xref: /illumos-gate/usr/src/lib/libzfs/common/libzfs_dataset.c (revision 3cf6f95f0e20ed31de99608fdb0a120190d5438f)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 
22 /*
23  * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
24  * Use is subject to license terms.
25  */
26 
27 #pragma ident	"%Z%%M%	%I%	%E% SMI"
28 
29 #include <assert.h>
30 #include <ctype.h>
31 #include <errno.h>
32 #include <libdevinfo.h>
33 #include <libintl.h>
34 #include <math.h>
35 #include <stdio.h>
36 #include <stdlib.h>
37 #include <strings.h>
38 #include <unistd.h>
39 #include <stddef.h>
40 #include <zone.h>
41 #include <fcntl.h>
42 #include <sys/mntent.h>
43 #include <sys/mnttab.h>
44 #include <sys/mount.h>
45 #include <sys/avl.h>
46 #include <priv.h>
47 #include <pwd.h>
48 #include <grp.h>
49 #include <stddef.h>
50 #include <ucred.h>
51 
52 #include <sys/spa.h>
53 #include <sys/zap.h>
54 #include <libzfs.h>
55 
56 #include "zfs_namecheck.h"
57 #include "zfs_prop.h"
58 #include "libzfs_impl.h"
59 #include "zfs_deleg.h"
60 
61 static int zvol_create_link_common(libzfs_handle_t *, const char *, int);
62 
63 /*
64  * Given a single type (not a mask of types), return the type in a human
65  * readable form.
66  */
67 const char *
68 zfs_type_to_name(zfs_type_t type)
69 {
70 	switch (type) {
71 	case ZFS_TYPE_FILESYSTEM:
72 		return (dgettext(TEXT_DOMAIN, "filesystem"));
73 	case ZFS_TYPE_SNAPSHOT:
74 		return (dgettext(TEXT_DOMAIN, "snapshot"));
75 	case ZFS_TYPE_VOLUME:
76 		return (dgettext(TEXT_DOMAIN, "volume"));
77 	}
78 
79 	return (NULL);
80 }
81 
82 /*
83  * Given a path and mask of ZFS types, return a string describing this dataset.
84  * This is used when we fail to open a dataset and we cannot get an exact type.
85  * We guess what the type would have been based on the path and the mask of
86  * acceptable types.
87  */
88 static const char *
89 path_to_str(const char *path, int types)
90 {
91 	/*
92 	 * When given a single type, always report the exact type.
93 	 */
94 	if (types == ZFS_TYPE_SNAPSHOT)
95 		return (dgettext(TEXT_DOMAIN, "snapshot"));
96 	if (types == ZFS_TYPE_FILESYSTEM)
97 		return (dgettext(TEXT_DOMAIN, "filesystem"));
98 	if (types == ZFS_TYPE_VOLUME)
99 		return (dgettext(TEXT_DOMAIN, "volume"));
100 
101 	/*
102 	 * The user is requesting more than one type of dataset.  If this is the
103 	 * case, consult the path itself.  If we're looking for a snapshot, and
104 	 * a '@' is found, then report it as "snapshot".  Otherwise, remove the
105 	 * snapshot attribute and try again.
106 	 */
107 	if (types & ZFS_TYPE_SNAPSHOT) {
108 		if (strchr(path, '@') != NULL)
109 			return (dgettext(TEXT_DOMAIN, "snapshot"));
110 		return (path_to_str(path, types & ~ZFS_TYPE_SNAPSHOT));
111 	}
112 
113 
114 	/*
115 	 * The user has requested either filesystems or volumes.
116 	 * We have no way of knowing a priori what type this would be, so always
117 	 * report it as "filesystem" or "volume", our two primitive types.
118 	 */
119 	if (types & ZFS_TYPE_FILESYSTEM)
120 		return (dgettext(TEXT_DOMAIN, "filesystem"));
121 
122 	assert(types & ZFS_TYPE_VOLUME);
123 	return (dgettext(TEXT_DOMAIN, "volume"));
124 }
125 
126 /*
127  * Validate a ZFS path.  This is used even before trying to open the dataset, to
128  * provide a more meaningful error message.  We place a more useful message in
129  * 'buf' detailing exactly why the name was not valid.
130  */
131 static int
132 zfs_validate_name(libzfs_handle_t *hdl, const char *path, int type,
133     boolean_t modifying)
134 {
135 	namecheck_err_t why;
136 	char what;
137 
138 	if (dataset_namecheck(path, &why, &what) != 0) {
139 		if (hdl != NULL) {
140 			switch (why) {
141 			case NAME_ERR_TOOLONG:
142 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
143 				    "name is too long"));
144 				break;
145 
146 			case NAME_ERR_LEADING_SLASH:
147 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
148 				    "leading slash in name"));
149 				break;
150 
151 			case NAME_ERR_EMPTY_COMPONENT:
152 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
153 				    "empty component in name"));
154 				break;
155 
156 			case NAME_ERR_TRAILING_SLASH:
157 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
158 				    "trailing slash in name"));
159 				break;
160 
161 			case NAME_ERR_INVALCHAR:
162 				zfs_error_aux(hdl,
163 				    dgettext(TEXT_DOMAIN, "invalid character "
164 				    "'%c' in name"), what);
165 				break;
166 
167 			case NAME_ERR_MULTIPLE_AT:
168 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
169 				    "multiple '@' delimiters in name"));
170 				break;
171 
172 			case NAME_ERR_NOLETTER:
173 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
174 				    "pool doesn't begin with a letter"));
175 				break;
176 
177 			case NAME_ERR_RESERVED:
178 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
179 				    "name is reserved"));
180 				break;
181 
182 			case NAME_ERR_DISKLIKE:
183 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
184 				    "reserved disk name"));
185 				break;
186 			}
187 		}
188 
189 		return (0);
190 	}
191 
192 	if (!(type & ZFS_TYPE_SNAPSHOT) && strchr(path, '@') != NULL) {
193 		if (hdl != NULL)
194 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
195 			    "snapshot delimiter '@' in filesystem name"));
196 		return (0);
197 	}
198 
199 	if (type == ZFS_TYPE_SNAPSHOT && strchr(path, '@') == NULL) {
200 		if (hdl != NULL)
201 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
202 			    "missing '@' delimiter in snapshot name"));
203 		return (0);
204 	}
205 
206 	if (modifying && strchr(path, '%') != NULL) {
207 		if (hdl != NULL)
208 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
209 			    "invalid character %c in name"), '%');
210 		return (0);
211 	}
212 
213 	return (-1);
214 }
215 
216 int
217 zfs_name_valid(const char *name, zfs_type_t type)
218 {
219 	if (type == ZFS_TYPE_POOL)
220 		return (zpool_name_valid(NULL, B_FALSE, name));
221 	return (zfs_validate_name(NULL, name, type, B_FALSE));
222 }
223 
224 /*
225  * This function takes the raw DSL properties, and filters out the user-defined
226  * properties into a separate nvlist.
227  */
228 static nvlist_t *
229 process_user_props(zfs_handle_t *zhp, nvlist_t *props)
230 {
231 	libzfs_handle_t *hdl = zhp->zfs_hdl;
232 	nvpair_t *elem;
233 	nvlist_t *propval;
234 	nvlist_t *nvl;
235 
236 	if (nvlist_alloc(&nvl, NV_UNIQUE_NAME, 0) != 0) {
237 		(void) no_memory(hdl);
238 		return (NULL);
239 	}
240 
241 	elem = NULL;
242 	while ((elem = nvlist_next_nvpair(props, elem)) != NULL) {
243 		if (!zfs_prop_user(nvpair_name(elem)))
244 			continue;
245 
246 		verify(nvpair_value_nvlist(elem, &propval) == 0);
247 		if (nvlist_add_nvlist(nvl, nvpair_name(elem), propval) != 0) {
248 			nvlist_free(nvl);
249 			(void) no_memory(hdl);
250 			return (NULL);
251 		}
252 	}
253 
254 	return (nvl);
255 }
256 
257 static zpool_handle_t *
258 zpool_add_handle(zfs_handle_t *zhp, const char *pool_name)
259 {
260 	libzfs_handle_t *hdl = zhp->zfs_hdl;
261 	zpool_handle_t *zph;
262 
263 	if ((zph = zpool_open_canfail(hdl, pool_name)) != NULL) {
264 		if (hdl->libzfs_pool_handles != NULL)
265 			zph->zpool_next = hdl->libzfs_pool_handles;
266 		hdl->libzfs_pool_handles = zph;
267 	}
268 	return (zph);
269 }
270 
271 static zpool_handle_t *
272 zpool_find_handle(zfs_handle_t *zhp, const char *pool_name, int len)
273 {
274 	libzfs_handle_t *hdl = zhp->zfs_hdl;
275 	zpool_handle_t *zph = hdl->libzfs_pool_handles;
276 
277 	while ((zph != NULL) &&
278 	    (strncmp(pool_name, zpool_get_name(zph), len) != 0))
279 		zph = zph->zpool_next;
280 	return (zph);
281 }
282 
283 /*
284  * Returns a handle to the pool that contains the provided dataset.
285  * If a handle to that pool already exists then that handle is returned.
286  * Otherwise, a new handle is created and added to the list of handles.
287  */
288 static zpool_handle_t *
289 zpool_handle(zfs_handle_t *zhp)
290 {
291 	char *pool_name;
292 	int len;
293 	zpool_handle_t *zph;
294 
295 	len = strcspn(zhp->zfs_name, "/@") + 1;
296 	pool_name = zfs_alloc(zhp->zfs_hdl, len);
297 	(void) strlcpy(pool_name, zhp->zfs_name, len);
298 
299 	zph = zpool_find_handle(zhp, pool_name, len);
300 	if (zph == NULL)
301 		zph = zpool_add_handle(zhp, pool_name);
302 
303 	free(pool_name);
304 	return (zph);
305 }
306 
307 void
308 zpool_free_handles(libzfs_handle_t *hdl)
309 {
310 	zpool_handle_t *next, *zph = hdl->libzfs_pool_handles;
311 
312 	while (zph != NULL) {
313 		next = zph->zpool_next;
314 		zpool_close(zph);
315 		zph = next;
316 	}
317 	hdl->libzfs_pool_handles = NULL;
318 }
319 
320 /*
321  * Utility function to gather stats (objset and zpl) for the given object.
322  */
323 static int
324 get_stats(zfs_handle_t *zhp)
325 {
326 	zfs_cmd_t zc = { 0 };
327 	libzfs_handle_t *hdl = zhp->zfs_hdl;
328 	nvlist_t *allprops, *userprops;
329 
330 	(void) strlcpy(zc.zc_name, zhp->zfs_name, sizeof (zc.zc_name));
331 
332 	if (zcmd_alloc_dst_nvlist(hdl, &zc, 0) != 0)
333 		return (-1);
334 
335 	while (ioctl(zhp->zfs_hdl->libzfs_fd, ZFS_IOC_OBJSET_STATS, &zc) != 0) {
336 		if (errno == ENOMEM) {
337 			if (zcmd_expand_dst_nvlist(hdl, &zc) != 0) {
338 				zcmd_free_nvlists(&zc);
339 				return (-1);
340 			}
341 		} else {
342 			zcmd_free_nvlists(&zc);
343 			return (-1);
344 		}
345 	}
346 
347 	zhp->zfs_dmustats = zc.zc_objset_stats; /* structure assignment */
348 
349 	if (zcmd_read_dst_nvlist(hdl, &zc, &allprops) != 0) {
350 		zcmd_free_nvlists(&zc);
351 		return (-1);
352 	}
353 
354 	zcmd_free_nvlists(&zc);
355 
356 	if ((userprops = process_user_props(zhp, allprops)) == NULL) {
357 		nvlist_free(allprops);
358 		return (-1);
359 	}
360 
361 	nvlist_free(zhp->zfs_props);
362 	nvlist_free(zhp->zfs_user_props);
363 
364 	zhp->zfs_props = allprops;
365 	zhp->zfs_user_props = userprops;
366 
367 	return (0);
368 }
369 
370 /*
371  * Refresh the properties currently stored in the handle.
372  */
373 void
374 zfs_refresh_properties(zfs_handle_t *zhp)
375 {
376 	(void) get_stats(zhp);
377 }
378 
379 /*
380  * Makes a handle from the given dataset name.  Used by zfs_open() and
381  * zfs_iter_* to create child handles on the fly.
382  */
383 zfs_handle_t *
384 make_dataset_handle(libzfs_handle_t *hdl, const char *path)
385 {
386 	zfs_handle_t *zhp = calloc(sizeof (zfs_handle_t), 1);
387 	char *logstr;
388 
389 	if (zhp == NULL)
390 		return (NULL);
391 
392 	zhp->zfs_hdl = hdl;
393 
394 	/*
395 	 * Preserve history log string.
396 	 * any changes performed here will be
397 	 * logged as an internal event.
398 	 */
399 	logstr = zhp->zfs_hdl->libzfs_log_str;
400 	zhp->zfs_hdl->libzfs_log_str = NULL;
401 top:
402 	(void) strlcpy(zhp->zfs_name, path, sizeof (zhp->zfs_name));
403 
404 	if (get_stats(zhp) != 0) {
405 		zhp->zfs_hdl->libzfs_log_str = logstr;
406 		free(zhp);
407 		return (NULL);
408 	}
409 
410 	if (zhp->zfs_dmustats.dds_inconsistent) {
411 		zfs_cmd_t zc = { 0 };
412 
413 		/*
414 		 * If it is dds_inconsistent, then we've caught it in
415 		 * the middle of a 'zfs receive' or 'zfs destroy', and
416 		 * it is inconsistent from the ZPL's point of view, so
417 		 * can't be mounted.  However, it could also be that we
418 		 * have crashed in the middle of one of those
419 		 * operations, in which case we need to get rid of the
420 		 * inconsistent state.  We do that by either rolling
421 		 * back to the previous snapshot (which will fail if
422 		 * there is none), or destroying the filesystem.  Note
423 		 * that if we are still in the middle of an active
424 		 * 'receive' or 'destroy', then the rollback and destroy
425 		 * will fail with EBUSY and we will drive on as usual.
426 		 */
427 
428 		(void) strlcpy(zc.zc_name, zhp->zfs_name, sizeof (zc.zc_name));
429 
430 		if (zhp->zfs_dmustats.dds_type == DMU_OST_ZVOL) {
431 			(void) zvol_remove_link(hdl, zhp->zfs_name);
432 			zc.zc_objset_type = DMU_OST_ZVOL;
433 		} else {
434 			zc.zc_objset_type = DMU_OST_ZFS;
435 		}
436 
437 		/*
438 		 * If we can successfully destroy it, pretend that it
439 		 * never existed.
440 		 */
441 		if (ioctl(hdl->libzfs_fd, ZFS_IOC_DESTROY, &zc) == 0) {
442 			zhp->zfs_hdl->libzfs_log_str = logstr;
443 			free(zhp);
444 			errno = ENOENT;
445 			return (NULL);
446 		}
447 		/* If we can successfully roll it back, reget the stats */
448 		if (ioctl(hdl->libzfs_fd, ZFS_IOC_ROLLBACK, &zc) == 0)
449 			goto top;
450 	}
451 
452 	/*
453 	 * We've managed to open the dataset and gather statistics.  Determine
454 	 * the high-level type.
455 	 */
456 	if (zhp->zfs_dmustats.dds_type == DMU_OST_ZVOL)
457 		zhp->zfs_head_type = ZFS_TYPE_VOLUME;
458 	else if (zhp->zfs_dmustats.dds_type == DMU_OST_ZFS)
459 		zhp->zfs_head_type = ZFS_TYPE_FILESYSTEM;
460 	else
461 		abort();
462 
463 	if (zhp->zfs_dmustats.dds_is_snapshot)
464 		zhp->zfs_type = ZFS_TYPE_SNAPSHOT;
465 	else if (zhp->zfs_dmustats.dds_type == DMU_OST_ZVOL)
466 		zhp->zfs_type = ZFS_TYPE_VOLUME;
467 	else if (zhp->zfs_dmustats.dds_type == DMU_OST_ZFS)
468 		zhp->zfs_type = ZFS_TYPE_FILESYSTEM;
469 	else
470 		abort();	/* we should never see any other types */
471 
472 	zhp->zfs_hdl->libzfs_log_str = logstr;
473 	zhp->zpool_hdl = zpool_handle(zhp);
474 	return (zhp);
475 }
476 
477 /*
478  * Opens the given snapshot, filesystem, or volume.   The 'types'
479  * argument is a mask of acceptable types.  The function will print an
480  * appropriate error message and return NULL if it can't be opened.
481  */
482 zfs_handle_t *
483 zfs_open(libzfs_handle_t *hdl, const char *path, int types)
484 {
485 	zfs_handle_t *zhp;
486 	char errbuf[1024];
487 
488 	(void) snprintf(errbuf, sizeof (errbuf),
489 	    dgettext(TEXT_DOMAIN, "cannot open '%s'"), path);
490 
491 	/*
492 	 * Validate the name before we even try to open it.
493 	 */
494 	if (!zfs_validate_name(hdl, path, ZFS_TYPE_DATASET, B_FALSE)) {
495 		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
496 		    "invalid dataset name"));
497 		(void) zfs_error(hdl, EZFS_INVALIDNAME, errbuf);
498 		return (NULL);
499 	}
500 
501 	/*
502 	 * Try to get stats for the dataset, which will tell us if it exists.
503 	 */
504 	errno = 0;
505 	if ((zhp = make_dataset_handle(hdl, path)) == NULL) {
506 		(void) zfs_standard_error(hdl, errno, errbuf);
507 		return (NULL);
508 	}
509 
510 	if (!(types & zhp->zfs_type)) {
511 		(void) zfs_error(hdl, EZFS_BADTYPE, errbuf);
512 		zfs_close(zhp);
513 		return (NULL);
514 	}
515 
516 	return (zhp);
517 }
518 
519 /*
520  * Release a ZFS handle.  Nothing to do but free the associated memory.
521  */
522 void
523 zfs_close(zfs_handle_t *zhp)
524 {
525 	if (zhp->zfs_mntopts)
526 		free(zhp->zfs_mntopts);
527 	nvlist_free(zhp->zfs_props);
528 	nvlist_free(zhp->zfs_user_props);
529 	free(zhp);
530 }
531 
532 int
533 zfs_spa_version(zfs_handle_t *zhp, int *spa_version)
534 {
535 	zpool_handle_t *zpool_handle = zhp->zpool_hdl;
536 
537 	if (zpool_handle == NULL)
538 		return (-1);
539 
540 	*spa_version = zpool_get_prop_int(zpool_handle,
541 	    ZPOOL_PROP_VERSION, NULL);
542 	return (0);
543 }
544 
545 /*
546  * The choice of reservation property depends on the SPA version.
547  */
548 static int
549 zfs_which_resv_prop(zfs_handle_t *zhp, zfs_prop_t *resv_prop)
550 {
551 	int spa_version;
552 
553 	if (zfs_spa_version(zhp, &spa_version) < 0)
554 		return (-1);
555 
556 	if (spa_version >= SPA_VERSION_REFRESERVATION)
557 		*resv_prop = ZFS_PROP_REFRESERVATION;
558 	else
559 		*resv_prop = ZFS_PROP_RESERVATION;
560 
561 	return (0);
562 }
563 
564 /*
565  * Given an nvlist of properties to set, validates that they are correct, and
566  * parses any numeric properties (index, boolean, etc) if they are specified as
567  * strings.
568  */
569 nvlist_t *
570 zfs_valid_proplist(libzfs_handle_t *hdl, zfs_type_t type, nvlist_t *nvl,
571     uint64_t zoned, zfs_handle_t *zhp, const char *errbuf)
572 {
573 	nvpair_t *elem;
574 	uint64_t intval;
575 	char *strval;
576 	zfs_prop_t prop;
577 	nvlist_t *ret;
578 	int chosen_normal = -1;
579 	int chosen_utf = -1;
580 
581 	if (type == ZFS_TYPE_SNAPSHOT) {
582 		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
583 		    "snapshot properties cannot be modified"));
584 		(void) zfs_error(hdl, EZFS_PROPTYPE, errbuf);
585 		return (NULL);
586 	}
587 
588 	if (nvlist_alloc(&ret, NV_UNIQUE_NAME, 0) != 0) {
589 		(void) no_memory(hdl);
590 		return (NULL);
591 	}
592 
593 	elem = NULL;
594 	while ((elem = nvlist_next_nvpair(nvl, elem)) != NULL) {
595 		const char *propname = nvpair_name(elem);
596 
597 		/*
598 		 * Make sure this property is valid and applies to this type.
599 		 */
600 		if ((prop = zfs_name_to_prop(propname)) == ZPROP_INVAL) {
601 			if (!zfs_prop_user(propname)) {
602 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
603 				    "invalid property '%s'"), propname);
604 				(void) zfs_error(hdl, EZFS_BADPROP, errbuf);
605 				goto error;
606 			}
607 
608 			/*
609 			 * If this is a user property, make sure it's a
610 			 * string, and that it's less than ZAP_MAXNAMELEN.
611 			 */
612 			if (nvpair_type(elem) != DATA_TYPE_STRING) {
613 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
614 				    "'%s' must be a string"), propname);
615 				(void) zfs_error(hdl, EZFS_BADPROP, errbuf);
616 				goto error;
617 			}
618 
619 			if (strlen(nvpair_name(elem)) >= ZAP_MAXNAMELEN) {
620 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
621 				    "property name '%s' is too long"),
622 				    propname);
623 				(void) zfs_error(hdl, EZFS_BADPROP, errbuf);
624 				goto error;
625 			}
626 
627 			(void) nvpair_value_string(elem, &strval);
628 			if (nvlist_add_string(ret, propname, strval) != 0) {
629 				(void) no_memory(hdl);
630 				goto error;
631 			}
632 			continue;
633 		}
634 
635 		if (!zfs_prop_valid_for_type(prop, type)) {
636 			zfs_error_aux(hdl,
637 			    dgettext(TEXT_DOMAIN, "'%s' does not "
638 			    "apply to datasets of this type"), propname);
639 			(void) zfs_error(hdl, EZFS_PROPTYPE, errbuf);
640 			goto error;
641 		}
642 
643 		if (zfs_prop_readonly(prop) &&
644 		    (!zfs_prop_setonce(prop) || zhp != NULL)) {
645 			zfs_error_aux(hdl,
646 			    dgettext(TEXT_DOMAIN, "'%s' is readonly"),
647 			    propname);
648 			(void) zfs_error(hdl, EZFS_PROPREADONLY, errbuf);
649 			goto error;
650 		}
651 
652 		if (zprop_parse_value(hdl, elem, prop, type, ret,
653 		    &strval, &intval, errbuf) != 0)
654 			goto error;
655 
656 		/*
657 		 * Perform some additional checks for specific properties.
658 		 */
659 		switch (prop) {
660 		case ZFS_PROP_VERSION:
661 		{
662 			int version;
663 
664 			if (zhp == NULL)
665 				break;
666 			version = zfs_prop_get_int(zhp, ZFS_PROP_VERSION);
667 			if (intval < version) {
668 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
669 				    "Can not downgrade; already at version %u"),
670 				    version);
671 				(void) zfs_error(hdl, EZFS_BADPROP, errbuf);
672 				goto error;
673 			}
674 			break;
675 		}
676 
677 		case ZFS_PROP_RECORDSIZE:
678 		case ZFS_PROP_VOLBLOCKSIZE:
679 			/* must be power of two within SPA_{MIN,MAX}BLOCKSIZE */
680 			if (intval < SPA_MINBLOCKSIZE ||
681 			    intval > SPA_MAXBLOCKSIZE || !ISP2(intval)) {
682 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
683 				    "'%s' must be power of 2 from %u "
684 				    "to %uk"), propname,
685 				    (uint_t)SPA_MINBLOCKSIZE,
686 				    (uint_t)SPA_MAXBLOCKSIZE >> 10);
687 				(void) zfs_error(hdl, EZFS_BADPROP, errbuf);
688 				goto error;
689 			}
690 			break;
691 
692 		case ZFS_PROP_SHAREISCSI:
693 			if (strcmp(strval, "off") != 0 &&
694 			    strcmp(strval, "on") != 0 &&
695 			    strcmp(strval, "type=disk") != 0) {
696 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
697 				    "'%s' must be 'on', 'off', or 'type=disk'"),
698 				    propname);
699 				(void) zfs_error(hdl, EZFS_BADPROP, errbuf);
700 				goto error;
701 			}
702 
703 			break;
704 
705 		case ZFS_PROP_MOUNTPOINT:
706 		{
707 			namecheck_err_t why;
708 
709 			if (strcmp(strval, ZFS_MOUNTPOINT_NONE) == 0 ||
710 			    strcmp(strval, ZFS_MOUNTPOINT_LEGACY) == 0)
711 				break;
712 
713 			if (mountpoint_namecheck(strval, &why)) {
714 				switch (why) {
715 				case NAME_ERR_LEADING_SLASH:
716 					zfs_error_aux(hdl,
717 					    dgettext(TEXT_DOMAIN,
718 					    "'%s' must be an absolute path, "
719 					    "'none', or 'legacy'"), propname);
720 					break;
721 				case NAME_ERR_TOOLONG:
722 					zfs_error_aux(hdl,
723 					    dgettext(TEXT_DOMAIN,
724 					    "component of '%s' is too long"),
725 					    propname);
726 					break;
727 				}
728 				(void) zfs_error(hdl, EZFS_BADPROP, errbuf);
729 				goto error;
730 			}
731 		}
732 
733 			/*FALLTHRU*/
734 
735 		case ZFS_PROP_SHARESMB:
736 		case ZFS_PROP_SHARENFS:
737 			/*
738 			 * For the mountpoint and sharenfs or sharesmb
739 			 * properties, check if it can be set in a
740 			 * global/non-global zone based on
741 			 * the zoned property value:
742 			 *
743 			 *		global zone	    non-global zone
744 			 * --------------------------------------------------
745 			 * zoned=on	mountpoint (no)	    mountpoint (yes)
746 			 *		sharenfs (no)	    sharenfs (no)
747 			 *		sharesmb (no)	    sharesmb (no)
748 			 *
749 			 * zoned=off	mountpoint (yes)	N/A
750 			 *		sharenfs (yes)
751 			 *		sharesmb (yes)
752 			 */
753 			if (zoned) {
754 				if (getzoneid() == GLOBAL_ZONEID) {
755 					zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
756 					    "'%s' cannot be set on "
757 					    "dataset in a non-global zone"),
758 					    propname);
759 					(void) zfs_error(hdl, EZFS_ZONED,
760 					    errbuf);
761 					goto error;
762 				} else if (prop == ZFS_PROP_SHARENFS ||
763 				    prop == ZFS_PROP_SHARESMB) {
764 					zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
765 					    "'%s' cannot be set in "
766 					    "a non-global zone"), propname);
767 					(void) zfs_error(hdl, EZFS_ZONED,
768 					    errbuf);
769 					goto error;
770 				}
771 			} else if (getzoneid() != GLOBAL_ZONEID) {
772 				/*
773 				 * If zoned property is 'off', this must be in
774 				 * a globle zone. If not, something is wrong.
775 				 */
776 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
777 				    "'%s' cannot be set while dataset "
778 				    "'zoned' property is set"), propname);
779 				(void) zfs_error(hdl, EZFS_ZONED, errbuf);
780 				goto error;
781 			}
782 
783 			/*
784 			 * At this point, it is legitimate to set the
785 			 * property. Now we want to make sure that the
786 			 * property value is valid if it is sharenfs.
787 			 */
788 			if ((prop == ZFS_PROP_SHARENFS ||
789 			    prop == ZFS_PROP_SHARESMB) &&
790 			    strcmp(strval, "on") != 0 &&
791 			    strcmp(strval, "off") != 0) {
792 				zfs_share_proto_t proto;
793 
794 				if (prop == ZFS_PROP_SHARESMB)
795 					proto = PROTO_SMB;
796 				else
797 					proto = PROTO_NFS;
798 
799 				/*
800 				 * Must be an valid sharing protocol
801 				 * option string so init the libshare
802 				 * in order to enable the parser and
803 				 * then parse the options. We use the
804 				 * control API since we don't care about
805 				 * the current configuration and don't
806 				 * want the overhead of loading it
807 				 * until we actually do something.
808 				 */
809 
810 				if (zfs_init_libshare(hdl,
811 				    SA_INIT_CONTROL_API) != SA_OK) {
812 					/*
813 					 * An error occurred so we can't do
814 					 * anything
815 					 */
816 					zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
817 					    "'%s' cannot be set: problem "
818 					    "in share initialization"),
819 					    propname);
820 					(void) zfs_error(hdl, EZFS_BADPROP,
821 					    errbuf);
822 					goto error;
823 				}
824 
825 				if (zfs_parse_options(strval, proto) != SA_OK) {
826 					/*
827 					 * There was an error in parsing so
828 					 * deal with it by issuing an error
829 					 * message and leaving after
830 					 * uninitializing the the libshare
831 					 * interface.
832 					 */
833 					zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
834 					    "'%s' cannot be set to invalid "
835 					    "options"), propname);
836 					(void) zfs_error(hdl, EZFS_BADPROP,
837 					    errbuf);
838 					zfs_uninit_libshare(hdl);
839 					goto error;
840 				}
841 				zfs_uninit_libshare(hdl);
842 			}
843 
844 			break;
845 		case ZFS_PROP_UTF8ONLY:
846 			chosen_utf = (int)intval;
847 			break;
848 		case ZFS_PROP_NORMALIZE:
849 			chosen_normal = (int)intval;
850 			break;
851 		}
852 
853 		/*
854 		 * For changes to existing volumes, we have some additional
855 		 * checks to enforce.
856 		 */
857 		if (type == ZFS_TYPE_VOLUME && zhp != NULL) {
858 			uint64_t volsize = zfs_prop_get_int(zhp,
859 			    ZFS_PROP_VOLSIZE);
860 			uint64_t blocksize = zfs_prop_get_int(zhp,
861 			    ZFS_PROP_VOLBLOCKSIZE);
862 			char buf[64];
863 
864 			switch (prop) {
865 			case ZFS_PROP_RESERVATION:
866 			case ZFS_PROP_REFRESERVATION:
867 				if (intval > volsize) {
868 					zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
869 					    "'%s' is greater than current "
870 					    "volume size"), propname);
871 					(void) zfs_error(hdl, EZFS_BADPROP,
872 					    errbuf);
873 					goto error;
874 				}
875 				break;
876 
877 			case ZFS_PROP_VOLSIZE:
878 				if (intval % blocksize != 0) {
879 					zfs_nicenum(blocksize, buf,
880 					    sizeof (buf));
881 					zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
882 					    "'%s' must be a multiple of "
883 					    "volume block size (%s)"),
884 					    propname, buf);
885 					(void) zfs_error(hdl, EZFS_BADPROP,
886 					    errbuf);
887 					goto error;
888 				}
889 
890 				if (intval == 0) {
891 					zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
892 					    "'%s' cannot be zero"),
893 					    propname);
894 					(void) zfs_error(hdl, EZFS_BADPROP,
895 					    errbuf);
896 					goto error;
897 				}
898 				break;
899 			}
900 		}
901 	}
902 
903 	/*
904 	 * If normalization was chosen, but no UTF8 choice was made,
905 	 * enforce rejection of non-UTF8 names.
906 	 *
907 	 * If normalization was chosen, but rejecting non-UTF8 names
908 	 * was explicitly not chosen, it is an error.
909 	 */
910 	if (chosen_normal > 0 && chosen_utf < 0) {
911 		if (nvlist_add_uint64(ret,
912 		    zfs_prop_to_name(ZFS_PROP_UTF8ONLY), 1) != 0) {
913 			(void) no_memory(hdl);
914 			goto error;
915 		}
916 	} else if (chosen_normal > 0 && chosen_utf == 0) {
917 		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
918 		    "'%s' must be set 'on' if normalization chosen"),
919 		    zfs_prop_to_name(ZFS_PROP_UTF8ONLY));
920 		(void) zfs_error(hdl, EZFS_BADPROP, errbuf);
921 		goto error;
922 	}
923 
924 	/*
925 	 * If this is an existing volume, and someone is setting the volsize,
926 	 * make sure that it matches the reservation, or add it if necessary.
927 	 */
928 	if (zhp != NULL && type == ZFS_TYPE_VOLUME &&
929 	    nvlist_lookup_uint64(ret, zfs_prop_to_name(ZFS_PROP_VOLSIZE),
930 	    &intval) == 0) {
931 		uint64_t old_volsize = zfs_prop_get_int(zhp,
932 		    ZFS_PROP_VOLSIZE);
933 		uint64_t old_reservation;
934 		uint64_t new_reservation;
935 		zfs_prop_t resv_prop;
936 
937 		if (zfs_which_resv_prop(zhp, &resv_prop) < 0)
938 			goto error;
939 		old_reservation = zfs_prop_get_int(zhp, resv_prop);
940 
941 		if (old_volsize == old_reservation &&
942 		    nvlist_lookup_uint64(ret, zfs_prop_to_name(resv_prop),
943 		    &new_reservation) != 0) {
944 			if (nvlist_add_uint64(ret,
945 			    zfs_prop_to_name(resv_prop), intval) != 0) {
946 				(void) no_memory(hdl);
947 				goto error;
948 			}
949 		}
950 	}
951 	return (ret);
952 
953 error:
954 	nvlist_free(ret);
955 	return (NULL);
956 }
957 
958 static int
959 zfs_get_perm_who(const char *who, zfs_deleg_who_type_t *who_type,
960     uint64_t *ret_who)
961 {
962 	struct passwd *pwd;
963 	struct group *grp;
964 	uid_t id;
965 
966 	if (*who_type == ZFS_DELEG_EVERYONE || *who_type == ZFS_DELEG_CREATE ||
967 	    *who_type == ZFS_DELEG_NAMED_SET) {
968 		*ret_who = -1;
969 		return (0);
970 	}
971 	if (who == NULL && !(*who_type == ZFS_DELEG_EVERYONE))
972 		return (EZFS_BADWHO);
973 
974 	if (*who_type == ZFS_DELEG_WHO_UNKNOWN &&
975 	    strcmp(who, "everyone") == 0) {
976 		*ret_who = -1;
977 		*who_type = ZFS_DELEG_EVERYONE;
978 		return (0);
979 	}
980 
981 	pwd = getpwnam(who);
982 	grp = getgrnam(who);
983 
984 	if ((*who_type == ZFS_DELEG_USER) && pwd) {
985 		*ret_who = pwd->pw_uid;
986 	} else if ((*who_type == ZFS_DELEG_GROUP) && grp) {
987 		*ret_who = grp->gr_gid;
988 	} else if (pwd) {
989 		*ret_who = pwd->pw_uid;
990 		*who_type = ZFS_DELEG_USER;
991 	} else if (grp) {
992 		*ret_who = grp->gr_gid;
993 		*who_type = ZFS_DELEG_GROUP;
994 	} else {
995 		char *end;
996 
997 		id = strtol(who, &end, 10);
998 		if (errno != 0 || *end != '\0') {
999 			return (EZFS_BADWHO);
1000 		} else {
1001 			*ret_who = id;
1002 			if (*who_type == ZFS_DELEG_WHO_UNKNOWN)
1003 				*who_type = ZFS_DELEG_USER;
1004 		}
1005 	}
1006 
1007 	return (0);
1008 }
1009 
1010 static void
1011 zfs_perms_add_to_nvlist(nvlist_t *who_nvp, char *name, nvlist_t *perms_nvp)
1012 {
1013 	if (perms_nvp != NULL) {
1014 		verify(nvlist_add_nvlist(who_nvp,
1015 		    name, perms_nvp) == 0);
1016 	} else {
1017 		verify(nvlist_add_boolean(who_nvp, name) == 0);
1018 	}
1019 }
1020 
1021 static void
1022 helper(zfs_deleg_who_type_t who_type, uint64_t whoid, char *whostr,
1023     zfs_deleg_inherit_t inherit, nvlist_t *who_nvp, nvlist_t *perms_nvp,
1024     nvlist_t *sets_nvp)
1025 {
1026 	boolean_t do_perms, do_sets;
1027 	char name[ZFS_MAX_DELEG_NAME];
1028 
1029 	do_perms = (nvlist_next_nvpair(perms_nvp, NULL) != NULL);
1030 	do_sets = (nvlist_next_nvpair(sets_nvp, NULL) != NULL);
1031 
1032 	if (!do_perms && !do_sets)
1033 		do_perms = do_sets = B_TRUE;
1034 
1035 	if (do_perms) {
1036 		zfs_deleg_whokey(name, who_type, inherit,
1037 		    (who_type == ZFS_DELEG_NAMED_SET) ?
1038 		    whostr : (void *)&whoid);
1039 		zfs_perms_add_to_nvlist(who_nvp, name, perms_nvp);
1040 	}
1041 	if (do_sets) {
1042 		zfs_deleg_whokey(name, toupper(who_type), inherit,
1043 		    (who_type == ZFS_DELEG_NAMED_SET) ?
1044 		    whostr : (void *)&whoid);
1045 		zfs_perms_add_to_nvlist(who_nvp, name, sets_nvp);
1046 	}
1047 }
1048 
1049 static void
1050 zfs_perms_add_who_nvlist(nvlist_t *who_nvp, uint64_t whoid, void *whostr,
1051     nvlist_t *perms_nvp, nvlist_t *sets_nvp,
1052     zfs_deleg_who_type_t who_type, zfs_deleg_inherit_t inherit)
1053 {
1054 	if (who_type == ZFS_DELEG_NAMED_SET || who_type == ZFS_DELEG_CREATE) {
1055 		helper(who_type, whoid, whostr, 0,
1056 		    who_nvp, perms_nvp, sets_nvp);
1057 	} else {
1058 		if (inherit & ZFS_DELEG_PERM_LOCAL) {
1059 			helper(who_type, whoid, whostr, ZFS_DELEG_LOCAL,
1060 			    who_nvp, perms_nvp, sets_nvp);
1061 		}
1062 		if (inherit & ZFS_DELEG_PERM_DESCENDENT) {
1063 			helper(who_type, whoid, whostr, ZFS_DELEG_DESCENDENT,
1064 			    who_nvp, perms_nvp, sets_nvp);
1065 		}
1066 	}
1067 }
1068 
1069 /*
1070  * Construct nvlist to pass down to kernel for setting/removing permissions.
1071  *
1072  * The nvlist is constructed as a series of nvpairs with an optional embedded
1073  * nvlist of permissions to remove or set.  The topmost nvpairs are the actual
1074  * base attribute named stored in the dsl.
1075  * Arguments:
1076  *
1077  * whostr:   is a comma separated list of users, groups, or a single set name.
1078  *           whostr may be null for everyone or create perms.
1079  * who_type: is the type of entry in whostr.  Typically this will be
1080  *           ZFS_DELEG_WHO_UNKNOWN.
1081  * perms:    common separated list of permissions.  May be null if user
1082  *           is requested to remove permissions by who.
1083  * inherit:  Specifies the inheritance of the permissions.  Will be either
1084  *           ZFS_DELEG_PERM_LOCAL and/or  ZFS_DELEG_PERM_DESCENDENT.
1085  * nvp       The constructed nvlist to pass to zfs_perm_set().
1086  *           The output nvp will look something like this.
1087  *              ul$1234 -> {create ; destroy }
1088  *              Ul$1234 -> { @myset }
1089  *              s-$@myset - { snapshot; checksum; compression }
1090  */
1091 int
1092 zfs_build_perms(zfs_handle_t *zhp, char *whostr, char *perms,
1093     zfs_deleg_who_type_t who_type, zfs_deleg_inherit_t inherit, nvlist_t **nvp)
1094 {
1095 	nvlist_t *who_nvp;
1096 	nvlist_t *perms_nvp = NULL;
1097 	nvlist_t *sets_nvp = NULL;
1098 	char errbuf[1024];
1099 	char *who_tok, *perm;
1100 	int error;
1101 
1102 	*nvp = NULL;
1103 
1104 	if (perms) {
1105 		if ((error = nvlist_alloc(&perms_nvp,
1106 		    NV_UNIQUE_NAME, 0)) != 0) {
1107 			return (1);
1108 		}
1109 		if ((error = nvlist_alloc(&sets_nvp,
1110 		    NV_UNIQUE_NAME, 0)) != 0) {
1111 			nvlist_free(perms_nvp);
1112 			return (1);
1113 		}
1114 	}
1115 
1116 	if ((error = nvlist_alloc(&who_nvp, NV_UNIQUE_NAME, 0)) != 0) {
1117 		if (perms_nvp)
1118 			nvlist_free(perms_nvp);
1119 		if (sets_nvp)
1120 			nvlist_free(sets_nvp);
1121 		return (1);
1122 	}
1123 
1124 	if (who_type == ZFS_DELEG_NAMED_SET) {
1125 		namecheck_err_t why;
1126 		char what;
1127 
1128 		if ((error = permset_namecheck(whostr, &why, &what)) != 0) {
1129 			nvlist_free(who_nvp);
1130 			if (perms_nvp)
1131 				nvlist_free(perms_nvp);
1132 			if (sets_nvp)
1133 				nvlist_free(sets_nvp);
1134 
1135 			switch (why) {
1136 			case NAME_ERR_NO_AT:
1137 				zfs_error_aux(zhp->zfs_hdl,
1138 				    dgettext(TEXT_DOMAIN,
1139 				    "set definition must begin with an '@' "
1140 				    "character"));
1141 			}
1142 			return (zfs_error(zhp->zfs_hdl,
1143 			    EZFS_BADPERMSET, whostr));
1144 		}
1145 	}
1146 
1147 	/*
1148 	 * Build up nvlist(s) of permissions.  Two nvlists are maintained.
1149 	 * The first nvlist perms_nvp will have normal permissions and the
1150 	 * other sets_nvp will have only permssion set names in it.
1151 	 */
1152 	for (perm = strtok(perms, ","); perm; perm = strtok(NULL, ",")) {
1153 		const char *perm_canonical = zfs_deleg_canonicalize_perm(perm);
1154 
1155 		if (perm_canonical) {
1156 			verify(nvlist_add_boolean(perms_nvp,
1157 			    perm_canonical) == 0);
1158 		} else if (perm[0] == '@') {
1159 			verify(nvlist_add_boolean(sets_nvp, perm) == 0);
1160 		} else {
1161 			nvlist_free(who_nvp);
1162 			nvlist_free(perms_nvp);
1163 			nvlist_free(sets_nvp);
1164 			return (zfs_error(zhp->zfs_hdl, EZFS_BADPERM, perm));
1165 		}
1166 	}
1167 
1168 	if (whostr && who_type != ZFS_DELEG_CREATE) {
1169 		who_tok = strtok(whostr, ",");
1170 		if (who_tok == NULL) {
1171 			nvlist_free(who_nvp);
1172 			if (perms_nvp)
1173 				nvlist_free(perms_nvp);
1174 			if (sets_nvp)
1175 				nvlist_free(sets_nvp);
1176 			(void) snprintf(errbuf, sizeof (errbuf),
1177 			    dgettext(TEXT_DOMAIN, "Who string is NULL"),
1178 			    whostr);
1179 			return (zfs_error(zhp->zfs_hdl, EZFS_BADWHO, errbuf));
1180 		}
1181 	}
1182 
1183 	/*
1184 	 * Now create the nvlist(s)
1185 	 */
1186 	do {
1187 		uint64_t who_id;
1188 
1189 		error = zfs_get_perm_who(who_tok, &who_type,
1190 		    &who_id);
1191 		if (error) {
1192 			nvlist_free(who_nvp);
1193 			if (perms_nvp)
1194 				nvlist_free(perms_nvp);
1195 			if (sets_nvp)
1196 				nvlist_free(sets_nvp);
1197 			(void) snprintf(errbuf, sizeof (errbuf),
1198 			    dgettext(TEXT_DOMAIN,
1199 			    "Unable to determine uid/gid for "
1200 			    "%s "), who_tok);
1201 			return (zfs_error(zhp->zfs_hdl, EZFS_BADWHO, errbuf));
1202 		}
1203 
1204 		/*
1205 		 * add entries for both local and descendent when required
1206 		 */
1207 		zfs_perms_add_who_nvlist(who_nvp, who_id, who_tok,
1208 		    perms_nvp, sets_nvp, who_type, inherit);
1209 
1210 	} while (who_tok = strtok(NULL, ","));
1211 	*nvp = who_nvp;
1212 	return (0);
1213 }
1214 
1215 static int
1216 zfs_perm_set_common(zfs_handle_t *zhp, nvlist_t *nvp, boolean_t unset)
1217 {
1218 	zfs_cmd_t zc = { 0 };
1219 	int error;
1220 	char errbuf[1024];
1221 
1222 	(void) snprintf(errbuf, sizeof (errbuf),
1223 	    dgettext(TEXT_DOMAIN, "Cannot update 'allows' for '%s'"),
1224 	    zhp->zfs_name);
1225 
1226 	if (zcmd_write_src_nvlist(zhp->zfs_hdl, &zc, nvp))
1227 		return (-1);
1228 
1229 	(void) strlcpy(zc.zc_name, zhp->zfs_name, sizeof (zc.zc_name));
1230 	zc.zc_perm_action = unset;
1231 
1232 	error = zfs_ioctl(zhp->zfs_hdl, ZFS_IOC_SET_FSACL, &zc);
1233 	if (error && errno == ENOTSUP) {
1234 		(void) snprintf(errbuf, sizeof (errbuf),
1235 		    gettext("Pool must be upgraded to use 'allow/unallow'"));
1236 		zcmd_free_nvlists(&zc);
1237 		return (zfs_error(zhp->zfs_hdl, EZFS_BADVERSION, errbuf));
1238 	} else if (error) {
1239 		return (zfs_standard_error(zhp->zfs_hdl, errno, errbuf));
1240 	}
1241 	zcmd_free_nvlists(&zc);
1242 
1243 	return (error);
1244 }
1245 
1246 int
1247 zfs_perm_set(zfs_handle_t *zhp, nvlist_t *nvp)
1248 {
1249 	return (zfs_perm_set_common(zhp, nvp, B_FALSE));
1250 }
1251 
1252 int
1253 zfs_perm_remove(zfs_handle_t *zhp, nvlist_t *perms)
1254 {
1255 	return (zfs_perm_set_common(zhp, perms, B_TRUE));
1256 }
1257 
1258 static int
1259 perm_compare(const void *arg1, const void *arg2)
1260 {
1261 	const zfs_perm_node_t *node1 = arg1;
1262 	const zfs_perm_node_t *node2 = arg2;
1263 	int ret;
1264 
1265 	ret = strcmp(node1->z_pname, node2->z_pname);
1266 
1267 	if (ret > 0)
1268 		return (1);
1269 	if (ret < 0)
1270 		return (-1);
1271 	else
1272 		return (0);
1273 }
1274 
1275 static void
1276 zfs_destroy_perm_tree(avl_tree_t *tree)
1277 {
1278 	zfs_perm_node_t *permnode;
1279 	void *cookie = NULL;
1280 
1281 	while ((permnode = avl_destroy_nodes(tree,  &cookie)) != NULL)
1282 		free(permnode);
1283 	avl_destroy(tree);
1284 }
1285 
1286 static void
1287 zfs_destroy_tree(avl_tree_t *tree)
1288 {
1289 	zfs_allow_node_t *allownode;
1290 	void *cookie = NULL;
1291 
1292 	while ((allownode = avl_destroy_nodes(tree, &cookie)) != NULL) {
1293 		zfs_destroy_perm_tree(&allownode->z_localdescend);
1294 		zfs_destroy_perm_tree(&allownode->z_local);
1295 		zfs_destroy_perm_tree(&allownode->z_descend);
1296 		free(allownode);
1297 	}
1298 	avl_destroy(tree);
1299 }
1300 
1301 void
1302 zfs_free_allows(zfs_allow_t *allow)
1303 {
1304 	zfs_allow_t *allownext;
1305 	zfs_allow_t *freeallow;
1306 
1307 	allownext = allow;
1308 	while (allownext) {
1309 		zfs_destroy_tree(&allownext->z_sets);
1310 		zfs_destroy_tree(&allownext->z_crperms);
1311 		zfs_destroy_tree(&allownext->z_user);
1312 		zfs_destroy_tree(&allownext->z_group);
1313 		zfs_destroy_tree(&allownext->z_everyone);
1314 		freeallow = allownext;
1315 		allownext = allownext->z_next;
1316 		free(freeallow);
1317 	}
1318 }
1319 
1320 static zfs_allow_t *
1321 zfs_alloc_perm_tree(zfs_handle_t *zhp, zfs_allow_t *prev, char *setpoint)
1322 {
1323 	zfs_allow_t *ptree;
1324 
1325 	if ((ptree = zfs_alloc(zhp->zfs_hdl,
1326 	    sizeof (zfs_allow_t))) == NULL) {
1327 		return (NULL);
1328 	}
1329 
1330 	(void) strlcpy(ptree->z_setpoint, setpoint, sizeof (ptree->z_setpoint));
1331 	avl_create(&ptree->z_sets,
1332 	    perm_compare, sizeof (zfs_allow_node_t),
1333 	    offsetof(zfs_allow_node_t, z_node));
1334 	avl_create(&ptree->z_crperms,
1335 	    perm_compare, sizeof (zfs_allow_node_t),
1336 	    offsetof(zfs_allow_node_t, z_node));
1337 	avl_create(&ptree->z_user,
1338 	    perm_compare, sizeof (zfs_allow_node_t),
1339 	    offsetof(zfs_allow_node_t, z_node));
1340 	avl_create(&ptree->z_group,
1341 	    perm_compare, sizeof (zfs_allow_node_t),
1342 	    offsetof(zfs_allow_node_t, z_node));
1343 	avl_create(&ptree->z_everyone,
1344 	    perm_compare, sizeof (zfs_allow_node_t),
1345 	    offsetof(zfs_allow_node_t, z_node));
1346 
1347 	if (prev)
1348 		prev->z_next = ptree;
1349 	ptree->z_next = NULL;
1350 	return (ptree);
1351 }
1352 
1353 /*
1354  * Add permissions to the appropriate AVL permission tree.
1355  * The appropriate tree may not be the requested tree.
1356  * For example if ld indicates a local permission, but
1357  * same permission also exists as a descendent permission
1358  * then the permission will be removed from the descendent
1359  * tree and add the the local+descendent tree.
1360  */
1361 static int
1362 zfs_coalesce_perm(zfs_handle_t *zhp, zfs_allow_node_t *allownode,
1363     char *perm, char ld)
1364 {
1365 	zfs_perm_node_t pnode, *permnode, *permnode2;
1366 	zfs_perm_node_t *newnode;
1367 	avl_index_t where, where2;
1368 	avl_tree_t *tree, *altree;
1369 
1370 	(void) strlcpy(pnode.z_pname, perm, sizeof (pnode.z_pname));
1371 
1372 	if (ld == ZFS_DELEG_NA) {
1373 		tree =  &allownode->z_localdescend;
1374 		altree = &allownode->z_descend;
1375 	} else if (ld == ZFS_DELEG_LOCAL) {
1376 		tree = &allownode->z_local;
1377 		altree = &allownode->z_descend;
1378 	} else {
1379 		tree = &allownode->z_descend;
1380 		altree = &allownode->z_local;
1381 	}
1382 	permnode = avl_find(tree, &pnode, &where);
1383 	permnode2 = avl_find(altree, &pnode, &where2);
1384 
1385 	if (permnode2) {
1386 		avl_remove(altree, permnode2);
1387 		free(permnode2);
1388 		if (permnode == NULL) {
1389 			tree =  &allownode->z_localdescend;
1390 		}
1391 	}
1392 
1393 	/*
1394 	 * Now insert new permission in either requested location
1395 	 * local/descendent or into ld when perm will exist in both.
1396 	 */
1397 	if (permnode == NULL) {
1398 		if ((newnode = zfs_alloc(zhp->zfs_hdl,
1399 		    sizeof (zfs_perm_node_t))) == NULL) {
1400 			return (-1);
1401 		}
1402 		*newnode = pnode;
1403 		avl_add(tree, newnode);
1404 	}
1405 	return (0);
1406 }
1407 
1408 /*
1409  * Uggh, this is going to be a bit complicated.
1410  * we have an nvlist coming out of the kernel that
1411  * will indicate where the permission is set and then
1412  * it will contain allow of the various "who's", and what
1413  * their permissions are.  To further complicate this
1414  * we will then have to coalesce the local,descendent
1415  * and local+descendent permissions where appropriate.
1416  * The kernel only knows about a permission as being local
1417  * or descendent, but not both.
1418  *
1419  * In order to make this easier for zfs_main to deal with
1420  * a series of AVL trees will be used to maintain
1421  * all of this, primarily for sorting purposes as well
1422  * as the ability to quickly locate a specific entry.
1423  *
1424  * What we end up with are tree's for sets, create perms,
1425  * user, groups and everyone.  With each of those trees
1426  * we have subtrees for local, descendent and local+descendent
1427  * permissions.
1428  */
1429 int
1430 zfs_perm_get(zfs_handle_t *zhp, zfs_allow_t **zfs_perms)
1431 {
1432 	zfs_cmd_t zc = { 0 };
1433 	int error;
1434 	nvlist_t *nvlist;
1435 	nvlist_t *permnv, *sourcenv;
1436 	nvpair_t *who_pair, *source_pair;
1437 	nvpair_t *perm_pair;
1438 	char errbuf[1024];
1439 	zfs_allow_t *zallowp, *newallowp;
1440 	char  ld;
1441 	char *nvpname;
1442 	uid_t	uid;
1443 	gid_t	gid;
1444 	avl_tree_t *tree;
1445 	avl_index_t where;
1446 
1447 	(void) strlcpy(zc.zc_name, zhp->zfs_name, sizeof (zc.zc_name));
1448 
1449 	if (zcmd_alloc_dst_nvlist(zhp->zfs_hdl, &zc, 0) != 0)
1450 		return (-1);
1451 
1452 	while (ioctl(zhp->zfs_hdl->libzfs_fd, ZFS_IOC_GET_FSACL, &zc) != 0) {
1453 		if (errno == ENOMEM) {
1454 			if (zcmd_expand_dst_nvlist(zhp->zfs_hdl, &zc) != 0) {
1455 				zcmd_free_nvlists(&zc);
1456 				return (-1);
1457 			}
1458 		} else if (errno == ENOTSUP) {
1459 			zcmd_free_nvlists(&zc);
1460 			(void) snprintf(errbuf, sizeof (errbuf),
1461 			    gettext("Pool must be upgraded to use 'allow'"));
1462 			return (zfs_error(zhp->zfs_hdl,
1463 			    EZFS_BADVERSION, errbuf));
1464 		} else {
1465 			zcmd_free_nvlists(&zc);
1466 			return (-1);
1467 		}
1468 	}
1469 
1470 	if (zcmd_read_dst_nvlist(zhp->zfs_hdl, &zc, &nvlist) != 0) {
1471 		zcmd_free_nvlists(&zc);
1472 		return (-1);
1473 	}
1474 
1475 	zcmd_free_nvlists(&zc);
1476 
1477 	source_pair = nvlist_next_nvpair(nvlist, NULL);
1478 
1479 	if (source_pair == NULL) {
1480 		*zfs_perms = NULL;
1481 		return (0);
1482 	}
1483 
1484 	*zfs_perms = zfs_alloc_perm_tree(zhp, NULL, nvpair_name(source_pair));
1485 	if (*zfs_perms == NULL) {
1486 		return (0);
1487 	}
1488 
1489 	zallowp = *zfs_perms;
1490 
1491 	for (;;) {
1492 		struct passwd *pwd;
1493 		struct group *grp;
1494 		zfs_allow_node_t *allownode;
1495 		zfs_allow_node_t  findallownode;
1496 		zfs_allow_node_t *newallownode;
1497 
1498 		(void) strlcpy(zallowp->z_setpoint,
1499 		    nvpair_name(source_pair),
1500 		    sizeof (zallowp->z_setpoint));
1501 
1502 		if ((error = nvpair_value_nvlist(source_pair, &sourcenv)) != 0)
1503 			goto abort;
1504 
1505 		/*
1506 		 * Make sure nvlist is composed correctly
1507 		 */
1508 		if (zfs_deleg_verify_nvlist(sourcenv)) {
1509 			goto abort;
1510 		}
1511 
1512 		who_pair = nvlist_next_nvpair(sourcenv, NULL);
1513 		if (who_pair == NULL) {
1514 			goto abort;
1515 		}
1516 
1517 		do {
1518 			error = nvpair_value_nvlist(who_pair, &permnv);
1519 			if (error) {
1520 				goto abort;
1521 			}
1522 
1523 			/*
1524 			 * First build up the key to use
1525 			 * for looking up in the various
1526 			 * who trees.
1527 			 */
1528 			ld = nvpair_name(who_pair)[1];
1529 			nvpname = nvpair_name(who_pair);
1530 			switch (nvpair_name(who_pair)[0]) {
1531 			case ZFS_DELEG_USER:
1532 			case ZFS_DELEG_USER_SETS:
1533 				tree = &zallowp->z_user;
1534 				uid = atol(&nvpname[3]);
1535 				pwd = getpwuid(uid);
1536 				(void) snprintf(findallownode.z_key,
1537 				    sizeof (findallownode.z_key), "user %s",
1538 				    (pwd) ? pwd->pw_name :
1539 				    &nvpair_name(who_pair)[3]);
1540 				break;
1541 			case ZFS_DELEG_GROUP:
1542 			case ZFS_DELEG_GROUP_SETS:
1543 				tree = &zallowp->z_group;
1544 				gid = atol(&nvpname[3]);
1545 				grp = getgrgid(gid);
1546 				(void) snprintf(findallownode.z_key,
1547 				    sizeof (findallownode.z_key), "group %s",
1548 				    (grp) ? grp->gr_name :
1549 				    &nvpair_name(who_pair)[3]);
1550 				break;
1551 			case ZFS_DELEG_CREATE:
1552 			case ZFS_DELEG_CREATE_SETS:
1553 				tree = &zallowp->z_crperms;
1554 				(void) strlcpy(findallownode.z_key, "",
1555 				    sizeof (findallownode.z_key));
1556 				break;
1557 			case ZFS_DELEG_EVERYONE:
1558 			case ZFS_DELEG_EVERYONE_SETS:
1559 				(void) snprintf(findallownode.z_key,
1560 				    sizeof (findallownode.z_key), "everyone");
1561 				tree = &zallowp->z_everyone;
1562 				break;
1563 			case ZFS_DELEG_NAMED_SET:
1564 			case ZFS_DELEG_NAMED_SET_SETS:
1565 				(void) snprintf(findallownode.z_key,
1566 				    sizeof (findallownode.z_key), "%s",
1567 				    &nvpair_name(who_pair)[3]);
1568 				tree = &zallowp->z_sets;
1569 				break;
1570 			}
1571 
1572 			/*
1573 			 * Place who in tree
1574 			 */
1575 			allownode = avl_find(tree, &findallownode, &where);
1576 			if (allownode == NULL) {
1577 				if ((newallownode = zfs_alloc(zhp->zfs_hdl,
1578 				    sizeof (zfs_allow_node_t))) == NULL) {
1579 					goto abort;
1580 				}
1581 				avl_create(&newallownode->z_localdescend,
1582 				    perm_compare,
1583 				    sizeof (zfs_perm_node_t),
1584 				    offsetof(zfs_perm_node_t, z_node));
1585 				avl_create(&newallownode->z_local,
1586 				    perm_compare,
1587 				    sizeof (zfs_perm_node_t),
1588 				    offsetof(zfs_perm_node_t, z_node));
1589 				avl_create(&newallownode->z_descend,
1590 				    perm_compare,
1591 				    sizeof (zfs_perm_node_t),
1592 				    offsetof(zfs_perm_node_t, z_node));
1593 				(void) strlcpy(newallownode->z_key,
1594 				    findallownode.z_key,
1595 				    sizeof (findallownode.z_key));
1596 				avl_insert(tree, newallownode, where);
1597 				allownode = newallownode;
1598 			}
1599 
1600 			/*
1601 			 * Now iterate over the permissions and
1602 			 * place them in the appropriate local,
1603 			 * descendent or local+descendent tree.
1604 			 *
1605 			 * The permissions are added to the tree
1606 			 * via zfs_coalesce_perm().
1607 			 */
1608 			perm_pair = nvlist_next_nvpair(permnv, NULL);
1609 			if (perm_pair == NULL)
1610 				goto abort;
1611 			do {
1612 				if (zfs_coalesce_perm(zhp, allownode,
1613 				    nvpair_name(perm_pair), ld) != 0)
1614 					goto abort;
1615 			} while (perm_pair = nvlist_next_nvpair(permnv,
1616 			    perm_pair));
1617 		} while (who_pair = nvlist_next_nvpair(sourcenv, who_pair));
1618 
1619 		source_pair = nvlist_next_nvpair(nvlist, source_pair);
1620 		if (source_pair == NULL)
1621 			break;
1622 
1623 		/*
1624 		 * allocate another node from the link list of
1625 		 * zfs_allow_t structures
1626 		 */
1627 		newallowp = zfs_alloc_perm_tree(zhp, zallowp,
1628 		    nvpair_name(source_pair));
1629 		if (newallowp == NULL) {
1630 			goto abort;
1631 		}
1632 		zallowp = newallowp;
1633 	}
1634 	nvlist_free(nvlist);
1635 	return (0);
1636 abort:
1637 	zfs_free_allows(*zfs_perms);
1638 	nvlist_free(nvlist);
1639 	return (-1);
1640 }
1641 
1642 static char *
1643 zfs_deleg_perm_note(zfs_deleg_note_t note)
1644 {
1645 	/*
1646 	 * Don't put newlines on end of lines
1647 	 */
1648 	switch (note) {
1649 	case ZFS_DELEG_NOTE_CREATE:
1650 		return (dgettext(TEXT_DOMAIN,
1651 		    "Must also have the 'mount' ability"));
1652 	case ZFS_DELEG_NOTE_DESTROY:
1653 		return (dgettext(TEXT_DOMAIN,
1654 		    "Must also have the 'mount' ability"));
1655 	case ZFS_DELEG_NOTE_SNAPSHOT:
1656 		return (dgettext(TEXT_DOMAIN,
1657 		    "Must also have the 'mount' ability"));
1658 	case ZFS_DELEG_NOTE_ROLLBACK:
1659 		return (dgettext(TEXT_DOMAIN,
1660 		    "Must also have the 'mount' ability"));
1661 	case ZFS_DELEG_NOTE_CLONE:
1662 		return (dgettext(TEXT_DOMAIN, "Must also have the 'create' "
1663 		    "ability and 'mount'\n"
1664 		    "\t\t\t\tability in the origin file system"));
1665 	case ZFS_DELEG_NOTE_PROMOTE:
1666 		return (dgettext(TEXT_DOMAIN, "Must also have the 'mount'\n"
1667 		    "\t\t\t\tand 'promote' ability in the origin file system"));
1668 	case ZFS_DELEG_NOTE_RENAME:
1669 		return (dgettext(TEXT_DOMAIN, "Must also have the 'mount' "
1670 		    "and 'create' \n\t\t\t\tability in the new parent"));
1671 	case ZFS_DELEG_NOTE_RECEIVE:
1672 		return (dgettext(TEXT_DOMAIN, "Must also have the 'mount'"
1673 		    " and 'create' ability"));
1674 	case ZFS_DELEG_NOTE_USERPROP:
1675 		return (dgettext(TEXT_DOMAIN,
1676 		    "Allows changing any user property"));
1677 	case ZFS_DELEG_NOTE_ALLOW:
1678 		return (dgettext(TEXT_DOMAIN,
1679 		    "Must also have the permission that is being\n"
1680 		    "\t\t\t\tallowed"));
1681 	case ZFS_DELEG_NOTE_MOUNT:
1682 		return (dgettext(TEXT_DOMAIN,
1683 		    "Allows mount/umount of ZFS datasets"));
1684 	case ZFS_DELEG_NOTE_SHARE:
1685 		return (dgettext(TEXT_DOMAIN,
1686 		    "Allows sharing file systems over NFS or SMB\n"
1687 		    "\t\t\t\tprotocols"));
1688 	case ZFS_DELEG_NOTE_NONE:
1689 	default:
1690 		return (dgettext(TEXT_DOMAIN, ""));
1691 	}
1692 }
1693 
1694 typedef enum {
1695 	ZFS_DELEG_SUBCOMMAND,
1696 	ZFS_DELEG_PROP,
1697 	ZFS_DELEG_OTHER
1698 } zfs_deleg_perm_type_t;
1699 
1700 /*
1701  * is the permission a subcommand or other?
1702  */
1703 zfs_deleg_perm_type_t
1704 zfs_deleg_perm_type(const char *perm)
1705 {
1706 	if (strcmp(perm, "userprop") == 0)
1707 		return (ZFS_DELEG_OTHER);
1708 	else
1709 		return (ZFS_DELEG_SUBCOMMAND);
1710 }
1711 
1712 static char *
1713 zfs_deleg_perm_type_str(zfs_deleg_perm_type_t type)
1714 {
1715 	switch (type) {
1716 	case ZFS_DELEG_SUBCOMMAND:
1717 		return (dgettext(TEXT_DOMAIN, "subcommand"));
1718 	case ZFS_DELEG_PROP:
1719 		return (dgettext(TEXT_DOMAIN, "property"));
1720 	case ZFS_DELEG_OTHER:
1721 		return (dgettext(TEXT_DOMAIN, "other"));
1722 	}
1723 	return ("");
1724 }
1725 
1726 /*ARGSUSED*/
1727 static int
1728 zfs_deleg_prop_cb(int prop, void *cb)
1729 {
1730 	if (zfs_prop_delegatable(prop))
1731 		(void) fprintf(stderr, "%-15s %-15s\n", zfs_prop_to_name(prop),
1732 		    zfs_deleg_perm_type_str(ZFS_DELEG_PROP));
1733 
1734 	return (ZPROP_CONT);
1735 }
1736 
1737 void
1738 zfs_deleg_permissions(void)
1739 {
1740 	int i;
1741 
1742 	(void) fprintf(stderr, "\n%-15s %-15s\t%s\n\n", "NAME",
1743 	    "TYPE", "NOTES");
1744 
1745 	/*
1746 	 * First print out the subcommands
1747 	 */
1748 	for (i = 0; zfs_deleg_perm_tab[i].z_perm != NULL; i++) {
1749 		(void) fprintf(stderr, "%-15s %-15s\t%s\n",
1750 		    zfs_deleg_perm_tab[i].z_perm,
1751 		    zfs_deleg_perm_type_str(
1752 		    zfs_deleg_perm_type(zfs_deleg_perm_tab[i].z_perm)),
1753 		    zfs_deleg_perm_note(zfs_deleg_perm_tab[i].z_note));
1754 	}
1755 
1756 	(void) zprop_iter(zfs_deleg_prop_cb, NULL, B_FALSE, B_TRUE,
1757 	    ZFS_TYPE_DATASET|ZFS_TYPE_VOLUME);
1758 }
1759 
1760 /*
1761  * Given a property name and value, set the property for the given dataset.
1762  */
1763 int
1764 zfs_prop_set(zfs_handle_t *zhp, const char *propname, const char *propval)
1765 {
1766 	zfs_cmd_t zc = { 0 };
1767 	int ret = -1;
1768 	prop_changelist_t *cl = NULL;
1769 	char errbuf[1024];
1770 	libzfs_handle_t *hdl = zhp->zfs_hdl;
1771 	nvlist_t *nvl = NULL, *realprops;
1772 	zfs_prop_t prop;
1773 	int do_prefix = 1;
1774 
1775 	(void) snprintf(errbuf, sizeof (errbuf),
1776 	    dgettext(TEXT_DOMAIN, "cannot set property for '%s'"),
1777 	    zhp->zfs_name);
1778 
1779 	if (nvlist_alloc(&nvl, NV_UNIQUE_NAME, 0) != 0 ||
1780 	    nvlist_add_string(nvl, propname, propval) != 0) {
1781 		(void) no_memory(hdl);
1782 		goto error;
1783 	}
1784 
1785 	if ((realprops = zfs_valid_proplist(hdl, zhp->zfs_type, nvl,
1786 	    zfs_prop_get_int(zhp, ZFS_PROP_ZONED), zhp, errbuf)) == NULL)
1787 		goto error;
1788 
1789 	nvlist_free(nvl);
1790 	nvl = realprops;
1791 
1792 	prop = zfs_name_to_prop(propname);
1793 
1794 	if ((cl = changelist_gather(zhp, prop, 0)) == NULL)
1795 		goto error;
1796 
1797 	if (prop == ZFS_PROP_MOUNTPOINT && changelist_haszonedchild(cl)) {
1798 		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1799 		    "child dataset with inherited mountpoint is used "
1800 		    "in a non-global zone"));
1801 		ret = zfs_error(hdl, EZFS_ZONED, errbuf);
1802 		goto error;
1803 	}
1804 
1805 
1806 	/* do not unmount dataset if canmount is being set to noauto */
1807 	if (prop == ZFS_PROP_CANMOUNT && *propval == ZFS_CANMOUNT_NOAUTO)
1808 		do_prefix = 0;
1809 
1810 	if (do_prefix && (ret = changelist_prefix(cl)) != 0)
1811 			goto error;
1812 
1813 	/*
1814 	 * Execute the corresponding ioctl() to set this property.
1815 	 */
1816 	(void) strlcpy(zc.zc_name, zhp->zfs_name, sizeof (zc.zc_name));
1817 
1818 	if (zcmd_write_src_nvlist(hdl, &zc, nvl) != 0)
1819 		goto error;
1820 
1821 	ret = zfs_ioctl(hdl, ZFS_IOC_SET_PROP, &zc);
1822 	if (ret != 0) {
1823 		switch (errno) {
1824 
1825 		case ENOSPC:
1826 			/*
1827 			 * For quotas and reservations, ENOSPC indicates
1828 			 * something different; setting a quota or reservation
1829 			 * doesn't use any disk space.
1830 			 */
1831 			switch (prop) {
1832 			case ZFS_PROP_QUOTA:
1833 			case ZFS_PROP_REFQUOTA:
1834 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1835 				    "size is less than current used or "
1836 				    "reserved space"));
1837 				(void) zfs_error(hdl, EZFS_PROPSPACE, errbuf);
1838 				break;
1839 
1840 			case ZFS_PROP_RESERVATION:
1841 			case ZFS_PROP_REFRESERVATION:
1842 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1843 				    "size is greater than available space"));
1844 				(void) zfs_error(hdl, EZFS_PROPSPACE, errbuf);
1845 				break;
1846 
1847 			default:
1848 				(void) zfs_standard_error(hdl, errno, errbuf);
1849 				break;
1850 			}
1851 			break;
1852 
1853 		case EBUSY:
1854 			if (prop == ZFS_PROP_VOLBLOCKSIZE)
1855 				(void) zfs_error(hdl, EZFS_VOLHASDATA, errbuf);
1856 			else
1857 				(void) zfs_standard_error(hdl, EBUSY, errbuf);
1858 			break;
1859 
1860 		case EROFS:
1861 			(void) zfs_error(hdl, EZFS_DSREADONLY, errbuf);
1862 			break;
1863 
1864 		case ENOTSUP:
1865 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1866 			    "pool and or dataset must be upgraded to set this "
1867 			    "property or value"));
1868 			(void) zfs_error(hdl, EZFS_BADVERSION, errbuf);
1869 			break;
1870 
1871 		case ERANGE:
1872 			if (prop == ZFS_PROP_COMPRESSION) {
1873 				(void) zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1874 				    "property setting is not allowed on "
1875 				    "bootable datasets"));
1876 				(void) zfs_error(hdl, EZFS_NOTSUP, errbuf);
1877 			} else {
1878 				(void) zfs_standard_error(hdl, errno, errbuf);
1879 			}
1880 			break;
1881 
1882 		case EOVERFLOW:
1883 			/*
1884 			 * This platform can't address a volume this big.
1885 			 */
1886 #ifdef _ILP32
1887 			if (prop == ZFS_PROP_VOLSIZE) {
1888 				(void) zfs_error(hdl, EZFS_VOLTOOBIG, errbuf);
1889 				break;
1890 			}
1891 #endif
1892 			/* FALLTHROUGH */
1893 		default:
1894 			(void) zfs_standard_error(hdl, errno, errbuf);
1895 		}
1896 	} else {
1897 		if (do_prefix)
1898 			ret = changelist_postfix(cl);
1899 
1900 		/*
1901 		 * Refresh the statistics so the new property value
1902 		 * is reflected.
1903 		 */
1904 		if (ret == 0)
1905 			(void) get_stats(zhp);
1906 	}
1907 
1908 error:
1909 	nvlist_free(nvl);
1910 	zcmd_free_nvlists(&zc);
1911 	if (cl)
1912 		changelist_free(cl);
1913 	return (ret);
1914 }
1915 
1916 /*
1917  * Given a property, inherit the value from the parent dataset.
1918  */
1919 int
1920 zfs_prop_inherit(zfs_handle_t *zhp, const char *propname)
1921 {
1922 	zfs_cmd_t zc = { 0 };
1923 	int ret;
1924 	prop_changelist_t *cl;
1925 	libzfs_handle_t *hdl = zhp->zfs_hdl;
1926 	char errbuf[1024];
1927 	zfs_prop_t prop;
1928 
1929 	(void) snprintf(errbuf, sizeof (errbuf), dgettext(TEXT_DOMAIN,
1930 	    "cannot inherit %s for '%s'"), propname, zhp->zfs_name);
1931 
1932 	if ((prop = zfs_name_to_prop(propname)) == ZPROP_INVAL) {
1933 		/*
1934 		 * For user properties, the amount of work we have to do is very
1935 		 * small, so just do it here.
1936 		 */
1937 		if (!zfs_prop_user(propname)) {
1938 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1939 			    "invalid property"));
1940 			return (zfs_error(hdl, EZFS_BADPROP, errbuf));
1941 		}
1942 
1943 		(void) strlcpy(zc.zc_name, zhp->zfs_name, sizeof (zc.zc_name));
1944 		(void) strlcpy(zc.zc_value, propname, sizeof (zc.zc_value));
1945 
1946 		if (zfs_ioctl(zhp->zfs_hdl, ZFS_IOC_INHERIT_PROP, &zc) != 0)
1947 			return (zfs_standard_error(hdl, errno, errbuf));
1948 
1949 		return (0);
1950 	}
1951 
1952 	/*
1953 	 * Verify that this property is inheritable.
1954 	 */
1955 	if (zfs_prop_readonly(prop))
1956 		return (zfs_error(hdl, EZFS_PROPREADONLY, errbuf));
1957 
1958 	if (!zfs_prop_inheritable(prop))
1959 		return (zfs_error(hdl, EZFS_PROPNONINHERIT, errbuf));
1960 
1961 	/*
1962 	 * Check to see if the value applies to this type
1963 	 */
1964 	if (!zfs_prop_valid_for_type(prop, zhp->zfs_type))
1965 		return (zfs_error(hdl, EZFS_PROPTYPE, errbuf));
1966 
1967 	/*
1968 	 * Normalize the name, to get rid of shorthand abbrevations.
1969 	 */
1970 	propname = zfs_prop_to_name(prop);
1971 	(void) strlcpy(zc.zc_name, zhp->zfs_name, sizeof (zc.zc_name));
1972 	(void) strlcpy(zc.zc_value, propname, sizeof (zc.zc_value));
1973 
1974 	if (prop == ZFS_PROP_MOUNTPOINT && getzoneid() == GLOBAL_ZONEID &&
1975 	    zfs_prop_get_int(zhp, ZFS_PROP_ZONED)) {
1976 		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1977 		    "dataset is used in a non-global zone"));
1978 		return (zfs_error(hdl, EZFS_ZONED, errbuf));
1979 	}
1980 
1981 	/*
1982 	 * Determine datasets which will be affected by this change, if any.
1983 	 */
1984 	if ((cl = changelist_gather(zhp, prop, 0)) == NULL)
1985 		return (-1);
1986 
1987 	if (prop == ZFS_PROP_MOUNTPOINT && changelist_haszonedchild(cl)) {
1988 		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1989 		    "child dataset with inherited mountpoint is used "
1990 		    "in a non-global zone"));
1991 		ret = zfs_error(hdl, EZFS_ZONED, errbuf);
1992 		goto error;
1993 	}
1994 
1995 	if ((ret = changelist_prefix(cl)) != 0)
1996 		goto error;
1997 
1998 	if ((ret = zfs_ioctl(zhp->zfs_hdl, ZFS_IOC_INHERIT_PROP, &zc)) != 0) {
1999 		return (zfs_standard_error(hdl, errno, errbuf));
2000 	} else {
2001 
2002 		if ((ret = changelist_postfix(cl)) != 0)
2003 			goto error;
2004 
2005 		/*
2006 		 * Refresh the statistics so the new property is reflected.
2007 		 */
2008 		(void) get_stats(zhp);
2009 	}
2010 
2011 error:
2012 	changelist_free(cl);
2013 	return (ret);
2014 }
2015 
2016 /*
2017  * True DSL properties are stored in an nvlist.  The following two functions
2018  * extract them appropriately.
2019  */
2020 static uint64_t
2021 getprop_uint64(zfs_handle_t *zhp, zfs_prop_t prop, char **source)
2022 {
2023 	nvlist_t *nv;
2024 	uint64_t value;
2025 
2026 	*source = NULL;
2027 	if (nvlist_lookup_nvlist(zhp->zfs_props,
2028 	    zfs_prop_to_name(prop), &nv) == 0) {
2029 		verify(nvlist_lookup_uint64(nv, ZPROP_VALUE, &value) == 0);
2030 		(void) nvlist_lookup_string(nv, ZPROP_SOURCE, source);
2031 	} else {
2032 		value = zfs_prop_default_numeric(prop);
2033 		*source = "";
2034 	}
2035 
2036 	return (value);
2037 }
2038 
2039 static char *
2040 getprop_string(zfs_handle_t *zhp, zfs_prop_t prop, char **source)
2041 {
2042 	nvlist_t *nv;
2043 	char *value;
2044 
2045 	*source = NULL;
2046 	if (nvlist_lookup_nvlist(zhp->zfs_props,
2047 	    zfs_prop_to_name(prop), &nv) == 0) {
2048 		verify(nvlist_lookup_string(nv, ZPROP_VALUE, &value) == 0);
2049 		(void) nvlist_lookup_string(nv, ZPROP_SOURCE, source);
2050 	} else {
2051 		if ((value = (char *)zfs_prop_default_string(prop)) == NULL)
2052 			value = "";
2053 		*source = "";
2054 	}
2055 
2056 	return (value);
2057 }
2058 
2059 /*
2060  * Internal function for getting a numeric property.  Both zfs_prop_get() and
2061  * zfs_prop_get_int() are built using this interface.
2062  *
2063  * Certain properties can be overridden using 'mount -o'.  In this case, scan
2064  * the contents of the /etc/mnttab entry, searching for the appropriate options.
2065  * If they differ from the on-disk values, report the current values and mark
2066  * the source "temporary".
2067  */
2068 static int
2069 get_numeric_property(zfs_handle_t *zhp, zfs_prop_t prop, zprop_source_t *src,
2070     char **source, uint64_t *val)
2071 {
2072 	zfs_cmd_t zc = { 0 };
2073 	nvlist_t *zplprops = NULL;
2074 	struct mnttab mnt;
2075 	char *mntopt_on = NULL;
2076 	char *mntopt_off = NULL;
2077 
2078 	*source = NULL;
2079 
2080 	switch (prop) {
2081 	case ZFS_PROP_ATIME:
2082 		mntopt_on = MNTOPT_ATIME;
2083 		mntopt_off = MNTOPT_NOATIME;
2084 		break;
2085 
2086 	case ZFS_PROP_DEVICES:
2087 		mntopt_on = MNTOPT_DEVICES;
2088 		mntopt_off = MNTOPT_NODEVICES;
2089 		break;
2090 
2091 	case ZFS_PROP_EXEC:
2092 		mntopt_on = MNTOPT_EXEC;
2093 		mntopt_off = MNTOPT_NOEXEC;
2094 		break;
2095 
2096 	case ZFS_PROP_READONLY:
2097 		mntopt_on = MNTOPT_RO;
2098 		mntopt_off = MNTOPT_RW;
2099 		break;
2100 
2101 	case ZFS_PROP_SETUID:
2102 		mntopt_on = MNTOPT_SETUID;
2103 		mntopt_off = MNTOPT_NOSETUID;
2104 		break;
2105 
2106 	case ZFS_PROP_XATTR:
2107 		mntopt_on = MNTOPT_XATTR;
2108 		mntopt_off = MNTOPT_NOXATTR;
2109 		break;
2110 
2111 	case ZFS_PROP_NBMAND:
2112 		mntopt_on = MNTOPT_NBMAND;
2113 		mntopt_off = MNTOPT_NONBMAND;
2114 		break;
2115 	}
2116 
2117 	/*
2118 	 * Because looking up the mount options is potentially expensive
2119 	 * (iterating over all of /etc/mnttab), we defer its calculation until
2120 	 * we're looking up a property which requires its presence.
2121 	 */
2122 	if (!zhp->zfs_mntcheck &&
2123 	    (mntopt_on != NULL || prop == ZFS_PROP_MOUNTED)) {
2124 		struct mnttab entry, search = { 0 };
2125 		FILE *mnttab = zhp->zfs_hdl->libzfs_mnttab;
2126 
2127 		search.mnt_special = (char *)zhp->zfs_name;
2128 		search.mnt_fstype = MNTTYPE_ZFS;
2129 		rewind(mnttab);
2130 
2131 		if (getmntany(mnttab, &entry, &search) == 0) {
2132 			zhp->zfs_mntopts = zfs_strdup(zhp->zfs_hdl,
2133 			    entry.mnt_mntopts);
2134 			if (zhp->zfs_mntopts == NULL)
2135 				return (-1);
2136 		}
2137 
2138 		zhp->zfs_mntcheck = B_TRUE;
2139 	}
2140 
2141 	if (zhp->zfs_mntopts == NULL)
2142 		mnt.mnt_mntopts = "";
2143 	else
2144 		mnt.mnt_mntopts = zhp->zfs_mntopts;
2145 
2146 	switch (prop) {
2147 	case ZFS_PROP_ATIME:
2148 	case ZFS_PROP_DEVICES:
2149 	case ZFS_PROP_EXEC:
2150 	case ZFS_PROP_READONLY:
2151 	case ZFS_PROP_SETUID:
2152 	case ZFS_PROP_XATTR:
2153 	case ZFS_PROP_NBMAND:
2154 		*val = getprop_uint64(zhp, prop, source);
2155 
2156 		if (hasmntopt(&mnt, mntopt_on) && !*val) {
2157 			*val = B_TRUE;
2158 			if (src)
2159 				*src = ZPROP_SRC_TEMPORARY;
2160 		} else if (hasmntopt(&mnt, mntopt_off) && *val) {
2161 			*val = B_FALSE;
2162 			if (src)
2163 				*src = ZPROP_SRC_TEMPORARY;
2164 		}
2165 		break;
2166 
2167 	case ZFS_PROP_CANMOUNT:
2168 		*val = getprop_uint64(zhp, prop, source);
2169 		if (*val != ZFS_CANMOUNT_ON)
2170 			*source = zhp->zfs_name;
2171 		else
2172 			*source = "";	/* default */
2173 		break;
2174 
2175 	case ZFS_PROP_QUOTA:
2176 	case ZFS_PROP_REFQUOTA:
2177 	case ZFS_PROP_RESERVATION:
2178 	case ZFS_PROP_REFRESERVATION:
2179 		*val = getprop_uint64(zhp, prop, source);
2180 		if (*val == 0)
2181 			*source = "";	/* default */
2182 		else
2183 			*source = zhp->zfs_name;
2184 		break;
2185 
2186 	case ZFS_PROP_MOUNTED:
2187 		*val = (zhp->zfs_mntopts != NULL);
2188 		break;
2189 
2190 	case ZFS_PROP_NUMCLONES:
2191 		*val = zhp->zfs_dmustats.dds_num_clones;
2192 		break;
2193 
2194 	case ZFS_PROP_VERSION:
2195 	case ZFS_PROP_NORMALIZE:
2196 	case ZFS_PROP_UTF8ONLY:
2197 	case ZFS_PROP_CASE:
2198 		if (!zfs_prop_valid_for_type(prop, zhp->zfs_head_type) ||
2199 		    zcmd_alloc_dst_nvlist(zhp->zfs_hdl, &zc, 0) != 0)
2200 			return (-1);
2201 		(void) strlcpy(zc.zc_name, zhp->zfs_name, sizeof (zc.zc_name));
2202 		if (zfs_ioctl(zhp->zfs_hdl, ZFS_IOC_OBJSET_ZPLPROPS, &zc)) {
2203 			zcmd_free_nvlists(&zc);
2204 			zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
2205 			    "unable to get %s property"),
2206 			    zfs_prop_to_name(prop));
2207 			return (zfs_error(zhp->zfs_hdl, EZFS_BADVERSION,
2208 			    dgettext(TEXT_DOMAIN, "internal error")));
2209 		}
2210 		if (zcmd_read_dst_nvlist(zhp->zfs_hdl, &zc, &zplprops) != 0 ||
2211 		    nvlist_lookup_uint64(zplprops, zfs_prop_to_name(prop),
2212 		    val) != 0) {
2213 			zcmd_free_nvlists(&zc);
2214 			zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
2215 			    "unable to get %s property"),
2216 			    zfs_prop_to_name(prop));
2217 			return (zfs_error(zhp->zfs_hdl, EZFS_NOMEM,
2218 			    dgettext(TEXT_DOMAIN, "internal error")));
2219 		}
2220 		if (zplprops)
2221 			nvlist_free(zplprops);
2222 		zcmd_free_nvlists(&zc);
2223 		break;
2224 
2225 	default:
2226 		switch (zfs_prop_get_type(prop)) {
2227 		case PROP_TYPE_NUMBER:
2228 		case PROP_TYPE_INDEX:
2229 			*val = getprop_uint64(zhp, prop, source);
2230 			break;
2231 
2232 		case PROP_TYPE_STRING:
2233 		default:
2234 			zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
2235 			    "cannot get non-numeric property"));
2236 			return (zfs_error(zhp->zfs_hdl, EZFS_BADPROP,
2237 			    dgettext(TEXT_DOMAIN, "internal error")));
2238 		}
2239 	}
2240 
2241 	return (0);
2242 }
2243 
2244 /*
2245  * Calculate the source type, given the raw source string.
2246  */
2247 static void
2248 get_source(zfs_handle_t *zhp, zprop_source_t *srctype, char *source,
2249     char *statbuf, size_t statlen)
2250 {
2251 	if (statbuf == NULL || *srctype == ZPROP_SRC_TEMPORARY)
2252 		return;
2253 
2254 	if (source == NULL) {
2255 		*srctype = ZPROP_SRC_NONE;
2256 	} else if (source[0] == '\0') {
2257 		*srctype = ZPROP_SRC_DEFAULT;
2258 	} else {
2259 		if (strcmp(source, zhp->zfs_name) == 0) {
2260 			*srctype = ZPROP_SRC_LOCAL;
2261 		} else {
2262 			(void) strlcpy(statbuf, source, statlen);
2263 			*srctype = ZPROP_SRC_INHERITED;
2264 		}
2265 	}
2266 
2267 }
2268 
2269 /*
2270  * Retrieve a property from the given object.  If 'literal' is specified, then
2271  * numbers are left as exact values.  Otherwise, numbers are converted to a
2272  * human-readable form.
2273  *
2274  * Returns 0 on success, or -1 on error.
2275  */
2276 int
2277 zfs_prop_get(zfs_handle_t *zhp, zfs_prop_t prop, char *propbuf, size_t proplen,
2278     zprop_source_t *src, char *statbuf, size_t statlen, boolean_t literal)
2279 {
2280 	char *source = NULL;
2281 	uint64_t val;
2282 	char *str;
2283 	const char *strval;
2284 
2285 	/*
2286 	 * Check to see if this property applies to our object
2287 	 */
2288 	if (!zfs_prop_valid_for_type(prop, zhp->zfs_type))
2289 		return (-1);
2290 
2291 	if (src)
2292 		*src = ZPROP_SRC_NONE;
2293 
2294 	switch (prop) {
2295 	case ZFS_PROP_CREATION:
2296 		/*
2297 		 * 'creation' is a time_t stored in the statistics.  We convert
2298 		 * this into a string unless 'literal' is specified.
2299 		 */
2300 		{
2301 			val = getprop_uint64(zhp, prop, &source);
2302 			time_t time = (time_t)val;
2303 			struct tm t;
2304 
2305 			if (literal ||
2306 			    localtime_r(&time, &t) == NULL ||
2307 			    strftime(propbuf, proplen, "%a %b %e %k:%M %Y",
2308 			    &t) == 0)
2309 				(void) snprintf(propbuf, proplen, "%llu", val);
2310 		}
2311 		break;
2312 
2313 	case ZFS_PROP_MOUNTPOINT:
2314 		/*
2315 		 * Getting the precise mountpoint can be tricky.
2316 		 *
2317 		 *  - for 'none' or 'legacy', return those values.
2318 		 *  - for inherited mountpoints, we want to take everything
2319 		 *    after our ancestor and append it to the inherited value.
2320 		 *
2321 		 * If the pool has an alternate root, we want to prepend that
2322 		 * root to any values we return.
2323 		 */
2324 
2325 		str = getprop_string(zhp, prop, &source);
2326 
2327 		if (str[0] == '/') {
2328 			char buf[MAXPATHLEN];
2329 			char *root = buf;
2330 			const char *relpath = zhp->zfs_name + strlen(source);
2331 
2332 			if (relpath[0] == '/')
2333 				relpath++;
2334 
2335 			if ((zpool_get_prop(zhp->zpool_hdl,
2336 			    ZPOOL_PROP_ALTROOT, buf, MAXPATHLEN, NULL)) ||
2337 			    (strcmp(root, "-") == 0))
2338 				root[0] = '\0';
2339 			/*
2340 			 * Special case an alternate root of '/'. This will
2341 			 * avoid having multiple leading slashes in the
2342 			 * mountpoint path.
2343 			 */
2344 			if (strcmp(root, "/") == 0)
2345 				root++;
2346 
2347 			/*
2348 			 * If the mountpoint is '/' then skip over this
2349 			 * if we are obtaining either an alternate root or
2350 			 * an inherited mountpoint.
2351 			 */
2352 			if (str[1] == '\0' && (root[0] != '\0' ||
2353 			    relpath[0] != '\0'))
2354 				str++;
2355 
2356 			if (relpath[0] == '\0')
2357 				(void) snprintf(propbuf, proplen, "%s%s",
2358 				    root, str);
2359 			else
2360 				(void) snprintf(propbuf, proplen, "%s%s%s%s",
2361 				    root, str, relpath[0] == '@' ? "" : "/",
2362 				    relpath);
2363 		} else {
2364 			/* 'legacy' or 'none' */
2365 			(void) strlcpy(propbuf, str, proplen);
2366 		}
2367 
2368 		break;
2369 
2370 	case ZFS_PROP_ORIGIN:
2371 		(void) strlcpy(propbuf, getprop_string(zhp, prop, &source),
2372 		    proplen);
2373 		/*
2374 		 * If there is no parent at all, return failure to indicate that
2375 		 * it doesn't apply to this dataset.
2376 		 */
2377 		if (propbuf[0] == '\0')
2378 			return (-1);
2379 		break;
2380 
2381 	case ZFS_PROP_QUOTA:
2382 	case ZFS_PROP_REFQUOTA:
2383 	case ZFS_PROP_RESERVATION:
2384 	case ZFS_PROP_REFRESERVATION:
2385 
2386 		if (get_numeric_property(zhp, prop, src, &source, &val) != 0)
2387 			return (-1);
2388 
2389 		/*
2390 		 * If quota or reservation is 0, we translate this into 'none'
2391 		 * (unless literal is set), and indicate that it's the default
2392 		 * value.  Otherwise, we print the number nicely and indicate
2393 		 * that its set locally.
2394 		 */
2395 		if (val == 0) {
2396 			if (literal)
2397 				(void) strlcpy(propbuf, "0", proplen);
2398 			else
2399 				(void) strlcpy(propbuf, "none", proplen);
2400 		} else {
2401 			if (literal)
2402 				(void) snprintf(propbuf, proplen, "%llu",
2403 				    (u_longlong_t)val);
2404 			else
2405 				zfs_nicenum(val, propbuf, proplen);
2406 		}
2407 		break;
2408 
2409 	case ZFS_PROP_COMPRESSRATIO:
2410 		if (get_numeric_property(zhp, prop, src, &source, &val) != 0)
2411 			return (-1);
2412 		(void) snprintf(propbuf, proplen, "%lld.%02lldx", (longlong_t)
2413 		    val / 100, (longlong_t)val % 100);
2414 		break;
2415 
2416 	case ZFS_PROP_TYPE:
2417 		switch (zhp->zfs_type) {
2418 		case ZFS_TYPE_FILESYSTEM:
2419 			str = "filesystem";
2420 			break;
2421 		case ZFS_TYPE_VOLUME:
2422 			str = "volume";
2423 			break;
2424 		case ZFS_TYPE_SNAPSHOT:
2425 			str = "snapshot";
2426 			break;
2427 		default:
2428 			abort();
2429 		}
2430 		(void) snprintf(propbuf, proplen, "%s", str);
2431 		break;
2432 
2433 	case ZFS_PROP_MOUNTED:
2434 		/*
2435 		 * The 'mounted' property is a pseudo-property that described
2436 		 * whether the filesystem is currently mounted.  Even though
2437 		 * it's a boolean value, the typical values of "on" and "off"
2438 		 * don't make sense, so we translate to "yes" and "no".
2439 		 */
2440 		if (get_numeric_property(zhp, ZFS_PROP_MOUNTED,
2441 		    src, &source, &val) != 0)
2442 			return (-1);
2443 		if (val)
2444 			(void) strlcpy(propbuf, "yes", proplen);
2445 		else
2446 			(void) strlcpy(propbuf, "no", proplen);
2447 		break;
2448 
2449 	case ZFS_PROP_NAME:
2450 		/*
2451 		 * The 'name' property is a pseudo-property derived from the
2452 		 * dataset name.  It is presented as a real property to simplify
2453 		 * consumers.
2454 		 */
2455 		(void) strlcpy(propbuf, zhp->zfs_name, proplen);
2456 		break;
2457 
2458 	default:
2459 		switch (zfs_prop_get_type(prop)) {
2460 		case PROP_TYPE_NUMBER:
2461 			if (get_numeric_property(zhp, prop, src,
2462 			    &source, &val) != 0)
2463 				return (-1);
2464 			if (literal)
2465 				(void) snprintf(propbuf, proplen, "%llu",
2466 				    (u_longlong_t)val);
2467 			else
2468 				zfs_nicenum(val, propbuf, proplen);
2469 			break;
2470 
2471 		case PROP_TYPE_STRING:
2472 			(void) strlcpy(propbuf,
2473 			    getprop_string(zhp, prop, &source), proplen);
2474 			break;
2475 
2476 		case PROP_TYPE_INDEX:
2477 			if (get_numeric_property(zhp, prop, src,
2478 			    &source, &val) != 0)
2479 				return (-1);
2480 			if (zfs_prop_index_to_string(prop, val, &strval) != 0)
2481 				return (-1);
2482 			(void) strlcpy(propbuf, strval, proplen);
2483 			break;
2484 
2485 		default:
2486 			abort();
2487 		}
2488 	}
2489 
2490 	get_source(zhp, src, source, statbuf, statlen);
2491 
2492 	return (0);
2493 }
2494 
2495 /*
2496  * Utility function to get the given numeric property.  Does no validation that
2497  * the given property is the appropriate type; should only be used with
2498  * hard-coded property types.
2499  */
2500 uint64_t
2501 zfs_prop_get_int(zfs_handle_t *zhp, zfs_prop_t prop)
2502 {
2503 	char *source;
2504 	uint64_t val;
2505 
2506 	(void) get_numeric_property(zhp, prop, NULL, &source, &val);
2507 
2508 	return (val);
2509 }
2510 
2511 int
2512 zfs_prop_set_int(zfs_handle_t *zhp, zfs_prop_t prop, uint64_t val)
2513 {
2514 	char buf[64];
2515 
2516 	zfs_nicenum(val, buf, sizeof (buf));
2517 	return (zfs_prop_set(zhp, zfs_prop_to_name(prop), buf));
2518 }
2519 
2520 /*
2521  * Similar to zfs_prop_get(), but returns the value as an integer.
2522  */
2523 int
2524 zfs_prop_get_numeric(zfs_handle_t *zhp, zfs_prop_t prop, uint64_t *value,
2525     zprop_source_t *src, char *statbuf, size_t statlen)
2526 {
2527 	char *source;
2528 
2529 	/*
2530 	 * Check to see if this property applies to our object
2531 	 */
2532 	if (!zfs_prop_valid_for_type(prop, zhp->zfs_type)) {
2533 		return (zfs_error_fmt(zhp->zfs_hdl, EZFS_PROPTYPE,
2534 		    dgettext(TEXT_DOMAIN, "cannot get property '%s'"),
2535 		    zfs_prop_to_name(prop)));
2536 	}
2537 
2538 	if (src)
2539 		*src = ZPROP_SRC_NONE;
2540 
2541 	if (get_numeric_property(zhp, prop, src, &source, value) != 0)
2542 		return (-1);
2543 
2544 	get_source(zhp, src, source, statbuf, statlen);
2545 
2546 	return (0);
2547 }
2548 
2549 /*
2550  * Returns the name of the given zfs handle.
2551  */
2552 const char *
2553 zfs_get_name(const zfs_handle_t *zhp)
2554 {
2555 	return (zhp->zfs_name);
2556 }
2557 
2558 /*
2559  * Returns the type of the given zfs handle.
2560  */
2561 zfs_type_t
2562 zfs_get_type(const zfs_handle_t *zhp)
2563 {
2564 	return (zhp->zfs_type);
2565 }
2566 
2567 /*
2568  * Iterate over all child filesystems
2569  */
2570 int
2571 zfs_iter_filesystems(zfs_handle_t *zhp, zfs_iter_f func, void *data)
2572 {
2573 	zfs_cmd_t zc = { 0 };
2574 	zfs_handle_t *nzhp;
2575 	int ret;
2576 
2577 	if (zhp->zfs_type != ZFS_TYPE_FILESYSTEM)
2578 		return (0);
2579 
2580 	for ((void) strlcpy(zc.zc_name, zhp->zfs_name, sizeof (zc.zc_name));
2581 	    ioctl(zhp->zfs_hdl->libzfs_fd, ZFS_IOC_DATASET_LIST_NEXT, &zc) == 0;
2582 	    (void) strlcpy(zc.zc_name, zhp->zfs_name, sizeof (zc.zc_name))) {
2583 		/*
2584 		 * Ignore private dataset names.
2585 		 */
2586 		if (dataset_name_hidden(zc.zc_name))
2587 			continue;
2588 
2589 		/*
2590 		 * Silently ignore errors, as the only plausible explanation is
2591 		 * that the pool has since been removed.
2592 		 */
2593 		if ((nzhp = make_dataset_handle(zhp->zfs_hdl,
2594 		    zc.zc_name)) == NULL)
2595 			continue;
2596 
2597 		if ((ret = func(nzhp, data)) != 0)
2598 			return (ret);
2599 	}
2600 
2601 	/*
2602 	 * An errno value of ESRCH indicates normal completion.  If ENOENT is
2603 	 * returned, then the underlying dataset has been removed since we
2604 	 * obtained the handle.
2605 	 */
2606 	if (errno != ESRCH && errno != ENOENT)
2607 		return (zfs_standard_error(zhp->zfs_hdl, errno,
2608 		    dgettext(TEXT_DOMAIN, "cannot iterate filesystems")));
2609 
2610 	return (0);
2611 }
2612 
2613 /*
2614  * Iterate over all snapshots
2615  */
2616 int
2617 zfs_iter_snapshots(zfs_handle_t *zhp, zfs_iter_f func, void *data)
2618 {
2619 	zfs_cmd_t zc = { 0 };
2620 	zfs_handle_t *nzhp;
2621 	int ret;
2622 
2623 	if (zhp->zfs_type == ZFS_TYPE_SNAPSHOT)
2624 		return (0);
2625 
2626 	for ((void) strlcpy(zc.zc_name, zhp->zfs_name, sizeof (zc.zc_name));
2627 	    ioctl(zhp->zfs_hdl->libzfs_fd, ZFS_IOC_SNAPSHOT_LIST_NEXT,
2628 	    &zc) == 0;
2629 	    (void) strlcpy(zc.zc_name, zhp->zfs_name, sizeof (zc.zc_name))) {
2630 
2631 		if ((nzhp = make_dataset_handle(zhp->zfs_hdl,
2632 		    zc.zc_name)) == NULL)
2633 			continue;
2634 
2635 		if ((ret = func(nzhp, data)) != 0)
2636 			return (ret);
2637 	}
2638 
2639 	/*
2640 	 * An errno value of ESRCH indicates normal completion.  If ENOENT is
2641 	 * returned, then the underlying dataset has been removed since we
2642 	 * obtained the handle.  Silently ignore this case, and return success.
2643 	 */
2644 	if (errno != ESRCH && errno != ENOENT)
2645 		return (zfs_standard_error(zhp->zfs_hdl, errno,
2646 		    dgettext(TEXT_DOMAIN, "cannot iterate filesystems")));
2647 
2648 	return (0);
2649 }
2650 
2651 /*
2652  * Iterate over all children, snapshots and filesystems
2653  */
2654 int
2655 zfs_iter_children(zfs_handle_t *zhp, zfs_iter_f func, void *data)
2656 {
2657 	int ret;
2658 
2659 	if ((ret = zfs_iter_filesystems(zhp, func, data)) != 0)
2660 		return (ret);
2661 
2662 	return (zfs_iter_snapshots(zhp, func, data));
2663 }
2664 
2665 /*
2666  * Given a complete name, return just the portion that refers to the parent.
2667  * Can return NULL if this is a pool.
2668  */
2669 static int
2670 parent_name(const char *path, char *buf, size_t buflen)
2671 {
2672 	char *loc;
2673 
2674 	if ((loc = strrchr(path, '/')) == NULL)
2675 		return (-1);
2676 
2677 	(void) strncpy(buf, path, MIN(buflen, loc - path));
2678 	buf[loc - path] = '\0';
2679 
2680 	return (0);
2681 }
2682 
2683 /*
2684  * If accept_ancestor is false, then check to make sure that the given path has
2685  * a parent, and that it exists.  If accept_ancestor is true, then find the
2686  * closest existing ancestor for the given path.  In prefixlen return the
2687  * length of already existing prefix of the given path.  We also fetch the
2688  * 'zoned' property, which is used to validate property settings when creating
2689  * new datasets.
2690  */
2691 static int
2692 check_parents(libzfs_handle_t *hdl, const char *path, uint64_t *zoned,
2693     boolean_t accept_ancestor, int *prefixlen)
2694 {
2695 	zfs_cmd_t zc = { 0 };
2696 	char parent[ZFS_MAXNAMELEN];
2697 	char *slash;
2698 	zfs_handle_t *zhp;
2699 	char errbuf[1024];
2700 
2701 	(void) snprintf(errbuf, sizeof (errbuf), "cannot create '%s'",
2702 	    path);
2703 
2704 	/* get parent, and check to see if this is just a pool */
2705 	if (parent_name(path, parent, sizeof (parent)) != 0) {
2706 		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
2707 		    "missing dataset name"));
2708 		return (zfs_error(hdl, EZFS_INVALIDNAME, errbuf));
2709 	}
2710 
2711 	/* check to see if the pool exists */
2712 	if ((slash = strchr(parent, '/')) == NULL)
2713 		slash = parent + strlen(parent);
2714 	(void) strncpy(zc.zc_name, parent, slash - parent);
2715 	zc.zc_name[slash - parent] = '\0';
2716 	if (ioctl(hdl->libzfs_fd, ZFS_IOC_OBJSET_STATS, &zc) != 0 &&
2717 	    errno == ENOENT) {
2718 		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
2719 		    "no such pool '%s'"), zc.zc_name);
2720 		return (zfs_error(hdl, EZFS_NOENT, errbuf));
2721 	}
2722 
2723 	/* check to see if the parent dataset exists */
2724 	while ((zhp = make_dataset_handle(hdl, parent)) == NULL) {
2725 		if (errno == ENOENT && accept_ancestor) {
2726 			/*
2727 			 * Go deeper to find an ancestor, give up on top level.
2728 			 */
2729 			if (parent_name(parent, parent, sizeof (parent)) != 0) {
2730 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
2731 				    "no such pool '%s'"), zc.zc_name);
2732 				return (zfs_error(hdl, EZFS_NOENT, errbuf));
2733 			}
2734 		} else if (errno == ENOENT) {
2735 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
2736 			    "parent does not exist"));
2737 			return (zfs_error(hdl, EZFS_NOENT, errbuf));
2738 		} else
2739 			return (zfs_standard_error(hdl, errno, errbuf));
2740 	}
2741 
2742 	*zoned = zfs_prop_get_int(zhp, ZFS_PROP_ZONED);
2743 	/* we are in a non-global zone, but parent is in the global zone */
2744 	if (getzoneid() != GLOBAL_ZONEID && !(*zoned)) {
2745 		(void) zfs_standard_error(hdl, EPERM, errbuf);
2746 		zfs_close(zhp);
2747 		return (-1);
2748 	}
2749 
2750 	/* make sure parent is a filesystem */
2751 	if (zfs_get_type(zhp) != ZFS_TYPE_FILESYSTEM) {
2752 		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
2753 		    "parent is not a filesystem"));
2754 		(void) zfs_error(hdl, EZFS_BADTYPE, errbuf);
2755 		zfs_close(zhp);
2756 		return (-1);
2757 	}
2758 
2759 	zfs_close(zhp);
2760 	if (prefixlen != NULL)
2761 		*prefixlen = strlen(parent);
2762 	return (0);
2763 }
2764 
2765 /*
2766  * Finds whether the dataset of the given type(s) exists.
2767  */
2768 boolean_t
2769 zfs_dataset_exists(libzfs_handle_t *hdl, const char *path, zfs_type_t types)
2770 {
2771 	zfs_handle_t *zhp;
2772 
2773 	if (!zfs_validate_name(hdl, path, types, B_FALSE))
2774 		return (B_FALSE);
2775 
2776 	/*
2777 	 * Try to get stats for the dataset, which will tell us if it exists.
2778 	 */
2779 	if ((zhp = make_dataset_handle(hdl, path)) != NULL) {
2780 		int ds_type = zhp->zfs_type;
2781 
2782 		zfs_close(zhp);
2783 		if (types & ds_type)
2784 			return (B_TRUE);
2785 	}
2786 	return (B_FALSE);
2787 }
2788 
2789 /*
2790  * Given a path to 'target', create all the ancestors between
2791  * the prefixlen portion of the path, and the target itself.
2792  * Fail if the initial prefixlen-ancestor does not already exist.
2793  */
2794 int
2795 create_parents(libzfs_handle_t *hdl, char *target, int prefixlen)
2796 {
2797 	zfs_handle_t *h;
2798 	char *cp;
2799 	const char *opname;
2800 
2801 	/* make sure prefix exists */
2802 	cp = target + prefixlen;
2803 	if (*cp != '/') {
2804 		assert(strchr(cp, '/') == NULL);
2805 		h = zfs_open(hdl, target, ZFS_TYPE_FILESYSTEM);
2806 	} else {
2807 		*cp = '\0';
2808 		h = zfs_open(hdl, target, ZFS_TYPE_FILESYSTEM);
2809 		*cp = '/';
2810 	}
2811 	if (h == NULL)
2812 		return (-1);
2813 	zfs_close(h);
2814 
2815 	/*
2816 	 * Attempt to create, mount, and share any ancestor filesystems,
2817 	 * up to the prefixlen-long one.
2818 	 */
2819 	for (cp = target + prefixlen + 1;
2820 	    cp = strchr(cp, '/'); *cp = '/', cp++) {
2821 		char *logstr;
2822 
2823 		*cp = '\0';
2824 
2825 		h = make_dataset_handle(hdl, target);
2826 		if (h) {
2827 			/* it already exists, nothing to do here */
2828 			zfs_close(h);
2829 			continue;
2830 		}
2831 
2832 		logstr = hdl->libzfs_log_str;
2833 		hdl->libzfs_log_str = NULL;
2834 		if (zfs_create(hdl, target, ZFS_TYPE_FILESYSTEM,
2835 		    NULL) != 0) {
2836 			hdl->libzfs_log_str = logstr;
2837 			opname = dgettext(TEXT_DOMAIN, "create");
2838 			goto ancestorerr;
2839 		}
2840 
2841 		hdl->libzfs_log_str = logstr;
2842 		h = zfs_open(hdl, target, ZFS_TYPE_FILESYSTEM);
2843 		if (h == NULL) {
2844 			opname = dgettext(TEXT_DOMAIN, "open");
2845 			goto ancestorerr;
2846 		}
2847 
2848 		if (zfs_mount(h, NULL, 0) != 0) {
2849 			opname = dgettext(TEXT_DOMAIN, "mount");
2850 			goto ancestorerr;
2851 		}
2852 
2853 		if (zfs_share(h) != 0) {
2854 			opname = dgettext(TEXT_DOMAIN, "share");
2855 			goto ancestorerr;
2856 		}
2857 
2858 		zfs_close(h);
2859 	}
2860 
2861 	return (0);
2862 
2863 ancestorerr:
2864 	zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
2865 	    "failed to %s ancestor '%s'"), opname, target);
2866 	return (-1);
2867 }
2868 
2869 /*
2870  * Creates non-existing ancestors of the given path.
2871  */
2872 int
2873 zfs_create_ancestors(libzfs_handle_t *hdl, const char *path)
2874 {
2875 	int prefix;
2876 	uint64_t zoned;
2877 	char *path_copy;
2878 	int rc;
2879 
2880 	if (check_parents(hdl, path, &zoned, B_TRUE, &prefix) != 0)
2881 		return (-1);
2882 
2883 	if ((path_copy = strdup(path)) != NULL) {
2884 		rc = create_parents(hdl, path_copy, prefix);
2885 		free(path_copy);
2886 	}
2887 	if (path_copy == NULL || rc != 0)
2888 		return (-1);
2889 
2890 	return (0);
2891 }
2892 
2893 /*
2894  * Create a new filesystem or volume.
2895  */
2896 int
2897 zfs_create(libzfs_handle_t *hdl, const char *path, zfs_type_t type,
2898     nvlist_t *props)
2899 {
2900 	zfs_cmd_t zc = { 0 };
2901 	int ret;
2902 	uint64_t size = 0;
2903 	uint64_t blocksize = zfs_prop_default_numeric(ZFS_PROP_VOLBLOCKSIZE);
2904 	char errbuf[1024];
2905 	uint64_t zoned;
2906 
2907 	(void) snprintf(errbuf, sizeof (errbuf), dgettext(TEXT_DOMAIN,
2908 	    "cannot create '%s'"), path);
2909 
2910 	/* validate the path, taking care to note the extended error message */
2911 	if (!zfs_validate_name(hdl, path, type, B_TRUE))
2912 		return (zfs_error(hdl, EZFS_INVALIDNAME, errbuf));
2913 
2914 	/* validate parents exist */
2915 	if (check_parents(hdl, path, &zoned, B_FALSE, NULL) != 0)
2916 		return (-1);
2917 
2918 	/*
2919 	 * The failure modes when creating a dataset of a different type over
2920 	 * one that already exists is a little strange.  In particular, if you
2921 	 * try to create a dataset on top of an existing dataset, the ioctl()
2922 	 * will return ENOENT, not EEXIST.  To prevent this from happening, we
2923 	 * first try to see if the dataset exists.
2924 	 */
2925 	(void) strlcpy(zc.zc_name, path, sizeof (zc.zc_name));
2926 	if (zfs_dataset_exists(hdl, zc.zc_name, ZFS_TYPE_DATASET)) {
2927 		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
2928 		    "dataset already exists"));
2929 		return (zfs_error(hdl, EZFS_EXISTS, errbuf));
2930 	}
2931 
2932 	if (type == ZFS_TYPE_VOLUME)
2933 		zc.zc_objset_type = DMU_OST_ZVOL;
2934 	else
2935 		zc.zc_objset_type = DMU_OST_ZFS;
2936 
2937 	if (props && (props = zfs_valid_proplist(hdl, type, props,
2938 	    zoned, NULL, errbuf)) == 0)
2939 		return (-1);
2940 
2941 	if (type == ZFS_TYPE_VOLUME) {
2942 		/*
2943 		 * If we are creating a volume, the size and block size must
2944 		 * satisfy a few restraints.  First, the blocksize must be a
2945 		 * valid block size between SPA_{MIN,MAX}BLOCKSIZE.  Second, the
2946 		 * volsize must be a multiple of the block size, and cannot be
2947 		 * zero.
2948 		 */
2949 		if (props == NULL || nvlist_lookup_uint64(props,
2950 		    zfs_prop_to_name(ZFS_PROP_VOLSIZE), &size) != 0) {
2951 			nvlist_free(props);
2952 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
2953 			    "missing volume size"));
2954 			return (zfs_error(hdl, EZFS_BADPROP, errbuf));
2955 		}
2956 
2957 		if ((ret = nvlist_lookup_uint64(props,
2958 		    zfs_prop_to_name(ZFS_PROP_VOLBLOCKSIZE),
2959 		    &blocksize)) != 0) {
2960 			if (ret == ENOENT) {
2961 				blocksize = zfs_prop_default_numeric(
2962 				    ZFS_PROP_VOLBLOCKSIZE);
2963 			} else {
2964 				nvlist_free(props);
2965 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
2966 				    "missing volume block size"));
2967 				return (zfs_error(hdl, EZFS_BADPROP, errbuf));
2968 			}
2969 		}
2970 
2971 		if (size == 0) {
2972 			nvlist_free(props);
2973 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
2974 			    "volume size cannot be zero"));
2975 			return (zfs_error(hdl, EZFS_BADPROP, errbuf));
2976 		}
2977 
2978 		if (size % blocksize != 0) {
2979 			nvlist_free(props);
2980 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
2981 			    "volume size must be a multiple of volume block "
2982 			    "size"));
2983 			return (zfs_error(hdl, EZFS_BADPROP, errbuf));
2984 		}
2985 	}
2986 
2987 	if (props && zcmd_write_src_nvlist(hdl, &zc, props) != 0)
2988 		return (-1);
2989 	nvlist_free(props);
2990 
2991 	/* create the dataset */
2992 	ret = zfs_ioctl(hdl, ZFS_IOC_CREATE, &zc);
2993 
2994 	if (ret == 0 && type == ZFS_TYPE_VOLUME) {
2995 		ret = zvol_create_link(hdl, path);
2996 		if (ret) {
2997 			(void) zfs_standard_error(hdl, errno,
2998 			    dgettext(TEXT_DOMAIN,
2999 			    "Volume successfully created, but device links "
3000 			    "were not created"));
3001 			zcmd_free_nvlists(&zc);
3002 			return (-1);
3003 		}
3004 	}
3005 
3006 	zcmd_free_nvlists(&zc);
3007 
3008 	/* check for failure */
3009 	if (ret != 0) {
3010 		char parent[ZFS_MAXNAMELEN];
3011 		(void) parent_name(path, parent, sizeof (parent));
3012 
3013 		switch (errno) {
3014 		case ENOENT:
3015 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
3016 			    "no such parent '%s'"), parent);
3017 			return (zfs_error(hdl, EZFS_NOENT, errbuf));
3018 
3019 		case EINVAL:
3020 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
3021 			    "parent '%s' is not a filesystem"), parent);
3022 			return (zfs_error(hdl, EZFS_BADTYPE, errbuf));
3023 
3024 		case EDOM:
3025 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
3026 			    "volume block size must be power of 2 from "
3027 			    "%u to %uk"),
3028 			    (uint_t)SPA_MINBLOCKSIZE,
3029 			    (uint_t)SPA_MAXBLOCKSIZE >> 10);
3030 
3031 			return (zfs_error(hdl, EZFS_BADPROP, errbuf));
3032 
3033 		case ENOTSUP:
3034 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
3035 			    "pool must be upgraded to set this "
3036 			    "property or value"));
3037 			return (zfs_error(hdl, EZFS_BADVERSION, errbuf));
3038 #ifdef _ILP32
3039 		case EOVERFLOW:
3040 			/*
3041 			 * This platform can't address a volume this big.
3042 			 */
3043 			if (type == ZFS_TYPE_VOLUME)
3044 				return (zfs_error(hdl, EZFS_VOLTOOBIG,
3045 				    errbuf));
3046 #endif
3047 			/* FALLTHROUGH */
3048 		default:
3049 			return (zfs_standard_error(hdl, errno, errbuf));
3050 		}
3051 	}
3052 
3053 	return (0);
3054 }
3055 
3056 /*
3057  * Destroys the given dataset.  The caller must make sure that the filesystem
3058  * isn't mounted, and that there are no active dependents.
3059  */
3060 int
3061 zfs_destroy(zfs_handle_t *zhp)
3062 {
3063 	zfs_cmd_t zc = { 0 };
3064 
3065 	(void) strlcpy(zc.zc_name, zhp->zfs_name, sizeof (zc.zc_name));
3066 
3067 	if (ZFS_IS_VOLUME(zhp)) {
3068 		/*
3069 		 * If user doesn't have permissions to unshare volume, then
3070 		 * abort the request.  This would only happen for a
3071 		 * non-privileged user.
3072 		 */
3073 		if (zfs_unshare_iscsi(zhp) != 0) {
3074 			return (-1);
3075 		}
3076 
3077 		if (zvol_remove_link(zhp->zfs_hdl, zhp->zfs_name) != 0)
3078 			return (-1);
3079 
3080 		zc.zc_objset_type = DMU_OST_ZVOL;
3081 	} else {
3082 		zc.zc_objset_type = DMU_OST_ZFS;
3083 	}
3084 
3085 	if (zfs_ioctl(zhp->zfs_hdl, ZFS_IOC_DESTROY, &zc) != 0) {
3086 		return (zfs_standard_error_fmt(zhp->zfs_hdl, errno,
3087 		    dgettext(TEXT_DOMAIN, "cannot destroy '%s'"),
3088 		    zhp->zfs_name));
3089 	}
3090 
3091 	remove_mountpoint(zhp);
3092 
3093 	return (0);
3094 }
3095 
3096 struct destroydata {
3097 	char *snapname;
3098 	boolean_t gotone;
3099 	boolean_t closezhp;
3100 };
3101 
3102 static int
3103 zfs_remove_link_cb(zfs_handle_t *zhp, void *arg)
3104 {
3105 	struct destroydata *dd = arg;
3106 	zfs_handle_t *szhp;
3107 	char name[ZFS_MAXNAMELEN];
3108 	boolean_t closezhp = dd->closezhp;
3109 	int rv;
3110 
3111 	(void) strlcpy(name, zhp->zfs_name, sizeof (name));
3112 	(void) strlcat(name, "@", sizeof (name));
3113 	(void) strlcat(name, dd->snapname, sizeof (name));
3114 
3115 	szhp = make_dataset_handle(zhp->zfs_hdl, name);
3116 	if (szhp) {
3117 		dd->gotone = B_TRUE;
3118 		zfs_close(szhp);
3119 	}
3120 
3121 	if (zhp->zfs_type == ZFS_TYPE_VOLUME) {
3122 		(void) zvol_remove_link(zhp->zfs_hdl, name);
3123 		/*
3124 		 * NB: this is simply a best-effort.  We don't want to
3125 		 * return an error, because then we wouldn't visit all
3126 		 * the volumes.
3127 		 */
3128 	}
3129 
3130 	dd->closezhp = B_TRUE;
3131 	rv = zfs_iter_filesystems(zhp, zfs_remove_link_cb, arg);
3132 	if (closezhp)
3133 		zfs_close(zhp);
3134 	return (rv);
3135 }
3136 
3137 /*
3138  * Destroys all snapshots with the given name in zhp & descendants.
3139  */
3140 int
3141 zfs_destroy_snaps(zfs_handle_t *zhp, char *snapname)
3142 {
3143 	zfs_cmd_t zc = { 0 };
3144 	int ret;
3145 	struct destroydata dd = { 0 };
3146 
3147 	dd.snapname = snapname;
3148 	(void) zfs_remove_link_cb(zhp, &dd);
3149 
3150 	if (!dd.gotone) {
3151 		return (zfs_standard_error_fmt(zhp->zfs_hdl, ENOENT,
3152 		    dgettext(TEXT_DOMAIN, "cannot destroy '%s@%s'"),
3153 		    zhp->zfs_name, snapname));
3154 	}
3155 
3156 	(void) strlcpy(zc.zc_name, zhp->zfs_name, sizeof (zc.zc_name));
3157 	(void) strlcpy(zc.zc_value, snapname, sizeof (zc.zc_value));
3158 
3159 	ret = zfs_ioctl(zhp->zfs_hdl, ZFS_IOC_DESTROY_SNAPS, &zc);
3160 	if (ret != 0) {
3161 		char errbuf[1024];
3162 
3163 		(void) snprintf(errbuf, sizeof (errbuf), dgettext(TEXT_DOMAIN,
3164 		    "cannot destroy '%s@%s'"), zc.zc_name, snapname);
3165 
3166 		switch (errno) {
3167 		case EEXIST:
3168 			zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
3169 			    "snapshot is cloned"));
3170 			return (zfs_error(zhp->zfs_hdl, EZFS_EXISTS, errbuf));
3171 
3172 		default:
3173 			return (zfs_standard_error(zhp->zfs_hdl, errno,
3174 			    errbuf));
3175 		}
3176 	}
3177 
3178 	return (0);
3179 }
3180 
3181 /*
3182  * Clones the given dataset.  The target must be of the same type as the source.
3183  */
3184 int
3185 zfs_clone(zfs_handle_t *zhp, const char *target, nvlist_t *props)
3186 {
3187 	zfs_cmd_t zc = { 0 };
3188 	char parent[ZFS_MAXNAMELEN];
3189 	int ret;
3190 	char errbuf[1024];
3191 	libzfs_handle_t *hdl = zhp->zfs_hdl;
3192 	zfs_type_t type;
3193 	uint64_t zoned;
3194 
3195 	assert(zhp->zfs_type == ZFS_TYPE_SNAPSHOT);
3196 
3197 	(void) snprintf(errbuf, sizeof (errbuf), dgettext(TEXT_DOMAIN,
3198 	    "cannot create '%s'"), target);
3199 
3200 	/* validate the target name */
3201 	if (!zfs_validate_name(hdl, target, ZFS_TYPE_FILESYSTEM, B_TRUE))
3202 		return (zfs_error(hdl, EZFS_INVALIDNAME, errbuf));
3203 
3204 	/* validate parents exist */
3205 	if (check_parents(hdl, target, &zoned, B_FALSE, NULL) != 0)
3206 		return (-1);
3207 
3208 	(void) parent_name(target, parent, sizeof (parent));
3209 
3210 	/* do the clone */
3211 	if (ZFS_IS_VOLUME(zhp)) {
3212 		zc.zc_objset_type = DMU_OST_ZVOL;
3213 		type = ZFS_TYPE_VOLUME;
3214 	} else {
3215 		zc.zc_objset_type = DMU_OST_ZFS;
3216 		type = ZFS_TYPE_FILESYSTEM;
3217 	}
3218 
3219 	if (props) {
3220 		if ((props = zfs_valid_proplist(hdl, type, props, zoned,
3221 		    zhp, errbuf)) == NULL)
3222 			return (-1);
3223 
3224 		if (zcmd_write_src_nvlist(hdl, &zc, props) != 0) {
3225 			nvlist_free(props);
3226 			return (-1);
3227 		}
3228 
3229 		nvlist_free(props);
3230 	}
3231 
3232 	(void) strlcpy(zc.zc_name, target, sizeof (zc.zc_name));
3233 	(void) strlcpy(zc.zc_value, zhp->zfs_name, sizeof (zc.zc_value));
3234 	ret = zfs_ioctl(zhp->zfs_hdl, ZFS_IOC_CREATE, &zc);
3235 
3236 	zcmd_free_nvlists(&zc);
3237 
3238 	if (ret != 0) {
3239 		switch (errno) {
3240 
3241 		case ENOENT:
3242 			/*
3243 			 * The parent doesn't exist.  We should have caught this
3244 			 * above, but there may a race condition that has since
3245 			 * destroyed the parent.
3246 			 *
3247 			 * At this point, we don't know whether it's the source
3248 			 * that doesn't exist anymore, or whether the target
3249 			 * dataset doesn't exist.
3250 			 */
3251 			zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
3252 			    "no such parent '%s'"), parent);
3253 			return (zfs_error(zhp->zfs_hdl, EZFS_NOENT, errbuf));
3254 
3255 		case EXDEV:
3256 			zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
3257 			    "source and target pools differ"));
3258 			return (zfs_error(zhp->zfs_hdl, EZFS_CROSSTARGET,
3259 			    errbuf));
3260 
3261 		default:
3262 			return (zfs_standard_error(zhp->zfs_hdl, errno,
3263 			    errbuf));
3264 		}
3265 	} else if (ZFS_IS_VOLUME(zhp)) {
3266 		ret = zvol_create_link(zhp->zfs_hdl, target);
3267 	}
3268 
3269 	return (ret);
3270 }
3271 
3272 typedef struct promote_data {
3273 	char cb_mountpoint[MAXPATHLEN];
3274 	const char *cb_target;
3275 	const char *cb_errbuf;
3276 	uint64_t cb_pivot_txg;
3277 } promote_data_t;
3278 
3279 static int
3280 promote_snap_cb(zfs_handle_t *zhp, void *data)
3281 {
3282 	promote_data_t *pd = data;
3283 	zfs_handle_t *szhp;
3284 	char snapname[MAXPATHLEN];
3285 	int rv = 0;
3286 
3287 	/* We don't care about snapshots after the pivot point */
3288 	if (zfs_prop_get_int(zhp, ZFS_PROP_CREATETXG) > pd->cb_pivot_txg) {
3289 		zfs_close(zhp);
3290 		return (0);
3291 	}
3292 
3293 	/* Remove the device link if it's a zvol. */
3294 	if (ZFS_IS_VOLUME(zhp))
3295 		(void) zvol_remove_link(zhp->zfs_hdl, zhp->zfs_name);
3296 
3297 	/* Check for conflicting names */
3298 	(void) strlcpy(snapname, pd->cb_target, sizeof (snapname));
3299 	(void) strlcat(snapname, strchr(zhp->zfs_name, '@'), sizeof (snapname));
3300 	szhp = make_dataset_handle(zhp->zfs_hdl, snapname);
3301 	if (szhp != NULL) {
3302 		zfs_close(szhp);
3303 		zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
3304 		    "snapshot name '%s' from origin \n"
3305 		    "conflicts with '%s' from target"),
3306 		    zhp->zfs_name, snapname);
3307 		rv = zfs_error(zhp->zfs_hdl, EZFS_EXISTS, pd->cb_errbuf);
3308 	}
3309 	zfs_close(zhp);
3310 	return (rv);
3311 }
3312 
3313 static int
3314 promote_snap_done_cb(zfs_handle_t *zhp, void *data)
3315 {
3316 	promote_data_t *pd = data;
3317 
3318 	/* We don't care about snapshots after the pivot point */
3319 	if (zfs_prop_get_int(zhp, ZFS_PROP_CREATETXG) <= pd->cb_pivot_txg) {
3320 		/* Create the device link if it's a zvol. */
3321 		if (ZFS_IS_VOLUME(zhp))
3322 			(void) zvol_create_link(zhp->zfs_hdl, zhp->zfs_name);
3323 	}
3324 
3325 	zfs_close(zhp);
3326 	return (0);
3327 }
3328 
3329 /*
3330  * Promotes the given clone fs to be the clone parent.
3331  */
3332 int
3333 zfs_promote(zfs_handle_t *zhp)
3334 {
3335 	libzfs_handle_t *hdl = zhp->zfs_hdl;
3336 	zfs_cmd_t zc = { 0 };
3337 	char parent[MAXPATHLEN];
3338 	char *cp;
3339 	int ret;
3340 	zfs_handle_t *pzhp;
3341 	promote_data_t pd;
3342 	char errbuf[1024];
3343 
3344 	(void) snprintf(errbuf, sizeof (errbuf), dgettext(TEXT_DOMAIN,
3345 	    "cannot promote '%s'"), zhp->zfs_name);
3346 
3347 	if (zhp->zfs_type == ZFS_TYPE_SNAPSHOT) {
3348 		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
3349 		    "snapshots can not be promoted"));
3350 		return (zfs_error(hdl, EZFS_BADTYPE, errbuf));
3351 	}
3352 
3353 	(void) strlcpy(parent, zhp->zfs_dmustats.dds_origin, sizeof (parent));
3354 	if (parent[0] == '\0') {
3355 		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
3356 		    "not a cloned filesystem"));
3357 		return (zfs_error(hdl, EZFS_BADTYPE, errbuf));
3358 	}
3359 	cp = strchr(parent, '@');
3360 	*cp = '\0';
3361 
3362 	/* Walk the snapshots we will be moving */
3363 	pzhp = zfs_open(hdl, zhp->zfs_dmustats.dds_origin, ZFS_TYPE_SNAPSHOT);
3364 	if (pzhp == NULL)
3365 		return (-1);
3366 	pd.cb_pivot_txg = zfs_prop_get_int(pzhp, ZFS_PROP_CREATETXG);
3367 	zfs_close(pzhp);
3368 	pd.cb_target = zhp->zfs_name;
3369 	pd.cb_errbuf = errbuf;
3370 	pzhp = zfs_open(hdl, parent, ZFS_TYPE_DATASET);
3371 	if (pzhp == NULL)
3372 		return (-1);
3373 	(void) zfs_prop_get(pzhp, ZFS_PROP_MOUNTPOINT, pd.cb_mountpoint,
3374 	    sizeof (pd.cb_mountpoint), NULL, NULL, 0, FALSE);
3375 	ret = zfs_iter_snapshots(pzhp, promote_snap_cb, &pd);
3376 	if (ret != 0) {
3377 		zfs_close(pzhp);
3378 		return (-1);
3379 	}
3380 
3381 	/* issue the ioctl */
3382 	(void) strlcpy(zc.zc_value, zhp->zfs_dmustats.dds_origin,
3383 	    sizeof (zc.zc_value));
3384 	(void) strlcpy(zc.zc_name, zhp->zfs_name, sizeof (zc.zc_name));
3385 	ret = zfs_ioctl(hdl, ZFS_IOC_PROMOTE, &zc);
3386 
3387 	if (ret != 0) {
3388 		int save_errno = errno;
3389 
3390 		(void) zfs_iter_snapshots(pzhp, promote_snap_done_cb, &pd);
3391 		zfs_close(pzhp);
3392 
3393 		switch (save_errno) {
3394 		case EEXIST:
3395 			/*
3396 			 * There is a conflicting snapshot name.  We
3397 			 * should have caught this above, but they could
3398 			 * have renamed something in the mean time.
3399 			 */
3400 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
3401 			    "conflicting snapshot name from parent '%s'"),
3402 			    parent);
3403 			return (zfs_error(hdl, EZFS_EXISTS, errbuf));
3404 
3405 		default:
3406 			return (zfs_standard_error(hdl, save_errno, errbuf));
3407 		}
3408 	} else {
3409 		(void) zfs_iter_snapshots(zhp, promote_snap_done_cb, &pd);
3410 	}
3411 
3412 	zfs_close(pzhp);
3413 	return (ret);
3414 }
3415 
3416 struct createdata {
3417 	const char *cd_snapname;
3418 	int cd_ifexists;
3419 };
3420 
3421 static int
3422 zfs_create_link_cb(zfs_handle_t *zhp, void *arg)
3423 {
3424 	struct createdata *cd = arg;
3425 	int ret;
3426 
3427 	if (zhp->zfs_type == ZFS_TYPE_VOLUME) {
3428 		char name[MAXPATHLEN];
3429 
3430 		(void) strlcpy(name, zhp->zfs_name, sizeof (name));
3431 		(void) strlcat(name, "@", sizeof (name));
3432 		(void) strlcat(name, cd->cd_snapname, sizeof (name));
3433 		(void) zvol_create_link_common(zhp->zfs_hdl, name,
3434 		    cd->cd_ifexists);
3435 		/*
3436 		 * NB: this is simply a best-effort.  We don't want to
3437 		 * return an error, because then we wouldn't visit all
3438 		 * the volumes.
3439 		 */
3440 	}
3441 
3442 	ret = zfs_iter_filesystems(zhp, zfs_create_link_cb, cd);
3443 
3444 	zfs_close(zhp);
3445 
3446 	return (ret);
3447 }
3448 
3449 /*
3450  * Takes a snapshot of the given dataset.
3451  */
3452 int
3453 zfs_snapshot(libzfs_handle_t *hdl, const char *path, boolean_t recursive)
3454 {
3455 	const char *delim;
3456 	char *parent;
3457 	zfs_handle_t *zhp;
3458 	zfs_cmd_t zc = { 0 };
3459 	int ret;
3460 	char errbuf[1024];
3461 
3462 	(void) snprintf(errbuf, sizeof (errbuf), dgettext(TEXT_DOMAIN,
3463 	    "cannot snapshot '%s'"), path);
3464 
3465 	/* validate the target name */
3466 	if (!zfs_validate_name(hdl, path, ZFS_TYPE_SNAPSHOT, B_TRUE))
3467 		return (zfs_error(hdl, EZFS_INVALIDNAME, errbuf));
3468 
3469 	/* make sure the parent exists and is of the appropriate type */
3470 	delim = strchr(path, '@');
3471 	if ((parent = zfs_alloc(hdl, delim - path + 1)) == NULL)
3472 		return (-1);
3473 	(void) strncpy(parent, path, delim - path);
3474 	parent[delim - path] = '\0';
3475 
3476 	if ((zhp = zfs_open(hdl, parent, ZFS_TYPE_FILESYSTEM |
3477 	    ZFS_TYPE_VOLUME)) == NULL) {
3478 		free(parent);
3479 		return (-1);
3480 	}
3481 
3482 	(void) strlcpy(zc.zc_name, zhp->zfs_name, sizeof (zc.zc_name));
3483 	(void) strlcpy(zc.zc_value, delim+1, sizeof (zc.zc_value));
3484 	if (ZFS_IS_VOLUME(zhp))
3485 		zc.zc_objset_type = DMU_OST_ZVOL;
3486 	else
3487 		zc.zc_objset_type = DMU_OST_ZFS;
3488 	zc.zc_cookie = recursive;
3489 	ret = zfs_ioctl(zhp->zfs_hdl, ZFS_IOC_SNAPSHOT, &zc);
3490 
3491 	/*
3492 	 * if it was recursive, the one that actually failed will be in
3493 	 * zc.zc_name.
3494 	 */
3495 	if (ret != 0)
3496 		(void) snprintf(errbuf, sizeof (errbuf), dgettext(TEXT_DOMAIN,
3497 		    "cannot create snapshot '%s@%s'"), zc.zc_name, zc.zc_value);
3498 
3499 	if (ret == 0 && recursive) {
3500 		struct createdata cd;
3501 
3502 		cd.cd_snapname = delim + 1;
3503 		cd.cd_ifexists = B_FALSE;
3504 		(void) zfs_iter_filesystems(zhp, zfs_create_link_cb, &cd);
3505 	}
3506 	if (ret == 0 && zhp->zfs_type == ZFS_TYPE_VOLUME) {
3507 		ret = zvol_create_link(zhp->zfs_hdl, path);
3508 		if (ret != 0) {
3509 			(void) zfs_standard_error(hdl, errno,
3510 			    dgettext(TEXT_DOMAIN,
3511 			    "Volume successfully snapshotted, but device links "
3512 			    "were not created"));
3513 			free(parent);
3514 			zfs_close(zhp);
3515 			return (-1);
3516 		}
3517 	}
3518 
3519 	if (ret != 0)
3520 		(void) zfs_standard_error(hdl, errno, errbuf);
3521 
3522 	free(parent);
3523 	zfs_close(zhp);
3524 
3525 	return (ret);
3526 }
3527 
3528 /*
3529  * Destroy any more recent snapshots.  We invoke this callback on any dependents
3530  * of the snapshot first.  If the 'cb_dependent' member is non-zero, then this
3531  * is a dependent and we should just destroy it without checking the transaction
3532  * group.
3533  */
3534 typedef struct rollback_data {
3535 	const char	*cb_target;		/* the snapshot */
3536 	uint64_t	cb_create;		/* creation time reference */
3537 	boolean_t	cb_error;
3538 	boolean_t	cb_dependent;
3539 	boolean_t	cb_force;
3540 } rollback_data_t;
3541 
3542 static int
3543 rollback_destroy(zfs_handle_t *zhp, void *data)
3544 {
3545 	rollback_data_t *cbp = data;
3546 
3547 	if (!cbp->cb_dependent) {
3548 		if (strcmp(zhp->zfs_name, cbp->cb_target) != 0 &&
3549 		    zfs_get_type(zhp) == ZFS_TYPE_SNAPSHOT &&
3550 		    zfs_prop_get_int(zhp, ZFS_PROP_CREATETXG) >
3551 		    cbp->cb_create) {
3552 			char *logstr;
3553 
3554 			cbp->cb_dependent = B_TRUE;
3555 			cbp->cb_error |= zfs_iter_dependents(zhp, B_FALSE,
3556 			    rollback_destroy, cbp);
3557 			cbp->cb_dependent = B_FALSE;
3558 
3559 			logstr = zhp->zfs_hdl->libzfs_log_str;
3560 			zhp->zfs_hdl->libzfs_log_str = NULL;
3561 			cbp->cb_error |= zfs_destroy(zhp);
3562 			zhp->zfs_hdl->libzfs_log_str = logstr;
3563 		}
3564 	} else {
3565 		/* We must destroy this clone; first unmount it */
3566 		prop_changelist_t *clp;
3567 
3568 		clp = changelist_gather(zhp, ZFS_PROP_NAME,
3569 		    cbp->cb_force ? MS_FORCE: 0);
3570 		if (clp == NULL || changelist_prefix(clp) != 0) {
3571 			cbp->cb_error = B_TRUE;
3572 			zfs_close(zhp);
3573 			return (0);
3574 		}
3575 		if (zfs_destroy(zhp) != 0)
3576 			cbp->cb_error = B_TRUE;
3577 		else
3578 			changelist_remove(clp, zhp->zfs_name);
3579 		(void) changelist_postfix(clp);
3580 		changelist_free(clp);
3581 	}
3582 
3583 	zfs_close(zhp);
3584 	return (0);
3585 }
3586 
3587 /*
3588  * Given a dataset, rollback to a specific snapshot, discarding any
3589  * data changes since then and making it the active dataset.
3590  *
3591  * Any snapshots more recent than the target are destroyed, along with
3592  * their dependents.
3593  */
3594 int
3595 zfs_rollback(zfs_handle_t *zhp, zfs_handle_t *snap, boolean_t force)
3596 {
3597 	rollback_data_t cb = { 0 };
3598 	int err;
3599 	zfs_cmd_t zc = { 0 };
3600 	boolean_t restore_resv = 0;
3601 	uint64_t old_volsize, new_volsize;
3602 	zfs_prop_t resv_prop;
3603 
3604 	assert(zhp->zfs_type == ZFS_TYPE_FILESYSTEM ||
3605 	    zhp->zfs_type == ZFS_TYPE_VOLUME);
3606 
3607 	/*
3608 	 * Destroy all recent snapshots and its dependends.
3609 	 */
3610 	cb.cb_force = force;
3611 	cb.cb_target = snap->zfs_name;
3612 	cb.cb_create = zfs_prop_get_int(snap, ZFS_PROP_CREATETXG);
3613 	(void) zfs_iter_children(zhp, rollback_destroy, &cb);
3614 
3615 	if (cb.cb_error)
3616 		return (-1);
3617 
3618 	/*
3619 	 * Now that we have verified that the snapshot is the latest,
3620 	 * rollback to the given snapshot.
3621 	 */
3622 
3623 	if (zhp->zfs_type == ZFS_TYPE_VOLUME) {
3624 		if (zvol_remove_link(zhp->zfs_hdl, zhp->zfs_name) != 0)
3625 			return (-1);
3626 		if (zfs_which_resv_prop(zhp, &resv_prop) < 0)
3627 			return (-1);
3628 		old_volsize = zfs_prop_get_int(zhp, ZFS_PROP_VOLSIZE);
3629 		restore_resv =
3630 		    (old_volsize == zfs_prop_get_int(zhp, resv_prop));
3631 	}
3632 
3633 	(void) strlcpy(zc.zc_name, zhp->zfs_name, sizeof (zc.zc_name));
3634 
3635 	if (ZFS_IS_VOLUME(zhp))
3636 		zc.zc_objset_type = DMU_OST_ZVOL;
3637 	else
3638 		zc.zc_objset_type = DMU_OST_ZFS;
3639 
3640 	/*
3641 	 * We rely on zfs_iter_children() to verify that there are no
3642 	 * newer snapshots for the given dataset.  Therefore, we can
3643 	 * simply pass the name on to the ioctl() call.  There is still
3644 	 * an unlikely race condition where the user has taken a
3645 	 * snapshot since we verified that this was the most recent.
3646 	 *
3647 	 */
3648 	if ((err = zfs_ioctl(zhp->zfs_hdl, ZFS_IOC_ROLLBACK, &zc)) != 0) {
3649 		(void) zfs_standard_error_fmt(zhp->zfs_hdl, errno,
3650 		    dgettext(TEXT_DOMAIN, "cannot rollback '%s'"),
3651 		    zhp->zfs_name);
3652 		return (err);
3653 	}
3654 
3655 	/*
3656 	 * For volumes, if the pre-rollback volsize matched the pre-
3657 	 * rollback reservation and the volsize has changed then set
3658 	 * the reservation property to the post-rollback volsize.
3659 	 * Make a new handle since the rollback closed the dataset.
3660 	 */
3661 	if ((zhp->zfs_type == ZFS_TYPE_VOLUME) &&
3662 	    (zhp = make_dataset_handle(zhp->zfs_hdl, zhp->zfs_name))) {
3663 		if (err = zvol_create_link(zhp->zfs_hdl, zhp->zfs_name)) {
3664 			zfs_close(zhp);
3665 			return (err);
3666 		}
3667 		if (restore_resv) {
3668 			new_volsize = zfs_prop_get_int(zhp, ZFS_PROP_VOLSIZE);
3669 			if (old_volsize != new_volsize)
3670 				err = zfs_prop_set_int(zhp, resv_prop,
3671 				    new_volsize);
3672 		}
3673 		zfs_close(zhp);
3674 	}
3675 	return (err);
3676 }
3677 
3678 /*
3679  * Iterate over all dependents for a given dataset.  This includes both
3680  * hierarchical dependents (children) and data dependents (snapshots and
3681  * clones).  The bulk of the processing occurs in get_dependents() in
3682  * libzfs_graph.c.
3683  */
3684 int
3685 zfs_iter_dependents(zfs_handle_t *zhp, boolean_t allowrecursion,
3686     zfs_iter_f func, void *data)
3687 {
3688 	char **dependents;
3689 	size_t count;
3690 	int i;
3691 	zfs_handle_t *child;
3692 	int ret = 0;
3693 
3694 	if (get_dependents(zhp->zfs_hdl, allowrecursion, zhp->zfs_name,
3695 	    &dependents, &count) != 0)
3696 		return (-1);
3697 
3698 	for (i = 0; i < count; i++) {
3699 		if ((child = make_dataset_handle(zhp->zfs_hdl,
3700 		    dependents[i])) == NULL)
3701 			continue;
3702 
3703 		if ((ret = func(child, data)) != 0)
3704 			break;
3705 	}
3706 
3707 	for (i = 0; i < count; i++)
3708 		free(dependents[i]);
3709 	free(dependents);
3710 
3711 	return (ret);
3712 }
3713 
3714 /*
3715  * Renames the given dataset.
3716  */
3717 int
3718 zfs_rename(zfs_handle_t *zhp, const char *target, boolean_t recursive)
3719 {
3720 	int ret;
3721 	zfs_cmd_t zc = { 0 };
3722 	char *delim;
3723 	prop_changelist_t *cl = NULL;
3724 	zfs_handle_t *zhrp = NULL;
3725 	char *parentname = NULL;
3726 	char parent[ZFS_MAXNAMELEN];
3727 	libzfs_handle_t *hdl = zhp->zfs_hdl;
3728 	char errbuf[1024];
3729 
3730 	/* if we have the same exact name, just return success */
3731 	if (strcmp(zhp->zfs_name, target) == 0)
3732 		return (0);
3733 
3734 	(void) snprintf(errbuf, sizeof (errbuf), dgettext(TEXT_DOMAIN,
3735 	    "cannot rename to '%s'"), target);
3736 
3737 	/*
3738 	 * Make sure the target name is valid
3739 	 */
3740 	if (zhp->zfs_type == ZFS_TYPE_SNAPSHOT) {
3741 		if ((strchr(target, '@') == NULL) ||
3742 		    *target == '@') {
3743 			/*
3744 			 * Snapshot target name is abbreviated,
3745 			 * reconstruct full dataset name
3746 			 */
3747 			(void) strlcpy(parent, zhp->zfs_name,
3748 			    sizeof (parent));
3749 			delim = strchr(parent, '@');
3750 			if (strchr(target, '@') == NULL)
3751 				*(++delim) = '\0';
3752 			else
3753 				*delim = '\0';
3754 			(void) strlcat(parent, target, sizeof (parent));
3755 			target = parent;
3756 		} else {
3757 			/*
3758 			 * Make sure we're renaming within the same dataset.
3759 			 */
3760 			delim = strchr(target, '@');
3761 			if (strncmp(zhp->zfs_name, target, delim - target)
3762 			    != 0 || zhp->zfs_name[delim - target] != '@') {
3763 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
3764 				    "snapshots must be part of same "
3765 				    "dataset"));
3766 				return (zfs_error(hdl, EZFS_CROSSTARGET,
3767 				    errbuf));
3768 			}
3769 		}
3770 		if (!zfs_validate_name(hdl, target, zhp->zfs_type, B_TRUE))
3771 			return (zfs_error(hdl, EZFS_INVALIDNAME, errbuf));
3772 	} else {
3773 		if (recursive) {
3774 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
3775 			    "recursive rename must be a snapshot"));
3776 			return (zfs_error(hdl, EZFS_BADTYPE, errbuf));
3777 		}
3778 
3779 		if (!zfs_validate_name(hdl, target, zhp->zfs_type, B_TRUE))
3780 			return (zfs_error(hdl, EZFS_INVALIDNAME, errbuf));
3781 		uint64_t unused;
3782 
3783 		/* validate parents */
3784 		if (check_parents(hdl, target, &unused, B_FALSE, NULL) != 0)
3785 			return (-1);
3786 
3787 		(void) parent_name(target, parent, sizeof (parent));
3788 
3789 		/* make sure we're in the same pool */
3790 		verify((delim = strchr(target, '/')) != NULL);
3791 		if (strncmp(zhp->zfs_name, target, delim - target) != 0 ||
3792 		    zhp->zfs_name[delim - target] != '/') {
3793 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
3794 			    "datasets must be within same pool"));
3795 			return (zfs_error(hdl, EZFS_CROSSTARGET, errbuf));
3796 		}
3797 
3798 		/* new name cannot be a child of the current dataset name */
3799 		if (strncmp(parent, zhp->zfs_name,
3800 		    strlen(zhp->zfs_name)) == 0) {
3801 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
3802 			    "New dataset name cannot be a descendent of "
3803 			    "current dataset name"));
3804 			return (zfs_error(hdl, EZFS_INVALIDNAME, errbuf));
3805 		}
3806 	}
3807 
3808 	(void) snprintf(errbuf, sizeof (errbuf),
3809 	    dgettext(TEXT_DOMAIN, "cannot rename '%s'"), zhp->zfs_name);
3810 
3811 	if (getzoneid() == GLOBAL_ZONEID &&
3812 	    zfs_prop_get_int(zhp, ZFS_PROP_ZONED)) {
3813 		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
3814 		    "dataset is used in a non-global zone"));
3815 		return (zfs_error(hdl, EZFS_ZONED, errbuf));
3816 	}
3817 
3818 	if (recursive) {
3819 		struct destroydata dd;
3820 
3821 		parentname = zfs_strdup(zhp->zfs_hdl, zhp->zfs_name);
3822 		if (parentname == NULL) {
3823 			ret = -1;
3824 			goto error;
3825 		}
3826 		delim = strchr(parentname, '@');
3827 		*delim = '\0';
3828 		zhrp = zfs_open(zhp->zfs_hdl, parentname, ZFS_TYPE_DATASET);
3829 		if (zhrp == NULL) {
3830 			ret = -1;
3831 			goto error;
3832 		}
3833 
3834 		dd.snapname = delim + 1;
3835 		dd.gotone = B_FALSE;
3836 		dd.closezhp = B_TRUE;
3837 
3838 		/* We remove any zvol links prior to renaming them */
3839 		ret = zfs_iter_filesystems(zhrp, zfs_remove_link_cb, &dd);
3840 		if (ret) {
3841 			goto error;
3842 		}
3843 	} else {
3844 		if ((cl = changelist_gather(zhp, ZFS_PROP_NAME, 0)) == NULL)
3845 			return (-1);
3846 
3847 		if (changelist_haszonedchild(cl)) {
3848 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
3849 			    "child dataset with inherited mountpoint is used "
3850 			    "in a non-global zone"));
3851 			(void) zfs_error(hdl, EZFS_ZONED, errbuf);
3852 			goto error;
3853 		}
3854 
3855 		if ((ret = changelist_prefix(cl)) != 0)
3856 			goto error;
3857 	}
3858 
3859 	if (ZFS_IS_VOLUME(zhp))
3860 		zc.zc_objset_type = DMU_OST_ZVOL;
3861 	else
3862 		zc.zc_objset_type = DMU_OST_ZFS;
3863 
3864 	(void) strlcpy(zc.zc_name, zhp->zfs_name, sizeof (zc.zc_name));
3865 	(void) strlcpy(zc.zc_value, target, sizeof (zc.zc_value));
3866 
3867 	zc.zc_cookie = recursive;
3868 
3869 	if ((ret = zfs_ioctl(zhp->zfs_hdl, ZFS_IOC_RENAME, &zc)) != 0) {
3870 		/*
3871 		 * if it was recursive, the one that actually failed will
3872 		 * be in zc.zc_name
3873 		 */
3874 		(void) snprintf(errbuf, sizeof (errbuf), dgettext(TEXT_DOMAIN,
3875 		    "cannot rename '%s'"), zc.zc_name);
3876 
3877 		if (recursive && errno == EEXIST) {
3878 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
3879 			    "a child dataset already has a snapshot "
3880 			    "with the new name"));
3881 			(void) zfs_error(hdl, EZFS_EXISTS, errbuf);
3882 		} else {
3883 			(void) zfs_standard_error(zhp->zfs_hdl, errno, errbuf);
3884 		}
3885 
3886 		/*
3887 		 * On failure, we still want to remount any filesystems that
3888 		 * were previously mounted, so we don't alter the system state.
3889 		 */
3890 		if (recursive) {
3891 			struct createdata cd;
3892 
3893 			/* only create links for datasets that had existed */
3894 			cd.cd_snapname = delim + 1;
3895 			cd.cd_ifexists = B_TRUE;
3896 			(void) zfs_iter_filesystems(zhrp, zfs_create_link_cb,
3897 			    &cd);
3898 		} else {
3899 			(void) changelist_postfix(cl);
3900 		}
3901 	} else {
3902 		if (recursive) {
3903 			struct createdata cd;
3904 
3905 			/* only create links for datasets that had existed */
3906 			cd.cd_snapname = strchr(target, '@') + 1;
3907 			cd.cd_ifexists = B_TRUE;
3908 			ret = zfs_iter_filesystems(zhrp, zfs_create_link_cb,
3909 			    &cd);
3910 		} else {
3911 			changelist_rename(cl, zfs_get_name(zhp), target);
3912 			ret = changelist_postfix(cl);
3913 		}
3914 	}
3915 
3916 error:
3917 	if (parentname) {
3918 		free(parentname);
3919 	}
3920 	if (zhrp) {
3921 		zfs_close(zhrp);
3922 	}
3923 	if (cl) {
3924 		changelist_free(cl);
3925 	}
3926 	return (ret);
3927 }
3928 
3929 /*
3930  * Given a zvol dataset, issue the ioctl to create the appropriate minor node,
3931  * poke devfsadm to create the /dev link, and then wait for the link to appear.
3932  */
3933 int
3934 zvol_create_link(libzfs_handle_t *hdl, const char *dataset)
3935 {
3936 	return (zvol_create_link_common(hdl, dataset, B_FALSE));
3937 }
3938 
3939 static int
3940 zvol_create_link_common(libzfs_handle_t *hdl, const char *dataset, int ifexists)
3941 {
3942 	zfs_cmd_t zc = { 0 };
3943 	di_devlink_handle_t dhdl;
3944 	priv_set_t *priv_effective;
3945 	int privileged;
3946 
3947 	(void) strlcpy(zc.zc_name, dataset, sizeof (zc.zc_name));
3948 
3949 	/*
3950 	 * Issue the appropriate ioctl.
3951 	 */
3952 	if (ioctl(hdl->libzfs_fd, ZFS_IOC_CREATE_MINOR, &zc) != 0) {
3953 		switch (errno) {
3954 		case EEXIST:
3955 			/*
3956 			 * Silently ignore the case where the link already
3957 			 * exists.  This allows 'zfs volinit' to be run multiple
3958 			 * times without errors.
3959 			 */
3960 			return (0);
3961 
3962 		case ENOENT:
3963 			/*
3964 			 * Dataset does not exist in the kernel.  If we
3965 			 * don't care (see zfs_rename), then ignore the
3966 			 * error quietly.
3967 			 */
3968 			if (ifexists) {
3969 				return (0);
3970 			}
3971 
3972 			/* FALLTHROUGH */
3973 
3974 		default:
3975 			return (zfs_standard_error_fmt(hdl, errno,
3976 			    dgettext(TEXT_DOMAIN, "cannot create device links "
3977 			    "for '%s'"), dataset));
3978 		}
3979 	}
3980 
3981 	/*
3982 	 * If privileged call devfsadm and wait for the links to
3983 	 * magically appear.
3984 	 * Otherwise, print out an informational message.
3985 	 */
3986 
3987 	priv_effective = priv_allocset();
3988 	(void) getppriv(PRIV_EFFECTIVE, priv_effective);
3989 	privileged = (priv_isfullset(priv_effective) == B_TRUE);
3990 	priv_freeset(priv_effective);
3991 
3992 	if (privileged) {
3993 		if ((dhdl = di_devlink_init(ZFS_DRIVER,
3994 		    DI_MAKE_LINK)) == NULL) {
3995 			zfs_error_aux(hdl, strerror(errno));
3996 			(void) zfs_standard_error_fmt(hdl, EZFS_DEVLINKS,
3997 			    dgettext(TEXT_DOMAIN, "cannot create device links "
3998 			    "for '%s'"), dataset);
3999 			(void) ioctl(hdl->libzfs_fd, ZFS_IOC_REMOVE_MINOR, &zc);
4000 			return (-1);
4001 		} else {
4002 			(void) di_devlink_fini(&dhdl);
4003 		}
4004 	} else {
4005 		char pathname[MAXPATHLEN];
4006 		struct stat64 statbuf;
4007 		int i;
4008 
4009 #define	MAX_WAIT	10
4010 
4011 		/*
4012 		 * This is the poor mans way of waiting for the link
4013 		 * to show up.  If after 10 seconds we still don't
4014 		 * have it, then print out a message.
4015 		 */
4016 		(void) snprintf(pathname, sizeof (pathname), "/dev/zvol/dsk/%s",
4017 		    dataset);
4018 
4019 		for (i = 0; i != MAX_WAIT; i++) {
4020 			if (stat64(pathname, &statbuf) == 0)
4021 				break;
4022 			(void) sleep(1);
4023 		}
4024 		if (i == MAX_WAIT)
4025 			(void) printf(gettext("%s may not be immediately "
4026 			    "available\n"), pathname);
4027 	}
4028 
4029 	return (0);
4030 }
4031 
4032 /*
4033  * Remove a minor node for the given zvol and the associated /dev links.
4034  */
4035 int
4036 zvol_remove_link(libzfs_handle_t *hdl, const char *dataset)
4037 {
4038 	zfs_cmd_t zc = { 0 };
4039 
4040 	(void) strlcpy(zc.zc_name, dataset, sizeof (zc.zc_name));
4041 
4042 	if (ioctl(hdl->libzfs_fd, ZFS_IOC_REMOVE_MINOR, &zc) != 0) {
4043 		switch (errno) {
4044 		case ENXIO:
4045 			/*
4046 			 * Silently ignore the case where the link no longer
4047 			 * exists, so that 'zfs volfini' can be run multiple
4048 			 * times without errors.
4049 			 */
4050 			return (0);
4051 
4052 		default:
4053 			return (zfs_standard_error_fmt(hdl, errno,
4054 			    dgettext(TEXT_DOMAIN, "cannot remove device "
4055 			    "links for '%s'"), dataset));
4056 		}
4057 	}
4058 
4059 	return (0);
4060 }
4061 
4062 nvlist_t *
4063 zfs_get_user_props(zfs_handle_t *zhp)
4064 {
4065 	return (zhp->zfs_user_props);
4066 }
4067 
4068 /*
4069  * This function is used by 'zfs list' to determine the exact set of columns to
4070  * display, and their maximum widths.  This does two main things:
4071  *
4072  *      - If this is a list of all properties, then expand the list to include
4073  *        all native properties, and set a flag so that for each dataset we look
4074  *        for new unique user properties and add them to the list.
4075  *
4076  *      - For non fixed-width properties, keep track of the maximum width seen
4077  *        so that we can size the column appropriately.
4078  */
4079 int
4080 zfs_expand_proplist(zfs_handle_t *zhp, zprop_list_t **plp)
4081 {
4082 	libzfs_handle_t *hdl = zhp->zfs_hdl;
4083 	zprop_list_t *entry;
4084 	zprop_list_t **last, **start;
4085 	nvlist_t *userprops, *propval;
4086 	nvpair_t *elem;
4087 	char *strval;
4088 	char buf[ZFS_MAXPROPLEN];
4089 
4090 	if (zprop_expand_list(hdl, plp, ZFS_TYPE_DATASET) != 0)
4091 		return (-1);
4092 
4093 	userprops = zfs_get_user_props(zhp);
4094 
4095 	entry = *plp;
4096 	if (entry->pl_all && nvlist_next_nvpair(userprops, NULL) != NULL) {
4097 		/*
4098 		 * Go through and add any user properties as necessary.  We
4099 		 * start by incrementing our list pointer to the first
4100 		 * non-native property.
4101 		 */
4102 		start = plp;
4103 		while (*start != NULL) {
4104 			if ((*start)->pl_prop == ZPROP_INVAL)
4105 				break;
4106 			start = &(*start)->pl_next;
4107 		}
4108 
4109 		elem = NULL;
4110 		while ((elem = nvlist_next_nvpair(userprops, elem)) != NULL) {
4111 			/*
4112 			 * See if we've already found this property in our list.
4113 			 */
4114 			for (last = start; *last != NULL;
4115 			    last = &(*last)->pl_next) {
4116 				if (strcmp((*last)->pl_user_prop,
4117 				    nvpair_name(elem)) == 0)
4118 					break;
4119 			}
4120 
4121 			if (*last == NULL) {
4122 				if ((entry = zfs_alloc(hdl,
4123 				    sizeof (zprop_list_t))) == NULL ||
4124 				    ((entry->pl_user_prop = zfs_strdup(hdl,
4125 				    nvpair_name(elem)))) == NULL) {
4126 					free(entry);
4127 					return (-1);
4128 				}
4129 
4130 				entry->pl_prop = ZPROP_INVAL;
4131 				entry->pl_width = strlen(nvpair_name(elem));
4132 				entry->pl_all = B_TRUE;
4133 				*last = entry;
4134 			}
4135 		}
4136 	}
4137 
4138 	/*
4139 	 * Now go through and check the width of any non-fixed columns
4140 	 */
4141 	for (entry = *plp; entry != NULL; entry = entry->pl_next) {
4142 		if (entry->pl_fixed)
4143 			continue;
4144 
4145 		if (entry->pl_prop != ZPROP_INVAL) {
4146 			if (zfs_prop_get(zhp, entry->pl_prop,
4147 			    buf, sizeof (buf), NULL, NULL, 0, B_FALSE) == 0) {
4148 				if (strlen(buf) > entry->pl_width)
4149 					entry->pl_width = strlen(buf);
4150 			}
4151 		} else if (nvlist_lookup_nvlist(userprops,
4152 		    entry->pl_user_prop, &propval)  == 0) {
4153 			verify(nvlist_lookup_string(propval,
4154 			    ZPROP_VALUE, &strval) == 0);
4155 			if (strlen(strval) > entry->pl_width)
4156 				entry->pl_width = strlen(strval);
4157 		}
4158 	}
4159 
4160 	return (0);
4161 }
4162 
4163 int
4164 zfs_iscsi_perm_check(libzfs_handle_t *hdl, char *dataset, ucred_t *cred)
4165 {
4166 	zfs_cmd_t zc = { 0 };
4167 	nvlist_t *nvp;
4168 	gid_t gid;
4169 	uid_t uid;
4170 	const gid_t *groups;
4171 	int group_cnt;
4172 	int error;
4173 
4174 	if (nvlist_alloc(&nvp, NV_UNIQUE_NAME, 0) != 0)
4175 		return (no_memory(hdl));
4176 
4177 	uid = ucred_geteuid(cred);
4178 	gid = ucred_getegid(cred);
4179 	group_cnt = ucred_getgroups(cred, &groups);
4180 
4181 	if (uid == (uid_t)-1 || gid == (uid_t)-1 || group_cnt == (uid_t)-1)
4182 		return (1);
4183 
4184 	if (nvlist_add_uint32(nvp, ZFS_DELEG_PERM_UID, uid) != 0) {
4185 		nvlist_free(nvp);
4186 		return (1);
4187 	}
4188 
4189 	if (nvlist_add_uint32(nvp, ZFS_DELEG_PERM_GID, gid) != 0) {
4190 		nvlist_free(nvp);
4191 		return (1);
4192 	}
4193 
4194 	if (nvlist_add_uint32_array(nvp,
4195 	    ZFS_DELEG_PERM_GROUPS, (uint32_t *)groups, group_cnt) != 0) {
4196 		nvlist_free(nvp);
4197 		return (1);
4198 	}
4199 	(void) strlcpy(zc.zc_name, dataset, sizeof (zc.zc_name));
4200 
4201 	if (zcmd_write_src_nvlist(hdl, &zc, nvp))
4202 		return (-1);
4203 
4204 	error = ioctl(hdl->libzfs_fd, ZFS_IOC_ISCSI_PERM_CHECK, &zc);
4205 	nvlist_free(nvp);
4206 	return (error);
4207 }
4208 
4209 int
4210 zfs_deleg_share_nfs(libzfs_handle_t *hdl, char *dataset, char *path,
4211     void *export, void *sharetab, int sharemax, zfs_share_op_t operation)
4212 {
4213 	zfs_cmd_t zc = { 0 };
4214 	int error;
4215 
4216 	(void) strlcpy(zc.zc_name, dataset, sizeof (zc.zc_name));
4217 	(void) strlcpy(zc.zc_value, path, sizeof (zc.zc_value));
4218 	zc.zc_share.z_sharedata = (uint64_t)(uintptr_t)sharetab;
4219 	zc.zc_share.z_exportdata = (uint64_t)(uintptr_t)export;
4220 	zc.zc_share.z_sharetype = operation;
4221 	zc.zc_share.z_sharemax = sharemax;
4222 
4223 	error = ioctl(hdl->libzfs_fd, ZFS_IOC_SHARE, &zc);
4224 	return (error);
4225 }
4226