xref: /titanic_44/usr/src/lib/libzfs/common/libzfs_dataset.c (revision f8b6bfdc3446ec90dae56251f6a0ba6e5b66b55c)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 
22 /*
23  * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
24  * Use is subject to license terms.
25  */
26 
27 #pragma ident	"%Z%%M%	%I%	%E% SMI"
28 
29 #include <assert.h>
30 #include <ctype.h>
31 #include <errno.h>
32 #include <libdevinfo.h>
33 #include <libintl.h>
34 #include <math.h>
35 #include <stdio.h>
36 #include <stdlib.h>
37 #include <strings.h>
38 #include <unistd.h>
39 #include <stddef.h>
40 #include <zone.h>
41 #include <fcntl.h>
42 #include <sys/mntent.h>
43 #include <sys/mnttab.h>
44 #include <sys/mount.h>
45 #include <sys/avl.h>
46 #include <priv.h>
47 #include <pwd.h>
48 #include <grp.h>
49 #include <stddef.h>
50 #include <ucred.h>
51 
52 #include <sys/spa.h>
53 #include <sys/zap.h>
54 #include <libzfs.h>
55 
56 #include "zfs_namecheck.h"
57 #include "zfs_prop.h"
58 #include "libzfs_impl.h"
59 #include "zfs_deleg.h"
60 
61 static int zvol_create_link_common(libzfs_handle_t *, const char *, int);
62 
63 /*
64  * Given a single type (not a mask of types), return the type in a human
65  * readable form.
66  */
67 const char *
68 zfs_type_to_name(zfs_type_t type)
69 {
70 	switch (type) {
71 	case ZFS_TYPE_FILESYSTEM:
72 		return (dgettext(TEXT_DOMAIN, "filesystem"));
73 	case ZFS_TYPE_SNAPSHOT:
74 		return (dgettext(TEXT_DOMAIN, "snapshot"));
75 	case ZFS_TYPE_VOLUME:
76 		return (dgettext(TEXT_DOMAIN, "volume"));
77 	}
78 
79 	return (NULL);
80 }
81 
82 /*
83  * Given a path and mask of ZFS types, return a string describing this dataset.
84  * This is used when we fail to open a dataset and we cannot get an exact type.
85  * We guess what the type would have been based on the path and the mask of
86  * acceptable types.
87  */
88 static const char *
89 path_to_str(const char *path, int types)
90 {
91 	/*
92 	 * When given a single type, always report the exact type.
93 	 */
94 	if (types == ZFS_TYPE_SNAPSHOT)
95 		return (dgettext(TEXT_DOMAIN, "snapshot"));
96 	if (types == ZFS_TYPE_FILESYSTEM)
97 		return (dgettext(TEXT_DOMAIN, "filesystem"));
98 	if (types == ZFS_TYPE_VOLUME)
99 		return (dgettext(TEXT_DOMAIN, "volume"));
100 
101 	/*
102 	 * The user is requesting more than one type of dataset.  If this is the
103 	 * case, consult the path itself.  If we're looking for a snapshot, and
104 	 * a '@' is found, then report it as "snapshot".  Otherwise, remove the
105 	 * snapshot attribute and try again.
106 	 */
107 	if (types & ZFS_TYPE_SNAPSHOT) {
108 		if (strchr(path, '@') != NULL)
109 			return (dgettext(TEXT_DOMAIN, "snapshot"));
110 		return (path_to_str(path, types & ~ZFS_TYPE_SNAPSHOT));
111 	}
112 
113 
114 	/*
115 	 * The user has requested either filesystems or volumes.
116 	 * We have no way of knowing a priori what type this would be, so always
117 	 * report it as "filesystem" or "volume", our two primitive types.
118 	 */
119 	if (types & ZFS_TYPE_FILESYSTEM)
120 		return (dgettext(TEXT_DOMAIN, "filesystem"));
121 
122 	assert(types & ZFS_TYPE_VOLUME);
123 	return (dgettext(TEXT_DOMAIN, "volume"));
124 }
125 
126 /*
127  * Validate a ZFS path.  This is used even before trying to open the dataset, to
128  * provide a more meaningful error message.  We place a more useful message in
129  * 'buf' detailing exactly why the name was not valid.
130  */
131 static int
132 zfs_validate_name(libzfs_handle_t *hdl, const char *path, int type,
133     boolean_t modifying)
134 {
135 	namecheck_err_t why;
136 	char what;
137 
138 	if (dataset_namecheck(path, &why, &what) != 0) {
139 		if (hdl != NULL) {
140 			switch (why) {
141 			case NAME_ERR_TOOLONG:
142 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
143 				    "name is too long"));
144 				break;
145 
146 			case NAME_ERR_LEADING_SLASH:
147 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
148 				    "leading slash in name"));
149 				break;
150 
151 			case NAME_ERR_EMPTY_COMPONENT:
152 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
153 				    "empty component in name"));
154 				break;
155 
156 			case NAME_ERR_TRAILING_SLASH:
157 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
158 				    "trailing slash in name"));
159 				break;
160 
161 			case NAME_ERR_INVALCHAR:
162 				zfs_error_aux(hdl,
163 				    dgettext(TEXT_DOMAIN, "invalid character "
164 				    "'%c' in name"), what);
165 				break;
166 
167 			case NAME_ERR_MULTIPLE_AT:
168 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
169 				    "multiple '@' delimiters in name"));
170 				break;
171 
172 			case NAME_ERR_NOLETTER:
173 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
174 				    "pool doesn't begin with a letter"));
175 				break;
176 
177 			case NAME_ERR_RESERVED:
178 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
179 				    "name is reserved"));
180 				break;
181 
182 			case NAME_ERR_DISKLIKE:
183 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
184 				    "reserved disk name"));
185 				break;
186 			}
187 		}
188 
189 		return (0);
190 	}
191 
192 	if (!(type & ZFS_TYPE_SNAPSHOT) && strchr(path, '@') != NULL) {
193 		if (hdl != NULL)
194 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
195 			    "snapshot delimiter '@' in filesystem name"));
196 		return (0);
197 	}
198 
199 	if (type == ZFS_TYPE_SNAPSHOT && strchr(path, '@') == NULL) {
200 		if (hdl != NULL)
201 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
202 			    "missing '@' delimiter in snapshot name"));
203 		return (0);
204 	}
205 
206 	if (modifying && strchr(path, '%') != NULL) {
207 		if (hdl != NULL)
208 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
209 			    "invalid character %c in name"), '%');
210 		return (0);
211 	}
212 
213 	return (-1);
214 }
215 
216 int
217 zfs_name_valid(const char *name, zfs_type_t type)
218 {
219 	return (zfs_validate_name(NULL, name, type, B_FALSE));
220 }
221 
222 /*
223  * This function takes the raw DSL properties, and filters out the user-defined
224  * properties into a separate nvlist.
225  */
226 static nvlist_t *
227 process_user_props(zfs_handle_t *zhp, nvlist_t *props)
228 {
229 	libzfs_handle_t *hdl = zhp->zfs_hdl;
230 	nvpair_t *elem;
231 	nvlist_t *propval;
232 	nvlist_t *nvl;
233 
234 	if (nvlist_alloc(&nvl, NV_UNIQUE_NAME, 0) != 0) {
235 		(void) no_memory(hdl);
236 		return (NULL);
237 	}
238 
239 	elem = NULL;
240 	while ((elem = nvlist_next_nvpair(props, elem)) != NULL) {
241 		if (!zfs_prop_user(nvpair_name(elem)))
242 			continue;
243 
244 		verify(nvpair_value_nvlist(elem, &propval) == 0);
245 		if (nvlist_add_nvlist(nvl, nvpair_name(elem), propval) != 0) {
246 			nvlist_free(nvl);
247 			(void) no_memory(hdl);
248 			return (NULL);
249 		}
250 	}
251 
252 	return (nvl);
253 }
254 
255 /*
256  * Utility function to gather stats (objset and zpl) for the given object.
257  */
258 static int
259 get_stats(zfs_handle_t *zhp)
260 {
261 	zfs_cmd_t zc = { 0 };
262 	libzfs_handle_t *hdl = zhp->zfs_hdl;
263 	nvlist_t *allprops, *userprops;
264 
265 	(void) strlcpy(zc.zc_name, zhp->zfs_name, sizeof (zc.zc_name));
266 
267 	if (zcmd_alloc_dst_nvlist(hdl, &zc, 0) != 0)
268 		return (-1);
269 
270 	while (ioctl(zhp->zfs_hdl->libzfs_fd, ZFS_IOC_OBJSET_STATS, &zc) != 0) {
271 		if (errno == ENOMEM) {
272 			if (zcmd_expand_dst_nvlist(hdl, &zc) != 0) {
273 				zcmd_free_nvlists(&zc);
274 				return (-1);
275 			}
276 		} else {
277 			zcmd_free_nvlists(&zc);
278 			return (-1);
279 		}
280 	}
281 
282 	zhp->zfs_dmustats = zc.zc_objset_stats; /* structure assignment */
283 
284 	(void) strlcpy(zhp->zfs_root, zc.zc_value, sizeof (zhp->zfs_root));
285 
286 	if (zcmd_read_dst_nvlist(hdl, &zc, &allprops) != 0) {
287 		zcmd_free_nvlists(&zc);
288 		return (-1);
289 	}
290 
291 	zcmd_free_nvlists(&zc);
292 
293 	if ((userprops = process_user_props(zhp, allprops)) == NULL) {
294 		nvlist_free(allprops);
295 		return (-1);
296 	}
297 
298 	nvlist_free(zhp->zfs_props);
299 	nvlist_free(zhp->zfs_user_props);
300 
301 	zhp->zfs_props = allprops;
302 	zhp->zfs_user_props = userprops;
303 
304 	return (0);
305 }
306 
307 /*
308  * Refresh the properties currently stored in the handle.
309  */
310 void
311 zfs_refresh_properties(zfs_handle_t *zhp)
312 {
313 	(void) get_stats(zhp);
314 }
315 
316 /*
317  * Makes a handle from the given dataset name.  Used by zfs_open() and
318  * zfs_iter_* to create child handles on the fly.
319  */
320 zfs_handle_t *
321 make_dataset_handle(libzfs_handle_t *hdl, const char *path)
322 {
323 	zfs_handle_t *zhp = calloc(sizeof (zfs_handle_t), 1);
324 	char *logstr;
325 
326 	if (zhp == NULL)
327 		return (NULL);
328 
329 	zhp->zfs_hdl = hdl;
330 
331 	/*
332 	 * Preserve history log string.
333 	 * any changes performed here will be
334 	 * logged as an internal event.
335 	 */
336 	logstr = zhp->zfs_hdl->libzfs_log_str;
337 	zhp->zfs_hdl->libzfs_log_str = NULL;
338 top:
339 	(void) strlcpy(zhp->zfs_name, path, sizeof (zhp->zfs_name));
340 
341 	if (get_stats(zhp) != 0) {
342 		zhp->zfs_hdl->libzfs_log_str = logstr;
343 		free(zhp);
344 		return (NULL);
345 	}
346 
347 	if (zhp->zfs_dmustats.dds_inconsistent) {
348 		zfs_cmd_t zc = { 0 };
349 
350 		/*
351 		 * If it is dds_inconsistent, then we've caught it in
352 		 * the middle of a 'zfs receive' or 'zfs destroy', and
353 		 * it is inconsistent from the ZPL's point of view, so
354 		 * can't be mounted.  However, it could also be that we
355 		 * have crashed in the middle of one of those
356 		 * operations, in which case we need to get rid of the
357 		 * inconsistent state.  We do that by either rolling
358 		 * back to the previous snapshot (which will fail if
359 		 * there is none), or destroying the filesystem.  Note
360 		 * that if we are still in the middle of an active
361 		 * 'receive' or 'destroy', then the rollback and destroy
362 		 * will fail with EBUSY and we will drive on as usual.
363 		 */
364 
365 		(void) strlcpy(zc.zc_name, zhp->zfs_name, sizeof (zc.zc_name));
366 
367 		if (zhp->zfs_dmustats.dds_type == DMU_OST_ZVOL) {
368 			(void) zvol_remove_link(hdl, zhp->zfs_name);
369 			zc.zc_objset_type = DMU_OST_ZVOL;
370 		} else {
371 			zc.zc_objset_type = DMU_OST_ZFS;
372 		}
373 
374 		/*
375 		 * If we can successfully destroy it, pretend that it
376 		 * never existed.
377 		 */
378 		if (ioctl(hdl->libzfs_fd, ZFS_IOC_DESTROY, &zc) == 0) {
379 			zhp->zfs_hdl->libzfs_log_str = logstr;
380 			free(zhp);
381 			errno = ENOENT;
382 			return (NULL);
383 		}
384 		/* If we can successfully roll it back, reget the stats */
385 		if (ioctl(hdl->libzfs_fd, ZFS_IOC_ROLLBACK, &zc) == 0)
386 			goto top;
387 	}
388 
389 	/*
390 	 * We've managed to open the dataset and gather statistics.  Determine
391 	 * the high-level type.
392 	 */
393 	if (zhp->zfs_dmustats.dds_type == DMU_OST_ZVOL)
394 		zhp->zfs_head_type = ZFS_TYPE_VOLUME;
395 	else if (zhp->zfs_dmustats.dds_type == DMU_OST_ZFS)
396 		zhp->zfs_head_type = ZFS_TYPE_FILESYSTEM;
397 	else
398 		abort();
399 
400 	if (zhp->zfs_dmustats.dds_is_snapshot)
401 		zhp->zfs_type = ZFS_TYPE_SNAPSHOT;
402 	else if (zhp->zfs_dmustats.dds_type == DMU_OST_ZVOL)
403 		zhp->zfs_type = ZFS_TYPE_VOLUME;
404 	else if (zhp->zfs_dmustats.dds_type == DMU_OST_ZFS)
405 		zhp->zfs_type = ZFS_TYPE_FILESYSTEM;
406 	else
407 		abort();	/* we should never see any other types */
408 
409 	zhp->zfs_hdl->libzfs_log_str = logstr;
410 	return (zhp);
411 }
412 
413 /*
414  * Opens the given snapshot, filesystem, or volume.   The 'types'
415  * argument is a mask of acceptable types.  The function will print an
416  * appropriate error message and return NULL if it can't be opened.
417  */
418 zfs_handle_t *
419 zfs_open(libzfs_handle_t *hdl, const char *path, int types)
420 {
421 	zfs_handle_t *zhp;
422 	char errbuf[1024];
423 
424 	(void) snprintf(errbuf, sizeof (errbuf),
425 	    dgettext(TEXT_DOMAIN, "cannot open '%s'"), path);
426 
427 	/*
428 	 * Validate the name before we even try to open it.
429 	 */
430 	if (!zfs_validate_name(hdl, path, ZFS_TYPE_DATASET, B_FALSE)) {
431 		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
432 		    "invalid dataset name"));
433 		(void) zfs_error(hdl, EZFS_INVALIDNAME, errbuf);
434 		return (NULL);
435 	}
436 
437 	/*
438 	 * Try to get stats for the dataset, which will tell us if it exists.
439 	 */
440 	errno = 0;
441 	if ((zhp = make_dataset_handle(hdl, path)) == NULL) {
442 		(void) zfs_standard_error(hdl, errno, errbuf);
443 		return (NULL);
444 	}
445 
446 	if (!(types & zhp->zfs_type)) {
447 		(void) zfs_error(hdl, EZFS_BADTYPE, errbuf);
448 		zfs_close(zhp);
449 		return (NULL);
450 	}
451 
452 	return (zhp);
453 }
454 
455 /*
456  * Release a ZFS handle.  Nothing to do but free the associated memory.
457  */
458 void
459 zfs_close(zfs_handle_t *zhp)
460 {
461 	if (zhp->zfs_mntopts)
462 		free(zhp->zfs_mntopts);
463 	nvlist_free(zhp->zfs_props);
464 	nvlist_free(zhp->zfs_user_props);
465 	free(zhp);
466 }
467 
468 /*
469  * Given an nvlist of properties to set, validates that they are correct, and
470  * parses any numeric properties (index, boolean, etc) if they are specified as
471  * strings.
472  */
473 static nvlist_t *
474 zfs_validate_properties(libzfs_handle_t *hdl, zfs_type_t type, nvlist_t *nvl,
475     uint64_t zoned, zfs_handle_t *zhp, const char *errbuf)
476 {
477 	nvpair_t *elem;
478 	uint64_t intval;
479 	char *strval;
480 	zfs_prop_t prop;
481 	nvlist_t *ret;
482 	int chosen_normal = -1;
483 	int chosen_utf = -1;
484 
485 	if (type == ZFS_TYPE_SNAPSHOT) {
486 		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
487 		    "snapshot properties cannot be modified"));
488 		(void) zfs_error(hdl, EZFS_PROPTYPE, errbuf);
489 		return (NULL);
490 	}
491 
492 	if (nvlist_alloc(&ret, NV_UNIQUE_NAME, 0) != 0) {
493 		(void) no_memory(hdl);
494 		return (NULL);
495 	}
496 
497 	elem = NULL;
498 	while ((elem = nvlist_next_nvpair(nvl, elem)) != NULL) {
499 		const char *propname = nvpair_name(elem);
500 
501 		/*
502 		 * Make sure this property is valid and applies to this type.
503 		 */
504 		if ((prop = zfs_name_to_prop(propname)) == ZPROP_INVAL) {
505 			if (!zfs_prop_user(propname)) {
506 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
507 				    "invalid property '%s'"), propname);
508 				(void) zfs_error(hdl, EZFS_BADPROP, errbuf);
509 				goto error;
510 			}
511 
512 			/*
513 			 * If this is a user property, make sure it's a
514 			 * string, and that it's less than ZAP_MAXNAMELEN.
515 			 */
516 			if (nvpair_type(elem) != DATA_TYPE_STRING) {
517 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
518 				    "'%s' must be a string"), propname);
519 				(void) zfs_error(hdl, EZFS_BADPROP, errbuf);
520 				goto error;
521 			}
522 
523 			if (strlen(nvpair_name(elem)) >= ZAP_MAXNAMELEN) {
524 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
525 				    "property name '%s' is too long"),
526 				    propname);
527 				(void) zfs_error(hdl, EZFS_BADPROP, errbuf);
528 				goto error;
529 			}
530 
531 			(void) nvpair_value_string(elem, &strval);
532 			if (nvlist_add_string(ret, propname, strval) != 0) {
533 				(void) no_memory(hdl);
534 				goto error;
535 			}
536 			continue;
537 		}
538 
539 		if (!zfs_prop_valid_for_type(prop, type)) {
540 			zfs_error_aux(hdl,
541 			    dgettext(TEXT_DOMAIN, "'%s' does not "
542 			    "apply to datasets of this type"), propname);
543 			(void) zfs_error(hdl, EZFS_PROPTYPE, errbuf);
544 			goto error;
545 		}
546 
547 		if (zfs_prop_readonly(prop) &&
548 		    (!zfs_prop_setonce(prop) || zhp != NULL)) {
549 			zfs_error_aux(hdl,
550 			    dgettext(TEXT_DOMAIN, "'%s' is readonly"),
551 			    propname);
552 			(void) zfs_error(hdl, EZFS_PROPREADONLY, errbuf);
553 			goto error;
554 		}
555 
556 		if (zprop_parse_value(hdl, elem, prop, type, ret,
557 		    &strval, &intval, errbuf) != 0)
558 			goto error;
559 
560 		/*
561 		 * Perform some additional checks for specific properties.
562 		 */
563 		switch (prop) {
564 		case ZFS_PROP_VERSION:
565 		{
566 			int version;
567 
568 			if (zhp == NULL)
569 				break;
570 			version = zfs_prop_get_int(zhp, ZFS_PROP_VERSION);
571 			if (intval < version) {
572 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
573 				    "Can not downgrade; already at version %u"),
574 				    version);
575 				(void) zfs_error(hdl, EZFS_BADPROP, errbuf);
576 				goto error;
577 			}
578 			break;
579 		}
580 
581 		case ZFS_PROP_RECORDSIZE:
582 		case ZFS_PROP_VOLBLOCKSIZE:
583 			/* must be power of two within SPA_{MIN,MAX}BLOCKSIZE */
584 			if (intval < SPA_MINBLOCKSIZE ||
585 			    intval > SPA_MAXBLOCKSIZE || !ISP2(intval)) {
586 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
587 				    "'%s' must be power of 2 from %u "
588 				    "to %uk"), propname,
589 				    (uint_t)SPA_MINBLOCKSIZE,
590 				    (uint_t)SPA_MAXBLOCKSIZE >> 10);
591 				(void) zfs_error(hdl, EZFS_BADPROP, errbuf);
592 				goto error;
593 			}
594 			break;
595 
596 		case ZFS_PROP_SHAREISCSI:
597 			if (strcmp(strval, "off") != 0 &&
598 			    strcmp(strval, "on") != 0 &&
599 			    strcmp(strval, "type=disk") != 0) {
600 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
601 				    "'%s' must be 'on', 'off', or 'type=disk'"),
602 				    propname);
603 				(void) zfs_error(hdl, EZFS_BADPROP, errbuf);
604 				goto error;
605 			}
606 
607 			break;
608 
609 		case ZFS_PROP_MOUNTPOINT:
610 		{
611 			namecheck_err_t why;
612 
613 			if (strcmp(strval, ZFS_MOUNTPOINT_NONE) == 0 ||
614 			    strcmp(strval, ZFS_MOUNTPOINT_LEGACY) == 0)
615 				break;
616 
617 			if (mountpoint_namecheck(strval, &why)) {
618 				switch (why) {
619 				case NAME_ERR_LEADING_SLASH:
620 					zfs_error_aux(hdl,
621 					    dgettext(TEXT_DOMAIN,
622 					    "'%s' must be an absolute path, "
623 					    "'none', or 'legacy'"), propname);
624 					break;
625 				case NAME_ERR_TOOLONG:
626 					zfs_error_aux(hdl,
627 					    dgettext(TEXT_DOMAIN,
628 					    "component of '%s' is too long"),
629 					    propname);
630 					break;
631 				}
632 				(void) zfs_error(hdl, EZFS_BADPROP, errbuf);
633 				goto error;
634 			}
635 		}
636 
637 			/*FALLTHRU*/
638 
639 		case ZFS_PROP_SHARESMB:
640 		case ZFS_PROP_SHARENFS:
641 			/*
642 			 * For the mountpoint and sharenfs or sharesmb
643 			 * properties, check if it can be set in a
644 			 * global/non-global zone based on
645 			 * the zoned property value:
646 			 *
647 			 *		global zone	    non-global zone
648 			 * --------------------------------------------------
649 			 * zoned=on	mountpoint (no)	    mountpoint (yes)
650 			 *		sharenfs (no)	    sharenfs (no)
651 			 *		sharesmb (no)	    sharesmb (no)
652 			 *
653 			 * zoned=off	mountpoint (yes)	N/A
654 			 *		sharenfs (yes)
655 			 *		sharesmb (yes)
656 			 */
657 			if (zoned) {
658 				if (getzoneid() == GLOBAL_ZONEID) {
659 					zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
660 					    "'%s' cannot be set on "
661 					    "dataset in a non-global zone"),
662 					    propname);
663 					(void) zfs_error(hdl, EZFS_ZONED,
664 					    errbuf);
665 					goto error;
666 				} else if (prop == ZFS_PROP_SHARENFS ||
667 				    prop == ZFS_PROP_SHARESMB) {
668 					zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
669 					    "'%s' cannot be set in "
670 					    "a non-global zone"), propname);
671 					(void) zfs_error(hdl, EZFS_ZONED,
672 					    errbuf);
673 					goto error;
674 				}
675 			} else if (getzoneid() != GLOBAL_ZONEID) {
676 				/*
677 				 * If zoned property is 'off', this must be in
678 				 * a globle zone. If not, something is wrong.
679 				 */
680 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
681 				    "'%s' cannot be set while dataset "
682 				    "'zoned' property is set"), propname);
683 				(void) zfs_error(hdl, EZFS_ZONED, errbuf);
684 				goto error;
685 			}
686 
687 			/*
688 			 * At this point, it is legitimate to set the
689 			 * property. Now we want to make sure that the
690 			 * property value is valid if it is sharenfs.
691 			 */
692 			if ((prop == ZFS_PROP_SHARENFS ||
693 			    prop == ZFS_PROP_SHARESMB) &&
694 			    strcmp(strval, "on") != 0 &&
695 			    strcmp(strval, "off") != 0) {
696 				zfs_share_proto_t proto;
697 
698 				if (prop == ZFS_PROP_SHARESMB)
699 					proto = PROTO_SMB;
700 				else
701 					proto = PROTO_NFS;
702 
703 				/*
704 				 * Must be an valid sharing protocol
705 				 * option string so init the libshare
706 				 * in order to enable the parser and
707 				 * then parse the options. We use the
708 				 * control API since we don't care about
709 				 * the current configuration and don't
710 				 * want the overhead of loading it
711 				 * until we actually do something.
712 				 */
713 
714 				if (zfs_init_libshare(hdl,
715 				    SA_INIT_CONTROL_API) != SA_OK) {
716 					/*
717 					 * An error occurred so we can't do
718 					 * anything
719 					 */
720 					zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
721 					    "'%s' cannot be set: problem "
722 					    "in share initialization"),
723 					    propname);
724 					(void) zfs_error(hdl, EZFS_BADPROP,
725 					    errbuf);
726 					goto error;
727 				}
728 
729 				if (zfs_parse_options(strval, proto) != SA_OK) {
730 					/*
731 					 * There was an error in parsing so
732 					 * deal with it by issuing an error
733 					 * message and leaving after
734 					 * uninitializing the the libshare
735 					 * interface.
736 					 */
737 					zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
738 					    "'%s' cannot be set to invalid "
739 					    "options"), propname);
740 					(void) zfs_error(hdl, EZFS_BADPROP,
741 					    errbuf);
742 					zfs_uninit_libshare(hdl);
743 					goto error;
744 				}
745 				zfs_uninit_libshare(hdl);
746 			}
747 
748 			break;
749 		case ZFS_PROP_UTF8ONLY:
750 			chosen_utf = (int)intval;
751 			break;
752 		case ZFS_PROP_NORMALIZE:
753 			chosen_normal = (int)intval;
754 			break;
755 		}
756 
757 		/*
758 		 * For changes to existing volumes, we have some additional
759 		 * checks to enforce.
760 		 */
761 		if (type == ZFS_TYPE_VOLUME && zhp != NULL) {
762 			uint64_t volsize = zfs_prop_get_int(zhp,
763 			    ZFS_PROP_VOLSIZE);
764 			uint64_t blocksize = zfs_prop_get_int(zhp,
765 			    ZFS_PROP_VOLBLOCKSIZE);
766 			char buf[64];
767 
768 			switch (prop) {
769 			case ZFS_PROP_RESERVATION:
770 			case ZFS_PROP_REFRESERVATION:
771 				if (intval > volsize) {
772 					zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
773 					    "'%s' is greater than current "
774 					    "volume size"), propname);
775 					(void) zfs_error(hdl, EZFS_BADPROP,
776 					    errbuf);
777 					goto error;
778 				}
779 				break;
780 
781 			case ZFS_PROP_VOLSIZE:
782 				if (intval % blocksize != 0) {
783 					zfs_nicenum(blocksize, buf,
784 					    sizeof (buf));
785 					zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
786 					    "'%s' must be a multiple of "
787 					    "volume block size (%s)"),
788 					    propname, buf);
789 					(void) zfs_error(hdl, EZFS_BADPROP,
790 					    errbuf);
791 					goto error;
792 				}
793 
794 				if (intval == 0) {
795 					zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
796 					    "'%s' cannot be zero"),
797 					    propname);
798 					(void) zfs_error(hdl, EZFS_BADPROP,
799 					    errbuf);
800 					goto error;
801 				}
802 				break;
803 			}
804 		}
805 	}
806 
807 	/*
808 	 * If normalization was chosen, but no UTF8 choice was made,
809 	 * enforce rejection of non-UTF8 names.
810 	 *
811 	 * If normalization was chosen, but rejecting non-UTF8 names
812 	 * was explicitly not chosen, it is an error.
813 	 */
814 	if (chosen_normal > 0 && chosen_utf < 0) {
815 		if (nvlist_add_uint64(ret,
816 		    zfs_prop_to_name(ZFS_PROP_UTF8ONLY), 1) != 0) {
817 			(void) no_memory(hdl);
818 			goto error;
819 		}
820 	} else if (chosen_normal > 0 && chosen_utf == 0) {
821 		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
822 		    "'%s' must be set 'on' if normalization chosen"),
823 		    zfs_prop_to_name(ZFS_PROP_UTF8ONLY));
824 		(void) zfs_error(hdl, EZFS_BADPROP, errbuf);
825 		goto error;
826 	}
827 
828 	/*
829 	 * If this is an existing volume, and someone is setting the volsize,
830 	 * make sure that it matches the reservation, or add it if necessary.
831 	 */
832 	if (zhp != NULL && type == ZFS_TYPE_VOLUME &&
833 	    nvlist_lookup_uint64(ret, zfs_prop_to_name(ZFS_PROP_VOLSIZE),
834 	    &intval) == 0) {
835 		uint64_t old_volsize = zfs_prop_get_int(zhp,
836 		    ZFS_PROP_VOLSIZE);
837 		uint64_t old_reservation;
838 		uint64_t new_reservation;
839 		char *pool_name;
840 		zpool_handle_t *zpool_handle;
841 		char *p;
842 		zfs_prop_t resv_prop;
843 		uint64_t spa_version;
844 
845 		pool_name = zfs_alloc(zhp->zfs_hdl, MAXPATHLEN);
846 		if (zfs_prop_get(zhp, ZFS_PROP_NAME, pool_name,
847 		    MAXPATHLEN, NULL, NULL, 0, B_FALSE) != 0) {
848 			free(pool_name);
849 			goto error;
850 		}
851 
852 		if (p = strchr(pool_name, '/'))
853 			*p = '\0';
854 		zpool_handle = zpool_open(hdl, pool_name);
855 		free(pool_name);
856 		if (zpool_handle == NULL)
857 			goto error;
858 
859 		spa_version = zpool_get_prop_int(zpool_handle,
860 		    ZPOOL_PROP_VERSION, NULL);
861 		zpool_close(zpool_handle);
862 		if (spa_version >= SPA_VERSION_REFRESERVATION)
863 			resv_prop = ZFS_PROP_REFRESERVATION;
864 		else
865 			resv_prop = ZFS_PROP_RESERVATION;
866 
867 		old_reservation = zfs_prop_get_int(zhp, resv_prop);
868 
869 		if (old_volsize == old_reservation &&
870 		    nvlist_lookup_uint64(ret, zfs_prop_to_name(resv_prop),
871 		    &new_reservation) != 0) {
872 			if (nvlist_add_uint64(ret,
873 			    zfs_prop_to_name(resv_prop), intval) != 0) {
874 				(void) no_memory(hdl);
875 				goto error;
876 			}
877 		}
878 	}
879 
880 	return (ret);
881 
882 error:
883 	nvlist_free(ret);
884 	return (NULL);
885 }
886 
887 static int
888 zfs_get_perm_who(const char *who, zfs_deleg_who_type_t *who_type,
889     uint64_t *ret_who)
890 {
891 	struct passwd *pwd;
892 	struct group *grp;
893 	uid_t id;
894 
895 	if (*who_type == ZFS_DELEG_EVERYONE || *who_type == ZFS_DELEG_CREATE ||
896 	    *who_type == ZFS_DELEG_NAMED_SET) {
897 		*ret_who = -1;
898 		return (0);
899 	}
900 	if (who == NULL && !(*who_type == ZFS_DELEG_EVERYONE))
901 		return (EZFS_BADWHO);
902 
903 	if (*who_type == ZFS_DELEG_WHO_UNKNOWN &&
904 	    strcmp(who, "everyone") == 0) {
905 		*ret_who = -1;
906 		*who_type = ZFS_DELEG_EVERYONE;
907 		return (0);
908 	}
909 
910 	pwd = getpwnam(who);
911 	grp = getgrnam(who);
912 
913 	if ((*who_type == ZFS_DELEG_USER) && pwd) {
914 		*ret_who = pwd->pw_uid;
915 	} else if ((*who_type == ZFS_DELEG_GROUP) && grp) {
916 		*ret_who = grp->gr_gid;
917 	} else if (pwd) {
918 		*ret_who = pwd->pw_uid;
919 		*who_type = ZFS_DELEG_USER;
920 	} else if (grp) {
921 		*ret_who = grp->gr_gid;
922 		*who_type = ZFS_DELEG_GROUP;
923 	} else {
924 		char *end;
925 
926 		id = strtol(who, &end, 10);
927 		if (errno != 0 || *end != '\0') {
928 			return (EZFS_BADWHO);
929 		} else {
930 			*ret_who = id;
931 			if (*who_type == ZFS_DELEG_WHO_UNKNOWN)
932 				*who_type = ZFS_DELEG_USER;
933 		}
934 	}
935 
936 	return (0);
937 }
938 
939 static void
940 zfs_perms_add_to_nvlist(nvlist_t *who_nvp, char *name, nvlist_t *perms_nvp)
941 {
942 	if (perms_nvp != NULL) {
943 		verify(nvlist_add_nvlist(who_nvp,
944 		    name, perms_nvp) == 0);
945 	} else {
946 		verify(nvlist_add_boolean(who_nvp, name) == 0);
947 	}
948 }
949 
950 static void
951 helper(zfs_deleg_who_type_t who_type, uint64_t whoid, char *whostr,
952     zfs_deleg_inherit_t inherit, nvlist_t *who_nvp, nvlist_t *perms_nvp,
953     nvlist_t *sets_nvp)
954 {
955 	boolean_t do_perms, do_sets;
956 	char name[ZFS_MAX_DELEG_NAME];
957 
958 	do_perms = (nvlist_next_nvpair(perms_nvp, NULL) != NULL);
959 	do_sets = (nvlist_next_nvpair(sets_nvp, NULL) != NULL);
960 
961 	if (!do_perms && !do_sets)
962 		do_perms = do_sets = B_TRUE;
963 
964 	if (do_perms) {
965 		zfs_deleg_whokey(name, who_type, inherit,
966 		    (who_type == ZFS_DELEG_NAMED_SET) ?
967 		    whostr : (void *)&whoid);
968 		zfs_perms_add_to_nvlist(who_nvp, name, perms_nvp);
969 	}
970 	if (do_sets) {
971 		zfs_deleg_whokey(name, toupper(who_type), inherit,
972 		    (who_type == ZFS_DELEG_NAMED_SET) ?
973 		    whostr : (void *)&whoid);
974 		zfs_perms_add_to_nvlist(who_nvp, name, sets_nvp);
975 	}
976 }
977 
978 static void
979 zfs_perms_add_who_nvlist(nvlist_t *who_nvp, uint64_t whoid, void *whostr,
980     nvlist_t *perms_nvp, nvlist_t *sets_nvp,
981     zfs_deleg_who_type_t who_type, zfs_deleg_inherit_t inherit)
982 {
983 	if (who_type == ZFS_DELEG_NAMED_SET || who_type == ZFS_DELEG_CREATE) {
984 		helper(who_type, whoid, whostr, 0,
985 		    who_nvp, perms_nvp, sets_nvp);
986 	} else {
987 		if (inherit & ZFS_DELEG_PERM_LOCAL) {
988 			helper(who_type, whoid, whostr, ZFS_DELEG_LOCAL,
989 			    who_nvp, perms_nvp, sets_nvp);
990 		}
991 		if (inherit & ZFS_DELEG_PERM_DESCENDENT) {
992 			helper(who_type, whoid, whostr, ZFS_DELEG_DESCENDENT,
993 			    who_nvp, perms_nvp, sets_nvp);
994 		}
995 	}
996 }
997 
998 /*
999  * Construct nvlist to pass down to kernel for setting/removing permissions.
1000  *
1001  * The nvlist is constructed as a series of nvpairs with an optional embedded
1002  * nvlist of permissions to remove or set.  The topmost nvpairs are the actual
1003  * base attribute named stored in the dsl.
1004  * Arguments:
1005  *
1006  * whostr:   is a comma separated list of users, groups, or a single set name.
1007  *           whostr may be null for everyone or create perms.
1008  * who_type: is the type of entry in whostr.  Typically this will be
1009  *           ZFS_DELEG_WHO_UNKNOWN.
1010  * perms:    common separated list of permissions.  May be null if user
1011  *           is requested to remove permissions by who.
1012  * inherit:  Specifies the inheritance of the permissions.  Will be either
1013  *           ZFS_DELEG_PERM_LOCAL and/or  ZFS_DELEG_PERM_DESCENDENT.
1014  * nvp       The constructed nvlist to pass to zfs_perm_set().
1015  *           The output nvp will look something like this.
1016  *              ul$1234 -> {create ; destroy }
1017  *              Ul$1234 -> { @myset }
1018  *              s-$@myset - { snapshot; checksum; compression }
1019  */
1020 int
1021 zfs_build_perms(zfs_handle_t *zhp, char *whostr, char *perms,
1022     zfs_deleg_who_type_t who_type, zfs_deleg_inherit_t inherit, nvlist_t **nvp)
1023 {
1024 	nvlist_t *who_nvp;
1025 	nvlist_t *perms_nvp = NULL;
1026 	nvlist_t *sets_nvp = NULL;
1027 	char errbuf[1024];
1028 	char *who_tok, *perm;
1029 	int error;
1030 
1031 	*nvp = NULL;
1032 
1033 	if (perms) {
1034 		if ((error = nvlist_alloc(&perms_nvp,
1035 		    NV_UNIQUE_NAME, 0)) != 0) {
1036 			return (1);
1037 		}
1038 		if ((error = nvlist_alloc(&sets_nvp,
1039 		    NV_UNIQUE_NAME, 0)) != 0) {
1040 			nvlist_free(perms_nvp);
1041 			return (1);
1042 		}
1043 	}
1044 
1045 	if ((error = nvlist_alloc(&who_nvp, NV_UNIQUE_NAME, 0)) != 0) {
1046 		if (perms_nvp)
1047 			nvlist_free(perms_nvp);
1048 		if (sets_nvp)
1049 			nvlist_free(sets_nvp);
1050 		return (1);
1051 	}
1052 
1053 	if (who_type == ZFS_DELEG_NAMED_SET) {
1054 		namecheck_err_t why;
1055 		char what;
1056 
1057 		if ((error = permset_namecheck(whostr, &why, &what)) != 0) {
1058 			nvlist_free(who_nvp);
1059 			if (perms_nvp)
1060 				nvlist_free(perms_nvp);
1061 			if (sets_nvp)
1062 				nvlist_free(sets_nvp);
1063 
1064 			switch (why) {
1065 			case NAME_ERR_NO_AT:
1066 				zfs_error_aux(zhp->zfs_hdl,
1067 				    dgettext(TEXT_DOMAIN,
1068 				    "set definition must begin with an '@' "
1069 				    "character"));
1070 			}
1071 			return (zfs_error(zhp->zfs_hdl,
1072 			    EZFS_BADPERMSET, whostr));
1073 		}
1074 	}
1075 
1076 	/*
1077 	 * Build up nvlist(s) of permissions.  Two nvlists are maintained.
1078 	 * The first nvlist perms_nvp will have normal permissions and the
1079 	 * other sets_nvp will have only permssion set names in it.
1080 	 */
1081 	for (perm = strtok(perms, ","); perm; perm = strtok(NULL, ",")) {
1082 		const char *perm_canonical = zfs_deleg_canonicalize_perm(perm);
1083 
1084 		if (perm_canonical) {
1085 			verify(nvlist_add_boolean(perms_nvp,
1086 			    perm_canonical) == 0);
1087 		} else if (perm[0] == '@') {
1088 			verify(nvlist_add_boolean(sets_nvp, perm) == 0);
1089 		} else {
1090 			nvlist_free(who_nvp);
1091 			nvlist_free(perms_nvp);
1092 			nvlist_free(sets_nvp);
1093 			return (zfs_error(zhp->zfs_hdl, EZFS_BADPERM, perm));
1094 		}
1095 	}
1096 
1097 	if (whostr && who_type != ZFS_DELEG_CREATE) {
1098 		who_tok = strtok(whostr, ",");
1099 		if (who_tok == NULL) {
1100 			nvlist_free(who_nvp);
1101 			if (perms_nvp)
1102 				nvlist_free(perms_nvp);
1103 			if (sets_nvp)
1104 				nvlist_free(sets_nvp);
1105 			(void) snprintf(errbuf, sizeof (errbuf),
1106 			    dgettext(TEXT_DOMAIN, "Who string is NULL"),
1107 			    whostr);
1108 			return (zfs_error(zhp->zfs_hdl, EZFS_BADWHO, errbuf));
1109 		}
1110 	}
1111 
1112 	/*
1113 	 * Now create the nvlist(s)
1114 	 */
1115 	do {
1116 		uint64_t who_id;
1117 
1118 		error = zfs_get_perm_who(who_tok, &who_type,
1119 		    &who_id);
1120 		if (error) {
1121 			nvlist_free(who_nvp);
1122 			if (perms_nvp)
1123 				nvlist_free(perms_nvp);
1124 			if (sets_nvp)
1125 				nvlist_free(sets_nvp);
1126 			(void) snprintf(errbuf, sizeof (errbuf),
1127 			    dgettext(TEXT_DOMAIN,
1128 			    "Unable to determine uid/gid for "
1129 			    "%s "), who_tok);
1130 			return (zfs_error(zhp->zfs_hdl, EZFS_BADWHO, errbuf));
1131 		}
1132 
1133 		/*
1134 		 * add entries for both local and descendent when required
1135 		 */
1136 		zfs_perms_add_who_nvlist(who_nvp, who_id, who_tok,
1137 		    perms_nvp, sets_nvp, who_type, inherit);
1138 
1139 	} while (who_tok = strtok(NULL, ","));
1140 	*nvp = who_nvp;
1141 	return (0);
1142 }
1143 
1144 static int
1145 zfs_perm_set_common(zfs_handle_t *zhp, nvlist_t *nvp, boolean_t unset)
1146 {
1147 	zfs_cmd_t zc = { 0 };
1148 	int error;
1149 	char errbuf[1024];
1150 
1151 	(void) snprintf(errbuf, sizeof (errbuf),
1152 	    dgettext(TEXT_DOMAIN, "Cannot update 'allows' for '%s'"),
1153 	    zhp->zfs_name);
1154 
1155 	if (zcmd_write_src_nvlist(zhp->zfs_hdl, &zc, nvp))
1156 		return (-1);
1157 
1158 	(void) strlcpy(zc.zc_name, zhp->zfs_name, sizeof (zc.zc_name));
1159 	zc.zc_perm_action = unset;
1160 
1161 	error = zfs_ioctl(zhp->zfs_hdl, ZFS_IOC_SET_FSACL, &zc);
1162 	if (error && errno == ENOTSUP) {
1163 		(void) snprintf(errbuf, sizeof (errbuf),
1164 		    gettext("Pool must be upgraded to use 'allow/unallow'"));
1165 		zcmd_free_nvlists(&zc);
1166 		return (zfs_error(zhp->zfs_hdl, EZFS_BADVERSION, errbuf));
1167 	} else if (error) {
1168 		return (zfs_standard_error(zhp->zfs_hdl, errno, errbuf));
1169 	}
1170 	zcmd_free_nvlists(&zc);
1171 
1172 	return (error);
1173 }
1174 
1175 int
1176 zfs_perm_set(zfs_handle_t *zhp, nvlist_t *nvp)
1177 {
1178 	return (zfs_perm_set_common(zhp, nvp, B_FALSE));
1179 }
1180 
1181 int
1182 zfs_perm_remove(zfs_handle_t *zhp, nvlist_t *perms)
1183 {
1184 	return (zfs_perm_set_common(zhp, perms, B_TRUE));
1185 }
1186 
1187 static int
1188 perm_compare(const void *arg1, const void *arg2)
1189 {
1190 	const zfs_perm_node_t *node1 = arg1;
1191 	const zfs_perm_node_t *node2 = arg2;
1192 	int ret;
1193 
1194 	ret = strcmp(node1->z_pname, node2->z_pname);
1195 
1196 	if (ret > 0)
1197 		return (1);
1198 	if (ret < 0)
1199 		return (-1);
1200 	else
1201 		return (0);
1202 }
1203 
1204 static void
1205 zfs_destroy_perm_tree(avl_tree_t *tree)
1206 {
1207 	zfs_perm_node_t *permnode;
1208 	void *cookie = NULL;
1209 
1210 	while ((permnode = avl_destroy_nodes(tree,  &cookie)) != NULL)
1211 		free(permnode);
1212 	avl_destroy(tree);
1213 }
1214 
1215 static void
1216 zfs_destroy_tree(avl_tree_t *tree)
1217 {
1218 	zfs_allow_node_t *allownode;
1219 	void *cookie = NULL;
1220 
1221 	while ((allownode = avl_destroy_nodes(tree, &cookie)) != NULL) {
1222 		zfs_destroy_perm_tree(&allownode->z_localdescend);
1223 		zfs_destroy_perm_tree(&allownode->z_local);
1224 		zfs_destroy_perm_tree(&allownode->z_descend);
1225 		free(allownode);
1226 	}
1227 	avl_destroy(tree);
1228 }
1229 
1230 void
1231 zfs_free_allows(zfs_allow_t *allow)
1232 {
1233 	zfs_allow_t *allownext;
1234 	zfs_allow_t *freeallow;
1235 
1236 	allownext = allow;
1237 	while (allownext) {
1238 		zfs_destroy_tree(&allownext->z_sets);
1239 		zfs_destroy_tree(&allownext->z_crperms);
1240 		zfs_destroy_tree(&allownext->z_user);
1241 		zfs_destroy_tree(&allownext->z_group);
1242 		zfs_destroy_tree(&allownext->z_everyone);
1243 		freeallow = allownext;
1244 		allownext = allownext->z_next;
1245 		free(freeallow);
1246 	}
1247 }
1248 
1249 static zfs_allow_t *
1250 zfs_alloc_perm_tree(zfs_handle_t *zhp, zfs_allow_t *prev, char *setpoint)
1251 {
1252 	zfs_allow_t *ptree;
1253 
1254 	if ((ptree = zfs_alloc(zhp->zfs_hdl,
1255 	    sizeof (zfs_allow_t))) == NULL) {
1256 		return (NULL);
1257 	}
1258 
1259 	(void) strlcpy(ptree->z_setpoint, setpoint, sizeof (ptree->z_setpoint));
1260 	avl_create(&ptree->z_sets,
1261 	    perm_compare, sizeof (zfs_allow_node_t),
1262 	    offsetof(zfs_allow_node_t, z_node));
1263 	avl_create(&ptree->z_crperms,
1264 	    perm_compare, sizeof (zfs_allow_node_t),
1265 	    offsetof(zfs_allow_node_t, z_node));
1266 	avl_create(&ptree->z_user,
1267 	    perm_compare, sizeof (zfs_allow_node_t),
1268 	    offsetof(zfs_allow_node_t, z_node));
1269 	avl_create(&ptree->z_group,
1270 	    perm_compare, sizeof (zfs_allow_node_t),
1271 	    offsetof(zfs_allow_node_t, z_node));
1272 	avl_create(&ptree->z_everyone,
1273 	    perm_compare, sizeof (zfs_allow_node_t),
1274 	    offsetof(zfs_allow_node_t, z_node));
1275 
1276 	if (prev)
1277 		prev->z_next = ptree;
1278 	ptree->z_next = NULL;
1279 	return (ptree);
1280 }
1281 
1282 /*
1283  * Add permissions to the appropriate AVL permission tree.
1284  * The appropriate tree may not be the requested tree.
1285  * For example if ld indicates a local permission, but
1286  * same permission also exists as a descendent permission
1287  * then the permission will be removed from the descendent
1288  * tree and add the the local+descendent tree.
1289  */
1290 static int
1291 zfs_coalesce_perm(zfs_handle_t *zhp, zfs_allow_node_t *allownode,
1292     char *perm, char ld)
1293 {
1294 	zfs_perm_node_t pnode, *permnode, *permnode2;
1295 	zfs_perm_node_t *newnode;
1296 	avl_index_t where, where2;
1297 	avl_tree_t *tree, *altree;
1298 
1299 	(void) strlcpy(pnode.z_pname, perm, sizeof (pnode.z_pname));
1300 
1301 	if (ld == ZFS_DELEG_NA) {
1302 		tree =  &allownode->z_localdescend;
1303 		altree = &allownode->z_descend;
1304 	} else if (ld == ZFS_DELEG_LOCAL) {
1305 		tree = &allownode->z_local;
1306 		altree = &allownode->z_descend;
1307 	} else {
1308 		tree = &allownode->z_descend;
1309 		altree = &allownode->z_local;
1310 	}
1311 	permnode = avl_find(tree, &pnode, &where);
1312 	permnode2 = avl_find(altree, &pnode, &where2);
1313 
1314 	if (permnode2) {
1315 		avl_remove(altree, permnode2);
1316 		free(permnode2);
1317 		if (permnode == NULL) {
1318 			tree =  &allownode->z_localdescend;
1319 		}
1320 	}
1321 
1322 	/*
1323 	 * Now insert new permission in either requested location
1324 	 * local/descendent or into ld when perm will exist in both.
1325 	 */
1326 	if (permnode == NULL) {
1327 		if ((newnode = zfs_alloc(zhp->zfs_hdl,
1328 		    sizeof (zfs_perm_node_t))) == NULL) {
1329 			return (-1);
1330 		}
1331 		*newnode = pnode;
1332 		avl_add(tree, newnode);
1333 	}
1334 	return (0);
1335 }
1336 
1337 /*
1338  * Uggh, this is going to be a bit complicated.
1339  * we have an nvlist coming out of the kernel that
1340  * will indicate where the permission is set and then
1341  * it will contain allow of the various "who's", and what
1342  * their permissions are.  To further complicate this
1343  * we will then have to coalesce the local,descendent
1344  * and local+descendent permissions where appropriate.
1345  * The kernel only knows about a permission as being local
1346  * or descendent, but not both.
1347  *
1348  * In order to make this easier for zfs_main to deal with
1349  * a series of AVL trees will be used to maintain
1350  * all of this, primarily for sorting purposes as well
1351  * as the ability to quickly locate a specific entry.
1352  *
1353  * What we end up with are tree's for sets, create perms,
1354  * user, groups and everyone.  With each of those trees
1355  * we have subtrees for local, descendent and local+descendent
1356  * permissions.
1357  */
1358 int
1359 zfs_perm_get(zfs_handle_t *zhp, zfs_allow_t **zfs_perms)
1360 {
1361 	zfs_cmd_t zc = { 0 };
1362 	int error;
1363 	nvlist_t *nvlist;
1364 	nvlist_t *permnv, *sourcenv;
1365 	nvpair_t *who_pair, *source_pair;
1366 	nvpair_t *perm_pair;
1367 	char errbuf[1024];
1368 	zfs_allow_t *zallowp, *newallowp;
1369 	char  ld;
1370 	char *nvpname;
1371 	uid_t	uid;
1372 	gid_t	gid;
1373 	avl_tree_t *tree;
1374 	avl_index_t where;
1375 
1376 	(void) strlcpy(zc.zc_name, zhp->zfs_name, sizeof (zc.zc_name));
1377 
1378 	if (zcmd_alloc_dst_nvlist(zhp->zfs_hdl, &zc, 0) != 0)
1379 		return (-1);
1380 
1381 	while (ioctl(zhp->zfs_hdl->libzfs_fd, ZFS_IOC_GET_FSACL, &zc) != 0) {
1382 		if (errno == ENOMEM) {
1383 			if (zcmd_expand_dst_nvlist(zhp->zfs_hdl, &zc) != 0) {
1384 				zcmd_free_nvlists(&zc);
1385 				return (-1);
1386 			}
1387 		} else if (errno == ENOTSUP) {
1388 			zcmd_free_nvlists(&zc);
1389 			(void) snprintf(errbuf, sizeof (errbuf),
1390 			    gettext("Pool must be upgraded to use 'allow'"));
1391 			return (zfs_error(zhp->zfs_hdl,
1392 			    EZFS_BADVERSION, errbuf));
1393 		} else {
1394 			zcmd_free_nvlists(&zc);
1395 			return (-1);
1396 		}
1397 	}
1398 
1399 	if (zcmd_read_dst_nvlist(zhp->zfs_hdl, &zc, &nvlist) != 0) {
1400 		zcmd_free_nvlists(&zc);
1401 		return (-1);
1402 	}
1403 
1404 	zcmd_free_nvlists(&zc);
1405 
1406 	source_pair = nvlist_next_nvpair(nvlist, NULL);
1407 
1408 	if (source_pair == NULL) {
1409 		*zfs_perms = NULL;
1410 		return (0);
1411 	}
1412 
1413 	*zfs_perms = zfs_alloc_perm_tree(zhp, NULL, nvpair_name(source_pair));
1414 	if (*zfs_perms == NULL) {
1415 		return (0);
1416 	}
1417 
1418 	zallowp = *zfs_perms;
1419 
1420 	for (;;) {
1421 		struct passwd *pwd;
1422 		struct group *grp;
1423 		zfs_allow_node_t *allownode;
1424 		zfs_allow_node_t  findallownode;
1425 		zfs_allow_node_t *newallownode;
1426 
1427 		(void) strlcpy(zallowp->z_setpoint,
1428 		    nvpair_name(source_pair),
1429 		    sizeof (zallowp->z_setpoint));
1430 
1431 		if ((error = nvpair_value_nvlist(source_pair, &sourcenv)) != 0)
1432 			goto abort;
1433 
1434 		/*
1435 		 * Make sure nvlist is composed correctly
1436 		 */
1437 		if (zfs_deleg_verify_nvlist(sourcenv)) {
1438 			goto abort;
1439 		}
1440 
1441 		who_pair = nvlist_next_nvpair(sourcenv, NULL);
1442 		if (who_pair == NULL) {
1443 			goto abort;
1444 		}
1445 
1446 		do {
1447 			error = nvpair_value_nvlist(who_pair, &permnv);
1448 			if (error) {
1449 				goto abort;
1450 			}
1451 
1452 			/*
1453 			 * First build up the key to use
1454 			 * for looking up in the various
1455 			 * who trees.
1456 			 */
1457 			ld = nvpair_name(who_pair)[1];
1458 			nvpname = nvpair_name(who_pair);
1459 			switch (nvpair_name(who_pair)[0]) {
1460 			case ZFS_DELEG_USER:
1461 			case ZFS_DELEG_USER_SETS:
1462 				tree = &zallowp->z_user;
1463 				uid = atol(&nvpname[3]);
1464 				pwd = getpwuid(uid);
1465 				(void) snprintf(findallownode.z_key,
1466 				    sizeof (findallownode.z_key), "user %s",
1467 				    (pwd) ? pwd->pw_name :
1468 				    &nvpair_name(who_pair)[3]);
1469 				break;
1470 			case ZFS_DELEG_GROUP:
1471 			case ZFS_DELEG_GROUP_SETS:
1472 				tree = &zallowp->z_group;
1473 				gid = atol(&nvpname[3]);
1474 				grp = getgrgid(gid);
1475 				(void) snprintf(findallownode.z_key,
1476 				    sizeof (findallownode.z_key), "group %s",
1477 				    (grp) ? grp->gr_name :
1478 				    &nvpair_name(who_pair)[3]);
1479 				break;
1480 			case ZFS_DELEG_CREATE:
1481 			case ZFS_DELEG_CREATE_SETS:
1482 				tree = &zallowp->z_crperms;
1483 				(void) strlcpy(findallownode.z_key, "",
1484 				    sizeof (findallownode.z_key));
1485 				break;
1486 			case ZFS_DELEG_EVERYONE:
1487 			case ZFS_DELEG_EVERYONE_SETS:
1488 				(void) snprintf(findallownode.z_key,
1489 				    sizeof (findallownode.z_key), "everyone");
1490 				tree = &zallowp->z_everyone;
1491 				break;
1492 			case ZFS_DELEG_NAMED_SET:
1493 			case ZFS_DELEG_NAMED_SET_SETS:
1494 				(void) snprintf(findallownode.z_key,
1495 				    sizeof (findallownode.z_key), "%s",
1496 				    &nvpair_name(who_pair)[3]);
1497 				tree = &zallowp->z_sets;
1498 				break;
1499 			}
1500 
1501 			/*
1502 			 * Place who in tree
1503 			 */
1504 			allownode = avl_find(tree, &findallownode, &where);
1505 			if (allownode == NULL) {
1506 				if ((newallownode = zfs_alloc(zhp->zfs_hdl,
1507 				    sizeof (zfs_allow_node_t))) == NULL) {
1508 					goto abort;
1509 				}
1510 				avl_create(&newallownode->z_localdescend,
1511 				    perm_compare,
1512 				    sizeof (zfs_perm_node_t),
1513 				    offsetof(zfs_perm_node_t, z_node));
1514 				avl_create(&newallownode->z_local,
1515 				    perm_compare,
1516 				    sizeof (zfs_perm_node_t),
1517 				    offsetof(zfs_perm_node_t, z_node));
1518 				avl_create(&newallownode->z_descend,
1519 				    perm_compare,
1520 				    sizeof (zfs_perm_node_t),
1521 				    offsetof(zfs_perm_node_t, z_node));
1522 				(void) strlcpy(newallownode->z_key,
1523 				    findallownode.z_key,
1524 				    sizeof (findallownode.z_key));
1525 				avl_insert(tree, newallownode, where);
1526 				allownode = newallownode;
1527 			}
1528 
1529 			/*
1530 			 * Now iterate over the permissions and
1531 			 * place them in the appropriate local,
1532 			 * descendent or local+descendent tree.
1533 			 *
1534 			 * The permissions are added to the tree
1535 			 * via zfs_coalesce_perm().
1536 			 */
1537 			perm_pair = nvlist_next_nvpair(permnv, NULL);
1538 			if (perm_pair == NULL)
1539 				goto abort;
1540 			do {
1541 				if (zfs_coalesce_perm(zhp, allownode,
1542 				    nvpair_name(perm_pair), ld) != 0)
1543 					goto abort;
1544 			} while (perm_pair = nvlist_next_nvpair(permnv,
1545 			    perm_pair));
1546 		} while (who_pair = nvlist_next_nvpair(sourcenv, who_pair));
1547 
1548 		source_pair = nvlist_next_nvpair(nvlist, source_pair);
1549 		if (source_pair == NULL)
1550 			break;
1551 
1552 		/*
1553 		 * allocate another node from the link list of
1554 		 * zfs_allow_t structures
1555 		 */
1556 		newallowp = zfs_alloc_perm_tree(zhp, zallowp,
1557 		    nvpair_name(source_pair));
1558 		if (newallowp == NULL) {
1559 			goto abort;
1560 		}
1561 		zallowp = newallowp;
1562 	}
1563 	nvlist_free(nvlist);
1564 	return (0);
1565 abort:
1566 	zfs_free_allows(*zfs_perms);
1567 	nvlist_free(nvlist);
1568 	return (-1);
1569 }
1570 
1571 /*
1572  * Given a property name and value, set the property for the given dataset.
1573  */
1574 int
1575 zfs_prop_set(zfs_handle_t *zhp, const char *propname, const char *propval)
1576 {
1577 	zfs_cmd_t zc = { 0 };
1578 	int ret = -1;
1579 	prop_changelist_t *cl = NULL;
1580 	char errbuf[1024];
1581 	libzfs_handle_t *hdl = zhp->zfs_hdl;
1582 	nvlist_t *nvl = NULL, *realprops;
1583 	zfs_prop_t prop;
1584 
1585 	(void) snprintf(errbuf, sizeof (errbuf),
1586 	    dgettext(TEXT_DOMAIN, "cannot set property for '%s'"),
1587 	    zhp->zfs_name);
1588 
1589 	if (nvlist_alloc(&nvl, NV_UNIQUE_NAME, 0) != 0 ||
1590 	    nvlist_add_string(nvl, propname, propval) != 0) {
1591 		(void) no_memory(hdl);
1592 		goto error;
1593 	}
1594 
1595 	if ((realprops = zfs_validate_properties(hdl, zhp->zfs_type, nvl,
1596 	    zfs_prop_get_int(zhp, ZFS_PROP_ZONED), zhp, errbuf)) == NULL)
1597 		goto error;
1598 
1599 	nvlist_free(nvl);
1600 	nvl = realprops;
1601 
1602 	prop = zfs_name_to_prop(propname);
1603 
1604 	if ((cl = changelist_gather(zhp, prop, 0)) == NULL)
1605 		goto error;
1606 
1607 	if (prop == ZFS_PROP_MOUNTPOINT && changelist_haszonedchild(cl)) {
1608 		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1609 		    "child dataset with inherited mountpoint is used "
1610 		    "in a non-global zone"));
1611 		ret = zfs_error(hdl, EZFS_ZONED, errbuf);
1612 		goto error;
1613 	}
1614 
1615 	if ((ret = changelist_prefix(cl)) != 0)
1616 		goto error;
1617 
1618 	/*
1619 	 * Execute the corresponding ioctl() to set this property.
1620 	 */
1621 	(void) strlcpy(zc.zc_name, zhp->zfs_name, sizeof (zc.zc_name));
1622 
1623 	if (zcmd_write_src_nvlist(hdl, &zc, nvl) != 0)
1624 		goto error;
1625 
1626 	ret = zfs_ioctl(hdl, ZFS_IOC_SET_PROP, &zc);
1627 
1628 	if (ret != 0) {
1629 		switch (errno) {
1630 
1631 		case ENOSPC:
1632 			/*
1633 			 * For quotas and reservations, ENOSPC indicates
1634 			 * something different; setting a quota or reservation
1635 			 * doesn't use any disk space.
1636 			 */
1637 			switch (prop) {
1638 			case ZFS_PROP_QUOTA:
1639 			case ZFS_PROP_REFQUOTA:
1640 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1641 				    "size is less than current used or "
1642 				    "reserved space"));
1643 				(void) zfs_error(hdl, EZFS_PROPSPACE, errbuf);
1644 				break;
1645 
1646 			case ZFS_PROP_RESERVATION:
1647 			case ZFS_PROP_REFRESERVATION:
1648 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1649 				    "size is greater than available space"));
1650 				(void) zfs_error(hdl, EZFS_PROPSPACE, errbuf);
1651 				break;
1652 
1653 			default:
1654 				(void) zfs_standard_error(hdl, errno, errbuf);
1655 				break;
1656 			}
1657 			break;
1658 
1659 		case EBUSY:
1660 			if (prop == ZFS_PROP_VOLBLOCKSIZE)
1661 				(void) zfs_error(hdl, EZFS_VOLHASDATA, errbuf);
1662 			else
1663 				(void) zfs_standard_error(hdl, EBUSY, errbuf);
1664 			break;
1665 
1666 		case EROFS:
1667 			(void) zfs_error(hdl, EZFS_DSREADONLY, errbuf);
1668 			break;
1669 
1670 		case ENOTSUP:
1671 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1672 			    "pool must be upgraded to set this "
1673 			    "property or value"));
1674 			(void) zfs_error(hdl, EZFS_BADVERSION, errbuf);
1675 			break;
1676 
1677 		case EOVERFLOW:
1678 			/*
1679 			 * This platform can't address a volume this big.
1680 			 */
1681 #ifdef _ILP32
1682 			if (prop == ZFS_PROP_VOLSIZE) {
1683 				(void) zfs_error(hdl, EZFS_VOLTOOBIG, errbuf);
1684 				break;
1685 			}
1686 #endif
1687 			/* FALLTHROUGH */
1688 		default:
1689 			(void) zfs_standard_error(hdl, errno, errbuf);
1690 		}
1691 	} else {
1692 		/*
1693 		 * Refresh the statistics so the new property value
1694 		 * is reflected.
1695 		 */
1696 		if ((ret = changelist_postfix(cl)) == 0)
1697 			(void) get_stats(zhp);
1698 	}
1699 
1700 error:
1701 	nvlist_free(nvl);
1702 	zcmd_free_nvlists(&zc);
1703 	if (cl)
1704 		changelist_free(cl);
1705 	return (ret);
1706 }
1707 
1708 /*
1709  * Given a property, inherit the value from the parent dataset.
1710  */
1711 int
1712 zfs_prop_inherit(zfs_handle_t *zhp, const char *propname)
1713 {
1714 	zfs_cmd_t zc = { 0 };
1715 	int ret;
1716 	prop_changelist_t *cl;
1717 	libzfs_handle_t *hdl = zhp->zfs_hdl;
1718 	char errbuf[1024];
1719 	zfs_prop_t prop;
1720 
1721 	(void) snprintf(errbuf, sizeof (errbuf), dgettext(TEXT_DOMAIN,
1722 	    "cannot inherit %s for '%s'"), propname, zhp->zfs_name);
1723 
1724 	if ((prop = zfs_name_to_prop(propname)) == ZPROP_INVAL) {
1725 		/*
1726 		 * For user properties, the amount of work we have to do is very
1727 		 * small, so just do it here.
1728 		 */
1729 		if (!zfs_prop_user(propname)) {
1730 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1731 			    "invalid property"));
1732 			return (zfs_error(hdl, EZFS_BADPROP, errbuf));
1733 		}
1734 
1735 		(void) strlcpy(zc.zc_name, zhp->zfs_name, sizeof (zc.zc_name));
1736 		(void) strlcpy(zc.zc_value, propname, sizeof (zc.zc_value));
1737 
1738 		if (zfs_ioctl(zhp->zfs_hdl, ZFS_IOC_INHERIT_PROP, &zc) != 0)
1739 			return (zfs_standard_error(hdl, errno, errbuf));
1740 
1741 		return (0);
1742 	}
1743 
1744 	/*
1745 	 * Verify that this property is inheritable.
1746 	 */
1747 	if (zfs_prop_readonly(prop))
1748 		return (zfs_error(hdl, EZFS_PROPREADONLY, errbuf));
1749 
1750 	if (!zfs_prop_inheritable(prop))
1751 		return (zfs_error(hdl, EZFS_PROPNONINHERIT, errbuf));
1752 
1753 	/*
1754 	 * Check to see if the value applies to this type
1755 	 */
1756 	if (!zfs_prop_valid_for_type(prop, zhp->zfs_type))
1757 		return (zfs_error(hdl, EZFS_PROPTYPE, errbuf));
1758 
1759 	/*
1760 	 * Normalize the name, to get rid of shorthand abbrevations.
1761 	 */
1762 	propname = zfs_prop_to_name(prop);
1763 	(void) strlcpy(zc.zc_name, zhp->zfs_name, sizeof (zc.zc_name));
1764 	(void) strlcpy(zc.zc_value, propname, sizeof (zc.zc_value));
1765 
1766 	if (prop == ZFS_PROP_MOUNTPOINT && getzoneid() == GLOBAL_ZONEID &&
1767 	    zfs_prop_get_int(zhp, ZFS_PROP_ZONED)) {
1768 		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1769 		    "dataset is used in a non-global zone"));
1770 		return (zfs_error(hdl, EZFS_ZONED, errbuf));
1771 	}
1772 
1773 	/*
1774 	 * Determine datasets which will be affected by this change, if any.
1775 	 */
1776 	if ((cl = changelist_gather(zhp, prop, 0)) == NULL)
1777 		return (-1);
1778 
1779 	if (prop == ZFS_PROP_MOUNTPOINT && changelist_haszonedchild(cl)) {
1780 		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1781 		    "child dataset with inherited mountpoint is used "
1782 		    "in a non-global zone"));
1783 		ret = zfs_error(hdl, EZFS_ZONED, errbuf);
1784 		goto error;
1785 	}
1786 
1787 	if ((ret = changelist_prefix(cl)) != 0)
1788 		goto error;
1789 
1790 	if ((ret = zfs_ioctl(zhp->zfs_hdl, ZFS_IOC_INHERIT_PROP, &zc)) != 0) {
1791 		return (zfs_standard_error(hdl, errno, errbuf));
1792 	} else {
1793 
1794 		if ((ret = changelist_postfix(cl)) != 0)
1795 			goto error;
1796 
1797 		/*
1798 		 * Refresh the statistics so the new property is reflected.
1799 		 */
1800 		(void) get_stats(zhp);
1801 	}
1802 
1803 error:
1804 	changelist_free(cl);
1805 	return (ret);
1806 }
1807 
1808 /*
1809  * True DSL properties are stored in an nvlist.  The following two functions
1810  * extract them appropriately.
1811  */
1812 static uint64_t
1813 getprop_uint64(zfs_handle_t *zhp, zfs_prop_t prop, char **source)
1814 {
1815 	nvlist_t *nv;
1816 	uint64_t value;
1817 
1818 	*source = NULL;
1819 	if (nvlist_lookup_nvlist(zhp->zfs_props,
1820 	    zfs_prop_to_name(prop), &nv) == 0) {
1821 		verify(nvlist_lookup_uint64(nv, ZPROP_VALUE, &value) == 0);
1822 		(void) nvlist_lookup_string(nv, ZPROP_SOURCE, source);
1823 	} else {
1824 		value = zfs_prop_default_numeric(prop);
1825 		*source = "";
1826 	}
1827 
1828 	return (value);
1829 }
1830 
1831 static char *
1832 getprop_string(zfs_handle_t *zhp, zfs_prop_t prop, char **source)
1833 {
1834 	nvlist_t *nv;
1835 	char *value;
1836 
1837 	*source = NULL;
1838 	if (nvlist_lookup_nvlist(zhp->zfs_props,
1839 	    zfs_prop_to_name(prop), &nv) == 0) {
1840 		verify(nvlist_lookup_string(nv, ZPROP_VALUE, &value) == 0);
1841 		(void) nvlist_lookup_string(nv, ZPROP_SOURCE, source);
1842 	} else {
1843 		if ((value = (char *)zfs_prop_default_string(prop)) == NULL)
1844 			value = "";
1845 		*source = "";
1846 	}
1847 
1848 	return (value);
1849 }
1850 
1851 /*
1852  * Internal function for getting a numeric property.  Both zfs_prop_get() and
1853  * zfs_prop_get_int() are built using this interface.
1854  *
1855  * Certain properties can be overridden using 'mount -o'.  In this case, scan
1856  * the contents of the /etc/mnttab entry, searching for the appropriate options.
1857  * If they differ from the on-disk values, report the current values and mark
1858  * the source "temporary".
1859  */
1860 static int
1861 get_numeric_property(zfs_handle_t *zhp, zfs_prop_t prop, zprop_source_t *src,
1862     char **source, uint64_t *val)
1863 {
1864 	zfs_cmd_t zc = { 0 };
1865 	nvlist_t *zplprops;
1866 	struct mnttab mnt;
1867 	char *mntopt_on = NULL;
1868 	char *mntopt_off = NULL;
1869 
1870 	*source = NULL;
1871 
1872 	switch (prop) {
1873 	case ZFS_PROP_ATIME:
1874 		mntopt_on = MNTOPT_ATIME;
1875 		mntopt_off = MNTOPT_NOATIME;
1876 		break;
1877 
1878 	case ZFS_PROP_DEVICES:
1879 		mntopt_on = MNTOPT_DEVICES;
1880 		mntopt_off = MNTOPT_NODEVICES;
1881 		break;
1882 
1883 	case ZFS_PROP_EXEC:
1884 		mntopt_on = MNTOPT_EXEC;
1885 		mntopt_off = MNTOPT_NOEXEC;
1886 		break;
1887 
1888 	case ZFS_PROP_READONLY:
1889 		mntopt_on = MNTOPT_RO;
1890 		mntopt_off = MNTOPT_RW;
1891 		break;
1892 
1893 	case ZFS_PROP_SETUID:
1894 		mntopt_on = MNTOPT_SETUID;
1895 		mntopt_off = MNTOPT_NOSETUID;
1896 		break;
1897 
1898 	case ZFS_PROP_XATTR:
1899 		mntopt_on = MNTOPT_XATTR;
1900 		mntopt_off = MNTOPT_NOXATTR;
1901 		break;
1902 
1903 	case ZFS_PROP_NBMAND:
1904 		mntopt_on = MNTOPT_NBMAND;
1905 		mntopt_off = MNTOPT_NONBMAND;
1906 		break;
1907 	}
1908 
1909 	/*
1910 	 * Because looking up the mount options is potentially expensive
1911 	 * (iterating over all of /etc/mnttab), we defer its calculation until
1912 	 * we're looking up a property which requires its presence.
1913 	 */
1914 	if (!zhp->zfs_mntcheck &&
1915 	    (mntopt_on != NULL || prop == ZFS_PROP_MOUNTED)) {
1916 		struct mnttab entry, search = { 0 };
1917 		FILE *mnttab = zhp->zfs_hdl->libzfs_mnttab;
1918 
1919 		search.mnt_special = (char *)zhp->zfs_name;
1920 		search.mnt_fstype = MNTTYPE_ZFS;
1921 		rewind(mnttab);
1922 
1923 		if (getmntany(mnttab, &entry, &search) == 0) {
1924 			zhp->zfs_mntopts = zfs_strdup(zhp->zfs_hdl,
1925 			    entry.mnt_mntopts);
1926 			if (zhp->zfs_mntopts == NULL)
1927 				return (-1);
1928 		}
1929 
1930 		zhp->zfs_mntcheck = B_TRUE;
1931 	}
1932 
1933 	if (zhp->zfs_mntopts == NULL)
1934 		mnt.mnt_mntopts = "";
1935 	else
1936 		mnt.mnt_mntopts = zhp->zfs_mntopts;
1937 
1938 	switch (prop) {
1939 	case ZFS_PROP_ATIME:
1940 	case ZFS_PROP_DEVICES:
1941 	case ZFS_PROP_EXEC:
1942 	case ZFS_PROP_READONLY:
1943 	case ZFS_PROP_SETUID:
1944 	case ZFS_PROP_XATTR:
1945 	case ZFS_PROP_NBMAND:
1946 		*val = getprop_uint64(zhp, prop, source);
1947 
1948 		if (hasmntopt(&mnt, mntopt_on) && !*val) {
1949 			*val = B_TRUE;
1950 			if (src)
1951 				*src = ZPROP_SRC_TEMPORARY;
1952 		} else if (hasmntopt(&mnt, mntopt_off) && *val) {
1953 			*val = B_FALSE;
1954 			if (src)
1955 				*src = ZPROP_SRC_TEMPORARY;
1956 		}
1957 		break;
1958 
1959 	case ZFS_PROP_CANMOUNT:
1960 		*val = getprop_uint64(zhp, prop, source);
1961 		if (*val == 0)
1962 			*source = zhp->zfs_name;
1963 		else
1964 			*source = "";	/* default */
1965 		break;
1966 
1967 	case ZFS_PROP_QUOTA:
1968 	case ZFS_PROP_REFQUOTA:
1969 	case ZFS_PROP_RESERVATION:
1970 	case ZFS_PROP_REFRESERVATION:
1971 		*val = getprop_uint64(zhp, prop, source);
1972 		if (*val == 0)
1973 			*source = "";	/* default */
1974 		else
1975 			*source = zhp->zfs_name;
1976 		break;
1977 
1978 	case ZFS_PROP_MOUNTED:
1979 		*val = (zhp->zfs_mntopts != NULL);
1980 		break;
1981 
1982 	case ZFS_PROP_NUMCLONES:
1983 		*val = zhp->zfs_dmustats.dds_num_clones;
1984 		break;
1985 
1986 	case ZFS_PROP_VERSION:
1987 	case ZFS_PROP_NORMALIZE:
1988 	case ZFS_PROP_UTF8ONLY:
1989 	case ZFS_PROP_CASE:
1990 		if (!zfs_prop_valid_for_type(prop, zhp->zfs_head_type) ||
1991 		    zcmd_alloc_dst_nvlist(zhp->zfs_hdl, &zc, 0) != 0)
1992 			return (-1);
1993 		(void) strlcpy(zc.zc_name, zhp->zfs_name, sizeof (zc.zc_name));
1994 		if (zfs_ioctl(zhp->zfs_hdl, ZFS_IOC_OBJSET_ZPLPROPS, &zc)) {
1995 			zcmd_free_nvlists(&zc);
1996 			zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1997 			    "unable to get %s property"),
1998 			    zfs_prop_to_name(prop));
1999 			return (zfs_error(zhp->zfs_hdl, EZFS_BADVERSION,
2000 			    dgettext(TEXT_DOMAIN, "internal error")));
2001 		}
2002 		if (zcmd_read_dst_nvlist(zhp->zfs_hdl, &zc, &zplprops) != 0 ||
2003 		    nvlist_lookup_uint64(zplprops, zfs_prop_to_name(prop),
2004 		    val) != 0) {
2005 			zcmd_free_nvlists(&zc);
2006 			zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
2007 			    "unable to get %s property"),
2008 			    zfs_prop_to_name(prop));
2009 			return (zfs_error(zhp->zfs_hdl, EZFS_NOMEM,
2010 			    dgettext(TEXT_DOMAIN, "internal error")));
2011 		}
2012 		zcmd_free_nvlists(&zc);
2013 		break;
2014 
2015 	default:
2016 		switch (zfs_prop_get_type(prop)) {
2017 		case PROP_TYPE_NUMBER:
2018 		case PROP_TYPE_INDEX:
2019 			*val = getprop_uint64(zhp, prop, source);
2020 			break;
2021 
2022 		case PROP_TYPE_STRING:
2023 		default:
2024 			zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
2025 			    "cannot get non-numeric property"));
2026 			return (zfs_error(zhp->zfs_hdl, EZFS_BADPROP,
2027 			    dgettext(TEXT_DOMAIN, "internal error")));
2028 		}
2029 	}
2030 
2031 	return (0);
2032 }
2033 
2034 /*
2035  * Calculate the source type, given the raw source string.
2036  */
2037 static void
2038 get_source(zfs_handle_t *zhp, zprop_source_t *srctype, char *source,
2039     char *statbuf, size_t statlen)
2040 {
2041 	if (statbuf == NULL || *srctype == ZPROP_SRC_TEMPORARY)
2042 		return;
2043 
2044 	if (source == NULL) {
2045 		*srctype = ZPROP_SRC_NONE;
2046 	} else if (source[0] == '\0') {
2047 		*srctype = ZPROP_SRC_DEFAULT;
2048 	} else {
2049 		if (strcmp(source, zhp->zfs_name) == 0) {
2050 			*srctype = ZPROP_SRC_LOCAL;
2051 		} else {
2052 			(void) strlcpy(statbuf, source, statlen);
2053 			*srctype = ZPROP_SRC_INHERITED;
2054 		}
2055 	}
2056 
2057 }
2058 
2059 /*
2060  * Retrieve a property from the given object.  If 'literal' is specified, then
2061  * numbers are left as exact values.  Otherwise, numbers are converted to a
2062  * human-readable form.
2063  *
2064  * Returns 0 on success, or -1 on error.
2065  */
2066 int
2067 zfs_prop_get(zfs_handle_t *zhp, zfs_prop_t prop, char *propbuf, size_t proplen,
2068     zprop_source_t *src, char *statbuf, size_t statlen, boolean_t literal)
2069 {
2070 	char *source = NULL;
2071 	uint64_t val;
2072 	char *str;
2073 	const char *root;
2074 	const char *strval;
2075 
2076 	/*
2077 	 * Check to see if this property applies to our object
2078 	 */
2079 	if (!zfs_prop_valid_for_type(prop, zhp->zfs_type))
2080 		return (-1);
2081 
2082 	if (src)
2083 		*src = ZPROP_SRC_NONE;
2084 
2085 	switch (prop) {
2086 	case ZFS_PROP_CREATION:
2087 		/*
2088 		 * 'creation' is a time_t stored in the statistics.  We convert
2089 		 * this into a string unless 'literal' is specified.
2090 		 */
2091 		{
2092 			val = getprop_uint64(zhp, prop, &source);
2093 			time_t time = (time_t)val;
2094 			struct tm t;
2095 
2096 			if (literal ||
2097 			    localtime_r(&time, &t) == NULL ||
2098 			    strftime(propbuf, proplen, "%a %b %e %k:%M %Y",
2099 			    &t) == 0)
2100 				(void) snprintf(propbuf, proplen, "%llu", val);
2101 		}
2102 		break;
2103 
2104 	case ZFS_PROP_MOUNTPOINT:
2105 		/*
2106 		 * Getting the precise mountpoint can be tricky.
2107 		 *
2108 		 *  - for 'none' or 'legacy', return those values.
2109 		 *  - for default mountpoints, construct it as /zfs/<dataset>
2110 		 *  - for inherited mountpoints, we want to take everything
2111 		 *    after our ancestor and append it to the inherited value.
2112 		 *
2113 		 * If the pool has an alternate root, we want to prepend that
2114 		 * root to any values we return.
2115 		 */
2116 		root = zhp->zfs_root;
2117 		str = getprop_string(zhp, prop, &source);
2118 
2119 		if (str[0] == '\0') {
2120 			(void) snprintf(propbuf, proplen, "%s/zfs/%s",
2121 			    root, zhp->zfs_name);
2122 		} else if (str[0] == '/') {
2123 			const char *relpath = zhp->zfs_name + strlen(source);
2124 
2125 			if (relpath[0] == '/')
2126 				relpath++;
2127 			if (str[1] == '\0')
2128 				str++;
2129 
2130 			if (relpath[0] == '\0')
2131 				(void) snprintf(propbuf, proplen, "%s%s",
2132 				    root, str);
2133 			else
2134 				(void) snprintf(propbuf, proplen, "%s%s%s%s",
2135 				    root, str, relpath[0] == '@' ? "" : "/",
2136 				    relpath);
2137 		} else {
2138 			/* 'legacy' or 'none' */
2139 			(void) strlcpy(propbuf, str, proplen);
2140 		}
2141 
2142 		break;
2143 
2144 	case ZFS_PROP_ORIGIN:
2145 		(void) strlcpy(propbuf, getprop_string(zhp, prop, &source),
2146 		    proplen);
2147 		/*
2148 		 * If there is no parent at all, return failure to indicate that
2149 		 * it doesn't apply to this dataset.
2150 		 */
2151 		if (propbuf[0] == '\0')
2152 			return (-1);
2153 		break;
2154 
2155 	case ZFS_PROP_QUOTA:
2156 	case ZFS_PROP_REFQUOTA:
2157 	case ZFS_PROP_RESERVATION:
2158 	case ZFS_PROP_REFRESERVATION:
2159 
2160 		if (get_numeric_property(zhp, prop, src, &source, &val) != 0)
2161 			return (-1);
2162 
2163 		/*
2164 		 * If quota or reservation is 0, we translate this into 'none'
2165 		 * (unless literal is set), and indicate that it's the default
2166 		 * value.  Otherwise, we print the number nicely and indicate
2167 		 * that its set locally.
2168 		 */
2169 		if (val == 0) {
2170 			if (literal)
2171 				(void) strlcpy(propbuf, "0", proplen);
2172 			else
2173 				(void) strlcpy(propbuf, "none", proplen);
2174 		} else {
2175 			if (literal)
2176 				(void) snprintf(propbuf, proplen, "%llu",
2177 				    (u_longlong_t)val);
2178 			else
2179 				zfs_nicenum(val, propbuf, proplen);
2180 		}
2181 		break;
2182 
2183 	case ZFS_PROP_COMPRESSRATIO:
2184 		if (get_numeric_property(zhp, prop, src, &source, &val) != 0)
2185 			return (-1);
2186 		(void) snprintf(propbuf, proplen, "%lld.%02lldx", (longlong_t)
2187 		    val / 100, (longlong_t)val % 100);
2188 		break;
2189 
2190 	case ZFS_PROP_TYPE:
2191 		switch (zhp->zfs_type) {
2192 		case ZFS_TYPE_FILESYSTEM:
2193 			str = "filesystem";
2194 			break;
2195 		case ZFS_TYPE_VOLUME:
2196 			str = "volume";
2197 			break;
2198 		case ZFS_TYPE_SNAPSHOT:
2199 			str = "snapshot";
2200 			break;
2201 		default:
2202 			abort();
2203 		}
2204 		(void) snprintf(propbuf, proplen, "%s", str);
2205 		break;
2206 
2207 	case ZFS_PROP_MOUNTED:
2208 		/*
2209 		 * The 'mounted' property is a pseudo-property that described
2210 		 * whether the filesystem is currently mounted.  Even though
2211 		 * it's a boolean value, the typical values of "on" and "off"
2212 		 * don't make sense, so we translate to "yes" and "no".
2213 		 */
2214 		if (get_numeric_property(zhp, ZFS_PROP_MOUNTED,
2215 		    src, &source, &val) != 0)
2216 			return (-1);
2217 		if (val)
2218 			(void) strlcpy(propbuf, "yes", proplen);
2219 		else
2220 			(void) strlcpy(propbuf, "no", proplen);
2221 		break;
2222 
2223 	case ZFS_PROP_NAME:
2224 		/*
2225 		 * The 'name' property is a pseudo-property derived from the
2226 		 * dataset name.  It is presented as a real property to simplify
2227 		 * consumers.
2228 		 */
2229 		(void) strlcpy(propbuf, zhp->zfs_name, proplen);
2230 		break;
2231 
2232 	default:
2233 		switch (zfs_prop_get_type(prop)) {
2234 		case PROP_TYPE_NUMBER:
2235 			if (get_numeric_property(zhp, prop, src,
2236 			    &source, &val) != 0)
2237 				return (-1);
2238 			if (literal)
2239 				(void) snprintf(propbuf, proplen, "%llu",
2240 				    (u_longlong_t)val);
2241 			else
2242 				zfs_nicenum(val, propbuf, proplen);
2243 			break;
2244 
2245 		case PROP_TYPE_STRING:
2246 			(void) strlcpy(propbuf,
2247 			    getprop_string(zhp, prop, &source), proplen);
2248 			break;
2249 
2250 		case PROP_TYPE_INDEX:
2251 			if (get_numeric_property(zhp, prop, src,
2252 			    &source, &val) != 0)
2253 				return (-1);
2254 			if (zfs_prop_index_to_string(prop, val, &strval) != 0)
2255 				return (-1);
2256 			(void) strlcpy(propbuf, strval, proplen);
2257 			break;
2258 
2259 		default:
2260 			abort();
2261 		}
2262 	}
2263 
2264 	get_source(zhp, src, source, statbuf, statlen);
2265 
2266 	return (0);
2267 }
2268 
2269 /*
2270  * Utility function to get the given numeric property.  Does no validation that
2271  * the given property is the appropriate type; should only be used with
2272  * hard-coded property types.
2273  */
2274 uint64_t
2275 zfs_prop_get_int(zfs_handle_t *zhp, zfs_prop_t prop)
2276 {
2277 	char *source;
2278 	uint64_t val;
2279 
2280 	(void) get_numeric_property(zhp, prop, NULL, &source, &val);
2281 
2282 	return (val);
2283 }
2284 
2285 /*
2286  * Similar to zfs_prop_get(), but returns the value as an integer.
2287  */
2288 int
2289 zfs_prop_get_numeric(zfs_handle_t *zhp, zfs_prop_t prop, uint64_t *value,
2290     zprop_source_t *src, char *statbuf, size_t statlen)
2291 {
2292 	char *source;
2293 
2294 	/*
2295 	 * Check to see if this property applies to our object
2296 	 */
2297 	if (!zfs_prop_valid_for_type(prop, zhp->zfs_type)) {
2298 		return (zfs_error_fmt(zhp->zfs_hdl, EZFS_PROPTYPE,
2299 		    dgettext(TEXT_DOMAIN, "cannot get property '%s'"),
2300 		    zfs_prop_to_name(prop)));
2301 	}
2302 
2303 	if (src)
2304 		*src = ZPROP_SRC_NONE;
2305 
2306 	if (get_numeric_property(zhp, prop, src, &source, value) != 0)
2307 		return (-1);
2308 
2309 	get_source(zhp, src, source, statbuf, statlen);
2310 
2311 	return (0);
2312 }
2313 
2314 /*
2315  * Returns the name of the given zfs handle.
2316  */
2317 const char *
2318 zfs_get_name(const zfs_handle_t *zhp)
2319 {
2320 	return (zhp->zfs_name);
2321 }
2322 
2323 /*
2324  * Returns the type of the given zfs handle.
2325  */
2326 zfs_type_t
2327 zfs_get_type(const zfs_handle_t *zhp)
2328 {
2329 	return (zhp->zfs_type);
2330 }
2331 
2332 /*
2333  * Iterate over all child filesystems
2334  */
2335 int
2336 zfs_iter_filesystems(zfs_handle_t *zhp, zfs_iter_f func, void *data)
2337 {
2338 	zfs_cmd_t zc = { 0 };
2339 	zfs_handle_t *nzhp;
2340 	int ret;
2341 
2342 	if (zhp->zfs_type != ZFS_TYPE_FILESYSTEM)
2343 		return (0);
2344 
2345 	for ((void) strlcpy(zc.zc_name, zhp->zfs_name, sizeof (zc.zc_name));
2346 	    ioctl(zhp->zfs_hdl->libzfs_fd, ZFS_IOC_DATASET_LIST_NEXT, &zc) == 0;
2347 	    (void) strlcpy(zc.zc_name, zhp->zfs_name, sizeof (zc.zc_name))) {
2348 		/*
2349 		 * Ignore private dataset names.
2350 		 */
2351 		if (dataset_name_hidden(zc.zc_name))
2352 			continue;
2353 
2354 		/*
2355 		 * Silently ignore errors, as the only plausible explanation is
2356 		 * that the pool has since been removed.
2357 		 */
2358 		if ((nzhp = make_dataset_handle(zhp->zfs_hdl,
2359 		    zc.zc_name)) == NULL)
2360 			continue;
2361 
2362 		if ((ret = func(nzhp, data)) != 0)
2363 			return (ret);
2364 	}
2365 
2366 	/*
2367 	 * An errno value of ESRCH indicates normal completion.  If ENOENT is
2368 	 * returned, then the underlying dataset has been removed since we
2369 	 * obtained the handle.
2370 	 */
2371 	if (errno != ESRCH && errno != ENOENT)
2372 		return (zfs_standard_error(zhp->zfs_hdl, errno,
2373 		    dgettext(TEXT_DOMAIN, "cannot iterate filesystems")));
2374 
2375 	return (0);
2376 }
2377 
2378 /*
2379  * Iterate over all snapshots
2380  */
2381 int
2382 zfs_iter_snapshots(zfs_handle_t *zhp, zfs_iter_f func, void *data)
2383 {
2384 	zfs_cmd_t zc = { 0 };
2385 	zfs_handle_t *nzhp;
2386 	int ret;
2387 
2388 	if (zhp->zfs_type == ZFS_TYPE_SNAPSHOT)
2389 		return (0);
2390 
2391 	for ((void) strlcpy(zc.zc_name, zhp->zfs_name, sizeof (zc.zc_name));
2392 	    ioctl(zhp->zfs_hdl->libzfs_fd, ZFS_IOC_SNAPSHOT_LIST_NEXT,
2393 	    &zc) == 0;
2394 	    (void) strlcpy(zc.zc_name, zhp->zfs_name, sizeof (zc.zc_name))) {
2395 
2396 		if ((nzhp = make_dataset_handle(zhp->zfs_hdl,
2397 		    zc.zc_name)) == NULL)
2398 			continue;
2399 
2400 		if ((ret = func(nzhp, data)) != 0)
2401 			return (ret);
2402 	}
2403 
2404 	/*
2405 	 * An errno value of ESRCH indicates normal completion.  If ENOENT is
2406 	 * returned, then the underlying dataset has been removed since we
2407 	 * obtained the handle.  Silently ignore this case, and return success.
2408 	 */
2409 	if (errno != ESRCH && errno != ENOENT)
2410 		return (zfs_standard_error(zhp->zfs_hdl, errno,
2411 		    dgettext(TEXT_DOMAIN, "cannot iterate filesystems")));
2412 
2413 	return (0);
2414 }
2415 
2416 /*
2417  * Iterate over all children, snapshots and filesystems
2418  */
2419 int
2420 zfs_iter_children(zfs_handle_t *zhp, zfs_iter_f func, void *data)
2421 {
2422 	int ret;
2423 
2424 	if ((ret = zfs_iter_filesystems(zhp, func, data)) != 0)
2425 		return (ret);
2426 
2427 	return (zfs_iter_snapshots(zhp, func, data));
2428 }
2429 
2430 /*
2431  * Given a complete name, return just the portion that refers to the parent.
2432  * Can return NULL if this is a pool.
2433  */
2434 static int
2435 parent_name(const char *path, char *buf, size_t buflen)
2436 {
2437 	char *loc;
2438 
2439 	if ((loc = strrchr(path, '/')) == NULL)
2440 		return (-1);
2441 
2442 	(void) strncpy(buf, path, MIN(buflen, loc - path));
2443 	buf[loc - path] = '\0';
2444 
2445 	return (0);
2446 }
2447 
2448 /*
2449  * If accept_ancestor is false, then check to make sure that the given path has
2450  * a parent, and that it exists.  If accept_ancestor is true, then find the
2451  * closest existing ancestor for the given path.  In prefixlen return the
2452  * length of already existing prefix of the given path.  We also fetch the
2453  * 'zoned' property, which is used to validate property settings when creating
2454  * new datasets.
2455  */
2456 static int
2457 check_parents(libzfs_handle_t *hdl, const char *path, uint64_t *zoned,
2458     boolean_t accept_ancestor, int *prefixlen)
2459 {
2460 	zfs_cmd_t zc = { 0 };
2461 	char parent[ZFS_MAXNAMELEN];
2462 	char *slash;
2463 	zfs_handle_t *zhp;
2464 	char errbuf[1024];
2465 
2466 	(void) snprintf(errbuf, sizeof (errbuf), "cannot create '%s'",
2467 	    path);
2468 
2469 	/* get parent, and check to see if this is just a pool */
2470 	if (parent_name(path, parent, sizeof (parent)) != 0) {
2471 		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
2472 		    "missing dataset name"));
2473 		return (zfs_error(hdl, EZFS_INVALIDNAME, errbuf));
2474 	}
2475 
2476 	/* check to see if the pool exists */
2477 	if ((slash = strchr(parent, '/')) == NULL)
2478 		slash = parent + strlen(parent);
2479 	(void) strncpy(zc.zc_name, parent, slash - parent);
2480 	zc.zc_name[slash - parent] = '\0';
2481 	if (ioctl(hdl->libzfs_fd, ZFS_IOC_OBJSET_STATS, &zc) != 0 &&
2482 	    errno == ENOENT) {
2483 		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
2484 		    "no such pool '%s'"), zc.zc_name);
2485 		return (zfs_error(hdl, EZFS_NOENT, errbuf));
2486 	}
2487 
2488 	/* check to see if the parent dataset exists */
2489 	while ((zhp = make_dataset_handle(hdl, parent)) == NULL) {
2490 		if (errno == ENOENT && accept_ancestor) {
2491 			/*
2492 			 * Go deeper to find an ancestor, give up on top level.
2493 			 */
2494 			if (parent_name(parent, parent, sizeof (parent)) != 0) {
2495 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
2496 				    "no such pool '%s'"), zc.zc_name);
2497 				return (zfs_error(hdl, EZFS_NOENT, errbuf));
2498 			}
2499 		} else if (errno == ENOENT) {
2500 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
2501 			    "parent does not exist"));
2502 			return (zfs_error(hdl, EZFS_NOENT, errbuf));
2503 		} else
2504 			return (zfs_standard_error(hdl, errno, errbuf));
2505 	}
2506 
2507 	*zoned = zfs_prop_get_int(zhp, ZFS_PROP_ZONED);
2508 	/* we are in a non-global zone, but parent is in the global zone */
2509 	if (getzoneid() != GLOBAL_ZONEID && !(*zoned)) {
2510 		(void) zfs_standard_error(hdl, EPERM, errbuf);
2511 		zfs_close(zhp);
2512 		return (-1);
2513 	}
2514 
2515 	/* make sure parent is a filesystem */
2516 	if (zfs_get_type(zhp) != ZFS_TYPE_FILESYSTEM) {
2517 		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
2518 		    "parent is not a filesystem"));
2519 		(void) zfs_error(hdl, EZFS_BADTYPE, errbuf);
2520 		zfs_close(zhp);
2521 		return (-1);
2522 	}
2523 
2524 	zfs_close(zhp);
2525 	if (prefixlen != NULL)
2526 		*prefixlen = strlen(parent);
2527 	return (0);
2528 }
2529 
2530 /*
2531  * Finds whether the dataset of the given type(s) exists.
2532  */
2533 boolean_t
2534 zfs_dataset_exists(libzfs_handle_t *hdl, const char *path, zfs_type_t types)
2535 {
2536 	zfs_handle_t *zhp;
2537 
2538 	if (!zfs_validate_name(hdl, path, types, B_FALSE))
2539 		return (B_FALSE);
2540 
2541 	/*
2542 	 * Try to get stats for the dataset, which will tell us if it exists.
2543 	 */
2544 	if ((zhp = make_dataset_handle(hdl, path)) != NULL) {
2545 		int ds_type = zhp->zfs_type;
2546 
2547 		zfs_close(zhp);
2548 		if (types & ds_type)
2549 			return (B_TRUE);
2550 	}
2551 	return (B_FALSE);
2552 }
2553 
2554 /*
2555  * Given a path to 'target', create all the ancestors between
2556  * the prefixlen portion of the path, and the target itself.
2557  * Fail if the initial prefixlen-ancestor does not already exist.
2558  */
2559 int
2560 create_parents(libzfs_handle_t *hdl, char *target, int prefixlen)
2561 {
2562 	zfs_handle_t *h;
2563 	char *cp;
2564 	const char *opname;
2565 
2566 	/* make sure prefix exists */
2567 	cp = target + prefixlen;
2568 	if (*cp != '/') {
2569 		assert(strchr(cp, '/') == NULL);
2570 		h = zfs_open(hdl, target, ZFS_TYPE_FILESYSTEM);
2571 	} else {
2572 		*cp = '\0';
2573 		h = zfs_open(hdl, target, ZFS_TYPE_FILESYSTEM);
2574 		*cp = '/';
2575 	}
2576 	if (h == NULL)
2577 		return (-1);
2578 	zfs_close(h);
2579 
2580 	/*
2581 	 * Attempt to create, mount, and share any ancestor filesystems,
2582 	 * up to the prefixlen-long one.
2583 	 */
2584 	for (cp = target + prefixlen + 1;
2585 	    cp = strchr(cp, '/'); *cp = '/', cp++) {
2586 		char *logstr;
2587 
2588 		*cp = '\0';
2589 
2590 		h = make_dataset_handle(hdl, target);
2591 		if (h) {
2592 			/* it already exists, nothing to do here */
2593 			zfs_close(h);
2594 			continue;
2595 		}
2596 
2597 		logstr = hdl->libzfs_log_str;
2598 		hdl->libzfs_log_str = NULL;
2599 		if (zfs_create(hdl, target, ZFS_TYPE_FILESYSTEM,
2600 		    NULL) != 0) {
2601 			hdl->libzfs_log_str = logstr;
2602 			opname = dgettext(TEXT_DOMAIN, "create");
2603 			goto ancestorerr;
2604 		}
2605 
2606 		hdl->libzfs_log_str = logstr;
2607 		h = zfs_open(hdl, target, ZFS_TYPE_FILESYSTEM);
2608 		if (h == NULL) {
2609 			opname = dgettext(TEXT_DOMAIN, "open");
2610 			goto ancestorerr;
2611 		}
2612 
2613 		if (zfs_mount(h, NULL, 0) != 0) {
2614 			opname = dgettext(TEXT_DOMAIN, "mount");
2615 			goto ancestorerr;
2616 		}
2617 
2618 		if (zfs_share(h) != 0) {
2619 			opname = dgettext(TEXT_DOMAIN, "share");
2620 			goto ancestorerr;
2621 		}
2622 
2623 		zfs_close(h);
2624 	}
2625 
2626 	return (0);
2627 
2628 ancestorerr:
2629 	zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
2630 	    "failed to %s ancestor '%s'"), opname, target);
2631 	return (-1);
2632 }
2633 
2634 /*
2635  * Creates non-existing ancestors of the given path.
2636  */
2637 int
2638 zfs_create_ancestors(libzfs_handle_t *hdl, const char *path)
2639 {
2640 	int prefix;
2641 	uint64_t zoned;
2642 	char *path_copy;
2643 	int rc;
2644 
2645 	if (check_parents(hdl, path, &zoned, B_TRUE, &prefix) != 0)
2646 		return (-1);
2647 
2648 	if ((path_copy = strdup(path)) != NULL) {
2649 		rc = create_parents(hdl, path_copy, prefix);
2650 		free(path_copy);
2651 	}
2652 	if (path_copy == NULL || rc != 0)
2653 		return (-1);
2654 
2655 	return (0);
2656 }
2657 
2658 /*
2659  * Create a new filesystem or volume.
2660  */
2661 int
2662 zfs_create(libzfs_handle_t *hdl, const char *path, zfs_type_t type,
2663     nvlist_t *props)
2664 {
2665 	zfs_cmd_t zc = { 0 };
2666 	int ret;
2667 	uint64_t size = 0;
2668 	uint64_t blocksize = zfs_prop_default_numeric(ZFS_PROP_VOLBLOCKSIZE);
2669 	char errbuf[1024];
2670 	uint64_t zoned;
2671 
2672 	(void) snprintf(errbuf, sizeof (errbuf), dgettext(TEXT_DOMAIN,
2673 	    "cannot create '%s'"), path);
2674 
2675 	/* validate the path, taking care to note the extended error message */
2676 	if (!zfs_validate_name(hdl, path, type, B_TRUE))
2677 		return (zfs_error(hdl, EZFS_INVALIDNAME, errbuf));
2678 
2679 	/* validate parents exist */
2680 	if (check_parents(hdl, path, &zoned, B_FALSE, NULL) != 0)
2681 		return (-1);
2682 
2683 	/*
2684 	 * The failure modes when creating a dataset of a different type over
2685 	 * one that already exists is a little strange.  In particular, if you
2686 	 * try to create a dataset on top of an existing dataset, the ioctl()
2687 	 * will return ENOENT, not EEXIST.  To prevent this from happening, we
2688 	 * first try to see if the dataset exists.
2689 	 */
2690 	(void) strlcpy(zc.zc_name, path, sizeof (zc.zc_name));
2691 	if (zfs_dataset_exists(hdl, zc.zc_name, ZFS_TYPE_DATASET)) {
2692 		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
2693 		    "dataset already exists"));
2694 		return (zfs_error(hdl, EZFS_EXISTS, errbuf));
2695 	}
2696 
2697 	if (type == ZFS_TYPE_VOLUME)
2698 		zc.zc_objset_type = DMU_OST_ZVOL;
2699 	else
2700 		zc.zc_objset_type = DMU_OST_ZFS;
2701 
2702 	if (props && (props = zfs_validate_properties(hdl, type, props,
2703 	    zoned, NULL, errbuf)) == 0)
2704 		return (-1);
2705 
2706 	if (type == ZFS_TYPE_VOLUME) {
2707 		/*
2708 		 * If we are creating a volume, the size and block size must
2709 		 * satisfy a few restraints.  First, the blocksize must be a
2710 		 * valid block size between SPA_{MIN,MAX}BLOCKSIZE.  Second, the
2711 		 * volsize must be a multiple of the block size, and cannot be
2712 		 * zero.
2713 		 */
2714 		if (props == NULL || nvlist_lookup_uint64(props,
2715 		    zfs_prop_to_name(ZFS_PROP_VOLSIZE), &size) != 0) {
2716 			nvlist_free(props);
2717 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
2718 			    "missing volume size"));
2719 			return (zfs_error(hdl, EZFS_BADPROP, errbuf));
2720 		}
2721 
2722 		if ((ret = nvlist_lookup_uint64(props,
2723 		    zfs_prop_to_name(ZFS_PROP_VOLBLOCKSIZE),
2724 		    &blocksize)) != 0) {
2725 			if (ret == ENOENT) {
2726 				blocksize = zfs_prop_default_numeric(
2727 				    ZFS_PROP_VOLBLOCKSIZE);
2728 			} else {
2729 				nvlist_free(props);
2730 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
2731 				    "missing volume block size"));
2732 				return (zfs_error(hdl, EZFS_BADPROP, errbuf));
2733 			}
2734 		}
2735 
2736 		if (size == 0) {
2737 			nvlist_free(props);
2738 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
2739 			    "volume size cannot be zero"));
2740 			return (zfs_error(hdl, EZFS_BADPROP, errbuf));
2741 		}
2742 
2743 		if (size % blocksize != 0) {
2744 			nvlist_free(props);
2745 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
2746 			    "volume size must be a multiple of volume block "
2747 			    "size"));
2748 			return (zfs_error(hdl, EZFS_BADPROP, errbuf));
2749 		}
2750 	}
2751 
2752 	if (props && zcmd_write_src_nvlist(hdl, &zc, props) != 0)
2753 		return (-1);
2754 	nvlist_free(props);
2755 
2756 	/* create the dataset */
2757 	ret = zfs_ioctl(hdl, ZFS_IOC_CREATE, &zc);
2758 
2759 	if (ret == 0 && type == ZFS_TYPE_VOLUME) {
2760 		ret = zvol_create_link(hdl, path);
2761 		if (ret) {
2762 			(void) zfs_standard_error(hdl, errno,
2763 			    dgettext(TEXT_DOMAIN,
2764 			    "Volume successfully created, but device links "
2765 			    "were not created"));
2766 			zcmd_free_nvlists(&zc);
2767 			return (-1);
2768 		}
2769 	}
2770 
2771 	zcmd_free_nvlists(&zc);
2772 
2773 	/* check for failure */
2774 	if (ret != 0) {
2775 		char parent[ZFS_MAXNAMELEN];
2776 		(void) parent_name(path, parent, sizeof (parent));
2777 
2778 		switch (errno) {
2779 		case ENOENT:
2780 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
2781 			    "no such parent '%s'"), parent);
2782 			return (zfs_error(hdl, EZFS_NOENT, errbuf));
2783 
2784 		case EINVAL:
2785 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
2786 			    "parent '%s' is not a filesystem"), parent);
2787 			return (zfs_error(hdl, EZFS_BADTYPE, errbuf));
2788 
2789 		case EDOM:
2790 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
2791 			    "volume block size must be power of 2 from "
2792 			    "%u to %uk"),
2793 			    (uint_t)SPA_MINBLOCKSIZE,
2794 			    (uint_t)SPA_MAXBLOCKSIZE >> 10);
2795 
2796 			return (zfs_error(hdl, EZFS_BADPROP, errbuf));
2797 
2798 		case ENOTSUP:
2799 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
2800 			    "pool must be upgraded to set this "
2801 			    "property or value"));
2802 			return (zfs_error(hdl, EZFS_BADVERSION, errbuf));
2803 
2804 #ifdef _ILP32
2805 		case EOVERFLOW:
2806 			/*
2807 			 * This platform can't address a volume this big.
2808 			 */
2809 			if (type == ZFS_TYPE_VOLUME)
2810 				return (zfs_error(hdl, EZFS_VOLTOOBIG,
2811 				    errbuf));
2812 #endif
2813 			/* FALLTHROUGH */
2814 		default:
2815 			return (zfs_standard_error(hdl, errno, errbuf));
2816 		}
2817 	}
2818 
2819 	return (0);
2820 }
2821 
2822 /*
2823  * Destroys the given dataset.  The caller must make sure that the filesystem
2824  * isn't mounted, and that there are no active dependents.
2825  */
2826 int
2827 zfs_destroy(zfs_handle_t *zhp)
2828 {
2829 	zfs_cmd_t zc = { 0 };
2830 
2831 	(void) strlcpy(zc.zc_name, zhp->zfs_name, sizeof (zc.zc_name));
2832 
2833 	if (ZFS_IS_VOLUME(zhp)) {
2834 		/*
2835 		 * If user doesn't have permissions to unshare volume, then
2836 		 * abort the request.  This would only happen for a
2837 		 * non-privileged user.
2838 		 */
2839 		if (zfs_unshare_iscsi(zhp) != 0) {
2840 			return (-1);
2841 		}
2842 
2843 		if (zvol_remove_link(zhp->zfs_hdl, zhp->zfs_name) != 0)
2844 			return (-1);
2845 
2846 		zc.zc_objset_type = DMU_OST_ZVOL;
2847 	} else {
2848 		zc.zc_objset_type = DMU_OST_ZFS;
2849 	}
2850 
2851 	if (zfs_ioctl(zhp->zfs_hdl, ZFS_IOC_DESTROY, &zc) != 0) {
2852 		return (zfs_standard_error_fmt(zhp->zfs_hdl, errno,
2853 		    dgettext(TEXT_DOMAIN, "cannot destroy '%s'"),
2854 		    zhp->zfs_name));
2855 	}
2856 
2857 	remove_mountpoint(zhp);
2858 
2859 	return (0);
2860 }
2861 
2862 struct destroydata {
2863 	char *snapname;
2864 	boolean_t gotone;
2865 	boolean_t closezhp;
2866 };
2867 
2868 static int
2869 zfs_remove_link_cb(zfs_handle_t *zhp, void *arg)
2870 {
2871 	struct destroydata *dd = arg;
2872 	zfs_handle_t *szhp;
2873 	char name[ZFS_MAXNAMELEN];
2874 	boolean_t closezhp = dd->closezhp;
2875 	int rv;
2876 
2877 	(void) strlcpy(name, zhp->zfs_name, sizeof (name));
2878 	(void) strlcat(name, "@", sizeof (name));
2879 	(void) strlcat(name, dd->snapname, sizeof (name));
2880 
2881 	szhp = make_dataset_handle(zhp->zfs_hdl, name);
2882 	if (szhp) {
2883 		dd->gotone = B_TRUE;
2884 		zfs_close(szhp);
2885 	}
2886 
2887 	if (zhp->zfs_type == ZFS_TYPE_VOLUME) {
2888 		(void) zvol_remove_link(zhp->zfs_hdl, name);
2889 		/*
2890 		 * NB: this is simply a best-effort.  We don't want to
2891 		 * return an error, because then we wouldn't visit all
2892 		 * the volumes.
2893 		 */
2894 	}
2895 
2896 	dd->closezhp = B_TRUE;
2897 	rv = zfs_iter_filesystems(zhp, zfs_remove_link_cb, arg);
2898 	if (closezhp)
2899 		zfs_close(zhp);
2900 	return (rv);
2901 }
2902 
2903 /*
2904  * Destroys all snapshots with the given name in zhp & descendants.
2905  */
2906 int
2907 zfs_destroy_snaps(zfs_handle_t *zhp, char *snapname)
2908 {
2909 	zfs_cmd_t zc = { 0 };
2910 	int ret;
2911 	struct destroydata dd = { 0 };
2912 
2913 	dd.snapname = snapname;
2914 	(void) zfs_remove_link_cb(zhp, &dd);
2915 
2916 	if (!dd.gotone) {
2917 		return (zfs_standard_error_fmt(zhp->zfs_hdl, ENOENT,
2918 		    dgettext(TEXT_DOMAIN, "cannot destroy '%s@%s'"),
2919 		    zhp->zfs_name, snapname));
2920 	}
2921 
2922 	(void) strlcpy(zc.zc_name, zhp->zfs_name, sizeof (zc.zc_name));
2923 	(void) strlcpy(zc.zc_value, snapname, sizeof (zc.zc_value));
2924 
2925 	ret = zfs_ioctl(zhp->zfs_hdl, ZFS_IOC_DESTROY_SNAPS, &zc);
2926 	if (ret != 0) {
2927 		char errbuf[1024];
2928 
2929 		(void) snprintf(errbuf, sizeof (errbuf), dgettext(TEXT_DOMAIN,
2930 		    "cannot destroy '%s@%s'"), zc.zc_name, snapname);
2931 
2932 		switch (errno) {
2933 		case EEXIST:
2934 			zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
2935 			    "snapshot is cloned"));
2936 			return (zfs_error(zhp->zfs_hdl, EZFS_EXISTS, errbuf));
2937 
2938 		default:
2939 			return (zfs_standard_error(zhp->zfs_hdl, errno,
2940 			    errbuf));
2941 		}
2942 	}
2943 
2944 	return (0);
2945 }
2946 
2947 /*
2948  * Clones the given dataset.  The target must be of the same type as the source.
2949  */
2950 int
2951 zfs_clone(zfs_handle_t *zhp, const char *target, nvlist_t *props)
2952 {
2953 	zfs_cmd_t zc = { 0 };
2954 	char parent[ZFS_MAXNAMELEN];
2955 	int ret;
2956 	char errbuf[1024];
2957 	libzfs_handle_t *hdl = zhp->zfs_hdl;
2958 	zfs_type_t type;
2959 	uint64_t zoned;
2960 
2961 	assert(zhp->zfs_type == ZFS_TYPE_SNAPSHOT);
2962 
2963 	(void) snprintf(errbuf, sizeof (errbuf), dgettext(TEXT_DOMAIN,
2964 	    "cannot create '%s'"), target);
2965 
2966 	/* validate the target name */
2967 	if (!zfs_validate_name(hdl, target, ZFS_TYPE_FILESYSTEM, B_TRUE))
2968 		return (zfs_error(hdl, EZFS_INVALIDNAME, errbuf));
2969 
2970 	/* validate parents exist */
2971 	if (check_parents(hdl, target, &zoned, B_FALSE, NULL) != 0)
2972 		return (-1);
2973 
2974 	(void) parent_name(target, parent, sizeof (parent));
2975 
2976 	/* do the clone */
2977 	if (ZFS_IS_VOLUME(zhp)) {
2978 		zc.zc_objset_type = DMU_OST_ZVOL;
2979 		type = ZFS_TYPE_VOLUME;
2980 	} else {
2981 		zc.zc_objset_type = DMU_OST_ZFS;
2982 		type = ZFS_TYPE_FILESYSTEM;
2983 	}
2984 
2985 	if (props) {
2986 		if ((props = zfs_validate_properties(hdl, type, props,
2987 		    zoned, zhp, errbuf)) == NULL)
2988 			return (-1);
2989 
2990 		if (zcmd_write_src_nvlist(hdl, &zc, props) != 0) {
2991 			nvlist_free(props);
2992 			return (-1);
2993 		}
2994 
2995 		nvlist_free(props);
2996 	}
2997 
2998 	(void) strlcpy(zc.zc_name, target, sizeof (zc.zc_name));
2999 	(void) strlcpy(zc.zc_value, zhp->zfs_name, sizeof (zc.zc_value));
3000 	ret = zfs_ioctl(zhp->zfs_hdl, ZFS_IOC_CREATE, &zc);
3001 
3002 	zcmd_free_nvlists(&zc);
3003 
3004 	if (ret != 0) {
3005 		switch (errno) {
3006 
3007 		case ENOENT:
3008 			/*
3009 			 * The parent doesn't exist.  We should have caught this
3010 			 * above, but there may a race condition that has since
3011 			 * destroyed the parent.
3012 			 *
3013 			 * At this point, we don't know whether it's the source
3014 			 * that doesn't exist anymore, or whether the target
3015 			 * dataset doesn't exist.
3016 			 */
3017 			zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
3018 			    "no such parent '%s'"), parent);
3019 			return (zfs_error(zhp->zfs_hdl, EZFS_NOENT, errbuf));
3020 
3021 		case EXDEV:
3022 			zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
3023 			    "source and target pools differ"));
3024 			return (zfs_error(zhp->zfs_hdl, EZFS_CROSSTARGET,
3025 			    errbuf));
3026 
3027 		default:
3028 			return (zfs_standard_error(zhp->zfs_hdl, errno,
3029 			    errbuf));
3030 		}
3031 	} else if (ZFS_IS_VOLUME(zhp)) {
3032 		ret = zvol_create_link(zhp->zfs_hdl, target);
3033 	}
3034 
3035 	return (ret);
3036 }
3037 
3038 typedef struct promote_data {
3039 	char cb_mountpoint[MAXPATHLEN];
3040 	const char *cb_target;
3041 	const char *cb_errbuf;
3042 	uint64_t cb_pivot_txg;
3043 } promote_data_t;
3044 
3045 static int
3046 promote_snap_cb(zfs_handle_t *zhp, void *data)
3047 {
3048 	promote_data_t *pd = data;
3049 	zfs_handle_t *szhp;
3050 	char snapname[MAXPATHLEN];
3051 	int rv = 0;
3052 
3053 	/* We don't care about snapshots after the pivot point */
3054 	if (zfs_prop_get_int(zhp, ZFS_PROP_CREATETXG) > pd->cb_pivot_txg) {
3055 		zfs_close(zhp);
3056 		return (0);
3057 	}
3058 
3059 	/* Remove the device link if it's a zvol. */
3060 	if (ZFS_IS_VOLUME(zhp))
3061 		(void) zvol_remove_link(zhp->zfs_hdl, zhp->zfs_name);
3062 
3063 	/* Check for conflicting names */
3064 	(void) strlcpy(snapname, pd->cb_target, sizeof (snapname));
3065 	(void) strlcat(snapname, strchr(zhp->zfs_name, '@'), sizeof (snapname));
3066 	szhp = make_dataset_handle(zhp->zfs_hdl, snapname);
3067 	if (szhp != NULL) {
3068 		zfs_close(szhp);
3069 		zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
3070 		    "snapshot name '%s' from origin \n"
3071 		    "conflicts with '%s' from target"),
3072 		    zhp->zfs_name, snapname);
3073 		rv = zfs_error(zhp->zfs_hdl, EZFS_EXISTS, pd->cb_errbuf);
3074 	}
3075 	zfs_close(zhp);
3076 	return (rv);
3077 }
3078 
3079 static int
3080 promote_snap_done_cb(zfs_handle_t *zhp, void *data)
3081 {
3082 	promote_data_t *pd = data;
3083 
3084 	/* We don't care about snapshots after the pivot point */
3085 	if (zfs_prop_get_int(zhp, ZFS_PROP_CREATETXG) <= pd->cb_pivot_txg) {
3086 		/* Create the device link if it's a zvol. */
3087 		if (ZFS_IS_VOLUME(zhp))
3088 			(void) zvol_create_link(zhp->zfs_hdl, zhp->zfs_name);
3089 	}
3090 
3091 	zfs_close(zhp);
3092 	return (0);
3093 }
3094 
3095 /*
3096  * Promotes the given clone fs to be the clone parent.
3097  */
3098 int
3099 zfs_promote(zfs_handle_t *zhp)
3100 {
3101 	libzfs_handle_t *hdl = zhp->zfs_hdl;
3102 	zfs_cmd_t zc = { 0 };
3103 	char parent[MAXPATHLEN];
3104 	char *cp;
3105 	int ret;
3106 	zfs_handle_t *pzhp;
3107 	promote_data_t pd;
3108 	char errbuf[1024];
3109 
3110 	(void) snprintf(errbuf, sizeof (errbuf), dgettext(TEXT_DOMAIN,
3111 	    "cannot promote '%s'"), zhp->zfs_name);
3112 
3113 	if (zhp->zfs_type == ZFS_TYPE_SNAPSHOT) {
3114 		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
3115 		    "snapshots can not be promoted"));
3116 		return (zfs_error(hdl, EZFS_BADTYPE, errbuf));
3117 	}
3118 
3119 	(void) strlcpy(parent, zhp->zfs_dmustats.dds_origin, sizeof (parent));
3120 	if (parent[0] == '\0') {
3121 		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
3122 		    "not a cloned filesystem"));
3123 		return (zfs_error(hdl, EZFS_BADTYPE, errbuf));
3124 	}
3125 	cp = strchr(parent, '@');
3126 	*cp = '\0';
3127 
3128 	/* Walk the snapshots we will be moving */
3129 	pzhp = zfs_open(hdl, zhp->zfs_dmustats.dds_origin, ZFS_TYPE_SNAPSHOT);
3130 	if (pzhp == NULL)
3131 		return (-1);
3132 	pd.cb_pivot_txg = zfs_prop_get_int(pzhp, ZFS_PROP_CREATETXG);
3133 	zfs_close(pzhp);
3134 	pd.cb_target = zhp->zfs_name;
3135 	pd.cb_errbuf = errbuf;
3136 	pzhp = zfs_open(hdl, parent, ZFS_TYPE_DATASET);
3137 	if (pzhp == NULL)
3138 		return (-1);
3139 	(void) zfs_prop_get(pzhp, ZFS_PROP_MOUNTPOINT, pd.cb_mountpoint,
3140 	    sizeof (pd.cb_mountpoint), NULL, NULL, 0, FALSE);
3141 	ret = zfs_iter_snapshots(pzhp, promote_snap_cb, &pd);
3142 	if (ret != 0) {
3143 		zfs_close(pzhp);
3144 		return (-1);
3145 	}
3146 
3147 	/* issue the ioctl */
3148 	(void) strlcpy(zc.zc_value, zhp->zfs_dmustats.dds_origin,
3149 	    sizeof (zc.zc_value));
3150 	(void) strlcpy(zc.zc_name, zhp->zfs_name, sizeof (zc.zc_name));
3151 	ret = zfs_ioctl(hdl, ZFS_IOC_PROMOTE, &zc);
3152 
3153 	if (ret != 0) {
3154 		int save_errno = errno;
3155 
3156 		(void) zfs_iter_snapshots(pzhp, promote_snap_done_cb, &pd);
3157 		zfs_close(pzhp);
3158 
3159 		switch (save_errno) {
3160 		case EEXIST:
3161 			/*
3162 			 * There is a conflicting snapshot name.  We
3163 			 * should have caught this above, but they could
3164 			 * have renamed something in the mean time.
3165 			 */
3166 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
3167 			    "conflicting snapshot name from parent '%s'"),
3168 			    parent);
3169 			return (zfs_error(hdl, EZFS_EXISTS, errbuf));
3170 
3171 		default:
3172 			return (zfs_standard_error(hdl, save_errno, errbuf));
3173 		}
3174 	} else {
3175 		(void) zfs_iter_snapshots(zhp, promote_snap_done_cb, &pd);
3176 	}
3177 
3178 	zfs_close(pzhp);
3179 	return (ret);
3180 }
3181 
3182 struct createdata {
3183 	const char *cd_snapname;
3184 	int cd_ifexists;
3185 };
3186 
3187 static int
3188 zfs_create_link_cb(zfs_handle_t *zhp, void *arg)
3189 {
3190 	struct createdata *cd = arg;
3191 	int ret;
3192 
3193 	if (zhp->zfs_type == ZFS_TYPE_VOLUME) {
3194 		char name[MAXPATHLEN];
3195 
3196 		(void) strlcpy(name, zhp->zfs_name, sizeof (name));
3197 		(void) strlcat(name, "@", sizeof (name));
3198 		(void) strlcat(name, cd->cd_snapname, sizeof (name));
3199 		(void) zvol_create_link_common(zhp->zfs_hdl, name,
3200 		    cd->cd_ifexists);
3201 		/*
3202 		 * NB: this is simply a best-effort.  We don't want to
3203 		 * return an error, because then we wouldn't visit all
3204 		 * the volumes.
3205 		 */
3206 	}
3207 
3208 	ret = zfs_iter_filesystems(zhp, zfs_create_link_cb, cd);
3209 
3210 	zfs_close(zhp);
3211 
3212 	return (ret);
3213 }
3214 
3215 /*
3216  * Takes a snapshot of the given dataset.
3217  */
3218 int
3219 zfs_snapshot(libzfs_handle_t *hdl, const char *path, boolean_t recursive)
3220 {
3221 	const char *delim;
3222 	char *parent;
3223 	zfs_handle_t *zhp;
3224 	zfs_cmd_t zc = { 0 };
3225 	int ret;
3226 	char errbuf[1024];
3227 
3228 	(void) snprintf(errbuf, sizeof (errbuf), dgettext(TEXT_DOMAIN,
3229 	    "cannot snapshot '%s'"), path);
3230 
3231 	/* validate the target name */
3232 	if (!zfs_validate_name(hdl, path, ZFS_TYPE_SNAPSHOT, B_TRUE))
3233 		return (zfs_error(hdl, EZFS_INVALIDNAME, errbuf));
3234 
3235 	/* make sure the parent exists and is of the appropriate type */
3236 	delim = strchr(path, '@');
3237 	if ((parent = zfs_alloc(hdl, delim - path + 1)) == NULL)
3238 		return (-1);
3239 	(void) strncpy(parent, path, delim - path);
3240 	parent[delim - path] = '\0';
3241 
3242 	if ((zhp = zfs_open(hdl, parent, ZFS_TYPE_FILESYSTEM |
3243 	    ZFS_TYPE_VOLUME)) == NULL) {
3244 		free(parent);
3245 		return (-1);
3246 	}
3247 
3248 	(void) strlcpy(zc.zc_name, zhp->zfs_name, sizeof (zc.zc_name));
3249 	(void) strlcpy(zc.zc_value, delim+1, sizeof (zc.zc_value));
3250 	if (ZFS_IS_VOLUME(zhp))
3251 		zc.zc_objset_type = DMU_OST_ZVOL;
3252 	else
3253 		zc.zc_objset_type = DMU_OST_ZFS;
3254 	zc.zc_cookie = recursive;
3255 	ret = zfs_ioctl(zhp->zfs_hdl, ZFS_IOC_SNAPSHOT, &zc);
3256 
3257 	/*
3258 	 * if it was recursive, the one that actually failed will be in
3259 	 * zc.zc_name.
3260 	 */
3261 	if (ret != 0)
3262 		(void) snprintf(errbuf, sizeof (errbuf), dgettext(TEXT_DOMAIN,
3263 		    "cannot create snapshot '%s@%s'"), zc.zc_name, zc.zc_value);
3264 
3265 	if (ret == 0 && recursive) {
3266 		struct createdata cd;
3267 
3268 		cd.cd_snapname = delim + 1;
3269 		cd.cd_ifexists = B_FALSE;
3270 		(void) zfs_iter_filesystems(zhp, zfs_create_link_cb, &cd);
3271 	}
3272 	if (ret == 0 && zhp->zfs_type == ZFS_TYPE_VOLUME) {
3273 		ret = zvol_create_link(zhp->zfs_hdl, path);
3274 		if (ret != 0) {
3275 			(void) zfs_standard_error(hdl, errno,
3276 			    dgettext(TEXT_DOMAIN,
3277 			    "Volume successfully snapshotted, but device links "
3278 			    "were not created"));
3279 			free(parent);
3280 			zfs_close(zhp);
3281 			return (-1);
3282 		}
3283 	}
3284 
3285 	if (ret != 0)
3286 		(void) zfs_standard_error(hdl, errno, errbuf);
3287 
3288 	free(parent);
3289 	zfs_close(zhp);
3290 
3291 	return (ret);
3292 }
3293 
3294 /*
3295  * Destroy any more recent snapshots.  We invoke this callback on any dependents
3296  * of the snapshot first.  If the 'cb_dependent' member is non-zero, then this
3297  * is a dependent and we should just destroy it without checking the transaction
3298  * group.
3299  */
3300 typedef struct rollback_data {
3301 	const char	*cb_target;		/* the snapshot */
3302 	uint64_t	cb_create;		/* creation time reference */
3303 	int		cb_error;
3304 	boolean_t	cb_dependent;
3305 } rollback_data_t;
3306 
3307 static int
3308 rollback_destroy(zfs_handle_t *zhp, void *data)
3309 {
3310 	rollback_data_t *cbp = data;
3311 
3312 	if (!cbp->cb_dependent) {
3313 		if (strcmp(zhp->zfs_name, cbp->cb_target) != 0 &&
3314 		    zfs_get_type(zhp) == ZFS_TYPE_SNAPSHOT &&
3315 		    zfs_prop_get_int(zhp, ZFS_PROP_CREATETXG) >
3316 		    cbp->cb_create) {
3317 			char *logstr;
3318 
3319 			cbp->cb_dependent = B_TRUE;
3320 			cbp->cb_error |= zfs_iter_dependents(zhp, B_FALSE,
3321 			    rollback_destroy, cbp);
3322 			cbp->cb_dependent = B_FALSE;
3323 
3324 			logstr = zhp->zfs_hdl->libzfs_log_str;
3325 			zhp->zfs_hdl->libzfs_log_str = NULL;
3326 			cbp->cb_error |= zfs_destroy(zhp);
3327 			zhp->zfs_hdl->libzfs_log_str = logstr;
3328 		}
3329 	} else {
3330 		cbp->cb_error |= zfs_destroy(zhp);
3331 	}
3332 
3333 	zfs_close(zhp);
3334 	return (0);
3335 }
3336 
3337 /*
3338  * Given a dataset, rollback to a specific snapshot, discarding any
3339  * data changes since then and making it the active dataset.
3340  *
3341  * Any snapshots more recent than the target are destroyed, along with
3342  * their dependents.
3343  */
3344 int
3345 zfs_rollback(zfs_handle_t *zhp, zfs_handle_t *snap)
3346 {
3347 	rollback_data_t cb = { 0 };
3348 	int err;
3349 	zfs_cmd_t zc = { 0 };
3350 
3351 	assert(zhp->zfs_type == ZFS_TYPE_FILESYSTEM ||
3352 	    zhp->zfs_type == ZFS_TYPE_VOLUME);
3353 
3354 	/*
3355 	 * Destroy all recent snapshots and its dependends.
3356 	 */
3357 	cb.cb_target = snap->zfs_name;
3358 	cb.cb_create = zfs_prop_get_int(snap, ZFS_PROP_CREATETXG);
3359 	(void) zfs_iter_children(zhp, rollback_destroy, &cb);
3360 
3361 	if (cb.cb_error != 0)
3362 		return (cb.cb_error);
3363 
3364 	/*
3365 	 * Now that we have verified that the snapshot is the latest,
3366 	 * rollback to the given snapshot.
3367 	 */
3368 
3369 	if (zhp->zfs_type == ZFS_TYPE_VOLUME &&
3370 	    zvol_remove_link(zhp->zfs_hdl, zhp->zfs_name) != 0)
3371 		return (-1);
3372 
3373 	(void) strlcpy(zc.zc_name, zhp->zfs_name, sizeof (zc.zc_name));
3374 
3375 	if (ZFS_IS_VOLUME(zhp))
3376 		zc.zc_objset_type = DMU_OST_ZVOL;
3377 	else
3378 		zc.zc_objset_type = DMU_OST_ZFS;
3379 
3380 	/*
3381 	 * We rely on zfs_iter_children() to verify that there are no
3382 	 * newer snapshots for the given dataset.  Therefore, we can
3383 	 * simply pass the name on to the ioctl() call.  There is still
3384 	 * an unlikely race condition where the user has taken a
3385 	 * snapshot since we verified that this was the most recent.
3386 	 */
3387 	if ((err = zfs_ioctl(zhp->zfs_hdl, ZFS_IOC_ROLLBACK, &zc)) != 0) {
3388 		(void) zfs_standard_error_fmt(zhp->zfs_hdl, errno,
3389 		    dgettext(TEXT_DOMAIN, "cannot rollback '%s'"),
3390 		    zhp->zfs_name);
3391 	} else if (zhp->zfs_type == ZFS_TYPE_VOLUME) {
3392 		err = zvol_create_link(zhp->zfs_hdl, zhp->zfs_name);
3393 	}
3394 
3395 	return (err);
3396 }
3397 
3398 /*
3399  * Iterate over all dependents for a given dataset.  This includes both
3400  * hierarchical dependents (children) and data dependents (snapshots and
3401  * clones).  The bulk of the processing occurs in get_dependents() in
3402  * libzfs_graph.c.
3403  */
3404 int
3405 zfs_iter_dependents(zfs_handle_t *zhp, boolean_t allowrecursion,
3406     zfs_iter_f func, void *data)
3407 {
3408 	char **dependents;
3409 	size_t count;
3410 	int i;
3411 	zfs_handle_t *child;
3412 	int ret = 0;
3413 
3414 	if (get_dependents(zhp->zfs_hdl, allowrecursion, zhp->zfs_name,
3415 	    &dependents, &count) != 0)
3416 		return (-1);
3417 
3418 	for (i = 0; i < count; i++) {
3419 		if ((child = make_dataset_handle(zhp->zfs_hdl,
3420 		    dependents[i])) == NULL)
3421 			continue;
3422 
3423 		if ((ret = func(child, data)) != 0)
3424 			break;
3425 	}
3426 
3427 	for (i = 0; i < count; i++)
3428 		free(dependents[i]);
3429 	free(dependents);
3430 
3431 	return (ret);
3432 }
3433 
3434 /*
3435  * Renames the given dataset.
3436  */
3437 int
3438 zfs_rename(zfs_handle_t *zhp, const char *target, boolean_t recursive)
3439 {
3440 	int ret;
3441 	zfs_cmd_t zc = { 0 };
3442 	char *delim;
3443 	prop_changelist_t *cl = NULL;
3444 	zfs_handle_t *zhrp = NULL;
3445 	char *parentname = NULL;
3446 	char parent[ZFS_MAXNAMELEN];
3447 	libzfs_handle_t *hdl = zhp->zfs_hdl;
3448 	char errbuf[1024];
3449 
3450 	/* if we have the same exact name, just return success */
3451 	if (strcmp(zhp->zfs_name, target) == 0)
3452 		return (0);
3453 
3454 	(void) snprintf(errbuf, sizeof (errbuf), dgettext(TEXT_DOMAIN,
3455 	    "cannot rename to '%s'"), target);
3456 
3457 	/*
3458 	 * Make sure the target name is valid
3459 	 */
3460 	if (zhp->zfs_type == ZFS_TYPE_SNAPSHOT) {
3461 		if ((strchr(target, '@') == NULL) ||
3462 		    *target == '@') {
3463 			/*
3464 			 * Snapshot target name is abbreviated,
3465 			 * reconstruct full dataset name
3466 			 */
3467 			(void) strlcpy(parent, zhp->zfs_name,
3468 			    sizeof (parent));
3469 			delim = strchr(parent, '@');
3470 			if (strchr(target, '@') == NULL)
3471 				*(++delim) = '\0';
3472 			else
3473 				*delim = '\0';
3474 			(void) strlcat(parent, target, sizeof (parent));
3475 			target = parent;
3476 		} else {
3477 			/*
3478 			 * Make sure we're renaming within the same dataset.
3479 			 */
3480 			delim = strchr(target, '@');
3481 			if (strncmp(zhp->zfs_name, target, delim - target)
3482 			    != 0 || zhp->zfs_name[delim - target] != '@') {
3483 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
3484 				    "snapshots must be part of same "
3485 				    "dataset"));
3486 				return (zfs_error(hdl, EZFS_CROSSTARGET,
3487 				    errbuf));
3488 			}
3489 		}
3490 		if (!zfs_validate_name(hdl, target, zhp->zfs_type, B_TRUE))
3491 			return (zfs_error(hdl, EZFS_INVALIDNAME, errbuf));
3492 	} else {
3493 		if (recursive) {
3494 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
3495 			    "recursive rename must be a snapshot"));
3496 			return (zfs_error(hdl, EZFS_BADTYPE, errbuf));
3497 		}
3498 
3499 		if (!zfs_validate_name(hdl, target, zhp->zfs_type, B_TRUE))
3500 			return (zfs_error(hdl, EZFS_INVALIDNAME, errbuf));
3501 		uint64_t unused;
3502 
3503 		/* validate parents */
3504 		if (check_parents(hdl, target, &unused, B_FALSE, NULL) != 0)
3505 			return (-1);
3506 
3507 		(void) parent_name(target, parent, sizeof (parent));
3508 
3509 		/* make sure we're in the same pool */
3510 		verify((delim = strchr(target, '/')) != NULL);
3511 		if (strncmp(zhp->zfs_name, target, delim - target) != 0 ||
3512 		    zhp->zfs_name[delim - target] != '/') {
3513 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
3514 			    "datasets must be within same pool"));
3515 			return (zfs_error(hdl, EZFS_CROSSTARGET, errbuf));
3516 		}
3517 
3518 		/* new name cannot be a child of the current dataset name */
3519 		if (strncmp(parent, zhp->zfs_name,
3520 		    strlen(zhp->zfs_name)) == 0) {
3521 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
3522 			    "New dataset name cannot be a descendent of "
3523 			    "current dataset name"));
3524 			return (zfs_error(hdl, EZFS_INVALIDNAME, errbuf));
3525 		}
3526 	}
3527 
3528 	(void) snprintf(errbuf, sizeof (errbuf),
3529 	    dgettext(TEXT_DOMAIN, "cannot rename '%s'"), zhp->zfs_name);
3530 
3531 	if (getzoneid() == GLOBAL_ZONEID &&
3532 	    zfs_prop_get_int(zhp, ZFS_PROP_ZONED)) {
3533 		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
3534 		    "dataset is used in a non-global zone"));
3535 		return (zfs_error(hdl, EZFS_ZONED, errbuf));
3536 	}
3537 
3538 	if (recursive) {
3539 		struct destroydata dd;
3540 
3541 		parentname = zfs_strdup(zhp->zfs_hdl, zhp->zfs_name);
3542 		if (parentname == NULL) {
3543 			ret = -1;
3544 			goto error;
3545 		}
3546 		delim = strchr(parentname, '@');
3547 		*delim = '\0';
3548 		zhrp = zfs_open(zhp->zfs_hdl, parentname, ZFS_TYPE_DATASET);
3549 		if (zhrp == NULL) {
3550 			ret = -1;
3551 			goto error;
3552 		}
3553 
3554 		dd.snapname = delim + 1;
3555 		dd.gotone = B_FALSE;
3556 		dd.closezhp = B_TRUE;
3557 
3558 		/* We remove any zvol links prior to renaming them */
3559 		ret = zfs_iter_filesystems(zhrp, zfs_remove_link_cb, &dd);
3560 		if (ret) {
3561 			goto error;
3562 		}
3563 	} else {
3564 		if ((cl = changelist_gather(zhp, ZFS_PROP_NAME, 0)) == NULL)
3565 			return (-1);
3566 
3567 		if (changelist_haszonedchild(cl)) {
3568 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
3569 			    "child dataset with inherited mountpoint is used "
3570 			    "in a non-global zone"));
3571 			(void) zfs_error(hdl, EZFS_ZONED, errbuf);
3572 			goto error;
3573 		}
3574 
3575 		if ((ret = changelist_prefix(cl)) != 0)
3576 			goto error;
3577 	}
3578 
3579 	if (ZFS_IS_VOLUME(zhp))
3580 		zc.zc_objset_type = DMU_OST_ZVOL;
3581 	else
3582 		zc.zc_objset_type = DMU_OST_ZFS;
3583 
3584 	(void) strlcpy(zc.zc_name, zhp->zfs_name, sizeof (zc.zc_name));
3585 	(void) strlcpy(zc.zc_value, target, sizeof (zc.zc_value));
3586 
3587 	zc.zc_cookie = recursive;
3588 
3589 	if ((ret = zfs_ioctl(zhp->zfs_hdl, ZFS_IOC_RENAME, &zc)) != 0) {
3590 		/*
3591 		 * if it was recursive, the one that actually failed will
3592 		 * be in zc.zc_name
3593 		 */
3594 		(void) snprintf(errbuf, sizeof (errbuf), dgettext(TEXT_DOMAIN,
3595 		    "cannot rename '%s'"), zc.zc_name);
3596 
3597 		if (recursive && errno == EEXIST) {
3598 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
3599 			    "a child dataset already has a snapshot "
3600 			    "with the new name"));
3601 			(void) zfs_error(hdl, EZFS_EXISTS, errbuf);
3602 		} else {
3603 			(void) zfs_standard_error(zhp->zfs_hdl, errno, errbuf);
3604 		}
3605 
3606 		/*
3607 		 * On failure, we still want to remount any filesystems that
3608 		 * were previously mounted, so we don't alter the system state.
3609 		 */
3610 		if (recursive) {
3611 			struct createdata cd;
3612 
3613 			/* only create links for datasets that had existed */
3614 			cd.cd_snapname = delim + 1;
3615 			cd.cd_ifexists = B_TRUE;
3616 			(void) zfs_iter_filesystems(zhrp, zfs_create_link_cb,
3617 			    &cd);
3618 		} else {
3619 			(void) changelist_postfix(cl);
3620 		}
3621 	} else {
3622 		if (recursive) {
3623 			struct createdata cd;
3624 
3625 			/* only create links for datasets that had existed */
3626 			cd.cd_snapname = strchr(target, '@') + 1;
3627 			cd.cd_ifexists = B_TRUE;
3628 			ret = zfs_iter_filesystems(zhrp, zfs_create_link_cb,
3629 			    &cd);
3630 		} else {
3631 			changelist_rename(cl, zfs_get_name(zhp), target);
3632 			ret = changelist_postfix(cl);
3633 		}
3634 	}
3635 
3636 error:
3637 	if (parentname) {
3638 		free(parentname);
3639 	}
3640 	if (zhrp) {
3641 		zfs_close(zhrp);
3642 	}
3643 	if (cl) {
3644 		changelist_free(cl);
3645 	}
3646 	return (ret);
3647 }
3648 
3649 /*
3650  * Given a zvol dataset, issue the ioctl to create the appropriate minor node,
3651  * poke devfsadm to create the /dev link, and then wait for the link to appear.
3652  */
3653 int
3654 zvol_create_link(libzfs_handle_t *hdl, const char *dataset)
3655 {
3656 	return (zvol_create_link_common(hdl, dataset, B_FALSE));
3657 }
3658 
3659 static int
3660 zvol_create_link_common(libzfs_handle_t *hdl, const char *dataset, int ifexists)
3661 {
3662 	zfs_cmd_t zc = { 0 };
3663 	di_devlink_handle_t dhdl;
3664 	priv_set_t *priv_effective;
3665 	int privileged;
3666 
3667 	(void) strlcpy(zc.zc_name, dataset, sizeof (zc.zc_name));
3668 
3669 	/*
3670 	 * Issue the appropriate ioctl.
3671 	 */
3672 	if (ioctl(hdl->libzfs_fd, ZFS_IOC_CREATE_MINOR, &zc) != 0) {
3673 		switch (errno) {
3674 		case EEXIST:
3675 			/*
3676 			 * Silently ignore the case where the link already
3677 			 * exists.  This allows 'zfs volinit' to be run multiple
3678 			 * times without errors.
3679 			 */
3680 			return (0);
3681 
3682 		case ENOENT:
3683 			/*
3684 			 * Dataset does not exist in the kernel.  If we
3685 			 * don't care (see zfs_rename), then ignore the
3686 			 * error quietly.
3687 			 */
3688 			if (ifexists) {
3689 				return (0);
3690 			}
3691 
3692 			/* FALLTHROUGH */
3693 
3694 		default:
3695 			return (zfs_standard_error_fmt(hdl, errno,
3696 			    dgettext(TEXT_DOMAIN, "cannot create device links "
3697 			    "for '%s'"), dataset));
3698 		}
3699 	}
3700 
3701 	/*
3702 	 * If privileged call devfsadm and wait for the links to
3703 	 * magically appear.
3704 	 * Otherwise, print out an informational message.
3705 	 */
3706 
3707 	priv_effective = priv_allocset();
3708 	(void) getppriv(PRIV_EFFECTIVE, priv_effective);
3709 	privileged = (priv_isfullset(priv_effective) == B_TRUE);
3710 	priv_freeset(priv_effective);
3711 
3712 	if (privileged) {
3713 		if ((dhdl = di_devlink_init(ZFS_DRIVER,
3714 		    DI_MAKE_LINK)) == NULL) {
3715 			zfs_error_aux(hdl, strerror(errno));
3716 			(void) zfs_standard_error_fmt(hdl, EZFS_DEVLINKS,
3717 			    dgettext(TEXT_DOMAIN, "cannot create device links "
3718 			    "for '%s'"), dataset);
3719 			(void) ioctl(hdl->libzfs_fd, ZFS_IOC_REMOVE_MINOR, &zc);
3720 			return (-1);
3721 		} else {
3722 			(void) di_devlink_fini(&dhdl);
3723 		}
3724 	} else {
3725 		char pathname[MAXPATHLEN];
3726 		struct stat64 statbuf;
3727 		int i;
3728 
3729 #define	MAX_WAIT	10
3730 
3731 		/*
3732 		 * This is the poor mans way of waiting for the link
3733 		 * to show up.  If after 10 seconds we still don't
3734 		 * have it, then print out a message.
3735 		 */
3736 		(void) snprintf(pathname, sizeof (pathname), "/dev/zvol/dsk/%s",
3737 		    dataset);
3738 
3739 		for (i = 0; i != MAX_WAIT; i++) {
3740 			if (stat64(pathname, &statbuf) == 0)
3741 				break;
3742 			(void) sleep(1);
3743 		}
3744 		if (i == MAX_WAIT)
3745 			(void) printf(gettext("%s may not be immediately "
3746 			    "available\n"), pathname);
3747 	}
3748 
3749 	return (0);
3750 }
3751 
3752 /*
3753  * Remove a minor node for the given zvol and the associated /dev links.
3754  */
3755 int
3756 zvol_remove_link(libzfs_handle_t *hdl, const char *dataset)
3757 {
3758 	zfs_cmd_t zc = { 0 };
3759 
3760 	(void) strlcpy(zc.zc_name, dataset, sizeof (zc.zc_name));
3761 
3762 	if (ioctl(hdl->libzfs_fd, ZFS_IOC_REMOVE_MINOR, &zc) != 0) {
3763 		switch (errno) {
3764 		case ENXIO:
3765 			/*
3766 			 * Silently ignore the case where the link no longer
3767 			 * exists, so that 'zfs volfini' can be run multiple
3768 			 * times without errors.
3769 			 */
3770 			return (0);
3771 
3772 		default:
3773 			return (zfs_standard_error_fmt(hdl, errno,
3774 			    dgettext(TEXT_DOMAIN, "cannot remove device "
3775 			    "links for '%s'"), dataset));
3776 		}
3777 	}
3778 
3779 	return (0);
3780 }
3781 
3782 nvlist_t *
3783 zfs_get_user_props(zfs_handle_t *zhp)
3784 {
3785 	return (zhp->zfs_user_props);
3786 }
3787 
3788 /*
3789  * This function is used by 'zfs list' to determine the exact set of columns to
3790  * display, and their maximum widths.  This does two main things:
3791  *
3792  *      - If this is a list of all properties, then expand the list to include
3793  *        all native properties, and set a flag so that for each dataset we look
3794  *        for new unique user properties and add them to the list.
3795  *
3796  *      - For non fixed-width properties, keep track of the maximum width seen
3797  *        so that we can size the column appropriately.
3798  */
3799 int
3800 zfs_expand_proplist(zfs_handle_t *zhp, zprop_list_t **plp)
3801 {
3802 	libzfs_handle_t *hdl = zhp->zfs_hdl;
3803 	zprop_list_t *entry;
3804 	zprop_list_t **last, **start;
3805 	nvlist_t *userprops, *propval;
3806 	nvpair_t *elem;
3807 	char *strval;
3808 	char buf[ZFS_MAXPROPLEN];
3809 
3810 	if (zprop_expand_list(hdl, plp, ZFS_TYPE_DATASET) != 0)
3811 		return (-1);
3812 
3813 	userprops = zfs_get_user_props(zhp);
3814 
3815 	entry = *plp;
3816 	if (entry->pl_all && nvlist_next_nvpair(userprops, NULL) != NULL) {
3817 		/*
3818 		 * Go through and add any user properties as necessary.  We
3819 		 * start by incrementing our list pointer to the first
3820 		 * non-native property.
3821 		 */
3822 		start = plp;
3823 		while (*start != NULL) {
3824 			if ((*start)->pl_prop == ZPROP_INVAL)
3825 				break;
3826 			start = &(*start)->pl_next;
3827 		}
3828 
3829 		elem = NULL;
3830 		while ((elem = nvlist_next_nvpair(userprops, elem)) != NULL) {
3831 			/*
3832 			 * See if we've already found this property in our list.
3833 			 */
3834 			for (last = start; *last != NULL;
3835 			    last = &(*last)->pl_next) {
3836 				if (strcmp((*last)->pl_user_prop,
3837 				    nvpair_name(elem)) == 0)
3838 					break;
3839 			}
3840 
3841 			if (*last == NULL) {
3842 				if ((entry = zfs_alloc(hdl,
3843 				    sizeof (zprop_list_t))) == NULL ||
3844 				    ((entry->pl_user_prop = zfs_strdup(hdl,
3845 				    nvpair_name(elem)))) == NULL) {
3846 					free(entry);
3847 					return (-1);
3848 				}
3849 
3850 				entry->pl_prop = ZPROP_INVAL;
3851 				entry->pl_width = strlen(nvpair_name(elem));
3852 				entry->pl_all = B_TRUE;
3853 				*last = entry;
3854 			}
3855 		}
3856 	}
3857 
3858 	/*
3859 	 * Now go through and check the width of any non-fixed columns
3860 	 */
3861 	for (entry = *plp; entry != NULL; entry = entry->pl_next) {
3862 		if (entry->pl_fixed)
3863 			continue;
3864 
3865 		if (entry->pl_prop != ZPROP_INVAL) {
3866 			if (zfs_prop_get(zhp, entry->pl_prop,
3867 			    buf, sizeof (buf), NULL, NULL, 0, B_FALSE) == 0) {
3868 				if (strlen(buf) > entry->pl_width)
3869 					entry->pl_width = strlen(buf);
3870 			}
3871 		} else if (nvlist_lookup_nvlist(userprops,
3872 		    entry->pl_user_prop, &propval)  == 0) {
3873 			verify(nvlist_lookup_string(propval,
3874 			    ZPROP_VALUE, &strval) == 0);
3875 			if (strlen(strval) > entry->pl_width)
3876 				entry->pl_width = strlen(strval);
3877 		}
3878 	}
3879 
3880 	return (0);
3881 }
3882 
3883 int
3884 zfs_iscsi_perm_check(libzfs_handle_t *hdl, char *dataset, ucred_t *cred)
3885 {
3886 	zfs_cmd_t zc = { 0 };
3887 	nvlist_t *nvp;
3888 	gid_t gid;
3889 	uid_t uid;
3890 	const gid_t *groups;
3891 	int group_cnt;
3892 	int error;
3893 
3894 	if (nvlist_alloc(&nvp, NV_UNIQUE_NAME, 0) != 0)
3895 		return (no_memory(hdl));
3896 
3897 	uid = ucred_geteuid(cred);
3898 	gid = ucred_getegid(cred);
3899 	group_cnt = ucred_getgroups(cred, &groups);
3900 
3901 	if (uid == (uid_t)-1 || gid == (uid_t)-1 || group_cnt == (uid_t)-1)
3902 		return (1);
3903 
3904 	if (nvlist_add_uint32(nvp, ZFS_DELEG_PERM_UID, uid) != 0) {
3905 		nvlist_free(nvp);
3906 		return (1);
3907 	}
3908 
3909 	if (nvlist_add_uint32(nvp, ZFS_DELEG_PERM_GID, gid) != 0) {
3910 		nvlist_free(nvp);
3911 		return (1);
3912 	}
3913 
3914 	if (nvlist_add_uint32_array(nvp,
3915 	    ZFS_DELEG_PERM_GROUPS, (uint32_t *)groups, group_cnt) != 0) {
3916 		nvlist_free(nvp);
3917 		return (1);
3918 	}
3919 	(void) strlcpy(zc.zc_name, dataset, sizeof (zc.zc_name));
3920 
3921 	if (zcmd_write_src_nvlist(hdl, &zc, nvp))
3922 		return (-1);
3923 
3924 	error = ioctl(hdl->libzfs_fd, ZFS_IOC_ISCSI_PERM_CHECK, &zc);
3925 	nvlist_free(nvp);
3926 	return (error);
3927 }
3928 
3929 int
3930 zfs_deleg_share_nfs(libzfs_handle_t *hdl, char *dataset, char *path,
3931     void *export, void *sharetab, int sharemax, zfs_share_op_t operation)
3932 {
3933 	zfs_cmd_t zc = { 0 };
3934 	int error;
3935 
3936 	(void) strlcpy(zc.zc_name, dataset, sizeof (zc.zc_name));
3937 	(void) strlcpy(zc.zc_value, path, sizeof (zc.zc_value));
3938 	zc.zc_share.z_sharedata = (uint64_t)(uintptr_t)sharetab;
3939 	zc.zc_share.z_exportdata = (uint64_t)(uintptr_t)export;
3940 	zc.zc_share.z_sharetype = operation;
3941 	zc.zc_share.z_sharemax = sharemax;
3942 
3943 	error = ioctl(hdl->libzfs_fd, ZFS_IOC_SHARE, &zc);
3944 	return (error);
3945 }
3946