone_admin_auths,
5122 sizeof (tabptr->zone_admin_auths))) != Z_OK) {
5123 handle->zone_dh_cur = handle->zone_dh_top;
5124 return (err);
5125 }
5126
5127 handle->zone_dh_cur = cur->next;
5128 return (Z_OK);
5129 }
5130
5131 int
zonecfg_endadminent(zone_dochandle_t handle)5132 zonecfg_endadminent(zone_dochandle_t handle)
5133 {
5134 return (zonecfg_endent(handle));
5135 }
5136
5137 /*
5138 * The privileges available on the system and described in privileges(7)
5139 * fall into four categories with respect to non-global zones:
5140 *
5141 * Default set of privileges considered safe for all non-global
5142 * zones. These privileges are "safe" in the sense that a
5143 * privileged process in the zone cannot affect processes in any
5144 * other zone on the system.
5145 *
5146 * Set of privileges not currently permitted within a non-global
5147 * zone. These privileges are considered by default, "unsafe,"
5148 * and include ones which affect global resources (such as the
5149 * system clock or physical memory) or are overly broad and cover
5150 * more than one mechanism in the system. In other cases, there
5151 * has not been sufficient virtualization in the parts of the
5152 * system the privilege covers to allow its use within a
5153 * non-global zone.
5154 *
5155 * Set of privileges required in order to get a zone booted and
5156 * init(8) started. These cannot be removed from the zone's
5157 * privilege set.
5158 *
5159 * All other privileges are optional and are potentially useful for
5160 * processes executing inside a non-global zone.
5161 *
5162 * When privileges are added to the system, a determination needs to be
5163 * made as to which category the privilege belongs to. Ideally,
5164 * privileges should be fine-grained enough and the mechanisms they cover
5165 * virtualized enough so that they can be made available to non-global
5166 * zones.
5167 */
5168
5169 /*
5170 * Define some of the tokens that priv_str_to_set(3C) recognizes. Since
5171 * the privilege string separator can be any character, although it is
5172 * usually a comma character, define these here as well in the event that
5173 * they change or are augmented in the future.
5174 */
5175 #define BASIC_TOKEN "basic"
5176 #define DEFAULT_TOKEN "default"
5177 #define ZONE_TOKEN "zone"
5178 #define TOKEN_PRIV_CHAR ','
5179 #define TOKEN_PRIV_STR ","
5180
5181 typedef struct priv_node {
5182 struct priv_node *pn_next; /* Next privilege */
5183 char *pn_priv; /* Privileges name */
5184 } priv_node_t;
5185
5186 /* Privileges lists can differ across brands */
5187 typedef struct priv_lists {
5188 /* Privileges considered safe for all non-global zones of a brand */
5189 struct priv_node *pl_default;
5190
5191 /* Privileges not permitted for all non-global zones of a brand */
5192 struct priv_node *pl_prohibited;
5193
5194 /* Privileges required for all non-global zones of a brand */
5195 struct priv_node *pl_required;
5196
5197 /*
5198 * ip-type of the zone these privileges lists apply to.
5199 * It is used to pass ip-type to the callback function,
5200 * priv_lists_cb, which has no way of getting the ip-type.
5201 */
5202 const char *pl_iptype;
5203 } priv_lists_t;
5204
5205 static int
priv_lists_cb(void * data,priv_iter_t * priv_iter)5206 priv_lists_cb(void *data, priv_iter_t *priv_iter)
5207 {
5208 priv_lists_t *plp = (priv_lists_t *)data;
5209 priv_node_t *pnp;
5210
5211 /* Skip this privilege if ip-type does not match */
5212 if ((strcmp(priv_iter->pi_iptype, "all") != 0) &&
5213 (strcmp(priv_iter->pi_iptype, plp->pl_iptype) != 0))
5214 return (0);
5215
5216 /* Allocate a new priv list node. */
5217 if ((pnp = malloc(sizeof (*pnp))) == NULL)
5218 return (-1);
5219 if ((pnp->pn_priv = strdup(priv_iter->pi_name)) == NULL) {
5220 free(pnp);
5221 return (-1);
5222 }
5223
5224 /* Insert the new priv list node into the right list */
5225 if (strcmp(priv_iter->pi_set, "default") == 0) {
5226 pnp->pn_next = plp->pl_default;
5227 plp->pl_default = pnp;
5228 } else if (strcmp(priv_iter->pi_set, "prohibited") == 0) {
5229 pnp->pn_next = plp->pl_prohibited;
5230 plp->pl_prohibited = pnp;
5231 } else if (strcmp(priv_iter->pi_set, "required") == 0) {
5232 pnp->pn_next = plp->pl_required;
5233 plp->pl_required = pnp;
5234 } else {
5235 free(pnp->pn_priv);
5236 free(pnp);
5237 return (-1);
5238 }
5239 return (0);
5240 }
5241
5242 static void
priv_lists_destroy(priv_lists_t * plp)5243 priv_lists_destroy(priv_lists_t *plp)
5244 {
5245 priv_node_t *pnp;
5246
5247 assert(plp != NULL);
5248
5249 while ((pnp = plp->pl_default) != NULL) {
5250 plp->pl_default = pnp->pn_next;
5251 free(pnp->pn_priv);
5252 free(pnp);
5253 }
5254 while ((pnp = plp->pl_prohibited) != NULL) {
5255 plp->pl_prohibited = pnp->pn_next;
5256 free(pnp->pn_priv);
5257 free(pnp);
5258 }
5259 while ((pnp = plp->pl_required) != NULL) {
5260 plp->pl_required = pnp->pn_next;
5261 free(pnp->pn_priv);
5262 free(pnp);
5263 }
5264 free(plp);
5265 }
5266
5267 static int
priv_lists_create(zone_dochandle_t handle,char * brand,priv_lists_t ** plpp,const char * curr_iptype)5268 priv_lists_create(zone_dochandle_t handle, char *brand, priv_lists_t **plpp,
5269 const char *curr_iptype)
5270 {
5271 priv_lists_t *plp;
5272 brand_handle_t bh;
5273 char brand_str[MAXNAMELEN];
5274
5275 /* handle or brand must be set, but never both */
5276 assert((handle != NULL) || (brand != NULL));
5277 assert((handle == NULL) || (brand == NULL));
5278
5279 if (handle != NULL) {
5280 brand = brand_str;
5281 if (zonecfg_get_brand(handle, brand, sizeof (brand_str)) != 0)
5282 return (Z_BRAND_ERROR);
5283 }
5284
5285 if ((bh = brand_open(brand)) == NULL)
5286 return (Z_BRAND_ERROR);
5287
5288 if ((plp = calloc(1, sizeof (priv_lists_t))) == NULL) {
5289 brand_close(bh);
5290 return (Z_NOMEM);
5291 }
5292
5293 plp->pl_iptype = curr_iptype;
5294
5295 /* construct the privilege lists */
5296 if (brand_config_iter_privilege(bh, priv_lists_cb, plp) != 0) {
5297 priv_lists_destroy(plp);
5298 brand_close(bh);
5299 return (Z_BRAND_ERROR);
5300 }
5301
5302 brand_close(bh);
5303 *plpp = plp;
5304 return (Z_OK);
5305 }
5306
5307 static int
get_default_privset(priv_set_t * privs,priv_lists_t * plp)5308 get_default_privset(priv_set_t *privs, priv_lists_t *plp)
5309 {
5310 priv_node_t *pnp;
5311 priv_set_t *basic;
5312
5313 basic = priv_str_to_set(BASIC_TOKEN, TOKEN_PRIV_STR, NULL);
5314 if (basic == NULL)
5315 return (errno == ENOMEM ? Z_NOMEM : Z_INVAL);
5316
5317 priv_union(basic, privs);
5318 priv_freeset(basic);
5319
5320 for (pnp = plp->pl_default; pnp != NULL; pnp = pnp->pn_next) {
5321 if (priv_addset(privs, pnp->pn_priv) != 0)
5322 return (Z_INVAL);
5323 }
5324
5325 return (Z_OK);
5326 }
5327
5328 int
zonecfg_default_brand(char * brand,size_t brandsize)5329 zonecfg_default_brand(char *brand, size_t brandsize)
5330 {
5331 zone_dochandle_t handle;
5332 int myzoneid = getzoneid();
5333 int ret;
5334
5335 /*
5336 * If we're running within a zone, then the default brand is the
5337 * current zone's brand.
5338 */
5339 if (myzoneid != GLOBAL_ZONEID) {
5340 ret = zone_getattr(myzoneid, ZONE_ATTR_BRAND, brand, brandsize);
5341 if (ret < 0)
5342 return ((errno == EFAULT) ? Z_TOO_BIG : Z_INVAL);
5343 return (Z_OK);
5344 }
5345
5346 if ((handle = zonecfg_init_handle()) == NULL)
5347 return (Z_NOMEM);
5348 if ((ret = zonecfg_get_handle("SUNWdefault", handle)) == Z_OK) {
5349 ret = i_zonecfg_get_brand(handle, brand, brandsize, B_TRUE);
5350 zonecfg_fini_handle(handle);
5351 return (ret);
5352 }
5353 return (ret);
5354 }
5355
5356 int
zonecfg_default_privset(priv_set_t * privs,const char * curr_iptype)5357 zonecfg_default_privset(priv_set_t *privs, const char *curr_iptype)
5358 {
5359 priv_lists_t *plp;
5360 char buf[MAXNAMELEN];
5361 int ret;
5362
5363 if ((ret = zonecfg_default_brand(buf, sizeof (buf))) != Z_OK)
5364 return (ret);
5365 if ((ret = priv_lists_create(NULL, buf, &plp, curr_iptype)) != Z_OK)
5366 return (ret);
5367 ret = get_default_privset(privs, plp);
5368 priv_lists_destroy(plp);
5369 return (ret);
5370 }
5371
5372 void
append_priv_token(char * priv,char * str,size_t strlen)5373 append_priv_token(char *priv, char *str, size_t strlen)
5374 {
5375 if (*str != '\0')
5376 (void) strlcat(str, TOKEN_PRIV_STR, strlen);
5377 (void) strlcat(str, priv, strlen);
5378 }
5379
5380 /*
5381 * Verify that the supplied string is a valid privilege limit set for a
5382 * non-global zone. This string must not only be acceptable to
5383 * priv_str_to_set(3C) which parses it, but it also must resolve to a
5384 * privilege set that includes certain required privileges and lacks
5385 * certain prohibited privileges.
5386 */
5387 static int
verify_privset(char * privbuf,priv_set_t * privs,char ** privname,boolean_t add_default,priv_lists_t * plp)5388 verify_privset(char *privbuf, priv_set_t *privs, char **privname,
5389 boolean_t add_default, priv_lists_t *plp)
5390 {
5391 priv_node_t *pnp;
5392 char *tmp, *cp, *lasts;
5393 size_t len;
5394 priv_set_t *mergeset;
5395 const char *token;
5396
5397 /*
5398 * The verification of the privilege string occurs in several
5399 * phases. In the first phase, the supplied string is scanned for
5400 * the ZONE_TOKEN token which is not support as part of the
5401 * "limitpriv" property.
5402 *
5403 * Duplicate the supplied privilege string since strtok_r(3C)
5404 * tokenizes its input by null-terminating the tokens.
5405 */
5406 if ((tmp = strdup(privbuf)) == NULL)
5407 return (Z_NOMEM);
5408 for (cp = strtok_r(tmp, TOKEN_PRIV_STR, &lasts); cp != NULL;
5409 cp = strtok_r(NULL, TOKEN_PRIV_STR, &lasts)) {
5410 if (strcmp(cp, ZONE_TOKEN) == 0) {
5411 free(tmp);
5412 if ((*privname = strdup(ZONE_TOKEN)) == NULL)
5413 return (Z_NOMEM);
5414 else
5415 return (Z_PRIV_UNKNOWN);
5416 }
5417 }
5418 free(tmp);
5419
5420 if (add_default) {
5421 /*
5422 * If DEFAULT_TOKEN was specified, a string needs to be
5423 * built containing the privileges from the default, safe
5424 * set along with those of the "limitpriv" property.
5425 */
5426 len = strlen(privbuf) + sizeof (BASIC_TOKEN) + 2;
5427
5428 for (pnp = plp->pl_default; pnp != NULL; pnp = pnp->pn_next)
5429 len += strlen(pnp->pn_priv) + 1;
5430 tmp = alloca(len);
5431 *tmp = '\0';
5432
5433 append_priv_token(BASIC_TOKEN, tmp, len);
5434 for (pnp = plp->pl_default; pnp != NULL; pnp = pnp->pn_next)
5435 append_priv_token(pnp->pn_priv, tmp, len);
5436 (void) strlcat(tmp, TOKEN_PRIV_STR, len);
5437 (void) strlcat(tmp, privbuf, len);
5438 } else {
5439 tmp = privbuf;
5440 }
5441
5442
5443 /*
5444 * In the next phase, attempt to convert the merged privilege
5445 * string into a privilege set. In the case of an error, either
5446 * there was a memory allocation failure or there was an invalid
5447 * privilege token in the string. In either case, return an
5448 * appropriate error code but in the event of an invalid token,
5449 * allocate a string containing its name and return that back to
5450 * the caller.
5451 */
5452 mergeset = priv_str_to_set(tmp, TOKEN_PRIV_STR, &token);
5453 if (mergeset == NULL) {
5454 if (token == NULL)
5455 return (Z_NOMEM);
5456 if ((cp = strchr(token, TOKEN_PRIV_CHAR)) != NULL)
5457 *cp = '\0';
5458 if ((*privname = strdup(token)) == NULL)
5459 return (Z_NOMEM);
5460 else
5461 return (Z_PRIV_UNKNOWN);
5462 }
5463
5464 /*
5465 * Next, verify that none of the prohibited zone privileges are
5466 * present in the merged privilege set.
5467 */
5468 for (pnp = plp->pl_prohibited; pnp != NULL; pnp = pnp->pn_next) {
5469 if (priv_ismember(mergeset, pnp->pn_priv)) {
5470 priv_freeset(mergeset);
5471 if ((*privname = strdup(pnp->pn_priv)) == NULL)
5472 return (Z_NOMEM);
5473 else
5474 return (Z_PRIV_PROHIBITED);
5475 }
5476 }
5477
5478 /*
5479 * Finally, verify that all of the required zone privileges are
5480 * present in the merged privilege set.
5481 */
5482 for (pnp = plp->pl_required; pnp != NULL; pnp = pnp->pn_next) {
5483 if (!priv_ismember(mergeset, pnp->pn_priv)) {
5484 priv_freeset(mergeset);
5485 if ((*privname = strdup(pnp->pn_priv)) == NULL)
5486 return (Z_NOMEM);
5487 else
5488 return (Z_PRIV_REQUIRED);
5489 }
5490 }
5491
5492 priv_copyset(mergeset, privs);
5493 priv_freeset(mergeset);
5494 return (Z_OK);
5495 }
5496
5497 /*
5498 * Fill in the supplied privilege set with either the default, safe set of
5499 * privileges suitable for a non-global zone, or one based on the
5500 * "limitpriv" property in the zone's configuration.
5501 *
5502 * In the event of an invalid privilege specification in the
5503 * configuration, a string is allocated and returned containing the
5504 * "privilege" causing the issue. It is the caller's responsibility to
5505 * free this memory when it is done with it.
5506 */
5507 int
zonecfg_get_privset(zone_dochandle_t handle,priv_set_t * privs,char ** privname)5508 zonecfg_get_privset(zone_dochandle_t handle, priv_set_t *privs,
5509 char **privname)
5510 {
5511 priv_lists_t *plp;
5512 char *cp, *limitpriv = NULL;
5513 int err, limitlen;
5514 zone_iptype_t iptype;
5515 const char *curr_iptype;
5516
5517 /*
5518 * Attempt to lookup the "limitpriv" property. If it does not
5519 * exist or matches the string DEFAULT_TOKEN exactly, then the
5520 * default, safe privilege set is returned.
5521 */
5522 if ((err = zonecfg_get_limitpriv(handle, &limitpriv)) != Z_OK)
5523 return (err);
5524
5525 if ((err = zonecfg_get_iptype(handle, &iptype)) != Z_OK)
5526 return (err);
5527
5528 switch (iptype) {
5529 case ZS_SHARED:
5530 curr_iptype = "shared";
5531 break;
5532 case ZS_EXCLUSIVE:
5533 curr_iptype = "exclusive";
5534 break;
5535 }
5536
5537 if ((err = priv_lists_create(handle, NULL, &plp, curr_iptype)) != Z_OK)
5538 return (err);
5539
5540 limitlen = strlen(limitpriv);
5541 if (limitlen == 0 || strcmp(limitpriv, DEFAULT_TOKEN) == 0) {
5542 free(limitpriv);
5543 err = get_default_privset(privs, plp);
5544 priv_lists_destroy(plp);
5545 return (err);
5546 }
5547
5548 /*
5549 * Check if the string DEFAULT_TOKEN is the first token in a list
5550 * of privileges.
5551 */
5552 cp = strchr(limitpriv, TOKEN_PRIV_CHAR);
5553 if (cp != NULL &&
5554 strncmp(limitpriv, DEFAULT_TOKEN, cp - limitpriv) == 0)
5555 err = verify_privset(cp + 1, privs, privname, B_TRUE, plp);
5556 else
5557 err = verify_privset(limitpriv, privs, privname, B_FALSE, plp);
5558
5559 free(limitpriv);
5560 priv_lists_destroy(plp);
5561 return (err);
5562 }
5563
5564 int
zone_get_zonepath(char * zone_name,char * zonepath,size_t rp_sz)5565 zone_get_zonepath(char *zone_name, char *zonepath, size_t rp_sz)
5566 {
5567 zone_dochandle_t handle;
5568 boolean_t found = B_FALSE;
5569 struct zoneent *ze;
5570 FILE *cookie;
5571 int err;
5572 char *cp;
5573
5574 if (zone_name == NULL)
5575 return (Z_INVAL);
5576
5577 (void) strlcpy(zonepath, zonecfg_root, rp_sz);
5578 cp = zonepath + strlen(zonepath);
5579 while (cp > zonepath && cp[-1] == '/')
5580 *--cp = '\0';
5581
5582 if (strcmp(zone_name, GLOBAL_ZONENAME) == 0) {
5583 if (zonepath[0] == '\0')
5584 (void) strlcpy(zonepath, "/", rp_sz);
5585 return (Z_OK);
5586 }
5587
5588 /*
5589 * First check the index file. Because older versions did not have
5590 * a copy of the zone path, allow for it to be zero length, in which
5591 * case we ignore this result and fall back to the XML files.
5592 */
5593 cookie = setzoneent();
5594 while ((ze = getzoneent_private(cookie)) != NULL) {
5595 if (strcmp(ze->zone_name, zone_name) == 0) {
5596 found = B_TRUE;
5597 if (ze->zone_path[0] != '\0')
5598 (void) strlcpy(cp, ze->zone_path,
5599 rp_sz - (cp - zonepath));
5600 }
5601 free(ze);
5602 if (found)
5603 break;
5604 }
5605 endzoneent(cookie);
5606 if (found && *cp != '\0')
5607 return (Z_OK);
5608
5609 /* Fall back to the XML files. */
5610 if ((handle = zonecfg_init_handle()) == NULL)
5611 return (Z_NOMEM);
5612
5613 /*
5614 * Check the snapshot first: if a zone is running, its zonepath
5615 * may have changed.
5616 */
5617 if (zonecfg_get_snapshot_handle(zone_name, handle) != Z_OK) {
5618 if ((err = zonecfg_get_handle(zone_name, handle)) != Z_OK) {
5619 zonecfg_fini_handle(handle);
5620 return (err);
5621 }
5622 }
5623 err = zonecfg_get_zonepath(handle, zonepath, rp_sz);
5624 zonecfg_fini_handle(handle);
5625 return (err);
5626 }
5627
5628 int
zone_get_rootpath(char * zone_name,char * rootpath,size_t rp_sz)5629 zone_get_rootpath(char *zone_name, char *rootpath, size_t rp_sz)
5630 {
5631 int err;
5632
5633 /* This function makes sense for non-global zones only. */
5634 if (strcmp(zone_name, GLOBAL_ZONENAME) == 0)
5635 return (Z_BOGUS_ZONE_NAME);
5636 if ((err = zone_get_zonepath(zone_name, rootpath, rp_sz)) != Z_OK)
5637 return (err);
5638 if (strlcat(rootpath, "/root", rp_sz) >= rp_sz)
5639 return (Z_TOO_BIG);
5640 return (Z_OK);
5641 }
5642
5643 int
zone_get_brand(char * zone_name,char * brandname,size_t rp_sz)5644 zone_get_brand(char *zone_name, char *brandname, size_t rp_sz)
5645 {
5646 int err;
5647 zone_dochandle_t handle;
5648 char myzone[MAXNAMELEN];
5649 int myzoneid = getzoneid();
5650
5651 /*
5652 * If we are not in the global zone, then we don't have the zone
5653 * .xml files with the brand name available. Thus, we are going to
5654 * have to ask the kernel for the information.
5655 */
5656 if (myzoneid != GLOBAL_ZONEID) {
5657 if (is_system_labeled()) {
5658 (void) strlcpy(brandname, NATIVE_BRAND_NAME, rp_sz);
5659 return (Z_OK);
5660 }
5661 if (zone_getattr(myzoneid, ZONE_ATTR_NAME, myzone,
5662 sizeof (myzone)) < 0)
5663 return (Z_NO_ZONE);
5664 if (!zonecfg_is_scratch(myzone)) {
5665 if (strncmp(zone_name, myzone, MAXNAMELEN) != 0)
5666 return (Z_NO_ZONE);
5667 }
5668 err = zone_getattr(myzoneid, ZONE_ATTR_BRAND, brandname, rp_sz);
5669 if (err < 0)
5670 return ((errno == EFAULT) ? Z_TOO_BIG : Z_INVAL);
5671
5672 return (Z_OK);
5673 }
5674
5675 if (strcmp(zone_name, "global") == 0)
5676 return (zonecfg_default_brand(brandname, rp_sz));
5677
5678 if ((handle = zonecfg_init_handle()) == NULL)
5679 return (Z_NOMEM);
5680
5681 err = zonecfg_get_handle((char *)zone_name, handle);
5682 if (err == Z_OK)
5683 err = zonecfg_get_brand(handle, brandname, rp_sz);
5684
5685 zonecfg_fini_handle(handle);
5686 return (err);
5687 }
5688
5689 /*
5690 * Return the appropriate root for the active /dev.
5691 * For normal zone, the path is $ZONEPATH/root;
5692 * for scratch zone, the dev path is $ZONEPATH/lu.
5693 */
5694 int
zone_get_devroot(char * zone_name,char * devroot,size_t rp_sz)5695 zone_get_devroot(char *zone_name, char *devroot, size_t rp_sz)
5696 {
5697 int err;
5698 char *suffix;
5699 zone_state_t state;
5700
5701 /* This function makes sense for non-global zones only. */
5702 if (strcmp(zone_name, GLOBAL_ZONENAME) == 0)
5703 return (Z_BOGUS_ZONE_NAME);
5704 if ((err = zone_get_zonepath(zone_name, devroot, rp_sz)) != Z_OK)
5705 return (err);
5706
5707 if (zone_get_state(zone_name, &state) == Z_OK &&
5708 state == ZONE_STATE_MOUNTED)
5709 suffix = "/lu";
5710 else
5711 suffix = "/root";
5712 if (strlcat(devroot, suffix, rp_sz) >= rp_sz)
5713 return (Z_TOO_BIG);
5714 return (Z_OK);
5715 }
5716
5717 static zone_state_t
kernel_state_to_user_state(zoneid_t zoneid,zone_status_t kernel_state)5718 kernel_state_to_user_state(zoneid_t zoneid, zone_status_t kernel_state)
5719 {
5720 char zoneroot[MAXPATHLEN];
5721 size_t zlen;
5722
5723 assert(kernel_state <= ZONE_MAX_STATE);
5724 switch (kernel_state) {
5725 case ZONE_IS_UNINITIALIZED:
5726 case ZONE_IS_INITIALIZED:
5727 /* The kernel will not return these two states */
5728 return (ZONE_STATE_READY);
5729 case ZONE_IS_READY:
5730 /*
5731 * If the zone's root is mounted on $ZONEPATH/lu, then
5732 * it's a mounted scratch zone.
5733 */
5734 if (zone_getattr(zoneid, ZONE_ATTR_ROOT, zoneroot,
5735 sizeof (zoneroot)) >= 0) {
5736 zlen = strlen(zoneroot);
5737 if (zlen > 3 &&
5738 strcmp(zoneroot + zlen - 3, "/lu") == 0)
5739 return (ZONE_STATE_MOUNTED);
5740 }
5741 return (ZONE_STATE_READY);
5742 case ZONE_IS_BOOTING:
5743 case ZONE_IS_RUNNING:
5744 return (ZONE_STATE_RUNNING);
5745 case ZONE_IS_SHUTTING_DOWN:
5746 case ZONE_IS_EMPTY:
5747 return (ZONE_STATE_SHUTTING_DOWN);
5748 case ZONE_IS_DOWN:
5749 case ZONE_IS_DYING:
5750 case ZONE_IS_DEAD:
5751 default:
5752 return (ZONE_STATE_DOWN);
5753 }
5754 /* NOTREACHED */
5755 }
5756
5757 int
zone_get_state(char * zone_name,zone_state_t * state_num)5758 zone_get_state(char *zone_name, zone_state_t *state_num)
5759 {
5760 zone_status_t status;
5761 zoneid_t zone_id;
5762 struct zoneent *ze;
5763 boolean_t found = B_FALSE;
5764 FILE *cookie;
5765 char kernzone[ZONENAME_MAX];
5766 FILE *fp;
5767
5768 if (zone_name == NULL)
5769 return (Z_INVAL);
5770
5771 /*
5772 * If we're looking at an alternate root, then we need to query the
5773 * kernel using the scratch zone name.
5774 */
5775 zone_id = -1;
5776 if (*zonecfg_root != '\0' && !zonecfg_is_scratch(zone_name)) {
5777 if ((fp = zonecfg_open_scratch("", B_FALSE)) != NULL) {
5778 if (zonecfg_find_scratch(fp, zone_name, zonecfg_root,
5779 kernzone, sizeof (kernzone)) == 0)
5780 zone_id = getzoneidbyname(kernzone);
5781 zonecfg_close_scratch(fp);
5782 }
5783 } else {
5784 zone_id = getzoneidbyname(zone_name);
5785 }
5786
5787 /* check to see if zone is running */
5788 if (zone_id != -1 &&
5789 zone_getattr(zone_id, ZONE_ATTR_STATUS, &status,
5790 sizeof (status)) >= 0) {
5791 *state_num = kernel_state_to_user_state(zone_id, status);
5792 return (Z_OK);
5793 }
5794
5795 cookie = setzoneent();
5796 while ((ze = getzoneent_private(cookie)) != NULL) {
5797 if (strcmp(ze->zone_name, zone_name) == 0) {
5798 found = B_TRUE;
5799 *state_num = ze->zone_state;
5800 }
5801 free(ze);
5802 if (found)
5803 break;
5804 }
5805 endzoneent(cookie);
5806 return ((found) ? Z_OK : Z_NO_ZONE);
5807 }
5808
5809 int
zone_set_state(char * zone,zone_state_t state)5810 zone_set_state(char *zone, zone_state_t state)
5811 {
5812 struct zoneent ze;
5813
5814 if (state != ZONE_STATE_CONFIGURED && state != ZONE_STATE_INSTALLED &&
5815 state != ZONE_STATE_INCOMPLETE)
5816 return (Z_INVAL);
5817
5818 bzero(&ze, sizeof (ze));
5819 (void) strlcpy(ze.zone_name, zone, sizeof (ze.zone_name));
5820 ze.zone_state = state;
5821 (void) strlcpy(ze.zone_path, "", sizeof (ze.zone_path));
5822 return (putzoneent(&ze, PZE_MODIFY));
5823 }
5824
5825 /*
5826 * Get id (if any) for specified zone. There are four possible outcomes:
5827 * - If the string corresponds to the numeric id of an active (booted)
5828 * zone, sets *zip to the zone id and returns 0.
5829 * - If the string corresponds to the name of an active (booted) zone,
5830 * sets *zip to the zone id and returns 0.
5831 * - If the string is a name in the configuration but is not booted,
5832 * sets *zip to ZONE_ID_UNDEFINED and returns 0.
5833 * - Otherwise, leaves *zip unchanged and returns -1.
5834 *
5835 * This function acts as an auxiliary filter on the function of the same
5836 * name in libc; the linker binds to this version if libzonecfg exists,
5837 * and the libc version if it doesn't. Any changes to this version of
5838 * the function should probably be reflected in the libc version as well.
5839 */
5840 int
zone_get_id(const char * str,zoneid_t * zip)5841 zone_get_id(const char *str, zoneid_t *zip)
5842 {
5843 zone_dochandle_t hdl;
5844 zoneid_t zoneid;
5845 char *cp;
5846 int err;
5847
5848 /* first try looking for active zone by id */
5849 errno = 0;
5850 zoneid = (zoneid_t)strtol(str, &cp, 0);
5851 if (errno == 0 && cp != str && *cp == '\0' &&
5852 getzonenamebyid(zoneid, NULL, 0) != -1) {
5853 *zip = zoneid;
5854 return (0);
5855 }
5856
5857 /* then look for active zone by name */
5858 if ((zoneid = getzoneidbyname(str)) != -1) {
5859 *zip = zoneid;
5860 return (0);
5861 }
5862
5863 /* if in global zone, try looking up name in configuration database */
5864 if (getzoneid() != GLOBAL_ZONEID ||
5865 (hdl = zonecfg_init_handle()) == NULL)
5866 return (-1);
5867
5868 if (zonecfg_get_handle(str, hdl) == Z_OK) {
5869 /* zone exists but isn't active */
5870 *zip = ZONE_ID_UNDEFINED;
5871 err = 0;
5872 } else {
5873 err = -1;
5874 }
5875
5876 zonecfg_fini_handle(hdl);
5877 return (err);
5878 }
5879
5880 char *
zone_state_str(zone_state_t state_num)5881 zone_state_str(zone_state_t state_num)
5882 {
5883 switch (state_num) {
5884 case ZONE_STATE_CONFIGURED:
5885 return (ZONE_STATE_STR_CONFIGURED);
5886 case ZONE_STATE_INCOMPLETE:
5887 return (ZONE_STATE_STR_INCOMPLETE);
5888 case ZONE_STATE_INSTALLED:
5889 return (ZONE_STATE_STR_INSTALLED);
5890 case ZONE_STATE_READY:
5891 return (ZONE_STATE_STR_READY);
5892 case ZONE_STATE_MOUNTED:
5893 return (ZONE_STATE_STR_MOUNTED);
5894 case ZONE_STATE_RUNNING:
5895 return (ZONE_STATE_STR_RUNNING);
5896 case ZONE_STATE_SHUTTING_DOWN:
5897 return (ZONE_STATE_STR_SHUTTING_DOWN);
5898 case ZONE_STATE_DOWN:
5899 return (ZONE_STATE_STR_DOWN);
5900 default:
5901 return ("unknown");
5902 }
5903 }
5904
5905 /*
5906 * Given a UUID value, find an associated zone name. This is intended to be
5907 * used by callers who set up some 'default' name (corresponding to the
5908 * expected name for the zone) in the zonename buffer, and thus the function
5909 * doesn't touch this buffer on failure.
5910 */
5911 int
zonecfg_get_name_by_uuid(const uuid_t uuidin,char * zonename,size_t namelen)5912 zonecfg_get_name_by_uuid(const uuid_t uuidin, char *zonename, size_t namelen)
5913 {
5914 FILE *fp;
5915 struct zoneent *ze;
5916 uchar_t *uuid;
5917
5918 /*
5919 * A small amount of subterfuge via casts is necessary here because
5920 * libuuid doesn't use const correctly, but we don't want to export
5921 * this brokenness to our clients.
5922 */
5923 uuid = (uchar_t *)uuidin;
5924 if (uuid_is_null(uuid))
5925 return (Z_NO_ZONE);
5926 if ((fp = setzoneent()) == NULL)
5927 return (Z_NO_ZONE);
5928 while ((ze = getzoneent_private(fp)) != NULL) {
5929 if (uuid_compare(uuid, ze->zone_uuid) == 0)
5930 break;
5931 free(ze);
5932 }
5933 endzoneent(fp);
5934 if (ze != NULL) {
5935 (void) strlcpy(zonename, ze->zone_name, namelen);
5936 free(ze);
5937 return (Z_OK);
5938 } else {
5939 return (Z_NO_ZONE);
5940 }
5941 }
5942
5943 /*
5944 * Given a zone name, get its UUID. Returns a "NULL" UUID value if the zone
5945 * exists but the file doesn't have a value set yet. Returns an error if the
5946 * zone cannot be located.
5947 */
5948 int
zonecfg_get_uuid(const char * zonename,uuid_t uuid)5949 zonecfg_get_uuid(const char *zonename, uuid_t uuid)
5950 {
5951 FILE *fp;
5952 struct zoneent *ze;
5953
5954 if ((fp = setzoneent()) == NULL)
5955 return (Z_NO_ZONE);
5956 while ((ze = getzoneent_private(fp)) != NULL) {
5957 if (strcmp(ze->zone_name, zonename) == 0)
5958 break;
5959 free(ze);
5960 }
5961 endzoneent(fp);
5962 if (ze != NULL) {
5963 uuid_copy(uuid, ze->zone_uuid);
5964 free(ze);
5965 return (Z_OK);
5966 } else {
5967 return (Z_NO_ZONE);
5968 }
5969 }
5970
5971 /*
5972 * File-system convenience functions.
5973 */
5974 boolean_t
zonecfg_valid_fs_type(const char * type)5975 zonecfg_valid_fs_type(const char *type)
5976 {
5977 /*
5978 * We already know which FS types don't work.
5979 */
5980 if (strcmp(type, "proc") == 0 ||
5981 strcmp(type, "mntfs") == 0 ||
5982 strcmp(type, "autofs") == 0 ||
5983 strncmp(type, "nfs", sizeof ("nfs") - 1) == 0)
5984 return (B_FALSE);
5985 /*
5986 * The caller may do more detailed verification to make sure other
5987 * aspects of this filesystem type make sense.
5988 */
5989 return (B_TRUE);
5990 }
5991
5992 /*
5993 * Generally uninteresting rctl convenience functions.
5994 */
5995
5996 int
zonecfg_construct_rctlblk(const struct zone_rctlvaltab * rctlval,rctlblk_t * rctlblk)5997 zonecfg_construct_rctlblk(const struct zone_rctlvaltab *rctlval,
5998 rctlblk_t *rctlblk)
5999 {
6000 unsigned long long ull;
6001 char *endp;
6002 rctl_priv_t priv;
6003 rctl_qty_t limit;
6004 uint_t action;
6005
6006 /* Get the privilege */
6007 if (strcmp(rctlval->zone_rctlval_priv, "basic") == 0) {
6008 priv = RCPRIV_BASIC;
6009 } else if (strcmp(rctlval->zone_rctlval_priv, "privileged") == 0) {
6010 priv = RCPRIV_PRIVILEGED;
6011 } else {
6012 /* Invalid privilege */
6013 return (Z_INVAL);
6014 }
6015
6016 /* deal with negative input; strtoull(3c) doesn't do what we want */
6017 if (rctlval->zone_rctlval_limit[0] == '-')
6018 return (Z_INVAL);
6019 /* Get the limit */
6020 errno = 0;
6021 ull = strtoull(rctlval->zone_rctlval_limit, &endp, 0);
6022 if (errno != 0 || *endp != '\0') {
6023 /* parse failed */
6024 return (Z_INVAL);
6025 }
6026 limit = (rctl_qty_t)ull;
6027
6028 /* Get the action */
6029 if (strcmp(rctlval->zone_rctlval_action, "none") == 0) {
6030 action = RCTL_LOCAL_NOACTION;
6031 } else if (strcmp(rctlval->zone_rctlval_action, "signal") == 0) {
6032 action = RCTL_LOCAL_SIGNAL;
6033 } else if (strcmp(rctlval->zone_rctlval_action, "deny") == 0) {
6034 action = RCTL_LOCAL_DENY;
6035 } else {
6036 /* Invalid Action */
6037 return (Z_INVAL);
6038 }
6039 rctlblk_set_local_action(rctlblk, action, 0);
6040 rctlblk_set_privilege(rctlblk, priv);
6041 rctlblk_set_value(rctlblk, limit);
6042 return (Z_OK);
6043 }
6044
6045 static int
rctl_check(const char * rctlname,void * arg)6046 rctl_check(const char *rctlname, void *arg)
6047 {
6048 const char *attrname = arg;
6049
6050 /*
6051 * Returning 1 here is our signal to zonecfg_is_rctl() that it is
6052 * indeed an rctl name recognized by the system.
6053 */
6054 return (strcmp(rctlname, attrname) == 0 ? 1 : 0);
6055 }
6056
6057 boolean_t
zonecfg_is_rctl(const char * name)6058 zonecfg_is_rctl(const char *name)
6059 {
6060 return (rctl_walk(rctl_check, (void *)name) == 1);
6061 }
6062
6063 boolean_t
zonecfg_valid_rctlname(const char * name)6064 zonecfg_valid_rctlname(const char *name)
6065 {
6066 const char *c;
6067
6068 if (strncmp(name, "zone.", sizeof ("zone.") - 1) != 0)
6069 return (B_FALSE);
6070 if (strlen(name) == sizeof ("zone.") - 1)
6071 return (B_FALSE);
6072 for (c = name + sizeof ("zone.") - 1; *c != '\0'; c++) {
6073 if (!isalpha(*c) && *c != '-')
6074 return (B_FALSE);
6075 }
6076 return (B_TRUE);
6077 }
6078
6079 boolean_t
zonecfg_valid_rctlblk(const rctlblk_t * rctlblk)6080 zonecfg_valid_rctlblk(const rctlblk_t *rctlblk)
6081 {
6082 rctl_priv_t priv = rctlblk_get_privilege((rctlblk_t *)rctlblk);
6083 uint_t action = rctlblk_get_local_action((rctlblk_t *)rctlblk, NULL);
6084
6085 if (priv != RCPRIV_PRIVILEGED)
6086 return (B_FALSE);
6087 if (action != RCTL_LOCAL_NOACTION && action != RCTL_LOCAL_DENY)
6088 return (B_FALSE);
6089 return (B_TRUE);
6090 }
6091
6092 boolean_t
zonecfg_valid_rctl(const char * name,const rctlblk_t * rctlblk)6093 zonecfg_valid_rctl(const char *name, const rctlblk_t *rctlblk)
6094 {
6095 rctlblk_t *current, *next;
6096 rctl_qty_t limit = rctlblk_get_value((rctlblk_t *)rctlblk);
6097 uint_t action = rctlblk_get_local_action((rctlblk_t *)rctlblk, NULL);
6098 uint_t global_flags;
6099
6100 if (!zonecfg_valid_rctlblk(rctlblk))
6101 return (B_FALSE);
6102 if (!zonecfg_valid_rctlname(name))
6103 return (B_FALSE);
6104
6105 current = alloca(rctlblk_size());
6106 if (getrctl(name, NULL, current, RCTL_FIRST) != 0)
6107 return (B_TRUE); /* not an rctl on this system */
6108 /*
6109 * Make sure the proposed value isn't greater than the current system
6110 * value.
6111 */
6112 next = alloca(rctlblk_size());
6113 while (rctlblk_get_privilege(current) != RCPRIV_SYSTEM) {
6114 rctlblk_t *tmp;
6115
6116 if (getrctl(name, current, next, RCTL_NEXT) != 0)
6117 return (B_FALSE); /* shouldn't happen */
6118 tmp = current;
6119 current = next;
6120 next = tmp;
6121 }
6122 if (limit > rctlblk_get_value(current))
6123 return (B_FALSE);
6124
6125 /*
6126 * Make sure the proposed action is allowed.
6127 */
6128 global_flags = rctlblk_get_global_flags(current);
6129 if ((global_flags & RCTL_GLOBAL_DENY_NEVER) &&
6130 action == RCTL_LOCAL_DENY)
6131 return (B_FALSE);
6132 if ((global_flags & RCTL_GLOBAL_DENY_ALWAYS) &&
6133 action == RCTL_LOCAL_NOACTION)
6134 return (B_FALSE);
6135
6136 return (B_TRUE);
6137 }
6138
6139 /*
6140 * There is always a race condition between reading the initial copy of
6141 * a zones state and its state changing. We address this by providing
6142 * zonecfg_notify_critical_enter and zonecfg_noticy_critical_exit functions.
6143 * When zonecfg_critical_enter is called, sets the state field to LOCKED
6144 * and aquires biglock. Biglock protects against other threads executing
6145 * critical_enter and the state field protects against state changes during
6146 * the critical period.
6147 *
6148 * If any state changes occur, zn_cb will set the failed field of the znotify
6149 * structure. This will cause the critical_exit function to re-lock the
6150 * channel and return an error. Since evsnts may be delayed, the critical_exit
6151 * function "flushes" the queue by putting an event on the queue and waiting for
6152 * zn_cb to notify critical_exit that it received the ping event.
6153 */
6154 static const char *
string_get_tok(const char * in,char delim,int num)6155 string_get_tok(const char *in, char delim, int num)
6156 {
6157 int i = 0;
6158
6159 for (; i < num; in++) {
6160 if (*in == delim)
6161 i++;
6162 if (*in == 0)
6163 return (NULL);
6164 }
6165 return (in);
6166 }
6167
6168 static boolean_t
is_ping(sysevent_t * ev)6169 is_ping(sysevent_t *ev)
6170 {
6171 if (strcmp(sysevent_get_subclass_name(ev),
6172 ZONE_EVENT_PING_SUBCLASS) == 0) {
6173 return (B_TRUE);
6174 } else {
6175 return (B_FALSE);
6176 }
6177 }
6178
6179 static boolean_t
is_my_ping(sysevent_t * ev)6180 is_my_ping(sysevent_t *ev)
6181 {
6182 const char *sender;
6183 char mypid[sizeof (pid_t) * 3 + 1];
6184
6185 (void) snprintf(mypid, sizeof (mypid), "%i", getpid());
6186 sender = string_get_tok(sysevent_get_pub(ev), ':', 3);
6187 if (sender == NULL)
6188 return (B_FALSE);
6189 if (strcmp(sender, mypid) != 0)
6190 return (B_FALSE);
6191 return (B_TRUE);
6192 }
6193
6194 static int
do_callback(struct znotify * zevtchan,sysevent_t * ev)6195 do_callback(struct znotify *zevtchan, sysevent_t *ev)
6196 {
6197 nvlist_t *l;
6198 int zid;
6199 char *zonename;
6200 char *newstate;
6201 char *oldstate;
6202 int ret;
6203 hrtime_t when;
6204
6205 if (strcmp(sysevent_get_subclass_name(ev),
6206 ZONE_EVENT_STATUS_SUBCLASS) == 0) {
6207
6208 if (sysevent_get_attr_list(ev, &l) != 0) {
6209 if (errno == ENOMEM) {
6210 zevtchan->zn_failure_count++;
6211 return (EAGAIN);
6212 }
6213 return (0);
6214 }
6215 ret = 0;
6216
6217 if ((nvlist_lookup_string(l, ZONE_CB_NAME, &zonename) == 0) &&
6218 (nvlist_lookup_string(l, ZONE_CB_NEWSTATE, &newstate)
6219 == 0) &&
6220 (nvlist_lookup_string(l, ZONE_CB_OLDSTATE, &oldstate)
6221 == 0) &&
6222 (nvlist_lookup_uint64(l, ZONE_CB_TIMESTAMP,
6223 (uint64_t *)&when) == 0) &&
6224 (nvlist_lookup_int32(l, ZONE_CB_ZONEID, &zid) == 0)) {
6225 ret = zevtchan->zn_callback(zonename, zid, newstate,
6226 oldstate, when, zevtchan->zn_private);
6227 }
6228
6229 zevtchan->zn_failure_count = 0;
6230 nvlist_free(l);
6231 return (ret);
6232 } else {
6233 /*
6234 * We have received an event in an unknown subclass. Ignore.
6235 */
6236 zevtchan->zn_failure_count = 0;
6237 return (0);
6238 }
6239 }
6240
6241 static int
zn_cb(sysevent_t * ev,void * p)6242 zn_cb(sysevent_t *ev, void *p)
6243 {
6244 struct znotify *zevtchan = p;
6245 int error;
6246
6247 (void) pthread_mutex_lock(&(zevtchan->zn_mutex));
6248
6249 if (is_ping(ev) && !is_my_ping(ev)) {
6250 (void) pthread_mutex_unlock((&zevtchan->zn_mutex));
6251 return (0);
6252 }
6253
6254 if (zevtchan->zn_state == ZN_LOCKED) {
6255 assert(!is_ping(ev));
6256 zevtchan->zn_failed = B_TRUE;
6257 (void) pthread_mutex_unlock(&(zevtchan->zn_mutex));
6258 return (0);
6259 }
6260
6261 if (zevtchan->zn_state == ZN_PING_INFLIGHT) {
6262 if (is_ping(ev)) {
6263 zevtchan->zn_state = ZN_PING_RECEIVED;
6264 (void) pthread_cond_signal(&(zevtchan->zn_cond));
6265 (void) pthread_mutex_unlock(&(zevtchan->zn_mutex));
6266 return (0);
6267 } else {
6268 zevtchan->zn_failed = B_TRUE;
6269 (void) pthread_mutex_unlock(&(zevtchan->zn_mutex));
6270 return (0);
6271 }
6272 }
6273
6274 if (zevtchan->zn_state == ZN_UNLOCKED) {
6275
6276 error = do_callback(zevtchan, ev);
6277 (void) pthread_mutex_unlock(&(zevtchan->zn_mutex));
6278 /*
6279 * Every ENOMEM failure causes do_callback to increment
6280 * zn_failure_count and every success causes it to
6281 * set zn_failure_count to zero. If we got EAGAIN,
6282 * we will sleep for zn_failure_count seconds and return
6283 * EAGAIN to gpec to try again.
6284 *
6285 * After 55 seconds, or 10 try's we give up and drop the
6286 * event.
6287 */
6288 if (error == EAGAIN) {
6289 if (zevtchan->zn_failure_count > ZONE_CB_RETRY_COUNT) {
6290 return (0);
6291 }
6292 (void) sleep(zevtchan->zn_failure_count);
6293 }
6294 return (error);
6295 }
6296
6297 if (zevtchan->zn_state == ZN_PING_RECEIVED) {
6298 (void) pthread_mutex_unlock(&(zevtchan->zn_mutex));
6299 return (0);
6300 }
6301
6302 abort();
6303 return (0);
6304 }
6305
6306 void
zonecfg_notify_critical_enter(void * h)6307 zonecfg_notify_critical_enter(void *h)
6308 {
6309 struct znotify *zevtchan = h;
6310
6311 (void) pthread_mutex_lock(&(zevtchan->zn_bigmutex));
6312 zevtchan->zn_state = ZN_LOCKED;
6313 }
6314
6315 int
zonecfg_notify_critical_exit(void * h)6316 zonecfg_notify_critical_exit(void * h)
6317 {
6318
6319 struct znotify *zevtchan = h;
6320
6321 if (zevtchan->zn_state == ZN_UNLOCKED)
6322 return (0);
6323
6324 (void) pthread_mutex_lock(&(zevtchan->zn_mutex));
6325 zevtchan->zn_state = ZN_PING_INFLIGHT;
6326
6327 (void) sysevent_evc_publish(zevtchan->zn_eventchan,
6328 ZONE_EVENT_STATUS_CLASS,
6329 ZONE_EVENT_PING_SUBCLASS, ZONE_EVENT_PING_PUBLISHER,
6330 zevtchan->zn_subscriber_id, NULL, EVCH_SLEEP);
6331
6332 while (zevtchan->zn_state != ZN_PING_RECEIVED) {
6333 (void) pthread_cond_wait(&(zevtchan->zn_cond),
6334 &(zevtchan->zn_mutex));
6335 }
6336
6337 if (zevtchan->zn_failed == B_TRUE) {
6338 zevtchan->zn_state = ZN_LOCKED;
6339 zevtchan->zn_failed = B_FALSE;
6340 (void) pthread_mutex_unlock(&(zevtchan->zn_mutex));
6341 return (1);
6342 }
6343
6344 zevtchan->zn_state = ZN_UNLOCKED;
6345 (void) pthread_mutex_unlock(&(zevtchan->zn_mutex));
6346 (void) pthread_mutex_unlock(&(zevtchan->zn_bigmutex));
6347 return (0);
6348 }
6349
6350 void
zonecfg_notify_critical_abort(void * h)6351 zonecfg_notify_critical_abort(void *h)
6352 {
6353 struct znotify *zevtchan = h;
6354
6355 zevtchan->zn_state = ZN_UNLOCKED;
6356 zevtchan->zn_failed = B_FALSE;
6357 /*
6358 * Don't do anything about zn_lock. If it is held, it could only be
6359 * held by zn_cb and it will be unlocked soon.
6360 */
6361 (void) pthread_mutex_unlock(&(zevtchan->zn_bigmutex));
6362 }
6363
6364 void *
zonecfg_notify_bind(int (* func)(const char * zonename,zoneid_t zid,const char * newstate,const char * oldstate,hrtime_t when,void * p),void * p)6365 zonecfg_notify_bind(int(*func)(const char *zonename, zoneid_t zid,
6366 const char *newstate, const char *oldstate, hrtime_t when, void *p),
6367 void *p)
6368 {
6369 struct znotify *zevtchan;
6370 int i = 1;
6371 int r;
6372
6373 zevtchan = malloc(sizeof (struct znotify));
6374
6375 if (zevtchan == NULL)
6376 return (NULL);
6377
6378 zevtchan->zn_private = p;
6379 zevtchan->zn_callback = func;
6380 zevtchan->zn_state = ZN_UNLOCKED;
6381 zevtchan->zn_failed = B_FALSE;
6382
6383 if (pthread_mutex_init(&(zevtchan->zn_mutex), NULL))
6384 goto out3;
6385 if (pthread_cond_init(&(zevtchan->zn_cond), NULL)) {
6386 (void) pthread_mutex_destroy(&(zevtchan->zn_mutex));
6387 goto out3;
6388 }
6389 if (pthread_mutex_init(&(zevtchan->zn_bigmutex), NULL)) {
6390 (void) pthread_mutex_destroy(&(zevtchan->zn_mutex));
6391 (void) pthread_cond_destroy(&(zevtchan->zn_cond));
6392 goto out3;
6393 }
6394
6395 if (sysevent_evc_bind(ZONE_EVENT_CHANNEL, &(zevtchan->zn_eventchan),
6396 0) != 0)
6397 goto out2;
6398
6399 do {
6400 /*
6401 * At 4 digits the subscriber ID gets too long and we have
6402 * no chance of successfully registering.
6403 */
6404 if (i > 999)
6405 goto out1;
6406
6407 (void) sprintf(zevtchan->zn_subscriber_id, "zone_%li_%i",
6408 getpid() % 999999l, i);
6409
6410 r = sysevent_evc_subscribe(zevtchan->zn_eventchan,
6411 zevtchan->zn_subscriber_id, ZONE_EVENT_STATUS_CLASS, zn_cb,
6412 zevtchan, 0);
6413
6414 i++;
6415
6416 } while (r);
6417
6418 return (zevtchan);
6419 out1:
6420 (void) sysevent_evc_unbind(zevtchan->zn_eventchan);
6421 out2:
6422 (void) pthread_mutex_destroy(&zevtchan->zn_mutex);
6423 (void) pthread_cond_destroy(&zevtchan->zn_cond);
6424 (void) pthread_mutex_destroy(&(zevtchan->zn_bigmutex));
6425 out3:
6426 free(zevtchan);
6427
6428 return (NULL);
6429 }
6430
6431 void
zonecfg_notify_unbind(void * handle)6432 zonecfg_notify_unbind(void *handle)
6433 {
6434
6435 int ret;
6436
6437 (void) sysevent_evc_unbind(((struct znotify *)handle)->zn_eventchan);
6438 /*
6439 * Check that all evc threads have gone away. This should be
6440 * enforced by sysevent_evc_unbind.
6441 */
6442 ret = pthread_mutex_trylock(&((struct znotify *)handle)->zn_mutex);
6443
6444 if (ret)
6445 abort();
6446
6447 (void) pthread_mutex_unlock(&((struct znotify *)handle)->zn_mutex);
6448 (void) pthread_mutex_destroy(&((struct znotify *)handle)->zn_mutex);
6449 (void) pthread_cond_destroy(&((struct znotify *)handle)->zn_cond);
6450 (void) pthread_mutex_destroy(&((struct znotify *)handle)->zn_bigmutex);
6451
6452 free(handle);
6453 }
6454
6455 static int
zonecfg_add_ds_core(zone_dochandle_t handle,struct zone_dstab * tabptr)6456 zonecfg_add_ds_core(zone_dochandle_t handle, struct zone_dstab *tabptr)
6457 {
6458 xmlNodePtr newnode, cur = handle->zone_dh_cur;
6459 int err;
6460
6461 newnode = xmlNewTextChild(cur, NULL, DTD_ELEM_DATASET, NULL);
6462 if ((err = newprop(newnode, DTD_ATTR_NAME,
6463 tabptr->zone_dataset_name)) != Z_OK)
6464 return (err);
6465 return (Z_OK);
6466 }
6467
6468 int
zonecfg_add_ds(zone_dochandle_t handle,struct zone_dstab * tabptr)6469 zonecfg_add_ds(zone_dochandle_t handle, struct zone_dstab *tabptr)
6470 {
6471 int err;
6472
6473 if (tabptr == NULL)
6474 return (Z_INVAL);
6475
6476 if ((err = operation_prep(handle)) != Z_OK)
6477 return (err);
6478
6479 if ((err = zonecfg_add_ds_core(handle, tabptr)) != Z_OK)
6480 return (err);
6481
6482 return (Z_OK);
6483 }
6484
6485 static int
zonecfg_delete_ds_core(zone_dochandle_t handle,struct zone_dstab * tabptr)6486 zonecfg_delete_ds_core(zone_dochandle_t handle, struct zone_dstab *tabptr)
6487 {
6488 xmlNodePtr cur = handle->zone_dh_cur;
6489
6490 for (cur = cur->xmlChildrenNode; cur != NULL; cur = cur->next) {
6491 if (xmlStrcmp(cur->name, DTD_ELEM_DATASET))
6492 continue;
6493
6494 if (match_prop(cur, DTD_ATTR_NAME,
6495 tabptr->zone_dataset_name)) {
6496 xmlUnlinkNode(cur);
6497 xmlFreeNode(cur);
6498 return (Z_OK);
6499 }
6500 }
6501 return (Z_NO_RESOURCE_ID);
6502 }
6503
6504 int
zonecfg_delete_ds(zone_dochandle_t handle,struct zone_dstab * tabptr)6505 zonecfg_delete_ds(zone_dochandle_t handle, struct zone_dstab *tabptr)
6506 {
6507 int err;
6508
6509 if (tabptr == NULL)
6510 return (Z_INVAL);
6511
6512 if ((err = operation_prep(handle)) != Z_OK)
6513 return (err);
6514
6515 if ((err = zonecfg_delete_ds_core(handle, tabptr)) != Z_OK)
6516 return (err);
6517
6518 return (Z_OK);
6519 }
6520
6521 int
zonecfg_modify_ds(zone_dochandle_t handle,struct zone_dstab * oldtabptr,struct zone_dstab * newtabptr)6522 zonecfg_modify_ds(
6523 zone_dochandle_t handle,
6524 struct zone_dstab *oldtabptr,
6525 struct zone_dstab *newtabptr)
6526 {
6527 int err;
6528
6529 if (oldtabptr == NULL || newtabptr == NULL)
6530 return (Z_INVAL);
6531
6532 if ((err = operation_prep(handle)) != Z_OK)
6533 return (err);
6534
6535 if ((err = zonecfg_delete_ds_core(handle, oldtabptr)) != Z_OK)
6536 return (err);
6537
6538 if ((err = zonecfg_add_ds_core(handle, newtabptr)) != Z_OK)
6539 return (err);
6540
6541 return (Z_OK);
6542 }
6543
6544 int
zonecfg_lookup_ds(zone_dochandle_t handle,struct zone_dstab * tabptr)6545 zonecfg_lookup_ds(zone_dochandle_t handle, struct zone_dstab *tabptr)
6546 {
6547 xmlNodePtr cur, firstmatch;
6548 int err;
6549 char dataset[MAXNAMELEN];
6550
6551 if (tabptr == NULL)
6552 return (Z_INVAL);
6553
6554 if ((err = operation_prep(handle)) != Z_OK)
6555 return (err);
6556
6557 cur = handle->zone_dh_cur;
6558 firstmatch = NULL;
6559 for (cur = cur->xmlChildrenNode; cur != NULL; cur = cur->next) {
6560 if (xmlStrcmp(cur->name, DTD_ELEM_DATASET))
6561 continue;
6562 if (strlen(tabptr->zone_dataset_name) > 0) {
6563 if ((fetchprop(cur, DTD_ATTR_NAME, dataset,
6564 sizeof (dataset)) == Z_OK) &&
6565 (strcmp(tabptr->zone_dataset_name,
6566 dataset) == 0)) {
6567 if (firstmatch == NULL)
6568 firstmatch = cur;
6569 else
6570 return (Z_INSUFFICIENT_SPEC);
6571 }
6572 }
6573 }
6574 if (firstmatch == NULL)
6575 return (Z_NO_RESOURCE_ID);
6576
6577 cur = firstmatch;
6578
6579 if ((err = fetchprop(cur, DTD_ATTR_NAME, tabptr->zone_dataset_name,
6580 sizeof (tabptr->zone_dataset_name))) != Z_OK)
6581 return (err);
6582
6583 return (Z_OK);
6584 }
6585
6586 int
zonecfg_setdsent(zone_dochandle_t handle)6587 zonecfg_setdsent(zone_dochandle_t handle)
6588 {
6589 return (zonecfg_setent(handle));
6590 }
6591
6592 int
zonecfg_getdsent(zone_dochandle_t handle,struct zone_dstab * tabptr)6593 zonecfg_getdsent(zone_dochandle_t handle, struct zone_dstab *tabptr)
6594 {
6595 xmlNodePtr cur;
6596 int err;
6597
6598 if (handle == NULL)
6599 return (Z_INVAL);
6600
6601 if ((cur = handle->zone_dh_cur) == NULL)
6602 return (Z_NO_ENTRY);
6603
6604 for (; cur != NULL; cur = cur->next)
6605 if (!xmlStrcmp(cur->name, DTD_ELEM_DATASET))
6606 break;
6607 if (cur == NULL) {
6608 handle->zone_dh_cur = handle->zone_dh_top;
6609 return (Z_NO_ENTRY);
6610 }
6611
6612 if ((err = fetchprop(cur, DTD_ATTR_NAME, tabptr->zone_dataset_name,
6613 sizeof (tabptr->zone_dataset_name))) != Z_OK) {
6614 handle->zone_dh_cur = handle->zone_dh_top;
6615 return (err);
6616 }
6617
6618 handle->zone_dh_cur = cur->next;
6619 return (Z_OK);
6620 }
6621
6622 int
zonecfg_enddsent(zone_dochandle_t handle)6623 zonecfg_enddsent(zone_dochandle_t handle)
6624 {
6625 return (zonecfg_endent(handle));
6626 }
6627
6628 /*
6629 * Support for aliased rctls; that is, rctls that have simplified names in
6630 * zonecfg. For example, max-lwps is an alias for a well defined zone.max-lwps
6631 * rctl. If there are multiple existing values for one of these rctls or if
6632 * there is a single value that does not match the well defined template (i.e.
6633 * it has a different action) then we cannot treat the rctl as having an alias
6634 * so we return Z_ALIAS_DISALLOW. That means that the rctl cannot be
6635 * managed in zonecfg via an alias and that the standard rctl syntax must be
6636 * used.
6637 *
6638 * The possible return values are:
6639 * Z_NO_PROPERTY_ID - invalid alias name
6640 * Z_ALIAS_DISALLOW - pre-existing, incompatible rctl definition
6641 * Z_NO_ENTRY - no rctl is configured for this alias
6642 * Z_OK - we got a valid rctl for the specified alias
6643 */
6644 int
zonecfg_get_aliased_rctl(zone_dochandle_t handle,char * name,uint64_t * rval)6645 zonecfg_get_aliased_rctl(zone_dochandle_t handle, char *name, uint64_t *rval)
6646 {
6647 boolean_t found = B_FALSE;
6648 boolean_t found_val = B_FALSE;
6649 xmlNodePtr cur, val;
6650 char savedname[MAXNAMELEN];
6651 struct zone_rctlvaltab rctl;
6652 int i;
6653 int err;
6654
6655 for (i = 0; aliases[i].shortname != NULL; i++)
6656 if (strcmp(name, aliases[i].shortname) == 0)
6657 break;
6658
6659 if (aliases[i].shortname == NULL)
6660 return (Z_NO_PROPERTY_ID);
6661
6662 if ((err = operation_prep(handle)) != Z_OK)
6663 return (err);
6664
6665 cur = handle->zone_dh_cur;
6666 for (cur = cur->xmlChildrenNode; cur != NULL; cur = cur->next) {
6667 if (xmlStrcmp(cur->name, DTD_ELEM_RCTL) != 0)
6668 continue;
6669 if ((fetchprop(cur, DTD_ATTR_NAME, savedname,
6670 sizeof (savedname)) == Z_OK) &&
6671 (strcmp(savedname, aliases[i].realname) == 0)) {
6672
6673 /*
6674 * If we already saw one of these, we can't have an
6675 * alias since we just found another.
6676 */
6677 if (found)
6678 return (Z_ALIAS_DISALLOW);
6679 found = B_TRUE;
6680
6681 for (val = cur->xmlChildrenNode; val != NULL;
6682 val = val->next) {
6683 /*
6684 * If we already have one value, we can't have
6685 * an alias since we just found another.
6686 */
6687 if (found_val)
6688 return (Z_ALIAS_DISALLOW);
6689 found_val = B_TRUE;
6690
6691 if ((fetchprop(val, DTD_ATTR_PRIV,
6692 rctl.zone_rctlval_priv,
6693 sizeof (rctl.zone_rctlval_priv)) != Z_OK))
6694 break;
6695 if ((fetchprop(val, DTD_ATTR_LIMIT,
6696 rctl.zone_rctlval_limit,
6697 sizeof (rctl.zone_rctlval_limit)) != Z_OK))
6698 break;
6699 if ((fetchprop(val, DTD_ATTR_ACTION,
6700 rctl.zone_rctlval_action,
6701 sizeof (rctl.zone_rctlval_action)) != Z_OK))
6702 break;
6703 }
6704
6705 /* check priv and action match the expected vals */
6706 if (strcmp(rctl.zone_rctlval_priv,
6707 aliases[i].priv) != 0 ||
6708 strcmp(rctl.zone_rctlval_action,
6709 aliases[i].action) != 0)
6710 return (Z_ALIAS_DISALLOW);
6711 }
6712 }
6713
6714 if (found) {
6715 *rval = strtoull(rctl.zone_rctlval_limit, NULL, 10);
6716 return (Z_OK);
6717 }
6718
6719 return (Z_NO_ENTRY);
6720 }
6721
6722 int
zonecfg_rm_aliased_rctl(zone_dochandle_t handle,char * name)6723 zonecfg_rm_aliased_rctl(zone_dochandle_t handle, char *name)
6724 {
6725 int i;
6726 uint64_t val;
6727 struct zone_rctltab rctltab;
6728
6729 /*
6730 * First check that we have a valid aliased rctl to remove.
6731 * This will catch an rctl entry with non-standard values or
6732 * multiple rctl values for this name. We need to ignore those
6733 * rctl entries.
6734 */
6735 if (zonecfg_get_aliased_rctl(handle, name, &val) != Z_OK)
6736 return (Z_OK);
6737
6738 for (i = 0; aliases[i].shortname != NULL; i++)
6739 if (strcmp(name, aliases[i].shortname) == 0)
6740 break;
6741
6742 if (aliases[i].shortname == NULL)
6743 return (Z_NO_RESOURCE_ID);
6744
6745 (void) strlcpy(rctltab.zone_rctl_name, aliases[i].realname,
6746 sizeof (rctltab.zone_rctl_name));
6747
6748 return (zonecfg_delete_rctl(handle, &rctltab));
6749 }
6750
6751 boolean_t
zonecfg_aliased_rctl_ok(zone_dochandle_t handle,char * name)6752 zonecfg_aliased_rctl_ok(zone_dochandle_t handle, char *name)
6753 {
6754 uint64_t tmp_val;
6755
6756 switch (zonecfg_get_aliased_rctl(handle, name, &tmp_val)) {
6757 case Z_OK:
6758 /*FALLTHRU*/
6759 case Z_NO_ENTRY:
6760 return (B_TRUE);
6761 default:
6762 return (B_FALSE);
6763 }
6764 }
6765
6766 int
zonecfg_set_aliased_rctl(zone_dochandle_t handle,char * name,uint64_t val)6767 zonecfg_set_aliased_rctl(zone_dochandle_t handle, char *name, uint64_t val)
6768 {
6769 int i;
6770 int err;
6771 struct zone_rctltab rctltab;
6772 struct zone_rctlvaltab *rctlvaltab;
6773 char buf[128];
6774
6775 if (!zonecfg_aliased_rctl_ok(handle, name))
6776 return (Z_ALIAS_DISALLOW);
6777
6778 for (i = 0; aliases[i].shortname != NULL; i++)
6779 if (strcmp(name, aliases[i].shortname) == 0)
6780 break;
6781
6782 if (aliases[i].shortname == NULL)
6783 return (Z_NO_RESOURCE_ID);
6784
6785 /* remove any pre-existing definition for this rctl */
6786 (void) zonecfg_rm_aliased_rctl(handle, name);
6787
6788 (void) strlcpy(rctltab.zone_rctl_name, aliases[i].realname,
6789 sizeof (rctltab.zone_rctl_name));
6790
6791 rctltab.zone_rctl_valptr = NULL;
6792
6793 if ((rctlvaltab = calloc(1, sizeof (struct zone_rctlvaltab))) == NULL)
6794 return (Z_NOMEM);
6795
6796 (void) snprintf(buf, sizeof (buf), "%llu", (long long)val);
6797
6798 (void) strlcpy(rctlvaltab->zone_rctlval_priv, aliases[i].priv,
6799 sizeof (rctlvaltab->zone_rctlval_priv));
6800 (void) strlcpy(rctlvaltab->zone_rctlval_limit, buf,
6801 sizeof (rctlvaltab->zone_rctlval_limit));
6802 (void) strlcpy(rctlvaltab->zone_rctlval_action, aliases[i].action,
6803 sizeof (rctlvaltab->zone_rctlval_action));
6804
6805 rctlvaltab->zone_rctlval_next = NULL;
6806
6807 if ((err = zonecfg_add_rctl_value(&rctltab, rctlvaltab)) != Z_OK)
6808 return (err);
6809
6810 return (zonecfg_add_rctl(handle, &rctltab));
6811 }
6812
6813 static int
delete_tmp_pool(zone_dochandle_t handle)6814 delete_tmp_pool(zone_dochandle_t handle)
6815 {
6816 int err;
6817 xmlNodePtr cur = handle->zone_dh_cur;
6818
6819 if ((err = operation_prep(handle)) != Z_OK)
6820 return (err);
6821
6822 for (cur = cur->xmlChildrenNode; cur != NULL; cur = cur->next) {
6823 if (xmlStrcmp(cur->name, DTD_ELEM_TMPPOOL) == 0) {
6824 xmlUnlinkNode(cur);
6825 xmlFreeNode(cur);
6826 return (Z_OK);
6827 }
6828 }
6829
6830 return (Z_NO_RESOURCE_ID);
6831 }
6832
6833 static int
modify_tmp_pool(zone_dochandle_t handle,char * pool_importance)6834 modify_tmp_pool(zone_dochandle_t handle, char *pool_importance)
6835 {
6836 int err;
6837 xmlNodePtr cur = handle->zone_dh_cur;
6838 xmlNodePtr newnode;
6839
6840 err = delete_tmp_pool(handle);
6841 if (err != Z_OK && err != Z_NO_RESOURCE_ID)
6842 return (err);
6843
6844 if (*pool_importance != '\0') {
6845 if ((err = operation_prep(handle)) != Z_OK)
6846 return (err);
6847
6848 newnode = xmlNewTextChild(cur, NULL, DTD_ELEM_TMPPOOL, NULL);
6849 if ((err = newprop(newnode, DTD_ATTR_IMPORTANCE,
6850 pool_importance)) != Z_OK)
6851 return (err);
6852 }
6853
6854 return (Z_OK);
6855 }
6856
6857 static int
add_pset_core(zone_dochandle_t handle,struct zone_psettab * tabptr)6858 add_pset_core(zone_dochandle_t handle, struct zone_psettab *tabptr)
6859 {
6860 xmlNodePtr newnode, cur = handle->zone_dh_cur;
6861 int err;
6862
6863 newnode = xmlNewTextChild(cur, NULL, DTD_ELEM_PSET, NULL);
6864 if ((err = newprop(newnode, DTD_ATTR_NCPU_MIN,
6865 tabptr->zone_ncpu_min)) != Z_OK)
6866 return (err);
6867 if ((err = newprop(newnode, DTD_ATTR_NCPU_MAX,
6868 tabptr->zone_ncpu_max)) != Z_OK)
6869 return (err);
6870
6871 if ((err = modify_tmp_pool(handle, tabptr->zone_importance)) != Z_OK)
6872 return (err);
6873
6874 return (Z_OK);
6875 }
6876
6877 int
zonecfg_add_pset(zone_dochandle_t handle,struct zone_psettab * tabptr)6878 zonecfg_add_pset(zone_dochandle_t handle, struct zone_psettab *tabptr)
6879 {
6880 int err;
6881
6882 if (tabptr == NULL)
6883 return (Z_INVAL);
6884
6885 if ((err = operation_prep(handle)) != Z_OK)
6886 return (err);
6887
6888 if ((err = add_pset_core(handle, tabptr)) != Z_OK)
6889 return (err);
6890
6891 return (Z_OK);
6892 }
6893
6894 int
zonecfg_delete_pset(zone_dochandle_t handle)6895 zonecfg_delete_pset(zone_dochandle_t handle)
6896 {
6897 int err;
6898 int res = Z_NO_RESOURCE_ID;
6899 xmlNodePtr cur = handle->zone_dh_cur;
6900
6901 if ((err = operation_prep(handle)) != Z_OK)
6902 return (err);
6903
6904 for (cur = cur->xmlChildrenNode; cur != NULL; cur = cur->next) {
6905 if (xmlStrcmp(cur->name, DTD_ELEM_PSET) == 0) {
6906 xmlUnlinkNode(cur);
6907 xmlFreeNode(cur);
6908 res = Z_OK;
6909 break;
6910 }
6911 }
6912
6913 /*
6914 * Once we have msets, we should check that a mset
6915 * do not exist before we delete the tmp_pool data.
6916 */
6917 err = delete_tmp_pool(handle);
6918 if (err != Z_OK && err != Z_NO_RESOURCE_ID)
6919 return (err);
6920
6921 return (res);
6922 }
6923
6924 int
zonecfg_modify_pset(zone_dochandle_t handle,struct zone_psettab * tabptr)6925 zonecfg_modify_pset(zone_dochandle_t handle, struct zone_psettab *tabptr)
6926 {
6927 int err;
6928
6929 if (tabptr == NULL)
6930 return (Z_INVAL);
6931
6932 if ((err = zonecfg_delete_pset(handle)) != Z_OK)
6933 return (err);
6934
6935 if ((err = add_pset_core(handle, tabptr)) != Z_OK)
6936 return (err);
6937
6938 return (Z_OK);
6939 }
6940
6941 int
zonecfg_lookup_pset(zone_dochandle_t handle,struct zone_psettab * tabptr)6942 zonecfg_lookup_pset(zone_dochandle_t handle, struct zone_psettab *tabptr)
6943 {
6944 xmlNodePtr cur;
6945 int err;
6946 int res = Z_NO_ENTRY;
6947
6948 if (tabptr == NULL)
6949 return (Z_INVAL);
6950
6951 if ((err = operation_prep(handle)) != Z_OK)
6952 return (err);
6953
6954 /* this is an optional component */
6955 tabptr->zone_importance[0] = '\0';
6956
6957 cur = handle->zone_dh_cur;
6958 for (cur = cur->xmlChildrenNode; cur != NULL; cur = cur->next) {
6959 if (xmlStrcmp(cur->name, DTD_ELEM_PSET) == 0) {
6960 if ((err = fetchprop(cur, DTD_ATTR_NCPU_MIN,
6961 tabptr->zone_ncpu_min,
6962 sizeof (tabptr->zone_ncpu_min))) != Z_OK) {
6963 handle->zone_dh_cur = handle->zone_dh_top;
6964 return (err);
6965 }
6966
6967 if ((err = fetchprop(cur, DTD_ATTR_NCPU_MAX,
6968 tabptr->zone_ncpu_max,
6969 sizeof (tabptr->zone_ncpu_max))) != Z_OK) {
6970 handle->zone_dh_cur = handle->zone_dh_top;
6971 return (err);
6972 }
6973
6974 res = Z_OK;
6975
6976 } else if (xmlStrcmp(cur->name, DTD_ELEM_TMPPOOL) == 0) {
6977 if ((err = fetchprop(cur, DTD_ATTR_IMPORTANCE,
6978 tabptr->zone_importance,
6979 sizeof (tabptr->zone_importance))) != Z_OK) {
6980 handle->zone_dh_cur = handle->zone_dh_top;
6981 return (err);
6982 }
6983 }
6984 }
6985
6986 return (res);
6987 }
6988
6989 int
zonecfg_getpsetent(zone_dochandle_t handle,struct zone_psettab * tabptr)6990 zonecfg_getpsetent(zone_dochandle_t handle, struct zone_psettab *tabptr)
6991 {
6992 int err;
6993
6994 if ((err = zonecfg_setent(handle)) != Z_OK)
6995 return (err);
6996
6997 err = zonecfg_lookup_pset(handle, tabptr);
6998
6999 (void) zonecfg_endent(handle);
7000
7001 return (err);
7002 }
7003
7004 static int
add_mcap(zone_dochandle_t handle,struct zone_mcaptab * tabptr)7005 add_mcap(zone_dochandle_t handle, struct zone_mcaptab *tabptr)
7006 {
7007 xmlNodePtr newnode, cur = handle->zone_dh_cur;
7008 int err;
7009
7010 newnode = xmlNewTextChild(cur, NULL, DTD_ELEM_MCAP, NULL);
7011 if ((err = newprop(newnode, DTD_ATTR_PHYSCAP, tabptr->zone_physmem_cap))
7012 != Z_OK)
7013 return (err);
7014
7015 return (Z_OK);
7016 }
7017
7018 int
zonecfg_delete_mcap(zone_dochandle_t handle)7019 zonecfg_delete_mcap(zone_dochandle_t handle)
7020 {
7021 int err;
7022 xmlNodePtr cur = handle->zone_dh_cur;
7023
7024 if ((err = operation_prep(handle)) != Z_OK)
7025 return (err);
7026
7027 for (cur = cur->xmlChildrenNode; cur != NULL; cur = cur->next) {
7028 if (xmlStrcmp(cur->name, DTD_ELEM_MCAP) != 0)
7029 continue;
7030
7031 xmlUnlinkNode(cur);
7032 xmlFreeNode(cur);
7033 return (Z_OK);
7034 }
7035 return (Z_NO_RESOURCE_ID);
7036 }
7037
7038 int
zonecfg_modify_mcap(zone_dochandle_t handle,struct zone_mcaptab * tabptr)7039 zonecfg_modify_mcap(zone_dochandle_t handle, struct zone_mcaptab *tabptr)
7040 {
7041 int err;
7042
7043 if (tabptr == NULL)
7044 return (Z_INVAL);
7045
7046 err = zonecfg_delete_mcap(handle);
7047 /* it is ok if there is no mcap entry */
7048 if (err != Z_OK && err != Z_NO_RESOURCE_ID)
7049 return (err);
7050
7051 if ((err = add_mcap(handle, tabptr)) != Z_OK)
7052 return (err);
7053
7054 return (Z_OK);
7055 }
7056
7057 int
zonecfg_lookup_mcap(zone_dochandle_t handle,struct zone_mcaptab * tabptr)7058 zonecfg_lookup_mcap(zone_dochandle_t handle, struct zone_mcaptab *tabptr)
7059 {
7060 xmlNodePtr cur;
7061 int err;
7062
7063 if (tabptr == NULL)
7064 return (Z_INVAL);
7065
7066 if ((err = operation_prep(handle)) != Z_OK)
7067 return (err);
7068
7069 cur = handle->zone_dh_cur;
7070 for (cur = cur->xmlChildrenNode; cur != NULL; cur = cur->next) {
7071 if (xmlStrcmp(cur->name, DTD_ELEM_MCAP) != 0)
7072 continue;
7073 if ((err = fetchprop(cur, DTD_ATTR_PHYSCAP,
7074 tabptr->zone_physmem_cap,
7075 sizeof (tabptr->zone_physmem_cap))) != Z_OK) {
7076 handle->zone_dh_cur = handle->zone_dh_top;
7077 return (err);
7078 }
7079
7080 return (Z_OK);
7081 }
7082
7083 return (Z_NO_ENTRY);
7084 }
7085
7086 int
zonecfg_getsecflagsent(zone_dochandle_t handle,struct zone_secflagstab * tabptr)7087 zonecfg_getsecflagsent(zone_dochandle_t handle,
7088 struct zone_secflagstab *tabptr)
7089 {
7090 int err;
7091 xmlNodePtr cur;
7092
7093 if (handle == NULL)
7094 return (Z_INVAL);
7095
7096 if ((err = zonecfg_setent(handle)) != Z_OK)
7097 return (err);
7098
7099
7100 if ((cur = handle->zone_dh_cur) == NULL)
7101 return (Z_NO_ENTRY);
7102
7103 for (; cur != NULL; cur = cur->next) {
7104 if (xmlStrcmp(cur->name, DTD_ELEM_SECFLAGS) == 0)
7105 break;
7106 }
7107
7108 if (cur == NULL) {
7109 handle->zone_dh_cur = handle->zone_dh_top;
7110 return (Z_NO_ENTRY);
7111 }
7112
7113 if ((err = fetchprop(cur, DTD_ATTR_DEFAULT,
7114 tabptr->zone_secflags_default,
7115 sizeof (tabptr->zone_secflags_default))) != Z_OK) {
7116 handle->zone_dh_cur = handle->zone_dh_top;
7117 return (err);
7118 }
7119
7120 if ((err = fetchprop(cur, DTD_ATTR_LOWER,
7121 tabptr->zone_secflags_lower,
7122 sizeof (tabptr->zone_secflags_lower))) != Z_OK) {
7123 handle->zone_dh_cur = handle->zone_dh_top;
7124 return (err);
7125 }
7126
7127 if ((err = fetchprop(cur, DTD_ATTR_UPPER,
7128 tabptr->zone_secflags_upper,
7129 sizeof (tabptr->zone_secflags_upper))) != Z_OK) {
7130 handle->zone_dh_cur = handle->zone_dh_top;
7131 return (err);
7132 }
7133
7134 handle->zone_dh_cur = cur->next;
7135
7136 (void) zonecfg_endent(handle);
7137
7138 return (err);
7139 }
7140
7141 static int
getmcapent_core(zone_dochandle_t handle,struct zone_mcaptab * tabptr)7142 getmcapent_core(zone_dochandle_t handle, struct zone_mcaptab *tabptr)
7143 {
7144 xmlNodePtr cur;
7145 int err;
7146
7147 if (handle == NULL)
7148 return (Z_INVAL);
7149
7150 if ((cur = handle->zone_dh_cur) == NULL)
7151 return (Z_NO_ENTRY);
7152
7153 for (; cur != NULL; cur = cur->next)
7154 if (xmlStrcmp(cur->name, DTD_ELEM_MCAP) == 0)
7155 break;
7156 if (cur == NULL) {
7157 handle->zone_dh_cur = handle->zone_dh_top;
7158 return (Z_NO_ENTRY);
7159 }
7160
7161 if ((err = fetchprop(cur, DTD_ATTR_PHYSCAP, tabptr->zone_physmem_cap,
7162 sizeof (tabptr->zone_physmem_cap))) != Z_OK) {
7163 handle->zone_dh_cur = handle->zone_dh_top;
7164 return (err);
7165 }
7166
7167 handle->zone_dh_cur = cur->next;
7168 return (Z_OK);
7169 }
7170
7171 int
zonecfg_getmcapent(zone_dochandle_t handle,struct zone_mcaptab * tabptr)7172 zonecfg_getmcapent(zone_dochandle_t handle, struct zone_mcaptab *tabptr)
7173 {
7174 int err;
7175
7176 if ((err = zonecfg_setent(handle)) != Z_OK)
7177 return (err);
7178
7179 err = getmcapent_core(handle, tabptr);
7180
7181 (void) zonecfg_endent(handle);
7182
7183 return (err);
7184 }
7185
7186 /*
7187 * Get the full tree of pkg metadata in a set of nested AVL trees.
7188 * pkgs_avl is an AVL tree of pkgs.
7189 *
7190 * The zone xml data contains DTD_ELEM_PACKAGE elements.
7191 */
7192 int
zonecfg_getpkgdata(zone_dochandle_t handle,uu_avl_pool_t * pkg_pool,uu_avl_t * pkgs_avl)7193 zonecfg_getpkgdata(zone_dochandle_t handle, uu_avl_pool_t *pkg_pool,
7194 uu_avl_t *pkgs_avl)
7195 {
7196 xmlNodePtr cur;
7197 int res;
7198 zone_pkg_entry_t *pkg;
7199 char name[MAXNAMELEN];
7200 char version[ZONE_PKG_VERSMAX];
7201
7202 if (handle == NULL)
7203 return (Z_INVAL);
7204
7205 if ((res = zonecfg_setent(handle)) != Z_OK)
7206 return (res);
7207
7208 if ((cur = handle->zone_dh_cur) == NULL) {
7209 res = Z_NO_ENTRY;
7210 goto done;
7211 }
7212
7213 for (; cur != NULL; cur = cur->next) {
7214 if (xmlStrcmp(cur->name, DTD_ELEM_PACKAGE) == 0) {
7215 uu_avl_index_t where;
7216
7217 if ((res = fetchprop(cur, DTD_ATTR_NAME, name,
7218 sizeof (name))) != Z_OK)
7219 goto done;
7220
7221 if ((res = fetchprop(cur, DTD_ATTR_VERSION, version,
7222 sizeof (version))) != Z_OK)
7223 goto done;
7224
7225 if ((pkg = (zone_pkg_entry_t *)
7226 malloc(sizeof (zone_pkg_entry_t))) == NULL) {
7227 res = Z_NOMEM;
7228 goto done;
7229 }
7230
7231 if ((pkg->zpe_name = strdup(name)) == NULL) {
7232 free(pkg);
7233 res = Z_NOMEM;
7234 goto done;
7235 }
7236
7237 if ((pkg->zpe_vers = strdup(version)) == NULL) {
7238 free(pkg->zpe_name);
7239 free(pkg);
7240 res = Z_NOMEM;
7241 goto done;
7242 }
7243
7244 uu_avl_node_init(pkg, &pkg->zpe_entry, pkg_pool);
7245 if (uu_avl_find(pkgs_avl, pkg, NULL, &where) != NULL) {
7246 free(pkg->zpe_name);
7247 free(pkg->zpe_vers);
7248 free(pkg);
7249 } else {
7250 uu_avl_insert(pkgs_avl, pkg, where);
7251 }
7252 }
7253 }
7254
7255 done:
7256 (void) zonecfg_endent(handle);
7257 return (res);
7258 }
7259
7260 int
zonecfg_setdevperment(zone_dochandle_t handle)7261 zonecfg_setdevperment(zone_dochandle_t handle)
7262 {
7263 return (zonecfg_setent(handle));
7264 }
7265
7266 int
zonecfg_getdevperment(zone_dochandle_t handle,struct zone_devpermtab * tabptr)7267 zonecfg_getdevperment(zone_dochandle_t handle, struct zone_devpermtab *tabptr)
7268 {
7269 xmlNodePtr cur;
7270 int err;
7271 char buf[128];
7272
7273 tabptr->zone_devperm_acl = NULL;
7274
7275 if (handle == NULL)
7276 return (Z_INVAL);
7277
7278 if ((cur = handle->zone_dh_cur) == NULL)
7279 return (Z_NO_ENTRY);
7280
7281 for (; cur != NULL; cur = cur->next)
7282 if (!xmlStrcmp(cur->name, DTD_ELEM_DEV_PERM))
7283 break;
7284 if (cur == NULL) {
7285 handle->zone_dh_cur = handle->zone_dh_top;
7286 return (Z_NO_ENTRY);
7287 }
7288
7289 if ((err = fetchprop(cur, DTD_ATTR_NAME, tabptr->zone_devperm_name,
7290 sizeof (tabptr->zone_devperm_name))) != Z_OK) {
7291 handle->zone_dh_cur = handle->zone_dh_top;
7292 return (err);
7293 }
7294
7295 if ((err = fetchprop(cur, DTD_ATTR_UID, buf, sizeof (buf))) != Z_OK) {
7296 handle->zone_dh_cur = handle->zone_dh_top;
7297 return (err);
7298 }
7299 tabptr->zone_devperm_uid = (uid_t)atol(buf);
7300
7301 if ((err = fetchprop(cur, DTD_ATTR_GID, buf, sizeof (buf))) != Z_OK) {
7302 handle->zone_dh_cur = handle->zone_dh_top;
7303 return (err);
7304 }
7305 tabptr->zone_devperm_gid = (gid_t)atol(buf);
7306
7307 if ((err = fetchprop(cur, DTD_ATTR_MODE, buf, sizeof (buf))) != Z_OK) {
7308 handle->zone_dh_cur = handle->zone_dh_top;
7309 return (err);
7310 }
7311 tabptr->zone_devperm_mode = (mode_t)strtol(buf, (char **)NULL, 8);
7312
7313 if ((err = fetch_alloc_prop(cur, DTD_ATTR_ACL,
7314 &(tabptr->zone_devperm_acl))) != Z_OK) {
7315 handle->zone_dh_cur = handle->zone_dh_top;
7316 return (err);
7317 }
7318
7319 handle->zone_dh_cur = cur->next;
7320 return (Z_OK);
7321 }
7322
7323 int
zonecfg_enddevperment(zone_dochandle_t handle)7324 zonecfg_enddevperment(zone_dochandle_t handle)
7325 {
7326 return (zonecfg_endent(handle));
7327 }
7328
7329 /* PRINTFLIKE1 */
7330 static void
zerror(const char * zone_name,const char * fmt,...)7331 zerror(const char *zone_name, const char *fmt, ...)
7332 {
7333 va_list alist;
7334
7335 va_start(alist, fmt);
7336 (void) fprintf(stderr, "zone '%s': ", zone_name);
7337 (void) vfprintf(stderr, fmt, alist);
7338 (void) fprintf(stderr, "\n");
7339 va_end(alist);
7340 }
7341
7342 static void
zperror(const char * str)7343 zperror(const char *str)
7344 {
7345 (void) fprintf(stderr, "%s: %s\n", str, strerror(errno));
7346 }
7347
7348 /*
7349 * The following three routines implement a simple locking mechanism to
7350 * ensure that only one instance of zoneadm at a time is able to manipulate
7351 * a given zone. The lock is built on top of an fcntl(2) lock of
7352 * [<altroot>]/var/run/zones/<zonename>.zoneadm.lock. If a zoneadm instance
7353 * can grab that lock, it is allowed to manipulate the zone.
7354 *
7355 * Since zoneadm may call external applications which in turn invoke
7356 * zoneadm again, we introduce the notion of "lock inheritance". Any
7357 * instance of zoneadm that has another instance in its ancestry is assumed
7358 * to be acting on behalf of the original zoneadm, and is thus allowed to
7359 * manipulate its zone.
7360 *
7361 * This inheritance is implemented via the _ZONEADM_LOCK_HELD environment
7362 * variable. When zoneadm is granted a lock on its zone, this environment
7363 * variable is set to 1. When it releases the lock, the variable is set to
7364 * 0. Since a child process inherits its parent's environment, checking
7365 * the state of this variable indicates whether or not any ancestor owns
7366 * the lock.
7367 */
7368 void
zonecfg_init_lock_file(const char * zone_name,char ** lock_env)7369 zonecfg_init_lock_file(const char *zone_name, char **lock_env)
7370 {
7371 *lock_env = getenv(LOCK_ENV_VAR);
7372 if (*lock_env == NULL) {
7373 if (putenv(zoneadm_lock_not_held) != 0) {
7374 zerror(zone_name, gettext("could not set env: %s"),
7375 strerror(errno));
7376 exit(1);
7377 }
7378 } else {
7379 if (atoi(*lock_env) == 1)
7380 zone_lock_cnt = 1;
7381 }
7382 }
7383
7384 void
zonecfg_release_lock_file(const char * zone_name,int lockfd)7385 zonecfg_release_lock_file(const char *zone_name, int lockfd)
7386 {
7387 /*
7388 * If we are cleaning up from a failed attempt to lock the zone for
7389 * the first time, we might have a zone_lock_cnt of 0. In that
7390 * error case, we don't want to do anything but close the lock
7391 * file.
7392 */
7393 assert(zone_lock_cnt >= 0);
7394 if (zone_lock_cnt > 0) {
7395 assert(getenv(LOCK_ENV_VAR) != NULL);
7396 assert(atoi(getenv(LOCK_ENV_VAR)) == 1);
7397 if (--zone_lock_cnt > 0) {
7398 assert(lockfd == -1);
7399 return;
7400 }
7401 if (putenv(zoneadm_lock_not_held) != 0) {
7402 zerror(zone_name, gettext("could not set env: %s"),
7403 strerror(errno));
7404 exit(1);
7405 }
7406 }
7407 assert(lockfd >= 0);
7408 (void) close(lockfd);
7409 }
7410
7411 int
zonecfg_grab_lock_file(const char * zone_name,int * lockfd)7412 zonecfg_grab_lock_file(const char *zone_name, int *lockfd)
7413 {
7414 char pathbuf[PATH_MAX];
7415 struct flock flock;
7416
7417 /*
7418 * If we already have the lock, we can skip this expensive song
7419 * and dance.
7420 */
7421 assert(zone_lock_cnt >= 0);
7422 assert(getenv(LOCK_ENV_VAR) != NULL);
7423 if (zone_lock_cnt > 0) {
7424 assert(atoi(getenv(LOCK_ENV_VAR)) == 1);
7425 zone_lock_cnt++;
7426 *lockfd = -1;
7427 return (Z_OK);
7428 }
7429 assert(getenv(LOCK_ENV_VAR) != NULL);
7430 assert(atoi(getenv(LOCK_ENV_VAR)) == 0);
7431
7432 if (snprintf(pathbuf, sizeof (pathbuf), "%s%s", zonecfg_get_root(),
7433 ZONES_TMPDIR) >= sizeof (pathbuf)) {
7434 zerror(zone_name, gettext("alternate root path is too long"));
7435 return (-1);
7436 }
7437 if (mkdir(pathbuf, S_IRWXU) < 0 && errno != EEXIST) {
7438 zerror(zone_name, gettext("could not mkdir %s: %s"), pathbuf,
7439 strerror(errno));
7440 return (-1);
7441 }
7442 (void) chmod(pathbuf, S_IRWXU);
7443
7444 /*
7445 * One of these lock files is created for each zone (when needed).
7446 * The lock files are not cleaned up (except on system reboot),
7447 * but since there is only one per zone, there is no resource
7448 * starvation issue.
7449 */
7450 if (snprintf(pathbuf, sizeof (pathbuf), "%s%s/%s.zoneadm.lock",
7451 zonecfg_get_root(), ZONES_TMPDIR, zone_name) >= sizeof (pathbuf)) {
7452 zerror(zone_name, gettext("alternate root path is too long"));
7453 return (-1);
7454 }
7455 if ((*lockfd = open(pathbuf, O_RDWR|O_CREAT, S_IRUSR|S_IWUSR)) < 0) {
7456 zerror(zone_name, gettext("could not open %s: %s"), pathbuf,
7457 strerror(errno));
7458 return (-1);
7459 }
7460 /*
7461 * Lock the file to synchronize with other zoneadmds
7462 */
7463 flock.l_type = F_WRLCK;
7464 flock.l_whence = SEEK_SET;
7465 flock.l_start = (off_t)0;
7466 flock.l_len = (off_t)0;
7467 if ((fcntl(*lockfd, F_SETLKW, &flock) < 0) ||
7468 (putenv(zoneadm_lock_held) != 0)) {
7469 zerror(zone_name, gettext("unable to lock %s: %s"), pathbuf,
7470 strerror(errno));
7471 zonecfg_release_lock_file(zone_name, *lockfd);
7472 return (-1);
7473 }
7474 zone_lock_cnt = 1;
7475 return (Z_OK);
7476 }
7477
7478 boolean_t
zonecfg_lock_file_held(int * lockfd)7479 zonecfg_lock_file_held(int *lockfd)
7480 {
7481 if (*lockfd >= 0 || zone_lock_cnt > 0)
7482 return (B_TRUE);
7483 return (B_FALSE);
7484 }
7485
7486 static boolean_t
get_doorname(const char * zone_name,char * buffer)7487 get_doorname(const char *zone_name, char *buffer)
7488 {
7489 return (snprintf(buffer, PATH_MAX, "%s" ZONE_DOOR_PATH,
7490 zonecfg_get_root(), zone_name) < PATH_MAX);
7491 }
7492
7493 /*
7494 * system daemons are not audited. For the global zone, this occurs
7495 * "naturally" since init is started with the default audit
7496 * characteristics. Since zoneadmd is a system daemon and it starts
7497 * init for a zone, it is necessary to clear out the audit
7498 * characteristics inherited from whomever started zoneadmd. This is
7499 * indicated by the audit id, which is set from the ruid parameter of
7500 * adt_set_user(), below.
7501 */
7502
7503 static void
prepare_audit_context(const char * zone_name)7504 prepare_audit_context(const char *zone_name)
7505 {
7506 adt_session_data_t *ah;
7507 char *failure = gettext("audit failure: %s");
7508
7509 if (adt_start_session(&ah, NULL, 0)) {
7510 zerror(zone_name, failure, strerror(errno));
7511 return;
7512 }
7513 if (adt_set_user(ah, ADT_NO_AUDIT, ADT_NO_AUDIT,
7514 ADT_NO_AUDIT, ADT_NO_AUDIT, NULL, ADT_NEW)) {
7515 zerror(zone_name, failure, strerror(errno));
7516 (void) adt_end_session(ah);
7517 return;
7518 }
7519 if (adt_set_proc(ah))
7520 zerror(zone_name, failure, strerror(errno));
7521
7522 (void) adt_end_session(ah);
7523 }
7524
7525 static const char **
get_zoneadmd_envp(void)7526 get_zoneadmd_envp(void)
7527 {
7528 const char **envp = NULL;
7529 size_t envlen;
7530 size_t envslot = 0;
7531 const char *tok;
7532 void *dstate = NULL;
7533
7534 /*
7535 * This initial array size is enough to hold the two variables
7536 * set below, up to five additional entries from /etc/default/init,
7537 * and the NULL terminator. /etc/default/init commonly includes only
7538 * TZ, LANG and LC_ALL. The array will be grown if necessary by
7539 * doubling the size whenever it is full.
7540 */
7541 envlen = 8;
7542
7543 if ((envp = recallocarray(NULL, 0, envlen, sizeof (char *))) == NULL)
7544 return (NULL);
7545
7546 /*
7547 * See the comment above zonecfg_init_lock_file() for details on the
7548 * implementation of the locking mechanism.
7549 * zoneadmd is started with an inherited lock, indicated by the
7550 * environment variable being set. Once the starting zoneadm exits,
7551 * zoneadmd may persist and will continue to believe that it has the
7552 * lock. This is okay as long as the only things that connect to the
7553 * zoneadmd door and cause it to do work that requires a lock have
7554 * grabbed the lock in advance, which zoneadm does in all cases today.
7555 */
7556 envp[envslot++] = zoneadm_lock_held;
7557
7558 if (asprintf((char **)&tok, "PATH=%s", ZONEADMD_PATH) == -1) {
7559 free(envp);
7560 return (NULL);
7561 }
7562 envp[envslot++] = tok;
7563
7564 if (definit_open(DEFINIT_DEFAULT_FILE, &dstate) != 0) {
7565 if (errno == ENOENT) {
7566 /*
7567 * If the configuration file does not exist, return the
7568 * environment populated so far (with PATH and the
7569 * zoneadm lock).
7570 */
7571 envp[envslot] = NULL;
7572 return (envp);
7573 }
7574 goto err;
7575 }
7576
7577 while ((tok = definit_token(dstate)) != NULL) {
7578
7579 if (strncmp(tok, "CMASK=", 6) == 0) {
7580 long t;
7581
7582 t = strtol(tok + 6, NULL, 8);
7583
7584 if (t >= DEFINIT_MIN_UMASK && t <= DEFINIT_MAX_UMASK)
7585 (void) umask((int)t);
7586 continue;
7587 }
7588
7589 /*
7590 * Always ensure there is space for a terminating
7591 * NULL in addition to the new entry being added.
7592 */
7593 if (envslot + 2 >= envlen) {
7594 const char **newenvp;
7595
7596 newenvp = recallocarray(envp, envlen, envlen * 2,
7597 sizeof (char *));
7598 if (newenvp == NULL)
7599 goto err;
7600 envp = newenvp;
7601 envlen *= 2;
7602 }
7603
7604 envp[envslot] = strdup(tok);
7605 if (envp[envslot] == NULL)
7606 goto err;
7607 envslot++;
7608 }
7609
7610 definit_close(dstate);
7611 envp[envslot] = NULL;
7612 return (envp);
7613
7614 err:
7615 if (dstate != NULL)
7616 definit_close(dstate);
7617
7618 /*
7619 * The first slot in envp is 'zoneadm_lock_held' and should not be
7620 * freed.
7621 */
7622 while (--envslot > 0)
7623 free((void *)envp[envslot]);
7624 free(envp);
7625
7626 return (NULL);
7627 }
7628
7629 static int
start_zoneadmd(const char * zone_name,boolean_t lock)7630 start_zoneadmd(const char *zone_name, boolean_t lock)
7631 {
7632 char doorpath[PATH_MAX];
7633 pid_t child_pid;
7634 int error = -1;
7635 int doorfd, lockfd;
7636 struct door_info info;
7637
7638 if (!get_doorname(zone_name, doorpath))
7639 return (-1);
7640
7641 if (lock)
7642 if (zonecfg_grab_lock_file(zone_name, &lockfd) != Z_OK)
7643 return (-1);
7644
7645 /*
7646 * Now that we have the lock, re-confirm that the daemon is
7647 * *not* up and working fine. If it is still down, we have a green
7648 * light to start it.
7649 */
7650 if ((doorfd = open(doorpath, O_RDONLY)) < 0) {
7651 if (errno != ENOENT) {
7652 zperror(doorpath);
7653 goto out;
7654 }
7655 } else {
7656 if (door_info(doorfd, &info) == 0 &&
7657 ((info.di_attributes & DOOR_REVOKED) == 0)) {
7658 error = Z_OK;
7659 (void) close(doorfd);
7660 goto out;
7661 }
7662 (void) close(doorfd);
7663 }
7664
7665 if ((child_pid = fork()) == -1) {
7666 zperror(gettext("could not fork"));
7667 goto out;
7668 }
7669
7670 if (child_pid == 0) {
7671 const char *argv[6], **ap;
7672 const char **envp;
7673
7674 /* child process */
7675 prepare_audit_context(zone_name);
7676
7677 ap = argv;
7678 *ap++ = "zoneadmd";
7679 *ap++ = "-z";
7680 *ap++ = zone_name;
7681 if (zonecfg_in_alt_root()) {
7682 *ap++ = "-R";
7683 *ap++ = zonecfg_get_root();
7684 }
7685 *ap = NULL;
7686
7687 envp = get_zoneadmd_envp();
7688 if (envp == NULL) {
7689 zperror(gettext(
7690 "could not build environment for zoneadmd"));
7691 _exit(1);
7692 }
7693
7694 (void) execve("/usr/lib/zones/zoneadmd",
7695 (char * const *)argv, (char * const *)envp);
7696 /*
7697 * TRANSLATION_NOTE
7698 * zoneadmd is a literal that should not be translated.
7699 */
7700 zperror(gettext("could not exec zoneadmd"));
7701 _exit(1);
7702 } else {
7703 /* parent process */
7704 pid_t retval;
7705 int pstatus = 0;
7706
7707 do {
7708 retval = waitpid(child_pid, &pstatus, 0);
7709 } while (retval != child_pid);
7710 if (WIFSIGNALED(pstatus) || (WIFEXITED(pstatus) &&
7711 WEXITSTATUS(pstatus) != 0)) {
7712 zerror(zone_name, gettext("could not start %s"),
7713 "zoneadmd");
7714 goto out;
7715 }
7716 }
7717 error = Z_OK;
7718 out:
7719 if (lock)
7720 zonecfg_release_lock_file(zone_name, lockfd);
7721 return (error);
7722 }
7723
7724 int
zonecfg_ping_zoneadmd(const char * zone_name)7725 zonecfg_ping_zoneadmd(const char *zone_name)
7726 {
7727 char doorpath[PATH_MAX];
7728 int doorfd;
7729 struct door_info info;
7730
7731 if (!get_doorname(zone_name, doorpath))
7732 return (-1);
7733
7734 if ((doorfd = open(doorpath, O_RDONLY)) < 0) {
7735 return (-1);
7736 }
7737 if (door_info(doorfd, &info) == 0 &&
7738 ((info.di_attributes & DOOR_REVOKED) == 0)) {
7739 (void) close(doorfd);
7740 return (Z_OK);
7741 }
7742 (void) close(doorfd);
7743 return (-1);
7744 }
7745
7746 int
zonecfg_call_zoneadmd(const char * zone_name,zone_cmd_arg_t * arg,char * locale,boolean_t lock)7747 zonecfg_call_zoneadmd(const char *zone_name, zone_cmd_arg_t *arg, char *locale,
7748 boolean_t lock)
7749 {
7750 char doorpath[PATH_MAX];
7751 int doorfd, result;
7752 door_arg_t darg;
7753
7754 zoneid_t zoneid;
7755 uint64_t uniqid = 0;
7756
7757 zone_cmd_rval_t *rvalp;
7758 size_t rlen;
7759 char *cp, *errbuf;
7760
7761 rlen = getpagesize();
7762 if ((rvalp = malloc(rlen)) == NULL) {
7763 zerror(zone_name, gettext("failed to allocate %lu bytes: %s"),
7764 rlen, strerror(errno));
7765 return (-1);
7766 }
7767
7768 if ((zoneid = getzoneidbyname(zone_name)) != ZONE_ID_UNDEFINED) {
7769 (void) zone_getattr(zoneid, ZONE_ATTR_UNIQID, &uniqid,
7770 sizeof (uniqid));
7771 }
7772 arg->uniqid = uniqid;
7773 (void) strlcpy(arg->locale, locale, sizeof (arg->locale));
7774 if (!get_doorname(zone_name, doorpath)) {
7775 zerror(zone_name, gettext("alternate root path is too long"));
7776 free(rvalp);
7777 return (-1);
7778 }
7779
7780 /*
7781 * Loop trying to start zoneadmd; if something goes seriously
7782 * wrong we break out and fail.
7783 */
7784 for (;;) {
7785 if (start_zoneadmd(zone_name, lock) != Z_OK)
7786 break;
7787
7788 if ((doorfd = open(doorpath, O_RDONLY)) < 0) {
7789 zperror(gettext("failed to open zone door"));
7790 break;
7791 }
7792
7793 darg.data_ptr = (char *)arg;
7794 darg.data_size = sizeof (*arg);
7795 darg.desc_ptr = NULL;
7796 darg.desc_num = 0;
7797 darg.rbuf = (char *)rvalp;
7798 darg.rsize = rlen;
7799 if (door_call(doorfd, &darg) != 0) {
7800 (void) close(doorfd);
7801 /*
7802 * We'll get EBADF if the door has been revoked.
7803 */
7804 if (errno != EBADF) {
7805 zperror(gettext("door_call failed"));
7806 break;
7807 }
7808 continue; /* take another lap */
7809 }
7810 (void) close(doorfd);
7811
7812 if (darg.data_size == 0) {
7813 /* Door server is going away; kick it again. */
7814 continue;
7815 }
7816
7817 errbuf = rvalp->errbuf;
7818 while (*errbuf != '\0') {
7819 /*
7820 * Remove any newlines since zerror()
7821 * will append one automatically.
7822 */
7823 cp = strchr(errbuf, '\n');
7824 if (cp != NULL)
7825 *cp = '\0';
7826 zerror(zone_name, "%s", errbuf);
7827 if (cp == NULL)
7828 break;
7829 errbuf = cp + 1;
7830 }
7831 result = rvalp->rval == 0 ? 0 : -1;
7832 free(rvalp);
7833 return (result);
7834 }
7835
7836 free(rvalp);
7837 return (-1);
7838 }
7839
7840 boolean_t
zonecfg_valid_auths(const char * auths,const char * zonename)7841 zonecfg_valid_auths(const char *auths, const char *zonename)
7842 {
7843 char *right;
7844 char *tmpauths;
7845 char *lasts;
7846 char authname[MAXAUTHS];
7847 boolean_t status = B_TRUE;
7848
7849 tmpauths = strdup(auths);
7850 if (tmpauths == NULL) {
7851 zerror(zonename, gettext("Out of memory"));
7852 return (B_FALSE);
7853 }
7854 right = strtok_r(tmpauths, ",", &lasts);
7855 while (right != NULL) {
7856 (void) snprintf(authname, MAXAUTHS, "%s%s",
7857 ZONE_AUTH_PREFIX, right);
7858 if (getauthnam(authname) == NULL) {
7859 status = B_FALSE;
7860 zerror(zonename,
7861 gettext("'%s' is not a valid authorization"),
7862 right);
7863 }
7864 right = strtok_r(NULL, ",", &lasts);
7865 }
7866 free(tmpauths);
7867 return (status);
7868 }
7869
7870 int
zonecfg_delete_admins(zone_dochandle_t handle,char * zonename)7871 zonecfg_delete_admins(zone_dochandle_t handle, char *zonename)
7872 {
7873 int err;
7874 struct zone_admintab admintab;
7875 boolean_t changed = B_FALSE;
7876
7877 if ((err = zonecfg_setadminent(handle)) != Z_OK) {
7878 return (err);
7879 }
7880 while (zonecfg_getadminent(handle, &admintab) == Z_OK) {
7881 err = zonecfg_delete_admin(handle, &admintab,
7882 zonename);
7883 if (err != Z_OK) {
7884 (void) zonecfg_endadminent(handle);
7885 return (err);
7886 } else {
7887 changed = B_TRUE;
7888 }
7889 if ((err = zonecfg_setadminent(handle)) != Z_OK) {
7890 return (err);
7891 }
7892 }
7893 (void) zonecfg_endadminent(handle);
7894 return (changed? Z_OK:Z_NO_ENTRY);
7895 }
7896
7897 /*
7898 * Checks if a long authorization applies to this zone.
7899 * If so, it returns true, after destructively stripping
7900 * the authorization of its prefix and zone suffix.
7901 */
7902 static boolean_t
is_zone_auth(char ** auth,char * zonename,char * oldzonename)7903 is_zone_auth(char **auth, char *zonename, char *oldzonename)
7904 {
7905 char *suffix;
7906 size_t offset;
7907
7908 offset = strlen(ZONE_AUTH_PREFIX);
7909 if ((strncmp(*auth, ZONE_AUTH_PREFIX, offset) == 0) &&
7910 ((suffix = strchr(*auth, '/')) != NULL)) {
7911 if (strcmp(suffix + 1, zonename) == 0) {
7912 *auth += offset;
7913 suffix[0] = '\0';
7914 return (B_TRUE);
7915 } else if ((oldzonename != NULL) &&
7916 (strcmp(suffix + 1, oldzonename) == 0)) {
7917 *auth += offset;
7918 suffix[0] = '\0';
7919 return (B_TRUE);
7920 }
7921 }
7922 return (B_FALSE);
7923 }
7924
7925 /*
7926 * This function determines whether the zone-specific authorization
7927 * assignments in /etc/user_attr have been changed more recently
7928 * than the equivalent data stored in the zone's configuration file.
7929 * This should only happen if the zone-specific authorizations in
7930 * the user_attr file were modified using a tool other than zonecfg.
7931 * If the configuration file is out-of-date with respect to these
7932 * authorization assignments, it is updated to match those specified
7933 * in /etc/user_attr.
7934 */
7935
7936 int
zonecfg_update_userauths(zone_dochandle_t handle,char * zonename)7937 zonecfg_update_userauths(zone_dochandle_t handle, char *zonename)
7938 {
7939 userattr_t *ua_ptr;
7940 char *authlist;
7941 char *lasts;
7942 FILE *uaf;
7943 struct zone_admintab admintab;
7944 struct stat config_st, ua_st;
7945 char config_file[MAXPATHLEN];
7946 boolean_t changed = B_FALSE;
7947 int err;
7948
7949 if ((uaf = fopen(USERATTR_FILENAME, "r")) == NULL) {
7950 zerror(zonename, gettext("could not open file %s: %s"),
7951 USERATTR_FILENAME, strerror(errno));
7952 if (errno == EACCES)
7953 return (Z_ACCES);
7954 if (errno == ENOENT)
7955 return (Z_NO_ZONE);
7956 return (Z_MISC_FS);
7957 }
7958 if ((err = fstat(fileno(uaf), &ua_st)) != 0) {
7959 zerror(zonename, gettext("could not stat file %s: %s"),
7960 USERATTR_FILENAME, strerror(errno));
7961 (void) fclose(uaf);
7962 return (Z_MISC_FS);
7963 }
7964 if (!config_file_path(zonename, config_file)) {
7965 (void) fclose(uaf);
7966 return (Z_MISC_FS);
7967 }
7968
7969 if ((err = stat(config_file, &config_st)) != 0) {
7970 zerror(zonename, gettext("could not stat file %s: %s"),
7971 config_file, strerror(errno));
7972 (void) fclose(uaf);
7973 return (Z_MISC_FS);
7974 }
7975 if (config_st.st_mtime >= ua_st.st_mtime) {
7976 (void) fclose(uaf);
7977 return (Z_NO_ENTRY);
7978 }
7979 if ((err = zonecfg_delete_admins(handle, zonename)) == Z_OK) {
7980 changed = B_TRUE;
7981 } else if (err != Z_NO_ENTRY) {
7982 (void) fclose(uaf);
7983 return (err);
7984 }
7985 while ((ua_ptr = fgetuserattr(uaf)) != NULL) {
7986 if (ua_ptr->name[0] == '#') {
7987 continue;
7988 }
7989 authlist = kva_match(ua_ptr->attr, USERATTR_AUTHS_KW);
7990 if (authlist != NULL) {
7991 char *cur_auth;
7992 boolean_t first;
7993
7994 first = B_TRUE;
7995 bzero(&admintab.zone_admin_auths, MAXAUTHS);
7996 cur_auth = strtok_r(authlist, ",", &lasts);
7997 while (cur_auth != NULL) {
7998 if (is_zone_auth(&cur_auth, zonename,
7999 NULL)) {
8000 /*
8001 * Add auths for this zone
8002 */
8003 if (first) {
8004 first = B_FALSE;
8005 } else {
8006 (void) strlcat(
8007 admintab.zone_admin_auths,
8008 ",", MAXAUTHS);
8009 }
8010 (void) strlcat(
8011 admintab.zone_admin_auths,
8012 cur_auth, MAXAUTHS);
8013 }
8014 cur_auth = strtok_r(NULL, ",", &lasts);
8015 }
8016 if (!first) {
8017 /*
8018 * Add this right to config file
8019 */
8020 (void) strlcpy(admintab.zone_admin_user,
8021 ua_ptr->name,
8022 sizeof (admintab.zone_admin_user));
8023 err = zonecfg_add_admin(handle,
8024 &admintab, zonename);
8025 if (err != Z_OK) {
8026 (void) fclose(uaf);
8027 return (err);
8028 } else {
8029 changed = B_TRUE;
8030 }
8031 }
8032 }
8033 } /* end-of-while-loop */
8034 (void) fclose(uaf);
8035 return (changed? Z_OK: Z_NO_ENTRY);
8036 }
8037
8038 static void
update_profiles(char * rbac_profs,boolean_t add)8039 update_profiles(char *rbac_profs, boolean_t add)
8040 {
8041 char new_profs[MAXPROFS];
8042 char *cur_prof;
8043 boolean_t first = B_TRUE;
8044 boolean_t found = B_FALSE;
8045 char *lasts;
8046
8047 cur_prof = strtok_r(rbac_profs, ",", &lasts);
8048 while (cur_prof != NULL) {
8049 if (strcmp(cur_prof, ZONE_MGMT_PROF) == 0) {
8050 found = B_TRUE;
8051 if (!add) {
8052 cur_prof = strtok_r(NULL, ",", &lasts);
8053 continue;
8054 }
8055 }
8056 if (first) {
8057 first = B_FALSE;
8058 } else {
8059 (void) strlcat(new_profs, ",",
8060 MAXPROFS);
8061 }
8062 (void) strlcat(new_profs, cur_prof,
8063 MAXPROFS);
8064 cur_prof = strtok_r(NULL, ",", &lasts);
8065 }
8066 /*
8067 * Now prepend the Zone Management profile at the beginning
8068 * of the list if it is needed, and append the rest.
8069 * Return the updated list in the original buffer.
8070 */
8071 if (add && !found) {
8072 first = B_FALSE;
8073 (void) strlcpy(rbac_profs, ZONE_MGMT_PROF, MAXPROFS);
8074 } else {
8075 first = B_TRUE;
8076 rbac_profs[0] = '\0';
8077 }
8078 if (strlen(new_profs) > 0) {
8079 if (!first)
8080 (void) strlcat(rbac_profs, ",", MAXPROFS);
8081 (void) strlcat(rbac_profs, new_profs, MAXPROFS);
8082 }
8083 }
8084
8085 #define MAX_CMD_LEN 1024
8086
8087 static int
do_subproc(char * zonename,char * cmdbuf)8088 do_subproc(char *zonename, char *cmdbuf)
8089 {
8090 char inbuf[MAX_CMD_LEN];
8091 FILE *file;
8092 int status;
8093
8094 file = popen(cmdbuf, "r");
8095 if (file == NULL) {
8096 zerror(zonename, gettext("Could not launch: %s"), cmdbuf);
8097 return (-1);
8098 }
8099
8100 while (fgets(inbuf, sizeof (inbuf), file) != NULL)
8101 (void) fprintf(stderr, "%s", inbuf);
8102 status = pclose(file);
8103
8104 if (WIFSIGNALED(status)) {
8105 zerror(zonename, gettext("%s unexpectedly terminated "
8106 "due to signal %d"),
8107 cmdbuf, WTERMSIG(status));
8108 return (-1);
8109 }
8110 assert(WIFEXITED(status));
8111 return (WEXITSTATUS(status));
8112 }
8113
8114 /*
8115 * This function updates the local /etc/user_attr file to
8116 * correspond to the admin settings that are currently being
8117 * committed. The updates are done via usermod and/or rolemod
8118 * depending on the type of the specified user. It is also
8119 * invoked to remove entries from user_attr corresponding to
8120 * removed admin assignments, using an empty auths string.
8121 *
8122 * Because the removed entries are no longer included in the
8123 * cofiguration that is being committed, a linked list of
8124 * removed admin entries is maintained to keep track of such
8125 * transactions. The head of the list is stored in the zone_dh_userauths
8126 * element of the handle strcture.
8127 */
8128 static int
zonecfg_authorize_user_impl(zone_dochandle_t handle,char * user,char * auths,char * zonename)8129 zonecfg_authorize_user_impl(zone_dochandle_t handle, char *user,
8130 char *auths, char *zonename)
8131 {
8132 char *right;
8133 char old_auths[MAXAUTHS];
8134 char new_auths[MAXAUTHS];
8135 char rbac_profs[MAXPROFS];
8136 char *lasts;
8137 userattr_t *u;
8138 boolean_t first = B_TRUE;
8139 boolean_t is_zone_admin = B_FALSE;
8140 char user_cmd[] = "/usr/sbin/usermod";
8141 char role_cmd[] = "/usr/sbin/rolemod";
8142 char *auths_cmd = user_cmd; /* either usermod or rolemod */
8143 char *new_auth_start; /* string containing the new auths */
8144 int new_auth_cnt = 0; /* delta of changed authorizations */
8145
8146 /*
8147 * First get the existing authorizations for this user
8148 */
8149
8150 bzero(&old_auths, sizeof (old_auths));
8151 bzero(&new_auths, sizeof (new_auths));
8152 bzero(&rbac_profs, sizeof (rbac_profs));
8153 if ((u = getusernam(user)) != NULL) {
8154 char *current_auths;
8155 char *current_profs;
8156 char *type;
8157
8158 type = kva_match(u->attr, USERATTR_TYPE_KW);
8159 if (type != NULL) {
8160 if (strcmp(type, USERATTR_TYPE_NONADMIN_KW) == 0)
8161 auths_cmd = role_cmd;
8162 }
8163
8164 current_auths = kva_match(u->attr, USERATTR_AUTHS_KW);
8165 if (current_auths != NULL) {
8166 char *cur_auth;
8167 char *delete_name;
8168 size_t offset;
8169
8170 offset = strlen(ZONE_AUTH_PREFIX);
8171
8172 (void) strlcpy(old_auths, current_auths, MAXAUTHS);
8173 cur_auth = strtok_r(current_auths, ",", &lasts);
8174
8175 /*
8176 * Next, remove any existing authorizations
8177 * for this zone, and determine if the
8178 * user still needs the Zone Management Profile.
8179 */
8180 if (is_renaming(handle))
8181 delete_name = handle->zone_dh_delete_name;
8182 else
8183 delete_name = NULL;
8184 while (cur_auth != NULL) {
8185 if (!is_zone_auth(&cur_auth, zonename,
8186 delete_name)) {
8187 if (first) {
8188 first = B_FALSE;
8189 } else {
8190 (void) strlcat(new_auths, ",",
8191 MAXAUTHS);
8192 }
8193 (void) strlcat(new_auths, cur_auth,
8194 MAXAUTHS);
8195 /*
8196 * If the user has authorizations
8197 * for other zones, then set a
8198 * flag indicate that the Zone
8199 * Management profile should be
8200 * preserved in user_attr.
8201 */
8202 if (strncmp(cur_auth,
8203 ZONE_AUTH_PREFIX, offset) == 0)
8204 is_zone_admin = B_TRUE;
8205 } else {
8206 new_auth_cnt++;
8207 }
8208 cur_auth = strtok_r(NULL, ",", &lasts);
8209 }
8210 }
8211 current_profs = kva_match(u->attr, USERATTR_PROFILES_KW);
8212 if (current_profs != NULL) {
8213 (void) strlcpy(rbac_profs, current_profs, MAXPROFS);
8214 }
8215 free_userattr(u);
8216 }
8217 /*
8218 * The following is done to avoid revisiting the
8219 * user_attr entry for this user
8220 */
8221 (void) zonecfg_remove_userauths(handle, user, "", B_FALSE);
8222
8223 /*
8224 * Convert each right into a properly formatted authorization
8225 */
8226 new_auth_start = new_auths + strlen(new_auths);
8227 if (!first)
8228 new_auth_start++;
8229 right = strtok_r(auths, ",", &lasts);
8230 while (right != NULL) {
8231 char auth[MAXAUTHS];
8232
8233 (void) snprintf(auth, MAXAUTHS, "%s%s/%s",
8234 ZONE_AUTH_PREFIX, right, zonename);
8235 if (first) {
8236 first = B_FALSE;
8237 } else {
8238 (void) strlcat(new_auths, ",", MAXAUTHS);
8239 }
8240 (void) strlcat(new_auths, auth, MAXAUTHS);
8241 is_zone_admin = B_TRUE;
8242 new_auth_cnt--;
8243 right = strtok_r(NULL, ",", &lasts);
8244 }
8245
8246 /*
8247 * Need to update the authorizations in user_attr unless
8248 * the number of old and new authorizations is unchanged
8249 * and the new auths are a substrings of the old auths.
8250 *
8251 * If the user's previous authorizations have changed
8252 * execute the usermod progam to update them in user_attr.
8253 */
8254 if ((new_auth_cnt != 0) ||
8255 (strstr(old_auths, new_auth_start) == NULL)) {
8256 char *cmdbuf;
8257 size_t cmd_len;
8258
8259 update_profiles(rbac_profs, is_zone_admin);
8260 cmd_len = snprintf(NULL, 0, "%s -A \"%s\" -P \"%s\" %s",
8261 auths_cmd, new_auths, rbac_profs, user) + 1;
8262 if ((cmdbuf = malloc(cmd_len)) == NULL) {
8263 return (Z_NOMEM);
8264 }
8265 (void) snprintf(cmdbuf, cmd_len, "%s -A \"%s\" -P \"%s\" %s",
8266 auths_cmd, new_auths, rbac_profs, user);
8267 if (do_subproc(zonename, cmdbuf) != 0) {
8268 free(cmdbuf);
8269 return (Z_SYSTEM);
8270 }
8271 free(cmdbuf);
8272 }
8273
8274 return (Z_OK);
8275 }
8276
8277 int
zonecfg_authorize_users(zone_dochandle_t handle,char * zonename)8278 zonecfg_authorize_users(zone_dochandle_t handle, char *zonename)
8279 {
8280 xmlNodePtr cur;
8281 int err;
8282 char user[MAXUSERNAME];
8283 char auths[MAXAUTHS];
8284
8285 if ((err = operation_prep(handle)) != Z_OK)
8286 return (err);
8287
8288 cur = handle->zone_dh_cur;
8289 for (cur = cur->xmlChildrenNode; cur != NULL; cur = cur->next) {
8290 if (xmlStrcmp(cur->name, DTD_ELEM_ADMIN))
8291 continue;
8292 if (fetchprop(cur, DTD_ATTR_USER, user,
8293 sizeof (user)) != Z_OK)
8294 continue;
8295 if (fetchprop(cur, DTD_ATTR_AUTHS, auths,
8296 sizeof (auths)) != Z_OK)
8297 continue;
8298 if (zonecfg_authorize_user_impl(handle, user, auths, zonename)
8299 != Z_OK)
8300 return (Z_SYSTEM);
8301 }
8302 (void) zonecfg_remove_userauths(handle, "", "", B_TRUE);
8303
8304 return (Z_OK);
8305 }
8306
8307 int
zonecfg_deauthorize_user(zone_dochandle_t handle,char * user,char * zonename)8308 zonecfg_deauthorize_user(zone_dochandle_t handle, char *user, char *zonename)
8309 {
8310 return (zonecfg_authorize_user_impl(handle, user, "", zonename));
8311 }
8312
8313 int
zonecfg_deauthorize_users(zone_dochandle_t handle,char * zonename)8314 zonecfg_deauthorize_users(zone_dochandle_t handle, char *zonename)
8315 {
8316 xmlNodePtr cur;
8317 int err;
8318 char user[MAXUSERNAME];
8319
8320 if ((err = operation_prep(handle)) != Z_OK)
8321 return (err);
8322
8323 cur = handle->zone_dh_cur;
8324 for (cur = cur->xmlChildrenNode; cur != NULL; cur = cur->next) {
8325 if (xmlStrcmp(cur->name, DTD_ELEM_ADMIN))
8326 continue;
8327 if (fetchprop(cur, DTD_ATTR_USER, user,
8328 sizeof (user)) != Z_OK)
8329 continue;
8330 if ((err = zonecfg_deauthorize_user(handle, user,
8331 zonename)) != Z_OK)
8332 return (err);
8333 }
8334 return (Z_OK);
8335 }
8336
8337 int
zonecfg_insert_userauths(zone_dochandle_t handle,char * user,char * zonename)8338 zonecfg_insert_userauths(zone_dochandle_t handle, char *user, char *zonename)
8339 {
8340 zone_userauths_t *new, **prev, *next;
8341
8342 prev = &handle->zone_dh_userauths;
8343 next = *prev;
8344 while (next) {
8345 if ((strncmp(next->user, user, MAXUSERNAME) == 0) &&
8346 (strncmp(next->zonename, zonename,
8347 ZONENAME_MAX) == 0)) {
8348 /*
8349 * user is already in list
8350 * which isn't supposed to happen!
8351 */
8352 return (Z_OK);
8353 }
8354 prev = &next->next;
8355 next = *prev;
8356 }
8357 new = (zone_userauths_t *)malloc(sizeof (zone_userauths_t));
8358 if (new == NULL)
8359 return (Z_NOMEM);
8360
8361 (void) strlcpy(new->user, user, sizeof (new->user));
8362 (void) strlcpy(new->zonename, zonename, sizeof (new->zonename));
8363 new->next = NULL;
8364 *prev = new;
8365 return (Z_OK);
8366 }
8367
8368 int
zonecfg_remove_userauths(zone_dochandle_t handle,char * user,char * zonename,boolean_t deauthorize)8369 zonecfg_remove_userauths(zone_dochandle_t handle, char *user, char *zonename,
8370 boolean_t deauthorize)
8371 {
8372 zone_userauths_t *new, **prev, *next;
8373
8374 prev = &handle->zone_dh_userauths;
8375 next = *prev;
8376
8377 while (next) {
8378 if ((strlen(user) == 0 ||
8379 strncmp(next->user, user, MAXUSERNAME) == 0) &&
8380 (strlen(zonename) == 0 ||
8381 (strncmp(next->zonename, zonename, ZONENAME_MAX) == 0))) {
8382 new = next;
8383 *prev = next->next;
8384 next = *prev;
8385 if (deauthorize)
8386 (void) zonecfg_deauthorize_user(handle,
8387 new->user, new->zonename);
8388 free(new);
8389 continue;
8390 }
8391 prev = &next->next;
8392 next = *prev;
8393 }
8394 return (Z_OK);
8395 }
8396