dfs.cmds/sharemgr/commands.c

6185db85Sdougm/*
6185db85Sdougm * CDDL HEADER START
6185db85Sdougm *
6185db85Sdougm * The contents of this file are subject to the terms of the
6185db85Sdougm * Common Development and Distribution License (the "License").
6185db85Sdougm * You may not use this file except in compliance with the License.
6185db85Sdougm *
6185db85Sdougm * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
6185db85Sdougm * or http://www.opensolaris.org/os/licensing.
6185db85Sdougm * See the License for the specific language governing permissions
6185db85Sdougm * and limitations under the License.
6185db85Sdougm *
6185db85Sdougm * When distributing Covered Code, include this CDDL HEADER in each
6185db85Sdougm * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
6185db85Sdougm * If applicable, add the following below this CDDL HEADER, with the
6185db85Sdougm * fields enclosed by brackets "[]" replaced with your own identifying
6185db85Sdougm * information: Portions Copyright [yyyy] [name of copyright owner]
6185db85Sdougm *
6185db85Sdougm * CDDL HEADER END
6185db85Sdougm */
6185db85Sdougm
6185db85Sdougm/*
dc20a302Sas200622 * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
6185db85Sdougm * Use is subject to license terms.
6185db85Sdougm */
6185db85Sdougm
6185db85Sdougm#pragma ident	"%Z%%M%	%I%	%E% SMI"
6185db85Sdougm
6185db85Sdougm#include <sys/types.h>
6185db85Sdougm#include <sys/stat.h>
6185db85Sdougm#include <fcntl.h>
6185db85Sdougm#include <stdlib.h>
6185db85Sdougm#include <stdio.h>
6185db85Sdougm#include <string.h>
6185db85Sdougm#include <ctype.h>
6185db85Sdougm#include <unistd.h>
6185db85Sdougm#include <getopt.h>
6185db85Sdougm#include <utmpx.h>
6185db85Sdougm#include <pwd.h>
6185db85Sdougm#include <auth_attr.h>
6185db85Sdougm#include <secdb.h>
6185db85Sdougm#include <sys/param.h>
6185db85Sdougm#include <sys/stat.h>
6185db85Sdougm#include <errno.h>
6185db85Sdougm
6185db85Sdougm#include <libshare.h>
6185db85Sdougm#include "sharemgr.h"
6185db85Sdougm#include <libscf.h>
6185db85Sdougm#include <libxml/tree.h>
6185db85Sdougm#include <libintl.h>
da6c28aaSamw#include <assert.h>
da6c28aaSamw#include <iconv.h>
da6c28aaSamw#include <langinfo.h>
da6c28aaSamw#include <dirent.h>
6185db85Sdougm
6185db85Sdougmstatic char *sa_get_usage(sa_usage_t);
6185db85Sdougm
6185db85Sdougm/*
6185db85Sdougm * Implementation of the common sub-commands supported by sharemgr.
6185db85Sdougm * A number of helper functions are also included.
6185db85Sdougm */
6185db85Sdougm
6185db85Sdougm/*
6185db85Sdougm * has_protocol(group, proto)
6185db85Sdougm *	If the group has an optionset with the specified protocol,
6185db85Sdougm *	return true (1) otherwise false (0).
6185db85Sdougm */
6185db85Sdougmstatic int
6185db85Sdougmhas_protocol(sa_group_t group, char *protocol)
6185db85Sdougm{
6185db85Sdougm	sa_optionset_t optionset;
6185db85Sdougm	int result = 0;
6185db85Sdougm
6185db85Sdougm	optionset = sa_get_optionset(group, protocol);
6185db85Sdougm	if (optionset != NULL) {
6185db85Sdougm		result++;
6185db85Sdougm	}
6185db85Sdougm	return (result);
6185db85Sdougm}
6185db85Sdougm
6185db85Sdougm/*
da6c28aaSamw * validresource(name)
da6c28aaSamw *
da6c28aaSamw * Check that name only has valid characters in it. The current valid
da6c28aaSamw * set are the printable characters but not including:
da6c28aaSamw *	" / \ [ ] : | < > + ; , ? * = \t
da6c28aaSamw * Note that space is included and there is a maximum length.
da6c28aaSamw */
da6c28aaSamwstatic int
da6c28aaSamwvalidresource(const char *name)
da6c28aaSamw{
da6c28aaSamw	const char *cp;
da6c28aaSamw	size_t len;
da6c28aaSamw
da6c28aaSamw	if (name == NULL)
da6c28aaSamw		return (B_FALSE);
da6c28aaSamw
da6c28aaSamw	len = strlen(name);
da6c28aaSamw	if (len == 0 || len > SA_MAX_RESOURCE_NAME)
da6c28aaSamw		return (B_FALSE);
da6c28aaSamw
da6c28aaSamw	if (strpbrk(name, "\"/\\[]:|<>+;,?*=\t") != NULL) {
da6c28aaSamw		return (B_FALSE);
da6c28aaSamw	}
da6c28aaSamw
da6c28aaSamw	for (cp = name; *cp != '\0'; cp++)
da6c28aaSamw		if (iscntrl(*cp))
da6c28aaSamw			return (B_FALSE);
da6c28aaSamw
da6c28aaSamw	return (B_TRUE);
da6c28aaSamw}
da6c28aaSamw
da6c28aaSamw/*
da6c28aaSamw * conv_to_utf8(input)
da6c28aaSamw *
da6c28aaSamw * Convert the input string to utf8 from the current locale.  If the
da6c28aaSamw * conversion fails, use the current locale, it is likely close
da6c28aaSamw * enough. For example, the "C" locale is a subset of utf-8. The
da6c28aaSamw * return value may be a new string or the original input string.
da6c28aaSamw */
da6c28aaSamw
da6c28aaSamwstatic char *
da6c28aaSamwconv_to_utf8(char *input)
da6c28aaSamw{
da6c28aaSamw	iconv_t cd;
55bf511dSas200622	char *inval = input;
da6c28aaSamw	char *output = input;
da6c28aaSamw	char *outleft;
da6c28aaSamw	char *curlocale;
da6c28aaSamw	size_t bytesleft;
da6c28aaSamw	size_t size;
da6c28aaSamw	size_t osize;
da6c28aaSamw	static int warned = 0;
da6c28aaSamw
da6c28aaSamw	curlocale = nl_langinfo(CODESET);
da6c28aaSamw	if (curlocale == NULL)
da6c28aaSamw		curlocale = "C";
da6c28aaSamw	cd = iconv_open("UTF-8", curlocale);
da6c28aaSamw	if (cd != NULL && cd != (iconv_t)-1) {
da6c28aaSamw		size = strlen(input);
da6c28aaSamw		/* Assume worst case of characters expanding to 4 bytes. */
da6c28aaSamw		bytesleft = size * 4;
da6c28aaSamw		output = calloc(bytesleft, 1);
da6c28aaSamw		if (output != NULL) {
da6c28aaSamw			outleft = output;
55bf511dSas200622			/* inval can be modified on return */
55bf511dSas200622			osize = iconv(cd, (const char **)&inval, &size,
da6c28aaSamw			    &outleft, &bytesleft);
da6c28aaSamw			if (osize == (size_t)-1 || size != 0) {
da6c28aaSamw				free(output);
da6c28aaSamw				output = input;
da6c28aaSamw			}
55bf511dSas200622		} else {
55bf511dSas200622			/* Need to return something. */
55bf511dSas200622			output = input;
da6c28aaSamw		}
da6c28aaSamw		(void) iconv_close(cd);
da6c28aaSamw	} else {
da6c28aaSamw		if (!warned)
da6c28aaSamw			(void) fprintf(stderr,
da6c28aaSamw			    gettext("Cannot convert to UTF-8 from %s\n"),
da6c28aaSamw			    curlocale ? curlocale : gettext("unknown"));
da6c28aaSamw		warned = 1;
da6c28aaSamw	}
da6c28aaSamw	return (output);
da6c28aaSamw}
da6c28aaSamw
da6c28aaSamw/*
da6c28aaSamw * conv_from(input)
da6c28aaSamw *
da6c28aaSamw * Convert the input string from utf8 to current locale.  If the
da6c28aaSamw * conversion isn't supported, just use as is. The return value may be
da6c28aaSamw * a new string or the original input string.
da6c28aaSamw */
da6c28aaSamw
da6c28aaSamwstatic char *
da6c28aaSamwconv_from_utf8(char *input)
da6c28aaSamw{
da6c28aaSamw	iconv_t cd;
da6c28aaSamw	char *output = input;
55bf511dSas200622	char *inval = input;
da6c28aaSamw	char *outleft;
da6c28aaSamw	char *curlocale;
da6c28aaSamw	size_t bytesleft;
da6c28aaSamw	size_t size;
da6c28aaSamw	size_t osize;
da6c28aaSamw	static int warned = 0;
da6c28aaSamw
da6c28aaSamw	curlocale = nl_langinfo(CODESET);
da6c28aaSamw	if (curlocale == NULL)
da6c28aaSamw		curlocale = "C";
da6c28aaSamw	cd = iconv_open(curlocale, "UTF-8");
da6c28aaSamw	if (cd != NULL && cd != (iconv_t)-1) {
da6c28aaSamw		size = strlen(input);
da6c28aaSamw		/* Assume worst case of characters expanding to 4 bytes. */
da6c28aaSamw		bytesleft = size * 4;
da6c28aaSamw		output = calloc(bytesleft, 1);
da6c28aaSamw		if (output != NULL) {
da6c28aaSamw			outleft = output;
55bf511dSas200622			osize = iconv(cd, (const char **)&inval, &size,
da6c28aaSamw			    &outleft, &bytesleft);
55bf511dSas200622			if (osize == (size_t)-1 || size != 0)
da6c28aaSamw				output = input;
55bf511dSas200622		} else {
55bf511dSas200622			/* Need to return something. */
55bf511dSas200622			output = input;
da6c28aaSamw		}
da6c28aaSamw		(void) iconv_close(cd);
da6c28aaSamw	} else {
da6c28aaSamw		if (!warned)
da6c28aaSamw			(void) fprintf(stderr,
da6c28aaSamw			    gettext("Cannot convert to %s from UTF-8\n"),
da6c28aaSamw			    curlocale ? curlocale : gettext("unknown"));
da6c28aaSamw		warned = 1;
da6c28aaSamw	}
da6c28aaSamw	return (output);
da6c28aaSamw}
da6c28aaSamw
573b0c00Sdougm/*
573b0c00Sdougm * print_rsrc_desc(resource, sharedesc)
573b0c00Sdougm *
573b0c00Sdougm * Print the resource description string after converting from UTF8 to
573b0c00Sdougm * the current locale. If sharedesc is not NULL and there is no
573b0c00Sdougm * description on the resource, use sharedesc. sharedesc will already
573b0c00Sdougm * be converted to UTF8.
573b0c00Sdougm */
573b0c00Sdougm
da6c28aaSamwstatic void
573b0c00Sdougmprint_rsrc_desc(sa_resource_t resource, char *sharedesc)
da6c28aaSamw{
da6c28aaSamw	char *description;
da6c28aaSamw	char *desc;
da6c28aaSamw
573b0c00Sdougm	if (resource == NULL)
573b0c00Sdougm		return;
573b0c00Sdougm
da6c28aaSamw	description = sa_get_resource_description(resource);
da6c28aaSamw	if (description != NULL) {
da6c28aaSamw		desc = conv_from_utf8(description);
da6c28aaSamw		if (desc != description) {
da6c28aaSamw			sa_free_share_description(description);
da6c28aaSamw			description = desc;
da6c28aaSamw		}
573b0c00Sdougm	} else if (sharedesc != NULL) {
573b0c00Sdougm		description = strdup(sharedesc);
573b0c00Sdougm	}
573b0c00Sdougm	if (description != NULL) {
da6c28aaSamw		(void) printf("\t\"%s\"", description);
da6c28aaSamw		sa_free_share_description(description);
da6c28aaSamw	}
da6c28aaSamw}
da6c28aaSamw
573b0c00Sdougm/*
573b0c00Sdougm * set_resource_desc(share, description)
573b0c00Sdougm *
573b0c00Sdougm * Set the share description value after converting the description
573b0c00Sdougm * string to UTF8 from the current locale.
573b0c00Sdougm */
573b0c00Sdougm
573b0c00Sdougmstatic int
573b0c00Sdougmset_resource_desc(sa_share_t share, char *description)
573b0c00Sdougm{
573b0c00Sdougm	char *desc;
573b0c00Sdougm	int ret;
573b0c00Sdougm
573b0c00Sdougm	desc = conv_to_utf8(description);
573b0c00Sdougm	ret = sa_set_resource_description(share, desc);
573b0c00Sdougm	if (description != desc)
573b0c00Sdougm		sa_free_share_description(desc);
573b0c00Sdougm	return (ret);
573b0c00Sdougm}
573b0c00Sdougm
573b0c00Sdougm/*
573b0c00Sdougm * set_share_desc(share, description)
573b0c00Sdougm *
573b0c00Sdougm * Set the resource description value after converting the description
573b0c00Sdougm * string to UTF8 from the current locale.
573b0c00Sdougm */
573b0c00Sdougm
da6c28aaSamwstatic int
da6c28aaSamwset_share_desc(sa_share_t share, char *description)
da6c28aaSamw{
da6c28aaSamw	char *desc;
da6c28aaSamw	int ret;
da6c28aaSamw
da6c28aaSamw	desc = conv_to_utf8(description);
da6c28aaSamw	ret = sa_set_share_description(share, desc);
da6c28aaSamw	if (description != desc)
da6c28aaSamw		sa_free_share_description(desc);
da6c28aaSamw	return (ret);
da6c28aaSamw}
da6c28aaSamw
da6c28aaSamw/*
da6c28aaSamw * add_list(list, item, data, proto)
da6c28aaSamw *	Adds a new list member that points holds item in the list.
6185db85Sdougm *	If list is NULL, it starts a new list.  The function returns
6185db85Sdougm *	the first member of the list.
6185db85Sdougm */
6185db85Sdougmstruct list *
da6c28aaSamwadd_list(struct list *listp, void *item, void *data, char *proto)
6185db85Sdougm{
6185db85Sdougm	struct list *new, *tmp;
6185db85Sdougm
6185db85Sdougm	new = malloc(sizeof (struct list));
6185db85Sdougm	if (new != NULL) {
6185db85Sdougm		new->next = NULL;
6185db85Sdougm		new->item = item;
6185db85Sdougm		new->itemdata = data;
da6c28aaSamw		new->proto = proto;
6185db85Sdougm	} else {
6185db85Sdougm		return (listp);
6185db85Sdougm	}
6185db85Sdougm
6185db85Sdougm	if (listp == NULL)
6185db85Sdougm		return (new);
6185db85Sdougm
6185db85Sdougm	for (tmp = listp; tmp->next != NULL; tmp = tmp->next) {
6185db85Sdougm		/* get to end of list */
6185db85Sdougm	}
6185db85Sdougm	tmp->next = new;
6185db85Sdougm	return (listp);
6185db85Sdougm}
6185db85Sdougm
6185db85Sdougm/*
6185db85Sdougm * free_list(list)
6185db85Sdougm *	Given a list, free all the members of the list;
6185db85Sdougm */
6185db85Sdougmstatic void
6185db85Sdougmfree_list(struct list *listp)
6185db85Sdougm{
6185db85Sdougm	struct list *tmp;
6185db85Sdougm	while (listp != NULL) {
6185db85Sdougm		tmp = listp;
6185db85Sdougm		listp = listp->next;
6185db85Sdougm		free(tmp);
6185db85Sdougm	}
6185db85Sdougm}
6185db85Sdougm
6185db85Sdougm/*
6185db85Sdougm * check_authorization(instname, which)
6185db85Sdougm *
6185db85Sdougm * Checks to see if the specific type of authorization in which is
6185db85Sdougm * enabled for the user in this SMF service instance.
6185db85Sdougm */
6185db85Sdougm
6185db85Sdougmstatic int
6185db85Sdougmcheck_authorization(char *instname, int which)
6185db85Sdougm{
6185db85Sdougm	scf_handle_t *handle = NULL;
6185db85Sdougm	scf_simple_prop_t *prop = NULL;
6185db85Sdougm	char svcstring[SA_MAX_NAME_LEN + sizeof (SA_SVC_FMRI_BASE) + 1];
6185db85Sdougm	char *authstr = NULL;
6185db85Sdougm	ssize_t numauths;
25a68471Sdougm	int ret = B_TRUE;
6185db85Sdougm	uid_t uid;
6185db85Sdougm	struct passwd *pw = NULL;
6185db85Sdougm
6185db85Sdougm	uid = getuid();
6185db85Sdougm	pw = getpwuid(uid);
25a68471Sdougm	if (pw == NULL) {
25a68471Sdougm		ret = B_FALSE;
25a68471Sdougm	} else {
25a68471Sdougm		/*
25a68471Sdougm		 * Since names are restricted to SA_MAX_NAME_LEN won't
25a68471Sdougm		 * overflow.
25a68471Sdougm		 */
25a68471Sdougm		(void) snprintf(svcstring, sizeof (svcstring), "%s:%s",
25a68471Sdougm		    SA_SVC_FMRI_BASE, instname);
6185db85Sdougm		handle = scf_handle_create(SCF_VERSION);
6185db85Sdougm		if (handle != NULL) {
6185db85Sdougm			if (scf_handle_bind(handle) == 0) {
6185db85Sdougm				switch (which) {
6185db85Sdougm				case SVC_SET:
25a68471Sdougm					prop = scf_simple_prop_get(handle,
25a68471Sdougm					    svcstring, "general",
6185db85Sdougm					    SVC_AUTH_VALUE);
6185db85Sdougm					break;
6185db85Sdougm				case SVC_ACTION:
25a68471Sdougm					prop = scf_simple_prop_get(handle,
25a68471Sdougm					    svcstring, "general",
6185db85Sdougm					    SVC_AUTH_ACTION);
6185db85Sdougm					break;
6185db85Sdougm				}
6185db85Sdougm			}
6185db85Sdougm		}
6185db85Sdougm	}
6185db85Sdougm	/* make sure we have an authorization string property */
6185db85Sdougm	if (prop != NULL) {
6185db85Sdougm		int i;
6185db85Sdougm		numauths = scf_simple_prop_numvalues(prop);
6185db85Sdougm		for (ret = 0, i = 0; i < numauths; i++) {
6185db85Sdougm			authstr = scf_simple_prop_next_astring(prop);
6185db85Sdougm			if (authstr != NULL) {
6185db85Sdougm				/* check if this user has one of the strings */
6185db85Sdougm				if (chkauthattr(authstr, pw->pw_name)) {
6185db85Sdougm					ret = 1;
6185db85Sdougm					break;
6185db85Sdougm				}
6185db85Sdougm			}
6185db85Sdougm		}
6185db85Sdougm		endauthattr();
6185db85Sdougm		scf_simple_prop_free(prop);
6185db85Sdougm	} else {
6185db85Sdougm		/* no authorization string defined */
6185db85Sdougm		ret = 0;
6185db85Sdougm	}
6185db85Sdougm	if (handle != NULL)
6185db85Sdougm		scf_handle_destroy(handle);
6185db85Sdougm	return (ret);
6185db85Sdougm}
6185db85Sdougm
6185db85Sdougm/*
6185db85Sdougm * check_authorizations(instname, flags)
6185db85Sdougm *
6185db85Sdougm * check all the needed authorizations for the user in this service
6185db85Sdougm * instance. Return value of 1(true) or 0(false) indicates whether
6185db85Sdougm * there are authorizations for the user or not.
6185db85Sdougm */
6185db85Sdougm
6185db85Sdougmstatic int
6185db85Sdougmcheck_authorizations(char *instname, int flags)
6185db85Sdougm{
6185db85Sdougm	int ret1 = 0;
6185db85Sdougm	int ret2 = 0;
6185db85Sdougm	int ret;
6185db85Sdougm
6185db85Sdougm	if (flags & SVC_SET)
6185db85Sdougm		ret1 = check_authorization(instname, SVC_SET);
6185db85Sdougm	if (flags & SVC_ACTION)
6185db85Sdougm		ret2 = check_authorization(instname, SVC_ACTION);
6185db85Sdougm	switch (flags) {
6185db85Sdougm	case SVC_ACTION:
6185db85Sdougm		ret = ret2;
6185db85Sdougm		break;
6185db85Sdougm	case SVC_SET:
6185db85Sdougm		ret = ret1;
6185db85Sdougm		break;
6185db85Sdougm	case SVC_ACTION|SVC_SET:
6185db85Sdougm		ret = ret1 & ret2;
6185db85Sdougm		break;
6185db85Sdougm	default:
6185db85Sdougm		/* if not flags set, we assume we don't need authorizations */
6185db85Sdougm		ret = 1;
6185db85Sdougm	}
6185db85Sdougm	return (ret);
6185db85Sdougm}
6185db85Sdougm
6185db85Sdougm/*
da6c28aaSamw * notify_or_enable_share(share, protocol)
da6c28aaSamw *
da6c28aaSamw * Since some protocols don't want an "enable" when properties change,
da6c28aaSamw * this function will use the protocol specific notify function
da6c28aaSamw * first. If that fails, it will then attempt to use the
da6c28aaSamw * sa_enable_share().  "protocol" is the protocol that was specified
da6c28aaSamw * on the command line.
da6c28aaSamw */
da6c28aaSamwstatic void
da6c28aaSamwnotify_or_enable_share(sa_share_t share, char *protocol)
da6c28aaSamw{
da6c28aaSamw	sa_group_t group;
da6c28aaSamw	sa_optionset_t opt;
da6c28aaSamw	int ret = SA_OK;
da6c28aaSamw	char *path;
da6c28aaSamw	char *groupproto;
da6c28aaSamw	sa_share_t parent = share;
da6c28aaSamw
da6c28aaSamw	/* If really a resource, get parent share */
da6c28aaSamw	if (!sa_is_share(share)) {
da6c28aaSamw		parent = sa_get_resource_parent((sa_resource_t)share);
da6c28aaSamw	}
da6c28aaSamw
da6c28aaSamw	/*
da6c28aaSamw	 * Now that we've got a share in "parent", make sure it has a path.
da6c28aaSamw	 */
da6c28aaSamw	path = sa_get_share_attr(parent, "path");
da6c28aaSamw	if (path == NULL)
da6c28aaSamw		return;
da6c28aaSamw
da6c28aaSamw	group = sa_get_parent_group(parent);
da6c28aaSamw
da6c28aaSamw	if (group == NULL) {
da6c28aaSamw		sa_free_attr_string(path);
da6c28aaSamw		return;
da6c28aaSamw	}
da6c28aaSamw	for (opt = sa_get_optionset(group, NULL);
da6c28aaSamw	    opt != NULL;
da6c28aaSamw	    opt = sa_get_next_optionset(opt)) {
da6c28aaSamw		groupproto = sa_get_optionset_attr(opt, "type");
da6c28aaSamw		if (groupproto == NULL ||
da6c28aaSamw		    (protocol != NULL && strcmp(groupproto, protocol) != 0)) {
da6c28aaSamw			sa_free_attr_string(groupproto);
da6c28aaSamw			continue;
da6c28aaSamw		}
da6c28aaSamw		if (sa_is_share(share)) {
da6c28aaSamw			if ((ret = sa_proto_change_notify(share,
da6c28aaSamw			    groupproto)) != SA_OK) {
da6c28aaSamw				ret = sa_enable_share(share, groupproto);
da6c28aaSamw				if (ret != SA_OK) {
da6c28aaSamw					(void) printf(
da6c28aaSamw					    gettext("Could not reenable"
da6c28aaSamw					    " share %s: %s\n"),
da6c28aaSamw					    path, sa_errorstr(ret));
da6c28aaSamw				}
da6c28aaSamw			}
da6c28aaSamw		} else {
da6c28aaSamw			/* Must be a resource */
da6c28aaSamw			if ((ret = sa_proto_notify_resource(share,
da6c28aaSamw			    groupproto)) != SA_OK) {
da6c28aaSamw				ret = sa_enable_resource(share, groupproto);
da6c28aaSamw				if (ret != SA_OK) {
da6c28aaSamw					(void) printf(
da6c28aaSamw					    gettext("Could not "
da6c28aaSamw					    "reenable resource %s: "
da6c28aaSamw					    "%s\n"), path,
da6c28aaSamw					    sa_errorstr(ret));
da6c28aaSamw				}
da6c28aaSamw			}
da6c28aaSamw		}
da6c28aaSamw		sa_free_attr_string(groupproto);
da6c28aaSamw	}
da6c28aaSamw	sa_free_attr_string(path);
da6c28aaSamw}
da6c28aaSamw
da6c28aaSamw/*
da6c28aaSamw * enable_group(group, updateproto, notify, proto)
7d968cb8Sdougm *
7d968cb8Sdougm * enable all the shares in the specified group. This is a helper for
7d968cb8Sdougm * enable_all_groups in order to simplify regular and subgroup (zfs)
da6c28aaSamw * enabling. Group has already been checked for non-NULL. If notify
da6c28aaSamw * is non-zero, attempt to use the notify interface rather than
da6c28aaSamw * enable.
6185db85Sdougm */
7d968cb8Sdougmstatic void
da6c28aaSamwenable_group(sa_group_t group, char *updateproto, int notify, char *proto)
6185db85Sdougm{
6185db85Sdougm	sa_share_t share;
7d968cb8Sdougm
7d968cb8Sdougm	for (share = sa_get_share(group, NULL);
7d968cb8Sdougm	    share != NULL;
7d968cb8Sdougm	    share = sa_get_next_share(share)) {
7d968cb8Sdougm		if (updateproto != NULL)
7d968cb8Sdougm			(void) sa_update_legacy(share, updateproto);
da6c28aaSamw		if (notify)
da6c28aaSamw			notify_or_enable_share(share, proto);
da6c28aaSamw		else
da6c28aaSamw			(void) sa_enable_share(share, proto);
7d968cb8Sdougm	}
7d968cb8Sdougm}
7d968cb8Sdougm
7d968cb8Sdougm/*
330ef417Sdougm * isenabled(group)
330ef417Sdougm *
330ef417Sdougm * Returns B_TRUE if the group is enabled or B_FALSE if it isn't.
330ef417Sdougm * Moved to separate function to reduce clutter in the code.
330ef417Sdougm */
330ef417Sdougm
330ef417Sdougmstatic int
330ef417Sdougmisenabled(sa_group_t group)
330ef417Sdougm{
330ef417Sdougm	char *state;
330ef417Sdougm	int ret = B_FALSE;
330ef417Sdougm
330ef417Sdougm	if (group != NULL) {
330ef417Sdougm		state = sa_get_group_attr(group, "state");
330ef417Sdougm		if (state != NULL) {
da6c28aaSamw
330ef417Sdougm			if (strcmp(state, "enabled") == 0)
330ef417Sdougm				ret = B_TRUE;
330ef417Sdougm			sa_free_attr_string(state);
330ef417Sdougm		}
330ef417Sdougm	}
330ef417Sdougm	return (ret);
330ef417Sdougm}
330ef417Sdougm
330ef417Sdougm/*
7d968cb8Sdougm * enable_all_groups(list, setstate, online, updateproto)
da6c28aaSamw *
da6c28aaSamw * Given a list of groups, enable each one found.  If updateproto is
da6c28aaSamw * not NULL, then update all the shares for the protocol that was
da6c28aaSamw * passed in. If enable is non-zero, tell enable_group to try the
da6c28aaSamw * notify interface since this is a property change.
7d968cb8Sdougm */
7d968cb8Sdougmstatic int
549ec3ffSdougmenable_all_groups(sa_handle_t handle, struct list *work, int setstate,
da6c28aaSamw    int online, char *updateproto, int enable)
7d968cb8Sdougm{
330ef417Sdougm	int ret;
6185db85Sdougm	char instance[SA_MAX_NAME_LEN + sizeof (SA_SVC_FMRI_BASE) + 1];
6185db85Sdougm	char *state;
6185db85Sdougm	char *name;
6185db85Sdougm	char *zfs = NULL;
6185db85Sdougm	sa_group_t group;
7d968cb8Sdougm	sa_group_t subgroup;
6185db85Sdougm
330ef417Sdougm	for (ret = SA_OK; work != NULL;	work = work->next) {
6185db85Sdougm		group = (sa_group_t)work->item;
330ef417Sdougm
330ef417Sdougm		/*
330ef417Sdougm		 * If setstate == TRUE, then make sure to set
330ef417Sdougm		 * enabled. This needs to be done here in order for
330ef417Sdougm		 * the isenabled check to succeed on a newly enabled
330ef417Sdougm		 * group.
330ef417Sdougm		 */
330ef417Sdougm		if (setstate == B_TRUE) {
330ef417Sdougm			ret = sa_set_group_attr(group, "state",	"enabled");
330ef417Sdougm			if (ret != SA_OK)
330ef417Sdougm				break;
330ef417Sdougm		}
330ef417Sdougm
330ef417Sdougm		/*
330ef417Sdougm		 * Check to see if group is enabled. If it isn't, skip
330ef417Sdougm		 * the rest.  We don't want shares starting if the
330ef417Sdougm		 * group is disabled. The properties may have been
330ef417Sdougm		 * updated, but there won't be a change until the
330ef417Sdougm		 * group is enabled.
330ef417Sdougm		 */
330ef417Sdougm		if (!isenabled(group))
330ef417Sdougm			continue;
330ef417Sdougm
6185db85Sdougm		/* if itemdata != NULL then a single share */
6185db85Sdougm		if (work->itemdata != NULL) {
da6c28aaSamw			if (enable) {
da6c28aaSamw				if (work->itemdata != NULL)
da6c28aaSamw					notify_or_enable_share(work->itemdata,
da6c28aaSamw					    updateproto);
da6c28aaSamw				else
da6c28aaSamw					ret = SA_CONFIG_ERR;
da6c28aaSamw			} else {
da6c28aaSamw				if (sa_is_share(work->itemdata)) {
da6c28aaSamw					ret = sa_enable_share(
da6c28aaSamw					    (sa_share_t)work->itemdata,
da6c28aaSamw					    updateproto);
da6c28aaSamw				} else {
da6c28aaSamw					ret = sa_enable_resource(
da6c28aaSamw					    (sa_resource_t)work->itemdata,
da6c28aaSamw					    updateproto);
da6c28aaSamw				}
da6c28aaSamw			}
6185db85Sdougm		}
330ef417Sdougm		if (ret != SA_OK)
330ef417Sdougm			break;
330ef417Sdougm
6185db85Sdougm		/* if itemdata == NULL then the whole group */
6185db85Sdougm		if (work->itemdata == NULL) {
7d968cb8Sdougm			zfs = sa_get_group_attr(group, "zfs");
7d968cb8Sdougm			/*
da6c28aaSamw			 * If the share is managed by ZFS, don't
7d968cb8Sdougm			 * update any of the protocols since ZFS is
da6c28aaSamw			 * handling this.  Updateproto will contain
7d968cb8Sdougm			 * the name of the protocol that we want to
7d968cb8Sdougm			 * update legacy files for.
7d968cb8Sdougm			 */
da6c28aaSamw			enable_group(group, zfs == NULL ? updateproto : NULL,
da6c28aaSamw			    enable, work->proto);
25a68471Sdougm			for (subgroup = sa_get_sub_group(group);
25a68471Sdougm			    subgroup != NULL;
7d968cb8Sdougm			    subgroup = sa_get_next_group(subgroup)) {
7d968cb8Sdougm				/* never update legacy for ZFS subgroups */
da6c28aaSamw				enable_group(subgroup, NULL, enable,
da6c28aaSamw				    work->proto);
6185db85Sdougm			}
6185db85Sdougm		}
6185db85Sdougm		if (online) {
6185db85Sdougm			zfs = sa_get_group_attr(group, "zfs");
7d968cb8Sdougm			name = sa_get_group_attr(group, "name");
6185db85Sdougm			if (name != NULL) {
6185db85Sdougm				if (zfs == NULL) {
25a68471Sdougm					(void) snprintf(instance,
25a68471Sdougm					    sizeof (instance), "%s:%s",
6185db85Sdougm					    SA_SVC_FMRI_BASE, name);
6185db85Sdougm					state = smf_get_state(instance);
6185db85Sdougm					if (state == NULL ||
6185db85Sdougm					    strcmp(state, "online") != 0) {
25a68471Sdougm						(void) smf_enable_instance(
25a68471Sdougm						    instance, 0);
6185db85Sdougm						free(state);
6185db85Sdougm					}
6185db85Sdougm				} else {
6185db85Sdougm					sa_free_attr_string(zfs);
6185db85Sdougm					zfs = NULL;
6185db85Sdougm				}
6185db85Sdougm				if (name != NULL)
6185db85Sdougm					sa_free_attr_string(name);
6185db85Sdougm			}
6185db85Sdougm		}
6185db85Sdougm	}
6185db85Sdougm	if (ret == SA_OK) {
549ec3ffSdougm		ret = sa_update_config(handle);
6185db85Sdougm	}
6185db85Sdougm	return (ret);
6185db85Sdougm}
6185db85Sdougm
6185db85Sdougm/*
6185db85Sdougm * chk_opt(optlistp, security, proto)
6185db85Sdougm *
6185db85Sdougm * Do a sanity check on the optlist provided for the protocol.  This
6185db85Sdougm * is a syntax check and verification that the property is either a
6185db85Sdougm * general or specific to a names optionset.
6185db85Sdougm */
6185db85Sdougm
6185db85Sdougmstatic int
6185db85Sdougmchk_opt(struct options *optlistp, int security, char *proto)
6185db85Sdougm{
6185db85Sdougm	struct options *optlist;
6185db85Sdougm	char *sep = "";
6185db85Sdougm	int notfirst = 0;
6185db85Sdougm	int ret;
6185db85Sdougm
6185db85Sdougm	for (optlist = optlistp; optlist != NULL; optlist = optlist->next) {
6185db85Sdougm		char *optname;
6185db85Sdougm
6185db85Sdougm		optname = optlist->optname;
6185db85Sdougm		ret = OPT_ADD_OK;
6185db85Sdougm		/* extract property/value pair */
6185db85Sdougm		if (sa_is_security(optname, proto)) {
6185db85Sdougm			if (!security)
6185db85Sdougm				ret = OPT_ADD_SECURITY;
6185db85Sdougm		} else {
6185db85Sdougm			if (security)
6185db85Sdougm				ret = OPT_ADD_PROPERTY;
6185db85Sdougm		}
6185db85Sdougm		if (ret != OPT_ADD_OK) {
6185db85Sdougm			if (notfirst == 0)
25a68471Sdougm				(void) printf(
25a68471Sdougm				    gettext("Property syntax error: "));
6185db85Sdougm			switch (ret) {
6185db85Sdougm			case OPT_ADD_SYNTAX:
6185db85Sdougm				(void) printf(gettext("%ssyntax error: %s"),
6185db85Sdougm				    sep, optname);
6185db85Sdougm				sep = ", ";
6185db85Sdougm				break;
6185db85Sdougm			case OPT_ADD_SECURITY:
6185db85Sdougm				(void) printf(gettext("%s%s requires -S"),
6185db85Sdougm				    optname, sep);
6185db85Sdougm				sep = ", ";
6185db85Sdougm				break;
6185db85Sdougm			case OPT_ADD_PROPERTY:
25a68471Sdougm				(void) printf(
25a68471Sdougm				    gettext("%s%s not supported with -S"),
6185db85Sdougm				    optname, sep);
6185db85Sdougm				sep = ", ";
6185db85Sdougm				break;
6185db85Sdougm			}
6185db85Sdougm			notfirst++;
6185db85Sdougm		}
6185db85Sdougm	}
6185db85Sdougm	if (notfirst) {
6185db85Sdougm		(void) printf("\n");
6185db85Sdougm		ret = SA_SYNTAX_ERR;
6185db85Sdougm	}
6185db85Sdougm	return (ret);
6185db85Sdougm}
6185db85Sdougm
6185db85Sdougm/*
6185db85Sdougm * free_opt(optlist)
6185db85Sdougm *	Free the specified option list.
6185db85Sdougm */
6185db85Sdougmstatic void
6185db85Sdougmfree_opt(struct options *optlist)
6185db85Sdougm{
6185db85Sdougm	struct options *nextopt;
6185db85Sdougm	while (optlist != NULL) {
6185db85Sdougm		nextopt = optlist->next;
6185db85Sdougm		free(optlist);
6185db85Sdougm		optlist = nextopt;
6185db85Sdougm	}
6185db85Sdougm}
6185db85Sdougm
6185db85Sdougm/*
6185db85Sdougm * check property list for valid properties
6185db85Sdougm * A null value is a remove which is always valid.
6185db85Sdougm */
6185db85Sdougmstatic int
*687915e9Sdougmvalid_options(sa_handle_t handle, struct options *optlist, char *proto,
*687915e9Sdougm    void *object, char *sec)
6185db85Sdougm{
6185db85Sdougm	int ret = SA_OK;
6185db85Sdougm	struct options *cur;
6185db85Sdougm	sa_property_t prop;
6185db85Sdougm	sa_optionset_t parent = NULL;
6185db85Sdougm
6185db85Sdougm	if (object != NULL) {
6185db85Sdougm		if (sec == NULL)
6185db85Sdougm			parent = sa_get_optionset(object, proto);
6185db85Sdougm		else
6185db85Sdougm			parent = sa_get_security(object, sec, proto);
6185db85Sdougm	}
6185db85Sdougm
6185db85Sdougm	for (cur = optlist; cur != NULL; cur = cur->next) {
25a68471Sdougm		if (cur->optvalue == NULL)
25a68471Sdougm			continue;
6185db85Sdougm		prop = sa_create_property(cur->optname, cur->optvalue);
6185db85Sdougm		if (prop == NULL)
6185db85Sdougm			ret = SA_NO_MEMORY;
6185db85Sdougm		if (ret != SA_OK ||
*687915e9Sdougm		    (ret = sa_valid_property(handle, parent, proto, prop)) !=
*687915e9Sdougm		    SA_OK) {
25a68471Sdougm			(void) printf(
25a68471Sdougm			    gettext("Could not add property %s: %s\n"),
25a68471Sdougm			    cur->optname, sa_errorstr(ret));
6185db85Sdougm		}
6185db85Sdougm		(void) sa_remove_property(prop);
6185db85Sdougm	}
6185db85Sdougm	return (ret);
6185db85Sdougm}
6185db85Sdougm
6185db85Sdougm/*
6185db85Sdougm * add_optionset(group, optlist, protocol, *err)
6185db85Sdougm *	Add the options in optlist to an optionset and then add the optionset
6185db85Sdougm *	to the group.
6185db85Sdougm *
6185db85Sdougm *	The return value indicates if there was a "change" while errors are
6185db85Sdougm *	returned via the *err parameters.
6185db85Sdougm */
6185db85Sdougmstatic int
6185db85Sdougmadd_optionset(sa_group_t group, struct options *optlist, char *proto, int *err)
6185db85Sdougm{
6185db85Sdougm	sa_optionset_t optionset;
6185db85Sdougm	int ret = SA_OK;
da6c28aaSamw	int result = B_FALSE;
*687915e9Sdougm	sa_handle_t handle;
6185db85Sdougm
6185db85Sdougm	optionset = sa_get_optionset(group, proto);
6185db85Sdougm	if (optionset == NULL) {
6185db85Sdougm		optionset = sa_create_optionset(group, proto);
da6c28aaSamw		if (optionset == NULL)
da6c28aaSamw			ret = SA_NO_MEMORY;
da6c28aaSamw		result = B_TRUE; /* adding a protocol is a change */
6185db85Sdougm	}
25a68471Sdougm	if (optionset == NULL) {
25a68471Sdougm		ret = SA_NO_MEMORY;
25a68471Sdougm		goto out;
25a68471Sdougm	}
*687915e9Sdougm	handle = sa_find_group_handle(group);
*687915e9Sdougm	if (handle == NULL) {
*687915e9Sdougm		ret = SA_CONFIG_ERR;
*687915e9Sdougm		goto out;
*687915e9Sdougm	}
6185db85Sdougm	while (optlist != NULL) {
6185db85Sdougm		sa_property_t prop;
6185db85Sdougm		prop = sa_get_property(optionset, optlist->optname);
6185db85Sdougm		if (prop == NULL) {
6185db85Sdougm			/*
6185db85Sdougm			 * add the property, but only if it is
6185db85Sdougm			 * a non-NULL or non-zero length value
6185db85Sdougm			 */
6185db85Sdougm			if (optlist->optvalue != NULL) {
6185db85Sdougm				prop = sa_create_property(optlist->optname,
6185db85Sdougm				    optlist->optvalue);
6185db85Sdougm				if (prop != NULL) {
*687915e9Sdougm					ret = sa_valid_property(handle,
*687915e9Sdougm					    optionset, proto, prop);
6185db85Sdougm					if (ret != SA_OK) {
6185db85Sdougm						(void) sa_remove_property(prop);
25a68471Sdougm						(void) printf(gettext("Could "
25a68471Sdougm						    "not add property "
6185db85Sdougm						    "%s: %s\n"),
6185db85Sdougm						    optlist->optname,
6185db85Sdougm						    sa_errorstr(ret));
6185db85Sdougm					}
6185db85Sdougm				}
6185db85Sdougm				if (ret == SA_OK) {
6185db85Sdougm					ret = sa_add_property(optionset, prop);
6185db85Sdougm					if (ret != SA_OK) {
25a68471Sdougm						(void) printf(gettext(
25a68471Sdougm						    "Could not add property "
6185db85Sdougm						    "%s: %s\n"),
6185db85Sdougm						    optlist->optname,
6185db85Sdougm						    sa_errorstr(ret));
6185db85Sdougm					} else {
6185db85Sdougm						/* there was a change */
da6c28aaSamw						result = B_TRUE;
6185db85Sdougm					}
6185db85Sdougm				}
6185db85Sdougm			}
6185db85Sdougm		} else {
6185db85Sdougm			ret = sa_update_property(prop, optlist->optvalue);
6185db85Sdougm			/* should check to see if value changed */
6185db85Sdougm			if (ret != SA_OK) {
6185db85Sdougm				(void) printf(gettext("Could not update "
25a68471Sdougm				    "property %s: %s\n"), optlist->optname,
6185db85Sdougm				    sa_errorstr(ret));
6185db85Sdougm			} else {
da6c28aaSamw				result = B_TRUE;
6185db85Sdougm			}
6185db85Sdougm		}
6185db85Sdougm		optlist = optlist->next;
6185db85Sdougm	}
6185db85Sdougm	ret = sa_commit_properties(optionset, 0);
25a68471Sdougm
25a68471Sdougmout:
6185db85Sdougm	if (err != NULL)
6185db85Sdougm		*err = ret;
6185db85Sdougm	return (result);
6185db85Sdougm}
6185db85Sdougm
6185db85Sdougm/*
da6c28aaSamw * resource_compliant(group)
da6c28aaSamw *
da6c28aaSamw * Go through all the shares in the group. Assume compliant, but if
da6c28aaSamw * any share doesn't have at least one resource name, it isn't
da6c28aaSamw * compliant.
da6c28aaSamw */
da6c28aaSamwstatic int
da6c28aaSamwresource_compliant(sa_group_t group)
da6c28aaSamw{
da6c28aaSamw	sa_share_t share;
da6c28aaSamw
da6c28aaSamw	for (share = sa_get_share(group, NULL); share != NULL;
da6c28aaSamw	    share = sa_get_next_share(share)) {
da6c28aaSamw		if (sa_get_share_resource(share, NULL) == NULL) {
da6c28aaSamw			return (B_FALSE);
da6c28aaSamw		}
da6c28aaSamw	}
da6c28aaSamw	return (B_TRUE);
da6c28aaSamw}
da6c28aaSamw
da6c28aaSamw/*
da6c28aaSamw * fix_path(path)
da6c28aaSamw *
da6c28aaSamw * change all illegal characters to something else.  For now, all get
da6c28aaSamw * converted to '_' and the leading '/' is stripped off. This is used
da6c28aaSamw * to construct an resource name (SMB share name) that is valid.
da6c28aaSamw * Caller must pass a valid path.
da6c28aaSamw */
da6c28aaSamwstatic void
da6c28aaSamwfix_path(char *path)
da6c28aaSamw{
da6c28aaSamw	char *cp;
da6c28aaSamw	size_t len;
da6c28aaSamw
da6c28aaSamw	assert(path != NULL);
da6c28aaSamw
da6c28aaSamw	/* make sure we are appropriate length */
da6c28aaSamw	cp = path + 1; /* skip leading slash */
da6c28aaSamw	while (cp != NULL && strlen(cp) > SA_MAX_RESOURCE_NAME) {
da6c28aaSamw		cp = strchr(cp, '/');
da6c28aaSamw		if (cp != NULL)
da6c28aaSamw			cp++;
da6c28aaSamw	}
da6c28aaSamw	/* two cases - cp == NULL and cp is substring of path */
da6c28aaSamw	if (cp == NULL) {
da6c28aaSamw		/* just take last SA_MAX_RESOURCE_NAME chars */
da6c28aaSamw		len = 1 + strlen(path) - SA_MAX_RESOURCE_NAME;
da6c28aaSamw		(void) memmove(path, path + len, SA_MAX_RESOURCE_NAME);
da6c28aaSamw		path[SA_MAX_RESOURCE_NAME] = '\0';
da6c28aaSamw	} else {
da6c28aaSamw		len = strlen(cp) + 1;
da6c28aaSamw		(void) memmove(path, cp, len);
da6c28aaSamw	}
da6c28aaSamw
da6c28aaSamw	/*
da6c28aaSamw	 * Don't want any of the characters that are not allowed
da6c28aaSamw	 * in and SMB share name. Replace them with '_'.
da6c28aaSamw	 */
da6c28aaSamw	while (*path) {
da6c28aaSamw		switch (*path) {
da6c28aaSamw		case '/':
da6c28aaSamw		case '"':
da6c28aaSamw		case '\\':
da6c28aaSamw		case '[':
da6c28aaSamw		case ']':
da6c28aaSamw		case ':':
da6c28aaSamw		case '|':
da6c28aaSamw		case '<':
da6c28aaSamw		case '>':
da6c28aaSamw		case '+':
da6c28aaSamw		case ';':
da6c28aaSamw		case ',':
da6c28aaSamw		case '?':
da6c28aaSamw		case '*':
da6c28aaSamw		case '=':
da6c28aaSamw		case '\t':
da6c28aaSamw			*path = '_';
da6c28aaSamw			break;
da6c28aaSamw		}
da6c28aaSamw		path++;
da6c28aaSamw	}
da6c28aaSamw}
da6c28aaSamw
da6c28aaSamw/*
da6c28aaSamw * name_adjust(path, count)
da6c28aaSamw *
da6c28aaSamw * Add a ~<count> in place of last few characters. The total number of
da6c28aaSamw * characters is dependent on count.
da6c28aaSamw */
da6c28aaSamw#define	MAX_MANGLE_NUMBER	10000
da6c28aaSamw
da6c28aaSamwstatic int
da6c28aaSamwname_adjust(char *path, int count)
da6c28aaSamw{
da6c28aaSamw	size_t len;
da6c28aaSamw
da6c28aaSamw	len = strlen(path) - 2;
da6c28aaSamw	if (count > 10)
da6c28aaSamw		len--;
da6c28aaSamw	if (count > 100)
da6c28aaSamw		len--;
da6c28aaSamw	if (count > 1000)
da6c28aaSamw		len--;
da6c28aaSamw	if (len > 0)
da6c28aaSamw		(void) sprintf(path + len, "~%d", count);
da6c28aaSamw	else
da6c28aaSamw		return (SA_BAD_VALUE);
da6c28aaSamw
da6c28aaSamw	return (SA_OK);
da6c28aaSamw}
da6c28aaSamw
da6c28aaSamw/*
da6c28aaSamw * make_resources(group)
da6c28aaSamw *
da6c28aaSamw * Go through all the shares in the group and make them have resource
da6c28aaSamw * names.
da6c28aaSamw */
da6c28aaSamwstatic void
da6c28aaSamwmake_resources(sa_group_t group)
da6c28aaSamw{
da6c28aaSamw	sa_share_t share;
da6c28aaSamw	int count;
da6c28aaSamw	int err = SA_OK;
da6c28aaSamw
da6c28aaSamw	for (share = sa_get_share(group, NULL); share != NULL;
da6c28aaSamw	    share = sa_get_next_share(share)) {
da6c28aaSamw		/* Skip those with resources */
da6c28aaSamw		if (sa_get_share_resource(share, NULL) == NULL) {
da6c28aaSamw			char *path;
da6c28aaSamw			path = sa_get_share_attr(share, "path");
da6c28aaSamw			if (path == NULL)
da6c28aaSamw				continue;
da6c28aaSamw			fix_path(path);
da6c28aaSamw			count = 0;	/* reset for next resource */
da6c28aaSamw			while (sa_add_resource(share, path,
da6c28aaSamw			    SA_SHARE_PERMANENT, &err) == NULL &&
da6c28aaSamw			    err == SA_DUPLICATE_NAME) {
da6c28aaSamw				int ret;
da6c28aaSamw				ret = name_adjust(path, count);
da6c28aaSamw				count++;
da6c28aaSamw				if (ret != SA_OK ||
da6c28aaSamw				    count >= MAX_MANGLE_NUMBER) {
da6c28aaSamw					(void) printf(gettext(
da6c28aaSamw					    "Cannot create resource name for"
da6c28aaSamw					    " path: %s\n"), path);
da6c28aaSamw					break;
da6c28aaSamw				}
da6c28aaSamw			}
da6c28aaSamw			sa_free_attr_string(path);
da6c28aaSamw		}
da6c28aaSamw	}
da6c28aaSamw}
da6c28aaSamw
da6c28aaSamw/*
9e5da854Sdougm * check_valid_group(group, protocol)
9e5da854Sdougm *
9e5da854Sdougm * Check to see that the group should have the protocol added (if
9e5da854Sdougm * there is one specified).
9e5da854Sdougm */
9e5da854Sdougm
9e5da854Sdougmstatic int
9e5da854Sdougmcheck_valid_group(sa_group_t group, char *groupname, char *protocol)
9e5da854Sdougm{
9e5da854Sdougm
9e5da854Sdougm	if (protocol != NULL) {
9e5da854Sdougm		if (has_protocol(group, protocol)) {
9e5da854Sdougm			(void) printf(gettext(
9e5da854Sdougm			    "Group \"%s\" already exists"
9e5da854Sdougm			    " with protocol %s\n"), groupname,
9e5da854Sdougm			    protocol);
9e5da854Sdougm			return (SA_DUPLICATE_NAME);
9e5da854Sdougm		} else if (strcmp(groupname, "default") == 0 &&
9e5da854Sdougm		    strcmp(protocol, "nfs") != 0) {
9e5da854Sdougm			(void) printf(gettext(
9e5da854Sdougm			    "Group \"%s\" only allows protocol "
9e5da854Sdougm			    "\"%s\"\n"), groupname, "nfs");
9e5da854Sdougm			return (SA_INVALID_PROTOCOL);
9e5da854Sdougm		}
9e5da854Sdougm	} else {
9e5da854Sdougm		/* must add new protocol */
9e5da854Sdougm		(void) printf(gettext(
9e5da854Sdougm		    "Group already exists and no protocol "
9e5da854Sdougm		    "specified.\n"));
9e5da854Sdougm		return (SA_DUPLICATE_NAME);
9e5da854Sdougm	}
9e5da854Sdougm	return (SA_OK);
9e5da854Sdougm}
9e5da854Sdougm
9e5da854Sdougm/*
9e5da854Sdougm * enforce_featureset(group, protocol, dryrun, force)
9e5da854Sdougm *
9e5da854Sdougm * Check the protocol featureset against the group and enforce any
9e5da854Sdougm * rules that might be imposed.
9e5da854Sdougm */
9e5da854Sdougm
9e5da854Sdougmstatic int
9e5da854Sdougmenforce_featureset(sa_group_t group, char *protocol, boolean_t dryrun,
9e5da854Sdougm    boolean_t force)
9e5da854Sdougm{
9e5da854Sdougm	uint64_t features;
9e5da854Sdougm
9e5da854Sdougm	if (protocol == NULL)
9e5da854Sdougm		return (SA_OK);
9e5da854Sdougm
9e5da854Sdougm	/*
9e5da854Sdougm	 * First check to see if specified protocol is one we want to
9e5da854Sdougm	 * allow on a group. Only server protocols are allowed here.
9e5da854Sdougm	 */
9e5da854Sdougm	features = sa_proto_get_featureset(protocol);
9e5da854Sdougm	if (!(features & SA_FEATURE_SERVER)) {
9e5da854Sdougm		(void) printf(
9e5da854Sdougm		    gettext("Protocol \"%s\" not supported.\n"), protocol);
9e5da854Sdougm		return (SA_INVALID_PROTOCOL);
9e5da854Sdougm	}
9e5da854Sdougm
9e5da854Sdougm	/*
9e5da854Sdougm	 * Check to see if the new protocol is one that requires
9e5da854Sdougm	 * resource names and make sure we are compliant before
9e5da854Sdougm	 * proceeding.
9e5da854Sdougm	 */
9e5da854Sdougm	if ((features & SA_FEATURE_RESOURCE) &&
9e5da854Sdougm	    !resource_compliant(group)) {
9e5da854Sdougm		if (force && !dryrun) {
9e5da854Sdougm			make_resources(group);
9e5da854Sdougm		} else {
9e5da854Sdougm			(void) printf(
9e5da854Sdougm			    gettext("Protocol requires resource names to be "
9e5da854Sdougm			    "set: %s\n"), protocol);
9e5da854Sdougm			return (SA_RESOURCE_REQUIRED);
9e5da854Sdougm		}
9e5da854Sdougm	}
9e5da854Sdougm	return (SA_OK);
9e5da854Sdougm}
9e5da854Sdougm
9e5da854Sdougm/*
9e5da854Sdougm * set_all_protocols(group)
9e5da854Sdougm *
9e5da854Sdougm * Get the list of all protocols and add all server protocols to the
9e5da854Sdougm * group.
9e5da854Sdougm */
9e5da854Sdougm
9e5da854Sdougmstatic int
9e5da854Sdougmset_all_protocols(sa_group_t group)
9e5da854Sdougm{
9e5da854Sdougm	char **protolist;
9e5da854Sdougm	int numprotos, i;
9e5da854Sdougm	uint64_t features;
9e5da854Sdougm	sa_optionset_t optionset;
9e5da854Sdougm	int ret = SA_OK;
9e5da854Sdougm
9e5da854Sdougm	/*
9e5da854Sdougm	 * Now make sure we really want to put this protocol on a
9e5da854Sdougm	 * group. Only server protocols can go here.
9e5da854Sdougm	 */
9e5da854Sdougm	numprotos = sa_get_protocols(&protolist);
9e5da854Sdougm	for (i = 0; i < numprotos; i++) {
9e5da854Sdougm		features = sa_proto_get_featureset(protolist[i]);
9e5da854Sdougm		if (features & SA_FEATURE_SERVER) {
9e5da854Sdougm			optionset = sa_create_optionset(group, protolist[i]);
9e5da854Sdougm			if (optionset == NULL) {
9e5da854Sdougm				ret = SA_NO_MEMORY;
9e5da854Sdougm				break;
9e5da854Sdougm			}
9e5da854Sdougm		}
9e5da854Sdougm	}
9e5da854Sdougm
9e5da854Sdougm	if (protolist != NULL)
9e5da854Sdougm		free(protolist);
9e5da854Sdougm
9e5da854Sdougm	return (ret);
9e5da854Sdougm}
9e5da854Sdougm
9e5da854Sdougm/*
6185db85Sdougm * sa_create(flags, argc, argv)
6185db85Sdougm *	create a new group
6185db85Sdougm *	this may or may not have a protocol associated with it.
6185db85Sdougm *	No protocol means "all" protocols in this case.
6185db85Sdougm */
6185db85Sdougmstatic int
549ec3ffSdougmsa_create(sa_handle_t handle, int flags, int argc, char *argv[])
6185db85Sdougm{
6185db85Sdougm	char *groupname;
6185db85Sdougm
6185db85Sdougm	sa_group_t group;
9e5da854Sdougm	boolean_t force = B_FALSE;
9e5da854Sdougm	boolean_t verbose = B_FALSE;
9e5da854Sdougm	boolean_t dryrun = B_FALSE;
6185db85Sdougm	int c;
6185db85Sdougm	char *protocol = NULL;
6185db85Sdougm	int ret = SA_OK;
6185db85Sdougm	struct options *optlist = NULL;
e7bab347Sdougm	int err = SA_OK;
6185db85Sdougm	int auth;
9e5da854Sdougm	boolean_t created = B_FALSE;
6185db85Sdougm
da6c28aaSamw	while ((c = getopt(argc, argv, "?fhvnP:p:")) != EOF) {
6185db85Sdougm		switch (c) {
da6c28aaSamw		case 'f':
9e5da854Sdougm			force = B_TRUE;
da6c28aaSamw			break;
6185db85Sdougm		case 'v':
9e5da854Sdougm			verbose = B_TRUE;
6185db85Sdougm			break;
6185db85Sdougm		case 'n':
9e5da854Sdougm			dryrun = B_TRUE;
6185db85Sdougm			break;
6185db85Sdougm		case 'P':
da6c28aaSamw			if (protocol != NULL) {
da6c28aaSamw				(void) printf(gettext("Specifying "
da6c28aaSamw				    "multiple protocols "
da6c28aaSamw				    "not supported: %s\n"), protocol);
da6c28aaSamw				return (SA_SYNTAX_ERR);
da6c28aaSamw			}
6185db85Sdougm			protocol = optarg;
25a68471Sdougm			if (sa_valid_protocol(protocol))
25a68471Sdougm				break;
25a68471Sdougm			(void) printf(gettext(
25a68471Sdougm			    "Invalid protocol specified: %s\n"), protocol);
6185db85Sdougm			return (SA_INVALID_PROTOCOL);
6185db85Sdougm			break;
6185db85Sdougm		case 'p':
6185db85Sdougm			ret = add_opt(&optlist, optarg, 0);
6185db85Sdougm			switch (ret) {
6185db85Sdougm			case OPT_ADD_SYNTAX:
25a68471Sdougm				(void) printf(gettext(
25a68471Sdougm				    "Property syntax error for property: %s\n"),
6185db85Sdougm				    optarg);
6185db85Sdougm				return (SA_SYNTAX_ERR);
6185db85Sdougm			case OPT_ADD_SECURITY:
25a68471Sdougm				(void) printf(gettext(
25a68471Sdougm				    "Security properties need "
6185db85Sdougm				    "to be set with set-security: %s\n"),
6185db85Sdougm				    optarg);
6185db85Sdougm				return (SA_SYNTAX_ERR);
6185db85Sdougm			default:
6185db85Sdougm				break;
6185db85Sdougm			}
6185db85Sdougm			break;
e7bab347Sdougm		case 'h':
e7bab347Sdougm			/* optopt on valid arg isn't defined */
e7bab347Sdougm			optopt = c;
e7bab347Sdougm			/*FALLTHROUGH*/
e7bab347Sdougm		case '?':
6185db85Sdougm		default:
e7bab347Sdougm			/*
e7bab347Sdougm			 * Since a bad option gets to here, sort it
e7bab347Sdougm			 * out and return a syntax error return value
e7bab347Sdougm			 * if necessary.
e7bab347Sdougm			 */
e7bab347Sdougm			switch (optopt) {
e7bab347Sdougm			default:
e7bab347Sdougm				err = SA_SYNTAX_ERR;
e7bab347Sdougm				break;
6185db85Sdougm			case 'h':
6185db85Sdougm			case '?':
e7bab347Sdougm				break;
e7bab347Sdougm			}
6185db85Sdougm			(void) printf(gettext("usage: %s\n"),
6185db85Sdougm			    sa_get_usage(USAGE_CREATE));
e7bab347Sdougm			return (err);
6185db85Sdougm		}
6185db85Sdougm	}
6185db85Sdougm
6185db85Sdougm	if (optind >= argc) {
25a68471Sdougm		(void) printf(gettext("usage: %s\n"),
25a68471Sdougm		    sa_get_usage(USAGE_CREATE));
6185db85Sdougm		(void) printf(gettext("\tgroup must be specified.\n"));
6185db85Sdougm		return (SA_BAD_PATH);
6185db85Sdougm	}
6185db85Sdougm
6185db85Sdougm	if ((optind + 1) < argc) {
25a68471Sdougm		(void) printf(gettext("usage: %s\n"),
25a68471Sdougm		    sa_get_usage(USAGE_CREATE));
6185db85Sdougm		(void) printf(gettext("\textraneous group(s) at end\n"));
6185db85Sdougm		return (SA_SYNTAX_ERR);
6185db85Sdougm	}
6185db85Sdougm
6185db85Sdougm	if (protocol == NULL && optlist != NULL) {
6185db85Sdougm		/* lookup default protocol */
25a68471Sdougm		(void) printf(gettext("usage: %s\n"),
25a68471Sdougm		    sa_get_usage(USAGE_CREATE));
6185db85Sdougm		(void) printf(gettext("\tprotocol must be specified "
6185db85Sdougm		    "with properties\n"));
6185db85Sdougm		return (SA_INVALID_PROTOCOL);
6185db85Sdougm	}
6185db85Sdougm
6185db85Sdougm	if (optlist != NULL)
6185db85Sdougm		ret = chk_opt(optlist, 0, protocol);
6185db85Sdougm	if (ret == OPT_ADD_SECURITY) {
6185db85Sdougm		(void) printf(gettext("Security properties not "
6185db85Sdougm		    "supported with create\n"));
6185db85Sdougm		return (SA_SYNTAX_ERR);
6185db85Sdougm	}
6185db85Sdougm
6185db85Sdougm	/*
25a68471Sdougm	 * If a group already exists, we can only add a new protocol
6185db85Sdougm	 * to it and not create a new one or add the same protocol
6185db85Sdougm	 * again.
6185db85Sdougm	 */
6185db85Sdougm
6185db85Sdougm	groupname = argv[optind];
6185db85Sdougm
6185db85Sdougm	auth = check_authorizations(groupname, flags);
6185db85Sdougm
549ec3ffSdougm	group = sa_get_group(handle, groupname);
6185db85Sdougm	if (group != NULL) {
6185db85Sdougm		/* group exists so must be a protocol add */
9e5da854Sdougm		ret = check_valid_group(group, groupname, protocol);
6185db85Sdougm	} else {
6185db85Sdougm		/*
6185db85Sdougm		 * is it a valid name? Must comply with SMF instance
6185db85Sdougm		 * name restrictions.
6185db85Sdougm		 */
6185db85Sdougm		if (!sa_valid_group_name(groupname)) {
6185db85Sdougm			ret = SA_INVALID_NAME;
25a68471Sdougm			(void) printf(gettext("Invalid group name: %s\n"),
25a68471Sdougm			    groupname);
6185db85Sdougm		}
6185db85Sdougm	}
6185db85Sdougm	if (ret == SA_OK) {
6185db85Sdougm		/* check protocol vs optlist */
6185db85Sdougm		if (optlist != NULL) {
6185db85Sdougm			/* check options, if any, for validity */
*687915e9Sdougm			ret = valid_options(handle, optlist, protocol,
*687915e9Sdougm			    group, NULL);
6185db85Sdougm		}
6185db85Sdougm	}
6185db85Sdougm	if (ret == SA_OK && !dryrun) {
6185db85Sdougm		if (group == NULL) {
25a68471Sdougm			group = sa_create_group(handle, (char *)groupname,
25a68471Sdougm			    &err);
9e5da854Sdougm			created = B_TRUE;
6185db85Sdougm		}
6185db85Sdougm		if (group != NULL) {
6185db85Sdougm			sa_optionset_t optionset;
da6c28aaSamw
9e5da854Sdougm			/*
9e5da854Sdougm			 * Check group and protocol against featureset
9e5da854Sdougm			 * requirements.
9e5da854Sdougm			 */
9e5da854Sdougm			ret = enforce_featureset(group, protocol,
9e5da854Sdougm			    dryrun, force);
9e5da854Sdougm			if (ret != SA_OK)
da6c28aaSamw				goto err;
9e5da854Sdougm
9e5da854Sdougm			/*
9e5da854Sdougm			 * So far so good. Now add the required
9e5da854Sdougm			 * optionset(s) to the group.
9e5da854Sdougm			 */
6185db85Sdougm			if (optlist != NULL) {
25a68471Sdougm				(void) add_optionset(group, optlist, protocol,
25a68471Sdougm				    &ret);
6185db85Sdougm			} else if (protocol != NULL) {
25a68471Sdougm				optionset = sa_create_optionset(group,
25a68471Sdougm				    protocol);
6185db85Sdougm				if (optionset == NULL)
6185db85Sdougm					ret = SA_NO_MEMORY;
6185db85Sdougm			} else if (protocol == NULL) {
9e5da854Sdougm				/* default group create so add all protocols */
9e5da854Sdougm				ret = set_all_protocols(group);
6185db85Sdougm			}
6185db85Sdougm			/*
25a68471Sdougm			 * We have a group and legal additions
6185db85Sdougm			 */
6185db85Sdougm			if (ret == SA_OK) {
6185db85Sdougm				/*
25a68471Sdougm				 * Commit to configuration for protocols that
6185db85Sdougm				 * need to do block updates. For NFS, this
6185db85Sdougm				 * doesn't do anything but it will be run for
6185db85Sdougm				 * all protocols that implement the
6185db85Sdougm				 * appropriate plugin.
6185db85Sdougm				 */
549ec3ffSdougm				ret = sa_update_config(handle);
6185db85Sdougm			} else {
6185db85Sdougm				if (group != NULL)
6185db85Sdougm					(void) sa_remove_group(group);
6185db85Sdougm			}
6185db85Sdougm		} else {
6185db85Sdougm			ret = err;
6185db85Sdougm			(void) printf(gettext("Could not create group: %s\n"),
6185db85Sdougm			    sa_errorstr(ret));
6185db85Sdougm		}
6185db85Sdougm	}
6185db85Sdougm	if (dryrun && ret == SA_OK && !auth && verbose) {
6185db85Sdougm		(void) printf(gettext("Command would fail: %s\n"),
6185db85Sdougm		    sa_errorstr(SA_NO_PERMISSION));
6185db85Sdougm		ret = SA_NO_PERMISSION;
6185db85Sdougm	}
da6c28aaSamwerr:
9e5da854Sdougm	if (ret != SA_OK && created)
9e5da854Sdougm		ret = sa_remove_group(group);
9e5da854Sdougm
6185db85Sdougm	free_opt(optlist);
6185db85Sdougm	return (ret);
6185db85Sdougm}
6185db85Sdougm
6185db85Sdougm/*
6185db85Sdougm * group_status(group)
6185db85Sdougm *
6185db85Sdougm * return the current status (enabled/disabled) of the group.
6185db85Sdougm */
6185db85Sdougm
6185db85Sdougmstatic char *
6185db85Sdougmgroup_status(sa_group_t group)
6185db85Sdougm{
6185db85Sdougm	char *state;
6185db85Sdougm	int enabled = 0;
6185db85Sdougm
6185db85Sdougm	state = sa_get_group_attr(group, "state");
6185db85Sdougm	if (state != NULL) {
6185db85Sdougm		if (strcmp(state, "enabled") == 0) {
6185db85Sdougm			enabled = 1;
6185db85Sdougm		}
6185db85Sdougm		sa_free_attr_string(state);
6185db85Sdougm	}
4db300d5Sdougm	return (enabled ? "enabled" : "disabled");
6185db85Sdougm}
6185db85Sdougm
6185db85Sdougm/*
6185db85Sdougm * sa_delete(flags, argc, argv)
6185db85Sdougm *
6185db85Sdougm *	Delete a group.
6185db85Sdougm */
6185db85Sdougm
6185db85Sdougmstatic int
549ec3ffSdougmsa_delete(sa_handle_t handle, int flags, int argc, char *argv[])
6185db85Sdougm{
6185db85Sdougm	char *groupname;
6185db85Sdougm	sa_group_t group;
6185db85Sdougm	sa_share_t share;
6185db85Sdougm	int verbose = 0;
6185db85Sdougm	int dryrun = 0;
6185db85Sdougm	int force = 0;
6185db85Sdougm	int c;
6185db85Sdougm	char *protocol = NULL;
6185db85Sdougm	char *sectype = NULL;
6185db85Sdougm	int ret = SA_OK;
6185db85Sdougm	int auth;
6185db85Sdougm
6185db85Sdougm	while ((c = getopt(argc, argv, "?hvnP:fS:")) != EOF) {
6185db85Sdougm		switch (c) {
6185db85Sdougm		case 'v':
6185db85Sdougm			verbose++;
6185db85Sdougm			break;
6185db85Sdougm		case 'n':
6185db85Sdougm			dryrun++;
6185db85Sdougm			break;
6185db85Sdougm		case 'P':
da6c28aaSamw			if (protocol != NULL) {
da6c28aaSamw				(void) printf(gettext("Specifying "
da6c28aaSamw				    "multiple protocols "
da6c28aaSamw				    "not supported: %s\n"), protocol);
da6c28aaSamw				return (SA_SYNTAX_ERR);
da6c28aaSamw			}
6185db85Sdougm			protocol = optarg;
6185db85Sdougm			if (!sa_valid_protocol(protocol)) {
25a68471Sdougm				(void) printf(gettext("Invalid protocol "
25a68471Sdougm				    "specified: %s\n"), protocol);
6185db85Sdougm				return (SA_INVALID_PROTOCOL);
6185db85Sdougm			}
6185db85Sdougm			break;
6185db85Sdougm		case 'S':
da6c28aaSamw			if (sectype != NULL) {
da6c28aaSamw				(void) printf(gettext("Specifying "
da6c28aaSamw				    "multiple property "
da6c28aaSamw				    "spaces not supported: %s\n"), sectype);
da6c28aaSamw				return (SA_SYNTAX_ERR);
da6c28aaSamw			}
6185db85Sdougm			sectype = optarg;
6185db85Sdougm			break;
6185db85Sdougm		case 'f':
6185db85Sdougm			force++;
6185db85Sdougm			break;
e7bab347Sdougm		case 'h':
e7bab347Sdougm			/* optopt on valid arg isn't defined */
e7bab347Sdougm			optopt = c;
e7bab347Sdougm			/*FALLTHROUGH*/
e7bab347Sdougm		case '?':
6185db85Sdougm		default:
e7bab347Sdougm			/*
e7bab347Sdougm			 * Since a bad option gets to here, sort it
e7bab347Sdougm			 * out and return a syntax error return value
e7bab347Sdougm			 * if necessary.
e7bab347Sdougm			 */
e7bab347Sdougm			switch (optopt) {
e7bab347Sdougm			default:
e7bab347Sdougm				ret = SA_SYNTAX_ERR;
e7bab347Sdougm				break;
6185db85Sdougm			case 'h':
6185db85Sdougm			case '?':
e7bab347Sdougm				break;
e7bab347Sdougm			}
6185db85Sdougm			(void) printf(gettext("usage: %s\n"),
6185db85Sdougm			    sa_get_usage(USAGE_DELETE));
e7bab347Sdougm			return (ret);
6185db85Sdougm		}
6185db85Sdougm	}
6185db85Sdougm
6185db85Sdougm	if (optind >= argc) {
25a68471Sdougm		(void) printf(gettext("usage: %s\n"),
25a68471Sdougm		    sa_get_usage(USAGE_DELETE));
6185db85Sdougm		(void) printf(gettext("\tgroup must be specified.\n"));
6185db85Sdougm		return (SA_SYNTAX_ERR);
6185db85Sdougm	}
6185db85Sdougm
6185db85Sdougm	if ((optind + 1) < argc) {
25a68471Sdougm		(void) printf(gettext("usage: %s\n"),
25a68471Sdougm		    sa_get_usage(USAGE_DELETE));
6185db85Sdougm		(void) printf(gettext("\textraneous group(s) at end\n"));
6185db85Sdougm		return (SA_SYNTAX_ERR);
6185db85Sdougm	}
6185db85Sdougm
6185db85Sdougm	if (sectype != NULL && protocol == NULL) {
25a68471Sdougm		(void) printf(gettext("usage: %s\n"),
25a68471Sdougm		    sa_get_usage(USAGE_DELETE));
6185db85Sdougm		(void) printf(gettext("\tsecurity requires protocol to be "
6185db85Sdougm		    "specified.\n"));
6185db85Sdougm		return (SA_SYNTAX_ERR);
6185db85Sdougm	}
6185db85Sdougm
6185db85Sdougm	/*
6185db85Sdougm	 * Determine if the group already exists since it must in
6185db85Sdougm	 * order to be removed.
6185db85Sdougm	 *
6185db85Sdougm	 * We can delete when:
6185db85Sdougm	 *
6185db85Sdougm	 *	- group is empty
6185db85Sdougm	 *	- force flag is set
6185db85Sdougm	 *	- if protocol specified, only delete the protocol
6185db85Sdougm	 */
6185db85Sdougm
6185db85Sdougm	groupname = argv[optind];
549ec3ffSdougm	group = sa_get_group(handle, groupname);
6185db85Sdougm	if (group == NULL) {
6185db85Sdougm		ret = SA_NO_SUCH_GROUP;
25a68471Sdougm		goto done;
25a68471Sdougm	}
6185db85Sdougm	auth = check_authorizations(groupname, flags);
6185db85Sdougm	if (protocol == NULL) {
6185db85Sdougm		share = sa_get_share(group, NULL);
6185db85Sdougm		if (share != NULL)
6185db85Sdougm			ret = SA_BUSY;
6185db85Sdougm		if (share == NULL || (share != NULL && force == 1)) {
6185db85Sdougm			ret = SA_OK;
6185db85Sdougm			if (!dryrun) {
6185db85Sdougm				while (share != NULL) {
6185db85Sdougm					sa_share_t next_share;
6185db85Sdougm					next_share = sa_get_next_share(share);
6185db85Sdougm					/*
25a68471Sdougm					 * need to do the disable of
25a68471Sdougm					 * each share, but don't
25a68471Sdougm					 * actually do anything on a
25a68471Sdougm					 * dryrun.
6185db85Sdougm					 */
6185db85Sdougm					ret = sa_disable_share(share, NULL);
6185db85Sdougm					ret = sa_remove_share(share);
6185db85Sdougm					share = next_share;
6185db85Sdougm				}
6185db85Sdougm				ret = sa_remove_group(group);
6185db85Sdougm			}
6185db85Sdougm		}
25a68471Sdougm		/* Commit to configuration if not a dryrun */
6185db85Sdougm		if (!dryrun && ret == SA_OK) {
549ec3ffSdougm			ret = sa_update_config(handle);
6185db85Sdougm		}
6185db85Sdougm	} else {
6185db85Sdougm		/* a protocol delete */
6185db85Sdougm		sa_optionset_t optionset;
6185db85Sdougm		sa_security_t security;
6185db85Sdougm		if (sectype != NULL) {
6185db85Sdougm			/* only delete specified security */
6185db85Sdougm			security = sa_get_security(group, sectype, protocol);
25a68471Sdougm			if (security != NULL && !dryrun)
6185db85Sdougm				ret = sa_destroy_security(security);
25a68471Sdougm			else
6185db85Sdougm				ret = SA_INVALID_PROTOCOL;
6185db85Sdougm		} else {
6185db85Sdougm			optionset = sa_get_optionset(group, protocol);
6185db85Sdougm			if (optionset != NULL && !dryrun) {
25a68471Sdougm				/*
25a68471Sdougm				 * have an optionset with
25a68471Sdougm				 * protocol to delete
25a68471Sdougm				 */
6185db85Sdougm				ret = sa_destroy_optionset(optionset);
6185db85Sdougm				/*
25a68471Sdougm				 * Now find all security sets
25a68471Sdougm				 * for the protocol and remove
25a68471Sdougm				 * them. Don't remove other
6185db85Sdougm				 * protocols.
6185db85Sdougm				 */
25a68471Sdougm				for (security =
25a68471Sdougm				    sa_get_security(group, NULL, NULL);
6185db85Sdougm				    ret == SA_OK && security != NULL;
6185db85Sdougm				    security = sa_get_next_security(security)) {
6185db85Sdougm					char *secprot;
25a68471Sdougm					secprot = sa_get_security_attr(security,
25a68471Sdougm					    "type");
6185db85Sdougm					if (secprot != NULL &&
6185db85Sdougm					    strcmp(secprot, protocol) == 0)
25a68471Sdougm						ret = sa_destroy_security(
25a68471Sdougm						    security);
6185db85Sdougm					if (secprot != NULL)
6185db85Sdougm						sa_free_attr_string(secprot);
6185db85Sdougm				}
6185db85Sdougm			} else {
6185db85Sdougm				if (!dryrun)
6185db85Sdougm					ret = SA_INVALID_PROTOCOL;
6185db85Sdougm			}
6185db85Sdougm		}
da6c28aaSamw		/*
da6c28aaSamw		 * With the protocol items removed, make sure that all
da6c28aaSamw		 * the shares are updated in the legacy files, if
da6c28aaSamw		 * necessary.
da6c28aaSamw		 */
da6c28aaSamw		for (share = sa_get_share(group, NULL);
da6c28aaSamw		    share != NULL;
da6c28aaSamw		    share = sa_get_next_share(share)) {
da6c28aaSamw			(void) sa_delete_legacy(share, protocol);
da6c28aaSamw		}
6185db85Sdougm	}
25a68471Sdougm
25a68471Sdougmdone:
6185db85Sdougm	if (ret != SA_OK) {
6185db85Sdougm		(void) printf(gettext("Could not delete group: %s\n"),
6185db85Sdougm		    sa_errorstr(ret));
6185db85Sdougm	} else if (dryrun && !auth && verbose) {
6185db85Sdougm		(void) printf(gettext("Command would fail: %s\n"),
6185db85Sdougm		    sa_errorstr(SA_NO_PERMISSION));
6185db85Sdougm	}
6185db85Sdougm	return (ret);
6185db85Sdougm}
6185db85Sdougm
6185db85Sdougm/*
6185db85Sdougm * strndupr(*buff, str, buffsize)
6185db85Sdougm *
6185db85Sdougm * used with small strings to duplicate and possibly increase the
6185db85Sdougm * buffer size of a string.
6185db85Sdougm */
6185db85Sdougmstatic char *
6185db85Sdougmstrndupr(char *buff, char *str, int *buffsize)
6185db85Sdougm{
6185db85Sdougm	int limit;
6185db85Sdougm	char *orig_buff = buff;
6185db85Sdougm
6185db85Sdougm	if (buff == NULL) {
6185db85Sdougm		buff = (char *)malloc(64);
6185db85Sdougm		if (buff == NULL)
6185db85Sdougm			return (NULL);
6185db85Sdougm		*buffsize = 64;
6185db85Sdougm		buff[0] = '\0';
6185db85Sdougm	}
6185db85Sdougm	limit = strlen(buff) + strlen(str) + 1;
6185db85Sdougm	if (limit > *buffsize) {
6185db85Sdougm		limit = *buffsize = *buffsize + ((limit / 64) + 64);
6185db85Sdougm		buff = realloc(buff, limit);
6185db85Sdougm	}
6185db85Sdougm	if (buff != NULL) {
6185db85Sdougm		(void) strcat(buff, str);
6185db85Sdougm	} else {
6185db85Sdougm		/* if it fails, fail it hard */
6185db85Sdougm		if (orig_buff != NULL)
6185db85Sdougm			free(orig_buff);
6185db85Sdougm	}
6185db85Sdougm	return (buff);
6185db85Sdougm}
6185db85Sdougm
6185db85Sdougm/*
6185db85Sdougm * group_proto(group)
6185db85Sdougm *
6185db85Sdougm * return a string of all the protocols (space separated) associated
6185db85Sdougm * with this group.
6185db85Sdougm */
6185db85Sdougm
6185db85Sdougmstatic char *
6185db85Sdougmgroup_proto(sa_group_t group)
6185db85Sdougm{
6185db85Sdougm	sa_optionset_t optionset;
6185db85Sdougm	char *proto;
6185db85Sdougm	char *buff = NULL;
6185db85Sdougm	int buffsize = 0;
6185db85Sdougm	int addspace = 0;
6185db85Sdougm	/*
6185db85Sdougm	 * get the protocol list by finding the optionsets on this
6185db85Sdougm	 * group and extracting the type value. The initial call to
6185db85Sdougm	 * strndupr() initailizes buff.
6185db85Sdougm	 */
6185db85Sdougm	buff = strndupr(buff, "", &buffsize);
6185db85Sdougm	if (buff != NULL) {
6185db85Sdougm		for (optionset = sa_get_optionset(group, NULL);
6185db85Sdougm		    optionset != NULL && buff != NULL;
6185db85Sdougm		    optionset = sa_get_next_optionset(optionset)) {
6185db85Sdougm			/*
6185db85Sdougm			 * extract out the protocol type from this optionset
6185db85Sdougm			 * and append it to the buffer "buff". strndupr() will
6185db85Sdougm			 * reallocate space as necessay.
6185db85Sdougm			 */
6185db85Sdougm			proto = sa_get_optionset_attr(optionset, "type");
6185db85Sdougm			if (proto != NULL) {
6185db85Sdougm				if (addspace++)
6185db85Sdougm					buff = strndupr(buff, " ", &buffsize);
6185db85Sdougm				buff = strndupr(buff, proto, &buffsize);
6185db85Sdougm				sa_free_attr_string(proto);
6185db85Sdougm			}
6185db85Sdougm		}
6185db85Sdougm	}
6185db85Sdougm	return (buff);
6185db85Sdougm}
6185db85Sdougm
6185db85Sdougm/*
6185db85Sdougm * sa_list(flags, argc, argv)
6185db85Sdougm *
6185db85Sdougm * implements the "list" subcommand to list groups and optionally
6185db85Sdougm * their state and protocols.
6185db85Sdougm */
6185db85Sdougm
6185db85Sdougmstatic int
549ec3ffSdougmsa_list(sa_handle_t handle, int flags, int argc, char *argv[])
6185db85Sdougm{
6185db85Sdougm	sa_group_t group;
6185db85Sdougm	int verbose = 0;
6185db85Sdougm	int c;
6185db85Sdougm	char *protocol = NULL;
e7bab347Sdougm	int ret = SA_OK;
da6c28aaSamw#ifdef lint
da6c28aaSamw	flags = flags;
da6c28aaSamw#endif
6185db85Sdougm
6185db85Sdougm	while ((c = getopt(argc, argv, "?hvP:")) != EOF) {
6185db85Sdougm		switch (c) {
6185db85Sdougm		case 'v':
6185db85Sdougm			verbose++;
6185db85Sdougm			break;
6185db85Sdougm		case 'P':
da6c28aaSamw			if (protocol != NULL) {
da6c28aaSamw				(void) printf(gettext(
da6c28aaSamw				    "Specifying multiple protocols "
da6c28aaSamw				    "not supported: %s\n"),
da6c28aaSamw				    protocol);
da6c28aaSamw				return (SA_SYNTAX_ERR);
da6c28aaSamw			}
6185db85Sdougm			protocol = optarg;
6185db85Sdougm			if (!sa_valid_protocol(protocol)) {
25a68471Sdougm				(void) printf(gettext(
25a68471Sdougm				    "Invalid protocol specified: %s\n"),
6185db85Sdougm				    protocol);
6185db85Sdougm				return (SA_INVALID_PROTOCOL);
6185db85Sdougm			}
6185db85Sdougm			break;
e7bab347Sdougm		case 'h':
e7bab347Sdougm			/* optopt on valid arg isn't defined */
e7bab347Sdougm			optopt = c;
e7bab347Sdougm			/*FALLTHROUGH*/
e7bab347Sdougm		case '?':
6185db85Sdougm		default:
e7bab347Sdougm			/*
e7bab347Sdougm			 * Since a bad option gets to here, sort it
e7bab347Sdougm			 * out and return a syntax error return value
e7bab347Sdougm			 * if necessary.
e7bab347Sdougm			 */
e7bab347Sdougm			switch (optopt) {
e7bab347Sdougm			default:
e7bab347Sdougm				ret = SA_SYNTAX_ERR;
e7bab347Sdougm				break;
6185db85Sdougm			case 'h':
6185db85Sdougm			case '?':
e7bab347Sdougm				break;
e7bab347Sdougm			}
25a68471Sdougm			(void) printf(gettext("usage: %s\n"),
25a68471Sdougm			    sa_get_usage(USAGE_LIST));
e7bab347Sdougm				return (ret);
6185db85Sdougm		}
6185db85Sdougm	}
6185db85Sdougm
573b0c00Sdougm	if (optind != argc) {
573b0c00Sdougm		(void) printf(gettext("usage: %s\n"),
573b0c00Sdougm		    sa_get_usage(USAGE_LIST));
573b0c00Sdougm		return (SA_SYNTAX_ERR);
573b0c00Sdougm	}
573b0c00Sdougm
25a68471Sdougm	for (group = sa_get_group(handle, NULL);
25a68471Sdougm	    group != NULL;
6185db85Sdougm	    group = sa_get_next_group(group)) {
6185db85Sdougm		char *name;
6185db85Sdougm		char *proto;
6185db85Sdougm		if (protocol == NULL || has_protocol(group, protocol)) {
6185db85Sdougm			name = sa_get_group_attr(group, "name");
6185db85Sdougm			if (name != NULL && (verbose > 1 || name[0] != '#')) {
6185db85Sdougm				(void) printf("%s", (char *)name);
6185db85Sdougm				if (verbose) {
6185db85Sdougm					/*
25a68471Sdougm					 * Need the list of protocols
25a68471Sdougm					 * and current status once
25a68471Sdougm					 * available. We do want to
25a68471Sdougm					 * translate the
25a68471Sdougm					 * enabled/disabled text here.
6185db85Sdougm					 */
4db300d5Sdougm					(void) printf("\t%s", isenabled(group) ?
4db300d5Sdougm					    gettext("enabled") :
4db300d5Sdougm					    gettext("disabled"));
6185db85Sdougm					proto = group_proto(group);
6185db85Sdougm					if (proto != NULL) {
25a68471Sdougm						(void) printf("\t%s",
25a68471Sdougm						    (char *)proto);
6185db85Sdougm						free(proto);
6185db85Sdougm					}
6185db85Sdougm				}
6185db85Sdougm				(void) printf("\n");
6185db85Sdougm			}
6185db85Sdougm			if (name != NULL)
6185db85Sdougm				sa_free_attr_string(name);
6185db85Sdougm		}
6185db85Sdougm	}
6185db85Sdougm	return (0);
6185db85Sdougm}
6185db85Sdougm
6185db85Sdougm/*
6185db85Sdougm * out_properties(optionset, proto, sec)
6185db85Sdougm *
6185db85Sdougm * Format the properties and encode the protocol and optional named
6185db85Sdougm * optionset into the string.
6185db85Sdougm *
6185db85Sdougm * format is protocol[:name]=(property-list)
6185db85Sdougm */
6185db85Sdougm
6185db85Sdougmstatic void
6185db85Sdougmout_properties(sa_optionset_t optionset, char *proto, char *sec)
6185db85Sdougm{
6185db85Sdougm	char *type;
6185db85Sdougm	char *value;
6185db85Sdougm	int spacer;
6185db85Sdougm	sa_property_t prop;
6185db85Sdougm
25a68471Sdougm	if (sec == NULL)
6185db85Sdougm		(void) printf(" %s=(", proto ? proto : gettext("all"));
25a68471Sdougm	else
6185db85Sdougm		(void) printf(" %s:%s=(", proto ? proto : gettext("all"), sec);
6185db85Sdougm
6185db85Sdougm	for (spacer = 0, prop = sa_get_property(optionset, NULL);
25a68471Sdougm	    prop != NULL;
25a68471Sdougm	    prop = sa_get_next_property(prop)) {
6185db85Sdougm
6185db85Sdougm		/*
6185db85Sdougm		 * extract the property name/value and output with
6185db85Sdougm		 * appropriate spacing. I.e. no prefixed space the
6185db85Sdougm		 * first time through but a space on subsequent
6185db85Sdougm		 * properties.
6185db85Sdougm		 */
6185db85Sdougm		type = sa_get_property_attr(prop, "type");
6185db85Sdougm		value = sa_get_property_attr(prop, "value");
6185db85Sdougm		if (type != NULL) {
6185db85Sdougm			(void) printf("%s%s=", spacer ? " " : "",	type);
6185db85Sdougm			spacer = 1;
6185db85Sdougm			if (value != NULL)
6185db85Sdougm				(void) printf("\"%s\"", value);
6185db85Sdougm			else
6185db85Sdougm				(void) printf("\"\"");
6185db85Sdougm		}
6185db85Sdougm		if (type != NULL)
6185db85Sdougm			sa_free_attr_string(type);
6185db85Sdougm		if (value != NULL)
6185db85Sdougm			sa_free_attr_string(value);
6185db85Sdougm	}
6185db85Sdougm	(void) printf(")");
6185db85Sdougm}
6185db85Sdougm
6185db85Sdougm/*
6185db85Sdougm * show_properties(group, protocol, prefix)
6185db85Sdougm *
6185db85Sdougm * print the properties for a group. If protocol is NULL, do all
6185db85Sdougm * protocols otherwise only the specified protocol. All security
6185db85Sdougm * (named groups specific to the protocol) are included.
6185db85Sdougm *
6185db85Sdougm * The "prefix" is always applied. The caller knows whether it wants
6185db85Sdougm * some type of prefix string (white space) or not.  Once the prefix
6185db85Sdougm * has been output, it is reduced to the zero length string for the
6185db85Sdougm * remainder of the property output.
6185db85Sdougm */
6185db85Sdougm
6185db85Sdougmstatic void
6185db85Sdougmshow_properties(sa_group_t group, char *protocol, char *prefix)
6185db85Sdougm{
6185db85Sdougm	sa_optionset_t optionset;
6185db85Sdougm	sa_security_t security;
6185db85Sdougm	char *value;
6185db85Sdougm	char *secvalue;
6185db85Sdougm
6185db85Sdougm	if (protocol != NULL) {
6185db85Sdougm		optionset = sa_get_optionset(group, protocol);
6185db85Sdougm		if (optionset != NULL) {
6185db85Sdougm			(void) printf("%s", prefix);
6185db85Sdougm			prefix = "";
6185db85Sdougm			out_properties(optionset, protocol, NULL);
6185db85Sdougm		}
6185db85Sdougm		security = sa_get_security(group, protocol, NULL);
6185db85Sdougm		if (security != NULL) {
6185db85Sdougm			(void) printf("%s", prefix);
6185db85Sdougm			prefix = "";
6185db85Sdougm			out_properties(security, protocol, NULL);
6185db85Sdougm		}
6185db85Sdougm	} else {
6185db85Sdougm		for (optionset = sa_get_optionset(group, protocol);
6185db85Sdougm		    optionset != NULL;
6185db85Sdougm		    optionset = sa_get_next_optionset(optionset)) {
6185db85Sdougm
6185db85Sdougm			value = sa_get_optionset_attr(optionset, "type");
6185db85Sdougm			(void) printf("%s", prefix);
6185db85Sdougm			prefix = "";
6185db85Sdougm			out_properties(optionset, value, 0);
6185db85Sdougm			if (value != NULL)
6185db85Sdougm				sa_free_attr_string(value);
6185db85Sdougm		}
6185db85Sdougm		for (security = sa_get_security(group, NULL, protocol);
6185db85Sdougm		    security != NULL;
6185db85Sdougm		    security = sa_get_next_security(security)) {
6185db85Sdougm
6185db85Sdougm			value = sa_get_security_attr(security, "type");
6185db85Sdougm			secvalue = sa_get_security_attr(security, "sectype");
6185db85Sdougm			(void) printf("%s", prefix);
6185db85Sdougm			prefix = "";
6185db85Sdougm			out_properties(security, value, secvalue);
6185db85Sdougm			if (value != NULL)
6185db85Sdougm				sa_free_attr_string(value);
6185db85Sdougm			if (secvalue != NULL)
6185db85Sdougm				sa_free_attr_string(secvalue);
6185db85Sdougm		}
6185db85Sdougm	}
6185db85Sdougm}
6185db85Sdougm
6185db85Sdougm/*
da6c28aaSamw * get_resource(share)
da6c28aaSamw *
da6c28aaSamw * Get the first resource name, if any, and fix string to be in
da6c28aaSamw * current locale and have quotes if it has embedded spaces.  Return
da6c28aaSamw * an attr string that must be freed.
da6c28aaSamw */
da6c28aaSamw
da6c28aaSamwstatic char *
da6c28aaSamwget_resource(sa_share_t share)
da6c28aaSamw{
da6c28aaSamw	sa_resource_t resource;
da6c28aaSamw	char *resstring = NULL;
da6c28aaSamw	char *retstring;
da6c28aaSamw
da6c28aaSamw	if ((resource = sa_get_share_resource(share, NULL)) != NULL) {
da6c28aaSamw		resstring = sa_get_resource_attr(resource, "name");
da6c28aaSamw		if (resstring != NULL) {
da6c28aaSamw			char *cp;
da6c28aaSamw			int len;
da6c28aaSamw
da6c28aaSamw			retstring = conv_from_utf8(resstring);
da6c28aaSamw			if (retstring != resstring) {
da6c28aaSamw				sa_free_attr_string(resstring);
da6c28aaSamw				resstring = retstring;
da6c28aaSamw			}
da6c28aaSamw			if (strpbrk(resstring, " ") != NULL) {
da6c28aaSamw				/* account for quotes */
da6c28aaSamw				len = strlen(resstring) + 3;
da6c28aaSamw				cp = calloc(len, sizeof (char));
da6c28aaSamw				if (cp != NULL) {
da6c28aaSamw					(void) snprintf(cp, len,
da6c28aaSamw					    "\"%s\"", resstring);
da6c28aaSamw					sa_free_attr_string(resstring);
da6c28aaSamw					resstring = cp;
da6c28aaSamw				} else {
da6c28aaSamw					sa_free_attr_string(resstring);
da6c28aaSamw					resstring = NULL;
da6c28aaSamw				}
da6c28aaSamw			}
da6c28aaSamw		}
da6c28aaSamw	}
da6c28aaSamw	return (resstring);
da6c28aaSamw}
da6c28aaSamw
da6c28aaSamw/*
da6c28aaSamw * has_resource_with_opt(share)
da6c28aaSamw *
da6c28aaSamw * Check to see if the share has any resource names with optionsets
da6c28aaSamw * set. Also indicate if multiple resource names since the syntax
da6c28aaSamw * would be about the same.
da6c28aaSamw */
da6c28aaSamwstatic int
da6c28aaSamwhas_resource_with_opt(sa_share_t share)
da6c28aaSamw{
da6c28aaSamw	sa_resource_t resource;
da6c28aaSamw	int ret = B_FALSE;
da6c28aaSamw
da6c28aaSamw	for (resource = sa_get_share_resource(share, NULL);
da6c28aaSamw	    resource != NULL;
da6c28aaSamw	    resource = sa_get_next_resource(resource)) {
da6c28aaSamw
da6c28aaSamw		if (sa_get_optionset(resource, NULL) != NULL) {
da6c28aaSamw			ret = B_TRUE;
da6c28aaSamw			break;
da6c28aaSamw		}
da6c28aaSamw	}
da6c28aaSamw	return (ret);
da6c28aaSamw}
da6c28aaSamw
da6c28aaSamw/*
da6c28aaSamw * has_multiple_resource(share)
da6c28aaSamw *
573b0c00Sdougm * Check to see if the share has multiple resource names since
573b0c00Sdougm * the syntax would be about the same.
da6c28aaSamw */
573b0c00Sdougmstatic boolean_t
da6c28aaSamwhas_multiple_resource(sa_share_t share)
da6c28aaSamw{
da6c28aaSamw	sa_resource_t resource;
da6c28aaSamw	int num;
da6c28aaSamw
da6c28aaSamw	for (num = 0, resource = sa_get_share_resource(share, NULL);
da6c28aaSamw	    resource != NULL;
da6c28aaSamw	    resource = sa_get_next_resource(resource)) {
da6c28aaSamw		num++;
da6c28aaSamw		if (num > 1)
da6c28aaSamw			return (B_TRUE);
da6c28aaSamw	}
da6c28aaSamw	return (B_FALSE);
da6c28aaSamw}
da6c28aaSamw
da6c28aaSamw/*
da6c28aaSamw * show_share(share, verbose, properties, proto, iszfs, sharepath)
da6c28aaSamw *
da6c28aaSamw * print out the share information. With the addition of resource as a
da6c28aaSamw * full object that can have multiple instances below the share, we
da6c28aaSamw * need to display that as well.
da6c28aaSamw */
da6c28aaSamw
da6c28aaSamwstatic void
da6c28aaSamwshow_share(sa_share_t share, int verbose, int properties, char *proto,
da6c28aaSamw    int iszfs, char *sharepath)
da6c28aaSamw{
da6c28aaSamw	char *drive;
da6c28aaSamw	char *exclude;
da6c28aaSamw	sa_resource_t resource = NULL;
da6c28aaSamw	char *description;
da6c28aaSamw	char *rsrcname;
da6c28aaSamw	int rsrcwithopt;
573b0c00Sdougm	boolean_t multiple;
da6c28aaSamw	char *type;
da6c28aaSamw
da6c28aaSamw	rsrcwithopt = has_resource_with_opt(share);
da6c28aaSamw
da6c28aaSamw	if (verbose || (properties && rsrcwithopt)) {
da6c28aaSamw		/* First, indicate if transient */
da6c28aaSamw		type = sa_get_share_attr(share, "type");
da6c28aaSamw		if (type != NULL && !iszfs && verbose &&
da6c28aaSamw		    strcmp(type, "transient") == 0)
da6c28aaSamw			(void) printf("\t* ");
da6c28aaSamw		else
da6c28aaSamw			(void) printf("\t  ");
da6c28aaSamw
da6c28aaSamw		if (type != NULL)
da6c28aaSamw			sa_free_attr_string(type);
da6c28aaSamw
da6c28aaSamw		/*
da6c28aaSamw		 * If we came in with verbose, we want to handle the case of
da6c28aaSamw		 * multiple resources as though they had properties set.
da6c28aaSamw		 */
da6c28aaSamw		multiple = has_multiple_resource(share);
da6c28aaSamw
573b0c00Sdougm		/*
573b0c00Sdougm		 * if there is a description on the share and there
573b0c00Sdougm		 * are resources, treat as multiple resources in order
573b0c00Sdougm		 * to get all descriptions displayed.
573b0c00Sdougm		 */
573b0c00Sdougm		description = sa_get_share_description(share);
573b0c00Sdougm		resource = sa_get_share_resource(share, NULL);
573b0c00Sdougm
573b0c00Sdougm		if (description != NULL && resource != NULL)
573b0c00Sdougm			multiple = B_TRUE;
573b0c00Sdougm
da6c28aaSamw		/* Next, if not multiple follow old model */
da6c28aaSamw		if (!multiple && !rsrcwithopt) {
da6c28aaSamw			rsrcname = get_resource(share);
da6c28aaSamw			if (rsrcname != NULL && strlen(rsrcname) > 0) {
da6c28aaSamw				(void) printf("%s=%s", rsrcname, sharepath);
da6c28aaSamw			} else {
da6c28aaSamw				(void) printf("%s", sharepath);
da6c28aaSamw			}
da6c28aaSamw			if (rsrcname != NULL)
da6c28aaSamw				sa_free_attr_string(rsrcname);
573b0c00Sdougm			/* Print the description string if there is one. */
573b0c00Sdougm			print_rsrc_desc(resource, description);
da6c28aaSamw		} else {
da6c28aaSamw			/* Treat as simple and then resources come later */
da6c28aaSamw			(void) printf("%s", sharepath);
da6c28aaSamw		}
da6c28aaSamw		drive = sa_get_share_attr(share, "drive-letter");
da6c28aaSamw		if (drive != NULL) {
da6c28aaSamw			if (strlen(drive) > 0)
da6c28aaSamw				(void) printf(gettext("\tdrive-letter=\"%s:\""),
da6c28aaSamw				    drive);
da6c28aaSamw			sa_free_attr_string(drive);
da6c28aaSamw		}
da6c28aaSamw		if (properties)
da6c28aaSamw			show_properties(share, proto, "\t");
da6c28aaSamw		exclude = sa_get_share_attr(share, "exclude");
da6c28aaSamw		if (exclude != NULL) {
da6c28aaSamw			(void) printf(gettext("\tnot-shared-with=[%s]"),
da6c28aaSamw			    exclude);
da6c28aaSamw			sa_free_attr_string(exclude);
da6c28aaSamw		}
da6c28aaSamw
573b0c00Sdougm		if (description != NULL) {
573b0c00Sdougm			print_rsrc_desc((sa_resource_t)share, description);
573b0c00Sdougm		}
da6c28aaSamw		/*
da6c28aaSamw		 * If there are resource names with options, show them
da6c28aaSamw		 * here, with one line per resource. Resource specific
da6c28aaSamw		 * options are at the end of the line followed by
da6c28aaSamw		 * description, if any.
da6c28aaSamw		 */
da6c28aaSamw		if (rsrcwithopt || multiple) {
da6c28aaSamw			for (resource = sa_get_share_resource(share, NULL);
da6c28aaSamw			    resource != NULL;
da6c28aaSamw			    resource = sa_get_next_resource(resource)) {
da6c28aaSamw				int has_space;
da6c28aaSamw				char *rsrc;
da6c28aaSamw
da6c28aaSamw				(void) printf("\n\t\t  ");
da6c28aaSamw				rsrcname = sa_get_resource_attr(resource,
da6c28aaSamw				    "name");
da6c28aaSamw				if (rsrcname == NULL)
da6c28aaSamw					continue;
da6c28aaSamw
da6c28aaSamw				rsrc = conv_from_utf8(rsrcname);
da6c28aaSamw				has_space = strpbrk(rsrc, " ") != NULL;
da6c28aaSamw
da6c28aaSamw				if (has_space)
da6c28aaSamw					(void) printf("\"%s\"=%s", rsrc,
da6c28aaSamw					    sharepath);
da6c28aaSamw				else
da6c28aaSamw					(void) printf("%s=%s", rsrc,
da6c28aaSamw					    sharepath);
da6c28aaSamw				if (rsrc != rsrcname)
da6c28aaSamw					sa_free_attr_string(rsrc);
da6c28aaSamw				sa_free_attr_string(rsrcname);
da6c28aaSamw				if (properties || rsrcwithopt)
da6c28aaSamw					show_properties(resource, proto, "\t");
da6c28aaSamw
da6c28aaSamw				/* Get description string if any */
573b0c00Sdougm				print_rsrc_desc(resource, description);
da6c28aaSamw			}
da6c28aaSamw		}
573b0c00Sdougm		if (description != NULL)
573b0c00Sdougm			sa_free_share_description(description);
da6c28aaSamw	} else {
da6c28aaSamw		(void) printf("\t  %s", sharepath);
da6c28aaSamw		if (properties)
da6c28aaSamw			show_properties(share, proto, "\t");
da6c28aaSamw	}
da6c28aaSamw	(void) printf("\n");
da6c28aaSamw}
da6c28aaSamw
da6c28aaSamw/*
6185db85Sdougm * show_group(group, verbose, properties, proto, subgroup)
6185db85Sdougm *
6185db85Sdougm * helper function to show the contents of a group.
6185db85Sdougm */
6185db85Sdougm
6185db85Sdougmstatic void
6185db85Sdougmshow_group(sa_group_t group, int verbose, int properties, char *proto,
6185db85Sdougm    char *subgroup)
6185db85Sdougm{
6185db85Sdougm	sa_share_t share;
6185db85Sdougm	char *groupname;
6185db85Sdougm	char *zfs = NULL;
6185db85Sdougm	int iszfs = 0;
da6c28aaSamw	char *sharepath;
6185db85Sdougm
6185db85Sdougm	groupname = sa_get_group_attr(group, "name");
6185db85Sdougm	if (groupname != NULL) {
6185db85Sdougm		if (proto != NULL && !has_protocol(group, proto)) {
6185db85Sdougm			sa_free_attr_string(groupname);
6185db85Sdougm			return;
6185db85Sdougm		}
6185db85Sdougm		/*
6185db85Sdougm		 * check to see if the group is managed by ZFS. If
6185db85Sdougm		 * there is an attribute, then it is. A non-NULL zfs
6185db85Sdougm		 * variable will trigger the different way to display
6185db85Sdougm		 * and will remove the transient property indicator
6185db85Sdougm		 * from the output.
6185db85Sdougm		 */
6185db85Sdougm		zfs = sa_get_group_attr(group, "zfs");
6185db85Sdougm		if (zfs != NULL) {
6185db85Sdougm			iszfs = 1;
6185db85Sdougm			sa_free_attr_string(zfs);
6185db85Sdougm		}
6185db85Sdougm		share = sa_get_share(group, NULL);
6185db85Sdougm		if (subgroup == NULL)
6185db85Sdougm			(void) printf("%s", groupname);
6185db85Sdougm		else
6185db85Sdougm			(void) printf("    %s/%s", subgroup, groupname);
25a68471Sdougm		if (properties)
6185db85Sdougm			show_properties(group, proto, "");
6185db85Sdougm		(void) printf("\n");
6185db85Sdougm		if (strcmp(groupname, "zfs") == 0) {
6185db85Sdougm			sa_group_t zgroup;
6185db85Sdougm
25a68471Sdougm			for (zgroup = sa_get_sub_group(group);
25a68471Sdougm			    zgroup != NULL;
6185db85Sdougm			    zgroup = sa_get_next_group(zgroup)) {
25a68471Sdougm				show_group(zgroup, verbose, properties, proto,
25a68471Sdougm				    "zfs");
6185db85Sdougm			}
6185db85Sdougm			sa_free_attr_string(groupname);
6185db85Sdougm			return;
6185db85Sdougm		}
6185db85Sdougm		/*
25a68471Sdougm		 * Have a group, so list the contents. Resource and
6185db85Sdougm		 * description are only listed if verbose is set.
6185db85Sdougm		 */
25a68471Sdougm		for (share = sa_get_share(group, NULL);
25a68471Sdougm		    share != NULL;
6185db85Sdougm		    share = sa_get_next_share(share)) {
6185db85Sdougm			sharepath = sa_get_share_attr(share, "path");
6185db85Sdougm			if (sharepath != NULL) {
da6c28aaSamw				show_share(share, verbose, properties, proto,
da6c28aaSamw				    iszfs, sharepath);
6185db85Sdougm				sa_free_attr_string(sharepath);
6185db85Sdougm			}
6185db85Sdougm		}
6185db85Sdougm	}
6185db85Sdougm	if (groupname != NULL) {
6185db85Sdougm		sa_free_attr_string(groupname);
6185db85Sdougm	}
6185db85Sdougm}
6185db85Sdougm
6185db85Sdougm/*
6185db85Sdougm * show_group_xml_init()
6185db85Sdougm *
6185db85Sdougm * Create an XML document that will be used to display config info via
6185db85Sdougm * XML format.
6185db85Sdougm */
6185db85Sdougm
6185db85SdougmxmlDocPtr
6185db85Sdougmshow_group_xml_init()
6185db85Sdougm{
6185db85Sdougm	xmlDocPtr doc;
6185db85Sdougm	xmlNodePtr root;
6185db85Sdougm
6185db85Sdougm	doc = xmlNewDoc((xmlChar *)"1.0");
6185db85Sdougm	if (doc != NULL) {
6185db85Sdougm		root = xmlNewNode(NULL, (xmlChar *)"sharecfg");
6185db85Sdougm		if (root != NULL)
6185db85Sdougm			xmlDocSetRootElement(doc, root);
6185db85Sdougm	}
6185db85Sdougm	return (doc);
6185db85Sdougm}
6185db85Sdougm
6185db85Sdougm/*
6185db85Sdougm * show_group_xml(doc, group)
6185db85Sdougm *
6185db85Sdougm * Copy the group info into the XML doc.
6185db85Sdougm */
6185db85Sdougm
6185db85Sdougmstatic void
6185db85Sdougmshow_group_xml(xmlDocPtr doc, sa_group_t group)
6185db85Sdougm{
6185db85Sdougm	xmlNodePtr node;
6185db85Sdougm	xmlNodePtr root;
6185db85Sdougm
6185db85Sdougm	root = xmlDocGetRootElement(doc);
6185db85Sdougm	node = xmlCopyNode((xmlNodePtr)group, 1);
6185db85Sdougm	if (node != NULL && root != NULL) {
6185db85Sdougm		xmlAddChild(root, node);
6185db85Sdougm		/*
6185db85Sdougm		 * In the future, we may have interally used tags that
6185db85Sdougm		 * should not appear in the XML output. Remove
6185db85Sdougm		 * anything we don't want to show here.
6185db85Sdougm		 */
6185db85Sdougm	}
6185db85Sdougm}
6185db85Sdougm
6185db85Sdougm/*
6185db85Sdougm * sa_show(flags, argc, argv)
6185db85Sdougm *
6185db85Sdougm * Implements the show subcommand.
6185db85Sdougm */
6185db85Sdougm
6185db85Sdougmint
549ec3ffSdougmsa_show(sa_handle_t handle, int flags, int argc, char *argv[])
6185db85Sdougm{
6185db85Sdougm	sa_group_t group;
6185db85Sdougm	int verbose = 0;
6185db85Sdougm	int properties = 0;
6185db85Sdougm	int c;
6185db85Sdougm	int ret = SA_OK;
6185db85Sdougm	char *protocol = NULL;
6185db85Sdougm	int xml = 0;
6185db85Sdougm	xmlDocPtr doc;
da6c28aaSamw#ifdef lint
da6c28aaSamw	flags = flags;
da6c28aaSamw#endif
6185db85Sdougm
6185db85Sdougm	while ((c = getopt(argc, argv, "?hvP:px")) !=	EOF) {
6185db85Sdougm		switch (c) {
6185db85Sdougm		case 'v':
6185db85Sdougm			verbose++;
6185db85Sdougm			break;
6185db85Sdougm		case 'p':
6185db85Sdougm			properties++;
6185db85Sdougm			break;
6185db85Sdougm		case 'P':
da6c28aaSamw			if (protocol != NULL) {
da6c28aaSamw				(void) printf(gettext(
da6c28aaSamw				    "Specifying multiple protocols "
da6c28aaSamw				    "not supported: %s\n"),
da6c28aaSamw				    protocol);
da6c28aaSamw				return (SA_SYNTAX_ERR);
da6c28aaSamw			}
6185db85Sdougm			protocol = optarg;
6185db85Sdougm			if (!sa_valid_protocol(protocol)) {
25a68471Sdougm				(void) printf(gettext(
25a68471Sdougm				    "Invalid protocol specified: %s\n"),
6185db85Sdougm				    protocol);
6185db85Sdougm				return (SA_INVALID_PROTOCOL);
6185db85Sdougm			}
6185db85Sdougm			break;
6185db85Sdougm		case 'x':
6185db85Sdougm			xml++;
6185db85Sdougm			break;
e7bab347Sdougm		case 'h':
e7bab347Sdougm			/* optopt on valid arg isn't defined */
e7bab347Sdougm			optopt = c;
e7bab347Sdougm			/*FALLTHROUGH*/
e7bab347Sdougm		case '?':
6185db85Sdougm		default:
e7bab347Sdougm			/*
e7bab347Sdougm			 * Since a bad option gets to here, sort it
e7bab347Sdougm			 * out and return a syntax error return value
e7bab347Sdougm			 * if necessary.
e7bab347Sdougm			 */
e7bab347Sdougm			switch (optopt) {
e7bab347Sdougm			default:
e7bab347Sdougm				ret = SA_SYNTAX_ERR;
e7bab347Sdougm				break;
6185db85Sdougm			case 'h':
6185db85Sdougm			case '?':
e7bab347Sdougm				break;
e7bab347Sdougm			}
25a68471Sdougm			(void) printf(gettext("usage: %s\n"),
25a68471Sdougm			    sa_get_usage(USAGE_SHOW));
e7bab347Sdougm			return (ret);
6185db85Sdougm		}
6185db85Sdougm	}
6185db85Sdougm
6185db85Sdougm	if (xml) {
6185db85Sdougm		doc = show_group_xml_init();
6185db85Sdougm		if (doc == NULL)
6185db85Sdougm			ret = SA_NO_MEMORY;
6185db85Sdougm	}
6185db85Sdougm
6185db85Sdougm	if (optind == argc) {
25a68471Sdougm		/* No group specified so go through them all */
25a68471Sdougm		for (group = sa_get_group(handle, NULL);
25a68471Sdougm		    group != NULL;
6185db85Sdougm		    group = sa_get_next_group(group)) {
6185db85Sdougm			/*
25a68471Sdougm			 * Have a group so check if one we want and then list
6185db85Sdougm			 * contents with appropriate options.
6185db85Sdougm			 */
6185db85Sdougm			if (xml)
6185db85Sdougm				show_group_xml(doc, group);
6185db85Sdougm			else
25a68471Sdougm				show_group(group, verbose, properties, protocol,
25a68471Sdougm				    NULL);
6185db85Sdougm		}
6185db85Sdougm	} else {
25a68471Sdougm		/* Have a specified list of groups */
6185db85Sdougm		for (; optind < argc; optind++) {
549ec3ffSdougm			group = sa_get_group(handle, argv[optind]);
6185db85Sdougm			if (group != NULL) {
6185db85Sdougm				if (xml)
6185db85Sdougm					show_group_xml(doc, group);
6185db85Sdougm				else
25a68471Sdougm					show_group(group, verbose, properties,
25a68471Sdougm					    protocol, NULL);
6185db85Sdougm			} else {
25a68471Sdougm				(void) printf(gettext("%s: not found\n"),
25a68471Sdougm				    argv[optind]);
6185db85Sdougm				ret = SA_NO_SUCH_GROUP;
6185db85Sdougm			}
6185db85Sdougm		}
6185db85Sdougm	}
6185db85Sdougm	if (xml && ret == SA_OK) {
6185db85Sdougm		xmlDocFormatDump(stdout, doc, 1);
6185db85Sdougm		xmlFreeDoc(doc);
6185db85Sdougm	}
6185db85Sdougm	return (ret);
6185db85Sdougm
6185db85Sdougm}
6185db85Sdougm
6185db85Sdougm/*
6185db85Sdougm * enable_share(group, share, update_legacy)
6185db85Sdougm *
6185db85Sdougm * helper function to enable a share if the group is enabled.
6185db85Sdougm */
6185db85Sdougm
6185db85Sdougmstatic int
549ec3ffSdougmenable_share(sa_handle_t handle, sa_group_t group, sa_share_t share,
549ec3ffSdougm    int update_legacy)
6185db85Sdougm{
6185db85Sdougm	char *value;
6185db85Sdougm	int enabled;
6185db85Sdougm	sa_optionset_t optionset;
da6c28aaSamw	int err;
6185db85Sdougm	int ret = SA_OK;
6185db85Sdougm	char *zfs = NULL;
6185db85Sdougm	int iszfs = 0;
da6c28aaSamw	int isshare;
6185db85Sdougm
6185db85Sdougm	/*
6185db85Sdougm	 * need to enable this share if the group is enabled but not
6185db85Sdougm	 * otherwise. The enable is also done on each protocol
6185db85Sdougm	 * represented in the group.
6185db85Sdougm	 */
6185db85Sdougm	value = sa_get_group_attr(group, "state");
6185db85Sdougm	enabled = value != NULL && strcmp(value, "enabled") == 0;
6185db85Sdougm	if (value != NULL)
6185db85Sdougm		sa_free_attr_string(value);
6185db85Sdougm	/* remove legacy config if necessary */
6185db85Sdougm	if (update_legacy)
da6c28aaSamw		ret = sa_delete_legacy(share, NULL);
6185db85Sdougm	zfs = sa_get_group_attr(group, "zfs");
6185db85Sdougm	if (zfs != NULL) {
6185db85Sdougm		iszfs++;
6185db85Sdougm		sa_free_attr_string(zfs);
6185db85Sdougm	}
6185db85Sdougm
6185db85Sdougm	/*
6185db85Sdougm	 * Step through each optionset at the group level and
6185db85Sdougm	 * enable the share based on the protocol type. This
6185db85Sdougm	 * works because protocols must be set on the group
6185db85Sdougm	 * for the protocol to be enabled.
6185db85Sdougm	 */
da6c28aaSamw	isshare = sa_is_share(share);
6185db85Sdougm	for (optionset = sa_get_optionset(group, NULL);
6185db85Sdougm	    optionset != NULL && ret == SA_OK;
6185db85Sdougm	    optionset = sa_get_next_optionset(optionset)) {
6185db85Sdougm		value = sa_get_optionset_attr(optionset, "type");
6185db85Sdougm		if (value != NULL) {
da6c28aaSamw			if (enabled) {
da6c28aaSamw				if (isshare) {
da6c28aaSamw					err = sa_enable_share(share, value);
da6c28aaSamw				} else {
da6c28aaSamw					err = sa_enable_resource(share, value);
da6c28aaSamw					if (err == SA_NOT_SUPPORTED) {
da6c28aaSamw						sa_share_t parent;
da6c28aaSamw						parent = sa_get_resource_parent(
da6c28aaSamw						    share);
da6c28aaSamw						if (parent != NULL)
da6c28aaSamw							err = sa_enable_share(
da6c28aaSamw							    parent, value);
da6c28aaSamw					}
da6c28aaSamw				}
da6c28aaSamw				if (err != SA_OK) {
da6c28aaSamw					ret = err;
da6c28aaSamw					(void) printf(gettext(
da6c28aaSamw					    "Failed to enable share for "
da6c28aaSamw					    "\"%s\": %s\n"),
da6c28aaSamw					    value, sa_errorstr(ret));
da6c28aaSamw				}
da6c28aaSamw			}
da6c28aaSamw			/*
da6c28aaSamw			 * If we want to update the legacy, use a copy of
da6c28aaSamw			 * share so we can avoid breaking the loop we are in
da6c28aaSamw			 * since we might also need to go up the tree to the
da6c28aaSamw			 * parent.
da6c28aaSamw			 */
da6c28aaSamw			if (update_legacy && !iszfs) {
da6c28aaSamw				sa_share_t update = share;
da6c28aaSamw				if (!sa_is_share(share)) {
da6c28aaSamw					update = sa_get_resource_parent(share);
da6c28aaSamw				}
da6c28aaSamw				(void) sa_update_legacy(update, value);
da6c28aaSamw			}
6185db85Sdougm			sa_free_attr_string(value);
6185db85Sdougm		}
6185db85Sdougm	}
6185db85Sdougm	if (ret == SA_OK)
549ec3ffSdougm		(void) sa_update_config(handle);
6185db85Sdougm	return (ret);
6185db85Sdougm}
6185db85Sdougm
6185db85Sdougm/*
da6c28aaSamw * sa_require_resource(group)
da6c28aaSamw *
da6c28aaSamw * if any of the defined protocols on the group require resource
da6c28aaSamw * names, then all shares must have them.
da6c28aaSamw */
da6c28aaSamw
da6c28aaSamwstatic int
da6c28aaSamwsa_require_resource(sa_group_t group)
da6c28aaSamw{
da6c28aaSamw	sa_optionset_t optionset;
da6c28aaSamw
da6c28aaSamw	for (optionset = sa_get_optionset(group, NULL);
da6c28aaSamw	    optionset != NULL;
da6c28aaSamw	    optionset = sa_get_next_optionset(optionset)) {
da6c28aaSamw		char *proto;
da6c28aaSamw
da6c28aaSamw		proto = sa_get_optionset_attr(optionset, "type");
da6c28aaSamw		if (proto != NULL) {
da6c28aaSamw			uint64_t features;
da6c28aaSamw
da6c28aaSamw			features = sa_proto_get_featureset(proto);
da6c28aaSamw			if (features & SA_FEATURE_RESOURCE) {
da6c28aaSamw				sa_free_attr_string(proto);
da6c28aaSamw				return (B_TRUE);
da6c28aaSamw			}
da6c28aaSamw			sa_free_attr_string(proto);
da6c28aaSamw		}
da6c28aaSamw	}
da6c28aaSamw	return (B_FALSE);
da6c28aaSamw}
da6c28aaSamw
da6c28aaSamw/*
6185db85Sdougm * sa_addshare(flags, argc, argv)
6185db85Sdougm *
6185db85Sdougm * implements add-share subcommand.
6185db85Sdougm */
6185db85Sdougm
da6c28aaSamwstatic int
549ec3ffSdougmsa_addshare(sa_handle_t handle, int flags, int argc, char *argv[])
6185db85Sdougm{
6185db85Sdougm	int verbose = 0;
6185db85Sdougm	int dryrun = 0;
6185db85Sdougm	int c;
6185db85Sdougm	int ret = SA_OK;
6185db85Sdougm	sa_group_t group;
6185db85Sdougm	sa_share_t share;
da6c28aaSamw	sa_resource_t resource = NULL;
6185db85Sdougm	char *sharepath = NULL;
6185db85Sdougm	char *description = NULL;
da6c28aaSamw	char *rsrcname = NULL;
da6c28aaSamw	char *rsrc = NULL;
6185db85Sdougm	int persist = SA_SHARE_PERMANENT; /* default to persist */
6185db85Sdougm	int auth;
6185db85Sdougm	char dir[MAXPATHLEN];
6185db85Sdougm
6185db85Sdougm	while ((c = getopt(argc, argv, "?hvns:d:r:t")) != EOF) {
6185db85Sdougm		switch (c) {
6185db85Sdougm		case 'n':
6185db85Sdougm			dryrun++;
6185db85Sdougm			break;
6185db85Sdougm		case 'v':
6185db85Sdougm			verbose++;
6185db85Sdougm			break;
6185db85Sdougm		case 'd':
6185db85Sdougm			description = optarg;
6185db85Sdougm			break;
6185db85Sdougm		case 'r':
da6c28aaSamw			if (rsrcname != NULL) {
da6c28aaSamw				(void) printf(gettext("Adding multiple "
da6c28aaSamw				    "resource names not"
da6c28aaSamw				    " supported\n"));
da6c28aaSamw				return (SA_SYNTAX_ERR);
da6c28aaSamw			}
da6c28aaSamw			rsrcname = optarg;
6185db85Sdougm			break;
6185db85Sdougm		case 's':
6185db85Sdougm			/*
25a68471Sdougm			 * Save share path into group. Currently limit
6185db85Sdougm			 * to one share per command.
6185db85Sdougm			 */
6185db85Sdougm			if (sharepath != NULL) {
25a68471Sdougm				(void) printf(gettext(
25a68471Sdougm				    "Adding multiple shares not supported\n"));
da6c28aaSamw				return (SA_SYNTAX_ERR);
6185db85Sdougm			}
6185db85Sdougm			sharepath = optarg;
6185db85Sdougm			break;
6185db85Sdougm		case 't':
6185db85Sdougm			persist = SA_SHARE_TRANSIENT;
6185db85Sdougm			break;
e7bab347Sdougm		case 'h':
e7bab347Sdougm			/* optopt on valid arg isn't defined */
e7bab347Sdougm			optopt = c;
e7bab347Sdougm			/*FALLTHROUGH*/
e7bab347Sdougm		case '?':
6185db85Sdougm		default:
e7bab347Sdougm			/*
e7bab347Sdougm			 * Since a bad option gets to here, sort it
e7bab347Sdougm			 * out and return a syntax error return value
e7bab347Sdougm			 * if necessary.
e7bab347Sdougm			 */
e7bab347Sdougm			switch (optopt) {
e7bab347Sdougm			default:
e7bab347Sdougm				ret = SA_SYNTAX_ERR;
e7bab347Sdougm				break;
6185db85Sdougm			case 'h':
6185db85Sdougm			case '?':
e7bab347Sdougm				break;
e7bab347Sdougm			}
6185db85Sdougm			(void) printf(gettext("usage: %s\n"),
6185db85Sdougm			    sa_get_usage(USAGE_ADD_SHARE));
e7bab347Sdougm			return (ret);
6185db85Sdougm		}
6185db85Sdougm	}
6185db85Sdougm
6185db85Sdougm	if (optind >= argc) {
6185db85Sdougm		(void) printf(gettext("usage: %s\n"),
6185db85Sdougm		    sa_get_usage(USAGE_ADD_SHARE));
6185db85Sdougm		if (dryrun || sharepath != NULL || description != NULL ||
da6c28aaSamw		    rsrcname != NULL || verbose || persist) {
6185db85Sdougm			(void) printf(gettext("\tgroup must be specified\n"));
6185db85Sdougm			ret = SA_NO_SUCH_GROUP;
6185db85Sdougm		} else {
6185db85Sdougm			ret = SA_OK;
6185db85Sdougm		}
6185db85Sdougm	} else {
6185db85Sdougm		if (sharepath == NULL) {
6185db85Sdougm			(void) printf(gettext("usage: %s\n"),
6185db85Sdougm			    sa_get_usage(USAGE_ADD_SHARE));
25a68471Sdougm			(void) printf(gettext(
25a68471Sdougm			    "\t-s sharepath must be specified\n"));
da6c28aaSamw			ret = SA_BAD_PATH;
6185db85Sdougm		}
da6c28aaSamw		if (ret == SA_OK) {
6185db85Sdougm			if (realpath(sharepath, dir) == NULL) {
da6c28aaSamw				ret = SA_BAD_PATH;
da6c28aaSamw				(void) printf(gettext("Path "
da6c28aaSamw				    "is not valid: %s\n"),
da6c28aaSamw				    sharepath);
6185db85Sdougm			} else {
6185db85Sdougm				sharepath = dir;
6185db85Sdougm			}
da6c28aaSamw		}
da6c28aaSamw		if (ret == SA_OK && rsrcname != NULL) {
da6c28aaSamw			/* check for valid syntax */
da6c28aaSamw			if (validresource(rsrcname)) {
da6c28aaSamw				rsrc = conv_to_utf8(rsrcname);
da6c28aaSamw				resource = sa_find_resource(handle, rsrc);
da6c28aaSamw				if (resource != NULL) {
da6c28aaSamw					/*
da6c28aaSamw					 * Resource names must be
da6c28aaSamw					 * unique in the system
da6c28aaSamw					 */
da6c28aaSamw					ret = SA_DUPLICATE_NAME;
6185db85Sdougm					(void) printf(gettext("usage: %s\n"),
6185db85Sdougm					    sa_get_usage(USAGE_ADD_SHARE));
25a68471Sdougm					(void) printf(gettext(
da6c28aaSamw					    "\tresource names must be unique "
da6c28aaSamw					    "in the system\n"));
6185db85Sdougm				}
da6c28aaSamw			} else {
da6c28aaSamw				(void) printf(gettext("usage: %s\n"),
da6c28aaSamw				    sa_get_usage(USAGE_ADD_SHARE));
da6c28aaSamw				(void) printf(gettext(
da6c28aaSamw				    "\tresource names use restricted "
da6c28aaSamw				    "character set\n"));
da6c28aaSamw				ret = SA_INVALID_NAME;
25a68471Sdougm			}
da6c28aaSamw		}
da6c28aaSamw
da6c28aaSamw		if (ret != SA_OK) {
da6c28aaSamw			if (rsrc != NULL && rsrcname != rsrc)
da6c28aaSamw				sa_free_attr_string(rsrc);
da6c28aaSamw			return (ret);
da6c28aaSamw		}
da6c28aaSamw
549ec3ffSdougm		share = sa_find_share(handle, sharepath);
6185db85Sdougm		if (share != NULL) {
da6c28aaSamw			if (rsrcname == NULL) {
6185db85Sdougm				/*
da6c28aaSamw				 * Can only have a duplicate share if a new
da6c28aaSamw				 * resource name is being added.
6185db85Sdougm				 */
da6c28aaSamw				ret = SA_DUPLICATE_NAME;
da6c28aaSamw				(void) printf(gettext("Share path already "
da6c28aaSamw				    "shared: %s\n"), sharepath);
da6c28aaSamw			}
da6c28aaSamw		}
da6c28aaSamw		if (ret != SA_OK)
da6c28aaSamw			return (ret);
da6c28aaSamw
da6c28aaSamw		group = sa_get_group(handle, argv[optind]);
da6c28aaSamw		if (group != NULL) {
da6c28aaSamw			if (sa_require_resource(group) == B_TRUE &&
da6c28aaSamw			    rsrcname == NULL) {
da6c28aaSamw				(void) printf(gettext(
da6c28aaSamw				    "Resource name is required "
da6c28aaSamw				    "by at least one enabled protocol "
da6c28aaSamw				    "in group\n"));
da6c28aaSamw				return (SA_RESOURCE_REQUIRED);
da6c28aaSamw			}
da6c28aaSamw			if (share == NULL && ret == SA_OK) {
6185db85Sdougm				if (dryrun)
f345c0beSdougm					ret = sa_check_path(group, sharepath,
f345c0beSdougm					    SA_CHECK_NORMAL);
6185db85Sdougm				else
6185db85Sdougm					share = sa_add_share(group, sharepath,
6185db85Sdougm					    persist, &ret);
da6c28aaSamw			}
da6c28aaSamw			/*
da6c28aaSamw			 * Make sure this isn't an attempt to put a resourced
da6c28aaSamw			 * share into a different group than it already is in.
da6c28aaSamw			 */
da6c28aaSamw			if (share != NULL) {
da6c28aaSamw				sa_group_t parent;
da6c28aaSamw				parent = sa_get_parent_group(share);
da6c28aaSamw				if (parent != group) {
da6c28aaSamw					ret = SA_DUPLICATE_NAME;
da6c28aaSamw					(void) printf(gettext(
da6c28aaSamw					    "Share path already "
da6c28aaSamw					    "shared: %s\n"), sharepath);
da6c28aaSamw				}
da6c28aaSamw			}
6185db85Sdougm			if (!dryrun && share == NULL) {
25a68471Sdougm				(void) printf(gettext(
25a68471Sdougm				    "Could not add share: %s\n"),
6185db85Sdougm				    sa_errorstr(ret));
6185db85Sdougm			} else {
da6c28aaSamw				auth = check_authorizations(argv[optind],
da6c28aaSamw				    flags);
6185db85Sdougm				if (!dryrun && ret == SA_OK) {
da6c28aaSamw					if (rsrcname != NULL) {
da6c28aaSamw						resource = sa_add_resource(
da6c28aaSamw						    share,
da6c28aaSamw						    rsrc,
da6c28aaSamw						    SA_SHARE_PERMANENT,
da6c28aaSamw						    &ret);
6185db85Sdougm					}
25a68471Sdougm					if (ret == SA_OK &&
25a68471Sdougm					    description != NULL) {
573b0c00Sdougm						if (resource != NULL)
573b0c00Sdougm							ret =
573b0c00Sdougm							    set_resource_desc(
573b0c00Sdougm							    resource,
573b0c00Sdougm							    description);
573b0c00Sdougm						else
da6c28aaSamw							ret =
da6c28aaSamw							    set_share_desc(
da6c28aaSamw							    share,
da6c28aaSamw							    description);
da6c28aaSamw					}
6185db85Sdougm					if (ret == SA_OK) {
da6c28aaSamw						/* now enable the share(s) */
da6c28aaSamw						if (resource != NULL) {
da6c28aaSamw							ret = enable_share(
da6c28aaSamw							    handle,
da6c28aaSamw							    group,
da6c28aaSamw							    resource,
da6c28aaSamw							    1);
da6c28aaSamw						} else {
da6c28aaSamw							ret = enable_share(
da6c28aaSamw							    handle,
da6c28aaSamw							    group,
da6c28aaSamw							    share,
da6c28aaSamw							    1);
da6c28aaSamw						}
549ec3ffSdougm						ret = sa_update_config(handle);
6185db85Sdougm					}
6185db85Sdougm					switch (ret) {
6185db85Sdougm					case SA_DUPLICATE_NAME:
25a68471Sdougm						(void) printf(gettext(
25a68471Sdougm						    "Resource name in"
da6c28aaSamw						    "use: %s\n"),
da6c28aaSamw						    rsrcname);
6185db85Sdougm						break;
6185db85Sdougm					default:
da6c28aaSamw						(void) printf(gettext(
da6c28aaSamw						    "Could not set "
6185db85Sdougm						    "attribute: %s\n"),
6185db85Sdougm						    sa_errorstr(ret));
6185db85Sdougm						break;
6185db85Sdougm					case SA_OK:
6185db85Sdougm						break;
6185db85Sdougm					}
da6c28aaSamw				} else if (dryrun && ret == SA_OK &&
da6c28aaSamw				    !auth && verbose) {
25a68471Sdougm					(void) printf(gettext(
25a68471Sdougm					    "Command would fail: %s\n"),
6185db85Sdougm					    sa_errorstr(SA_NO_PERMISSION));
6185db85Sdougm					ret = SA_NO_PERMISSION;
6185db85Sdougm				}
6185db85Sdougm			}
da6c28aaSamw		} else {
da6c28aaSamw			switch (ret) {
da6c28aaSamw			default:
da6c28aaSamw				(void) printf(gettext(
da6c28aaSamw				    "Group \"%s\" not found\n"), argv[optind]);
da6c28aaSamw				ret = SA_NO_SUCH_GROUP;
da6c28aaSamw				break;
da6c28aaSamw			case SA_BAD_PATH:
da6c28aaSamw			case SA_DUPLICATE_NAME:
da6c28aaSamw				break;
da6c28aaSamw			}
6185db85Sdougm		}
6185db85Sdougm	}
6185db85Sdougm	return (ret);
6185db85Sdougm}
6185db85Sdougm
6185db85Sdougm/*
6185db85Sdougm * sa_moveshare(flags, argc, argv)
6185db85Sdougm *
6185db85Sdougm * implements move-share subcommand.
6185db85Sdougm */
6185db85Sdougm
6185db85Sdougmint
549ec3ffSdougmsa_moveshare(sa_handle_t handle, int flags, int argc, char *argv[])
6185db85Sdougm{
6185db85Sdougm	int verbose = 0;
6185db85Sdougm	int dryrun = 0;
6185db85Sdougm	int c;
6185db85Sdougm	int ret = SA_OK;
6185db85Sdougm	sa_group_t group;
6185db85Sdougm	sa_share_t share;
da6c28aaSamw	char *rsrcname = NULL;
6185db85Sdougm	char *sharepath = NULL;
6185db85Sdougm	int authsrc = 0, authdst = 0;
573b0c00Sdougm	char dir[MAXPATHLEN];
6185db85Sdougm
da6c28aaSamw	while ((c = getopt(argc, argv, "?hvnr:s:")) != EOF) {
6185db85Sdougm		switch (c) {
6185db85Sdougm		case 'n':
6185db85Sdougm			dryrun++;
6185db85Sdougm			break;
6185db85Sdougm		case 'v':
6185db85Sdougm			verbose++;
6185db85Sdougm			break;
da6c28aaSamw		case 'r':
da6c28aaSamw			if (rsrcname != NULL) {
da6c28aaSamw				(void) printf(gettext(
da6c28aaSamw				    "Moving multiple resource names not"
da6c28aaSamw				    " supported\n"));
da6c28aaSamw				return (SA_SYNTAX_ERR);
da6c28aaSamw			}
da6c28aaSamw			rsrcname = optarg;
da6c28aaSamw			break;
6185db85Sdougm		case 's':
6185db85Sdougm			/*
25a68471Sdougm			 * Remove share path from group. Currently limit
6185db85Sdougm			 * to one share per command.
6185db85Sdougm			 */
6185db85Sdougm			if (sharepath != NULL) {
25a68471Sdougm				(void) printf(gettext("Moving multiple shares"
25a68471Sdougm				    " not supported\n"));
da6c28aaSamw				return (SA_SYNTAX_ERR);
6185db85Sdougm			}
6185db85Sdougm			sharepath = optarg;
6185db85Sdougm			break;
e7bab347Sdougm		case 'h':
e7bab347Sdougm			/* optopt on valid arg isn't defined */
e7bab347Sdougm			optopt = c;
e7bab347Sdougm			/*FALLTHROUGH*/
e7bab347Sdougm		case '?':
6185db85Sdougm		default:
e7bab347Sdougm			/*
e7bab347Sdougm			 * Since a bad option gets to here, sort it
e7bab347Sdougm			 * out and return a syntax error return value
e7bab347Sdougm			 * if necessary.
e7bab347Sdougm			 */
e7bab347Sdougm			switch (optopt) {
e7bab347Sdougm			default:
e7bab347Sdougm				ret = SA_SYNTAX_ERR;
e7bab347Sdougm				break;
6185db85Sdougm			case 'h':
6185db85Sdougm			case '?':
e7bab347Sdougm				break;
e7bab347Sdougm			}
6185db85Sdougm			(void) printf(gettext("usage: %s\n"),
6185db85Sdougm			    sa_get_usage(USAGE_MOVE_SHARE));
e7bab347Sdougm			return (ret);
6185db85Sdougm		}
6185db85Sdougm	}
6185db85Sdougm
6185db85Sdougm	if (optind >= argc || sharepath == NULL) {
6185db85Sdougm		(void) printf(gettext("usage: %s\n"),
6185db85Sdougm		    sa_get_usage(USAGE_MOVE_SHARE));
6185db85Sdougm		if (dryrun || verbose || sharepath != NULL) {
da6c28aaSamw			(void) printf(gettext("\tgroup must be specified\n"));
6185db85Sdougm			ret = SA_NO_SUCH_GROUP;
6185db85Sdougm		} else {
6185db85Sdougm			if (sharepath == NULL) {
6185db85Sdougm				ret = SA_SYNTAX_ERR;
25a68471Sdougm				(void) printf(gettext(
25a68471Sdougm				    "\tsharepath must be specified\n"));
25a68471Sdougm			} else {
6185db85Sdougm				ret = SA_OK;
6185db85Sdougm			}
25a68471Sdougm		}
6185db85Sdougm	} else {
25a68471Sdougm		sa_group_t parent;
25a68471Sdougm		char *zfsold;
25a68471Sdougm		char *zfsnew;
25a68471Sdougm
6185db85Sdougm		if (sharepath == NULL) {
25a68471Sdougm			(void) printf(gettext(
25a68471Sdougm			    "sharepath must be specified with the -s "
25a68471Sdougm			    "option\n"));
25a68471Sdougm			return (SA_BAD_PATH);
25a68471Sdougm		}
549ec3ffSdougm		group = sa_get_group(handle, argv[optind]);
25a68471Sdougm		if (group == NULL) {
25a68471Sdougm			(void) printf(gettext("Group \"%s\" not found\n"),
25a68471Sdougm			    argv[optind]);
25a68471Sdougm			return (SA_NO_SUCH_GROUP);
25a68471Sdougm		}
549ec3ffSdougm		share = sa_find_share(handle, sharepath);
573b0c00Sdougm		/*
573b0c00Sdougm		 * If a share wasn't found, it may have been a symlink
573b0c00Sdougm		 * or has a trailing '/'. Try again after resolving
573b0c00Sdougm		 * with realpath().
573b0c00Sdougm		 */
573b0c00Sdougm		if (share == NULL) {
573b0c00Sdougm			if (realpath(sharepath, dir) == NULL) {
573b0c00Sdougm				(void) printf(gettext("Path "
573b0c00Sdougm				    "is not valid: %s\n"),
573b0c00Sdougm				    sharepath);
573b0c00Sdougm				return (SA_BAD_PATH);
573b0c00Sdougm			}
573b0c00Sdougm			sharepath = dir;
573b0c00Sdougm			share = sa_find_share(handle, sharepath);
573b0c00Sdougm		}
6185db85Sdougm		if (share == NULL) {
6185db85Sdougm			(void) printf(gettext("Share not found: %s\n"),
6185db85Sdougm			    sharepath);
25a68471Sdougm			return (SA_NO_SUCH_PATH);
25a68471Sdougm		}
573b0c00Sdougm		authdst = check_authorizations(argv[optind], flags);
6185db85Sdougm
6185db85Sdougm		parent = sa_get_parent_group(share);
6185db85Sdougm		if (parent != NULL) {
6185db85Sdougm			char *pname;
6185db85Sdougm			pname = sa_get_group_attr(parent, "name");
6185db85Sdougm			if (pname != NULL) {
6185db85Sdougm				authsrc = check_authorizations(pname, flags);
6185db85Sdougm				sa_free_attr_string(pname);
6185db85Sdougm			}
6185db85Sdougm			zfsold = sa_get_group_attr(parent, "zfs");
6185db85Sdougm			zfsnew = sa_get_group_attr(group, "zfs");
6185db85Sdougm			if ((zfsold != NULL && zfsnew == NULL) ||
6185db85Sdougm			    (zfsold == NULL && zfsnew != NULL)) {
6185db85Sdougm				ret = SA_NOT_ALLOWED;
6185db85Sdougm			}
6185db85Sdougm			if (zfsold != NULL)
6185db85Sdougm				sa_free_attr_string(zfsold);
6185db85Sdougm			if (zfsnew != NULL)
6185db85Sdougm				sa_free_attr_string(zfsnew);
6185db85Sdougm		}
25a68471Sdougm
6185db85Sdougm		if (ret == SA_OK && parent != group && !dryrun) {
6185db85Sdougm			char *oldstate;
6185db85Sdougm			/*
25a68471Sdougm			 * Note that the share may need to be
da6c28aaSamw			 * "unshared" if the new group is disabled and
da6c28aaSamw			 * the old was enabled or it may need to be
da6c28aaSamw			 * share to update if the new group is
da6c28aaSamw			 * enabled. We disable before the move and
da6c28aaSamw			 * will have to enable after the move in order
da6c28aaSamw			 * to cleanup entries for protocols that
da6c28aaSamw			 * aren't in the new group.
6185db85Sdougm			 */
6185db85Sdougm			oldstate = sa_get_group_attr(parent, "state");
25a68471Sdougm
6185db85Sdougm			/* enable_share determines what to do */
da6c28aaSamw			if (strcmp(oldstate, "enabled") == 0)
6185db85Sdougm				(void) sa_disable_share(share, NULL);
da6c28aaSamw
6185db85Sdougm			if (oldstate != NULL)
6185db85Sdougm				sa_free_attr_string(oldstate);
6185db85Sdougm		}
25a68471Sdougm
da6c28aaSamw		if (!dryrun && ret == SA_OK)
da6c28aaSamw			ret = sa_move_share(group, share);
da6c28aaSamw
da6c28aaSamw		/*
da6c28aaSamw		 * Reenable and update any config information.
da6c28aaSamw		 */
da6c28aaSamw		if (ret == SA_OK && parent != group && !dryrun) {
da6c28aaSamw			ret = sa_update_config(handle);
da6c28aaSamw
da6c28aaSamw			(void) enable_share(handle, group, share, 1);
da6c28aaSamw		}
da6c28aaSamw
25a68471Sdougm		if (ret != SA_OK)
6185db85Sdougm			(void) printf(gettext("Could not move share: %s\n"),
6185db85Sdougm			    sa_errorstr(ret));
25a68471Sdougm
6185db85Sdougm		if (dryrun && ret == SA_OK && !(authsrc & authdst) &&
6185db85Sdougm		    verbose) {
6185db85Sdougm			(void) printf(gettext("Command would fail: %s\n"),
6185db85Sdougm			    sa_errorstr(SA_NO_PERMISSION));
6185db85Sdougm		}
6185db85Sdougm	}
6185db85Sdougm	return (ret);
6185db85Sdougm}
6185db85Sdougm
6185db85Sdougm/*
6185db85Sdougm * sa_removeshare(flags, argc, argv)
6185db85Sdougm *
6185db85Sdougm * implements remove-share subcommand.
6185db85Sdougm */
6185db85Sdougm
6185db85Sdougmint
549ec3ffSdougmsa_removeshare(sa_handle_t handle, int flags, int argc, char *argv[])
6185db85Sdougm{
6185db85Sdougm	int verbose = 0;
6185db85Sdougm	int dryrun = 0;
6185db85Sdougm	int force = 0;
6185db85Sdougm	int c;
6185db85Sdougm	int ret = SA_OK;
6185db85Sdougm	sa_group_t group;
da6c28aaSamw	sa_resource_t resource = NULL;
da6c28aaSamw	sa_share_t share = NULL;
da6c28aaSamw	char *rsrcname = NULL;
6185db85Sdougm	char *sharepath = NULL;
6185db85Sdougm	char dir[MAXPATHLEN];
6185db85Sdougm	int auth;
6185db85Sdougm
da6c28aaSamw	while ((c = getopt(argc, argv, "?hfnr:s:v")) != EOF) {
6185db85Sdougm		switch (c) {
6185db85Sdougm		case 'n':
6185db85Sdougm			dryrun++;
6185db85Sdougm			break;
6185db85Sdougm		case 'v':
6185db85Sdougm			verbose++;
6185db85Sdougm			break;
6185db85Sdougm		case 'f':
6185db85Sdougm			force++;
6185db85Sdougm			break;
6185db85Sdougm		case 's':
6185db85Sdougm			/*
25a68471Sdougm			 * Remove share path from group. Currently limit
6185db85Sdougm			 * to one share per command.
6185db85Sdougm			 */
6185db85Sdougm			if (sharepath != NULL) {
25a68471Sdougm				(void) printf(gettext(
25a68471Sdougm				    "Removing multiple shares not "
6185db85Sdougm				    "supported\n"));
6185db85Sdougm				return (SA_SYNTAX_ERR);
6185db85Sdougm			}
6185db85Sdougm			sharepath = optarg;
6185db85Sdougm			break;
da6c28aaSamw		case 'r':
da6c28aaSamw			/*
da6c28aaSamw			 * Remove share from group if last resource or remove
da6c28aaSamw			 * resource from share if multiple resources.
da6c28aaSamw			 */
da6c28aaSamw			if (rsrcname != NULL) {
da6c28aaSamw				(void) printf(gettext(
da6c28aaSamw				    "Removing multiple resource names not "
da6c28aaSamw				    "supported\n"));
da6c28aaSamw				return (SA_SYNTAX_ERR);
da6c28aaSamw			}
da6c28aaSamw			rsrcname = optarg;
da6c28aaSamw			break;
e7bab347Sdougm		case 'h':
e7bab347Sdougm			/* optopt on valid arg isn't defined */
e7bab347Sdougm			optopt = c;
e7bab347Sdougm			/*FALLTHROUGH*/
e7bab347Sdougm		case '?':
6185db85Sdougm		default:
e7bab347Sdougm			/*
e7bab347Sdougm			 * Since a bad option gets to here, sort it
e7bab347Sdougm			 * out and return a syntax error return value
e7bab347Sdougm			 * if necessary.
e7bab347Sdougm			 */
e7bab347Sdougm			switch (optopt) {
e7bab347Sdougm			default:
e7bab347Sdougm				ret = SA_SYNTAX_ERR;
e7bab347Sdougm				break;
6185db85Sdougm			case 'h':
6185db85Sdougm			case '?':
e7bab347Sdougm				break;
e7bab347Sdougm			}
6185db85Sdougm			(void) printf(gettext("usage: %s\n"),
6185db85Sdougm			    sa_get_usage(USAGE_REMOVE_SHARE));
e7bab347Sdougm			return (ret);
6185db85Sdougm		}
6185db85Sdougm	}
6185db85Sdougm
da6c28aaSamw	if (optind >= argc || (rsrcname == NULL && sharepath == NULL)) {
da6c28aaSamw		if (sharepath == NULL && rsrcname == NULL) {
6185db85Sdougm			(void) printf(gettext("usage: %s\n"),
6185db85Sdougm			    sa_get_usage(USAGE_REMOVE_SHARE));
da6c28aaSamw			(void) printf(gettext("\t-s sharepath or -r resource"
da6c28aaSamw			    " must be specified\n"));
6185db85Sdougm			ret = SA_BAD_PATH;
6185db85Sdougm		} else {
6185db85Sdougm			ret = SA_OK;
6185db85Sdougm		}
6185db85Sdougm	}
25a68471Sdougm	if (ret != SA_OK) {
25a68471Sdougm		return (ret);
25a68471Sdougm	}
25a68471Sdougm
6185db85Sdougm	if (optind < argc) {
6185db85Sdougm		if ((optind + 1) < argc) {
6185db85Sdougm			(void) printf(gettext("Extraneous group(s) at end of "
6185db85Sdougm			    "command\n"));
6185db85Sdougm			ret = SA_SYNTAX_ERR;
6185db85Sdougm		} else {
549ec3ffSdougm			group = sa_get_group(handle, argv[optind]);
6185db85Sdougm			if (group == NULL) {
25a68471Sdougm				(void) printf(gettext(
25a68471Sdougm				    "Group \"%s\" not found\n"), argv[optind]);
6185db85Sdougm				ret = SA_NO_SUCH_GROUP;
6185db85Sdougm			}
6185db85Sdougm		}
6185db85Sdougm	} else {
6185db85Sdougm		group = NULL;
6185db85Sdougm	}
a99982a7Sdougm
da6c28aaSamw	if (rsrcname != NULL) {
da6c28aaSamw		resource = sa_find_resource(handle, rsrcname);
da6c28aaSamw		if (resource == NULL) {
da6c28aaSamw			ret = SA_NO_SUCH_RESOURCE;
da6c28aaSamw			(void) printf(gettext(
da6c28aaSamw			    "Resource name not found for share: %s\n"),
da6c28aaSamw			    rsrcname);
da6c28aaSamw		}
da6c28aaSamw	}
da6c28aaSamw
a99982a7Sdougm	/*
a99982a7Sdougm	 * Lookup the path in the internal configuration. Care
a99982a7Sdougm	 * must be taken to handle the case where the
a99982a7Sdougm	 * underlying path has been removed since we need to
a99982a7Sdougm	 * be able to deal with that as well.
a99982a7Sdougm	 */
6185db85Sdougm	if (ret == SA_OK) {
da6c28aaSamw		if (sharepath != NULL) {
6185db85Sdougm			if (group != NULL)
6185db85Sdougm				share = sa_get_share(group, sharepath);
6185db85Sdougm			else
549ec3ffSdougm				share = sa_find_share(handle, sharepath);
da6c28aaSamw		}
da6c28aaSamw
da6c28aaSamw		if (resource != NULL) {
da6c28aaSamw			sa_share_t rsrcshare;
da6c28aaSamw			rsrcshare = sa_get_resource_parent(resource);
da6c28aaSamw			if (share == NULL)
da6c28aaSamw				share = rsrcshare;
da6c28aaSamw			else if (share != rsrcshare) {
da6c28aaSamw				ret = SA_NO_SUCH_RESOURCE;
da6c28aaSamw				(void) printf(gettext(
da6c28aaSamw				    "Bad resource name for share: %s\n"),
da6c28aaSamw				    rsrcname);
da6c28aaSamw				share = NULL;
da6c28aaSamw			}
da6c28aaSamw		}
da6c28aaSamw
a99982a7Sdougm		/*
a99982a7Sdougm		 * If we didn't find the share with the provided path,
a99982a7Sdougm		 * it may be a symlink so attempt to resolve it using
a99982a7Sdougm		 * realpath and try again. Realpath will resolve any
a99982a7Sdougm		 * symlinks and place them in "dir". Note that
a99982a7Sdougm		 * sharepath is only used for the lookup the first
a99982a7Sdougm		 * time and later for error messages. dir will be used
a99982a7Sdougm		 * on the second attempt. Once a share is found, all
a99982a7Sdougm		 * operations are based off of the share variable.
a99982a7Sdougm		 */
a99982a7Sdougm		if (share == NULL) {
a99982a7Sdougm			if (realpath(sharepath, dir) == NULL) {
a99982a7Sdougm				ret = SA_BAD_PATH;
25a68471Sdougm				(void) printf(gettext(
25a68471Sdougm				    "Path is not valid: %s\n"), sharepath);
a99982a7Sdougm			} else {
a99982a7Sdougm				if (group != NULL)
a99982a7Sdougm					share = sa_get_share(group, dir);
a99982a7Sdougm				else
549ec3ffSdougm					share = sa_find_share(handle, dir);
a99982a7Sdougm			}
a99982a7Sdougm		}
a99982a7Sdougm	}
a99982a7Sdougm
a99982a7Sdougm	/*
a99982a7Sdougm	 * If there hasn't been an error, there was likely a
a99982a7Sdougm	 * path found. If not, give the appropriate error
a99982a7Sdougm	 * message and set the return error. If it was found,
a99982a7Sdougm	 * then disable the share and then remove it from the
a99982a7Sdougm	 * configuration.
a99982a7Sdougm	 */
25a68471Sdougm	if (ret != SA_OK) {
25a68471Sdougm		return (ret);
25a68471Sdougm	}
6185db85Sdougm	if (share == NULL) {
6185db85Sdougm		if (group != NULL)
6185db85Sdougm			(void) printf(gettext("Share not found in group %s:"
25a68471Sdougm			    " %s\n"), argv[optind], sharepath);
6185db85Sdougm		else
6185db85Sdougm			(void) printf(gettext("Share not found: %s\n"),
6185db85Sdougm			    sharepath);
6185db85Sdougm		ret = SA_NO_SUCH_PATH;
6185db85Sdougm	} else {
6185db85Sdougm		if (group == NULL)
6185db85Sdougm			group = sa_get_parent_group(share);
6185db85Sdougm		if (!dryrun) {
6185db85Sdougm			if (ret == SA_OK) {
da6c28aaSamw				if (resource != NULL)
da6c28aaSamw					ret = sa_disable_resource(resource,
da6c28aaSamw					    NULL);
da6c28aaSamw				else
6185db85Sdougm					ret = sa_disable_share(share, NULL);
6185db85Sdougm				/*
25a68471Sdougm				 * We don't care if it fails since it
a99982a7Sdougm				 * could be disabled already. Some
a99982a7Sdougm				 * unexpected errors could occur that
a99982a7Sdougm				 * prevent removal, so also check for
a99982a7Sdougm				 * force being set.
6185db85Sdougm				 */
da6c28aaSamw				if ((ret == SA_OK || ret == SA_NO_SUCH_PATH ||
a99982a7Sdougm				    ret == SA_NOT_SUPPORTED ||
da6c28aaSamw				    ret == SA_SYSTEM_ERR || force) &&
da6c28aaSamw				    resource == NULL)
6185db85Sdougm					ret = sa_remove_share(share);
da6c28aaSamw
da6c28aaSamw				if ((ret == SA_OK || ret == SA_NO_SUCH_PATH ||
da6c28aaSamw				    ret == SA_NOT_SUPPORTED ||
da6c28aaSamw				    ret == SA_SYSTEM_ERR || force) &&
da6c28aaSamw				    resource != NULL) {
da6c28aaSamw					ret = sa_remove_resource(resource);
da6c28aaSamw					if (ret == SA_OK) {
da6c28aaSamw						/*
da6c28aaSamw						 * If this was the
da6c28aaSamw						 * last one, remove
da6c28aaSamw						 * the share as well.
da6c28aaSamw						 */
da6c28aaSamw						resource =
da6c28aaSamw						    sa_get_share_resource(
da6c28aaSamw						    share, NULL);
da6c28aaSamw						if (resource == NULL)
da6c28aaSamw							ret = sa_remove_share(
da6c28aaSamw							    share);
da6c28aaSamw					}
6185db85Sdougm				}
6185db85Sdougm				if (ret == SA_OK)
549ec3ffSdougm					ret = sa_update_config(handle);
6185db85Sdougm			}
25a68471Sdougm			if (ret != SA_OK)
da6c28aaSamw				(void) printf(gettext("Could not remove share:"
da6c28aaSamw				    " %s\n"), sa_errorstr(ret));
6185db85Sdougm		} else if (ret == SA_OK) {
6185db85Sdougm			char *pname;
6185db85Sdougm			pname = sa_get_group_attr(group, "name");
6185db85Sdougm			if (pname != NULL) {
6185db85Sdougm				auth = check_authorizations(pname, flags);
6185db85Sdougm				sa_free_attr_string(pname);
6185db85Sdougm			}
6185db85Sdougm			if (!auth && verbose) {
25a68471Sdougm				(void) printf(gettext(
25a68471Sdougm				    "Command would fail: %s\n"),
6185db85Sdougm				    sa_errorstr(SA_NO_PERMISSION));
6185db85Sdougm			}
6185db85Sdougm		}
6185db85Sdougm	}
6185db85Sdougm	return (ret);
6185db85Sdougm}
6185db85Sdougm
6185db85Sdougm/*
6185db85Sdougm * sa_set_share(flags, argc, argv)
6185db85Sdougm *
6185db85Sdougm * implements set-share subcommand.
6185db85Sdougm */
6185db85Sdougm
6185db85Sdougmint
549ec3ffSdougmsa_set_share(sa_handle_t handle, int flags, int argc, char *argv[])
6185db85Sdougm{
6185db85Sdougm	int dryrun = 0;
6185db85Sdougm	int c;
6185db85Sdougm	int ret = SA_OK;
6185db85Sdougm	sa_group_t group, sharegroup;
dc20a302Sas200622	sa_share_t share = NULL;
da6c28aaSamw	sa_resource_t resource = NULL;
6185db85Sdougm	char *sharepath = NULL;
6185db85Sdougm	char *description = NULL;
da6c28aaSamw	char *rsrcname = NULL;
da6c28aaSamw	char *rsrc = NULL;
da6c28aaSamw	char *newname = NULL;
da6c28aaSamw	char *newrsrc;
da6c28aaSamw	char *groupname = NULL;
6185db85Sdougm	int auth;
6185db85Sdougm	int verbose = 0;
6185db85Sdougm
6185db85Sdougm	while ((c = getopt(argc, argv, "?hnd:r:s:")) != EOF) {
6185db85Sdougm		switch (c) {
6185db85Sdougm		case 'n':
6185db85Sdougm			dryrun++;
6185db85Sdougm			break;
6185db85Sdougm		case 'd':
6185db85Sdougm			description = optarg;
6185db85Sdougm			break;
6185db85Sdougm		case 'v':
6185db85Sdougm			verbose++;
6185db85Sdougm			break;
da6c28aaSamw		case 'r':
da6c28aaSamw			/*
da6c28aaSamw			 * Update share by resource name
da6c28aaSamw			 */
da6c28aaSamw			if (rsrcname != NULL) {
da6c28aaSamw				(void) printf(gettext(
da6c28aaSamw				    "Updating multiple resource names not "
da6c28aaSamw				    "supported\n"));
da6c28aaSamw				return (SA_SYNTAX_ERR);
da6c28aaSamw			}
da6c28aaSamw			rsrcname = optarg;
da6c28aaSamw			break;
6185db85Sdougm		case 's':
6185db85Sdougm			/*
25a68471Sdougm			 * Save share path into group. Currently limit
6185db85Sdougm			 * to one share per command.
6185db85Sdougm			 */
6185db85Sdougm			if (sharepath != NULL) {
25a68471Sdougm				(void) printf(gettext(
25a68471Sdougm				    "Updating multiple shares not "
6185db85Sdougm				    "supported\n"));
da6c28aaSamw				return (SA_SYNTAX_ERR);
6185db85Sdougm			}
6185db85Sdougm			sharepath = optarg;
6185db85Sdougm			break;
e7bab347Sdougm		case 'h':
e7bab347Sdougm			/* optopt on valid arg isn't defined */
e7bab347Sdougm			optopt = c;
e7bab347Sdougm			/*FALLTHROUGH*/
e7bab347Sdougm		case '?':
6185db85Sdougm		default:
e7bab347Sdougm			/*
e7bab347Sdougm			 * Since a bad option gets to here, sort it
e7bab347Sdougm			 * out and return a syntax error return value
e7bab347Sdougm			 * if necessary.
e7bab347Sdougm			 */
e7bab347Sdougm			switch (optopt) {
e7bab347Sdougm			default:
e7bab347Sdougm				ret = SA_SYNTAX_ERR;
e7bab347Sdougm				break;
6185db85Sdougm			case 'h':
6185db85Sdougm			case '?':
e7bab347Sdougm				break;
e7bab347Sdougm			}
6185db85Sdougm			(void) printf(gettext("usage: %s\n"),
6185db85Sdougm			    sa_get_usage(USAGE_SET_SHARE));
e7bab347Sdougm			return (ret);
6185db85Sdougm		}
6185db85Sdougm	}
25a68471Sdougm
da6c28aaSamw	if (optind >= argc && sharepath == NULL && rsrcname == NULL) {
6185db85Sdougm		if (sharepath == NULL) {
6185db85Sdougm			(void) printf(gettext("usage: %s\n"),
6185db85Sdougm			    sa_get_usage(USAGE_SET_SHARE));
6185db85Sdougm			(void) printf(gettext("\tgroup must be specified\n"));
6185db85Sdougm			ret = SA_BAD_PATH;
6185db85Sdougm		} else {
6185db85Sdougm			ret = SA_OK;
6185db85Sdougm		}
6185db85Sdougm	}
6185db85Sdougm	if ((optind + 1) < argc) {
6185db85Sdougm		(void) printf(gettext("usage: %s\n"),
6185db85Sdougm		    sa_get_usage(USAGE_SET_SHARE));
6185db85Sdougm		(void) printf(gettext("\tExtraneous group(s) at end\n"));
6185db85Sdougm		ret = SA_SYNTAX_ERR;
6185db85Sdougm	}
25a68471Sdougm
da6c28aaSamw	/*
da6c28aaSamw	 * Must have at least one of sharepath and rsrcrname.
da6c28aaSamw	 * It is a syntax error to be missing both.
da6c28aaSamw	 */
da6c28aaSamw	if (sharepath == NULL && rsrcname == NULL) {
da6c28aaSamw		(void) printf(gettext("usage: %s\n"),
da6c28aaSamw		    sa_get_usage(USAGE_SET_SHARE));
da6c28aaSamw		ret = SA_SYNTAX_ERR;
da6c28aaSamw	}
da6c28aaSamw
25a68471Sdougm	if (ret != SA_OK)
25a68471Sdougm		return (ret);
25a68471Sdougm
6185db85Sdougm	if (optind < argc) {
6185db85Sdougm		groupname = argv[optind];
549ec3ffSdougm		group = sa_get_group(handle, groupname);
6185db85Sdougm	} else {
6185db85Sdougm		group = NULL;
6185db85Sdougm		groupname = NULL;
6185db85Sdougm	}
da6c28aaSamw	if (rsrcname != NULL) {
da6c28aaSamw		/*
da6c28aaSamw		 * If rsrcname exists, split rename syntax and then
da6c28aaSamw		 * convert to utf 8 if no errors.
da6c28aaSamw		 */
da6c28aaSamw		newname = strchr(rsrcname, '=');
da6c28aaSamw		if (newname != NULL) {
da6c28aaSamw			*newname++ = '\0';
25a68471Sdougm		}
da6c28aaSamw		if (!validresource(rsrcname)) {
da6c28aaSamw			ret = SA_INVALID_NAME;
da6c28aaSamw			(void) printf(gettext("Invalid resource name: "
da6c28aaSamw			    "\"%s\"\n"), rsrcname);
da6c28aaSamw		} else {
da6c28aaSamw			rsrc = conv_to_utf8(rsrcname);
da6c28aaSamw		}
da6c28aaSamw		if (newname != NULL) {
da6c28aaSamw			if (!validresource(newname)) {
da6c28aaSamw				ret = SA_INVALID_NAME;
da6c28aaSamw				(void) printf(gettext("Invalid resource name: "
da6c28aaSamw				    "%s\n"), newname);
da6c28aaSamw			} else {
da6c28aaSamw				newrsrc = conv_to_utf8(newname);
da6c28aaSamw			}
da6c28aaSamw		}
da6c28aaSamw	}
da6c28aaSamw
da6c28aaSamw	if (ret != SA_OK) {
da6c28aaSamw		if (rsrcname != NULL && rsrcname != rsrc)
da6c28aaSamw			sa_free_attr_string(rsrc);
da6c28aaSamw		if (newname != NULL && newname != newrsrc)
da6c28aaSamw			sa_free_attr_string(newrsrc);
da6c28aaSamw		return (ret);
da6c28aaSamw	}
da6c28aaSamw
da6c28aaSamw	if (sharepath != NULL) {
da6c28aaSamw		share = sa_find_share(handle, sharepath);
da6c28aaSamw	} else if (rsrcname != NULL) {
da6c28aaSamw		resource = sa_find_resource(handle, rsrc);
dc20a302Sas200622		if (resource != NULL)
da6c28aaSamw			share = sa_get_resource_parent(resource);
dc20a302Sas200622		else
dc20a302Sas200622			ret = SA_NO_SUCH_RESOURCE;
da6c28aaSamw	}
da6c28aaSamw	if (share != NULL) {
6185db85Sdougm		sharegroup = sa_get_parent_group(share);
6185db85Sdougm		if (group != NULL && group != sharegroup) {
6185db85Sdougm			(void) printf(gettext("Group \"%s\" does not contain "
da6c28aaSamw			    "share %s\n"),
da6c28aaSamw			    argv[optind], sharepath);
6185db85Sdougm			ret = SA_BAD_PATH;
6185db85Sdougm		} else {
6185db85Sdougm			int delgroupname = 0;
6185db85Sdougm			if (groupname == NULL) {
da6c28aaSamw				groupname = sa_get_group_attr(sharegroup,
da6c28aaSamw				    "name");
6185db85Sdougm				delgroupname = 1;
6185db85Sdougm			}
6185db85Sdougm			if (groupname != NULL) {
6185db85Sdougm				auth = check_authorizations(groupname, flags);
6185db85Sdougm				if (delgroupname) {
6185db85Sdougm					sa_free_attr_string(groupname);
6185db85Sdougm					groupname = NULL;
6185db85Sdougm				}
6185db85Sdougm			} else {
6185db85Sdougm				ret = SA_NO_MEMORY;
6185db85Sdougm			}
da6c28aaSamw			if (rsrcname != NULL) {
da6c28aaSamw				resource = sa_find_resource(handle, rsrc);
6185db85Sdougm				if (!dryrun) {
da6c28aaSamw					if (newname != NULL &&
da6c28aaSamw					    resource != NULL)
da6c28aaSamw						ret = sa_rename_resource(
da6c28aaSamw						    resource, newrsrc);
da6c28aaSamw					else if (newname != NULL)
da6c28aaSamw						ret = SA_NO_SUCH_RESOURCE;
da6c28aaSamw					if (newname != NULL &&
da6c28aaSamw					    newname != newrsrc)
da6c28aaSamw						sa_free_attr_string(newrsrc);
6185db85Sdougm				}
da6c28aaSamw				if (rsrc != rsrcname)
da6c28aaSamw					sa_free_attr_string(rsrc);
6185db85Sdougm			}
25a68471Sdougm
da6c28aaSamw			/*
da6c28aaSamw			 * If the user has set a description, it will be
da6c28aaSamw			 * on the resource if -r was used otherwise it
da6c28aaSamw			 * must be on the share.
da6c28aaSamw			 */
cbfb650aScp160787			if (!dryrun && ret == SA_OK && description != NULL) {
cbfb650aScp160787				char *desc;
cbfb650aScp160787				desc = conv_to_utf8(description);
da6c28aaSamw				if (resource != NULL)
cbfb650aScp160787					ret = sa_set_resource_description(
cbfb650aScp160787					    resource, desc);
da6c28aaSamw				else
cbfb650aScp160787					ret = sa_set_share_description(share,
cbfb650aScp160787					    desc);
cbfb650aScp160787				if (desc != description)
cbfb650aScp160787					sa_free_share_description(desc);
da6c28aaSamw			}
da6c28aaSamw		}
da6c28aaSamw		if (!dryrun && ret == SA_OK) {
da6c28aaSamw			if (resource != NULL)
da6c28aaSamw				(void) sa_enable_resource(resource, NULL);
da6c28aaSamw			ret = sa_update_config(handle);
da6c28aaSamw		}
6185db85Sdougm		switch (ret) {
6185db85Sdougm		case SA_DUPLICATE_NAME:
da6c28aaSamw			(void) printf(gettext("Resource name in use: %s\n"),
da6c28aaSamw			    rsrcname);
6185db85Sdougm			break;
6185db85Sdougm		default:
da6c28aaSamw			(void) printf(gettext("Could not set: %s\n"),
6185db85Sdougm			    sa_errorstr(ret));
6185db85Sdougm			break;
6185db85Sdougm		case SA_OK:
da6c28aaSamw			if (dryrun && !auth && verbose) {
da6c28aaSamw				(void) printf(gettext(
da6c28aaSamw				    "Command would fail: %s\n"),
6185db85Sdougm				    sa_errorstr(SA_NO_PERMISSION));
da6c28aaSamw			}
6185db85Sdougm			break;
6185db85Sdougm		}
da6c28aaSamw	} else {
dc20a302Sas200622		switch (ret) {
dc20a302Sas200622		case SA_NO_SUCH_RESOURCE:
dc20a302Sas200622			(void) printf(gettext("Resource \"%s\" not found\n"),
dc20a302Sas200622			    rsrcname);
dc20a302Sas200622			break;
dc20a302Sas200622		default:
dc20a302Sas200622			if (sharepath != NULL) {
dc20a302Sas200622				(void) printf(
dc20a302Sas200622				    gettext("Share path \"%s\" not found\n"),
da6c28aaSamw				    sharepath);
da6c28aaSamw				ret = SA_NO_SUCH_PATH;
dc20a302Sas200622			} else {
dc20a302Sas200622				(void) printf(gettext("Set failed: %s\n"),
dc20a302Sas200622				    sa_errorstr(ret));
dc20a302Sas200622			}
dc20a302Sas200622		}
da6c28aaSamw	}
25a68471Sdougm
6185db85Sdougm	return (ret);
6185db85Sdougm}
6185db85Sdougm
6185db85Sdougm/*
6185db85Sdougm * add_security(group, sectype, optlist, proto, *err)
6185db85Sdougm *
6185db85Sdougm * Helper function to add a security option (named optionset) to the
6185db85Sdougm * group.
6185db85Sdougm */
6185db85Sdougm
6185db85Sdougmstatic int
6185db85Sdougmadd_security(sa_group_t group, char *sectype,
6185db85Sdougm    struct options *optlist, char *proto, int *err)
6185db85Sdougm{
6185db85Sdougm	sa_security_t security;
6185db85Sdougm	int ret = SA_OK;
6185db85Sdougm	int result = 0;
*687915e9Sdougm	sa_handle_t handle;
6185db85Sdougm
6185db85Sdougm	sectype = sa_proto_space_alias(proto, sectype);
6185db85Sdougm	security = sa_get_security(group, sectype, proto);
25a68471Sdougm	if (security == NULL)
6185db85Sdougm		security = sa_create_security(group, sectype, proto);
25a68471Sdougm
6185db85Sdougm	if (sectype != NULL)
6185db85Sdougm		sa_free_attr_string(sectype);
25a68471Sdougm
25a68471Sdougm	if (security == NULL)
*687915e9Sdougm		goto done;
25a68471Sdougm
*687915e9Sdougm	handle = sa_find_group_handle(group);
*687915e9Sdougm	if (handle == NULL) {
*687915e9Sdougm		ret = SA_CONFIG_ERR;
*687915e9Sdougm		goto done;
*687915e9Sdougm	}
6185db85Sdougm	while (optlist != NULL) {
6185db85Sdougm		sa_property_t prop;
6185db85Sdougm		prop = sa_get_property(security, optlist->optname);
6185db85Sdougm		if (prop == NULL) {
6185db85Sdougm			/*
25a68471Sdougm			 * Add the property, but only if it is
6185db85Sdougm			 * a non-NULL or non-zero length value
6185db85Sdougm			 */
6185db85Sdougm			if (optlist->optvalue != NULL) {
6185db85Sdougm				prop = sa_create_property(optlist->optname,
6185db85Sdougm				    optlist->optvalue);
6185db85Sdougm				if (prop != NULL) {
*687915e9Sdougm					ret = sa_valid_property(handle,
*687915e9Sdougm					    security, proto, prop);
6185db85Sdougm					if (ret != SA_OK) {
6185db85Sdougm						(void) sa_remove_property(prop);
25a68471Sdougm						(void) printf(gettext(
25a68471Sdougm						    "Could not add "
6185db85Sdougm						    "property %s: %s\n"),
6185db85Sdougm						    optlist->optname,
6185db85Sdougm						    sa_errorstr(ret));
6185db85Sdougm					}
6185db85Sdougm					if (ret == SA_OK) {
25a68471Sdougm						ret = sa_add_property(security,
25a68471Sdougm						    prop);
6185db85Sdougm						if (ret != SA_OK) {
25a68471Sdougm							(void) printf(gettext(
25a68471Sdougm							    "Could not add "
25a68471Sdougm							    "property (%s=%s):"
25a68471Sdougm							    " %s\n"),
6185db85Sdougm							    optlist->optname,
6185db85Sdougm							    optlist->optvalue,
6185db85Sdougm							    sa_errorstr(ret));
6185db85Sdougm						} else {
6185db85Sdougm							result = 1;
6185db85Sdougm						}
6185db85Sdougm					}
6185db85Sdougm				}
6185db85Sdougm			}
6185db85Sdougm		} else {
6185db85Sdougm			ret = sa_update_property(prop, optlist->optvalue);
6185db85Sdougm			result = 1; /* should check if really changed */
6185db85Sdougm		}
6185db85Sdougm		optlist = optlist->next;
6185db85Sdougm	}
6185db85Sdougm	/*
25a68471Sdougm	 * When done, properties may have all been removed but
6185db85Sdougm	 * we need to keep the security type itself until
6185db85Sdougm	 * explicitly removed.
6185db85Sdougm	 */
6185db85Sdougm	if (result)
6185db85Sdougm		ret = sa_commit_properties(security, 0);
*687915e9Sdougmdone:
6185db85Sdougm	*err = ret;
6185db85Sdougm	return (result);
6185db85Sdougm}
6185db85Sdougm
6185db85Sdougm/*
f8825440Sdougm * zfscheck(group, share)
f8825440Sdougm *
f8825440Sdougm * For the special case where a share was provided, make sure it is a
f8825440Sdougm * compatible path for a ZFS property change.  The only path
f8825440Sdougm * acceptable is the path that defines the zfs sub-group (dataset with
f8825440Sdougm * the sharenfs property set) and not one of the paths that inherited
f8825440Sdougm * the NFS properties. Returns SA_OK if it is usable and
f8825440Sdougm * SA_NOT_ALLOWED if it isn't.
f8825440Sdougm *
f8825440Sdougm * If group is not a ZFS group/subgroup, we assume OK since the check
f8825440Sdougm * on return will catch errors for those cases.  What we are looking
f8825440Sdougm * for here is that the group is ZFS and the share is not the defining
f8825440Sdougm * share.  All else is SA_OK.
f8825440Sdougm */
f8825440Sdougm
f8825440Sdougmstatic int
f8825440Sdougmzfscheck(sa_group_t group, sa_share_t share)
f8825440Sdougm{
f8825440Sdougm	int ret = SA_OK;
f8825440Sdougm	char *attr;
f8825440Sdougm
f8825440Sdougm	if (sa_group_is_zfs(group)) {
f8825440Sdougm		/*
f8825440Sdougm		 * The group is a ZFS group.  Does the share represent
f8825440Sdougm		 * the dataset that defined the group? It is only OK
f8825440Sdougm		 * if the attribute "subgroup" exists on the share and
f8825440Sdougm		 * has a value of "true".
f8825440Sdougm		 */
f8825440Sdougm
f8825440Sdougm		ret = SA_NOT_ALLOWED;
f8825440Sdougm		attr = sa_get_share_attr(share, "subgroup");
f8825440Sdougm		if (attr != NULL) {
f8825440Sdougm			if (strcmp(attr, "true") == 0)
f8825440Sdougm				ret = SA_OK;
f8825440Sdougm			sa_free_attr_string(attr);
f8825440Sdougm		}
f8825440Sdougm	}
f8825440Sdougm	return (ret);
f8825440Sdougm}
f8825440Sdougm
f8825440Sdougm/*
da6c28aaSamw * basic_set(groupname, optlist, protocol, sharepath, rsrcname, dryrun)
6185db85Sdougm *
6185db85Sdougm * This function implements "set" when a name space (-S) is not
6185db85Sdougm * specified. It is a basic set. Options and other CLI parsing has
6185db85Sdougm * already been done.
da6c28aaSamw *
da6c28aaSamw * "rsrcname" is a "resource name". If it is non-NULL, it must match
da6c28aaSamw * the sharepath if present or group if present, otherwise it is used
da6c28aaSamw * to set options.
da6c28aaSamw *
da6c28aaSamw * Resource names may take options if the protocol supports it. If the
da6c28aaSamw * protocol doesn't support resource level options, rsrcname is just
da6c28aaSamw * an alias for the share.
6185db85Sdougm */
6185db85Sdougm
6185db85Sdougmstatic int
549ec3ffSdougmbasic_set(sa_handle_t handle, char *groupname, struct options *optlist,
da6c28aaSamw    char *protocol, char *sharepath, char *rsrcname, int dryrun)
6185db85Sdougm{
6185db85Sdougm	sa_group_t group;
6185db85Sdougm	int ret = SA_OK;
6185db85Sdougm	int change = 0;
6185db85Sdougm	struct list *worklist = NULL;
6185db85Sdougm
549ec3ffSdougm	group = sa_get_group(handle, groupname);
6185db85Sdougm	if (group != NULL) {
6185db85Sdougm		sa_share_t share = NULL;
da6c28aaSamw		sa_resource_t resource = NULL;
da6c28aaSamw
da6c28aaSamw		/*
da6c28aaSamw		 * If there is a sharepath, make sure it belongs to
da6c28aaSamw		 * the group.
da6c28aaSamw		 */
6185db85Sdougm		if (sharepath != NULL) {
6185db85Sdougm			share = sa_get_share(group, sharepath);
6185db85Sdougm			if (share == NULL) {
25a68471Sdougm				(void) printf(gettext(
25a68471Sdougm				    "Share does not exist in group %s\n"),
6185db85Sdougm				    groupname, sharepath);
6185db85Sdougm				ret = SA_NO_SUCH_PATH;
f8825440Sdougm			} else {
f8825440Sdougm				/* if ZFS and OK, then only group */
f8825440Sdougm				ret = zfscheck(group, share);
f8825440Sdougm				if (ret == SA_OK &&
f8825440Sdougm				    sa_group_is_zfs(group))
f8825440Sdougm					share = NULL;
f8825440Sdougm				if (ret == SA_NOT_ALLOWED)
f8825440Sdougm					(void) printf(gettext(
f8825440Sdougm					    "Properties on ZFS group shares "
f8825440Sdougm					    "not supported: %s\n"), sharepath);
6185db85Sdougm			}
6185db85Sdougm		}
da6c28aaSamw
da6c28aaSamw		/*
da6c28aaSamw		 * If a resource name exists, make sure it belongs to
da6c28aaSamw		 * the share if present else it belongs to the
da6c28aaSamw		 * group. Also check the protocol to see if it
da6c28aaSamw		 * supports resource level properties or not. If not,
da6c28aaSamw		 * use share only.
da6c28aaSamw		 */
da6c28aaSamw		if (rsrcname != NULL) {
da6c28aaSamw			if (share != NULL) {
da6c28aaSamw				resource = sa_get_share_resource(share,
da6c28aaSamw				    rsrcname);
da6c28aaSamw				if (resource == NULL)
da6c28aaSamw					ret = SA_NO_SUCH_RESOURCE;
da6c28aaSamw			} else {
da6c28aaSamw				resource = sa_get_resource(group, rsrcname);
da6c28aaSamw				if (resource != NULL)
da6c28aaSamw					share = sa_get_resource_parent(
da6c28aaSamw					    resource);
da6c28aaSamw				else
da6c28aaSamw					ret = SA_NO_SUCH_RESOURCE;
da6c28aaSamw			}
da6c28aaSamw			if (ret == SA_OK && resource != NULL) {
da6c28aaSamw				uint64_t features;
da6c28aaSamw				/*
da6c28aaSamw				 * Check to see if the resource can take
da6c28aaSamw				 * properties. If so, stick the resource into
da6c28aaSamw				 * "share" so it will all just work.
da6c28aaSamw				 */
da6c28aaSamw				features = sa_proto_get_featureset(protocol);
da6c28aaSamw				if (features & SA_FEATURE_RESOURCE)
da6c28aaSamw					share = (sa_share_t)resource;
da6c28aaSamw			}
da6c28aaSamw		}
da6c28aaSamw
6185db85Sdougm		if (ret == SA_OK) {
6185db85Sdougm			/* group must exist */
*687915e9Sdougm			ret = valid_options(handle, optlist, protocol,
6185db85Sdougm			    share == NULL ? group : share, NULL);
6185db85Sdougm			if (ret == SA_OK && !dryrun) {
6185db85Sdougm				if (share != NULL)
25a68471Sdougm					change |= add_optionset(share, optlist,
25a68471Sdougm					    protocol, &ret);
6185db85Sdougm				else
25a68471Sdougm					change |= add_optionset(group, optlist,
25a68471Sdougm					    protocol, &ret);
25a68471Sdougm				if (ret == SA_OK && change)
25a68471Sdougm					worklist = add_list(worklist, group,
da6c28aaSamw					    share, protocol);
6185db85Sdougm			}
6185db85Sdougm		}
6185db85Sdougm		free_opt(optlist);
6185db85Sdougm	} else {
6185db85Sdougm		(void) printf(gettext("Group \"%s\" not found\n"), groupname);
6185db85Sdougm		ret = SA_NO_SUCH_GROUP;
6185db85Sdougm	}
6185db85Sdougm	/*
6185db85Sdougm	 * we have a group and potentially legal additions
6185db85Sdougm	 */
6185db85Sdougm
25a68471Sdougm	/*
25a68471Sdougm	 * Commit to configuration if not a dryrunp and properties
25a68471Sdougm	 * have changed.
25a68471Sdougm	 */
25a68471Sdougm	if (!dryrun && ret == SA_OK && change && worklist != NULL)
6185db85Sdougm		/* properties changed, so update all shares */
da6c28aaSamw		(void) enable_all_groups(handle, worklist, 0, 0, protocol,
da6c28aaSamw		    B_TRUE);
25a68471Sdougm
6185db85Sdougm	if (worklist != NULL)
6185db85Sdougm		free_list(worklist);
6185db85Sdougm	return (ret);
6185db85Sdougm}
6185db85Sdougm
6185db85Sdougm/*
6185db85Sdougm * space_set(groupname, optlist, protocol, sharepath, dryrun)
6185db85Sdougm *
6185db85Sdougm * This function implements "set" when a name space (-S) is
6185db85Sdougm * specified. It is a namespace set. Options and other CLI parsing has
6185db85Sdougm * already been done.
6185db85Sdougm */
6185db85Sdougm
6185db85Sdougmstatic int
549ec3ffSdougmspace_set(sa_handle_t handle, char *groupname, struct options *optlist,
549ec3ffSdougm    char *protocol, char *sharepath, int dryrun, char *sectype)
6185db85Sdougm{
6185db85Sdougm	sa_group_t group;
6185db85Sdougm	int ret = SA_OK;
6185db85Sdougm	int change = 0;
6185db85Sdougm	struct list *worklist = NULL;
6185db85Sdougm
6185db85Sdougm	/*
6185db85Sdougm	 * make sure protcol and sectype are valid
6185db85Sdougm	 */
6185db85Sdougm
6185db85Sdougm	if (sa_proto_valid_space(protocol, sectype) == 0) {
6185db85Sdougm		(void) printf(gettext("Option space \"%s\" not valid "
25a68471Sdougm		    "for protocol.\n"), sectype);
6185db85Sdougm		return (SA_INVALID_SECURITY);
6185db85Sdougm	}
6185db85Sdougm
549ec3ffSdougm	group = sa_get_group(handle, groupname);
6185db85Sdougm	if (group != NULL) {
6185db85Sdougm		sa_share_t share = NULL;
6185db85Sdougm		if (sharepath != NULL) {
6185db85Sdougm			share = sa_get_share(group, sharepath);
6185db85Sdougm			if (share == NULL) {
25a68471Sdougm				(void) printf(gettext(
25a68471Sdougm				    "Share does not exist in group %s\n"),
6185db85Sdougm				    groupname, sharepath);
6185db85Sdougm				ret = SA_NO_SUCH_PATH;
f8825440Sdougm			} else {
f8825440Sdougm				/* if ZFS and OK, then only group */
f8825440Sdougm				ret = zfscheck(group, share);
f8825440Sdougm				if (ret == SA_OK &&
f8825440Sdougm				    sa_group_is_zfs(group))
f8825440Sdougm					share = NULL;
f8825440Sdougm				if (ret == SA_NOT_ALLOWED)
f8825440Sdougm					(void) printf(gettext(
f8825440Sdougm					    "Properties on ZFS group shares "
f8825440Sdougm					    "not supported: %s\n"), sharepath);
6185db85Sdougm			}
6185db85Sdougm		}
6185db85Sdougm		if (ret == SA_OK) {
6185db85Sdougm			/* group must exist */
*687915e9Sdougm			ret = valid_options(handle, optlist, protocol,
6185db85Sdougm			    share == NULL ? group : share, sectype);
6185db85Sdougm			if (ret == SA_OK && !dryrun) {
6185db85Sdougm				if (share != NULL)
25a68471Sdougm					change = add_security(share, sectype,
25a68471Sdougm					    optlist, protocol, &ret);
6185db85Sdougm				else
25a68471Sdougm					change = add_security(group, sectype,
25a68471Sdougm					    optlist, protocol, &ret);
6185db85Sdougm				if (ret != SA_OK)
25a68471Sdougm					(void) printf(gettext(
25a68471Sdougm					    "Could not set property: %s\n"),
6185db85Sdougm					    sa_errorstr(ret));
6185db85Sdougm			}
6185db85Sdougm			if (ret == SA_OK && change)
da6c28aaSamw				worklist = add_list(worklist, group, share,
da6c28aaSamw				    protocol);
6185db85Sdougm		}
6185db85Sdougm		free_opt(optlist);
6185db85Sdougm	} else {
6185db85Sdougm		(void) printf(gettext("Group \"%s\" not found\n"), groupname);
6185db85Sdougm		ret = SA_NO_SUCH_GROUP;
6185db85Sdougm	}
da6c28aaSamw
6185db85Sdougm	/*
da6c28aaSamw	 * We have a group and potentially legal additions.
6185db85Sdougm	 */
6185db85Sdougm
25a68471Sdougm	/* Commit to configuration if not a dryrun */
6185db85Sdougm	if (!dryrun && ret == 0) {
6185db85Sdougm		if (change && worklist != NULL) {
6185db85Sdougm			/* properties changed, so update all shares */
25a68471Sdougm			(void) enable_all_groups(handle, worklist, 0, 0,
da6c28aaSamw			    protocol, B_TRUE);
6185db85Sdougm		}
549ec3ffSdougm		ret = sa_update_config(handle);
6185db85Sdougm	}
6185db85Sdougm	if (worklist != NULL)
6185db85Sdougm		free_list(worklist);
6185db85Sdougm	return (ret);
6185db85Sdougm}
6185db85Sdougm
6185db85Sdougm/*
6185db85Sdougm * sa_set(flags, argc, argv)
6185db85Sdougm *
6185db85Sdougm * Implements the set subcommand. It keys off of -S to determine which
6185db85Sdougm * set of operations to actually do.
6185db85Sdougm */
6185db85Sdougm
6185db85Sdougmint
549ec3ffSdougmsa_set(sa_handle_t handle, int flags, int argc, char *argv[])
6185db85Sdougm{
6185db85Sdougm	char *groupname;
6185db85Sdougm	int verbose = 0;
6185db85Sdougm	int dryrun = 0;
6185db85Sdougm	int c;
6185db85Sdougm	char *protocol = NULL;
6185db85Sdougm	int ret = SA_OK;
6185db85Sdougm	struct options *optlist = NULL;
da6c28aaSamw	char *rsrcname = NULL;
6185db85Sdougm	char *sharepath = NULL;
6185db85Sdougm	char *optset = NULL;
6185db85Sdougm	int auth;
6185db85Sdougm
da6c28aaSamw	while ((c = getopt(argc, argv, "?hvnP:p:r:s:S:")) != EOF) {
6185db85Sdougm		switch (c) {
6185db85Sdougm		case 'v':
6185db85Sdougm			verbose++;
6185db85Sdougm			break;
6185db85Sdougm		case 'n':
6185db85Sdougm			dryrun++;
6185db85Sdougm			break;
6185db85Sdougm		case 'P':
da6c28aaSamw			if (protocol != NULL) {
da6c28aaSamw				(void) printf(gettext(
da6c28aaSamw				    "Specifying multiple protocols "
da6c28aaSamw				    "not supported: %s\n"), protocol);
da6c28aaSamw				return (SA_SYNTAX_ERR);
da6c28aaSamw			}
6185db85Sdougm			protocol = optarg;
6185db85Sdougm			if (!sa_valid_protocol(protocol)) {
25a68471Sdougm				(void) printf(gettext(
25a68471Sdougm				    "Invalid protocol specified: %s\n"),
6185db85Sdougm				    protocol);
6185db85Sdougm				return (SA_INVALID_PROTOCOL);
6185db85Sdougm			}
6185db85Sdougm			break;
6185db85Sdougm		case 'p':
6185db85Sdougm			ret = add_opt(&optlist, optarg, 0);
6185db85Sdougm			switch (ret) {
6185db85Sdougm			case OPT_ADD_SYNTAX:
25a68471Sdougm				(void) printf(gettext("Property syntax error:"
25a68471Sdougm				    " %s\n"), optarg);
6185db85Sdougm				return (SA_SYNTAX_ERR);
6185db85Sdougm			case OPT_ADD_MEMORY:
25a68471Sdougm				(void) printf(gettext("No memory to set "
25a68471Sdougm				    "property: %s\n"), optarg);
6185db85Sdougm				return (SA_NO_MEMORY);
6185db85Sdougm			default:
6185db85Sdougm				break;
6185db85Sdougm			}
6185db85Sdougm			break;
da6c28aaSamw		case 'r':
da6c28aaSamw			if (rsrcname != NULL) {
da6c28aaSamw				(void) printf(gettext(
da6c28aaSamw				    "Setting multiple resource names not"
da6c28aaSamw				    " supported\n"));
da6c28aaSamw				return (SA_SYNTAX_ERR);
da6c28aaSamw			}
da6c28aaSamw			rsrcname = optarg;
da6c28aaSamw			break;
6185db85Sdougm		case 's':
da6c28aaSamw			if (sharepath != NULL) {
da6c28aaSamw				(void) printf(gettext(
da6c28aaSamw				    "Setting multiple shares not supported\n"));
da6c28aaSamw				return (SA_SYNTAX_ERR);
da6c28aaSamw			}
6185db85Sdougm			sharepath = optarg;
6185db85Sdougm			break;
6185db85Sdougm		case 'S':
da6c28aaSamw			if (optset != NULL) {
da6c28aaSamw				(void) printf(gettext(
da6c28aaSamw				    "Specifying multiple property "
da6c28aaSamw				    "spaces not supported: %s\n"), optset);
da6c28aaSamw				return (SA_SYNTAX_ERR);
da6c28aaSamw			}
6185db85Sdougm			optset = optarg;
6185db85Sdougm			break;
e7bab347Sdougm		case 'h':
e7bab347Sdougm			/* optopt on valid arg isn't defined */
e7bab347Sdougm			optopt = c;
e7bab347Sdougm			/*FALLTHROUGH*/
e7bab347Sdougm		case '?':
6185db85Sdougm		default:
e7bab347Sdougm			/*
e7bab347Sdougm			 * Since a bad option gets to here, sort it
e7bab347Sdougm			 * out and return a syntax error return value
e7bab347Sdougm			 * if necessary.
e7bab347Sdougm			 */
e7bab347Sdougm			switch (optopt) {
e7bab347Sdougm			default:
e7bab347Sdougm				ret = SA_SYNTAX_ERR;
e7bab347Sdougm				break;
6185db85Sdougm			case 'h':
6185db85Sdougm			case '?':
e7bab347Sdougm				break;
e7bab347Sdougm			}
6185db85Sdougm			(void) printf(gettext("usage: %s\n"),
6185db85Sdougm			    sa_get_usage(USAGE_SET));
e7bab347Sdougm			return (ret);
6185db85Sdougm		}
6185db85Sdougm	}
6185db85Sdougm
6185db85Sdougm	if (optlist != NULL)
6185db85Sdougm		ret = chk_opt(optlist, optset != NULL, protocol);
6185db85Sdougm
6185db85Sdougm	if (optind >= argc || (optlist == NULL && optset == NULL) ||
25a68471Sdougm	    protocol == NULL || ret != OPT_ADD_OK) {
6185db85Sdougm		char *sep = "\t";
25a68471Sdougm
6185db85Sdougm		(void) printf(gettext("usage: %s\n"), sa_get_usage(USAGE_SET));
6185db85Sdougm		if (optind >= argc) {
25a68471Sdougm			(void) printf(gettext("%sgroup must be specified"),
25a68471Sdougm			    sep);
6185db85Sdougm			sep = ", ";
6185db85Sdougm		}
6185db85Sdougm		if (optlist == NULL) {
6185db85Sdougm			(void) printf(gettext("%sat least one property must be"
6185db85Sdougm			    " specified"), sep);
6185db85Sdougm			sep = ", ";
6185db85Sdougm		}
6185db85Sdougm		if (protocol == NULL) {
25a68471Sdougm			(void) printf(gettext("%sprotocol must be specified"),
25a68471Sdougm			    sep);
6185db85Sdougm			sep = ", ";
6185db85Sdougm		}
6185db85Sdougm		(void) printf("\n");
6185db85Sdougm		ret = SA_SYNTAX_ERR;
6185db85Sdougm	} else {
6185db85Sdougm		/*
f8825440Sdougm		 * Group already exists so we can proceed after a few
f8825440Sdougm		 * additional checks related to ZFS handling.
6185db85Sdougm		 */
6185db85Sdougm
6185db85Sdougm		groupname = argv[optind];
f8825440Sdougm		if (strcmp(groupname, "zfs") == 0) {
f8825440Sdougm			(void) printf(gettext("Changing properties for group "
f8825440Sdougm			    "\"zfs\" not allowed\n"));
f8825440Sdougm			return (SA_NOT_ALLOWED);
f8825440Sdougm		}
f8825440Sdougm
6185db85Sdougm		auth = check_authorizations(groupname, flags);
6185db85Sdougm		if (optset == NULL)
549ec3ffSdougm			ret = basic_set(handle, groupname, optlist, protocol,
da6c28aaSamw			    sharepath, rsrcname, dryrun);
6185db85Sdougm		else
549ec3ffSdougm			ret = space_set(handle, groupname, optlist, protocol,
6185db85Sdougm			    sharepath, dryrun, optset);
6185db85Sdougm		if (dryrun && ret == SA_OK && !auth && verbose) {
6185db85Sdougm			(void) printf(gettext("Command would fail: %s\n"),
6185db85Sdougm			    sa_errorstr(SA_NO_PERMISSION));
6185db85Sdougm		}
6185db85Sdougm	}
6185db85Sdougm	return (ret);
6185db85Sdougm}
6185db85Sdougm
6185db85Sdougm/*
6185db85Sdougm * remove_options(group, optlist, proto, *err)
6185db85Sdougm *
25a68471Sdougm * Helper function to actually remove options from a group after all
6185db85Sdougm * preprocessing is done.
6185db85Sdougm */
6185db85Sdougm
6185db85Sdougmstatic int
6185db85Sdougmremove_options(sa_group_t group, struct options *optlist,
6185db85Sdougm    char *proto, int *err)
6185db85Sdougm{
6185db85Sdougm	struct options *cur;
6185db85Sdougm	sa_optionset_t optionset;
6185db85Sdougm	sa_property_t prop;
6185db85Sdougm	int change = 0;
6185db85Sdougm	int ret = SA_OK;
6185db85Sdougm
6185db85Sdougm	optionset = sa_get_optionset(group, proto);
6185db85Sdougm	if (optionset != NULL) {
6185db85Sdougm		for (cur = optlist; cur != NULL; cur = cur->next) {
6185db85Sdougm			prop = sa_get_property(optionset, cur->optname);
6185db85Sdougm			if (prop != NULL) {
6185db85Sdougm				ret = sa_remove_property(prop);
6185db85Sdougm				if (ret != SA_OK)
6185db85Sdougm					break;
6185db85Sdougm				change = 1;
6185db85Sdougm			}
6185db85Sdougm		}
6185db85Sdougm	}
6185db85Sdougm	if (ret == SA_OK && change)
6185db85Sdougm		ret = sa_commit_properties(optionset, 0);
6185db85Sdougm
6185db85Sdougm	if (err != NULL)
6185db85Sdougm		*err = ret;
6185db85Sdougm	return (change);
6185db85Sdougm}
6185db85Sdougm
6185db85Sdougm/*
6185db85Sdougm * valid_unset(group, optlist, proto)
6185db85Sdougm *
6185db85Sdougm * Sanity check the optlist to make sure they can be removed. Issue an
6185db85Sdougm * error if a property doesn't exist.
6185db85Sdougm */
6185db85Sdougm
6185db85Sdougmstatic int
6185db85Sdougmvalid_unset(sa_group_t group, struct options *optlist, char *proto)
6185db85Sdougm{
6185db85Sdougm	struct options *cur;
6185db85Sdougm	sa_optionset_t optionset;
6185db85Sdougm	sa_property_t prop;
6185db85Sdougm	int ret = SA_OK;
6185db85Sdougm
6185db85Sdougm	optionset = sa_get_optionset(group, proto);
6185db85Sdougm	if (optionset != NULL) {
6185db85Sdougm		for (cur = optlist; cur != NULL; cur = cur->next) {
6185db85Sdougm			prop = sa_get_property(optionset, cur->optname);
6185db85Sdougm			if (prop == NULL) {
25a68471Sdougm				(void) printf(gettext(
25a68471Sdougm				    "Could not unset property %s: not set\n"),
6185db85Sdougm				    cur->optname);
6185db85Sdougm				ret = SA_NO_SUCH_PROP;
6185db85Sdougm			}
6185db85Sdougm		}
6185db85Sdougm	}
6185db85Sdougm	return (ret);
6185db85Sdougm}
6185db85Sdougm
6185db85Sdougm/*
6185db85Sdougm * valid_unset_security(group, optlist, proto)
6185db85Sdougm *
6185db85Sdougm * Sanity check the optlist to make sure they can be removed. Issue an
6185db85Sdougm * error if a property doesn't exist.
6185db85Sdougm */
6185db85Sdougm
6185db85Sdougmstatic int
6185db85Sdougmvalid_unset_security(sa_group_t group, struct options *optlist, char *proto,
6185db85Sdougm    char *sectype)
6185db85Sdougm{
6185db85Sdougm	struct options *cur;
6185db85Sdougm	sa_security_t security;
6185db85Sdougm	sa_property_t prop;
6185db85Sdougm	int ret = SA_OK;
6185db85Sdougm	char *sec;
6185db85Sdougm
6185db85Sdougm	sec = sa_proto_space_alias(proto, sectype);
6185db85Sdougm	security = sa_get_security(group, sec, proto);
6185db85Sdougm	if (security != NULL) {
6185db85Sdougm		for (cur = optlist; cur != NULL; cur = cur->next) {
6185db85Sdougm			prop = sa_get_property(security, cur->optname);
6185db85Sdougm			if (prop == NULL) {
25a68471Sdougm				(void) printf(gettext(
25a68471Sdougm				    "Could not unset property %s: not set\n"),
6185db85Sdougm				    cur->optname);
6185db85Sdougm				ret = SA_NO_SUCH_PROP;
6185db85Sdougm			}
6185db85Sdougm		}
6185db85Sdougm	} else {
25a68471Sdougm		(void) printf(gettext(
25a68471Sdougm		    "Could not unset %s: space not defined\n"), sectype);
6185db85Sdougm		ret = SA_NO_SUCH_SECURITY;
6185db85Sdougm	}
6185db85Sdougm	if (sec != NULL)
6185db85Sdougm		sa_free_attr_string(sec);
6185db85Sdougm	return (ret);
6185db85Sdougm}
6185db85Sdougm
6185db85Sdougm/*
6185db85Sdougm * remove_security(group, optlist, proto)
6185db85Sdougm *
6185db85Sdougm * Remove the properties since they were checked as valid.
6185db85Sdougm */
6185db85Sdougm
6185db85Sdougmstatic int
6185db85Sdougmremove_security(sa_group_t group, char *sectype,
6185db85Sdougm    struct options *optlist, char *proto, int *err)
6185db85Sdougm{
6185db85Sdougm	sa_security_t security;
6185db85Sdougm	int ret = SA_OK;
6185db85Sdougm	int change = 0;
6185db85Sdougm
6185db85Sdougm	sectype = sa_proto_space_alias(proto, sectype);
6185db85Sdougm	security = sa_get_security(group, sectype, proto);
6185db85Sdougm	if (sectype != NULL)
6185db85Sdougm		sa_free_attr_string(sectype);
6185db85Sdougm
6185db85Sdougm	if (security != NULL) {
6185db85Sdougm		while (optlist != NULL) {
6185db85Sdougm			sa_property_t prop;
6185db85Sdougm			prop = sa_get_property(security, optlist->optname);
6185db85Sdougm			if (prop != NULL) {
6185db85Sdougm				ret = sa_remove_property(prop);
6185db85Sdougm				if (ret != SA_OK)
6185db85Sdougm					break;
6185db85Sdougm				change = 1;
6185db85Sdougm			}
6185db85Sdougm			optlist = optlist->next;
6185db85Sdougm		}
6185db85Sdougm		/*
6185db85Sdougm		 * when done, properties may have all been removed but
6185db85Sdougm		 * we need to keep the security type itself until
6185db85Sdougm		 * explicitly removed.
6185db85Sdougm		 */
6185db85Sdougm		if (ret == SA_OK && change)
6185db85Sdougm			ret = sa_commit_properties(security, 0);
6185db85Sdougm	} else {
6185db85Sdougm		ret = SA_NO_SUCH_PROP;
6185db85Sdougm	}
6185db85Sdougm	if (err != NULL)
6185db85Sdougm		*err = ret;
6185db85Sdougm	return (change);
6185db85Sdougm}
6185db85Sdougm
6185db85Sdougm/*
da6c28aaSamw * basic_unset(groupname, optlist, protocol, sharepath, rsrcname, dryrun)
6185db85Sdougm *
25a68471Sdougm * Unset non-named optionset properties.
6185db85Sdougm */
6185db85Sdougm
6185db85Sdougmstatic int
549ec3ffSdougmbasic_unset(sa_handle_t handle, char *groupname, struct options *optlist,
da6c28aaSamw    char *protocol, char *sharepath, char *rsrcname, int dryrun)
6185db85Sdougm{
6185db85Sdougm	sa_group_t group;
6185db85Sdougm	int ret = SA_OK;
6185db85Sdougm	int change = 0;
6185db85Sdougm	struct list *worklist = NULL;
25a68471Sdougm	sa_share_t share = NULL;
da6c28aaSamw	sa_resource_t resource = NULL;
6185db85Sdougm
549ec3ffSdougm	group = sa_get_group(handle, groupname);
25a68471Sdougm	if (group == NULL)
25a68471Sdougm		return (ret);
25a68471Sdougm
da6c28aaSamw	/*
da6c28aaSamw	 * If there is a sharepath, make sure it belongs to
da6c28aaSamw	 * the group.
da6c28aaSamw	 */
6185db85Sdougm	if (sharepath != NULL) {
6185db85Sdougm		share = sa_get_share(group, sharepath);
6185db85Sdougm		if (share == NULL) {
25a68471Sdougm			(void) printf(gettext(
25a68471Sdougm			    "Share does not exist in group %s\n"),
6185db85Sdougm			    groupname, sharepath);
6185db85Sdougm			ret = SA_NO_SUCH_PATH;
6185db85Sdougm		}
6185db85Sdougm	}
da6c28aaSamw	/*
da6c28aaSamw	 * If a resource name exists, make sure it belongs to
da6c28aaSamw	 * the share if present else it belongs to the
da6c28aaSamw	 * group. Also check the protocol to see if it
da6c28aaSamw	 * supports resource level properties or not. If not,
da6c28aaSamw	 * use share only.
da6c28aaSamw	 */
da6c28aaSamw	if (rsrcname != NULL) {
da6c28aaSamw		if (share != NULL) {
da6c28aaSamw			resource = sa_get_share_resource(share, rsrcname);
da6c28aaSamw			if (resource == NULL)
da6c28aaSamw				ret = SA_NO_SUCH_RESOURCE;
da6c28aaSamw		} else {
da6c28aaSamw			resource = sa_get_resource(group, rsrcname);
da6c28aaSamw			if (resource != NULL) {
da6c28aaSamw				share = sa_get_resource_parent(resource);
da6c28aaSamw			} else {
da6c28aaSamw				ret = SA_NO_SUCH_RESOURCE;
da6c28aaSamw			}
da6c28aaSamw		}
da6c28aaSamw		if (ret == SA_OK && resource != NULL) {
da6c28aaSamw			uint64_t features;
da6c28aaSamw			/*
da6c28aaSamw			 * Check to see if the resource can take
da6c28aaSamw			 * properties. If so, stick the resource into
da6c28aaSamw			 * "share" so it will all just work.
da6c28aaSamw			 */
da6c28aaSamw			features = sa_proto_get_featureset(protocol);
da6c28aaSamw			if (features & SA_FEATURE_RESOURCE)
da6c28aaSamw				share = (sa_share_t)resource;
da6c28aaSamw		}
da6c28aaSamw	}
da6c28aaSamw
6185db85Sdougm	if (ret == SA_OK) {
6185db85Sdougm		/* group must exist */
6185db85Sdougm		ret = valid_unset(share != NULL ? share : group,
6185db85Sdougm		    optlist, protocol);
6185db85Sdougm		if (ret == SA_OK && !dryrun) {
6185db85Sdougm			if (share != NULL) {
6185db85Sdougm				sa_optionset_t optionset;
6185db85Sdougm				sa_property_t prop;
25a68471Sdougm				change |= remove_options(share, optlist,
25a68471Sdougm				    protocol, &ret);
25a68471Sdougm				/*
25a68471Sdougm				 * If a share optionset is
25a68471Sdougm				 * empty, remove it.
25a68471Sdougm				 */
6185db85Sdougm				optionset = sa_get_optionset((sa_share_t)share,
6185db85Sdougm				    protocol);
6185db85Sdougm				if (optionset != NULL) {
6185db85Sdougm					prop = sa_get_property(optionset, NULL);
6185db85Sdougm					if (prop == NULL)
25a68471Sdougm						(void) sa_destroy_optionset(
25a68471Sdougm						    optionset);
6185db85Sdougm				}
6185db85Sdougm			} else {
25a68471Sdougm				change |= remove_options(group,
25a68471Sdougm				    optlist, protocol, &ret);
6185db85Sdougm			}
6185db85Sdougm			if (ret == SA_OK && change)
da6c28aaSamw				worklist = add_list(worklist, group, share,
da6c28aaSamw				    protocol);
6185db85Sdougm			if (ret != SA_OK)
25a68471Sdougm				(void) printf(gettext(
25a68471Sdougm				    "Could not remove properties: "
25a68471Sdougm				    "%s\n"), sa_errorstr(ret));
6185db85Sdougm		}
6185db85Sdougm	} else {
da6c28aaSamw		(void) printf(gettext("Group \"%s\" not found\n"), groupname);
6185db85Sdougm		ret = SA_NO_SUCH_GROUP;
6185db85Sdougm	}
6185db85Sdougm	free_opt(optlist);
6185db85Sdougm
6185db85Sdougm	/*
25a68471Sdougm	 * We have a group and potentially legal additions
25a68471Sdougm	 *
25a68471Sdougm	 * Commit to configuration if not a dryrun
6185db85Sdougm	 */
6185db85Sdougm	if (!dryrun && ret == SA_OK) {
6185db85Sdougm		if (change && worklist != NULL) {
6185db85Sdougm			/* properties changed, so update all shares */
25a68471Sdougm			(void) enable_all_groups(handle, worklist, 0, 0,
da6c28aaSamw			    protocol, B_TRUE);
6185db85Sdougm		}
6185db85Sdougm	}
6185db85Sdougm	if (worklist != NULL)
6185db85Sdougm		free_list(worklist);
6185db85Sdougm	return (ret);
6185db85Sdougm}
6185db85Sdougm
6185db85Sdougm/*
6185db85Sdougm * space_unset(groupname, optlist, protocol, sharepath, dryrun)
6185db85Sdougm *
25a68471Sdougm * Unset named optionset properties.
6185db85Sdougm */
6185db85Sdougmstatic int
549ec3ffSdougmspace_unset(sa_handle_t handle, char *groupname, struct options *optlist,
549ec3ffSdougm    char *protocol, char *sharepath, int dryrun, char *sectype)
6185db85Sdougm{
6185db85Sdougm	sa_group_t group;
6185db85Sdougm	int ret = SA_OK;
6185db85Sdougm	int change = 0;
6185db85Sdougm	struct list *worklist = NULL;
25a68471Sdougm	sa_share_t share = NULL;
6185db85Sdougm
549ec3ffSdougm	group = sa_get_group(handle, groupname);
25a68471Sdougm	if (group == NULL) {
25a68471Sdougm		(void) printf(gettext("Group \"%s\" not found\n"), groupname);
25a68471Sdougm		return (SA_NO_SUCH_GROUP);
25a68471Sdougm	}
6185db85Sdougm	if (sharepath != NULL) {
6185db85Sdougm		share = sa_get_share(group, sharepath);
6185db85Sdougm		if (share == NULL) {
25a68471Sdougm			(void) printf(gettext(
25a68471Sdougm			    "Share does not exist in group %s\n"),
6185db85Sdougm			    groupname, sharepath);
25a68471Sdougm			return (SA_NO_SUCH_PATH);
6185db85Sdougm		}
6185db85Sdougm	}
da6c28aaSamw	ret = valid_unset_security(share != NULL ? share : group,
da6c28aaSamw	    optlist, protocol, sectype);
25a68471Sdougm
6185db85Sdougm	if (ret == SA_OK && !dryrun) {
6185db85Sdougm		if (optlist != NULL) {
6185db85Sdougm			if (share != NULL) {
6185db85Sdougm				sa_security_t optionset;
6185db85Sdougm				sa_property_t prop;
25a68471Sdougm				change = remove_security(share,
25a68471Sdougm				    sectype, optlist, protocol, &ret);
25a68471Sdougm
25a68471Sdougm				/* If a share security is empty, remove it */
6185db85Sdougm				optionset = sa_get_security((sa_group_t)share,
25a68471Sdougm				    sectype, protocol);
6185db85Sdougm				if (optionset != NULL) {
25a68471Sdougm					prop = sa_get_property(optionset,
25a68471Sdougm					    NULL);
6185db85Sdougm					if (prop == NULL)
25a68471Sdougm						ret = sa_destroy_security(
25a68471Sdougm						    optionset);
6185db85Sdougm				}
6185db85Sdougm			} else {
6185db85Sdougm				change = remove_security(group, sectype,
25a68471Sdougm				    optlist, protocol, &ret);
6185db85Sdougm			}
6185db85Sdougm		} else {
6185db85Sdougm			sa_security_t security;
6185db85Sdougm			char *sec;
6185db85Sdougm			sec = sa_proto_space_alias(protocol, sectype);
6185db85Sdougm			security = sa_get_security(group, sec, protocol);
6185db85Sdougm			if (sec != NULL)
6185db85Sdougm				sa_free_attr_string(sec);
6185db85Sdougm			if (security != NULL) {
6185db85Sdougm				ret = sa_destroy_security(security);
6185db85Sdougm				if (ret == SA_OK)
6185db85Sdougm					change = 1;
6185db85Sdougm			} else {
6185db85Sdougm				ret = SA_NO_SUCH_PROP;
6185db85Sdougm			}
6185db85Sdougm		}
6185db85Sdougm		if (ret != SA_OK)
6185db85Sdougm			(void) printf(gettext("Could not unset property: %s\n"),
6185db85Sdougm			    sa_errorstr(ret));
6185db85Sdougm	}
6185db85Sdougm
6185db85Sdougm	if (ret == SA_OK && change)
da6c28aaSamw		worklist = add_list(worklist, group, 0, protocol);
25a68471Sdougm
6185db85Sdougm	free_opt(optlist);
6185db85Sdougm	/*
25a68471Sdougm	 * We have a group and potentially legal additions
6185db85Sdougm	 */
6185db85Sdougm
25a68471Sdougm	/* Commit to configuration if not a dryrun */
6185db85Sdougm	if (!dryrun && ret == 0) {
6185db85Sdougm		/* properties changed, so update all shares */
25a68471Sdougm		if (change && worklist != NULL)
25a68471Sdougm			(void) enable_all_groups(handle, worklist, 0, 0,
da6c28aaSamw			    protocol, B_TRUE);
549ec3ffSdougm		ret = sa_update_config(handle);
6185db85Sdougm	}
6185db85Sdougm	if (worklist != NULL)
6185db85Sdougm		free_list(worklist);
6185db85Sdougm	return (ret);
6185db85Sdougm}
6185db85Sdougm
6185db85Sdougm/*
6185db85Sdougm * sa_unset(flags, argc, argv)
6185db85Sdougm *
25a68471Sdougm * Implements the unset subcommand. Parsing done here and then basic
6185db85Sdougm * or space versions of the real code are called.
6185db85Sdougm */
6185db85Sdougm
6185db85Sdougmint
549ec3ffSdougmsa_unset(sa_handle_t handle, int flags, int argc, char *argv[])
6185db85Sdougm{
6185db85Sdougm	char *groupname;
6185db85Sdougm	int verbose = 0;
6185db85Sdougm	int dryrun = 0;
6185db85Sdougm	int c;
6185db85Sdougm	char *protocol = NULL;
6185db85Sdougm	int ret = SA_OK;
6185db85Sdougm	struct options *optlist = NULL;
da6c28aaSamw	char *rsrcname = NULL;
6185db85Sdougm	char *sharepath = NULL;
6185db85Sdougm	char *optset = NULL;
6185db85Sdougm	int auth;
6185db85Sdougm
da6c28aaSamw	while ((c = getopt(argc, argv, "?hvnP:p:r:s:S:")) != EOF) {
6185db85Sdougm		switch (c) {
6185db85Sdougm		case 'v':
6185db85Sdougm			verbose++;
6185db85Sdougm			break;
6185db85Sdougm		case 'n':
6185db85Sdougm			dryrun++;
6185db85Sdougm			break;
6185db85Sdougm		case 'P':
da6c28aaSamw			if (protocol != NULL) {
da6c28aaSamw				(void) printf(gettext(
da6c28aaSamw				    "Specifying multiple protocols "
da6c28aaSamw				    "not supported: %s\n"), protocol);
da6c28aaSamw				return (SA_SYNTAX_ERR);
da6c28aaSamw			}
6185db85Sdougm			protocol = optarg;
6185db85Sdougm			if (!sa_valid_protocol(protocol)) {
25a68471Sdougm				(void) printf(gettext(
25a68471Sdougm				    "Invalid protocol specified: %s\n"),
6185db85Sdougm				    protocol);
6185db85Sdougm				return (SA_INVALID_PROTOCOL);
6185db85Sdougm			}
6185db85Sdougm			break;
6185db85Sdougm		case 'p':
6185db85Sdougm			ret = add_opt(&optlist, optarg, 1);
6185db85Sdougm			switch (ret) {
6185db85Sdougm			case OPT_ADD_SYNTAX:
25a68471Sdougm				(void) printf(gettext("Property syntax error "
25a68471Sdougm				    "for property %s\n"), optarg);
6185db85Sdougm				return (SA_SYNTAX_ERR);
25a68471Sdougm
6185db85Sdougm			case OPT_ADD_PROPERTY:
25a68471Sdougm				(void) printf(gettext("Properties need to be "
25a68471Sdougm				    "set with set command: %s\n"), optarg);
6185db85Sdougm				return (SA_SYNTAX_ERR);
25a68471Sdougm
6185db85Sdougm			default:
6185db85Sdougm				break;
6185db85Sdougm			}
6185db85Sdougm			break;
da6c28aaSamw		case 'r':
da6c28aaSamw			/*
da6c28aaSamw			 * Unset properties on resource if applicable or on
da6c28aaSamw			 * share if resource for this protocol doesn't use
da6c28aaSamw			 * resources.
da6c28aaSamw			 */
da6c28aaSamw			if (rsrcname != NULL) {
da6c28aaSamw				(void) printf(gettext(
da6c28aaSamw				    "Unsetting multiple resource "
da6c28aaSamw				    "names not supported\n"));
da6c28aaSamw				return (SA_SYNTAX_ERR);
da6c28aaSamw			}
da6c28aaSamw			rsrcname = optarg;
da6c28aaSamw			break;
6185db85Sdougm		case 's':
da6c28aaSamw			if (sharepath != NULL) {
da6c28aaSamw				(void) printf(gettext(
da6c28aaSamw				    "Adding multiple shares not supported\n"));
da6c28aaSamw				return (SA_SYNTAX_ERR);
da6c28aaSamw			}
6185db85Sdougm			sharepath = optarg;
6185db85Sdougm			break;
6185db85Sdougm		case 'S':
da6c28aaSamw			if (optset != NULL) {
da6c28aaSamw				(void) printf(gettext(
da6c28aaSamw				    "Specifying multiple property "
da6c28aaSamw				    "spaces not supported: %s\n"), optset);
da6c28aaSamw				return (SA_SYNTAX_ERR);
da6c28aaSamw			}
6185db85Sdougm			optset = optarg;
6185db85Sdougm			break;
e7bab347Sdougm		case 'h':
e7bab347Sdougm			/* optopt on valid arg isn't defined */
e7bab347Sdougm			optopt = c;
e7bab347Sdougm			/*FALLTHROUGH*/
e7bab347Sdougm		case '?':
6185db85Sdougm		default:
e7bab347Sdougm			/*
e7bab347Sdougm			 * Since a bad option gets to here, sort it
e7bab347Sdougm			 * out and return a syntax error return value
e7bab347Sdougm			 * if necessary.
e7bab347Sdougm			 */
e7bab347Sdougm			switch (optopt) {
e7bab347Sdougm			default:
e7bab347Sdougm				ret = SA_SYNTAX_ERR;
e7bab347Sdougm				break;
6185db85Sdougm			case 'h':
6185db85Sdougm			case '?':
e7bab347Sdougm				break;
e7bab347Sdougm			}
6185db85Sdougm			(void) printf(gettext("usage: %s\n"),
6185db85Sdougm			    sa_get_usage(USAGE_UNSET));
e7bab347Sdougm			return (ret);
6185db85Sdougm		}
6185db85Sdougm	}
6185db85Sdougm
6185db85Sdougm	if (optlist != NULL)
6185db85Sdougm		ret = chk_opt(optlist, optset != NULL, protocol);
6185db85Sdougm
6185db85Sdougm	if (optind >= argc || (optlist == NULL && optset == NULL) ||
6185db85Sdougm	    protocol == NULL) {
6185db85Sdougm		char *sep = "\t";
25a68471Sdougm		(void) printf(gettext("usage: %s\n"),
25a68471Sdougm		    sa_get_usage(USAGE_UNSET));
6185db85Sdougm		if (optind >= argc) {
25a68471Sdougm			(void) printf(gettext("%sgroup must be specified"),
6185db85Sdougm			    sep);
6185db85Sdougm			sep = ", ";
6185db85Sdougm		}
25a68471Sdougm		if (optlist == NULL) {
25a68471Sdougm			(void) printf(gettext("%sat least one property must "
25a68471Sdougm			    "be specified"), sep);
25a68471Sdougm			sep = ", ";
25a68471Sdougm		}
6185db85Sdougm		if (protocol == NULL) {
25a68471Sdougm			(void) printf(gettext("%sprotocol must be specified"),
25a68471Sdougm			    sep);
6185db85Sdougm			sep = ", ";
6185db85Sdougm		}
6185db85Sdougm		(void) printf("\n");
6185db85Sdougm		ret = SA_SYNTAX_ERR;
6185db85Sdougm	} else {
6185db85Sdougm
6185db85Sdougm		/*
25a68471Sdougm		 * If a group already exists, we can only add a new
6185db85Sdougm		 * protocol to it and not create a new one or add the
6185db85Sdougm		 * same protocol again.
6185db85Sdougm		 */
6185db85Sdougm
6185db85Sdougm		groupname = argv[optind];
6185db85Sdougm		auth = check_authorizations(groupname, flags);
6185db85Sdougm		if (optset == NULL)
549ec3ffSdougm			ret = basic_unset(handle, groupname, optlist, protocol,
da6c28aaSamw			    sharepath, rsrcname, dryrun);
6185db85Sdougm		else
549ec3ffSdougm			ret = space_unset(handle, groupname, optlist, protocol,
6185db85Sdougm			    sharepath, dryrun, optset);
6185db85Sdougm
25a68471Sdougm		if (dryrun && ret == SA_OK && !auth && verbose)
6185db85Sdougm			(void) printf(gettext("Command would fail: %s\n"),
6185db85Sdougm			    sa_errorstr(SA_NO_PERMISSION));
6185db85Sdougm	}
6185db85Sdougm	return (ret);
6185db85Sdougm}
6185db85Sdougm
6185db85Sdougm/*
6185db85Sdougm * sa_enable_group(flags, argc, argv)
6185db85Sdougm *
6185db85Sdougm * Implements the enable subcommand
6185db85Sdougm */
6185db85Sdougm
6185db85Sdougmint
549ec3ffSdougmsa_enable_group(sa_handle_t handle, int flags, int argc, char *argv[])
6185db85Sdougm{
6185db85Sdougm	int verbose = 0;
6185db85Sdougm	int dryrun = 0;
6185db85Sdougm	int all = 0;
6185db85Sdougm	int c;
6185db85Sdougm	int ret = SA_OK;
6185db85Sdougm	char *protocol = NULL;
6185db85Sdougm	char *state;
6185db85Sdougm	struct list *worklist = NULL;
6185db85Sdougm	int auth = 1;
25a68471Sdougm	sa_group_t group;
6185db85Sdougm
6185db85Sdougm	while ((c = getopt(argc, argv, "?havnP:")) != EOF) {
6185db85Sdougm		switch (c) {
6185db85Sdougm		case 'a':
6185db85Sdougm			all = 1;
6185db85Sdougm			break;
6185db85Sdougm		case 'n':
6185db85Sdougm			dryrun++;
6185db85Sdougm			break;
6185db85Sdougm		case 'P':
da6c28aaSamw			if (protocol != NULL) {
da6c28aaSamw				(void) printf(gettext(
da6c28aaSamw				    "Specifying multiple protocols "
da6c28aaSamw				    "not supported: %s\n"), protocol);
da6c28aaSamw				return (SA_SYNTAX_ERR);
da6c28aaSamw			}
6185db85Sdougm			protocol = optarg;
6185db85Sdougm			if (!sa_valid_protocol(protocol)) {
25a68471Sdougm				(void) printf(gettext(
25a68471Sdougm				    "Invalid protocol specified: %s\n"),
6185db85Sdougm				    protocol);
6185db85Sdougm				return (SA_INVALID_PROTOCOL);
6185db85Sdougm			}
6185db85Sdougm			break;
6185db85Sdougm		case 'v':
6185db85Sdougm			verbose++;
6185db85Sdougm			break;
e7bab347Sdougm		case 'h':
e7bab347Sdougm			/* optopt on valid arg isn't defined */
e7bab347Sdougm			optopt = c;
e7bab347Sdougm			/*FALLTHROUGH*/
e7bab347Sdougm		case '?':
6185db85Sdougm		default:
e7bab347Sdougm			/*
e7bab347Sdougm			 * Since a bad option gets to here, sort it
e7bab347Sdougm			 * out and return a syntax error return value
e7bab347Sdougm			 * if necessary.
e7bab347Sdougm			 */
e7bab347Sdougm			switch (optopt) {
e7bab347Sdougm			default:
e7bab347Sdougm				ret = SA_SYNTAX_ERR;
e7bab347Sdougm				break;
6185db85Sdougm			case 'h':
6185db85Sdougm			case '?':
6185db85Sdougm				(void) printf(gettext("usage: %s\n"),
6185db85Sdougm				    sa_get_usage(USAGE_ENABLE));
e7bab347Sdougm				return (ret);
e7bab347Sdougm			}
6185db85Sdougm		}
6185db85Sdougm	}
6185db85Sdougm
6185db85Sdougm	if (optind == argc && !all) {
25a68471Sdougm		(void) printf(gettext("usage: %s\n"),
25a68471Sdougm		    sa_get_usage(USAGE_ENABLE));
6185db85Sdougm		(void) printf(gettext("\tmust specify group\n"));
25a68471Sdougm		return (SA_NO_SUCH_PATH);
25a68471Sdougm	}
6185db85Sdougm	if (!all) {
6185db85Sdougm		while (optind < argc) {
549ec3ffSdougm			group = sa_get_group(handle, argv[optind]);
6185db85Sdougm			if (group != NULL) {
25a68471Sdougm				auth &= check_authorizations(argv[optind],
25a68471Sdougm				    flags);
6185db85Sdougm				state = sa_get_group_attr(group, "state");
6185db85Sdougm				if (state != NULL &&
6185db85Sdougm				    strcmp(state, "enabled") == 0) {
6185db85Sdougm					/* already enabled */
6185db85Sdougm					if (verbose)
25a68471Sdougm						(void) printf(gettext(
25a68471Sdougm						    "Group \"%s\" is already "
6185db85Sdougm						    "enabled\n"),
6185db85Sdougm						    argv[optind]);
6185db85Sdougm					ret = SA_BUSY; /* already enabled */
6185db85Sdougm				} else {
25a68471Sdougm					worklist = add_list(worklist, group,
da6c28aaSamw					    0, protocol);
6185db85Sdougm					if (verbose)
25a68471Sdougm						(void) printf(gettext(
25a68471Sdougm						    "Enabling group \"%s\"\n"),
6185db85Sdougm						    argv[optind]);
6185db85Sdougm				}
6185db85Sdougm				if (state != NULL)
6185db85Sdougm					sa_free_attr_string(state);
6185db85Sdougm			} else {
6185db85Sdougm				ret = SA_NO_SUCH_GROUP;
6185db85Sdougm			}
6185db85Sdougm			optind++;
6185db85Sdougm		}
6185db85Sdougm	} else {
25a68471Sdougm		for (group = sa_get_group(handle, NULL);
25a68471Sdougm		    group != NULL;
6185db85Sdougm		    group = sa_get_next_group(group)) {
da6c28aaSamw			worklist = add_list(worklist, group, 0, protocol);
6185db85Sdougm		}
6185db85Sdougm	}
25a68471Sdougm	if (!dryrun && ret == SA_OK)
da6c28aaSamw		ret = enable_all_groups(handle, worklist, 1, 0, NULL, B_FALSE);
25a68471Sdougm
6185db85Sdougm	if (ret != SA_OK && ret != SA_BUSY)
6185db85Sdougm		(void) printf(gettext("Could not enable group: %s\n"),
6185db85Sdougm		    sa_errorstr(ret));
6185db85Sdougm	if (ret == SA_BUSY)
6185db85Sdougm		ret = SA_OK;
25a68471Sdougm
6185db85Sdougm	if (worklist != NULL)
6185db85Sdougm		free_list(worklist);
6185db85Sdougm	if (dryrun && ret == SA_OK && !auth && verbose) {
6185db85Sdougm		(void) printf(gettext("Command would fail: %s\n"),
6185db85Sdougm		    sa_errorstr(SA_NO_PERMISSION));
6185db85Sdougm	}
6185db85Sdougm	return (ret);
6185db85Sdougm}
6185db85Sdougm
6185db85Sdougm/*
da6c28aaSamw * disable_group(group, proto)
6185db85Sdougm *
da6c28aaSamw * Disable all the shares in the specified group.. This is a helper
da6c28aaSamw * for disable_all_groups in order to simplify regular and subgroup
da6c28aaSamw * (zfs) disabling. Group has already been checked for non-NULL.
6185db85Sdougm */
6185db85Sdougm
6185db85Sdougmstatic int
da6c28aaSamwdisable_group(sa_group_t group, char *proto)
6185db85Sdougm{
6185db85Sdougm	sa_share_t share;
6185db85Sdougm	int ret = SA_OK;
6185db85Sdougm
da6c28aaSamw	/*
da6c28aaSamw	 * If the protocol isn't enabled, skip it and treat as
da6c28aaSamw	 * successful.
da6c28aaSamw	 */
da6c28aaSamw	if (!has_protocol(group, proto))
da6c28aaSamw		return (ret);
da6c28aaSamw
6185db85Sdougm	for (share = sa_get_share(group, NULL);
6185db85Sdougm	    share != NULL && ret == SA_OK;
6185db85Sdougm	    share = sa_get_next_share(share)) {
da6c28aaSamw		ret = sa_disable_share(share, proto);
6185db85Sdougm		if (ret == SA_NO_SUCH_PATH) {
6185db85Sdougm			/*
6185db85Sdougm			 * this is OK since the path is gone. we can't
6185db85Sdougm			 * re-share it anyway so no error.
6185db85Sdougm			 */
6185db85Sdougm			ret = SA_OK;
6185db85Sdougm		}
6185db85Sdougm	}
6185db85Sdougm	return (ret);
6185db85Sdougm}
6185db85Sdougm
6185db85Sdougm/*
6185db85Sdougm * disable_all_groups(work, setstate)
6185db85Sdougm *
6185db85Sdougm * helper function that disables the shares in the list of groups
6185db85Sdougm * provided. It optionally marks the group as disabled. Used by both
6185db85Sdougm * enable and start subcommands.
6185db85Sdougm */
6185db85Sdougm
6185db85Sdougmstatic int
549ec3ffSdougmdisable_all_groups(sa_handle_t handle, struct list *work, int setstate)
6185db85Sdougm{
6185db85Sdougm	int ret = SA_OK;
6185db85Sdougm	sa_group_t subgroup, group;
6185db85Sdougm
6185db85Sdougm	while (work != NULL && ret == SA_OK) {
6185db85Sdougm		group = (sa_group_t)work->item;
6185db85Sdougm		if (setstate)
6185db85Sdougm			ret = sa_set_group_attr(group, "state", "disabled");
6185db85Sdougm		if (ret == SA_OK) {
6185db85Sdougm			char *name;
6185db85Sdougm			name = sa_get_group_attr(group, "name");
6185db85Sdougm			if (name != NULL && strcmp(name, "zfs") == 0) {
6185db85Sdougm				/* need to get the sub-groups for stopping */
25a68471Sdougm				for (subgroup = sa_get_sub_group(group);
25a68471Sdougm				    subgroup != NULL;
6185db85Sdougm				    subgroup = sa_get_next_group(subgroup)) {
da6c28aaSamw					ret = disable_group(subgroup,
da6c28aaSamw					    work->proto);
6185db85Sdougm				}
6185db85Sdougm			} else {
da6c28aaSamw				ret = disable_group(group, work->proto);
6185db85Sdougm			}
6185db85Sdougm			/*
25a68471Sdougm			 * We don't want to "disable" since it won't come
6185db85Sdougm			 * up after a reboot.  The SMF framework should do
6185db85Sdougm			 * the right thing. On enable we do want to do
6185db85Sdougm			 * something.
6185db85Sdougm			 */
6185db85Sdougm		}
6185db85Sdougm		work = work->next;
6185db85Sdougm	}
6185db85Sdougm	if (ret == SA_OK)
549ec3ffSdougm		ret = sa_update_config(handle);
6185db85Sdougm	return (ret);
6185db85Sdougm}
6185db85Sdougm
6185db85Sdougm/*
6185db85Sdougm * sa_disable_group(flags, argc, argv)
6185db85Sdougm *
6185db85Sdougm * Implements the disable subcommand
6185db85Sdougm */
6185db85Sdougm
6185db85Sdougmint
549ec3ffSdougmsa_disable_group(sa_handle_t handle, int flags, int argc, char *argv[])
6185db85Sdougm{
6185db85Sdougm	int verbose = 0;
6185db85Sdougm	int dryrun = 0;
6185db85Sdougm	int all = 0;
6185db85Sdougm	int c;
6185db85Sdougm	int ret = SA_OK;
da6c28aaSamw	char *protocol = NULL;
6185db85Sdougm	char *state;
6185db85Sdougm	struct list *worklist = NULL;
25a68471Sdougm	sa_group_t group;
6185db85Sdougm	int auth = 1;
6185db85Sdougm
6185db85Sdougm	while ((c = getopt(argc, argv, "?havn")) != EOF) {
6185db85Sdougm		switch (c) {
6185db85Sdougm		case 'a':
6185db85Sdougm			all = 1;
6185db85Sdougm			break;
6185db85Sdougm		case 'n':
6185db85Sdougm			dryrun++;
6185db85Sdougm			break;
6185db85Sdougm		case 'P':
da6c28aaSamw			if (protocol != NULL) {
da6c28aaSamw				(void) printf(gettext(
da6c28aaSamw				    "Specifying multiple protocols "
da6c28aaSamw				    "not supported: %s\n"), protocol);
da6c28aaSamw				return (SA_SYNTAX_ERR);
da6c28aaSamw			}
6185db85Sdougm			protocol = optarg;
6185db85Sdougm			if (!sa_valid_protocol(protocol)) {
25a68471Sdougm				(void) printf(gettext(
25a68471Sdougm				    "Invalid protocol specified: %s\n"),
6185db85Sdougm				    protocol);
6185db85Sdougm				return (SA_INVALID_PROTOCOL);
6185db85Sdougm			}
6185db85Sdougm			break;
6185db85Sdougm		case 'v':
6185db85Sdougm			verbose++;
6185db85Sdougm			break;
e7bab347Sdougm		case 'h':
e7bab347Sdougm			/* optopt on valid arg isn't defined */
e7bab347Sdougm			optopt = c;
e7bab347Sdougm			/*FALLTHROUGH*/
e7bab347Sdougm		case '?':
6185db85Sdougm		default:
e7bab347Sdougm			/*
e7bab347Sdougm			 * Since a bad option gets to here, sort it
e7bab347Sdougm			 * out and return a syntax error return value
e7bab347Sdougm			 * if necessary.
e7bab347Sdougm			 */
e7bab347Sdougm			switch (optopt) {
e7bab347Sdougm			default:
e7bab347Sdougm				ret = SA_SYNTAX_ERR;
e7bab347Sdougm				break;
6185db85Sdougm			case 'h':
6185db85Sdougm			case '?':
e7bab347Sdougm				break;
e7bab347Sdougm			}
6185db85Sdougm			(void) printf(gettext("usage: %s\n"),
6185db85Sdougm			    sa_get_usage(USAGE_DISABLE));
e7bab347Sdougm			return (ret);
6185db85Sdougm		}
6185db85Sdougm	}
6185db85Sdougm
6185db85Sdougm	if (optind == argc && !all) {
6185db85Sdougm		(void) printf(gettext("usage: %s\n"),
6185db85Sdougm		    sa_get_usage(USAGE_DISABLE));
6185db85Sdougm		(void) printf(gettext("\tmust specify group\n"));
25a68471Sdougm		return (SA_NO_SUCH_PATH);
25a68471Sdougm	}
6185db85Sdougm	if (!all) {
6185db85Sdougm		while (optind < argc) {
549ec3ffSdougm			group = sa_get_group(handle, argv[optind]);
6185db85Sdougm			if (group != NULL) {
25a68471Sdougm				auth &= check_authorizations(argv[optind],
25a68471Sdougm				    flags);
6185db85Sdougm				state = sa_get_group_attr(group, "state");
6185db85Sdougm				if (state == NULL ||
6185db85Sdougm				    strcmp(state, "disabled") == 0) {
6185db85Sdougm					/* already disabled */
6185db85Sdougm					if (verbose)
25a68471Sdougm						(void) printf(gettext(
25a68471Sdougm						    "Group \"%s\" is "
6185db85Sdougm						    "already disabled\n"),
6185db85Sdougm						    argv[optind]);
da6c28aaSamw					ret = SA_BUSY; /* already disabled */
6185db85Sdougm				} else {
da6c28aaSamw					worklist = add_list(worklist, group, 0,
da6c28aaSamw					    protocol);
6185db85Sdougm					if (verbose)
25a68471Sdougm						(void) printf(gettext(
25a68471Sdougm						    "Disabling group "
25a68471Sdougm						    "\"%s\"\n"), argv[optind]);
6185db85Sdougm				}
6185db85Sdougm				if (state != NULL)
6185db85Sdougm					sa_free_attr_string(state);
6185db85Sdougm			} else {
6185db85Sdougm				ret = SA_NO_SUCH_GROUP;
6185db85Sdougm			}
6185db85Sdougm			optind++;
6185db85Sdougm		}
6185db85Sdougm	} else {
25a68471Sdougm		for (group = sa_get_group(handle, NULL);
25a68471Sdougm		    group != NULL;
25a68471Sdougm		    group = sa_get_next_group(group))
da6c28aaSamw			worklist = add_list(worklist, group, 0, protocol);
6185db85Sdougm	}
25a68471Sdougm
25a68471Sdougm	if (ret == SA_OK && !dryrun)
549ec3ffSdougm		ret = disable_all_groups(handle, worklist, 1);
6185db85Sdougm	if (ret != SA_OK && ret != SA_BUSY)
6185db85Sdougm		(void) printf(gettext("Could not disable group: %s\n"),
6185db85Sdougm		    sa_errorstr(ret));
6185db85Sdougm	if (ret == SA_BUSY)
6185db85Sdougm		ret = SA_OK;
6185db85Sdougm	if (worklist != NULL)
6185db85Sdougm		free_list(worklist);
25a68471Sdougm	if (dryrun && ret == SA_OK && !auth && verbose)
6185db85Sdougm		(void) printf(gettext("Command would fail: %s\n"),
6185db85Sdougm		    sa_errorstr(SA_NO_PERMISSION));
6185db85Sdougm	return (ret);
6185db85Sdougm}
6185db85Sdougm
6185db85Sdougm/*
6185db85Sdougm * sa_start_group(flags, argc, argv)
6185db85Sdougm *
6185db85Sdougm * Implements the start command.
6185db85Sdougm * This is similar to enable except it doesn't change the state
6185db85Sdougm * of the group(s) and only enables shares if the group is already
6185db85Sdougm * enabled.
6185db85Sdougm */
da6c28aaSamw
6185db85Sdougmint
549ec3ffSdougmsa_start_group(sa_handle_t handle, int flags, int argc, char *argv[])
6185db85Sdougm{
6185db85Sdougm	int verbose = 0;
6185db85Sdougm	int all = 0;
6185db85Sdougm	int c;
6185db85Sdougm	int ret = SMF_EXIT_OK;
6185db85Sdougm	char *protocol = NULL;
6185db85Sdougm	char *state;
6185db85Sdougm	struct list *worklist = NULL;
25a68471Sdougm	sa_group_t group;
da6c28aaSamw#ifdef lint
da6c28aaSamw	flags = flags;
da6c28aaSamw#endif
6185db85Sdougm
6185db85Sdougm	while ((c = getopt(argc, argv, "?havP:")) != EOF) {
6185db85Sdougm		switch (c) {
6185db85Sdougm		case 'a':
6185db85Sdougm			all = 1;
6185db85Sdougm			break;
6185db85Sdougm		case 'P':
da6c28aaSamw			if (protocol != NULL) {
da6c28aaSamw				(void) printf(gettext(
da6c28aaSamw				    "Specifying multiple protocols "
da6c28aaSamw				    "not supported: %s\n"), protocol);
da6c28aaSamw				return (SA_SYNTAX_ERR);
da6c28aaSamw			}
6185db85Sdougm			protocol = optarg;
6185db85Sdougm			if (!sa_valid_protocol(protocol)) {
25a68471Sdougm				(void) printf(gettext(
25a68471Sdougm				    "Invalid protocol specified: %s\n"),
6185db85Sdougm				    protocol);
6185db85Sdougm				return (SA_INVALID_PROTOCOL);
6185db85Sdougm			}
6185db85Sdougm			break;
6185db85Sdougm		case 'v':
6185db85Sdougm			verbose++;
6185db85Sdougm			break;
e7bab347Sdougm		case 'h':
e7bab347Sdougm			/* optopt on valid arg isn't defined */
e7bab347Sdougm			optopt = c;
e7bab347Sdougm			/*FALLTHROUGH*/
e7bab347Sdougm		case '?':
6185db85Sdougm		default:
e7bab347Sdougm			/*
e7bab347Sdougm			 * Since a bad option gets to here, sort it
e7bab347Sdougm			 * out and return a syntax error return value
e7bab347Sdougm			 * if necessary.
e7bab347Sdougm			 */
e7bab347Sdougm			ret = SA_OK;
e7bab347Sdougm			switch (optopt) {
e7bab347Sdougm			default:
e7bab347Sdougm				ret = SA_SYNTAX_ERR;
e7bab347Sdougm				break;
6185db85Sdougm			case 'h':
6185db85Sdougm			case '?':
e7bab347Sdougm				break;
e7bab347Sdougm			}
6185db85Sdougm			(void) printf(gettext("usage: %s\n"),
6185db85Sdougm			    sa_get_usage(USAGE_START));
e7bab347Sdougm			return (ret);
6185db85Sdougm		}
6185db85Sdougm	}
6185db85Sdougm
6185db85Sdougm	if (optind == argc && !all) {
6185db85Sdougm		(void) printf(gettext("usage: %s\n"),
6185db85Sdougm		    sa_get_usage(USAGE_START));
25a68471Sdougm		return (SMF_EXIT_ERR_FATAL);
25a68471Sdougm	}
6185db85Sdougm
6185db85Sdougm	if (!all) {
6185db85Sdougm		while (optind < argc) {
549ec3ffSdougm			group = sa_get_group(handle, argv[optind]);
6185db85Sdougm			if (group != NULL) {
6185db85Sdougm				state = sa_get_group_attr(group, "state");
6185db85Sdougm				if (state == NULL ||
6185db85Sdougm				    strcmp(state, "enabled") == 0) {
da6c28aaSamw					worklist = add_list(worklist, group, 0,
da6c28aaSamw					    protocol);
6185db85Sdougm					if (verbose)
25a68471Sdougm						(void) printf(gettext(
25a68471Sdougm						    "Starting group \"%s\"\n"),
6185db85Sdougm						    argv[optind]);
6185db85Sdougm				} else {
6185db85Sdougm					/*
25a68471Sdougm					 * Determine if there are any
da6c28aaSamw					 * protocols.  If there aren't any,
6185db85Sdougm					 * then there isn't anything to do in
6185db85Sdougm					 * any case so no error.
6185db85Sdougm					 */
25a68471Sdougm					if (sa_get_optionset(group,
25a68471Sdougm					    protocol) != NULL) {
6185db85Sdougm						ret = SMF_EXIT_OK;
6185db85Sdougm					}
6185db85Sdougm				}
6185db85Sdougm				if (state != NULL)
6185db85Sdougm					sa_free_attr_string(state);
6185db85Sdougm			}
6185db85Sdougm			optind++;
6185db85Sdougm		}
6185db85Sdougm	} else {
da6c28aaSamw		for (group = sa_get_group(handle, NULL);
da6c28aaSamw		    group != NULL;
6185db85Sdougm		    group = sa_get_next_group(group)) {
6185db85Sdougm			state = sa_get_group_attr(group, "state");
6185db85Sdougm			if (state == NULL || strcmp(state, "enabled") == 0)
da6c28aaSamw				worklist = add_list(worklist, group, 0,
da6c28aaSamw				    protocol);
6185db85Sdougm			if (state != NULL)
6185db85Sdougm				sa_free_attr_string(state);
6185db85Sdougm		}
6185db85Sdougm	}
25a68471Sdougm
da6c28aaSamw	(void) enable_all_groups(handle, worklist, 0, 1, protocol, B_FALSE);
25a68471Sdougm
6185db85Sdougm	if (worklist != NULL)
6185db85Sdougm		free_list(worklist);
6185db85Sdougm	return (ret);
6185db85Sdougm}
6185db85Sdougm
6185db85Sdougm/*
6185db85Sdougm * sa_stop_group(flags, argc, argv)
6185db85Sdougm *
6185db85Sdougm * Implements the stop command.
6185db85Sdougm * This is similar to disable except it doesn't change the state
6185db85Sdougm * of the group(s) and only disables shares if the group is already
6185db85Sdougm * enabled.
6185db85Sdougm */
6185db85Sdougmint
549ec3ffSdougmsa_stop_group(sa_handle_t handle, int flags, int argc, char *argv[])
6185db85Sdougm{
6185db85Sdougm	int verbose = 0;
6185db85Sdougm	int all = 0;
6185db85Sdougm	int c;
6185db85Sdougm	int ret = SMF_EXIT_OK;
6185db85Sdougm	char *protocol = NULL;
6185db85Sdougm	char *state;
6185db85Sdougm	struct list *worklist = NULL;
25a68471Sdougm	sa_group_t group;
da6c28aaSamw#ifdef lint
da6c28aaSamw	flags = flags;
da6c28aaSamw#endif
6185db85Sdougm
6185db85Sdougm	while ((c = getopt(argc, argv, "?havP:")) != EOF) {
6185db85Sdougm		switch (c) {
6185db85Sdougm		case 'a':
6185db85Sdougm			all = 1;
6185db85Sdougm			break;
6185db85Sdougm		case 'P':
da6c28aaSamw			if (protocol != NULL) {
da6c28aaSamw				(void) printf(gettext(
da6c28aaSamw				    "Specifying multiple protocols "
da6c28aaSamw				    "not supported: %s\n"), protocol);
da6c28aaSamw				return (SA_SYNTAX_ERR);
da6c28aaSamw			}
6185db85Sdougm			protocol = optarg;
6185db85Sdougm			if (!sa_valid_protocol(protocol)) {
25a68471Sdougm				(void) printf(gettext(
25a68471Sdougm				    "Invalid protocol specified: %s\n"),
6185db85Sdougm				    protocol);
6185db85Sdougm				return (SA_INVALID_PROTOCOL);
6185db85Sdougm			}
6185db85Sdougm			break;
6185db85Sdougm		case 'v':
6185db85Sdougm			verbose++;
6185db85Sdougm			break;
e7bab347Sdougm		case 'h':
e7bab347Sdougm			/* optopt on valid arg isn't defined */
e7bab347Sdougm			optopt = c;
e7bab347Sdougm			/*FALLTHROUGH*/
e7bab347Sdougm		case '?':
6185db85Sdougm		default:
e7bab347Sdougm			/*
e7bab347Sdougm			 * Since a bad option gets to here, sort it
e7bab347Sdougm			 * out and return a syntax error return value
e7bab347Sdougm			 * if necessary.
e7bab347Sdougm			 */
e7bab347Sdougm			ret = SA_OK;
e7bab347Sdougm			switch (optopt) {
e7bab347Sdougm			default:
e7bab347Sdougm				ret = SA_SYNTAX_ERR;
e7bab347Sdougm				break;
6185db85Sdougm			case 'h':
6185db85Sdougm			case '?':
e7bab347Sdougm				break;
e7bab347Sdougm			}
6185db85Sdougm			(void) printf(gettext("usage: %s\n"),
6185db85Sdougm			    sa_get_usage(USAGE_STOP));
e7bab347Sdougm			return (ret);
6185db85Sdougm		}
6185db85Sdougm	}
6185db85Sdougm
6185db85Sdougm	if (optind == argc && !all) {
25a68471Sdougm		(void) printf(gettext("usage: %s\n"),
25a68471Sdougm		    sa_get_usage(USAGE_STOP));
25a68471Sdougm		return (SMF_EXIT_ERR_FATAL);
25a68471Sdougm	} else if (!all) {
6185db85Sdougm		while (optind < argc) {
549ec3ffSdougm			group = sa_get_group(handle, argv[optind]);
6185db85Sdougm			if (group != NULL) {
6185db85Sdougm				state = sa_get_group_attr(group, "state");
6185db85Sdougm				if (state == NULL ||
6185db85Sdougm				    strcmp(state, "enabled") == 0) {
da6c28aaSamw					worklist = add_list(worklist, group, 0,
da6c28aaSamw					    protocol);
6185db85Sdougm					if (verbose)
25a68471Sdougm						(void) printf(gettext(
25a68471Sdougm						    "Stopping group \"%s\"\n"),
6185db85Sdougm						    argv[optind]);
6185db85Sdougm				} else {
6185db85Sdougm					ret = SMF_EXIT_OK;
6185db85Sdougm				}
6185db85Sdougm				if (state != NULL)
6185db85Sdougm					sa_free_attr_string(state);
6185db85Sdougm			}
6185db85Sdougm			optind++;
6185db85Sdougm		}
6185db85Sdougm	} else {
da6c28aaSamw		for (group = sa_get_group(handle, NULL);
da6c28aaSamw		    group != NULL;
6185db85Sdougm		    group = sa_get_next_group(group)) {
6185db85Sdougm			state = sa_get_group_attr(group, "state");
6185db85Sdougm			if (state == NULL || strcmp(state, "enabled") == 0)
da6c28aaSamw				worklist = add_list(worklist, group, 0,
da6c28aaSamw				    protocol);
6185db85Sdougm			if (state != NULL)
6185db85Sdougm				sa_free_attr_string(state);
6185db85Sdougm		}
6185db85Sdougm	}
549ec3ffSdougm	(void) disable_all_groups(handle, worklist, 0);
549ec3ffSdougm	ret = sa_update_config(handle);
25a68471Sdougm
6185db85Sdougm	if (worklist != NULL)
6185db85Sdougm		free_list(worklist);
6185db85Sdougm	return (ret);
6185db85Sdougm}
6185db85Sdougm
6185db85Sdougm/*
6185db85Sdougm * remove_all_options(share, proto)
6185db85Sdougm *
6185db85Sdougm * Removes all options on a share.
6185db85Sdougm */
6185db85Sdougm
6185db85Sdougmstatic void
6185db85Sdougmremove_all_options(sa_share_t share, char *proto)
6185db85Sdougm{
6185db85Sdougm	sa_optionset_t optionset;
6185db85Sdougm	sa_security_t security;
6185db85Sdougm	sa_security_t prevsec = NULL;
6185db85Sdougm
6185db85Sdougm	optionset = sa_get_optionset(share, proto);
6185db85Sdougm	if (optionset != NULL)
6185db85Sdougm		(void) sa_destroy_optionset(optionset);
6185db85Sdougm	for (security = sa_get_security(share, NULL, NULL);
6185db85Sdougm	    security != NULL;
6185db85Sdougm	    security = sa_get_next_security(security)) {
6185db85Sdougm		char *type;
6185db85Sdougm		/*
25a68471Sdougm		 * We walk through the list.  prevsec keeps the
6185db85Sdougm		 * previous security so we can delete it without
6185db85Sdougm		 * destroying the list.
6185db85Sdougm		 */
6185db85Sdougm		if (prevsec != NULL) {
6185db85Sdougm			/* remove the previously seen security */
6185db85Sdougm			(void) sa_destroy_security(prevsec);
6185db85Sdougm			/* set to NULL so we don't try multiple times */
6185db85Sdougm			prevsec = NULL;
6185db85Sdougm		}
6185db85Sdougm		type = sa_get_security_attr(security, "type");
6185db85Sdougm		if (type != NULL) {
6185db85Sdougm			/*
6185db85Sdougm			 * if the security matches the specified protocol, we
6185db85Sdougm			 * want to remove it. prevsec holds it until either
6185db85Sdougm			 * the next pass or we fall out of the loop.
6185db85Sdougm			 */
6185db85Sdougm			if (strcmp(type, proto) == 0)
6185db85Sdougm				prevsec = security;
6185db85Sdougm			sa_free_attr_string(type);
6185db85Sdougm		}
6185db85Sdougm	}
6185db85Sdougm	/* in case there is one left */
6185db85Sdougm	if (prevsec != NULL)
6185db85Sdougm		(void) sa_destroy_security(prevsec);
6185db85Sdougm}
6185db85Sdougm
6185db85Sdougm
6185db85Sdougm/*
6185db85Sdougm * for legacy support, we need to handle the old syntax. This is what
6185db85Sdougm * we get if sharemgr is called with the name "share" rather than
6185db85Sdougm * sharemgr.
6185db85Sdougm */
6185db85Sdougm
6185db85Sdougmstatic int
6185db85Sdougmformat_legacy_path(char *buff, int buffsize, char *proto, char *cmd)
6185db85Sdougm{
6185db85Sdougm	int err;
6185db85Sdougm
6185db85Sdougm	err = snprintf(buff, buffsize, "/usr/lib/fs/%s/%s", proto, cmd);
6185db85Sdougm	if (err > buffsize)
6185db85Sdougm		return (-1);
6185db85Sdougm	return (0);
6185db85Sdougm}
6185db85Sdougm
6185db85Sdougm
6185db85Sdougm/*
6185db85Sdougm * check_legacy_cmd(proto, cmd)
6185db85Sdougm *
6185db85Sdougm * Check to see if the cmd exists in /usr/lib/fs/<proto>/<cmd> and is
6185db85Sdougm * executable.
6185db85Sdougm */
6185db85Sdougm
6185db85Sdougmstatic int
6185db85Sdougmcheck_legacy_cmd(char *path)
6185db85Sdougm{
6185db85Sdougm	struct stat st;
6185db85Sdougm	int ret = 0;
6185db85Sdougm
6185db85Sdougm	if (stat(path, &st) == 0) {
25a68471Sdougm		if (S_ISREG(st.st_mode) &&
25a68471Sdougm		    st.st_mode & (S_IXUSR|S_IXGRP|S_IXOTH))
6185db85Sdougm			ret = 1;
6185db85Sdougm	}
6185db85Sdougm	return (ret);
6185db85Sdougm}
6185db85Sdougm
6185db85Sdougm/*
6185db85Sdougm * run_legacy_command(proto, cmd, argv)
6185db85Sdougm *
25a68471Sdougm * We know the command exists, so attempt to execute it with all the
6185db85Sdougm * arguments. This implements full legacy share support for those
6185db85Sdougm * protocols that don't have plugin providers.
6185db85Sdougm */
6185db85Sdougm
6185db85Sdougmstatic int
6185db85Sdougmrun_legacy_command(char *path, char *argv[])
6185db85Sdougm{
6185db85Sdougm	int ret;
6185db85Sdougm
6185db85Sdougm	ret = execv(path, argv);
6185db85Sdougm	if (ret < 0) {
6185db85Sdougm		switch (errno) {
6185db85Sdougm		case EACCES:
6185db85Sdougm			ret = SA_NO_PERMISSION;
6185db85Sdougm			break;
6185db85Sdougm		default:
6185db85Sdougm			ret = SA_SYSTEM_ERR;
6185db85Sdougm			break;
6185db85Sdougm		}
6185db85Sdougm	}
6185db85Sdougm	return (ret);
6185db85Sdougm}
6185db85Sdougm
6185db85Sdougm/*
f345c0beSdougm * out_share(out, group, proto)
6185db85Sdougm *
6185db85Sdougm * Display the share information in the format that the "share"
6185db85Sdougm * command has traditionally used.
6185db85Sdougm */
6185db85Sdougm
6185db85Sdougmstatic void
f345c0beSdougmout_share(FILE *out, sa_group_t group, char *proto)
6185db85Sdougm{
6185db85Sdougm	sa_share_t share;
6185db85Sdougm	char resfmt[128];
da6c28aaSamw	char *defprop;
da6c28aaSamw
da6c28aaSamw	/*
da6c28aaSamw	 * The original share command defaulted to displaying NFS
da6c28aaSamw	 * shares or allowed a protocol to be specified. We want to
da6c28aaSamw	 * skip those shares that are not the specified protocol.
da6c28aaSamw	 */
da6c28aaSamw	if (proto != NULL && sa_get_optionset(group, proto) == NULL)
da6c28aaSamw		return;
da6c28aaSamw
da6c28aaSamw	if (proto == NULL)
da6c28aaSamw		proto = "nfs";
da6c28aaSamw
da6c28aaSamw	/*
da6c28aaSamw	 * get the default property string.  NFS uses "rw" but
da6c28aaSamw	 * everything else will use "".
da6c28aaSamw	 */
da6c28aaSamw	if (proto != NULL && strcmp(proto, "nfs") != 0)
da6c28aaSamw		defprop = "\"\"";
da6c28aaSamw	else
da6c28aaSamw		defprop = "rw";
6185db85Sdougm
25a68471Sdougm	for (share = sa_get_share(group, NULL);
25a68471Sdougm	    share != NULL;
6185db85Sdougm	    share = sa_get_next_share(share)) {
6185db85Sdougm		char *path;
6185db85Sdougm		char *type;
6185db85Sdougm		char *resource;
6185db85Sdougm		char *description;
6185db85Sdougm		char *groupname;
6185db85Sdougm		char *sharedstate;
6185db85Sdougm		int shared = 1;
6185db85Sdougm		char *soptions;
da6c28aaSamw		char shareopts[MAXNAMLEN];
6185db85Sdougm
6185db85Sdougm		sharedstate = sa_get_share_attr(share, "shared");
6185db85Sdougm		path = sa_get_share_attr(share, "path");
6185db85Sdougm		type = sa_get_share_attr(share, "type");
da6c28aaSamw		resource = get_resource(share);
6185db85Sdougm		groupname = sa_get_group_attr(group, "name");
6185db85Sdougm
6185db85Sdougm		if (groupname != NULL && strcmp(groupname, "default") == 0) {
6185db85Sdougm			sa_free_attr_string(groupname);
6185db85Sdougm			groupname = NULL;
6185db85Sdougm		}
6185db85Sdougm		description = sa_get_share_description(share);
f345c0beSdougm
da6c28aaSamw		/*
da6c28aaSamw		 * Want the sharetab version if it exists, defaulting
da6c28aaSamw		 * to NFS if no protocol specified.
da6c28aaSamw		 */
da6c28aaSamw		(void) snprintf(shareopts, MAXNAMLEN, "shareopts-%s", proto);
da6c28aaSamw		soptions = sa_get_share_attr(share, shareopts);
6185db85Sdougm
6185db85Sdougm		if (sharedstate == NULL)
6185db85Sdougm			shared = 0;
6185db85Sdougm
f345c0beSdougm		if (soptions == NULL)
6185db85Sdougm			soptions = sa_proto_legacy_format(proto, share, 1);
6185db85Sdougm
6185db85Sdougm		if (shared) {
f345c0beSdougm			/* only active shares go here */
6185db85Sdougm			(void) snprintf(resfmt, sizeof (resfmt), "%s%s%s",
6185db85Sdougm			    resource != NULL ? resource : "-",
6185db85Sdougm			    groupname != NULL ? "@" : "",
6185db85Sdougm			    groupname != NULL ? groupname : "");
6185db85Sdougm			(void) fprintf(out, "%-14.14s  %s   %s   \"%s\"  \n",
25a68471Sdougm			    resfmt, path,
6185db85Sdougm			    (soptions != NULL && strlen(soptions) > 0) ?
da6c28aaSamw			    soptions : defprop,
6185db85Sdougm			    (description != NULL) ? description : "");
6185db85Sdougm		}
6185db85Sdougm
6185db85Sdougm		if (path != NULL)
6185db85Sdougm			sa_free_attr_string(path);
6185db85Sdougm		if (type != NULL)
6185db85Sdougm			sa_free_attr_string(type);
6185db85Sdougm		if (resource != NULL)
6185db85Sdougm			sa_free_attr_string(resource);
6185db85Sdougm		if (groupname != NULL)
6185db85Sdougm			sa_free_attr_string(groupname);
6185db85Sdougm		if (description != NULL)
6185db85Sdougm			sa_free_share_description(description);
6185db85Sdougm		if (sharedstate != NULL)
6185db85Sdougm			sa_free_attr_string(sharedstate);
f345c0beSdougm		if (soptions != NULL)
6185db85Sdougm			sa_format_free(soptions);
6185db85Sdougm	}
6185db85Sdougm}
6185db85Sdougm
6185db85Sdougm/*
6185db85Sdougm * output_legacy_file(out, proto)
6185db85Sdougm *
6185db85Sdougm * Walk all of the groups for the specified protocol and call
6185db85Sdougm * out_share() to format and write in the format displayed by the
6185db85Sdougm * "share" command with no arguments.
6185db85Sdougm */
6185db85Sdougm
6185db85Sdougmstatic void
549ec3ffSdougmoutput_legacy_file(FILE *out, char *proto, sa_handle_t handle)
6185db85Sdougm{
6185db85Sdougm	sa_group_t group;
6185db85Sdougm
da6c28aaSamw	for (group = sa_get_group(handle, NULL);
da6c28aaSamw	    group != NULL;
6185db85Sdougm	    group = sa_get_next_group(group)) {
6185db85Sdougm		char *zfs;
6185db85Sdougm
6185db85Sdougm		/*
da6c28aaSamw		 * Go through all the groups and ZFS
da6c28aaSamw		 * sub-groups. out_share() will format the shares in
da6c28aaSamw		 * the group appropriately.
6185db85Sdougm		 */
6185db85Sdougm
6185db85Sdougm		zfs = sa_get_group_attr(group, "zfs");
6185db85Sdougm		if (zfs != NULL) {
6185db85Sdougm			sa_group_t zgroup;
6185db85Sdougm			sa_free_attr_string(zfs);
25a68471Sdougm			for (zgroup = sa_get_sub_group(group);
25a68471Sdougm			    zgroup != NULL;
6185db85Sdougm			    zgroup = sa_get_next_group(zgroup)) {
6185db85Sdougm
6185db85Sdougm				/* got a group, so display it */
f345c0beSdougm				out_share(out, zgroup, proto);
6185db85Sdougm			}
6185db85Sdougm		} else {
f345c0beSdougm			out_share(out, group, proto);
6185db85Sdougm		}
6185db85Sdougm	}
6185db85Sdougm}
6185db85Sdougm
6185db85Sdougmint
549ec3ffSdougmsa_legacy_share(sa_handle_t handle, int flags, int argc, char *argv[])
6185db85Sdougm{
6185db85Sdougm	char *protocol = "nfs";
6185db85Sdougm	char *options = NULL;
6185db85Sdougm	char *description = NULL;
6185db85Sdougm	char *groupname = NULL;
6185db85Sdougm	char *sharepath = NULL;
6185db85Sdougm	char *resource = NULL;
6185db85Sdougm	char *groupstatus = NULL;
6185db85Sdougm	int persist = SA_SHARE_TRANSIENT;
6185db85Sdougm	int argsused = 0;
6185db85Sdougm	int c;
6185db85Sdougm	int ret = SA_OK;
6185db85Sdougm	int zfs = 0;
6185db85Sdougm	int true_legacy = 0;
6185db85Sdougm	int curtype = SA_SHARE_TRANSIENT;
6185db85Sdougm	char cmd[MAXPATHLEN];
25a68471Sdougm	sa_group_t group = NULL;
da6c28aaSamw	sa_resource_t rsrc = NULL;
25a68471Sdougm	sa_share_t share;
25a68471Sdougm	char dir[MAXPATHLEN];
da6c28aaSamw	uint64_t features;
da6c28aaSamw#ifdef lint
da6c28aaSamw	flags = flags;
da6c28aaSamw#endif
6185db85Sdougm
6185db85Sdougm	while ((c = getopt(argc, argv, "?hF:d:o:p")) != EOF) {
6185db85Sdougm		switch (c) {
6185db85Sdougm		case 'd':
6185db85Sdougm			description = optarg;
6185db85Sdougm			argsused++;
6185db85Sdougm			break;
6185db85Sdougm		case 'F':
6185db85Sdougm			protocol = optarg;
6185db85Sdougm			if (!sa_valid_protocol(protocol)) {
6185db85Sdougm				if (format_legacy_path(cmd, MAXPATHLEN,
25a68471Sdougm				    protocol, "share") == 0 &&
25a68471Sdougm				    check_legacy_cmd(cmd)) {
6185db85Sdougm					true_legacy++;
6185db85Sdougm				} else {
25a68471Sdougm					(void) fprintf(stderr, gettext(
25a68471Sdougm					    "Invalid protocol specified: "
25a68471Sdougm					    "%s\n"), protocol);
6185db85Sdougm					return (SA_INVALID_PROTOCOL);
6185db85Sdougm				}
6185db85Sdougm			}
6185db85Sdougm			break;
6185db85Sdougm		case 'o':
6185db85Sdougm			options = optarg;
6185db85Sdougm			argsused++;
6185db85Sdougm			break;
6185db85Sdougm		case 'p':
6185db85Sdougm			persist = SA_SHARE_PERMANENT;
6185db85Sdougm			argsused++;
6185db85Sdougm			break;
6185db85Sdougm		case 'h':
e7bab347Sdougm			/* optopt on valid arg isn't defined */
e7bab347Sdougm			optopt = c;
e7bab347Sdougm			/*FALLTHROUGH*/
6185db85Sdougm		case '?':
6185db85Sdougm		default:
e7bab347Sdougm			/*
e7bab347Sdougm			 * Since a bad option gets to here, sort it
e7bab347Sdougm			 * out and return a syntax error return value
e7bab347Sdougm			 * if necessary.
e7bab347Sdougm			 */
e7bab347Sdougm			switch (optopt) {
e7bab347Sdougm			default:
e7bab347Sdougm				ret = SA_LEGACY_ERR;
e7bab347Sdougm				break;
e7bab347Sdougm			case 'h':
e7bab347Sdougm			case '?':
e7bab347Sdougm				break;
e7bab347Sdougm			}
6185db85Sdougm			(void) fprintf(stderr, gettext("usage: %s\n"),
6185db85Sdougm			    sa_get_usage(USAGE_SHARE));
e7bab347Sdougm			return (ret);
6185db85Sdougm		}
6185db85Sdougm	}
6185db85Sdougm
25a68471Sdougm	/* Have the info so construct what is needed */
6185db85Sdougm	if (!argsused && optind == argc) {
6185db85Sdougm		/* display current info in share format */
da6c28aaSamw		(void) output_legacy_file(stdout, protocol, handle);
25a68471Sdougm		return (ret);
25a68471Sdougm	}
6185db85Sdougm
25a68471Sdougm	/* We are modifying the configuration */
6185db85Sdougm	if (optind == argc) {
6185db85Sdougm		(void) fprintf(stderr, gettext("usage: %s\n"),
6185db85Sdougm		    sa_get_usage(USAGE_SHARE));
6185db85Sdougm		return (SA_LEGACY_ERR);
6185db85Sdougm	}
6185db85Sdougm	if (true_legacy) {
25a68471Sdougm		/* If still using legacy share/unshare, exec it */
6185db85Sdougm		ret = run_legacy_command(cmd, argv);
6185db85Sdougm		return (ret);
6185db85Sdougm	}
6185db85Sdougm
6185db85Sdougm	sharepath = argv[optind++];
6185db85Sdougm	if (optind < argc) {
6185db85Sdougm		resource = argv[optind];
6185db85Sdougm		groupname = strchr(resource, '@');
6185db85Sdougm		if (groupname != NULL)
6185db85Sdougm			*groupname++ = '\0';
6185db85Sdougm	}
6185db85Sdougm	if (realpath(sharepath, dir) == NULL)
6185db85Sdougm		ret = SA_BAD_PATH;
6185db85Sdougm	else
6185db85Sdougm		sharepath = dir;
25a68471Sdougm	if (ret == SA_OK)
549ec3ffSdougm		share = sa_find_share(handle, sharepath);
25a68471Sdougm	else
6185db85Sdougm		share = NULL;
25a68471Sdougm
da6c28aaSamw	features = sa_proto_get_featureset(protocol);
da6c28aaSamw
6185db85Sdougm	if (groupname != NULL) {
6185db85Sdougm		ret = SA_NOT_ALLOWED;
6185db85Sdougm	} else if (ret == SA_OK) {
da6c28aaSamw		char *legacygroup;
6185db85Sdougm		/*
25a68471Sdougm		 * The legacy group is always present and zfs groups
6185db85Sdougm		 * come and go.  zfs shares may be in sub-groups and
6185db85Sdougm		 * the zfs share will already be in that group so it
da6c28aaSamw		 * isn't an error. If the protocol is "smb", the group
da6c28aaSamw		 * "smb" is used when "default" would otherwise be
da6c28aaSamw		 * used.  "default" is NFS only and "smb" is SMB only.
6185db85Sdougm		 */
da6c28aaSamw		if (strcmp(protocol, "smb") == 0)
da6c28aaSamw			legacygroup = "smb";
da6c28aaSamw		else
da6c28aaSamw			legacygroup = "default";
da6c28aaSamw
6185db85Sdougm		/*
25a68471Sdougm		 * If the share exists (not NULL), then make sure it
25a68471Sdougm		 * is one we want to handle by getting the parent
25a68471Sdougm		 * group.
6185db85Sdougm		 */
da6c28aaSamw		if (share != NULL) {
6185db85Sdougm			group = sa_get_parent_group(share);
da6c28aaSamw		} else {
549ec3ffSdougm			group = sa_get_group(handle, legacygroup);
da6c28aaSamw			if (group == NULL && strcmp(legacygroup, "smb") == 0) {
da6c28aaSamw				/*
da6c28aaSamw				 * This group may not exist, so create
da6c28aaSamw				 * as necessary. It only contains the
da6c28aaSamw				 * "smb" protocol.
da6c28aaSamw				 */
da6c28aaSamw				group = sa_create_group(handle, legacygroup,
da6c28aaSamw				    &ret);
da6c28aaSamw				if (group != NULL)
da6c28aaSamw					(void) sa_create_optionset(group,
da6c28aaSamw					    protocol);
da6c28aaSamw			}
da6c28aaSamw		}
25a68471Sdougm
da6c28aaSamw		if (group == NULL) {
da6c28aaSamw			ret = SA_SYSTEM_ERR;
da6c28aaSamw			goto err;
da6c28aaSamw		}
da6c28aaSamw
6185db85Sdougm		groupstatus = group_status(group);
6185db85Sdougm		if (share == NULL) {
6185db85Sdougm			share = sa_add_share(group, sharepath,
6185db85Sdougm			    persist, &ret);
25a68471Sdougm			if (share == NULL &&
25a68471Sdougm			    ret == SA_DUPLICATE_NAME) {
25a68471Sdougm				/*
25a68471Sdougm				 * Could be a ZFS path being started
25a68471Sdougm				 */
25a68471Sdougm				if (sa_zfs_is_shared(handle,
25a68471Sdougm				    sharepath)) {
25a68471Sdougm					ret = SA_OK;
25a68471Sdougm					group = sa_get_group(handle,
25a68471Sdougm					    "zfs");
25a68471Sdougm					if (group == NULL) {
25a68471Sdougm						/*
25a68471Sdougm						 * This shouldn't
25a68471Sdougm						 * happen.
25a68471Sdougm						 */
25a68471Sdougm						ret = SA_CONFIG_ERR;
25a68471Sdougm					} else {
25a68471Sdougm						share = sa_add_share(
25a68471Sdougm						    group, sharepath,
25a68471Sdougm						    persist, &ret);
6185db85Sdougm					}
6185db85Sdougm				}
6185db85Sdougm			}
6185db85Sdougm		} else {
93a6f655Sdougm			char *type;
6185db85Sdougm			/*
25a68471Sdougm			 * May want to change persist state, but the
93a6f655Sdougm			 * important thing is to change options. We
93a6f655Sdougm			 * need to change them regardless of the
93a6f655Sdougm			 * source.
6185db85Sdougm			 */
da6c28aaSamw
549ec3ffSdougm			if (sa_zfs_is_shared(handle, sharepath)) {
93a6f655Sdougm				zfs = 1;
93a6f655Sdougm			}
6185db85Sdougm			remove_all_options(share, protocol);
6185db85Sdougm			type = sa_get_share_attr(share, "type");
6185db85Sdougm			if (type != NULL &&
6185db85Sdougm			    strcmp(type, "transient") != 0) {
6185db85Sdougm				curtype = SA_SHARE_PERMANENT;
6185db85Sdougm			}
6185db85Sdougm			if (type != NULL)
6185db85Sdougm				sa_free_attr_string(type);
6185db85Sdougm			if (curtype != persist) {
6185db85Sdougm				(void) sa_set_share_attr(share, "type",
6185db85Sdougm				    persist == SA_SHARE_PERMANENT ?
6185db85Sdougm				    "persist" : "transient");
6185db85Sdougm			}
6185db85Sdougm		}
da6c28aaSamw
da6c28aaSamw		/*
da6c28aaSamw		 * If there is a resource name, we may
da6c28aaSamw		 * actually care about it if this is share for
da6c28aaSamw		 * a protocol that uses resource level sharing
da6c28aaSamw		 * (SMB). We need to find the resource and, if
da6c28aaSamw		 * it exists, make sure it belongs to the
da6c28aaSamw		 * current share. If it doesn't exist, attempt
da6c28aaSamw		 * to create it.
da6c28aaSamw		 */
da6c28aaSamw
da6c28aaSamw		if (ret == SA_OK && resource != NULL) {
da6c28aaSamw			rsrc = sa_find_resource(handle, resource);
da6c28aaSamw			if (rsrc != NULL) {
da6c28aaSamw				if (share != sa_get_resource_parent(rsrc))
da6c28aaSamw					ret = SA_DUPLICATE_NAME;
da6c28aaSamw				} else {
da6c28aaSamw					rsrc = sa_add_resource(share, resource,
da6c28aaSamw					    persist, &ret);
da6c28aaSamw				}
da6c28aaSamw				if (features & SA_FEATURE_RESOURCE)
da6c28aaSamw					share = rsrc;
da6c28aaSamw			}
da6c28aaSamw
25a68471Sdougm			/* Have a group to hold this share path */
6185db85Sdougm			if (ret == SA_OK && options != NULL &&
6185db85Sdougm			    strlen(options) > 0) {
6185db85Sdougm				ret = sa_parse_legacy_options(share,
6185db85Sdougm				    options,
6185db85Sdougm				    protocol);
6185db85Sdougm			}
93a6f655Sdougm			if (!zfs) {
93a6f655Sdougm				/*
da6c28aaSamw				 * ZFS shares never have a description
da6c28aaSamw				 * and we can't store the values so
da6c28aaSamw				 * don't try.
93a6f655Sdougm				 */
6185db85Sdougm				if (ret == SA_OK && description != NULL)
25a68471Sdougm					ret = sa_set_share_description(share,
25a68471Sdougm					    description);
6185db85Sdougm			}
da6c28aaSamw			if (ret == SA_OK &&
da6c28aaSamw			    strcmp(groupstatus, "enabled") == 0) {
da6c28aaSamw				if (rsrc != share)
6185db85Sdougm					ret = sa_enable_share(share, protocol);
da6c28aaSamw				else
da6c28aaSamw					ret = sa_enable_resource(rsrc,
da6c28aaSamw					    protocol);
25a68471Sdougm				if (ret == SA_OK &&
25a68471Sdougm				    persist == SA_SHARE_PERMANENT) {
25a68471Sdougm					(void) sa_update_legacy(share,
25a68471Sdougm					    protocol);
6185db85Sdougm				}
6185db85Sdougm				if (ret == SA_OK)
549ec3ffSdougm					ret = sa_update_config(handle);
6185db85Sdougm			}
6185db85Sdougm	}
da6c28aaSamwerr:
6185db85Sdougm	if (ret != SA_OK) {
6185db85Sdougm		(void) fprintf(stderr, gettext("Could not share: %s: %s\n"),
6185db85Sdougm		    sharepath, sa_errorstr(ret));
6185db85Sdougm		ret = SA_LEGACY_ERR;
6185db85Sdougm	}
6185db85Sdougm	return (ret);
6185db85Sdougm}
6185db85Sdougm
6185db85Sdougm/*
6185db85Sdougm * sa_legacy_unshare(flags, argc, argv)
6185db85Sdougm *
6185db85Sdougm * Implements the original unshare command.
6185db85Sdougm */
6185db85Sdougmint
549ec3ffSdougmsa_legacy_unshare(sa_handle_t handle, int flags, int argc, char *argv[])
6185db85Sdougm{
6185db85Sdougm	char *protocol = "nfs"; /* for now */
6185db85Sdougm	char *options = NULL;
6185db85Sdougm	char *sharepath = NULL;
6185db85Sdougm	int persist = SA_SHARE_TRANSIENT;
6185db85Sdougm	int argsused = 0;
6185db85Sdougm	int c;
6185db85Sdougm	int ret = SA_OK;
6185db85Sdougm	int true_legacy = 0;
da6c28aaSamw	uint64_t features = 0;
da6c28aaSamw	sa_resource_t resource = NULL;
6185db85Sdougm	char cmd[MAXPATHLEN];
da6c28aaSamw#ifdef lint
da6c28aaSamw	flags = flags;
da6c28aaSamw	options = options;
da6c28aaSamw#endif
6185db85Sdougm
6185db85Sdougm	while ((c = getopt(argc, argv, "?hF:o:p")) != EOF) {
6185db85Sdougm		switch (c) {
6185db85Sdougm		case 'F':
6185db85Sdougm			protocol = optarg;
6185db85Sdougm			if (!sa_valid_protocol(protocol)) {
6185db85Sdougm				if (format_legacy_path(cmd, MAXPATHLEN,
6185db85Sdougm				    protocol, "unshare") == 0 &&
6185db85Sdougm				    check_legacy_cmd(cmd)) {
6185db85Sdougm					true_legacy++;
6185db85Sdougm				} else {
25a68471Sdougm					(void) printf(gettext(
25a68471Sdougm					    "Invalid file system name\n"));
6185db85Sdougm					return (SA_INVALID_PROTOCOL);
6185db85Sdougm				}
6185db85Sdougm			}
6185db85Sdougm			break;
6185db85Sdougm		case 'o':
6185db85Sdougm			options = optarg;
6185db85Sdougm			argsused++;
6185db85Sdougm			break;
6185db85Sdougm		case 'p':
6185db85Sdougm			persist = SA_SHARE_PERMANENT;
6185db85Sdougm			argsused++;
6185db85Sdougm			break;
e7bab347Sdougm		case 'h':
e7bab347Sdougm			/* optopt on valid arg isn't defined */
e7bab347Sdougm			optopt = c;
e7bab347Sdougm			/*FALLTHROUGH*/
e7bab347Sdougm		case '?':
6185db85Sdougm		default:
e7bab347Sdougm			/*
e7bab347Sdougm			 * Since a bad option gets to here, sort it
e7bab347Sdougm			 * out and return a syntax error return value
e7bab347Sdougm			 * if necessary.
e7bab347Sdougm			 */
e7bab347Sdougm			switch (optopt) {
e7bab347Sdougm			default:
e7bab347Sdougm				ret = SA_LEGACY_ERR;
e7bab347Sdougm				break;
e7bab347Sdougm			case 'h':
e7bab347Sdougm			case '?':
e7bab347Sdougm				break;
e7bab347Sdougm			}
6185db85Sdougm			(void) printf(gettext("usage: %s\n"),
6185db85Sdougm			    sa_get_usage(USAGE_UNSHARE));
e7bab347Sdougm			return (ret);
6185db85Sdougm		}
6185db85Sdougm	}
6185db85Sdougm
25a68471Sdougm	/* Have the info so construct what is needed */
25a68471Sdougm	if (optind == argc || (optind + 1) < argc || options != NULL) {
6185db85Sdougm		ret = SA_SYNTAX_ERR;
6185db85Sdougm	} else {
6185db85Sdougm		sa_share_t share;
6185db85Sdougm		char dir[MAXPATHLEN];
6185db85Sdougm		if (true_legacy) {
6185db85Sdougm			/* if still using legacy share/unshare, exec it */
6185db85Sdougm			ret = run_legacy_command(cmd, argv);
6185db85Sdougm			return (ret);
6185db85Sdougm		}
a99982a7Sdougm		/*
a99982a7Sdougm		 * Find the path in the internal configuration. If it
a99982a7Sdougm		 * isn't found, attempt to resolve the path via
a99982a7Sdougm		 * realpath() and try again.
a99982a7Sdougm		 */
6185db85Sdougm		sharepath = argv[optind++];
549ec3ffSdougm		share = sa_find_share(handle, sharepath);
a99982a7Sdougm		if (share == NULL) {
6185db85Sdougm			if (realpath(sharepath, dir) == NULL) {
6185db85Sdougm				ret = SA_NO_SUCH_PATH;
6185db85Sdougm			} else {
549ec3ffSdougm				share = sa_find_share(handle, dir);
a99982a7Sdougm			}
a99982a7Sdougm		}
da6c28aaSamw		if (share == NULL) {
da6c28aaSamw			/* Could be a resource name so check that next */
da6c28aaSamw			features = sa_proto_get_featureset(protocol);
da6c28aaSamw			resource = sa_find_resource(handle, sharepath);
da6c28aaSamw			if (resource != NULL) {
da6c28aaSamw				share = sa_get_resource_parent(resource);
da6c28aaSamw				if (features & SA_FEATURE_RESOURCE)
da6c28aaSamw					(void) sa_disable_resource(resource,
da6c28aaSamw					    protocol);
da6c28aaSamw				if (persist == SA_SHARE_PERMANENT) {
da6c28aaSamw					ret = sa_remove_resource(resource);
da6c28aaSamw					if (ret == SA_OK)
da6c28aaSamw						ret = sa_update_config(handle);
da6c28aaSamw				}
da6c28aaSamw				/*
da6c28aaSamw				 * If we still have a resource on the
da6c28aaSamw				 * share, we don't disable the share
da6c28aaSamw				 * itself. IF there aren't anymore, we
da6c28aaSamw				 * need to remove the share. The
da6c28aaSamw				 * removal will be done in the next
da6c28aaSamw				 * section if appropriate.
da6c28aaSamw				 */
da6c28aaSamw				resource = sa_get_share_resource(share, NULL);
da6c28aaSamw				if (resource != NULL)
da6c28aaSamw					share = NULL;
da6c28aaSamw			} else if (ret == SA_OK) {
da6c28aaSamw				/* Didn't find path and no  resource */
da6c28aaSamw				ret = SA_BAD_PATH;
da6c28aaSamw			}
da6c28aaSamw		}
da6c28aaSamw		if (share != NULL && resource == NULL) {
6185db85Sdougm			ret = sa_disable_share(share, protocol);
a99982a7Sdougm			/*
a99982a7Sdougm			 * Errors are ok and removal should still occur. The
a99982a7Sdougm			 * legacy unshare is more forgiving of errors than the
a99982a7Sdougm			 * remove-share subcommand which may need the force
a99982a7Sdougm			 * flag set for some error conditions. That is, the
a99982a7Sdougm			 * "unshare" command will always unshare if it can
a99982a7Sdougm			 * while "remove-share" might require the force option.
a99982a7Sdougm			 */
a99982a7Sdougm			if (persist == SA_SHARE_PERMANENT) {
6185db85Sdougm				ret = sa_remove_share(share);
a99982a7Sdougm				if (ret == SA_OK)
549ec3ffSdougm					ret = sa_update_config(handle);
6185db85Sdougm			}
da6c28aaSamw		} else if (ret == SA_OK && share == NULL && resource == NULL) {
da6c28aaSamw			/*
da6c28aaSamw			 * If both share and resource are NULL, then
da6c28aaSamw			 * share not found. If one or the other was
da6c28aaSamw			 * found or there was an earlier error, we
da6c28aaSamw			 * assume it was handled earlier.
da6c28aaSamw			 */
6185db85Sdougm			ret = SA_NOT_SHARED;
6185db85Sdougm		}
6185db85Sdougm	}
6185db85Sdougm	switch (ret) {
6185db85Sdougm	default:
6185db85Sdougm		(void) printf("%s: %s\n", sharepath, sa_errorstr(ret));
6185db85Sdougm		ret = SA_LEGACY_ERR;
6185db85Sdougm		break;
6185db85Sdougm	case SA_SYNTAX_ERR:
6185db85Sdougm		(void) printf(gettext("usage: %s\n"),
6185db85Sdougm		    sa_get_usage(USAGE_UNSHARE));
6185db85Sdougm		break;
6185db85Sdougm	case SA_OK:
6185db85Sdougm		break;
6185db85Sdougm	}
6185db85Sdougm	return (ret);
6185db85Sdougm}
6185db85Sdougm
6185db85Sdougm/*
25a68471Sdougm * Common commands that implement the sub-commands used by all
da6c28aaSamw * protocols. The entries are found via the lookup command
6185db85Sdougm */
6185db85Sdougm
6185db85Sdougmstatic sa_command_t commands[] = {
6185db85Sdougm	{"add-share", 0, sa_addshare, USAGE_ADD_SHARE, SVC_SET},
6185db85Sdougm	{"create", 0, sa_create, USAGE_CREATE, SVC_SET|SVC_ACTION},
6185db85Sdougm	{"delete", 0, sa_delete, USAGE_DELETE, SVC_SET|SVC_ACTION},
6185db85Sdougm	{"disable", 0, sa_disable_group, USAGE_DISABLE, SVC_SET|SVC_ACTION},
6185db85Sdougm	{"enable", 0, sa_enable_group, USAGE_ENABLE, SVC_SET|SVC_ACTION},
6185db85Sdougm	{"list", 0, sa_list, USAGE_LIST},
6185db85Sdougm	{"move-share", 0, sa_moveshare, USAGE_MOVE_SHARE, SVC_SET},
6185db85Sdougm	{"remove-share", 0, sa_removeshare, USAGE_REMOVE_SHARE, SVC_SET},
6185db85Sdougm	{"set", 0, sa_set, USAGE_SET, SVC_SET},
6185db85Sdougm	{"set-share", 0, sa_set_share, USAGE_SET_SHARE, SVC_SET},
6185db85Sdougm	{"show", 0, sa_show, USAGE_SHOW},
6185db85Sdougm	{"share", 0, sa_legacy_share, USAGE_SHARE, SVC_SET|SVC_ACTION},
6185db85Sdougm	{"start", CMD_NODISPLAY, sa_start_group, USAGE_START,
6185db85Sdougm	    SVC_SET|SVC_ACTION},
6185db85Sdougm	{"stop", CMD_NODISPLAY, sa_stop_group, USAGE_STOP, SVC_SET|SVC_ACTION},
6185db85Sdougm	{"unset", 0, sa_unset, USAGE_UNSET, SVC_SET},
6185db85Sdougm	{"unshare", 0, sa_legacy_unshare, USAGE_UNSHARE, SVC_SET|SVC_ACTION},
6185db85Sdougm	{NULL, 0, NULL, NULL}
6185db85Sdougm};
6185db85Sdougm
6185db85Sdougmstatic char *
6185db85Sdougmsa_get_usage(sa_usage_t index)
6185db85Sdougm{
6185db85Sdougm	char *ret = NULL;
6185db85Sdougm	switch (index) {
6185db85Sdougm	case USAGE_ADD_SHARE:
6185db85Sdougm		ret = gettext("add-share [-nth] [-r resource-name] "
6185db85Sdougm		    "[-d \"description text\"] -s sharepath group");
6185db85Sdougm		break;
6185db85Sdougm	case USAGE_CREATE:
25a68471Sdougm		ret = gettext(
25a68471Sdougm		    "create [-nvh] [-P proto [-p property=value]] group");
6185db85Sdougm		break;
6185db85Sdougm	case USAGE_DELETE:
6185db85Sdougm		ret = gettext("delete [-nvh] [-P proto] [-f] group");
6185db85Sdougm		break;
6185db85Sdougm	case USAGE_DISABLE:
6185db85Sdougm		ret = gettext("disable [-nvh] {-a | group ...}");
6185db85Sdougm		break;
6185db85Sdougm	case USAGE_ENABLE:
6185db85Sdougm		ret = gettext("enable [-nvh] {-a | group ...}");
6185db85Sdougm		break;
6185db85Sdougm	case USAGE_LIST:
6185db85Sdougm		ret = gettext("list [-vh] [-P proto]");
6185db85Sdougm		break;
6185db85Sdougm	case USAGE_MOVE_SHARE:
25a68471Sdougm		ret = gettext(
25a68471Sdougm		    "move-share [-nvh] -s sharepath destination-group");
6185db85Sdougm		break;
6185db85Sdougm	case USAGE_REMOVE_SHARE:
da6c28aaSamw		ret = gettext(
da6c28aaSamw		    "remove-share [-fnvh] {-s sharepath | -r resource} "
da6c28aaSamw		    "group");
6185db85Sdougm		break;
6185db85Sdougm	case USAGE_SET:
6185db85Sdougm		ret = gettext("set [-nvh] -P proto [-S optspace] "
da6c28aaSamw		    "[-p property=value]* [-s sharepath] [-r resource]] "
da6c28aaSamw		    "group");
6185db85Sdougm		break;
6185db85Sdougm	case USAGE_SET_SECURITY:
6185db85Sdougm		ret = gettext("set-security [-nvh] -P proto -S security-type "
6185db85Sdougm		    "[-p property=value]* group");
6185db85Sdougm		break;
6185db85Sdougm	case USAGE_SET_SHARE:
6185db85Sdougm		ret = gettext("set-share [-nh] [-r resource] "
6185db85Sdougm		    "[-d \"description text\"] -s sharepath group");
6185db85Sdougm		break;
6185db85Sdougm	case USAGE_SHOW:
6185db85Sdougm		ret = gettext("show [-pvxh] [-P proto] [group ...]");
6185db85Sdougm		break;
6185db85Sdougm	case USAGE_SHARE:
6185db85Sdougm		ret = gettext("share [-F fstype] [-p] [-o optionlist]"
6185db85Sdougm		    "[-d description] [pathname [resourcename]]");
6185db85Sdougm		break;
6185db85Sdougm	case USAGE_START:
6185db85Sdougm		ret = gettext("start [-vh] [-P proto] {-a | group ...}");
6185db85Sdougm		break;
6185db85Sdougm	case USAGE_STOP:
6185db85Sdougm		ret = gettext("stop [-vh] [-P proto] {-a | group ...}");
6185db85Sdougm		break;
6185db85Sdougm	case USAGE_UNSET:
6185db85Sdougm		ret = gettext("unset [-nvh] -P proto [-S optspace] "
6185db85Sdougm		    "[-p property]* group");
6185db85Sdougm		break;
6185db85Sdougm	case USAGE_UNSET_SECURITY:
da6c28aaSamw		ret = gettext("unset-security [-nvh] -P proto "
da6c28aaSamw		    "-S security-type [-p property]* group");
6185db85Sdougm		break;
6185db85Sdougm	case USAGE_UNSHARE:
25a68471Sdougm		ret = gettext(
da6c28aaSamw		    "unshare [-F fstype] [-p] [-o optionlist] sharepath");
6185db85Sdougm		break;
6185db85Sdougm	}
6185db85Sdougm	return (ret);
6185db85Sdougm}
6185db85Sdougm
6185db85Sdougm/*
6185db85Sdougm * sa_lookup(cmd, proto)
6185db85Sdougm *
6185db85Sdougm * Lookup the sub-command. proto isn't currently used, but it may
6185db85Sdougm * eventually provide a way to provide protocol specific sub-commands.
6185db85Sdougm */
6185db85Sdougmsa_command_t *
6185db85Sdougmsa_lookup(char *cmd, char *proto)
6185db85Sdougm{
6185db85Sdougm	int i;
6185db85Sdougm	size_t len;
da6c28aaSamw#ifdef lint
da6c28aaSamw	proto = proto;
da6c28aaSamw#endif
6185db85Sdougm
6185db85Sdougm	len = strlen(cmd);
6185db85Sdougm	for (i = 0; commands[i].cmdname != NULL; i++) {
6185db85Sdougm		if (strncmp(cmd, commands[i].cmdname, len) == 0)
6185db85Sdougm			return (&commands[i]);
6185db85Sdougm	}
6185db85Sdougm	return (NULL);
6185db85Sdougm}
6185db85Sdougm
6185db85Sdougmvoid
6185db85Sdougmsub_command_help(char *proto)
6185db85Sdougm{
6185db85Sdougm	int i;
da6c28aaSamw#ifdef lint
da6c28aaSamw	proto = proto;
da6c28aaSamw#endif
6185db85Sdougm
6185db85Sdougm	(void) printf(gettext("\tsub-commands:\n"));
6185db85Sdougm	for (i = 0; commands[i].cmdname != NULL; i++) {
6185db85Sdougm		if (!(commands[i].flags & (CMD_ALIAS|CMD_NODISPLAY)))
6185db85Sdougm			(void) printf("\t%s\n",
6185db85Sdougm			    sa_get_usage((sa_usage_t)commands[i].cmdidx));
6185db85Sdougm	}
6185db85Sdougm}