xref: /titanic_50/usr/src/lib/libzfs/common/libzfs_dataset.c (revision 942cd3bfda20c863bc5b099340d64c03434a1174)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 
22 /*
23  * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
24  * Use is subject to license terms.
25  */
26 
27 #pragma ident	"%Z%%M%	%I%	%E% SMI"
28 
29 #include <assert.h>
30 #include <ctype.h>
31 #include <errno.h>
32 #include <libdevinfo.h>
33 #include <libintl.h>
34 #include <math.h>
35 #include <stdio.h>
36 #include <stdlib.h>
37 #include <strings.h>
38 #include <unistd.h>
39 #include <stddef.h>
40 #include <zone.h>
41 #include <fcntl.h>
42 #include <sys/mntent.h>
43 #include <sys/mnttab.h>
44 #include <sys/mount.h>
45 #include <sys/avl.h>
46 #include <priv.h>
47 #include <pwd.h>
48 #include <grp.h>
49 #include <stddef.h>
50 #include <ucred.h>
51 
52 #include <sys/spa.h>
53 #include <sys/zap.h>
54 #include <libzfs.h>
55 
56 #include "zfs_namecheck.h"
57 #include "zfs_prop.h"
58 #include "libzfs_impl.h"
59 #include "zfs_deleg.h"
60 
61 static int zvol_create_link_common(libzfs_handle_t *, const char *, int);
62 
63 /*
64  * Given a single type (not a mask of types), return the type in a human
65  * readable form.
66  */
67 const char *
68 zfs_type_to_name(zfs_type_t type)
69 {
70 	switch (type) {
71 	case ZFS_TYPE_FILESYSTEM:
72 		return (dgettext(TEXT_DOMAIN, "filesystem"));
73 	case ZFS_TYPE_SNAPSHOT:
74 		return (dgettext(TEXT_DOMAIN, "snapshot"));
75 	case ZFS_TYPE_VOLUME:
76 		return (dgettext(TEXT_DOMAIN, "volume"));
77 	}
78 
79 	return (NULL);
80 }
81 
82 /*
83  * Given a path and mask of ZFS types, return a string describing this dataset.
84  * This is used when we fail to open a dataset and we cannot get an exact type.
85  * We guess what the type would have been based on the path and the mask of
86  * acceptable types.
87  */
88 static const char *
89 path_to_str(const char *path, int types)
90 {
91 	/*
92 	 * When given a single type, always report the exact type.
93 	 */
94 	if (types == ZFS_TYPE_SNAPSHOT)
95 		return (dgettext(TEXT_DOMAIN, "snapshot"));
96 	if (types == ZFS_TYPE_FILESYSTEM)
97 		return (dgettext(TEXT_DOMAIN, "filesystem"));
98 	if (types == ZFS_TYPE_VOLUME)
99 		return (dgettext(TEXT_DOMAIN, "volume"));
100 
101 	/*
102 	 * The user is requesting more than one type of dataset.  If this is the
103 	 * case, consult the path itself.  If we're looking for a snapshot, and
104 	 * a '@' is found, then report it as "snapshot".  Otherwise, remove the
105 	 * snapshot attribute and try again.
106 	 */
107 	if (types & ZFS_TYPE_SNAPSHOT) {
108 		if (strchr(path, '@') != NULL)
109 			return (dgettext(TEXT_DOMAIN, "snapshot"));
110 		return (path_to_str(path, types & ~ZFS_TYPE_SNAPSHOT));
111 	}
112 
113 
114 	/*
115 	 * The user has requested either filesystems or volumes.
116 	 * We have no way of knowing a priori what type this would be, so always
117 	 * report it as "filesystem" or "volume", our two primitive types.
118 	 */
119 	if (types & ZFS_TYPE_FILESYSTEM)
120 		return (dgettext(TEXT_DOMAIN, "filesystem"));
121 
122 	assert(types & ZFS_TYPE_VOLUME);
123 	return (dgettext(TEXT_DOMAIN, "volume"));
124 }
125 
126 /*
127  * Validate a ZFS path.  This is used even before trying to open the dataset, to
128  * provide a more meaningful error message.  We place a more useful message in
129  * 'buf' detailing exactly why the name was not valid.
130  */
131 static int
132 zfs_validate_name(libzfs_handle_t *hdl, const char *path, int type,
133     boolean_t modifying)
134 {
135 	namecheck_err_t why;
136 	char what;
137 
138 	if (dataset_namecheck(path, &why, &what) != 0) {
139 		if (hdl != NULL) {
140 			switch (why) {
141 			case NAME_ERR_TOOLONG:
142 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
143 				    "name is too long"));
144 				break;
145 
146 			case NAME_ERR_LEADING_SLASH:
147 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
148 				    "leading slash in name"));
149 				break;
150 
151 			case NAME_ERR_EMPTY_COMPONENT:
152 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
153 				    "empty component in name"));
154 				break;
155 
156 			case NAME_ERR_TRAILING_SLASH:
157 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
158 				    "trailing slash in name"));
159 				break;
160 
161 			case NAME_ERR_INVALCHAR:
162 				zfs_error_aux(hdl,
163 				    dgettext(TEXT_DOMAIN, "invalid character "
164 				    "'%c' in name"), what);
165 				break;
166 
167 			case NAME_ERR_MULTIPLE_AT:
168 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
169 				    "multiple '@' delimiters in name"));
170 				break;
171 
172 			case NAME_ERR_NOLETTER:
173 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
174 				    "pool doesn't begin with a letter"));
175 				break;
176 
177 			case NAME_ERR_RESERVED:
178 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
179 				    "name is reserved"));
180 				break;
181 
182 			case NAME_ERR_DISKLIKE:
183 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
184 				    "reserved disk name"));
185 				break;
186 			}
187 		}
188 
189 		return (0);
190 	}
191 
192 	if (!(type & ZFS_TYPE_SNAPSHOT) && strchr(path, '@') != NULL) {
193 		if (hdl != NULL)
194 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
195 			    "snapshot delimiter '@' in filesystem name"));
196 		return (0);
197 	}
198 
199 	if (type == ZFS_TYPE_SNAPSHOT && strchr(path, '@') == NULL) {
200 		if (hdl != NULL)
201 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
202 			    "missing '@' delimiter in snapshot name"));
203 		return (0);
204 	}
205 
206 	if (modifying && strchr(path, '%') != NULL) {
207 		if (hdl != NULL)
208 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
209 			    "invalid character %c in name"), '%');
210 		return (0);
211 	}
212 
213 	return (-1);
214 }
215 
216 int
217 zfs_name_valid(const char *name, zfs_type_t type)
218 {
219 	return (zfs_validate_name(NULL, name, type, B_FALSE));
220 }
221 
222 /*
223  * This function takes the raw DSL properties, and filters out the user-defined
224  * properties into a separate nvlist.
225  */
226 static nvlist_t *
227 process_user_props(zfs_handle_t *zhp, nvlist_t *props)
228 {
229 	libzfs_handle_t *hdl = zhp->zfs_hdl;
230 	nvpair_t *elem;
231 	nvlist_t *propval;
232 	nvlist_t *nvl;
233 
234 	if (nvlist_alloc(&nvl, NV_UNIQUE_NAME, 0) != 0) {
235 		(void) no_memory(hdl);
236 		return (NULL);
237 	}
238 
239 	elem = NULL;
240 	while ((elem = nvlist_next_nvpair(props, elem)) != NULL) {
241 		if (!zfs_prop_user(nvpair_name(elem)))
242 			continue;
243 
244 		verify(nvpair_value_nvlist(elem, &propval) == 0);
245 		if (nvlist_add_nvlist(nvl, nvpair_name(elem), propval) != 0) {
246 			nvlist_free(nvl);
247 			(void) no_memory(hdl);
248 			return (NULL);
249 		}
250 	}
251 
252 	return (nvl);
253 }
254 
255 /*
256  * Utility function to gather stats (objset and zpl) for the given object.
257  */
258 static int
259 get_stats(zfs_handle_t *zhp)
260 {
261 	zfs_cmd_t zc = { 0 };
262 	libzfs_handle_t *hdl = zhp->zfs_hdl;
263 	nvlist_t *allprops, *userprops;
264 
265 	(void) strlcpy(zc.zc_name, zhp->zfs_name, sizeof (zc.zc_name));
266 
267 	if (zcmd_alloc_dst_nvlist(hdl, &zc, 0) != 0)
268 		return (-1);
269 
270 	while (ioctl(zhp->zfs_hdl->libzfs_fd, ZFS_IOC_OBJSET_STATS, &zc) != 0) {
271 		if (errno == ENOMEM) {
272 			if (zcmd_expand_dst_nvlist(hdl, &zc) != 0) {
273 				zcmd_free_nvlists(&zc);
274 				return (-1);
275 			}
276 		} else {
277 			zcmd_free_nvlists(&zc);
278 			return (-1);
279 		}
280 	}
281 
282 	zhp->zfs_dmustats = zc.zc_objset_stats; /* structure assignment */
283 
284 	(void) strlcpy(zhp->zfs_root, zc.zc_value, sizeof (zhp->zfs_root));
285 
286 	if (zcmd_read_dst_nvlist(hdl, &zc, &allprops) != 0) {
287 		zcmd_free_nvlists(&zc);
288 		return (-1);
289 	}
290 
291 	zcmd_free_nvlists(&zc);
292 
293 	if ((userprops = process_user_props(zhp, allprops)) == NULL) {
294 		nvlist_free(allprops);
295 		return (-1);
296 	}
297 
298 	nvlist_free(zhp->zfs_props);
299 	nvlist_free(zhp->zfs_user_props);
300 
301 	zhp->zfs_props = allprops;
302 	zhp->zfs_user_props = userprops;
303 
304 	return (0);
305 }
306 
307 /*
308  * Refresh the properties currently stored in the handle.
309  */
310 void
311 zfs_refresh_properties(zfs_handle_t *zhp)
312 {
313 	(void) get_stats(zhp);
314 }
315 
316 /*
317  * Makes a handle from the given dataset name.  Used by zfs_open() and
318  * zfs_iter_* to create child handles on the fly.
319  */
320 zfs_handle_t *
321 make_dataset_handle(libzfs_handle_t *hdl, const char *path)
322 {
323 	zfs_handle_t *zhp = calloc(sizeof (zfs_handle_t), 1);
324 	char *logstr;
325 
326 	if (zhp == NULL)
327 		return (NULL);
328 
329 	zhp->zfs_hdl = hdl;
330 
331 	/*
332 	 * Preserve history log string.
333 	 * any changes performed here will be
334 	 * logged as an internal event.
335 	 */
336 	logstr = zhp->zfs_hdl->libzfs_log_str;
337 	zhp->zfs_hdl->libzfs_log_str = NULL;
338 top:
339 	(void) strlcpy(zhp->zfs_name, path, sizeof (zhp->zfs_name));
340 
341 	if (get_stats(zhp) != 0) {
342 		zhp->zfs_hdl->libzfs_log_str = logstr;
343 		free(zhp);
344 		return (NULL);
345 	}
346 
347 	if (zhp->zfs_dmustats.dds_inconsistent) {
348 		zfs_cmd_t zc = { 0 };
349 
350 		/*
351 		 * If it is dds_inconsistent, then we've caught it in
352 		 * the middle of a 'zfs receive' or 'zfs destroy', and
353 		 * it is inconsistent from the ZPL's point of view, so
354 		 * can't be mounted.  However, it could also be that we
355 		 * have crashed in the middle of one of those
356 		 * operations, in which case we need to get rid of the
357 		 * inconsistent state.  We do that by either rolling
358 		 * back to the previous snapshot (which will fail if
359 		 * there is none), or destroying the filesystem.  Note
360 		 * that if we are still in the middle of an active
361 		 * 'receive' or 'destroy', then the rollback and destroy
362 		 * will fail with EBUSY and we will drive on as usual.
363 		 */
364 
365 		(void) strlcpy(zc.zc_name, zhp->zfs_name, sizeof (zc.zc_name));
366 
367 		if (zhp->zfs_dmustats.dds_type == DMU_OST_ZVOL) {
368 			(void) zvol_remove_link(hdl, zhp->zfs_name);
369 			zc.zc_objset_type = DMU_OST_ZVOL;
370 		} else {
371 			zc.zc_objset_type = DMU_OST_ZFS;
372 		}
373 
374 		/*
375 		 * If we can successfully destroy it, pretend that it
376 		 * never existed.
377 		 */
378 		if (ioctl(hdl->libzfs_fd, ZFS_IOC_DESTROY, &zc) == 0) {
379 			zhp->zfs_hdl->libzfs_log_str = logstr;
380 			free(zhp);
381 			errno = ENOENT;
382 			return (NULL);
383 		}
384 		/* If we can successfully roll it back, reget the stats */
385 		if (ioctl(hdl->libzfs_fd, ZFS_IOC_ROLLBACK, &zc) == 0)
386 			goto top;
387 	}
388 
389 	/*
390 	 * We've managed to open the dataset and gather statistics.  Determine
391 	 * the high-level type.
392 	 */
393 	if (zhp->zfs_dmustats.dds_type == DMU_OST_ZVOL)
394 		zhp->zfs_head_type = ZFS_TYPE_VOLUME;
395 	else if (zhp->zfs_dmustats.dds_type == DMU_OST_ZFS)
396 		zhp->zfs_head_type = ZFS_TYPE_FILESYSTEM;
397 	else
398 		abort();
399 
400 	if (zhp->zfs_dmustats.dds_is_snapshot)
401 		zhp->zfs_type = ZFS_TYPE_SNAPSHOT;
402 	else if (zhp->zfs_dmustats.dds_type == DMU_OST_ZVOL)
403 		zhp->zfs_type = ZFS_TYPE_VOLUME;
404 	else if (zhp->zfs_dmustats.dds_type == DMU_OST_ZFS)
405 		zhp->zfs_type = ZFS_TYPE_FILESYSTEM;
406 	else
407 		abort();	/* we should never see any other types */
408 
409 	zhp->zfs_hdl->libzfs_log_str = logstr;
410 	return (zhp);
411 }
412 
413 /*
414  * Opens the given snapshot, filesystem, or volume.   The 'types'
415  * argument is a mask of acceptable types.  The function will print an
416  * appropriate error message and return NULL if it can't be opened.
417  */
418 zfs_handle_t *
419 zfs_open(libzfs_handle_t *hdl, const char *path, int types)
420 {
421 	zfs_handle_t *zhp;
422 	char errbuf[1024];
423 
424 	(void) snprintf(errbuf, sizeof (errbuf),
425 	    dgettext(TEXT_DOMAIN, "cannot open '%s'"), path);
426 
427 	/*
428 	 * Validate the name before we even try to open it.
429 	 */
430 	if (!zfs_validate_name(hdl, path, ZFS_TYPE_DATASET, B_FALSE)) {
431 		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
432 		    "invalid dataset name"));
433 		(void) zfs_error(hdl, EZFS_INVALIDNAME, errbuf);
434 		return (NULL);
435 	}
436 
437 	/*
438 	 * Try to get stats for the dataset, which will tell us if it exists.
439 	 */
440 	errno = 0;
441 	if ((zhp = make_dataset_handle(hdl, path)) == NULL) {
442 		(void) zfs_standard_error(hdl, errno, errbuf);
443 		return (NULL);
444 	}
445 
446 	if (!(types & zhp->zfs_type)) {
447 		(void) zfs_error(hdl, EZFS_BADTYPE, errbuf);
448 		zfs_close(zhp);
449 		return (NULL);
450 	}
451 
452 	return (zhp);
453 }
454 
455 /*
456  * Release a ZFS handle.  Nothing to do but free the associated memory.
457  */
458 void
459 zfs_close(zfs_handle_t *zhp)
460 {
461 	if (zhp->zfs_mntopts)
462 		free(zhp->zfs_mntopts);
463 	nvlist_free(zhp->zfs_props);
464 	nvlist_free(zhp->zfs_user_props);
465 	free(zhp);
466 }
467 
468 int
469 zfs_spa_version(zfs_handle_t *zhp, int *spa_version)
470 {
471 	char *pool_name;
472 	zpool_handle_t *zpool_handle;
473 	char *p;
474 
475 	pool_name = zfs_alloc(zhp->zfs_hdl, MAXPATHLEN);
476 	if (zfs_prop_get(zhp, ZFS_PROP_NAME, pool_name,
477 	    MAXPATHLEN, NULL, NULL, 0, B_FALSE) != 0) {
478 		free(pool_name);
479 		return (-1);
480 	}
481 
482 	if (p = strchr(pool_name, '/'))
483 		*p = '\0';
484 	zpool_handle = zpool_open(zhp->zfs_hdl, pool_name);
485 	free(pool_name);
486 	if (zpool_handle == NULL)
487 		return (-1);
488 
489 	*spa_version = zpool_get_prop_int(zpool_handle,
490 	    ZPOOL_PROP_VERSION, NULL);
491 	zpool_close(zpool_handle);
492 	return (0);
493 }
494 
495 /*
496  * The choice of reservation property depends on the SPA version.
497  */
498 static int
499 zfs_which_resv_prop(zfs_handle_t *zhp, zfs_prop_t *resv_prop)
500 {
501 	int spa_version;
502 
503 	if (zfs_spa_version(zhp, &spa_version) < 0)
504 		return (-1);
505 
506 	if (spa_version >= SPA_VERSION_REFRESERVATION)
507 		*resv_prop = ZFS_PROP_REFRESERVATION;
508 	else
509 		*resv_prop = ZFS_PROP_RESERVATION;
510 
511 	return (0);
512 }
513 
514 /*
515  * Given an nvlist of properties to set, validates that they are correct, and
516  * parses any numeric properties (index, boolean, etc) if they are specified as
517  * strings.
518  */
519 static nvlist_t *
520 zfs_validate_properties(libzfs_handle_t *hdl, zfs_type_t type, nvlist_t *nvl,
521     uint64_t zoned, zfs_handle_t *zhp, const char *errbuf)
522 {
523 	nvpair_t *elem;
524 	uint64_t intval;
525 	char *strval;
526 	zfs_prop_t prop;
527 	nvlist_t *ret;
528 	int chosen_normal = -1;
529 	int chosen_utf = -1;
530 
531 	if (type == ZFS_TYPE_SNAPSHOT) {
532 		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
533 		    "snapshot properties cannot be modified"));
534 		(void) zfs_error(hdl, EZFS_PROPTYPE, errbuf);
535 		return (NULL);
536 	}
537 
538 	if (nvlist_alloc(&ret, NV_UNIQUE_NAME, 0) != 0) {
539 		(void) no_memory(hdl);
540 		return (NULL);
541 	}
542 
543 	elem = NULL;
544 	while ((elem = nvlist_next_nvpair(nvl, elem)) != NULL) {
545 		const char *propname = nvpair_name(elem);
546 
547 		/*
548 		 * Make sure this property is valid and applies to this type.
549 		 */
550 		if ((prop = zfs_name_to_prop(propname)) == ZPROP_INVAL) {
551 			if (!zfs_prop_user(propname)) {
552 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
553 				    "invalid property '%s'"), propname);
554 				(void) zfs_error(hdl, EZFS_BADPROP, errbuf);
555 				goto error;
556 			}
557 
558 			/*
559 			 * If this is a user property, make sure it's a
560 			 * string, and that it's less than ZAP_MAXNAMELEN.
561 			 */
562 			if (nvpair_type(elem) != DATA_TYPE_STRING) {
563 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
564 				    "'%s' must be a string"), propname);
565 				(void) zfs_error(hdl, EZFS_BADPROP, errbuf);
566 				goto error;
567 			}
568 
569 			if (strlen(nvpair_name(elem)) >= ZAP_MAXNAMELEN) {
570 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
571 				    "property name '%s' is too long"),
572 				    propname);
573 				(void) zfs_error(hdl, EZFS_BADPROP, errbuf);
574 				goto error;
575 			}
576 
577 			(void) nvpair_value_string(elem, &strval);
578 			if (nvlist_add_string(ret, propname, strval) != 0) {
579 				(void) no_memory(hdl);
580 				goto error;
581 			}
582 			continue;
583 		}
584 
585 		if (!zfs_prop_valid_for_type(prop, type)) {
586 			zfs_error_aux(hdl,
587 			    dgettext(TEXT_DOMAIN, "'%s' does not "
588 			    "apply to datasets of this type"), propname);
589 			(void) zfs_error(hdl, EZFS_PROPTYPE, errbuf);
590 			goto error;
591 		}
592 
593 		if (zfs_prop_readonly(prop) &&
594 		    (!zfs_prop_setonce(prop) || zhp != NULL)) {
595 			zfs_error_aux(hdl,
596 			    dgettext(TEXT_DOMAIN, "'%s' is readonly"),
597 			    propname);
598 			(void) zfs_error(hdl, EZFS_PROPREADONLY, errbuf);
599 			goto error;
600 		}
601 
602 		if (zprop_parse_value(hdl, elem, prop, type, ret,
603 		    &strval, &intval, errbuf) != 0)
604 			goto error;
605 
606 		/*
607 		 * Perform some additional checks for specific properties.
608 		 */
609 		switch (prop) {
610 		case ZFS_PROP_VERSION:
611 		{
612 			int version;
613 
614 			if (zhp == NULL)
615 				break;
616 			version = zfs_prop_get_int(zhp, ZFS_PROP_VERSION);
617 			if (intval < version) {
618 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
619 				    "Can not downgrade; already at version %u"),
620 				    version);
621 				(void) zfs_error(hdl, EZFS_BADPROP, errbuf);
622 				goto error;
623 			}
624 			break;
625 		}
626 
627 		case ZFS_PROP_RECORDSIZE:
628 		case ZFS_PROP_VOLBLOCKSIZE:
629 			/* must be power of two within SPA_{MIN,MAX}BLOCKSIZE */
630 			if (intval < SPA_MINBLOCKSIZE ||
631 			    intval > SPA_MAXBLOCKSIZE || !ISP2(intval)) {
632 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
633 				    "'%s' must be power of 2 from %u "
634 				    "to %uk"), propname,
635 				    (uint_t)SPA_MINBLOCKSIZE,
636 				    (uint_t)SPA_MAXBLOCKSIZE >> 10);
637 				(void) zfs_error(hdl, EZFS_BADPROP, errbuf);
638 				goto error;
639 			}
640 			break;
641 
642 		case ZFS_PROP_SHAREISCSI:
643 			if (strcmp(strval, "off") != 0 &&
644 			    strcmp(strval, "on") != 0 &&
645 			    strcmp(strval, "type=disk") != 0) {
646 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
647 				    "'%s' must be 'on', 'off', or 'type=disk'"),
648 				    propname);
649 				(void) zfs_error(hdl, EZFS_BADPROP, errbuf);
650 				goto error;
651 			}
652 
653 			break;
654 
655 		case ZFS_PROP_MOUNTPOINT:
656 		{
657 			namecheck_err_t why;
658 
659 			if (strcmp(strval, ZFS_MOUNTPOINT_NONE) == 0 ||
660 			    strcmp(strval, ZFS_MOUNTPOINT_LEGACY) == 0)
661 				break;
662 
663 			if (mountpoint_namecheck(strval, &why)) {
664 				switch (why) {
665 				case NAME_ERR_LEADING_SLASH:
666 					zfs_error_aux(hdl,
667 					    dgettext(TEXT_DOMAIN,
668 					    "'%s' must be an absolute path, "
669 					    "'none', or 'legacy'"), propname);
670 					break;
671 				case NAME_ERR_TOOLONG:
672 					zfs_error_aux(hdl,
673 					    dgettext(TEXT_DOMAIN,
674 					    "component of '%s' is too long"),
675 					    propname);
676 					break;
677 				}
678 				(void) zfs_error(hdl, EZFS_BADPROP, errbuf);
679 				goto error;
680 			}
681 		}
682 
683 			/*FALLTHRU*/
684 
685 		case ZFS_PROP_SHARESMB:
686 		case ZFS_PROP_SHARENFS:
687 			/*
688 			 * For the mountpoint and sharenfs or sharesmb
689 			 * properties, check if it can be set in a
690 			 * global/non-global zone based on
691 			 * the zoned property value:
692 			 *
693 			 *		global zone	    non-global zone
694 			 * --------------------------------------------------
695 			 * zoned=on	mountpoint (no)	    mountpoint (yes)
696 			 *		sharenfs (no)	    sharenfs (no)
697 			 *		sharesmb (no)	    sharesmb (no)
698 			 *
699 			 * zoned=off	mountpoint (yes)	N/A
700 			 *		sharenfs (yes)
701 			 *		sharesmb (yes)
702 			 */
703 			if (zoned) {
704 				if (getzoneid() == GLOBAL_ZONEID) {
705 					zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
706 					    "'%s' cannot be set on "
707 					    "dataset in a non-global zone"),
708 					    propname);
709 					(void) zfs_error(hdl, EZFS_ZONED,
710 					    errbuf);
711 					goto error;
712 				} else if (prop == ZFS_PROP_SHARENFS ||
713 				    prop == ZFS_PROP_SHARESMB) {
714 					zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
715 					    "'%s' cannot be set in "
716 					    "a non-global zone"), propname);
717 					(void) zfs_error(hdl, EZFS_ZONED,
718 					    errbuf);
719 					goto error;
720 				}
721 			} else if (getzoneid() != GLOBAL_ZONEID) {
722 				/*
723 				 * If zoned property is 'off', this must be in
724 				 * a globle zone. If not, something is wrong.
725 				 */
726 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
727 				    "'%s' cannot be set while dataset "
728 				    "'zoned' property is set"), propname);
729 				(void) zfs_error(hdl, EZFS_ZONED, errbuf);
730 				goto error;
731 			}
732 
733 			/*
734 			 * At this point, it is legitimate to set the
735 			 * property. Now we want to make sure that the
736 			 * property value is valid if it is sharenfs.
737 			 */
738 			if ((prop == ZFS_PROP_SHARENFS ||
739 			    prop == ZFS_PROP_SHARESMB) &&
740 			    strcmp(strval, "on") != 0 &&
741 			    strcmp(strval, "off") != 0) {
742 				zfs_share_proto_t proto;
743 
744 				if (prop == ZFS_PROP_SHARESMB)
745 					proto = PROTO_SMB;
746 				else
747 					proto = PROTO_NFS;
748 
749 				/*
750 				 * Must be an valid sharing protocol
751 				 * option string so init the libshare
752 				 * in order to enable the parser and
753 				 * then parse the options. We use the
754 				 * control API since we don't care about
755 				 * the current configuration and don't
756 				 * want the overhead of loading it
757 				 * until we actually do something.
758 				 */
759 
760 				if (zfs_init_libshare(hdl,
761 				    SA_INIT_CONTROL_API) != SA_OK) {
762 					/*
763 					 * An error occurred so we can't do
764 					 * anything
765 					 */
766 					zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
767 					    "'%s' cannot be set: problem "
768 					    "in share initialization"),
769 					    propname);
770 					(void) zfs_error(hdl, EZFS_BADPROP,
771 					    errbuf);
772 					goto error;
773 				}
774 
775 				if (zfs_parse_options(strval, proto) != SA_OK) {
776 					/*
777 					 * There was an error in parsing so
778 					 * deal with it by issuing an error
779 					 * message and leaving after
780 					 * uninitializing the the libshare
781 					 * interface.
782 					 */
783 					zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
784 					    "'%s' cannot be set to invalid "
785 					    "options"), propname);
786 					(void) zfs_error(hdl, EZFS_BADPROP,
787 					    errbuf);
788 					zfs_uninit_libshare(hdl);
789 					goto error;
790 				}
791 				zfs_uninit_libshare(hdl);
792 			}
793 
794 			break;
795 		case ZFS_PROP_UTF8ONLY:
796 			chosen_utf = (int)intval;
797 			break;
798 		case ZFS_PROP_NORMALIZE:
799 			chosen_normal = (int)intval;
800 			break;
801 		}
802 
803 		/*
804 		 * For changes to existing volumes, we have some additional
805 		 * checks to enforce.
806 		 */
807 		if (type == ZFS_TYPE_VOLUME && zhp != NULL) {
808 			uint64_t volsize = zfs_prop_get_int(zhp,
809 			    ZFS_PROP_VOLSIZE);
810 			uint64_t blocksize = zfs_prop_get_int(zhp,
811 			    ZFS_PROP_VOLBLOCKSIZE);
812 			char buf[64];
813 
814 			switch (prop) {
815 			case ZFS_PROP_RESERVATION:
816 			case ZFS_PROP_REFRESERVATION:
817 				if (intval > volsize) {
818 					zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
819 					    "'%s' is greater than current "
820 					    "volume size"), propname);
821 					(void) zfs_error(hdl, EZFS_BADPROP,
822 					    errbuf);
823 					goto error;
824 				}
825 				break;
826 
827 			case ZFS_PROP_VOLSIZE:
828 				if (intval % blocksize != 0) {
829 					zfs_nicenum(blocksize, buf,
830 					    sizeof (buf));
831 					zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
832 					    "'%s' must be a multiple of "
833 					    "volume block size (%s)"),
834 					    propname, buf);
835 					(void) zfs_error(hdl, EZFS_BADPROP,
836 					    errbuf);
837 					goto error;
838 				}
839 
840 				if (intval == 0) {
841 					zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
842 					    "'%s' cannot be zero"),
843 					    propname);
844 					(void) zfs_error(hdl, EZFS_BADPROP,
845 					    errbuf);
846 					goto error;
847 				}
848 				break;
849 			}
850 		}
851 	}
852 
853 	/*
854 	 * If normalization was chosen, but no UTF8 choice was made,
855 	 * enforce rejection of non-UTF8 names.
856 	 *
857 	 * If normalization was chosen, but rejecting non-UTF8 names
858 	 * was explicitly not chosen, it is an error.
859 	 */
860 	if (chosen_normal > 0 && chosen_utf < 0) {
861 		if (nvlist_add_uint64(ret,
862 		    zfs_prop_to_name(ZFS_PROP_UTF8ONLY), 1) != 0) {
863 			(void) no_memory(hdl);
864 			goto error;
865 		}
866 	} else if (chosen_normal > 0 && chosen_utf == 0) {
867 		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
868 		    "'%s' must be set 'on' if normalization chosen"),
869 		    zfs_prop_to_name(ZFS_PROP_UTF8ONLY));
870 		(void) zfs_error(hdl, EZFS_BADPROP, errbuf);
871 		goto error;
872 	}
873 
874 	/*
875 	 * If this is an existing volume, and someone is setting the volsize,
876 	 * make sure that it matches the reservation, or add it if necessary.
877 	 */
878 	if (zhp != NULL && type == ZFS_TYPE_VOLUME &&
879 	    nvlist_lookup_uint64(ret, zfs_prop_to_name(ZFS_PROP_VOLSIZE),
880 	    &intval) == 0) {
881 		uint64_t old_volsize = zfs_prop_get_int(zhp,
882 		    ZFS_PROP_VOLSIZE);
883 		uint64_t old_reservation;
884 		uint64_t new_reservation;
885 		zfs_prop_t resv_prop;
886 
887 		if (zfs_which_resv_prop(zhp, &resv_prop) < 0)
888 			goto error;
889 		old_reservation = zfs_prop_get_int(zhp, resv_prop);
890 
891 		if (old_volsize == old_reservation &&
892 		    nvlist_lookup_uint64(ret, zfs_prop_to_name(resv_prop),
893 		    &new_reservation) != 0) {
894 			if (nvlist_add_uint64(ret,
895 			    zfs_prop_to_name(resv_prop), intval) != 0) {
896 				(void) no_memory(hdl);
897 				goto error;
898 			}
899 		}
900 	}
901 	return (ret);
902 
903 error:
904 	nvlist_free(ret);
905 	return (NULL);
906 }
907 
908 static int
909 zfs_get_perm_who(const char *who, zfs_deleg_who_type_t *who_type,
910     uint64_t *ret_who)
911 {
912 	struct passwd *pwd;
913 	struct group *grp;
914 	uid_t id;
915 
916 	if (*who_type == ZFS_DELEG_EVERYONE || *who_type == ZFS_DELEG_CREATE ||
917 	    *who_type == ZFS_DELEG_NAMED_SET) {
918 		*ret_who = -1;
919 		return (0);
920 	}
921 	if (who == NULL && !(*who_type == ZFS_DELEG_EVERYONE))
922 		return (EZFS_BADWHO);
923 
924 	if (*who_type == ZFS_DELEG_WHO_UNKNOWN &&
925 	    strcmp(who, "everyone") == 0) {
926 		*ret_who = -1;
927 		*who_type = ZFS_DELEG_EVERYONE;
928 		return (0);
929 	}
930 
931 	pwd = getpwnam(who);
932 	grp = getgrnam(who);
933 
934 	if ((*who_type == ZFS_DELEG_USER) && pwd) {
935 		*ret_who = pwd->pw_uid;
936 	} else if ((*who_type == ZFS_DELEG_GROUP) && grp) {
937 		*ret_who = grp->gr_gid;
938 	} else if (pwd) {
939 		*ret_who = pwd->pw_uid;
940 		*who_type = ZFS_DELEG_USER;
941 	} else if (grp) {
942 		*ret_who = grp->gr_gid;
943 		*who_type = ZFS_DELEG_GROUP;
944 	} else {
945 		char *end;
946 
947 		id = strtol(who, &end, 10);
948 		if (errno != 0 || *end != '\0') {
949 			return (EZFS_BADWHO);
950 		} else {
951 			*ret_who = id;
952 			if (*who_type == ZFS_DELEG_WHO_UNKNOWN)
953 				*who_type = ZFS_DELEG_USER;
954 		}
955 	}
956 
957 	return (0);
958 }
959 
960 static void
961 zfs_perms_add_to_nvlist(nvlist_t *who_nvp, char *name, nvlist_t *perms_nvp)
962 {
963 	if (perms_nvp != NULL) {
964 		verify(nvlist_add_nvlist(who_nvp,
965 		    name, perms_nvp) == 0);
966 	} else {
967 		verify(nvlist_add_boolean(who_nvp, name) == 0);
968 	}
969 }
970 
971 static void
972 helper(zfs_deleg_who_type_t who_type, uint64_t whoid, char *whostr,
973     zfs_deleg_inherit_t inherit, nvlist_t *who_nvp, nvlist_t *perms_nvp,
974     nvlist_t *sets_nvp)
975 {
976 	boolean_t do_perms, do_sets;
977 	char name[ZFS_MAX_DELEG_NAME];
978 
979 	do_perms = (nvlist_next_nvpair(perms_nvp, NULL) != NULL);
980 	do_sets = (nvlist_next_nvpair(sets_nvp, NULL) != NULL);
981 
982 	if (!do_perms && !do_sets)
983 		do_perms = do_sets = B_TRUE;
984 
985 	if (do_perms) {
986 		zfs_deleg_whokey(name, who_type, inherit,
987 		    (who_type == ZFS_DELEG_NAMED_SET) ?
988 		    whostr : (void *)&whoid);
989 		zfs_perms_add_to_nvlist(who_nvp, name, perms_nvp);
990 	}
991 	if (do_sets) {
992 		zfs_deleg_whokey(name, toupper(who_type), inherit,
993 		    (who_type == ZFS_DELEG_NAMED_SET) ?
994 		    whostr : (void *)&whoid);
995 		zfs_perms_add_to_nvlist(who_nvp, name, sets_nvp);
996 	}
997 }
998 
999 static void
1000 zfs_perms_add_who_nvlist(nvlist_t *who_nvp, uint64_t whoid, void *whostr,
1001     nvlist_t *perms_nvp, nvlist_t *sets_nvp,
1002     zfs_deleg_who_type_t who_type, zfs_deleg_inherit_t inherit)
1003 {
1004 	if (who_type == ZFS_DELEG_NAMED_SET || who_type == ZFS_DELEG_CREATE) {
1005 		helper(who_type, whoid, whostr, 0,
1006 		    who_nvp, perms_nvp, sets_nvp);
1007 	} else {
1008 		if (inherit & ZFS_DELEG_PERM_LOCAL) {
1009 			helper(who_type, whoid, whostr, ZFS_DELEG_LOCAL,
1010 			    who_nvp, perms_nvp, sets_nvp);
1011 		}
1012 		if (inherit & ZFS_DELEG_PERM_DESCENDENT) {
1013 			helper(who_type, whoid, whostr, ZFS_DELEG_DESCENDENT,
1014 			    who_nvp, perms_nvp, sets_nvp);
1015 		}
1016 	}
1017 }
1018 
1019 /*
1020  * Construct nvlist to pass down to kernel for setting/removing permissions.
1021  *
1022  * The nvlist is constructed as a series of nvpairs with an optional embedded
1023  * nvlist of permissions to remove or set.  The topmost nvpairs are the actual
1024  * base attribute named stored in the dsl.
1025  * Arguments:
1026  *
1027  * whostr:   is a comma separated list of users, groups, or a single set name.
1028  *           whostr may be null for everyone or create perms.
1029  * who_type: is the type of entry in whostr.  Typically this will be
1030  *           ZFS_DELEG_WHO_UNKNOWN.
1031  * perms:    common separated list of permissions.  May be null if user
1032  *           is requested to remove permissions by who.
1033  * inherit:  Specifies the inheritance of the permissions.  Will be either
1034  *           ZFS_DELEG_PERM_LOCAL and/or  ZFS_DELEG_PERM_DESCENDENT.
1035  * nvp       The constructed nvlist to pass to zfs_perm_set().
1036  *           The output nvp will look something like this.
1037  *              ul$1234 -> {create ; destroy }
1038  *              Ul$1234 -> { @myset }
1039  *              s-$@myset - { snapshot; checksum; compression }
1040  */
1041 int
1042 zfs_build_perms(zfs_handle_t *zhp, char *whostr, char *perms,
1043     zfs_deleg_who_type_t who_type, zfs_deleg_inherit_t inherit, nvlist_t **nvp)
1044 {
1045 	nvlist_t *who_nvp;
1046 	nvlist_t *perms_nvp = NULL;
1047 	nvlist_t *sets_nvp = NULL;
1048 	char errbuf[1024];
1049 	char *who_tok, *perm;
1050 	int error;
1051 
1052 	*nvp = NULL;
1053 
1054 	if (perms) {
1055 		if ((error = nvlist_alloc(&perms_nvp,
1056 		    NV_UNIQUE_NAME, 0)) != 0) {
1057 			return (1);
1058 		}
1059 		if ((error = nvlist_alloc(&sets_nvp,
1060 		    NV_UNIQUE_NAME, 0)) != 0) {
1061 			nvlist_free(perms_nvp);
1062 			return (1);
1063 		}
1064 	}
1065 
1066 	if ((error = nvlist_alloc(&who_nvp, NV_UNIQUE_NAME, 0)) != 0) {
1067 		if (perms_nvp)
1068 			nvlist_free(perms_nvp);
1069 		if (sets_nvp)
1070 			nvlist_free(sets_nvp);
1071 		return (1);
1072 	}
1073 
1074 	if (who_type == ZFS_DELEG_NAMED_SET) {
1075 		namecheck_err_t why;
1076 		char what;
1077 
1078 		if ((error = permset_namecheck(whostr, &why, &what)) != 0) {
1079 			nvlist_free(who_nvp);
1080 			if (perms_nvp)
1081 				nvlist_free(perms_nvp);
1082 			if (sets_nvp)
1083 				nvlist_free(sets_nvp);
1084 
1085 			switch (why) {
1086 			case NAME_ERR_NO_AT:
1087 				zfs_error_aux(zhp->zfs_hdl,
1088 				    dgettext(TEXT_DOMAIN,
1089 				    "set definition must begin with an '@' "
1090 				    "character"));
1091 			}
1092 			return (zfs_error(zhp->zfs_hdl,
1093 			    EZFS_BADPERMSET, whostr));
1094 		}
1095 	}
1096 
1097 	/*
1098 	 * Build up nvlist(s) of permissions.  Two nvlists are maintained.
1099 	 * The first nvlist perms_nvp will have normal permissions and the
1100 	 * other sets_nvp will have only permssion set names in it.
1101 	 */
1102 	for (perm = strtok(perms, ","); perm; perm = strtok(NULL, ",")) {
1103 		const char *perm_canonical = zfs_deleg_canonicalize_perm(perm);
1104 
1105 		if (perm_canonical) {
1106 			verify(nvlist_add_boolean(perms_nvp,
1107 			    perm_canonical) == 0);
1108 		} else if (perm[0] == '@') {
1109 			verify(nvlist_add_boolean(sets_nvp, perm) == 0);
1110 		} else {
1111 			nvlist_free(who_nvp);
1112 			nvlist_free(perms_nvp);
1113 			nvlist_free(sets_nvp);
1114 			return (zfs_error(zhp->zfs_hdl, EZFS_BADPERM, perm));
1115 		}
1116 	}
1117 
1118 	if (whostr && who_type != ZFS_DELEG_CREATE) {
1119 		who_tok = strtok(whostr, ",");
1120 		if (who_tok == NULL) {
1121 			nvlist_free(who_nvp);
1122 			if (perms_nvp)
1123 				nvlist_free(perms_nvp);
1124 			if (sets_nvp)
1125 				nvlist_free(sets_nvp);
1126 			(void) snprintf(errbuf, sizeof (errbuf),
1127 			    dgettext(TEXT_DOMAIN, "Who string is NULL"),
1128 			    whostr);
1129 			return (zfs_error(zhp->zfs_hdl, EZFS_BADWHO, errbuf));
1130 		}
1131 	}
1132 
1133 	/*
1134 	 * Now create the nvlist(s)
1135 	 */
1136 	do {
1137 		uint64_t who_id;
1138 
1139 		error = zfs_get_perm_who(who_tok, &who_type,
1140 		    &who_id);
1141 		if (error) {
1142 			nvlist_free(who_nvp);
1143 			if (perms_nvp)
1144 				nvlist_free(perms_nvp);
1145 			if (sets_nvp)
1146 				nvlist_free(sets_nvp);
1147 			(void) snprintf(errbuf, sizeof (errbuf),
1148 			    dgettext(TEXT_DOMAIN,
1149 			    "Unable to determine uid/gid for "
1150 			    "%s "), who_tok);
1151 			return (zfs_error(zhp->zfs_hdl, EZFS_BADWHO, errbuf));
1152 		}
1153 
1154 		/*
1155 		 * add entries for both local and descendent when required
1156 		 */
1157 		zfs_perms_add_who_nvlist(who_nvp, who_id, who_tok,
1158 		    perms_nvp, sets_nvp, who_type, inherit);
1159 
1160 	} while (who_tok = strtok(NULL, ","));
1161 	*nvp = who_nvp;
1162 	return (0);
1163 }
1164 
1165 static int
1166 zfs_perm_set_common(zfs_handle_t *zhp, nvlist_t *nvp, boolean_t unset)
1167 {
1168 	zfs_cmd_t zc = { 0 };
1169 	int error;
1170 	char errbuf[1024];
1171 
1172 	(void) snprintf(errbuf, sizeof (errbuf),
1173 	    dgettext(TEXT_DOMAIN, "Cannot update 'allows' for '%s'"),
1174 	    zhp->zfs_name);
1175 
1176 	if (zcmd_write_src_nvlist(zhp->zfs_hdl, &zc, nvp))
1177 		return (-1);
1178 
1179 	(void) strlcpy(zc.zc_name, zhp->zfs_name, sizeof (zc.zc_name));
1180 	zc.zc_perm_action = unset;
1181 
1182 	error = zfs_ioctl(zhp->zfs_hdl, ZFS_IOC_SET_FSACL, &zc);
1183 	if (error && errno == ENOTSUP) {
1184 		(void) snprintf(errbuf, sizeof (errbuf),
1185 		    gettext("Pool must be upgraded to use 'allow/unallow'"));
1186 		zcmd_free_nvlists(&zc);
1187 		return (zfs_error(zhp->zfs_hdl, EZFS_BADVERSION, errbuf));
1188 	} else if (error) {
1189 		return (zfs_standard_error(zhp->zfs_hdl, errno, errbuf));
1190 	}
1191 	zcmd_free_nvlists(&zc);
1192 
1193 	return (error);
1194 }
1195 
1196 int
1197 zfs_perm_set(zfs_handle_t *zhp, nvlist_t *nvp)
1198 {
1199 	return (zfs_perm_set_common(zhp, nvp, B_FALSE));
1200 }
1201 
1202 int
1203 zfs_perm_remove(zfs_handle_t *zhp, nvlist_t *perms)
1204 {
1205 	return (zfs_perm_set_common(zhp, perms, B_TRUE));
1206 }
1207 
1208 static int
1209 perm_compare(const void *arg1, const void *arg2)
1210 {
1211 	const zfs_perm_node_t *node1 = arg1;
1212 	const zfs_perm_node_t *node2 = arg2;
1213 	int ret;
1214 
1215 	ret = strcmp(node1->z_pname, node2->z_pname);
1216 
1217 	if (ret > 0)
1218 		return (1);
1219 	if (ret < 0)
1220 		return (-1);
1221 	else
1222 		return (0);
1223 }
1224 
1225 static void
1226 zfs_destroy_perm_tree(avl_tree_t *tree)
1227 {
1228 	zfs_perm_node_t *permnode;
1229 	void *cookie = NULL;
1230 
1231 	while ((permnode = avl_destroy_nodes(tree,  &cookie)) != NULL)
1232 		free(permnode);
1233 	avl_destroy(tree);
1234 }
1235 
1236 static void
1237 zfs_destroy_tree(avl_tree_t *tree)
1238 {
1239 	zfs_allow_node_t *allownode;
1240 	void *cookie = NULL;
1241 
1242 	while ((allownode = avl_destroy_nodes(tree, &cookie)) != NULL) {
1243 		zfs_destroy_perm_tree(&allownode->z_localdescend);
1244 		zfs_destroy_perm_tree(&allownode->z_local);
1245 		zfs_destroy_perm_tree(&allownode->z_descend);
1246 		free(allownode);
1247 	}
1248 	avl_destroy(tree);
1249 }
1250 
1251 void
1252 zfs_free_allows(zfs_allow_t *allow)
1253 {
1254 	zfs_allow_t *allownext;
1255 	zfs_allow_t *freeallow;
1256 
1257 	allownext = allow;
1258 	while (allownext) {
1259 		zfs_destroy_tree(&allownext->z_sets);
1260 		zfs_destroy_tree(&allownext->z_crperms);
1261 		zfs_destroy_tree(&allownext->z_user);
1262 		zfs_destroy_tree(&allownext->z_group);
1263 		zfs_destroy_tree(&allownext->z_everyone);
1264 		freeallow = allownext;
1265 		allownext = allownext->z_next;
1266 		free(freeallow);
1267 	}
1268 }
1269 
1270 static zfs_allow_t *
1271 zfs_alloc_perm_tree(zfs_handle_t *zhp, zfs_allow_t *prev, char *setpoint)
1272 {
1273 	zfs_allow_t *ptree;
1274 
1275 	if ((ptree = zfs_alloc(zhp->zfs_hdl,
1276 	    sizeof (zfs_allow_t))) == NULL) {
1277 		return (NULL);
1278 	}
1279 
1280 	(void) strlcpy(ptree->z_setpoint, setpoint, sizeof (ptree->z_setpoint));
1281 	avl_create(&ptree->z_sets,
1282 	    perm_compare, sizeof (zfs_allow_node_t),
1283 	    offsetof(zfs_allow_node_t, z_node));
1284 	avl_create(&ptree->z_crperms,
1285 	    perm_compare, sizeof (zfs_allow_node_t),
1286 	    offsetof(zfs_allow_node_t, z_node));
1287 	avl_create(&ptree->z_user,
1288 	    perm_compare, sizeof (zfs_allow_node_t),
1289 	    offsetof(zfs_allow_node_t, z_node));
1290 	avl_create(&ptree->z_group,
1291 	    perm_compare, sizeof (zfs_allow_node_t),
1292 	    offsetof(zfs_allow_node_t, z_node));
1293 	avl_create(&ptree->z_everyone,
1294 	    perm_compare, sizeof (zfs_allow_node_t),
1295 	    offsetof(zfs_allow_node_t, z_node));
1296 
1297 	if (prev)
1298 		prev->z_next = ptree;
1299 	ptree->z_next = NULL;
1300 	return (ptree);
1301 }
1302 
1303 /*
1304  * Add permissions to the appropriate AVL permission tree.
1305  * The appropriate tree may not be the requested tree.
1306  * For example if ld indicates a local permission, but
1307  * same permission also exists as a descendent permission
1308  * then the permission will be removed from the descendent
1309  * tree and add the the local+descendent tree.
1310  */
1311 static int
1312 zfs_coalesce_perm(zfs_handle_t *zhp, zfs_allow_node_t *allownode,
1313     char *perm, char ld)
1314 {
1315 	zfs_perm_node_t pnode, *permnode, *permnode2;
1316 	zfs_perm_node_t *newnode;
1317 	avl_index_t where, where2;
1318 	avl_tree_t *tree, *altree;
1319 
1320 	(void) strlcpy(pnode.z_pname, perm, sizeof (pnode.z_pname));
1321 
1322 	if (ld == ZFS_DELEG_NA) {
1323 		tree =  &allownode->z_localdescend;
1324 		altree = &allownode->z_descend;
1325 	} else if (ld == ZFS_DELEG_LOCAL) {
1326 		tree = &allownode->z_local;
1327 		altree = &allownode->z_descend;
1328 	} else {
1329 		tree = &allownode->z_descend;
1330 		altree = &allownode->z_local;
1331 	}
1332 	permnode = avl_find(tree, &pnode, &where);
1333 	permnode2 = avl_find(altree, &pnode, &where2);
1334 
1335 	if (permnode2) {
1336 		avl_remove(altree, permnode2);
1337 		free(permnode2);
1338 		if (permnode == NULL) {
1339 			tree =  &allownode->z_localdescend;
1340 		}
1341 	}
1342 
1343 	/*
1344 	 * Now insert new permission in either requested location
1345 	 * local/descendent or into ld when perm will exist in both.
1346 	 */
1347 	if (permnode == NULL) {
1348 		if ((newnode = zfs_alloc(zhp->zfs_hdl,
1349 		    sizeof (zfs_perm_node_t))) == NULL) {
1350 			return (-1);
1351 		}
1352 		*newnode = pnode;
1353 		avl_add(tree, newnode);
1354 	}
1355 	return (0);
1356 }
1357 
1358 /*
1359  * Uggh, this is going to be a bit complicated.
1360  * we have an nvlist coming out of the kernel that
1361  * will indicate where the permission is set and then
1362  * it will contain allow of the various "who's", and what
1363  * their permissions are.  To further complicate this
1364  * we will then have to coalesce the local,descendent
1365  * and local+descendent permissions where appropriate.
1366  * The kernel only knows about a permission as being local
1367  * or descendent, but not both.
1368  *
1369  * In order to make this easier for zfs_main to deal with
1370  * a series of AVL trees will be used to maintain
1371  * all of this, primarily for sorting purposes as well
1372  * as the ability to quickly locate a specific entry.
1373  *
1374  * What we end up with are tree's for sets, create perms,
1375  * user, groups and everyone.  With each of those trees
1376  * we have subtrees for local, descendent and local+descendent
1377  * permissions.
1378  */
1379 int
1380 zfs_perm_get(zfs_handle_t *zhp, zfs_allow_t **zfs_perms)
1381 {
1382 	zfs_cmd_t zc = { 0 };
1383 	int error;
1384 	nvlist_t *nvlist;
1385 	nvlist_t *permnv, *sourcenv;
1386 	nvpair_t *who_pair, *source_pair;
1387 	nvpair_t *perm_pair;
1388 	char errbuf[1024];
1389 	zfs_allow_t *zallowp, *newallowp;
1390 	char  ld;
1391 	char *nvpname;
1392 	uid_t	uid;
1393 	gid_t	gid;
1394 	avl_tree_t *tree;
1395 	avl_index_t where;
1396 
1397 	(void) strlcpy(zc.zc_name, zhp->zfs_name, sizeof (zc.zc_name));
1398 
1399 	if (zcmd_alloc_dst_nvlist(zhp->zfs_hdl, &zc, 0) != 0)
1400 		return (-1);
1401 
1402 	while (ioctl(zhp->zfs_hdl->libzfs_fd, ZFS_IOC_GET_FSACL, &zc) != 0) {
1403 		if (errno == ENOMEM) {
1404 			if (zcmd_expand_dst_nvlist(zhp->zfs_hdl, &zc) != 0) {
1405 				zcmd_free_nvlists(&zc);
1406 				return (-1);
1407 			}
1408 		} else if (errno == ENOTSUP) {
1409 			zcmd_free_nvlists(&zc);
1410 			(void) snprintf(errbuf, sizeof (errbuf),
1411 			    gettext("Pool must be upgraded to use 'allow'"));
1412 			return (zfs_error(zhp->zfs_hdl,
1413 			    EZFS_BADVERSION, errbuf));
1414 		} else {
1415 			zcmd_free_nvlists(&zc);
1416 			return (-1);
1417 		}
1418 	}
1419 
1420 	if (zcmd_read_dst_nvlist(zhp->zfs_hdl, &zc, &nvlist) != 0) {
1421 		zcmd_free_nvlists(&zc);
1422 		return (-1);
1423 	}
1424 
1425 	zcmd_free_nvlists(&zc);
1426 
1427 	source_pair = nvlist_next_nvpair(nvlist, NULL);
1428 
1429 	if (source_pair == NULL) {
1430 		*zfs_perms = NULL;
1431 		return (0);
1432 	}
1433 
1434 	*zfs_perms = zfs_alloc_perm_tree(zhp, NULL, nvpair_name(source_pair));
1435 	if (*zfs_perms == NULL) {
1436 		return (0);
1437 	}
1438 
1439 	zallowp = *zfs_perms;
1440 
1441 	for (;;) {
1442 		struct passwd *pwd;
1443 		struct group *grp;
1444 		zfs_allow_node_t *allownode;
1445 		zfs_allow_node_t  findallownode;
1446 		zfs_allow_node_t *newallownode;
1447 
1448 		(void) strlcpy(zallowp->z_setpoint,
1449 		    nvpair_name(source_pair),
1450 		    sizeof (zallowp->z_setpoint));
1451 
1452 		if ((error = nvpair_value_nvlist(source_pair, &sourcenv)) != 0)
1453 			goto abort;
1454 
1455 		/*
1456 		 * Make sure nvlist is composed correctly
1457 		 */
1458 		if (zfs_deleg_verify_nvlist(sourcenv)) {
1459 			goto abort;
1460 		}
1461 
1462 		who_pair = nvlist_next_nvpair(sourcenv, NULL);
1463 		if (who_pair == NULL) {
1464 			goto abort;
1465 		}
1466 
1467 		do {
1468 			error = nvpair_value_nvlist(who_pair, &permnv);
1469 			if (error) {
1470 				goto abort;
1471 			}
1472 
1473 			/*
1474 			 * First build up the key to use
1475 			 * for looking up in the various
1476 			 * who trees.
1477 			 */
1478 			ld = nvpair_name(who_pair)[1];
1479 			nvpname = nvpair_name(who_pair);
1480 			switch (nvpair_name(who_pair)[0]) {
1481 			case ZFS_DELEG_USER:
1482 			case ZFS_DELEG_USER_SETS:
1483 				tree = &zallowp->z_user;
1484 				uid = atol(&nvpname[3]);
1485 				pwd = getpwuid(uid);
1486 				(void) snprintf(findallownode.z_key,
1487 				    sizeof (findallownode.z_key), "user %s",
1488 				    (pwd) ? pwd->pw_name :
1489 				    &nvpair_name(who_pair)[3]);
1490 				break;
1491 			case ZFS_DELEG_GROUP:
1492 			case ZFS_DELEG_GROUP_SETS:
1493 				tree = &zallowp->z_group;
1494 				gid = atol(&nvpname[3]);
1495 				grp = getgrgid(gid);
1496 				(void) snprintf(findallownode.z_key,
1497 				    sizeof (findallownode.z_key), "group %s",
1498 				    (grp) ? grp->gr_name :
1499 				    &nvpair_name(who_pair)[3]);
1500 				break;
1501 			case ZFS_DELEG_CREATE:
1502 			case ZFS_DELEG_CREATE_SETS:
1503 				tree = &zallowp->z_crperms;
1504 				(void) strlcpy(findallownode.z_key, "",
1505 				    sizeof (findallownode.z_key));
1506 				break;
1507 			case ZFS_DELEG_EVERYONE:
1508 			case ZFS_DELEG_EVERYONE_SETS:
1509 				(void) snprintf(findallownode.z_key,
1510 				    sizeof (findallownode.z_key), "everyone");
1511 				tree = &zallowp->z_everyone;
1512 				break;
1513 			case ZFS_DELEG_NAMED_SET:
1514 			case ZFS_DELEG_NAMED_SET_SETS:
1515 				(void) snprintf(findallownode.z_key,
1516 				    sizeof (findallownode.z_key), "%s",
1517 				    &nvpair_name(who_pair)[3]);
1518 				tree = &zallowp->z_sets;
1519 				break;
1520 			}
1521 
1522 			/*
1523 			 * Place who in tree
1524 			 */
1525 			allownode = avl_find(tree, &findallownode, &where);
1526 			if (allownode == NULL) {
1527 				if ((newallownode = zfs_alloc(zhp->zfs_hdl,
1528 				    sizeof (zfs_allow_node_t))) == NULL) {
1529 					goto abort;
1530 				}
1531 				avl_create(&newallownode->z_localdescend,
1532 				    perm_compare,
1533 				    sizeof (zfs_perm_node_t),
1534 				    offsetof(zfs_perm_node_t, z_node));
1535 				avl_create(&newallownode->z_local,
1536 				    perm_compare,
1537 				    sizeof (zfs_perm_node_t),
1538 				    offsetof(zfs_perm_node_t, z_node));
1539 				avl_create(&newallownode->z_descend,
1540 				    perm_compare,
1541 				    sizeof (zfs_perm_node_t),
1542 				    offsetof(zfs_perm_node_t, z_node));
1543 				(void) strlcpy(newallownode->z_key,
1544 				    findallownode.z_key,
1545 				    sizeof (findallownode.z_key));
1546 				avl_insert(tree, newallownode, where);
1547 				allownode = newallownode;
1548 			}
1549 
1550 			/*
1551 			 * Now iterate over the permissions and
1552 			 * place them in the appropriate local,
1553 			 * descendent or local+descendent tree.
1554 			 *
1555 			 * The permissions are added to the tree
1556 			 * via zfs_coalesce_perm().
1557 			 */
1558 			perm_pair = nvlist_next_nvpair(permnv, NULL);
1559 			if (perm_pair == NULL)
1560 				goto abort;
1561 			do {
1562 				if (zfs_coalesce_perm(zhp, allownode,
1563 				    nvpair_name(perm_pair), ld) != 0)
1564 					goto abort;
1565 			} while (perm_pair = nvlist_next_nvpair(permnv,
1566 			    perm_pair));
1567 		} while (who_pair = nvlist_next_nvpair(sourcenv, who_pair));
1568 
1569 		source_pair = nvlist_next_nvpair(nvlist, source_pair);
1570 		if (source_pair == NULL)
1571 			break;
1572 
1573 		/*
1574 		 * allocate another node from the link list of
1575 		 * zfs_allow_t structures
1576 		 */
1577 		newallowp = zfs_alloc_perm_tree(zhp, zallowp,
1578 		    nvpair_name(source_pair));
1579 		if (newallowp == NULL) {
1580 			goto abort;
1581 		}
1582 		zallowp = newallowp;
1583 	}
1584 	nvlist_free(nvlist);
1585 	return (0);
1586 abort:
1587 	zfs_free_allows(*zfs_perms);
1588 	nvlist_free(nvlist);
1589 	return (-1);
1590 }
1591 
1592 static char *
1593 zfs_deleg_perm_note(zfs_deleg_note_t note)
1594 {
1595 	/*
1596 	 * Don't put newlines on end of lines
1597 	 */
1598 	switch (note) {
1599 	case ZFS_DELEG_NOTE_CREATE:
1600 		return (dgettext(TEXT_DOMAIN,
1601 		    "Must also have the 'mount' ability"));
1602 	case ZFS_DELEG_NOTE_DESTROY:
1603 		return (dgettext(TEXT_DOMAIN,
1604 		    "Must also have the 'mount' ability"));
1605 	case ZFS_DELEG_NOTE_SNAPSHOT:
1606 		return (dgettext(TEXT_DOMAIN,
1607 		    "Must also have the 'mount' ability"));
1608 	case ZFS_DELEG_NOTE_ROLLBACK:
1609 		return (dgettext(TEXT_DOMAIN,
1610 		    "Must also have the 'mount' ability"));
1611 	case ZFS_DELEG_NOTE_CLONE:
1612 		return (dgettext(TEXT_DOMAIN, "Must also have the 'create' "
1613 		    "ability and 'mount'\n"
1614 		    "\t\t\t\tability in the origin file system"));
1615 	case ZFS_DELEG_NOTE_PROMOTE:
1616 		return (dgettext(TEXT_DOMAIN, "Must also have the 'mount'\n"
1617 		    "\t\t\t\tand 'promote' ability in the origin file system"));
1618 	case ZFS_DELEG_NOTE_RENAME:
1619 		return (dgettext(TEXT_DOMAIN, "Must also have the 'mount' "
1620 		    "and 'create' \n\t\t\t\tability in the new parent"));
1621 	case ZFS_DELEG_NOTE_RECEIVE:
1622 		return (dgettext(TEXT_DOMAIN, "Must also have the 'mount'"
1623 		    " and 'create' ability"));
1624 	case ZFS_DELEG_NOTE_USERPROP:
1625 		return (dgettext(TEXT_DOMAIN,
1626 		    "Allows changing any user property"));
1627 	case ZFS_DELEG_NOTE_ALLOW:
1628 		return (dgettext(TEXT_DOMAIN,
1629 		    "Must also have the permission that is being\n"
1630 		    "\t\t\t\tallowed"));
1631 	case ZFS_DELEG_NOTE_MOUNT:
1632 		return (dgettext(TEXT_DOMAIN,
1633 		    "Allows mount/umount of ZFS datasets"));
1634 	case ZFS_DELEG_NOTE_SHARE:
1635 		return (dgettext(TEXT_DOMAIN,
1636 		    "Allows sharing file systems over NFS or SMB\n"
1637 		    "\t\t\t\tprotocols"));
1638 	case ZFS_DELEG_NOTE_NONE:
1639 	default:
1640 		return (dgettext(TEXT_DOMAIN, ""));
1641 	}
1642 }
1643 
1644 typedef enum {
1645 	ZFS_DELEG_SUBCOMMAND,
1646 	ZFS_DELEG_PROP,
1647 	ZFS_DELEG_OTHER
1648 } zfs_deleg_perm_type_t;
1649 
1650 /*
1651  * is the permission a subcommand or other?
1652  */
1653 zfs_deleg_perm_type_t
1654 zfs_deleg_perm_type(const char *perm)
1655 {
1656 	if (strcmp(perm, "userprop") == 0)
1657 		return (ZFS_DELEG_OTHER);
1658 	else
1659 		return (ZFS_DELEG_SUBCOMMAND);
1660 }
1661 
1662 static char *
1663 zfs_deleg_perm_type_str(zfs_deleg_perm_type_t type)
1664 {
1665 	switch (type) {
1666 	case ZFS_DELEG_SUBCOMMAND:
1667 		return (dgettext(TEXT_DOMAIN, "subcommand"));
1668 	case ZFS_DELEG_PROP:
1669 		return (dgettext(TEXT_DOMAIN, "property"));
1670 	case ZFS_DELEG_OTHER:
1671 		return (dgettext(TEXT_DOMAIN, "other"));
1672 	}
1673 	return ("");
1674 }
1675 
1676 /*ARGSUSED*/
1677 static int
1678 zfs_deleg_prop_cb(int prop, void *cb)
1679 {
1680 	if (zfs_prop_delegatable(prop))
1681 		(void) fprintf(stderr, "%-15s %-15s\n", zfs_prop_to_name(prop),
1682 		    zfs_deleg_perm_type_str(ZFS_DELEG_PROP));
1683 
1684 	return (ZPROP_CONT);
1685 }
1686 
1687 void
1688 zfs_deleg_permissions(void)
1689 {
1690 	int i;
1691 
1692 	(void) fprintf(stderr, "\n%-15s %-15s\t%s\n\n", "NAME",
1693 	    "TYPE", "NOTES");
1694 
1695 	/*
1696 	 * First print out the subcommands
1697 	 */
1698 	for (i = 0; zfs_deleg_perm_tab[i].z_perm != NULL; i++) {
1699 		(void) fprintf(stderr, "%-15s %-15s\t%s\n",
1700 		    zfs_deleg_perm_tab[i].z_perm,
1701 		    zfs_deleg_perm_type_str(
1702 		    zfs_deleg_perm_type(zfs_deleg_perm_tab[i].z_perm)),
1703 		    zfs_deleg_perm_note(zfs_deleg_perm_tab[i].z_note));
1704 	}
1705 
1706 	(void) zprop_iter(zfs_deleg_prop_cb, NULL, B_FALSE, B_TRUE,
1707 	    ZFS_TYPE_DATASET|ZFS_TYPE_VOLUME);
1708 }
1709 
1710 /*
1711  * Given a property name and value, set the property for the given dataset.
1712  */
1713 int
1714 zfs_prop_set(zfs_handle_t *zhp, const char *propname, const char *propval)
1715 {
1716 	zfs_cmd_t zc = { 0 };
1717 	int ret = -1;
1718 	prop_changelist_t *cl = NULL;
1719 	char errbuf[1024];
1720 	libzfs_handle_t *hdl = zhp->zfs_hdl;
1721 	nvlist_t *nvl = NULL, *realprops;
1722 	zfs_prop_t prop;
1723 	int do_prefix = 1;
1724 
1725 	(void) snprintf(errbuf, sizeof (errbuf),
1726 	    dgettext(TEXT_DOMAIN, "cannot set property for '%s'"),
1727 	    zhp->zfs_name);
1728 
1729 	if (nvlist_alloc(&nvl, NV_UNIQUE_NAME, 0) != 0 ||
1730 	    nvlist_add_string(nvl, propname, propval) != 0) {
1731 		(void) no_memory(hdl);
1732 		goto error;
1733 	}
1734 
1735 	if ((realprops = zfs_validate_properties(hdl, zhp->zfs_type, nvl,
1736 	    zfs_prop_get_int(zhp, ZFS_PROP_ZONED), zhp, errbuf)) == NULL)
1737 		goto error;
1738 
1739 	nvlist_free(nvl);
1740 	nvl = realprops;
1741 
1742 	prop = zfs_name_to_prop(propname);
1743 
1744 	if ((cl = changelist_gather(zhp, prop, 0)) == NULL)
1745 		goto error;
1746 
1747 	if (prop == ZFS_PROP_MOUNTPOINT && changelist_haszonedchild(cl)) {
1748 		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1749 		    "child dataset with inherited mountpoint is used "
1750 		    "in a non-global zone"));
1751 		ret = zfs_error(hdl, EZFS_ZONED, errbuf);
1752 		goto error;
1753 	}
1754 
1755 
1756 	/* do not unmount dataset if canmount is being set to noauto */
1757 	if (prop == ZFS_PROP_CANMOUNT && *propval == ZFS_CANMOUNT_NOAUTO)
1758 		do_prefix = 0;
1759 
1760 	if (do_prefix && (ret = changelist_prefix(cl)) != 0)
1761 			goto error;
1762 
1763 	/*
1764 	 * Execute the corresponding ioctl() to set this property.
1765 	 */
1766 	(void) strlcpy(zc.zc_name, zhp->zfs_name, sizeof (zc.zc_name));
1767 
1768 	if (zcmd_write_src_nvlist(hdl, &zc, nvl) != 0)
1769 		goto error;
1770 
1771 	ret = zfs_ioctl(hdl, ZFS_IOC_SET_PROP, &zc);
1772 	if (ret != 0) {
1773 		switch (errno) {
1774 
1775 		case ENOSPC:
1776 			/*
1777 			 * For quotas and reservations, ENOSPC indicates
1778 			 * something different; setting a quota or reservation
1779 			 * doesn't use any disk space.
1780 			 */
1781 			switch (prop) {
1782 			case ZFS_PROP_QUOTA:
1783 			case ZFS_PROP_REFQUOTA:
1784 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1785 				    "size is less than current used or "
1786 				    "reserved space"));
1787 				(void) zfs_error(hdl, EZFS_PROPSPACE, errbuf);
1788 				break;
1789 
1790 			case ZFS_PROP_RESERVATION:
1791 			case ZFS_PROP_REFRESERVATION:
1792 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1793 				    "size is greater than available space"));
1794 				(void) zfs_error(hdl, EZFS_PROPSPACE, errbuf);
1795 				break;
1796 
1797 			default:
1798 				(void) zfs_standard_error(hdl, errno, errbuf);
1799 				break;
1800 			}
1801 			break;
1802 
1803 		case EBUSY:
1804 			if (prop == ZFS_PROP_VOLBLOCKSIZE)
1805 				(void) zfs_error(hdl, EZFS_VOLHASDATA, errbuf);
1806 			else
1807 				(void) zfs_standard_error(hdl, EBUSY, errbuf);
1808 			break;
1809 
1810 		case EROFS:
1811 			(void) zfs_error(hdl, EZFS_DSREADONLY, errbuf);
1812 			break;
1813 
1814 		case ENOTSUP:
1815 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1816 			    "pool and or dataset must be upgraded to set this "
1817 			    "property or value"));
1818 			(void) zfs_error(hdl, EZFS_BADVERSION, errbuf);
1819 			break;
1820 
1821 		case EOVERFLOW:
1822 			/*
1823 			 * This platform can't address a volume this big.
1824 			 */
1825 #ifdef _ILP32
1826 			if (prop == ZFS_PROP_VOLSIZE) {
1827 				(void) zfs_error(hdl, EZFS_VOLTOOBIG, errbuf);
1828 				break;
1829 			}
1830 #endif
1831 			/* FALLTHROUGH */
1832 		default:
1833 			(void) zfs_standard_error(hdl, errno, errbuf);
1834 		}
1835 	} else {
1836 		if (do_prefix)
1837 			ret = changelist_postfix(cl);
1838 
1839 		/*
1840 		 * Refresh the statistics so the new property value
1841 		 * is reflected.
1842 		 */
1843 		if (ret == 0)
1844 			(void) get_stats(zhp);
1845 	}
1846 
1847 error:
1848 	nvlist_free(nvl);
1849 	zcmd_free_nvlists(&zc);
1850 	if (cl)
1851 		changelist_free(cl);
1852 	return (ret);
1853 }
1854 
1855 /*
1856  * Given a property, inherit the value from the parent dataset.
1857  */
1858 int
1859 zfs_prop_inherit(zfs_handle_t *zhp, const char *propname)
1860 {
1861 	zfs_cmd_t zc = { 0 };
1862 	int ret;
1863 	prop_changelist_t *cl;
1864 	libzfs_handle_t *hdl = zhp->zfs_hdl;
1865 	char errbuf[1024];
1866 	zfs_prop_t prop;
1867 
1868 	(void) snprintf(errbuf, sizeof (errbuf), dgettext(TEXT_DOMAIN,
1869 	    "cannot inherit %s for '%s'"), propname, zhp->zfs_name);
1870 
1871 	if ((prop = zfs_name_to_prop(propname)) == ZPROP_INVAL) {
1872 		/*
1873 		 * For user properties, the amount of work we have to do is very
1874 		 * small, so just do it here.
1875 		 */
1876 		if (!zfs_prop_user(propname)) {
1877 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1878 			    "invalid property"));
1879 			return (zfs_error(hdl, EZFS_BADPROP, errbuf));
1880 		}
1881 
1882 		(void) strlcpy(zc.zc_name, zhp->zfs_name, sizeof (zc.zc_name));
1883 		(void) strlcpy(zc.zc_value, propname, sizeof (zc.zc_value));
1884 
1885 		if (zfs_ioctl(zhp->zfs_hdl, ZFS_IOC_INHERIT_PROP, &zc) != 0)
1886 			return (zfs_standard_error(hdl, errno, errbuf));
1887 
1888 		return (0);
1889 	}
1890 
1891 	/*
1892 	 * Verify that this property is inheritable.
1893 	 */
1894 	if (zfs_prop_readonly(prop))
1895 		return (zfs_error(hdl, EZFS_PROPREADONLY, errbuf));
1896 
1897 	if (!zfs_prop_inheritable(prop))
1898 		return (zfs_error(hdl, EZFS_PROPNONINHERIT, errbuf));
1899 
1900 	/*
1901 	 * Check to see if the value applies to this type
1902 	 */
1903 	if (!zfs_prop_valid_for_type(prop, zhp->zfs_type))
1904 		return (zfs_error(hdl, EZFS_PROPTYPE, errbuf));
1905 
1906 	/*
1907 	 * Normalize the name, to get rid of shorthand abbrevations.
1908 	 */
1909 	propname = zfs_prop_to_name(prop);
1910 	(void) strlcpy(zc.zc_name, zhp->zfs_name, sizeof (zc.zc_name));
1911 	(void) strlcpy(zc.zc_value, propname, sizeof (zc.zc_value));
1912 
1913 	if (prop == ZFS_PROP_MOUNTPOINT && getzoneid() == GLOBAL_ZONEID &&
1914 	    zfs_prop_get_int(zhp, ZFS_PROP_ZONED)) {
1915 		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1916 		    "dataset is used in a non-global zone"));
1917 		return (zfs_error(hdl, EZFS_ZONED, errbuf));
1918 	}
1919 
1920 	/*
1921 	 * Determine datasets which will be affected by this change, if any.
1922 	 */
1923 	if ((cl = changelist_gather(zhp, prop, 0)) == NULL)
1924 		return (-1);
1925 
1926 	if (prop == ZFS_PROP_MOUNTPOINT && changelist_haszonedchild(cl)) {
1927 		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1928 		    "child dataset with inherited mountpoint is used "
1929 		    "in a non-global zone"));
1930 		ret = zfs_error(hdl, EZFS_ZONED, errbuf);
1931 		goto error;
1932 	}
1933 
1934 	if ((ret = changelist_prefix(cl)) != 0)
1935 		goto error;
1936 
1937 	if ((ret = zfs_ioctl(zhp->zfs_hdl, ZFS_IOC_INHERIT_PROP, &zc)) != 0) {
1938 		return (zfs_standard_error(hdl, errno, errbuf));
1939 	} else {
1940 
1941 		if ((ret = changelist_postfix(cl)) != 0)
1942 			goto error;
1943 
1944 		/*
1945 		 * Refresh the statistics so the new property is reflected.
1946 		 */
1947 		(void) get_stats(zhp);
1948 	}
1949 
1950 error:
1951 	changelist_free(cl);
1952 	return (ret);
1953 }
1954 
1955 /*
1956  * True DSL properties are stored in an nvlist.  The following two functions
1957  * extract them appropriately.
1958  */
1959 static uint64_t
1960 getprop_uint64(zfs_handle_t *zhp, zfs_prop_t prop, char **source)
1961 {
1962 	nvlist_t *nv;
1963 	uint64_t value;
1964 
1965 	*source = NULL;
1966 	if (nvlist_lookup_nvlist(zhp->zfs_props,
1967 	    zfs_prop_to_name(prop), &nv) == 0) {
1968 		verify(nvlist_lookup_uint64(nv, ZPROP_VALUE, &value) == 0);
1969 		(void) nvlist_lookup_string(nv, ZPROP_SOURCE, source);
1970 	} else {
1971 		value = zfs_prop_default_numeric(prop);
1972 		*source = "";
1973 	}
1974 
1975 	return (value);
1976 }
1977 
1978 static char *
1979 getprop_string(zfs_handle_t *zhp, zfs_prop_t prop, char **source)
1980 {
1981 	nvlist_t *nv;
1982 	char *value;
1983 
1984 	*source = NULL;
1985 	if (nvlist_lookup_nvlist(zhp->zfs_props,
1986 	    zfs_prop_to_name(prop), &nv) == 0) {
1987 		verify(nvlist_lookup_string(nv, ZPROP_VALUE, &value) == 0);
1988 		(void) nvlist_lookup_string(nv, ZPROP_SOURCE, source);
1989 	} else {
1990 		if ((value = (char *)zfs_prop_default_string(prop)) == NULL)
1991 			value = "";
1992 		*source = "";
1993 	}
1994 
1995 	return (value);
1996 }
1997 
1998 /*
1999  * Internal function for getting a numeric property.  Both zfs_prop_get() and
2000  * zfs_prop_get_int() are built using this interface.
2001  *
2002  * Certain properties can be overridden using 'mount -o'.  In this case, scan
2003  * the contents of the /etc/mnttab entry, searching for the appropriate options.
2004  * If they differ from the on-disk values, report the current values and mark
2005  * the source "temporary".
2006  */
2007 static int
2008 get_numeric_property(zfs_handle_t *zhp, zfs_prop_t prop, zprop_source_t *src,
2009     char **source, uint64_t *val)
2010 {
2011 	zfs_cmd_t zc = { 0 };
2012 	nvlist_t *zplprops = NULL;
2013 	struct mnttab mnt;
2014 	char *mntopt_on = NULL;
2015 	char *mntopt_off = NULL;
2016 
2017 	*source = NULL;
2018 
2019 	switch (prop) {
2020 	case ZFS_PROP_ATIME:
2021 		mntopt_on = MNTOPT_ATIME;
2022 		mntopt_off = MNTOPT_NOATIME;
2023 		break;
2024 
2025 	case ZFS_PROP_DEVICES:
2026 		mntopt_on = MNTOPT_DEVICES;
2027 		mntopt_off = MNTOPT_NODEVICES;
2028 		break;
2029 
2030 	case ZFS_PROP_EXEC:
2031 		mntopt_on = MNTOPT_EXEC;
2032 		mntopt_off = MNTOPT_NOEXEC;
2033 		break;
2034 
2035 	case ZFS_PROP_READONLY:
2036 		mntopt_on = MNTOPT_RO;
2037 		mntopt_off = MNTOPT_RW;
2038 		break;
2039 
2040 	case ZFS_PROP_SETUID:
2041 		mntopt_on = MNTOPT_SETUID;
2042 		mntopt_off = MNTOPT_NOSETUID;
2043 		break;
2044 
2045 	case ZFS_PROP_XATTR:
2046 		mntopt_on = MNTOPT_XATTR;
2047 		mntopt_off = MNTOPT_NOXATTR;
2048 		break;
2049 
2050 	case ZFS_PROP_NBMAND:
2051 		mntopt_on = MNTOPT_NBMAND;
2052 		mntopt_off = MNTOPT_NONBMAND;
2053 		break;
2054 	}
2055 
2056 	/*
2057 	 * Because looking up the mount options is potentially expensive
2058 	 * (iterating over all of /etc/mnttab), we defer its calculation until
2059 	 * we're looking up a property which requires its presence.
2060 	 */
2061 	if (!zhp->zfs_mntcheck &&
2062 	    (mntopt_on != NULL || prop == ZFS_PROP_MOUNTED)) {
2063 		struct mnttab entry, search = { 0 };
2064 		FILE *mnttab = zhp->zfs_hdl->libzfs_mnttab;
2065 
2066 		search.mnt_special = (char *)zhp->zfs_name;
2067 		search.mnt_fstype = MNTTYPE_ZFS;
2068 		rewind(mnttab);
2069 
2070 		if (getmntany(mnttab, &entry, &search) == 0) {
2071 			zhp->zfs_mntopts = zfs_strdup(zhp->zfs_hdl,
2072 			    entry.mnt_mntopts);
2073 			if (zhp->zfs_mntopts == NULL)
2074 				return (-1);
2075 		}
2076 
2077 		zhp->zfs_mntcheck = B_TRUE;
2078 	}
2079 
2080 	if (zhp->zfs_mntopts == NULL)
2081 		mnt.mnt_mntopts = "";
2082 	else
2083 		mnt.mnt_mntopts = zhp->zfs_mntopts;
2084 
2085 	switch (prop) {
2086 	case ZFS_PROP_ATIME:
2087 	case ZFS_PROP_DEVICES:
2088 	case ZFS_PROP_EXEC:
2089 	case ZFS_PROP_READONLY:
2090 	case ZFS_PROP_SETUID:
2091 	case ZFS_PROP_XATTR:
2092 	case ZFS_PROP_NBMAND:
2093 		*val = getprop_uint64(zhp, prop, source);
2094 
2095 		if (hasmntopt(&mnt, mntopt_on) && !*val) {
2096 			*val = B_TRUE;
2097 			if (src)
2098 				*src = ZPROP_SRC_TEMPORARY;
2099 		} else if (hasmntopt(&mnt, mntopt_off) && *val) {
2100 			*val = B_FALSE;
2101 			if (src)
2102 				*src = ZPROP_SRC_TEMPORARY;
2103 		}
2104 		break;
2105 
2106 	case ZFS_PROP_CANMOUNT:
2107 		*val = getprop_uint64(zhp, prop, source);
2108 		if (*val != ZFS_CANMOUNT_ON)
2109 			*source = zhp->zfs_name;
2110 		else
2111 			*source = "";	/* default */
2112 		break;
2113 
2114 	case ZFS_PROP_QUOTA:
2115 	case ZFS_PROP_REFQUOTA:
2116 	case ZFS_PROP_RESERVATION:
2117 	case ZFS_PROP_REFRESERVATION:
2118 		*val = getprop_uint64(zhp, prop, source);
2119 		if (*val == 0)
2120 			*source = "";	/* default */
2121 		else
2122 			*source = zhp->zfs_name;
2123 		break;
2124 
2125 	case ZFS_PROP_MOUNTED:
2126 		*val = (zhp->zfs_mntopts != NULL);
2127 		break;
2128 
2129 	case ZFS_PROP_NUMCLONES:
2130 		*val = zhp->zfs_dmustats.dds_num_clones;
2131 		break;
2132 
2133 	case ZFS_PROP_VERSION:
2134 	case ZFS_PROP_NORMALIZE:
2135 	case ZFS_PROP_UTF8ONLY:
2136 	case ZFS_PROP_CASE:
2137 		if (!zfs_prop_valid_for_type(prop, zhp->zfs_head_type) ||
2138 		    zcmd_alloc_dst_nvlist(zhp->zfs_hdl, &zc, 0) != 0)
2139 			return (-1);
2140 		(void) strlcpy(zc.zc_name, zhp->zfs_name, sizeof (zc.zc_name));
2141 		if (zfs_ioctl(zhp->zfs_hdl, ZFS_IOC_OBJSET_ZPLPROPS, &zc)) {
2142 			zcmd_free_nvlists(&zc);
2143 			zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
2144 			    "unable to get %s property"),
2145 			    zfs_prop_to_name(prop));
2146 			return (zfs_error(zhp->zfs_hdl, EZFS_BADVERSION,
2147 			    dgettext(TEXT_DOMAIN, "internal error")));
2148 		}
2149 		if (zcmd_read_dst_nvlist(zhp->zfs_hdl, &zc, &zplprops) != 0 ||
2150 		    nvlist_lookup_uint64(zplprops, zfs_prop_to_name(prop),
2151 		    val) != 0) {
2152 			zcmd_free_nvlists(&zc);
2153 			zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
2154 			    "unable to get %s property"),
2155 			    zfs_prop_to_name(prop));
2156 			return (zfs_error(zhp->zfs_hdl, EZFS_NOMEM,
2157 			    dgettext(TEXT_DOMAIN, "internal error")));
2158 		}
2159 		if (zplprops)
2160 			nvlist_free(zplprops);
2161 		zcmd_free_nvlists(&zc);
2162 		break;
2163 
2164 	default:
2165 		switch (zfs_prop_get_type(prop)) {
2166 		case PROP_TYPE_NUMBER:
2167 		case PROP_TYPE_INDEX:
2168 			*val = getprop_uint64(zhp, prop, source);
2169 			break;
2170 
2171 		case PROP_TYPE_STRING:
2172 		default:
2173 			zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
2174 			    "cannot get non-numeric property"));
2175 			return (zfs_error(zhp->zfs_hdl, EZFS_BADPROP,
2176 			    dgettext(TEXT_DOMAIN, "internal error")));
2177 		}
2178 	}
2179 
2180 	return (0);
2181 }
2182 
2183 /*
2184  * Calculate the source type, given the raw source string.
2185  */
2186 static void
2187 get_source(zfs_handle_t *zhp, zprop_source_t *srctype, char *source,
2188     char *statbuf, size_t statlen)
2189 {
2190 	if (statbuf == NULL || *srctype == ZPROP_SRC_TEMPORARY)
2191 		return;
2192 
2193 	if (source == NULL) {
2194 		*srctype = ZPROP_SRC_NONE;
2195 	} else if (source[0] == '\0') {
2196 		*srctype = ZPROP_SRC_DEFAULT;
2197 	} else {
2198 		if (strcmp(source, zhp->zfs_name) == 0) {
2199 			*srctype = ZPROP_SRC_LOCAL;
2200 		} else {
2201 			(void) strlcpy(statbuf, source, statlen);
2202 			*srctype = ZPROP_SRC_INHERITED;
2203 		}
2204 	}
2205 
2206 }
2207 
2208 /*
2209  * Retrieve a property from the given object.  If 'literal' is specified, then
2210  * numbers are left as exact values.  Otherwise, numbers are converted to a
2211  * human-readable form.
2212  *
2213  * Returns 0 on success, or -1 on error.
2214  */
2215 int
2216 zfs_prop_get(zfs_handle_t *zhp, zfs_prop_t prop, char *propbuf, size_t proplen,
2217     zprop_source_t *src, char *statbuf, size_t statlen, boolean_t literal)
2218 {
2219 	char *source = NULL;
2220 	uint64_t val;
2221 	char *str;
2222 	const char *root;
2223 	const char *strval;
2224 
2225 	/*
2226 	 * Check to see if this property applies to our object
2227 	 */
2228 	if (!zfs_prop_valid_for_type(prop, zhp->zfs_type))
2229 		return (-1);
2230 
2231 	if (src)
2232 		*src = ZPROP_SRC_NONE;
2233 
2234 	switch (prop) {
2235 	case ZFS_PROP_CREATION:
2236 		/*
2237 		 * 'creation' is a time_t stored in the statistics.  We convert
2238 		 * this into a string unless 'literal' is specified.
2239 		 */
2240 		{
2241 			val = getprop_uint64(zhp, prop, &source);
2242 			time_t time = (time_t)val;
2243 			struct tm t;
2244 
2245 			if (literal ||
2246 			    localtime_r(&time, &t) == NULL ||
2247 			    strftime(propbuf, proplen, "%a %b %e %k:%M %Y",
2248 			    &t) == 0)
2249 				(void) snprintf(propbuf, proplen, "%llu", val);
2250 		}
2251 		break;
2252 
2253 	case ZFS_PROP_MOUNTPOINT:
2254 		/*
2255 		 * Getting the precise mountpoint can be tricky.
2256 		 *
2257 		 *  - for 'none' or 'legacy', return those values.
2258 		 *  - for default mountpoints, construct it as /zfs/<dataset>
2259 		 *  - for inherited mountpoints, we want to take everything
2260 		 *    after our ancestor and append it to the inherited value.
2261 		 *
2262 		 * If the pool has an alternate root, we want to prepend that
2263 		 * root to any values we return.
2264 		 */
2265 		root = zhp->zfs_root;
2266 		str = getprop_string(zhp, prop, &source);
2267 
2268 		if (str[0] == '\0') {
2269 			(void) snprintf(propbuf, proplen, "%s/zfs/%s",
2270 			    root, zhp->zfs_name);
2271 		} else if (str[0] == '/') {
2272 			const char *relpath = zhp->zfs_name + strlen(source);
2273 
2274 			if (relpath[0] == '/')
2275 				relpath++;
2276 			if (str[1] == '\0')
2277 				str++;
2278 
2279 			if (relpath[0] == '\0')
2280 				(void) snprintf(propbuf, proplen, "%s%s",
2281 				    root, str);
2282 			else
2283 				(void) snprintf(propbuf, proplen, "%s%s%s%s",
2284 				    root, str, relpath[0] == '@' ? "" : "/",
2285 				    relpath);
2286 		} else {
2287 			/* 'legacy' or 'none' */
2288 			(void) strlcpy(propbuf, str, proplen);
2289 		}
2290 
2291 		break;
2292 
2293 	case ZFS_PROP_ORIGIN:
2294 		(void) strlcpy(propbuf, getprop_string(zhp, prop, &source),
2295 		    proplen);
2296 		/*
2297 		 * If there is no parent at all, return failure to indicate that
2298 		 * it doesn't apply to this dataset.
2299 		 */
2300 		if (propbuf[0] == '\0')
2301 			return (-1);
2302 		break;
2303 
2304 	case ZFS_PROP_QUOTA:
2305 	case ZFS_PROP_REFQUOTA:
2306 	case ZFS_PROP_RESERVATION:
2307 	case ZFS_PROP_REFRESERVATION:
2308 
2309 		if (get_numeric_property(zhp, prop, src, &source, &val) != 0)
2310 			return (-1);
2311 
2312 		/*
2313 		 * If quota or reservation is 0, we translate this into 'none'
2314 		 * (unless literal is set), and indicate that it's the default
2315 		 * value.  Otherwise, we print the number nicely and indicate
2316 		 * that its set locally.
2317 		 */
2318 		if (val == 0) {
2319 			if (literal)
2320 				(void) strlcpy(propbuf, "0", proplen);
2321 			else
2322 				(void) strlcpy(propbuf, "none", proplen);
2323 		} else {
2324 			if (literal)
2325 				(void) snprintf(propbuf, proplen, "%llu",
2326 				    (u_longlong_t)val);
2327 			else
2328 				zfs_nicenum(val, propbuf, proplen);
2329 		}
2330 		break;
2331 
2332 	case ZFS_PROP_COMPRESSRATIO:
2333 		if (get_numeric_property(zhp, prop, src, &source, &val) != 0)
2334 			return (-1);
2335 		(void) snprintf(propbuf, proplen, "%lld.%02lldx", (longlong_t)
2336 		    val / 100, (longlong_t)val % 100);
2337 		break;
2338 
2339 	case ZFS_PROP_TYPE:
2340 		switch (zhp->zfs_type) {
2341 		case ZFS_TYPE_FILESYSTEM:
2342 			str = "filesystem";
2343 			break;
2344 		case ZFS_TYPE_VOLUME:
2345 			str = "volume";
2346 			break;
2347 		case ZFS_TYPE_SNAPSHOT:
2348 			str = "snapshot";
2349 			break;
2350 		default:
2351 			abort();
2352 		}
2353 		(void) snprintf(propbuf, proplen, "%s", str);
2354 		break;
2355 
2356 	case ZFS_PROP_MOUNTED:
2357 		/*
2358 		 * The 'mounted' property is a pseudo-property that described
2359 		 * whether the filesystem is currently mounted.  Even though
2360 		 * it's a boolean value, the typical values of "on" and "off"
2361 		 * don't make sense, so we translate to "yes" and "no".
2362 		 */
2363 		if (get_numeric_property(zhp, ZFS_PROP_MOUNTED,
2364 		    src, &source, &val) != 0)
2365 			return (-1);
2366 		if (val)
2367 			(void) strlcpy(propbuf, "yes", proplen);
2368 		else
2369 			(void) strlcpy(propbuf, "no", proplen);
2370 		break;
2371 
2372 	case ZFS_PROP_NAME:
2373 		/*
2374 		 * The 'name' property is a pseudo-property derived from the
2375 		 * dataset name.  It is presented as a real property to simplify
2376 		 * consumers.
2377 		 */
2378 		(void) strlcpy(propbuf, zhp->zfs_name, proplen);
2379 		break;
2380 
2381 	default:
2382 		switch (zfs_prop_get_type(prop)) {
2383 		case PROP_TYPE_NUMBER:
2384 			if (get_numeric_property(zhp, prop, src,
2385 			    &source, &val) != 0)
2386 				return (-1);
2387 			if (literal)
2388 				(void) snprintf(propbuf, proplen, "%llu",
2389 				    (u_longlong_t)val);
2390 			else
2391 				zfs_nicenum(val, propbuf, proplen);
2392 			break;
2393 
2394 		case PROP_TYPE_STRING:
2395 			(void) strlcpy(propbuf,
2396 			    getprop_string(zhp, prop, &source), proplen);
2397 			break;
2398 
2399 		case PROP_TYPE_INDEX:
2400 			if (get_numeric_property(zhp, prop, src,
2401 			    &source, &val) != 0)
2402 				return (-1);
2403 			if (zfs_prop_index_to_string(prop, val, &strval) != 0)
2404 				return (-1);
2405 			(void) strlcpy(propbuf, strval, proplen);
2406 			break;
2407 
2408 		default:
2409 			abort();
2410 		}
2411 	}
2412 
2413 	get_source(zhp, src, source, statbuf, statlen);
2414 
2415 	return (0);
2416 }
2417 
2418 /*
2419  * Utility function to get the given numeric property.  Does no validation that
2420  * the given property is the appropriate type; should only be used with
2421  * hard-coded property types.
2422  */
2423 uint64_t
2424 zfs_prop_get_int(zfs_handle_t *zhp, zfs_prop_t prop)
2425 {
2426 	char *source;
2427 	uint64_t val;
2428 
2429 	(void) get_numeric_property(zhp, prop, NULL, &source, &val);
2430 
2431 	return (val);
2432 }
2433 
2434 int
2435 zfs_prop_set_int(zfs_handle_t *zhp, zfs_prop_t prop, uint64_t val)
2436 {
2437 	char buf[64];
2438 
2439 	zfs_nicenum(val, buf, sizeof (buf));
2440 	return (zfs_prop_set(zhp, zfs_prop_to_name(prop), buf));
2441 }
2442 
2443 /*
2444  * Similar to zfs_prop_get(), but returns the value as an integer.
2445  */
2446 int
2447 zfs_prop_get_numeric(zfs_handle_t *zhp, zfs_prop_t prop, uint64_t *value,
2448     zprop_source_t *src, char *statbuf, size_t statlen)
2449 {
2450 	char *source;
2451 
2452 	/*
2453 	 * Check to see if this property applies to our object
2454 	 */
2455 	if (!zfs_prop_valid_for_type(prop, zhp->zfs_type)) {
2456 		return (zfs_error_fmt(zhp->zfs_hdl, EZFS_PROPTYPE,
2457 		    dgettext(TEXT_DOMAIN, "cannot get property '%s'"),
2458 		    zfs_prop_to_name(prop)));
2459 	}
2460 
2461 	if (src)
2462 		*src = ZPROP_SRC_NONE;
2463 
2464 	if (get_numeric_property(zhp, prop, src, &source, value) != 0)
2465 		return (-1);
2466 
2467 	get_source(zhp, src, source, statbuf, statlen);
2468 
2469 	return (0);
2470 }
2471 
2472 /*
2473  * Returns the name of the given zfs handle.
2474  */
2475 const char *
2476 zfs_get_name(const zfs_handle_t *zhp)
2477 {
2478 	return (zhp->zfs_name);
2479 }
2480 
2481 /*
2482  * Returns the type of the given zfs handle.
2483  */
2484 zfs_type_t
2485 zfs_get_type(const zfs_handle_t *zhp)
2486 {
2487 	return (zhp->zfs_type);
2488 }
2489 
2490 /*
2491  * Iterate over all child filesystems
2492  */
2493 int
2494 zfs_iter_filesystems(zfs_handle_t *zhp, zfs_iter_f func, void *data)
2495 {
2496 	zfs_cmd_t zc = { 0 };
2497 	zfs_handle_t *nzhp;
2498 	int ret;
2499 
2500 	if (zhp->zfs_type != ZFS_TYPE_FILESYSTEM)
2501 		return (0);
2502 
2503 	for ((void) strlcpy(zc.zc_name, zhp->zfs_name, sizeof (zc.zc_name));
2504 	    ioctl(zhp->zfs_hdl->libzfs_fd, ZFS_IOC_DATASET_LIST_NEXT, &zc) == 0;
2505 	    (void) strlcpy(zc.zc_name, zhp->zfs_name, sizeof (zc.zc_name))) {
2506 		/*
2507 		 * Ignore private dataset names.
2508 		 */
2509 		if (dataset_name_hidden(zc.zc_name))
2510 			continue;
2511 
2512 		/*
2513 		 * Silently ignore errors, as the only plausible explanation is
2514 		 * that the pool has since been removed.
2515 		 */
2516 		if ((nzhp = make_dataset_handle(zhp->zfs_hdl,
2517 		    zc.zc_name)) == NULL)
2518 			continue;
2519 
2520 		if ((ret = func(nzhp, data)) != 0)
2521 			return (ret);
2522 	}
2523 
2524 	/*
2525 	 * An errno value of ESRCH indicates normal completion.  If ENOENT is
2526 	 * returned, then the underlying dataset has been removed since we
2527 	 * obtained the handle.
2528 	 */
2529 	if (errno != ESRCH && errno != ENOENT)
2530 		return (zfs_standard_error(zhp->zfs_hdl, errno,
2531 		    dgettext(TEXT_DOMAIN, "cannot iterate filesystems")));
2532 
2533 	return (0);
2534 }
2535 
2536 /*
2537  * Iterate over all snapshots
2538  */
2539 int
2540 zfs_iter_snapshots(zfs_handle_t *zhp, zfs_iter_f func, void *data)
2541 {
2542 	zfs_cmd_t zc = { 0 };
2543 	zfs_handle_t *nzhp;
2544 	int ret;
2545 
2546 	if (zhp->zfs_type == ZFS_TYPE_SNAPSHOT)
2547 		return (0);
2548 
2549 	for ((void) strlcpy(zc.zc_name, zhp->zfs_name, sizeof (zc.zc_name));
2550 	    ioctl(zhp->zfs_hdl->libzfs_fd, ZFS_IOC_SNAPSHOT_LIST_NEXT,
2551 	    &zc) == 0;
2552 	    (void) strlcpy(zc.zc_name, zhp->zfs_name, sizeof (zc.zc_name))) {
2553 
2554 		if ((nzhp = make_dataset_handle(zhp->zfs_hdl,
2555 		    zc.zc_name)) == NULL)
2556 			continue;
2557 
2558 		if ((ret = func(nzhp, data)) != 0)
2559 			return (ret);
2560 	}
2561 
2562 	/*
2563 	 * An errno value of ESRCH indicates normal completion.  If ENOENT is
2564 	 * returned, then the underlying dataset has been removed since we
2565 	 * obtained the handle.  Silently ignore this case, and return success.
2566 	 */
2567 	if (errno != ESRCH && errno != ENOENT)
2568 		return (zfs_standard_error(zhp->zfs_hdl, errno,
2569 		    dgettext(TEXT_DOMAIN, "cannot iterate filesystems")));
2570 
2571 	return (0);
2572 }
2573 
2574 /*
2575  * Iterate over all children, snapshots and filesystems
2576  */
2577 int
2578 zfs_iter_children(zfs_handle_t *zhp, zfs_iter_f func, void *data)
2579 {
2580 	int ret;
2581 
2582 	if ((ret = zfs_iter_filesystems(zhp, func, data)) != 0)
2583 		return (ret);
2584 
2585 	return (zfs_iter_snapshots(zhp, func, data));
2586 }
2587 
2588 /*
2589  * Given a complete name, return just the portion that refers to the parent.
2590  * Can return NULL if this is a pool.
2591  */
2592 static int
2593 parent_name(const char *path, char *buf, size_t buflen)
2594 {
2595 	char *loc;
2596 
2597 	if ((loc = strrchr(path, '/')) == NULL)
2598 		return (-1);
2599 
2600 	(void) strncpy(buf, path, MIN(buflen, loc - path));
2601 	buf[loc - path] = '\0';
2602 
2603 	return (0);
2604 }
2605 
2606 /*
2607  * If accept_ancestor is false, then check to make sure that the given path has
2608  * a parent, and that it exists.  If accept_ancestor is true, then find the
2609  * closest existing ancestor for the given path.  In prefixlen return the
2610  * length of already existing prefix of the given path.  We also fetch the
2611  * 'zoned' property, which is used to validate property settings when creating
2612  * new datasets.
2613  */
2614 static int
2615 check_parents(libzfs_handle_t *hdl, const char *path, uint64_t *zoned,
2616     boolean_t accept_ancestor, int *prefixlen)
2617 {
2618 	zfs_cmd_t zc = { 0 };
2619 	char parent[ZFS_MAXNAMELEN];
2620 	char *slash;
2621 	zfs_handle_t *zhp;
2622 	char errbuf[1024];
2623 
2624 	(void) snprintf(errbuf, sizeof (errbuf), "cannot create '%s'",
2625 	    path);
2626 
2627 	/* get parent, and check to see if this is just a pool */
2628 	if (parent_name(path, parent, sizeof (parent)) != 0) {
2629 		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
2630 		    "missing dataset name"));
2631 		return (zfs_error(hdl, EZFS_INVALIDNAME, errbuf));
2632 	}
2633 
2634 	/* check to see if the pool exists */
2635 	if ((slash = strchr(parent, '/')) == NULL)
2636 		slash = parent + strlen(parent);
2637 	(void) strncpy(zc.zc_name, parent, slash - parent);
2638 	zc.zc_name[slash - parent] = '\0';
2639 	if (ioctl(hdl->libzfs_fd, ZFS_IOC_OBJSET_STATS, &zc) != 0 &&
2640 	    errno == ENOENT) {
2641 		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
2642 		    "no such pool '%s'"), zc.zc_name);
2643 		return (zfs_error(hdl, EZFS_NOENT, errbuf));
2644 	}
2645 
2646 	/* check to see if the parent dataset exists */
2647 	while ((zhp = make_dataset_handle(hdl, parent)) == NULL) {
2648 		if (errno == ENOENT && accept_ancestor) {
2649 			/*
2650 			 * Go deeper to find an ancestor, give up on top level.
2651 			 */
2652 			if (parent_name(parent, parent, sizeof (parent)) != 0) {
2653 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
2654 				    "no such pool '%s'"), zc.zc_name);
2655 				return (zfs_error(hdl, EZFS_NOENT, errbuf));
2656 			}
2657 		} else if (errno == ENOENT) {
2658 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
2659 			    "parent does not exist"));
2660 			return (zfs_error(hdl, EZFS_NOENT, errbuf));
2661 		} else
2662 			return (zfs_standard_error(hdl, errno, errbuf));
2663 	}
2664 
2665 	*zoned = zfs_prop_get_int(zhp, ZFS_PROP_ZONED);
2666 	/* we are in a non-global zone, but parent is in the global zone */
2667 	if (getzoneid() != GLOBAL_ZONEID && !(*zoned)) {
2668 		(void) zfs_standard_error(hdl, EPERM, errbuf);
2669 		zfs_close(zhp);
2670 		return (-1);
2671 	}
2672 
2673 	/* make sure parent is a filesystem */
2674 	if (zfs_get_type(zhp) != ZFS_TYPE_FILESYSTEM) {
2675 		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
2676 		    "parent is not a filesystem"));
2677 		(void) zfs_error(hdl, EZFS_BADTYPE, errbuf);
2678 		zfs_close(zhp);
2679 		return (-1);
2680 	}
2681 
2682 	zfs_close(zhp);
2683 	if (prefixlen != NULL)
2684 		*prefixlen = strlen(parent);
2685 	return (0);
2686 }
2687 
2688 /*
2689  * Finds whether the dataset of the given type(s) exists.
2690  */
2691 boolean_t
2692 zfs_dataset_exists(libzfs_handle_t *hdl, const char *path, zfs_type_t types)
2693 {
2694 	zfs_handle_t *zhp;
2695 
2696 	if (!zfs_validate_name(hdl, path, types, B_FALSE))
2697 		return (B_FALSE);
2698 
2699 	/*
2700 	 * Try to get stats for the dataset, which will tell us if it exists.
2701 	 */
2702 	if ((zhp = make_dataset_handle(hdl, path)) != NULL) {
2703 		int ds_type = zhp->zfs_type;
2704 
2705 		zfs_close(zhp);
2706 		if (types & ds_type)
2707 			return (B_TRUE);
2708 	}
2709 	return (B_FALSE);
2710 }
2711 
2712 /*
2713  * Given a path to 'target', create all the ancestors between
2714  * the prefixlen portion of the path, and the target itself.
2715  * Fail if the initial prefixlen-ancestor does not already exist.
2716  */
2717 int
2718 create_parents(libzfs_handle_t *hdl, char *target, int prefixlen)
2719 {
2720 	zfs_handle_t *h;
2721 	char *cp;
2722 	const char *opname;
2723 
2724 	/* make sure prefix exists */
2725 	cp = target + prefixlen;
2726 	if (*cp != '/') {
2727 		assert(strchr(cp, '/') == NULL);
2728 		h = zfs_open(hdl, target, ZFS_TYPE_FILESYSTEM);
2729 	} else {
2730 		*cp = '\0';
2731 		h = zfs_open(hdl, target, ZFS_TYPE_FILESYSTEM);
2732 		*cp = '/';
2733 	}
2734 	if (h == NULL)
2735 		return (-1);
2736 	zfs_close(h);
2737 
2738 	/*
2739 	 * Attempt to create, mount, and share any ancestor filesystems,
2740 	 * up to the prefixlen-long one.
2741 	 */
2742 	for (cp = target + prefixlen + 1;
2743 	    cp = strchr(cp, '/'); *cp = '/', cp++) {
2744 		char *logstr;
2745 
2746 		*cp = '\0';
2747 
2748 		h = make_dataset_handle(hdl, target);
2749 		if (h) {
2750 			/* it already exists, nothing to do here */
2751 			zfs_close(h);
2752 			continue;
2753 		}
2754 
2755 		logstr = hdl->libzfs_log_str;
2756 		hdl->libzfs_log_str = NULL;
2757 		if (zfs_create(hdl, target, ZFS_TYPE_FILESYSTEM,
2758 		    NULL) != 0) {
2759 			hdl->libzfs_log_str = logstr;
2760 			opname = dgettext(TEXT_DOMAIN, "create");
2761 			goto ancestorerr;
2762 		}
2763 
2764 		hdl->libzfs_log_str = logstr;
2765 		h = zfs_open(hdl, target, ZFS_TYPE_FILESYSTEM);
2766 		if (h == NULL) {
2767 			opname = dgettext(TEXT_DOMAIN, "open");
2768 			goto ancestorerr;
2769 		}
2770 
2771 		if (zfs_mount(h, NULL, 0) != 0) {
2772 			opname = dgettext(TEXT_DOMAIN, "mount");
2773 			goto ancestorerr;
2774 		}
2775 
2776 		if (zfs_share(h) != 0) {
2777 			opname = dgettext(TEXT_DOMAIN, "share");
2778 			goto ancestorerr;
2779 		}
2780 
2781 		zfs_close(h);
2782 	}
2783 
2784 	return (0);
2785 
2786 ancestorerr:
2787 	zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
2788 	    "failed to %s ancestor '%s'"), opname, target);
2789 	return (-1);
2790 }
2791 
2792 /*
2793  * Creates non-existing ancestors of the given path.
2794  */
2795 int
2796 zfs_create_ancestors(libzfs_handle_t *hdl, const char *path)
2797 {
2798 	int prefix;
2799 	uint64_t zoned;
2800 	char *path_copy;
2801 	int rc;
2802 
2803 	if (check_parents(hdl, path, &zoned, B_TRUE, &prefix) != 0)
2804 		return (-1);
2805 
2806 	if ((path_copy = strdup(path)) != NULL) {
2807 		rc = create_parents(hdl, path_copy, prefix);
2808 		free(path_copy);
2809 	}
2810 	if (path_copy == NULL || rc != 0)
2811 		return (-1);
2812 
2813 	return (0);
2814 }
2815 
2816 /*
2817  * Create a new filesystem or volume.
2818  */
2819 int
2820 zfs_create(libzfs_handle_t *hdl, const char *path, zfs_type_t type,
2821     nvlist_t *props)
2822 {
2823 	zfs_cmd_t zc = { 0 };
2824 	int ret;
2825 	uint64_t size = 0;
2826 	uint64_t blocksize = zfs_prop_default_numeric(ZFS_PROP_VOLBLOCKSIZE);
2827 	char errbuf[1024];
2828 	uint64_t zoned;
2829 
2830 	(void) snprintf(errbuf, sizeof (errbuf), dgettext(TEXT_DOMAIN,
2831 	    "cannot create '%s'"), path);
2832 
2833 	/* validate the path, taking care to note the extended error message */
2834 	if (!zfs_validate_name(hdl, path, type, B_TRUE))
2835 		return (zfs_error(hdl, EZFS_INVALIDNAME, errbuf));
2836 
2837 	/* validate parents exist */
2838 	if (check_parents(hdl, path, &zoned, B_FALSE, NULL) != 0)
2839 		return (-1);
2840 
2841 	/*
2842 	 * The failure modes when creating a dataset of a different type over
2843 	 * one that already exists is a little strange.  In particular, if you
2844 	 * try to create a dataset on top of an existing dataset, the ioctl()
2845 	 * will return ENOENT, not EEXIST.  To prevent this from happening, we
2846 	 * first try to see if the dataset exists.
2847 	 */
2848 	(void) strlcpy(zc.zc_name, path, sizeof (zc.zc_name));
2849 	if (zfs_dataset_exists(hdl, zc.zc_name, ZFS_TYPE_DATASET)) {
2850 		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
2851 		    "dataset already exists"));
2852 		return (zfs_error(hdl, EZFS_EXISTS, errbuf));
2853 	}
2854 
2855 	if (type == ZFS_TYPE_VOLUME)
2856 		zc.zc_objset_type = DMU_OST_ZVOL;
2857 	else
2858 		zc.zc_objset_type = DMU_OST_ZFS;
2859 
2860 	if (props && (props = zfs_validate_properties(hdl, type, props,
2861 	    zoned, NULL, errbuf)) == 0)
2862 		return (-1);
2863 
2864 	if (type == ZFS_TYPE_VOLUME) {
2865 		/*
2866 		 * If we are creating a volume, the size and block size must
2867 		 * satisfy a few restraints.  First, the blocksize must be a
2868 		 * valid block size between SPA_{MIN,MAX}BLOCKSIZE.  Second, the
2869 		 * volsize must be a multiple of the block size, and cannot be
2870 		 * zero.
2871 		 */
2872 		if (props == NULL || nvlist_lookup_uint64(props,
2873 		    zfs_prop_to_name(ZFS_PROP_VOLSIZE), &size) != 0) {
2874 			nvlist_free(props);
2875 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
2876 			    "missing volume size"));
2877 			return (zfs_error(hdl, EZFS_BADPROP, errbuf));
2878 		}
2879 
2880 		if ((ret = nvlist_lookup_uint64(props,
2881 		    zfs_prop_to_name(ZFS_PROP_VOLBLOCKSIZE),
2882 		    &blocksize)) != 0) {
2883 			if (ret == ENOENT) {
2884 				blocksize = zfs_prop_default_numeric(
2885 				    ZFS_PROP_VOLBLOCKSIZE);
2886 			} else {
2887 				nvlist_free(props);
2888 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
2889 				    "missing volume block size"));
2890 				return (zfs_error(hdl, EZFS_BADPROP, errbuf));
2891 			}
2892 		}
2893 
2894 		if (size == 0) {
2895 			nvlist_free(props);
2896 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
2897 			    "volume size cannot be zero"));
2898 			return (zfs_error(hdl, EZFS_BADPROP, errbuf));
2899 		}
2900 
2901 		if (size % blocksize != 0) {
2902 			nvlist_free(props);
2903 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
2904 			    "volume size must be a multiple of volume block "
2905 			    "size"));
2906 			return (zfs_error(hdl, EZFS_BADPROP, errbuf));
2907 		}
2908 	}
2909 
2910 	if (props && zcmd_write_src_nvlist(hdl, &zc, props) != 0)
2911 		return (-1);
2912 	nvlist_free(props);
2913 
2914 	/* create the dataset */
2915 	ret = zfs_ioctl(hdl, ZFS_IOC_CREATE, &zc);
2916 
2917 	if (ret == 0 && type == ZFS_TYPE_VOLUME) {
2918 		ret = zvol_create_link(hdl, path);
2919 		if (ret) {
2920 			(void) zfs_standard_error(hdl, errno,
2921 			    dgettext(TEXT_DOMAIN,
2922 			    "Volume successfully created, but device links "
2923 			    "were not created"));
2924 			zcmd_free_nvlists(&zc);
2925 			return (-1);
2926 		}
2927 	}
2928 
2929 	zcmd_free_nvlists(&zc);
2930 
2931 	/* check for failure */
2932 	if (ret != 0) {
2933 		char parent[ZFS_MAXNAMELEN];
2934 		(void) parent_name(path, parent, sizeof (parent));
2935 
2936 		switch (errno) {
2937 		case ENOENT:
2938 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
2939 			    "no such parent '%s'"), parent);
2940 			return (zfs_error(hdl, EZFS_NOENT, errbuf));
2941 
2942 		case EINVAL:
2943 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
2944 			    "parent '%s' is not a filesystem"), parent);
2945 			return (zfs_error(hdl, EZFS_BADTYPE, errbuf));
2946 
2947 		case EDOM:
2948 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
2949 			    "volume block size must be power of 2 from "
2950 			    "%u to %uk"),
2951 			    (uint_t)SPA_MINBLOCKSIZE,
2952 			    (uint_t)SPA_MAXBLOCKSIZE >> 10);
2953 
2954 			return (zfs_error(hdl, EZFS_BADPROP, errbuf));
2955 
2956 		case ENOTSUP:
2957 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
2958 			    "pool must be upgraded to set this "
2959 			    "property or value"));
2960 			return (zfs_error(hdl, EZFS_BADVERSION, errbuf));
2961 
2962 #ifdef _ILP32
2963 		case EOVERFLOW:
2964 			/*
2965 			 * This platform can't address a volume this big.
2966 			 */
2967 			if (type == ZFS_TYPE_VOLUME)
2968 				return (zfs_error(hdl, EZFS_VOLTOOBIG,
2969 				    errbuf));
2970 #endif
2971 			/* FALLTHROUGH */
2972 		default:
2973 			return (zfs_standard_error(hdl, errno, errbuf));
2974 		}
2975 	}
2976 
2977 	return (0);
2978 }
2979 
2980 /*
2981  * Destroys the given dataset.  The caller must make sure that the filesystem
2982  * isn't mounted, and that there are no active dependents.
2983  */
2984 int
2985 zfs_destroy(zfs_handle_t *zhp)
2986 {
2987 	zfs_cmd_t zc = { 0 };
2988 
2989 	(void) strlcpy(zc.zc_name, zhp->zfs_name, sizeof (zc.zc_name));
2990 
2991 	if (ZFS_IS_VOLUME(zhp)) {
2992 		/*
2993 		 * If user doesn't have permissions to unshare volume, then
2994 		 * abort the request.  This would only happen for a
2995 		 * non-privileged user.
2996 		 */
2997 		if (zfs_unshare_iscsi(zhp) != 0) {
2998 			return (-1);
2999 		}
3000 
3001 		if (zvol_remove_link(zhp->zfs_hdl, zhp->zfs_name) != 0)
3002 			return (-1);
3003 
3004 		zc.zc_objset_type = DMU_OST_ZVOL;
3005 	} else {
3006 		zc.zc_objset_type = DMU_OST_ZFS;
3007 	}
3008 
3009 	if (zfs_ioctl(zhp->zfs_hdl, ZFS_IOC_DESTROY, &zc) != 0) {
3010 		return (zfs_standard_error_fmt(zhp->zfs_hdl, errno,
3011 		    dgettext(TEXT_DOMAIN, "cannot destroy '%s'"),
3012 		    zhp->zfs_name));
3013 	}
3014 
3015 	remove_mountpoint(zhp);
3016 
3017 	return (0);
3018 }
3019 
3020 struct destroydata {
3021 	char *snapname;
3022 	boolean_t gotone;
3023 	boolean_t closezhp;
3024 };
3025 
3026 static int
3027 zfs_remove_link_cb(zfs_handle_t *zhp, void *arg)
3028 {
3029 	struct destroydata *dd = arg;
3030 	zfs_handle_t *szhp;
3031 	char name[ZFS_MAXNAMELEN];
3032 	boolean_t closezhp = dd->closezhp;
3033 	int rv;
3034 
3035 	(void) strlcpy(name, zhp->zfs_name, sizeof (name));
3036 	(void) strlcat(name, "@", sizeof (name));
3037 	(void) strlcat(name, dd->snapname, sizeof (name));
3038 
3039 	szhp = make_dataset_handle(zhp->zfs_hdl, name);
3040 	if (szhp) {
3041 		dd->gotone = B_TRUE;
3042 		zfs_close(szhp);
3043 	}
3044 
3045 	if (zhp->zfs_type == ZFS_TYPE_VOLUME) {
3046 		(void) zvol_remove_link(zhp->zfs_hdl, name);
3047 		/*
3048 		 * NB: this is simply a best-effort.  We don't want to
3049 		 * return an error, because then we wouldn't visit all
3050 		 * the volumes.
3051 		 */
3052 	}
3053 
3054 	dd->closezhp = B_TRUE;
3055 	rv = zfs_iter_filesystems(zhp, zfs_remove_link_cb, arg);
3056 	if (closezhp)
3057 		zfs_close(zhp);
3058 	return (rv);
3059 }
3060 
3061 /*
3062  * Destroys all snapshots with the given name in zhp & descendants.
3063  */
3064 int
3065 zfs_destroy_snaps(zfs_handle_t *zhp, char *snapname)
3066 {
3067 	zfs_cmd_t zc = { 0 };
3068 	int ret;
3069 	struct destroydata dd = { 0 };
3070 
3071 	dd.snapname = snapname;
3072 	(void) zfs_remove_link_cb(zhp, &dd);
3073 
3074 	if (!dd.gotone) {
3075 		return (zfs_standard_error_fmt(zhp->zfs_hdl, ENOENT,
3076 		    dgettext(TEXT_DOMAIN, "cannot destroy '%s@%s'"),
3077 		    zhp->zfs_name, snapname));
3078 	}
3079 
3080 	(void) strlcpy(zc.zc_name, zhp->zfs_name, sizeof (zc.zc_name));
3081 	(void) strlcpy(zc.zc_value, snapname, sizeof (zc.zc_value));
3082 
3083 	ret = zfs_ioctl(zhp->zfs_hdl, ZFS_IOC_DESTROY_SNAPS, &zc);
3084 	if (ret != 0) {
3085 		char errbuf[1024];
3086 
3087 		(void) snprintf(errbuf, sizeof (errbuf), dgettext(TEXT_DOMAIN,
3088 		    "cannot destroy '%s@%s'"), zc.zc_name, snapname);
3089 
3090 		switch (errno) {
3091 		case EEXIST:
3092 			zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
3093 			    "snapshot is cloned"));
3094 			return (zfs_error(zhp->zfs_hdl, EZFS_EXISTS, errbuf));
3095 
3096 		default:
3097 			return (zfs_standard_error(zhp->zfs_hdl, errno,
3098 			    errbuf));
3099 		}
3100 	}
3101 
3102 	return (0);
3103 }
3104 
3105 /*
3106  * Clones the given dataset.  The target must be of the same type as the source.
3107  */
3108 int
3109 zfs_clone(zfs_handle_t *zhp, const char *target, nvlist_t *props)
3110 {
3111 	zfs_cmd_t zc = { 0 };
3112 	char parent[ZFS_MAXNAMELEN];
3113 	int ret;
3114 	char errbuf[1024];
3115 	libzfs_handle_t *hdl = zhp->zfs_hdl;
3116 	zfs_type_t type;
3117 	uint64_t zoned;
3118 
3119 	assert(zhp->zfs_type == ZFS_TYPE_SNAPSHOT);
3120 
3121 	(void) snprintf(errbuf, sizeof (errbuf), dgettext(TEXT_DOMAIN,
3122 	    "cannot create '%s'"), target);
3123 
3124 	/* validate the target name */
3125 	if (!zfs_validate_name(hdl, target, ZFS_TYPE_FILESYSTEM, B_TRUE))
3126 		return (zfs_error(hdl, EZFS_INVALIDNAME, errbuf));
3127 
3128 	/* validate parents exist */
3129 	if (check_parents(hdl, target, &zoned, B_FALSE, NULL) != 0)
3130 		return (-1);
3131 
3132 	(void) parent_name(target, parent, sizeof (parent));
3133 
3134 	/* do the clone */
3135 	if (ZFS_IS_VOLUME(zhp)) {
3136 		zc.zc_objset_type = DMU_OST_ZVOL;
3137 		type = ZFS_TYPE_VOLUME;
3138 	} else {
3139 		zc.zc_objset_type = DMU_OST_ZFS;
3140 		type = ZFS_TYPE_FILESYSTEM;
3141 	}
3142 
3143 	if (props) {
3144 		if ((props = zfs_validate_properties(hdl, type, props,
3145 		    zoned, zhp, errbuf)) == NULL)
3146 			return (-1);
3147 
3148 		if (zcmd_write_src_nvlist(hdl, &zc, props) != 0) {
3149 			nvlist_free(props);
3150 			return (-1);
3151 		}
3152 
3153 		nvlist_free(props);
3154 	}
3155 
3156 	(void) strlcpy(zc.zc_name, target, sizeof (zc.zc_name));
3157 	(void) strlcpy(zc.zc_value, zhp->zfs_name, sizeof (zc.zc_value));
3158 	ret = zfs_ioctl(zhp->zfs_hdl, ZFS_IOC_CREATE, &zc);
3159 
3160 	zcmd_free_nvlists(&zc);
3161 
3162 	if (ret != 0) {
3163 		switch (errno) {
3164 
3165 		case ENOENT:
3166 			/*
3167 			 * The parent doesn't exist.  We should have caught this
3168 			 * above, but there may a race condition that has since
3169 			 * destroyed the parent.
3170 			 *
3171 			 * At this point, we don't know whether it's the source
3172 			 * that doesn't exist anymore, or whether the target
3173 			 * dataset doesn't exist.
3174 			 */
3175 			zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
3176 			    "no such parent '%s'"), parent);
3177 			return (zfs_error(zhp->zfs_hdl, EZFS_NOENT, errbuf));
3178 
3179 		case EXDEV:
3180 			zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
3181 			    "source and target pools differ"));
3182 			return (zfs_error(zhp->zfs_hdl, EZFS_CROSSTARGET,
3183 			    errbuf));
3184 
3185 		default:
3186 			return (zfs_standard_error(zhp->zfs_hdl, errno,
3187 			    errbuf));
3188 		}
3189 	} else if (ZFS_IS_VOLUME(zhp)) {
3190 		ret = zvol_create_link(zhp->zfs_hdl, target);
3191 	}
3192 
3193 	return (ret);
3194 }
3195 
3196 typedef struct promote_data {
3197 	char cb_mountpoint[MAXPATHLEN];
3198 	const char *cb_target;
3199 	const char *cb_errbuf;
3200 	uint64_t cb_pivot_txg;
3201 } promote_data_t;
3202 
3203 static int
3204 promote_snap_cb(zfs_handle_t *zhp, void *data)
3205 {
3206 	promote_data_t *pd = data;
3207 	zfs_handle_t *szhp;
3208 	char snapname[MAXPATHLEN];
3209 	int rv = 0;
3210 
3211 	/* We don't care about snapshots after the pivot point */
3212 	if (zfs_prop_get_int(zhp, ZFS_PROP_CREATETXG) > pd->cb_pivot_txg) {
3213 		zfs_close(zhp);
3214 		return (0);
3215 	}
3216 
3217 	/* Remove the device link if it's a zvol. */
3218 	if (ZFS_IS_VOLUME(zhp))
3219 		(void) zvol_remove_link(zhp->zfs_hdl, zhp->zfs_name);
3220 
3221 	/* Check for conflicting names */
3222 	(void) strlcpy(snapname, pd->cb_target, sizeof (snapname));
3223 	(void) strlcat(snapname, strchr(zhp->zfs_name, '@'), sizeof (snapname));
3224 	szhp = make_dataset_handle(zhp->zfs_hdl, snapname);
3225 	if (szhp != NULL) {
3226 		zfs_close(szhp);
3227 		zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
3228 		    "snapshot name '%s' from origin \n"
3229 		    "conflicts with '%s' from target"),
3230 		    zhp->zfs_name, snapname);
3231 		rv = zfs_error(zhp->zfs_hdl, EZFS_EXISTS, pd->cb_errbuf);
3232 	}
3233 	zfs_close(zhp);
3234 	return (rv);
3235 }
3236 
3237 static int
3238 promote_snap_done_cb(zfs_handle_t *zhp, void *data)
3239 {
3240 	promote_data_t *pd = data;
3241 
3242 	/* We don't care about snapshots after the pivot point */
3243 	if (zfs_prop_get_int(zhp, ZFS_PROP_CREATETXG) <= pd->cb_pivot_txg) {
3244 		/* Create the device link if it's a zvol. */
3245 		if (ZFS_IS_VOLUME(zhp))
3246 			(void) zvol_create_link(zhp->zfs_hdl, zhp->zfs_name);
3247 	}
3248 
3249 	zfs_close(zhp);
3250 	return (0);
3251 }
3252 
3253 /*
3254  * Promotes the given clone fs to be the clone parent.
3255  */
3256 int
3257 zfs_promote(zfs_handle_t *zhp)
3258 {
3259 	libzfs_handle_t *hdl = zhp->zfs_hdl;
3260 	zfs_cmd_t zc = { 0 };
3261 	char parent[MAXPATHLEN];
3262 	char *cp;
3263 	int ret;
3264 	zfs_handle_t *pzhp;
3265 	promote_data_t pd;
3266 	char errbuf[1024];
3267 
3268 	(void) snprintf(errbuf, sizeof (errbuf), dgettext(TEXT_DOMAIN,
3269 	    "cannot promote '%s'"), zhp->zfs_name);
3270 
3271 	if (zhp->zfs_type == ZFS_TYPE_SNAPSHOT) {
3272 		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
3273 		    "snapshots can not be promoted"));
3274 		return (zfs_error(hdl, EZFS_BADTYPE, errbuf));
3275 	}
3276 
3277 	(void) strlcpy(parent, zhp->zfs_dmustats.dds_origin, sizeof (parent));
3278 	if (parent[0] == '\0') {
3279 		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
3280 		    "not a cloned filesystem"));
3281 		return (zfs_error(hdl, EZFS_BADTYPE, errbuf));
3282 	}
3283 	cp = strchr(parent, '@');
3284 	*cp = '\0';
3285 
3286 	/* Walk the snapshots we will be moving */
3287 	pzhp = zfs_open(hdl, zhp->zfs_dmustats.dds_origin, ZFS_TYPE_SNAPSHOT);
3288 	if (pzhp == NULL)
3289 		return (-1);
3290 	pd.cb_pivot_txg = zfs_prop_get_int(pzhp, ZFS_PROP_CREATETXG);
3291 	zfs_close(pzhp);
3292 	pd.cb_target = zhp->zfs_name;
3293 	pd.cb_errbuf = errbuf;
3294 	pzhp = zfs_open(hdl, parent, ZFS_TYPE_DATASET);
3295 	if (pzhp == NULL)
3296 		return (-1);
3297 	(void) zfs_prop_get(pzhp, ZFS_PROP_MOUNTPOINT, pd.cb_mountpoint,
3298 	    sizeof (pd.cb_mountpoint), NULL, NULL, 0, FALSE);
3299 	ret = zfs_iter_snapshots(pzhp, promote_snap_cb, &pd);
3300 	if (ret != 0) {
3301 		zfs_close(pzhp);
3302 		return (-1);
3303 	}
3304 
3305 	/* issue the ioctl */
3306 	(void) strlcpy(zc.zc_value, zhp->zfs_dmustats.dds_origin,
3307 	    sizeof (zc.zc_value));
3308 	(void) strlcpy(zc.zc_name, zhp->zfs_name, sizeof (zc.zc_name));
3309 	ret = zfs_ioctl(hdl, ZFS_IOC_PROMOTE, &zc);
3310 
3311 	if (ret != 0) {
3312 		int save_errno = errno;
3313 
3314 		(void) zfs_iter_snapshots(pzhp, promote_snap_done_cb, &pd);
3315 		zfs_close(pzhp);
3316 
3317 		switch (save_errno) {
3318 		case EEXIST:
3319 			/*
3320 			 * There is a conflicting snapshot name.  We
3321 			 * should have caught this above, but they could
3322 			 * have renamed something in the mean time.
3323 			 */
3324 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
3325 			    "conflicting snapshot name from parent '%s'"),
3326 			    parent);
3327 			return (zfs_error(hdl, EZFS_EXISTS, errbuf));
3328 
3329 		default:
3330 			return (zfs_standard_error(hdl, save_errno, errbuf));
3331 		}
3332 	} else {
3333 		(void) zfs_iter_snapshots(zhp, promote_snap_done_cb, &pd);
3334 	}
3335 
3336 	zfs_close(pzhp);
3337 	return (ret);
3338 }
3339 
3340 struct createdata {
3341 	const char *cd_snapname;
3342 	int cd_ifexists;
3343 };
3344 
3345 static int
3346 zfs_create_link_cb(zfs_handle_t *zhp, void *arg)
3347 {
3348 	struct createdata *cd = arg;
3349 	int ret;
3350 
3351 	if (zhp->zfs_type == ZFS_TYPE_VOLUME) {
3352 		char name[MAXPATHLEN];
3353 
3354 		(void) strlcpy(name, zhp->zfs_name, sizeof (name));
3355 		(void) strlcat(name, "@", sizeof (name));
3356 		(void) strlcat(name, cd->cd_snapname, sizeof (name));
3357 		(void) zvol_create_link_common(zhp->zfs_hdl, name,
3358 		    cd->cd_ifexists);
3359 		/*
3360 		 * NB: this is simply a best-effort.  We don't want to
3361 		 * return an error, because then we wouldn't visit all
3362 		 * the volumes.
3363 		 */
3364 	}
3365 
3366 	ret = zfs_iter_filesystems(zhp, zfs_create_link_cb, cd);
3367 
3368 	zfs_close(zhp);
3369 
3370 	return (ret);
3371 }
3372 
3373 /*
3374  * Takes a snapshot of the given dataset.
3375  */
3376 int
3377 zfs_snapshot(libzfs_handle_t *hdl, const char *path, boolean_t recursive)
3378 {
3379 	const char *delim;
3380 	char *parent;
3381 	zfs_handle_t *zhp;
3382 	zfs_cmd_t zc = { 0 };
3383 	int ret;
3384 	char errbuf[1024];
3385 
3386 	(void) snprintf(errbuf, sizeof (errbuf), dgettext(TEXT_DOMAIN,
3387 	    "cannot snapshot '%s'"), path);
3388 
3389 	/* validate the target name */
3390 	if (!zfs_validate_name(hdl, path, ZFS_TYPE_SNAPSHOT, B_TRUE))
3391 		return (zfs_error(hdl, EZFS_INVALIDNAME, errbuf));
3392 
3393 	/* make sure the parent exists and is of the appropriate type */
3394 	delim = strchr(path, '@');
3395 	if ((parent = zfs_alloc(hdl, delim - path + 1)) == NULL)
3396 		return (-1);
3397 	(void) strncpy(parent, path, delim - path);
3398 	parent[delim - path] = '\0';
3399 
3400 	if ((zhp = zfs_open(hdl, parent, ZFS_TYPE_FILESYSTEM |
3401 	    ZFS_TYPE_VOLUME)) == NULL) {
3402 		free(parent);
3403 		return (-1);
3404 	}
3405 
3406 	(void) strlcpy(zc.zc_name, zhp->zfs_name, sizeof (zc.zc_name));
3407 	(void) strlcpy(zc.zc_value, delim+1, sizeof (zc.zc_value));
3408 	if (ZFS_IS_VOLUME(zhp))
3409 		zc.zc_objset_type = DMU_OST_ZVOL;
3410 	else
3411 		zc.zc_objset_type = DMU_OST_ZFS;
3412 	zc.zc_cookie = recursive;
3413 	ret = zfs_ioctl(zhp->zfs_hdl, ZFS_IOC_SNAPSHOT, &zc);
3414 
3415 	/*
3416 	 * if it was recursive, the one that actually failed will be in
3417 	 * zc.zc_name.
3418 	 */
3419 	if (ret != 0)
3420 		(void) snprintf(errbuf, sizeof (errbuf), dgettext(TEXT_DOMAIN,
3421 		    "cannot create snapshot '%s@%s'"), zc.zc_name, zc.zc_value);
3422 
3423 	if (ret == 0 && recursive) {
3424 		struct createdata cd;
3425 
3426 		cd.cd_snapname = delim + 1;
3427 		cd.cd_ifexists = B_FALSE;
3428 		(void) zfs_iter_filesystems(zhp, zfs_create_link_cb, &cd);
3429 	}
3430 	if (ret == 0 && zhp->zfs_type == ZFS_TYPE_VOLUME) {
3431 		ret = zvol_create_link(zhp->zfs_hdl, path);
3432 		if (ret != 0) {
3433 			(void) zfs_standard_error(hdl, errno,
3434 			    dgettext(TEXT_DOMAIN,
3435 			    "Volume successfully snapshotted, but device links "
3436 			    "were not created"));
3437 			free(parent);
3438 			zfs_close(zhp);
3439 			return (-1);
3440 		}
3441 	}
3442 
3443 	if (ret != 0)
3444 		(void) zfs_standard_error(hdl, errno, errbuf);
3445 
3446 	free(parent);
3447 	zfs_close(zhp);
3448 
3449 	return (ret);
3450 }
3451 
3452 /*
3453  * Destroy any more recent snapshots.  We invoke this callback on any dependents
3454  * of the snapshot first.  If the 'cb_dependent' member is non-zero, then this
3455  * is a dependent and we should just destroy it without checking the transaction
3456  * group.
3457  */
3458 typedef struct rollback_data {
3459 	const char	*cb_target;		/* the snapshot */
3460 	uint64_t	cb_create;		/* creation time reference */
3461 	boolean_t	cb_error;
3462 	boolean_t	cb_dependent;
3463 	boolean_t	cb_force;
3464 } rollback_data_t;
3465 
3466 static int
3467 rollback_destroy(zfs_handle_t *zhp, void *data)
3468 {
3469 	rollback_data_t *cbp = data;
3470 
3471 	if (!cbp->cb_dependent) {
3472 		if (strcmp(zhp->zfs_name, cbp->cb_target) != 0 &&
3473 		    zfs_get_type(zhp) == ZFS_TYPE_SNAPSHOT &&
3474 		    zfs_prop_get_int(zhp, ZFS_PROP_CREATETXG) >
3475 		    cbp->cb_create) {
3476 			char *logstr;
3477 
3478 			cbp->cb_dependent = B_TRUE;
3479 			cbp->cb_error |= zfs_iter_dependents(zhp, B_FALSE,
3480 			    rollback_destroy, cbp);
3481 			cbp->cb_dependent = B_FALSE;
3482 
3483 			logstr = zhp->zfs_hdl->libzfs_log_str;
3484 			zhp->zfs_hdl->libzfs_log_str = NULL;
3485 			cbp->cb_error |= zfs_destroy(zhp);
3486 			zhp->zfs_hdl->libzfs_log_str = logstr;
3487 		}
3488 	} else {
3489 		/* We must destroy this clone; first unmount it */
3490 		prop_changelist_t *clp;
3491 
3492 		clp = changelist_gather(zhp, ZFS_PROP_NAME,
3493 		    cbp->cb_force ? MS_FORCE: 0);
3494 		if (clp == NULL || changelist_prefix(clp) != 0) {
3495 			cbp->cb_error = B_TRUE;
3496 			zfs_close(zhp);
3497 			return (0);
3498 		}
3499 		if (zfs_destroy(zhp) != 0)
3500 			cbp->cb_error = B_TRUE;
3501 		else
3502 			changelist_remove(clp, zhp->zfs_name);
3503 		(void) changelist_postfix(clp);
3504 		changelist_free(clp);
3505 	}
3506 
3507 	zfs_close(zhp);
3508 	return (0);
3509 }
3510 
3511 /*
3512  * Given a dataset, rollback to a specific snapshot, discarding any
3513  * data changes since then and making it the active dataset.
3514  *
3515  * Any snapshots more recent than the target are destroyed, along with
3516  * their dependents.
3517  */
3518 int
3519 zfs_rollback(zfs_handle_t *zhp, zfs_handle_t *snap, boolean_t force)
3520 {
3521 	rollback_data_t cb = { 0 };
3522 	int err;
3523 	zfs_cmd_t zc = { 0 };
3524 	boolean_t restore_resv = 0;
3525 	uint64_t old_volsize, new_volsize;
3526 	zfs_prop_t resv_prop;
3527 
3528 	assert(zhp->zfs_type == ZFS_TYPE_FILESYSTEM ||
3529 	    zhp->zfs_type == ZFS_TYPE_VOLUME);
3530 
3531 	/*
3532 	 * Destroy all recent snapshots and its dependends.
3533 	 */
3534 	cb.cb_force = force;
3535 	cb.cb_target = snap->zfs_name;
3536 	cb.cb_create = zfs_prop_get_int(snap, ZFS_PROP_CREATETXG);
3537 	(void) zfs_iter_children(zhp, rollback_destroy, &cb);
3538 
3539 	if (cb.cb_error)
3540 		return (-1);
3541 
3542 	/*
3543 	 * Now that we have verified that the snapshot is the latest,
3544 	 * rollback to the given snapshot.
3545 	 */
3546 
3547 	if (zhp->zfs_type == ZFS_TYPE_VOLUME) {
3548 		if (zvol_remove_link(zhp->zfs_hdl, zhp->zfs_name) != 0)
3549 			return (-1);
3550 		if (zfs_which_resv_prop(zhp, &resv_prop) < 0)
3551 			return (-1);
3552 		old_volsize = zfs_prop_get_int(zhp, ZFS_PROP_VOLSIZE);
3553 		restore_resv =
3554 		    (old_volsize == zfs_prop_get_int(zhp, resv_prop));
3555 	}
3556 
3557 	(void) strlcpy(zc.zc_name, zhp->zfs_name, sizeof (zc.zc_name));
3558 
3559 	if (ZFS_IS_VOLUME(zhp))
3560 		zc.zc_objset_type = DMU_OST_ZVOL;
3561 	else
3562 		zc.zc_objset_type = DMU_OST_ZFS;
3563 
3564 	/*
3565 	 * We rely on zfs_iter_children() to verify that there are no
3566 	 * newer snapshots for the given dataset.  Therefore, we can
3567 	 * simply pass the name on to the ioctl() call.  There is still
3568 	 * an unlikely race condition where the user has taken a
3569 	 * snapshot since we verified that this was the most recent.
3570 	 *
3571 	 */
3572 	if ((err = zfs_ioctl(zhp->zfs_hdl, ZFS_IOC_ROLLBACK, &zc)) != 0) {
3573 		(void) zfs_standard_error_fmt(zhp->zfs_hdl, errno,
3574 		    dgettext(TEXT_DOMAIN, "cannot rollback '%s'"),
3575 		    zhp->zfs_name);
3576 		return (err);
3577 	}
3578 
3579 	/*
3580 	 * For volumes, if the pre-rollback volsize matched the pre-
3581 	 * rollback reservation and the volsize has changed then set
3582 	 * the reservation property to the post-rollback volsize.
3583 	 * Make a new handle since the rollback closed the dataset.
3584 	 */
3585 	if ((zhp->zfs_type == ZFS_TYPE_VOLUME) &&
3586 	    (zhp = make_dataset_handle(zhp->zfs_hdl, zhp->zfs_name))) {
3587 		if (err = zvol_create_link(zhp->zfs_hdl, zhp->zfs_name)) {
3588 			zfs_close(zhp);
3589 			return (err);
3590 		}
3591 		if (restore_resv) {
3592 			new_volsize = zfs_prop_get_int(zhp, ZFS_PROP_VOLSIZE);
3593 			if (old_volsize != new_volsize)
3594 				err = zfs_prop_set_int(zhp, resv_prop,
3595 				    new_volsize);
3596 		}
3597 		zfs_close(zhp);
3598 	}
3599 	return (err);
3600 }
3601 
3602 /*
3603  * Iterate over all dependents for a given dataset.  This includes both
3604  * hierarchical dependents (children) and data dependents (snapshots and
3605  * clones).  The bulk of the processing occurs in get_dependents() in
3606  * libzfs_graph.c.
3607  */
3608 int
3609 zfs_iter_dependents(zfs_handle_t *zhp, boolean_t allowrecursion,
3610     zfs_iter_f func, void *data)
3611 {
3612 	char **dependents;
3613 	size_t count;
3614 	int i;
3615 	zfs_handle_t *child;
3616 	int ret = 0;
3617 
3618 	if (get_dependents(zhp->zfs_hdl, allowrecursion, zhp->zfs_name,
3619 	    &dependents, &count) != 0)
3620 		return (-1);
3621 
3622 	for (i = 0; i < count; i++) {
3623 		if ((child = make_dataset_handle(zhp->zfs_hdl,
3624 		    dependents[i])) == NULL)
3625 			continue;
3626 
3627 		if ((ret = func(child, data)) != 0)
3628 			break;
3629 	}
3630 
3631 	for (i = 0; i < count; i++)
3632 		free(dependents[i]);
3633 	free(dependents);
3634 
3635 	return (ret);
3636 }
3637 
3638 /*
3639  * Renames the given dataset.
3640  */
3641 int
3642 zfs_rename(zfs_handle_t *zhp, const char *target, boolean_t recursive)
3643 {
3644 	int ret;
3645 	zfs_cmd_t zc = { 0 };
3646 	char *delim;
3647 	prop_changelist_t *cl = NULL;
3648 	zfs_handle_t *zhrp = NULL;
3649 	char *parentname = NULL;
3650 	char parent[ZFS_MAXNAMELEN];
3651 	libzfs_handle_t *hdl = zhp->zfs_hdl;
3652 	char errbuf[1024];
3653 
3654 	/* if we have the same exact name, just return success */
3655 	if (strcmp(zhp->zfs_name, target) == 0)
3656 		return (0);
3657 
3658 	(void) snprintf(errbuf, sizeof (errbuf), dgettext(TEXT_DOMAIN,
3659 	    "cannot rename to '%s'"), target);
3660 
3661 	/*
3662 	 * Make sure the target name is valid
3663 	 */
3664 	if (zhp->zfs_type == ZFS_TYPE_SNAPSHOT) {
3665 		if ((strchr(target, '@') == NULL) ||
3666 		    *target == '@') {
3667 			/*
3668 			 * Snapshot target name is abbreviated,
3669 			 * reconstruct full dataset name
3670 			 */
3671 			(void) strlcpy(parent, zhp->zfs_name,
3672 			    sizeof (parent));
3673 			delim = strchr(parent, '@');
3674 			if (strchr(target, '@') == NULL)
3675 				*(++delim) = '\0';
3676 			else
3677 				*delim = '\0';
3678 			(void) strlcat(parent, target, sizeof (parent));
3679 			target = parent;
3680 		} else {
3681 			/*
3682 			 * Make sure we're renaming within the same dataset.
3683 			 */
3684 			delim = strchr(target, '@');
3685 			if (strncmp(zhp->zfs_name, target, delim - target)
3686 			    != 0 || zhp->zfs_name[delim - target] != '@') {
3687 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
3688 				    "snapshots must be part of same "
3689 				    "dataset"));
3690 				return (zfs_error(hdl, EZFS_CROSSTARGET,
3691 				    errbuf));
3692 			}
3693 		}
3694 		if (!zfs_validate_name(hdl, target, zhp->zfs_type, B_TRUE))
3695 			return (zfs_error(hdl, EZFS_INVALIDNAME, errbuf));
3696 	} else {
3697 		if (recursive) {
3698 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
3699 			    "recursive rename must be a snapshot"));
3700 			return (zfs_error(hdl, EZFS_BADTYPE, errbuf));
3701 		}
3702 
3703 		if (!zfs_validate_name(hdl, target, zhp->zfs_type, B_TRUE))
3704 			return (zfs_error(hdl, EZFS_INVALIDNAME, errbuf));
3705 		uint64_t unused;
3706 
3707 		/* validate parents */
3708 		if (check_parents(hdl, target, &unused, B_FALSE, NULL) != 0)
3709 			return (-1);
3710 
3711 		(void) parent_name(target, parent, sizeof (parent));
3712 
3713 		/* make sure we're in the same pool */
3714 		verify((delim = strchr(target, '/')) != NULL);
3715 		if (strncmp(zhp->zfs_name, target, delim - target) != 0 ||
3716 		    zhp->zfs_name[delim - target] != '/') {
3717 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
3718 			    "datasets must be within same pool"));
3719 			return (zfs_error(hdl, EZFS_CROSSTARGET, errbuf));
3720 		}
3721 
3722 		/* new name cannot be a child of the current dataset name */
3723 		if (strncmp(parent, zhp->zfs_name,
3724 		    strlen(zhp->zfs_name)) == 0) {
3725 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
3726 			    "New dataset name cannot be a descendent of "
3727 			    "current dataset name"));
3728 			return (zfs_error(hdl, EZFS_INVALIDNAME, errbuf));
3729 		}
3730 	}
3731 
3732 	(void) snprintf(errbuf, sizeof (errbuf),
3733 	    dgettext(TEXT_DOMAIN, "cannot rename '%s'"), zhp->zfs_name);
3734 
3735 	if (getzoneid() == GLOBAL_ZONEID &&
3736 	    zfs_prop_get_int(zhp, ZFS_PROP_ZONED)) {
3737 		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
3738 		    "dataset is used in a non-global zone"));
3739 		return (zfs_error(hdl, EZFS_ZONED, errbuf));
3740 	}
3741 
3742 	if (recursive) {
3743 		struct destroydata dd;
3744 
3745 		parentname = zfs_strdup(zhp->zfs_hdl, zhp->zfs_name);
3746 		if (parentname == NULL) {
3747 			ret = -1;
3748 			goto error;
3749 		}
3750 		delim = strchr(parentname, '@');
3751 		*delim = '\0';
3752 		zhrp = zfs_open(zhp->zfs_hdl, parentname, ZFS_TYPE_DATASET);
3753 		if (zhrp == NULL) {
3754 			ret = -1;
3755 			goto error;
3756 		}
3757 
3758 		dd.snapname = delim + 1;
3759 		dd.gotone = B_FALSE;
3760 		dd.closezhp = B_TRUE;
3761 
3762 		/* We remove any zvol links prior to renaming them */
3763 		ret = zfs_iter_filesystems(zhrp, zfs_remove_link_cb, &dd);
3764 		if (ret) {
3765 			goto error;
3766 		}
3767 	} else {
3768 		if ((cl = changelist_gather(zhp, ZFS_PROP_NAME, 0)) == NULL)
3769 			return (-1);
3770 
3771 		if (changelist_haszonedchild(cl)) {
3772 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
3773 			    "child dataset with inherited mountpoint is used "
3774 			    "in a non-global zone"));
3775 			(void) zfs_error(hdl, EZFS_ZONED, errbuf);
3776 			goto error;
3777 		}
3778 
3779 		if ((ret = changelist_prefix(cl)) != 0)
3780 			goto error;
3781 	}
3782 
3783 	if (ZFS_IS_VOLUME(zhp))
3784 		zc.zc_objset_type = DMU_OST_ZVOL;
3785 	else
3786 		zc.zc_objset_type = DMU_OST_ZFS;
3787 
3788 	(void) strlcpy(zc.zc_name, zhp->zfs_name, sizeof (zc.zc_name));
3789 	(void) strlcpy(zc.zc_value, target, sizeof (zc.zc_value));
3790 
3791 	zc.zc_cookie = recursive;
3792 
3793 	if ((ret = zfs_ioctl(zhp->zfs_hdl, ZFS_IOC_RENAME, &zc)) != 0) {
3794 		/*
3795 		 * if it was recursive, the one that actually failed will
3796 		 * be in zc.zc_name
3797 		 */
3798 		(void) snprintf(errbuf, sizeof (errbuf), dgettext(TEXT_DOMAIN,
3799 		    "cannot rename '%s'"), zc.zc_name);
3800 
3801 		if (recursive && errno == EEXIST) {
3802 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
3803 			    "a child dataset already has a snapshot "
3804 			    "with the new name"));
3805 			(void) zfs_error(hdl, EZFS_EXISTS, errbuf);
3806 		} else {
3807 			(void) zfs_standard_error(zhp->zfs_hdl, errno, errbuf);
3808 		}
3809 
3810 		/*
3811 		 * On failure, we still want to remount any filesystems that
3812 		 * were previously mounted, so we don't alter the system state.
3813 		 */
3814 		if (recursive) {
3815 			struct createdata cd;
3816 
3817 			/* only create links for datasets that had existed */
3818 			cd.cd_snapname = delim + 1;
3819 			cd.cd_ifexists = B_TRUE;
3820 			(void) zfs_iter_filesystems(zhrp, zfs_create_link_cb,
3821 			    &cd);
3822 		} else {
3823 			(void) changelist_postfix(cl);
3824 		}
3825 	} else {
3826 		if (recursive) {
3827 			struct createdata cd;
3828 
3829 			/* only create links for datasets that had existed */
3830 			cd.cd_snapname = strchr(target, '@') + 1;
3831 			cd.cd_ifexists = B_TRUE;
3832 			ret = zfs_iter_filesystems(zhrp, zfs_create_link_cb,
3833 			    &cd);
3834 		} else {
3835 			changelist_rename(cl, zfs_get_name(zhp), target);
3836 			ret = changelist_postfix(cl);
3837 		}
3838 	}
3839 
3840 error:
3841 	if (parentname) {
3842 		free(parentname);
3843 	}
3844 	if (zhrp) {
3845 		zfs_close(zhrp);
3846 	}
3847 	if (cl) {
3848 		changelist_free(cl);
3849 	}
3850 	return (ret);
3851 }
3852 
3853 /*
3854  * Given a zvol dataset, issue the ioctl to create the appropriate minor node,
3855  * poke devfsadm to create the /dev link, and then wait for the link to appear.
3856  */
3857 int
3858 zvol_create_link(libzfs_handle_t *hdl, const char *dataset)
3859 {
3860 	return (zvol_create_link_common(hdl, dataset, B_FALSE));
3861 }
3862 
3863 static int
3864 zvol_create_link_common(libzfs_handle_t *hdl, const char *dataset, int ifexists)
3865 {
3866 	zfs_cmd_t zc = { 0 };
3867 	di_devlink_handle_t dhdl;
3868 	priv_set_t *priv_effective;
3869 	int privileged;
3870 
3871 	(void) strlcpy(zc.zc_name, dataset, sizeof (zc.zc_name));
3872 
3873 	/*
3874 	 * Issue the appropriate ioctl.
3875 	 */
3876 	if (ioctl(hdl->libzfs_fd, ZFS_IOC_CREATE_MINOR, &zc) != 0) {
3877 		switch (errno) {
3878 		case EEXIST:
3879 			/*
3880 			 * Silently ignore the case where the link already
3881 			 * exists.  This allows 'zfs volinit' to be run multiple
3882 			 * times without errors.
3883 			 */
3884 			return (0);
3885 
3886 		case ENOENT:
3887 			/*
3888 			 * Dataset does not exist in the kernel.  If we
3889 			 * don't care (see zfs_rename), then ignore the
3890 			 * error quietly.
3891 			 */
3892 			if (ifexists) {
3893 				return (0);
3894 			}
3895 
3896 			/* FALLTHROUGH */
3897 
3898 		default:
3899 			return (zfs_standard_error_fmt(hdl, errno,
3900 			    dgettext(TEXT_DOMAIN, "cannot create device links "
3901 			    "for '%s'"), dataset));
3902 		}
3903 	}
3904 
3905 	/*
3906 	 * If privileged call devfsadm and wait for the links to
3907 	 * magically appear.
3908 	 * Otherwise, print out an informational message.
3909 	 */
3910 
3911 	priv_effective = priv_allocset();
3912 	(void) getppriv(PRIV_EFFECTIVE, priv_effective);
3913 	privileged = (priv_isfullset(priv_effective) == B_TRUE);
3914 	priv_freeset(priv_effective);
3915 
3916 	if (privileged) {
3917 		if ((dhdl = di_devlink_init(ZFS_DRIVER,
3918 		    DI_MAKE_LINK)) == NULL) {
3919 			zfs_error_aux(hdl, strerror(errno));
3920 			(void) zfs_standard_error_fmt(hdl, EZFS_DEVLINKS,
3921 			    dgettext(TEXT_DOMAIN, "cannot create device links "
3922 			    "for '%s'"), dataset);
3923 			(void) ioctl(hdl->libzfs_fd, ZFS_IOC_REMOVE_MINOR, &zc);
3924 			return (-1);
3925 		} else {
3926 			(void) di_devlink_fini(&dhdl);
3927 		}
3928 	} else {
3929 		char pathname[MAXPATHLEN];
3930 		struct stat64 statbuf;
3931 		int i;
3932 
3933 #define	MAX_WAIT	10
3934 
3935 		/*
3936 		 * This is the poor mans way of waiting for the link
3937 		 * to show up.  If after 10 seconds we still don't
3938 		 * have it, then print out a message.
3939 		 */
3940 		(void) snprintf(pathname, sizeof (pathname), "/dev/zvol/dsk/%s",
3941 		    dataset);
3942 
3943 		for (i = 0; i != MAX_WAIT; i++) {
3944 			if (stat64(pathname, &statbuf) == 0)
3945 				break;
3946 			(void) sleep(1);
3947 		}
3948 		if (i == MAX_WAIT)
3949 			(void) printf(gettext("%s may not be immediately "
3950 			    "available\n"), pathname);
3951 	}
3952 
3953 	return (0);
3954 }
3955 
3956 /*
3957  * Remove a minor node for the given zvol and the associated /dev links.
3958  */
3959 int
3960 zvol_remove_link(libzfs_handle_t *hdl, const char *dataset)
3961 {
3962 	zfs_cmd_t zc = { 0 };
3963 
3964 	(void) strlcpy(zc.zc_name, dataset, sizeof (zc.zc_name));
3965 
3966 	if (ioctl(hdl->libzfs_fd, ZFS_IOC_REMOVE_MINOR, &zc) != 0) {
3967 		switch (errno) {
3968 		case ENXIO:
3969 			/*
3970 			 * Silently ignore the case where the link no longer
3971 			 * exists, so that 'zfs volfini' can be run multiple
3972 			 * times without errors.
3973 			 */
3974 			return (0);
3975 
3976 		default:
3977 			return (zfs_standard_error_fmt(hdl, errno,
3978 			    dgettext(TEXT_DOMAIN, "cannot remove device "
3979 			    "links for '%s'"), dataset));
3980 		}
3981 	}
3982 
3983 	return (0);
3984 }
3985 
3986 nvlist_t *
3987 zfs_get_user_props(zfs_handle_t *zhp)
3988 {
3989 	return (zhp->zfs_user_props);
3990 }
3991 
3992 /*
3993  * This function is used by 'zfs list' to determine the exact set of columns to
3994  * display, and their maximum widths.  This does two main things:
3995  *
3996  *      - If this is a list of all properties, then expand the list to include
3997  *        all native properties, and set a flag so that for each dataset we look
3998  *        for new unique user properties and add them to the list.
3999  *
4000  *      - For non fixed-width properties, keep track of the maximum width seen
4001  *        so that we can size the column appropriately.
4002  */
4003 int
4004 zfs_expand_proplist(zfs_handle_t *zhp, zprop_list_t **plp)
4005 {
4006 	libzfs_handle_t *hdl = zhp->zfs_hdl;
4007 	zprop_list_t *entry;
4008 	zprop_list_t **last, **start;
4009 	nvlist_t *userprops, *propval;
4010 	nvpair_t *elem;
4011 	char *strval;
4012 	char buf[ZFS_MAXPROPLEN];
4013 
4014 	if (zprop_expand_list(hdl, plp, ZFS_TYPE_DATASET) != 0)
4015 		return (-1);
4016 
4017 	userprops = zfs_get_user_props(zhp);
4018 
4019 	entry = *plp;
4020 	if (entry->pl_all && nvlist_next_nvpair(userprops, NULL) != NULL) {
4021 		/*
4022 		 * Go through and add any user properties as necessary.  We
4023 		 * start by incrementing our list pointer to the first
4024 		 * non-native property.
4025 		 */
4026 		start = plp;
4027 		while (*start != NULL) {
4028 			if ((*start)->pl_prop == ZPROP_INVAL)
4029 				break;
4030 			start = &(*start)->pl_next;
4031 		}
4032 
4033 		elem = NULL;
4034 		while ((elem = nvlist_next_nvpair(userprops, elem)) != NULL) {
4035 			/*
4036 			 * See if we've already found this property in our list.
4037 			 */
4038 			for (last = start; *last != NULL;
4039 			    last = &(*last)->pl_next) {
4040 				if (strcmp((*last)->pl_user_prop,
4041 				    nvpair_name(elem)) == 0)
4042 					break;
4043 			}
4044 
4045 			if (*last == NULL) {
4046 				if ((entry = zfs_alloc(hdl,
4047 				    sizeof (zprop_list_t))) == NULL ||
4048 				    ((entry->pl_user_prop = zfs_strdup(hdl,
4049 				    nvpair_name(elem)))) == NULL) {
4050 					free(entry);
4051 					return (-1);
4052 				}
4053 
4054 				entry->pl_prop = ZPROP_INVAL;
4055 				entry->pl_width = strlen(nvpair_name(elem));
4056 				entry->pl_all = B_TRUE;
4057 				*last = entry;
4058 			}
4059 		}
4060 	}
4061 
4062 	/*
4063 	 * Now go through and check the width of any non-fixed columns
4064 	 */
4065 	for (entry = *plp; entry != NULL; entry = entry->pl_next) {
4066 		if (entry->pl_fixed)
4067 			continue;
4068 
4069 		if (entry->pl_prop != ZPROP_INVAL) {
4070 			if (zfs_prop_get(zhp, entry->pl_prop,
4071 			    buf, sizeof (buf), NULL, NULL, 0, B_FALSE) == 0) {
4072 				if (strlen(buf) > entry->pl_width)
4073 					entry->pl_width = strlen(buf);
4074 			}
4075 		} else if (nvlist_lookup_nvlist(userprops,
4076 		    entry->pl_user_prop, &propval)  == 0) {
4077 			verify(nvlist_lookup_string(propval,
4078 			    ZPROP_VALUE, &strval) == 0);
4079 			if (strlen(strval) > entry->pl_width)
4080 				entry->pl_width = strlen(strval);
4081 		}
4082 	}
4083 
4084 	return (0);
4085 }
4086 
4087 int
4088 zfs_iscsi_perm_check(libzfs_handle_t *hdl, char *dataset, ucred_t *cred)
4089 {
4090 	zfs_cmd_t zc = { 0 };
4091 	nvlist_t *nvp;
4092 	gid_t gid;
4093 	uid_t uid;
4094 	const gid_t *groups;
4095 	int group_cnt;
4096 	int error;
4097 
4098 	if (nvlist_alloc(&nvp, NV_UNIQUE_NAME, 0) != 0)
4099 		return (no_memory(hdl));
4100 
4101 	uid = ucred_geteuid(cred);
4102 	gid = ucred_getegid(cred);
4103 	group_cnt = ucred_getgroups(cred, &groups);
4104 
4105 	if (uid == (uid_t)-1 || gid == (uid_t)-1 || group_cnt == (uid_t)-1)
4106 		return (1);
4107 
4108 	if (nvlist_add_uint32(nvp, ZFS_DELEG_PERM_UID, uid) != 0) {
4109 		nvlist_free(nvp);
4110 		return (1);
4111 	}
4112 
4113 	if (nvlist_add_uint32(nvp, ZFS_DELEG_PERM_GID, gid) != 0) {
4114 		nvlist_free(nvp);
4115 		return (1);
4116 	}
4117 
4118 	if (nvlist_add_uint32_array(nvp,
4119 	    ZFS_DELEG_PERM_GROUPS, (uint32_t *)groups, group_cnt) != 0) {
4120 		nvlist_free(nvp);
4121 		return (1);
4122 	}
4123 	(void) strlcpy(zc.zc_name, dataset, sizeof (zc.zc_name));
4124 
4125 	if (zcmd_write_src_nvlist(hdl, &zc, nvp))
4126 		return (-1);
4127 
4128 	error = ioctl(hdl->libzfs_fd, ZFS_IOC_ISCSI_PERM_CHECK, &zc);
4129 	nvlist_free(nvp);
4130 	return (error);
4131 }
4132 
4133 int
4134 zfs_deleg_share_nfs(libzfs_handle_t *hdl, char *dataset, char *path,
4135     void *export, void *sharetab, int sharemax, zfs_share_op_t operation)
4136 {
4137 	zfs_cmd_t zc = { 0 };
4138 	int error;
4139 
4140 	(void) strlcpy(zc.zc_name, dataset, sizeof (zc.zc_name));
4141 	(void) strlcpy(zc.zc_value, path, sizeof (zc.zc_value));
4142 	zc.zc_share.z_sharedata = (uint64_t)(uintptr_t)sharetab;
4143 	zc.zc_share.z_exportdata = (uint64_t)(uintptr_t)export;
4144 	zc.zc_share.z_sharetype = operation;
4145 	zc.zc_share.z_sharemax = sharemax;
4146 
4147 	error = ioctl(hdl->libzfs_fd, ZFS_IOC_SHARE, &zc);
4148 	return (error);
4149 }
4150