xref: /titanic_51/usr/src/lib/libzfs/common/libzfs_dataset.c (revision 733ed7372ce52463509c62783a184105d3f1a618)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 #pragma ident	"%Z%%M%	%I%	%E% SMI"
27 
28 #include <assert.h>
29 #include <ctype.h>
30 #include <errno.h>
31 #include <libdevinfo.h>
32 #include <libintl.h>
33 #include <math.h>
34 #include <stdio.h>
35 #include <stdlib.h>
36 #include <strings.h>
37 #include <unistd.h>
38 #include <zone.h>
39 #include <sys/mntent.h>
40 #include <sys/mnttab.h>
41 #include <sys/mount.h>
42 
43 #include <sys/spa.h>
44 #include <sys/zio.h>
45 #include <libzfs.h>
46 
47 #include "zfs_namecheck.h"
48 #include "zfs_prop.h"
49 #include "libzfs_impl.h"
50 
51 /*
52  * Given a single type (not a mask of types), return the type in a human
53  * readable form.
54  */
55 const char *
56 zfs_type_to_name(zfs_type_t type)
57 {
58 	switch (type) {
59 	case ZFS_TYPE_FILESYSTEM:
60 		return (dgettext(TEXT_DOMAIN, "filesystem"));
61 	case ZFS_TYPE_SNAPSHOT:
62 		return (dgettext(TEXT_DOMAIN, "snapshot"));
63 	case ZFS_TYPE_VOLUME:
64 		return (dgettext(TEXT_DOMAIN, "volume"));
65 	}
66 
67 	zfs_baderror(type);
68 	return (NULL);
69 }
70 
71 /*
72  * Given a path and mask of ZFS types, return a string describing this dataset.
73  * This is used when we fail to open a dataset and we cannot get an exact type.
74  * We guess what the type would have been based on the path and the mask of
75  * acceptable types.
76  */
77 static const char *
78 path_to_str(const char *path, int types)
79 {
80 	/*
81 	 * When given a single type, always report the exact type.
82 	 */
83 	if (types == ZFS_TYPE_SNAPSHOT)
84 		return (dgettext(TEXT_DOMAIN, "snapshot"));
85 	if (types == ZFS_TYPE_FILESYSTEM)
86 		return (dgettext(TEXT_DOMAIN, "filesystem"));
87 	if (types == ZFS_TYPE_VOLUME)
88 		return (dgettext(TEXT_DOMAIN, "volume"));
89 
90 	/*
91 	 * The user is requesting more than one type of dataset.  If this is the
92 	 * case, consult the path itself.  If we're looking for a snapshot, and
93 	 * a '@' is found, then report it as "snapshot".  Otherwise, remove the
94 	 * snapshot attribute and try again.
95 	 */
96 	if (types & ZFS_TYPE_SNAPSHOT) {
97 		if (strchr(path, '@') != NULL)
98 			return (dgettext(TEXT_DOMAIN, "snapshot"));
99 		return (path_to_str(path, types & ~ZFS_TYPE_SNAPSHOT));
100 	}
101 
102 
103 	/*
104 	 * The user has requested either filesystems or volumes.
105 	 * We have no way of knowing a priori what type this would be, so always
106 	 * report it as "filesystem" or "volume", our two primitive types.
107 	 */
108 	if (types & ZFS_TYPE_FILESYSTEM)
109 		return (dgettext(TEXT_DOMAIN, "filesystem"));
110 
111 	assert(types & ZFS_TYPE_VOLUME);
112 	return (dgettext(TEXT_DOMAIN, "volume"));
113 }
114 
115 /*
116  * Validate a ZFS path.  This is used even before trying to open the dataset, to
117  * provide a more meaningful error message.  We place a more useful message in
118  * 'buf' detailing exactly why the name was not valid.
119  */
120 static int
121 zfs_validate_name(const char *path, int type, char *buf, size_t buflen)
122 {
123 	namecheck_err_t why;
124 	char what;
125 
126 	if (dataset_namecheck(path, &why, &what) != 0) {
127 		if (buf != NULL) {
128 			switch (why) {
129 			case NAME_ERR_TOOLONG:
130 				(void) strlcpy(buf, dgettext(TEXT_DOMAIN,
131 				    "name is too long"), buflen);
132 				break;
133 
134 			case NAME_ERR_LEADING_SLASH:
135 				(void) strlcpy(buf, dgettext(TEXT_DOMAIN,
136 				    "leading slash"), buflen);
137 				break;
138 
139 			case NAME_ERR_EMPTY_COMPONENT:
140 				(void) strlcpy(buf, dgettext(TEXT_DOMAIN,
141 				    "empty component"), buflen);
142 				break;
143 
144 			case NAME_ERR_TRAILING_SLASH:
145 				(void) strlcpy(buf, dgettext(TEXT_DOMAIN,
146 				    "trailing slash"), buflen);
147 				break;
148 
149 			case NAME_ERR_INVALCHAR:
150 				(void) snprintf(buf, buflen,
151 				    dgettext(TEXT_DOMAIN, "invalid character "
152 				    "'%c'"), what);
153 				break;
154 
155 			case NAME_ERR_MULTIPLE_AT:
156 				(void) strlcpy(buf, dgettext(TEXT_DOMAIN,
157 				    "multiple '@' delimiters"), buflen);
158 				break;
159 			}
160 		}
161 
162 		return (0);
163 	}
164 
165 	if (!(type & ZFS_TYPE_SNAPSHOT) && strchr(path, '@') != NULL) {
166 		if (buf != NULL)
167 			(void) strlcpy(buf,
168 			    dgettext(TEXT_DOMAIN,
169 			    "snapshot delimiter '@'"), buflen);
170 		return (0);
171 	}
172 
173 	return (1);
174 }
175 
176 int
177 zfs_name_valid(const char *name, zfs_type_t type)
178 {
179 	return (zfs_validate_name(name, type, NULL, NULL));
180 }
181 
182 /*
183  * Utility function to gather stats (objset and zpl) for the given object.
184  */
185 static int
186 get_stats(zfs_handle_t *zhp)
187 {
188 	zfs_cmd_t zc = { 0 };
189 
190 	(void) strlcpy(zc.zc_name, zhp->zfs_name, sizeof (zc.zc_name));
191 
192 	zc.zc_config_src = (uint64_t)(uintptr_t)zfs_malloc(1024);
193 	zc.zc_config_src_size = 1024;
194 
195 	while (zfs_ioctl(ZFS_IOC_OBJSET_STATS, &zc) != 0) {
196 		if (errno == ENOMEM) {
197 			zc.zc_config_src = (uint64_t)(uintptr_t)
198 			    zfs_malloc(zc.zc_config_src_size);
199 		} else {
200 			free((void *)(uintptr_t)zc.zc_config_src);
201 			return (-1);
202 		}
203 	}
204 
205 	bcopy(&zc.zc_objset_stats, &zhp->zfs_dmustats,
206 	    sizeof (zc.zc_objset_stats));
207 
208 	(void) strcpy(zhp->zfs_root, zc.zc_root);
209 
210 	verify(nvlist_unpack((void *)(uintptr_t)zc.zc_config_src,
211 	    zc.zc_config_src_size, &zhp->zfs_props, 0) == 0);
212 
213 	zhp->zfs_volsize = zc.zc_volsize;
214 	zhp->zfs_volblocksize = zc.zc_volblocksize;
215 
216 	return (0);
217 }
218 
219 /*
220  * Refresh the properties currently stored in the handle.
221  */
222 void
223 zfs_refresh_properties(zfs_handle_t *zhp)
224 {
225 	(void) get_stats(zhp);
226 }
227 
228 /*
229  * Makes a handle from the given dataset name.  Used by zfs_open() and
230  * zfs_iter_* to create child handles on the fly.
231  */
232 zfs_handle_t *
233 make_dataset_handle(const char *path)
234 {
235 	zfs_handle_t *zhp = zfs_malloc(sizeof (zfs_handle_t));
236 
237 top:
238 	(void) strlcpy(zhp->zfs_name, path, sizeof (zhp->zfs_name));
239 
240 	if (get_stats(zhp) != 0) {
241 		free(zhp);
242 		return (NULL);
243 	}
244 
245 	if (zhp->zfs_dmustats.dds_inconsistent) {
246 		zfs_cmd_t zc = { 0 };
247 
248 		/*
249 		 * If it is dds_inconsistent, then we've caught it in
250 		 * the middle of a 'zfs receive' or 'zfs destroy', and
251 		 * it is inconsistent from the ZPL's point of view, so
252 		 * can't be mounted.  However, it could also be that we
253 		 * have crashed in the middle of one of those
254 		 * operations, in which case we need to get rid of the
255 		 * inconsistent state.  We do that by either rolling
256 		 * back to the previous snapshot (which will fail if
257 		 * there is none), or destroying the filesystem.  Note
258 		 * that if we are still in the middle of an active
259 		 * 'receive' or 'destroy', then the rollback and destroy
260 		 * will fail with EBUSY and we will drive on as usual.
261 		 */
262 
263 		(void) strlcpy(zc.zc_name, zhp->zfs_name, sizeof (zc.zc_name));
264 
265 		if (zhp->zfs_type == ZFS_TYPE_VOLUME) {
266 			(void) zvol_remove_link(zhp->zfs_name);
267 			zc.zc_objset_type = DMU_OST_ZVOL;
268 		} else {
269 			zc.zc_objset_type = DMU_OST_ZFS;
270 		}
271 
272 		/* If we can successfully roll it back, reget the stats */
273 		if (zfs_ioctl(ZFS_IOC_ROLLBACK, &zc) == 0)
274 			goto top;
275 		/*
276 		 * If we can sucessfully destroy it, pretend that it
277 		 * never existed.
278 		 */
279 		if (zfs_ioctl(ZFS_IOC_DESTROY, &zc) == 0) {
280 			free(zhp);
281 			errno = ENOENT;
282 			return (NULL);
283 		}
284 	}
285 
286 	/*
287 	 * We've managed to open the dataset and gather statistics.  Determine
288 	 * the high-level type.
289 	 */
290 	if (zhp->zfs_dmustats.dds_is_snapshot)
291 		zhp->zfs_type = ZFS_TYPE_SNAPSHOT;
292 	else if (zhp->zfs_dmustats.dds_type == DMU_OST_ZVOL)
293 		zhp->zfs_type = ZFS_TYPE_VOLUME;
294 	else if (zhp->zfs_dmustats.dds_type == DMU_OST_ZFS)
295 		zhp->zfs_type = ZFS_TYPE_FILESYSTEM;
296 	else
297 		/* we should never see any other dataset types */
298 		zfs_baderror(zhp->zfs_dmustats.dds_type);
299 
300 	return (zhp);
301 }
302 
303 /*
304  * Opens the given snapshot, filesystem, or volume.   The 'types'
305  * argument is a mask of acceptable types.  The function will print an
306  * appropriate error message and return NULL if it can't be opened.
307  */
308 zfs_handle_t *
309 zfs_open(const char *path, int types)
310 {
311 	zfs_handle_t *zhp;
312 
313 	/*
314 	 * Validate the name before we even try to open it.  We don't care about
315 	 * the verbose invalid messages here; just report a generic error.
316 	 */
317 	if (!zfs_validate_name(path, types, NULL, 0)) {
318 		zfs_error(dgettext(TEXT_DOMAIN,
319 		    "cannot open '%s': invalid %s name"), path,
320 		    path_to_str(path, types));
321 		return (NULL);
322 	}
323 
324 	/*
325 	 * Try to get stats for the dataset, which will tell us if it exists.
326 	 */
327 	errno = 0;
328 	if ((zhp = make_dataset_handle(path)) == NULL) {
329 		switch (errno) {
330 		case ENOENT:
331 			/*
332 			 * The dataset doesn't exist.
333 			 */
334 			zfs_error(dgettext(TEXT_DOMAIN,
335 			    "cannot open '%s': no such %s"), path,
336 			    path_to_str(path, types));
337 			break;
338 
339 		case EBUSY:
340 			/*
341 			 * We were able to open the dataset but couldn't
342 			 * get the stats.
343 			 */
344 			zfs_error(dgettext(TEXT_DOMAIN,
345 			    "cannot open '%s': %s is busy"), path,
346 			    path_to_str(path, types));
347 			break;
348 
349 		case ENXIO:
350 		case EIO:
351 			/*
352 			 * I/O error from the underlying pool.
353 			 */
354 			zfs_error(dgettext(TEXT_DOMAIN,
355 			    "cannot open '%s': I/O error"), path,
356 			    path_to_str(path, types));
357 			break;
358 
359 		default:
360 			zfs_baderror(errno);
361 
362 		}
363 		return (NULL);
364 	}
365 
366 	if (!(types & zhp->zfs_type)) {
367 		zfs_error(dgettext(TEXT_DOMAIN, "cannot open '%s': operation "
368 		    "not supported for %ss"), path,
369 		    zfs_type_to_name(zhp->zfs_type));
370 		free(zhp);
371 		return (NULL);
372 	}
373 
374 	return (zhp);
375 }
376 
377 /*
378  * Release a ZFS handle.  Nothing to do but free the associated memory.
379  */
380 void
381 zfs_close(zfs_handle_t *zhp)
382 {
383 	if (zhp->zfs_mntopts)
384 		free(zhp->zfs_mntopts);
385 	free(zhp);
386 }
387 
388 struct {
389 	const char *name;
390 	uint64_t value;
391 } checksum_table[] = {
392 	{ "on",		ZIO_CHECKSUM_ON },
393 	{ "off",	ZIO_CHECKSUM_OFF },
394 	{ "fletcher2",	ZIO_CHECKSUM_FLETCHER_2 },
395 	{ "fletcher4",	ZIO_CHECKSUM_FLETCHER_4 },
396 	{ "sha256",	ZIO_CHECKSUM_SHA256 },
397 	{ NULL }
398 };
399 
400 struct {
401 	const char *name;
402 	uint64_t value;
403 } compress_table[] = {
404 	{ "on",		ZIO_COMPRESS_ON },
405 	{ "off",	ZIO_COMPRESS_OFF },
406 	{ "lzjb",	ZIO_COMPRESS_LZJB },
407 	{ NULL }
408 };
409 
410 struct {
411 	const char *name;
412 	uint64_t value;
413 } snapdir_table[] = {
414 	{ "hidden",	ZFS_SNAPDIR_HIDDEN },
415 	{ "visible",	ZFS_SNAPDIR_VISIBLE },
416 	{ NULL }
417 };
418 
419 struct {
420 	const char *name;
421 	uint64_t value;
422 } acl_mode_table[] = {
423 	{ "discard",	DISCARD },
424 	{ "groupmask",	GROUPMASK },
425 	{ "passthrough", PASSTHROUGH },
426 	{ NULL }
427 };
428 
429 struct {
430 	const char *name;
431 	uint64_t value;
432 } acl_inherit_table[] = {
433 	{ "discard",	DISCARD },
434 	{ "noallow",	NOALLOW },
435 	{ "secure",	SECURE },
436 	{ "passthrough", PASSTHROUGH },
437 	{ NULL }
438 };
439 
440 
441 /*
442  * Given a numeric suffix, convert the value into a number of bits that the
443  * resulting value must be shifted.
444  */
445 static int
446 str2shift(const char *buf, char *reason, size_t len)
447 {
448 	const char *ends = "BKMGTPEZ";
449 	int i;
450 
451 	if (buf[0] == '\0')
452 		return (0);
453 	for (i = 0; i < strlen(ends); i++) {
454 		if (toupper(buf[0]) == ends[i])
455 			break;
456 	}
457 	if (i == strlen(ends)) {
458 		(void) snprintf(reason, len, dgettext(TEXT_DOMAIN, "invalid "
459 		    "numeric suffix '%s'"), buf);
460 		return (-1);
461 	}
462 
463 	/*
464 	 * We want to allow trailing 'b' characters for 'GB' or 'Mb'.  But don't
465 	 * allow 'BB' - that's just weird.
466 	 */
467 	if (buf[1] == '\0' || (toupper(buf[1]) == 'B' && buf[2] == '\0' &&
468 	    toupper(buf[0]) != 'B')) {
469 		return (10*i);
470 	}
471 
472 	(void) snprintf(reason, len, dgettext(TEXT_DOMAIN, "invalid numeric "
473 	    "suffix '%s'"), buf);
474 	return (-1);
475 }
476 
477 /*
478  * Convert a string of the form '100G' into a real number.  Used when setting
479  * properties or creating a volume.  'buf' is used to place an extended error
480  * message for the caller to use.
481  */
482 static int
483 nicestrtonum(const char *value, uint64_t *num, char *buf, size_t buflen)
484 {
485 	char *end;
486 	int shift;
487 
488 	*num = 0;
489 
490 	/* Check to see if this looks like a number.  */
491 	if ((value[0] < '0' || value[0] > '9') && value[0] != '.') {
492 		(void) strlcpy(buf, dgettext(TEXT_DOMAIN,
493 		    "must be a numeric value"), buflen);
494 		return (-1);
495 	}
496 
497 	/* Rely on stroll() to process the numeric portion.  */
498 	errno = 0;
499 	*num = strtoll(value, &end, 10);
500 
501 	/*
502 	 * Check for ERANGE, which indicates that the value is too large to fit
503 	 * in a 64-bit value.
504 	 */
505 	if (errno == ERANGE) {
506 		(void) strlcpy(buf, dgettext(TEXT_DOMAIN,
507 		    "value is too large"), buflen);
508 		return (-1);
509 	}
510 
511 	/*
512 	 * If we have a decimal value, then do the computation with floating
513 	 * point arithmetic.  Otherwise, use standard arithmetic.
514 	 */
515 	if (*end == '.') {
516 		double fval = strtod(value, &end);
517 
518 		if ((shift = str2shift(end, buf, buflen)) == -1)
519 			return (-1);
520 
521 		fval *= pow(2, shift);
522 
523 		if (fval > UINT64_MAX) {
524 			(void) strlcpy(buf, dgettext(TEXT_DOMAIN,
525 			    "value is too large"), buflen);
526 			return (-1);
527 		}
528 
529 		*num = (uint64_t)fval;
530 	} else {
531 		if ((shift = str2shift(end, buf, buflen)) == -1)
532 			return (-1);
533 
534 		/* Check for overflow */
535 		if (shift >= 64 || (*num << shift) >> shift != *num) {
536 			(void) strlcpy(buf, dgettext(TEXT_DOMAIN,
537 			    "value is too large"), buflen);
538 			return (-1);
539 		}
540 
541 		*num <<= shift;
542 	}
543 
544 	return (0);
545 }
546 
547 int
548 zfs_nicestrtonum(const char *str, uint64_t *val)
549 {
550 	char buf[1];
551 
552 	return (nicestrtonum(str, val, buf, sizeof (buf)));
553 }
554 
555 /*
556  * Given a property type and value, verify that the value is appropriate.  Used
557  * by zfs_prop_set() and some libzfs consumers.
558  */
559 int
560 zfs_prop_validate(zfs_prop_t prop, const char *value, uint64_t *intval)
561 {
562 	const char *propname = zfs_prop_to_name(prop);
563 	uint64_t number;
564 	char reason[64];
565 	int i;
566 
567 	/*
568 	 * Check to see if this a read-only property.
569 	 */
570 	if (zfs_prop_readonly(prop)) {
571 		zfs_error(dgettext(TEXT_DOMAIN,
572 		    "cannot set %s property: read-only property"), propname);
573 		return (-1);
574 	}
575 
576 	/* See if the property value is too long */
577 	if (strlen(value) >= ZFS_MAXPROPLEN) {
578 		zfs_error(dgettext(TEXT_DOMAIN,
579 		    "bad %s value '%s': value is too long"), propname,
580 		    value);
581 		return (-1);
582 	}
583 
584 	/* Perform basic checking based on property type */
585 	switch (zfs_prop_get_type(prop)) {
586 	case prop_type_boolean:
587 		if (strcmp(value, "on") == 0) {
588 			number = 1;
589 		} else if (strcmp(value, "off") == 0) {
590 			number = 0;
591 		} else {
592 			zfs_error(dgettext(TEXT_DOMAIN,
593 			    "bad %s value '%s': must be 'on' or 'off'"),
594 			    propname, value);
595 			return (-1);
596 		}
597 		break;
598 
599 	case prop_type_number:
600 		/* treat 'none' as 0 */
601 		if (strcmp(value, "none") == 0) {
602 			number = 0;
603 			break;
604 		}
605 
606 		if (nicestrtonum(value, &number, reason,
607 		    sizeof (reason)) != 0) {
608 			zfs_error(dgettext(TEXT_DOMAIN,
609 			    "bad %s value '%s': %s"), propname, value,
610 			    reason);
611 			return (-1);
612 		}
613 
614 		/* don't allow 0 for quota, use 'none' instead */
615 		if (prop == ZFS_PROP_QUOTA && number == 0 &&
616 		    strcmp(value, "none") != 0) {
617 			zfs_error(dgettext(TEXT_DOMAIN,
618 			    "bad %s value '%s': use '%s=none' to disable"),
619 			    propname, value, propname);
620 			return (-1);
621 		}
622 
623 		/* must be power of two within SPA_{MIN,MAX}BLOCKSIZE */
624 		if (prop == ZFS_PROP_RECORDSIZE ||
625 		    prop == ZFS_PROP_VOLBLOCKSIZE) {
626 			if (number < SPA_MINBLOCKSIZE ||
627 			    number > SPA_MAXBLOCKSIZE || !ISP2(number)) {
628 				zfs_error(dgettext(TEXT_DOMAIN,
629 				    "bad %s value '%s': "
630 				    "must be power of 2 from %u to %uk"),
631 				    propname, value,
632 				    (uint_t)SPA_MINBLOCKSIZE,
633 				    (uint_t)SPA_MAXBLOCKSIZE >> 10);
634 				return (-1);
635 			}
636 		}
637 
638 		break;
639 
640 	case prop_type_string:
641 	case prop_type_index:
642 		/*
643 		 * The two writable string values, 'mountpoint' and
644 		 * 'checksum' need special consideration.  The 'index' types are
645 		 * specified as strings by the user, but passed to the kernel as
646 		 * integers.
647 		 */
648 		switch (prop) {
649 		case ZFS_PROP_MOUNTPOINT:
650 			if (strcmp(value, ZFS_MOUNTPOINT_NONE) == 0 ||
651 			    strcmp(value, ZFS_MOUNTPOINT_LEGACY) == 0)
652 				break;
653 
654 			if (value[0] != '/') {
655 				zfs_error(dgettext(TEXT_DOMAIN,
656 				    "bad %s value '%s': must be an absolute "
657 				    "path, 'none', or 'legacy'"),
658 				    propname, value);
659 				return (-1);
660 			}
661 			break;
662 
663 		case ZFS_PROP_CHECKSUM:
664 			for (i = 0; checksum_table[i].name != NULL; i++) {
665 				if (strcmp(value, checksum_table[i].name)
666 				    == 0) {
667 					number = checksum_table[i].value;
668 					break;
669 				}
670 			}
671 
672 			if (checksum_table[i].name == NULL) {
673 				zfs_error(dgettext(TEXT_DOMAIN,
674 				    "bad %s value '%s': must be 'on', 'off', "
675 				    "'fletcher2', 'fletcher4', or 'sha256'"),
676 				    propname, value);
677 				return (-1);
678 			}
679 			break;
680 
681 		case ZFS_PROP_COMPRESSION:
682 			for (i = 0; compress_table[i].name != NULL; i++) {
683 				if (strcmp(value, compress_table[i].name)
684 				    == 0) {
685 					number = compress_table[i].value;
686 					break;
687 				}
688 			}
689 
690 			if (compress_table[i].name == NULL) {
691 				zfs_error(dgettext(TEXT_DOMAIN,
692 				    "bad %s value '%s': must be 'on', 'off', "
693 				    "or 'lzjb'"),
694 				    propname, value);
695 				return (-1);
696 			}
697 			break;
698 
699 		case ZFS_PROP_SNAPDIR:
700 			for (i = 0; snapdir_table[i].name != NULL; i++) {
701 				if (strcmp(value, snapdir_table[i].name) == 0) {
702 					number = snapdir_table[i].value;
703 					break;
704 				}
705 			}
706 
707 			if (snapdir_table[i].name == NULL) {
708 				zfs_error(dgettext(TEXT_DOMAIN,
709 				    "bad %s value '%s': must be 'hidden' "
710 				    "or 'visible'"),
711 				    propname, value);
712 				return (-1);
713 			}
714 			break;
715 
716 		case ZFS_PROP_ACLMODE:
717 			for (i = 0; acl_mode_table[i].name != NULL; i++) {
718 				if (strcmp(value, acl_mode_table[i].name)
719 				    == 0) {
720 					number = acl_mode_table[i].value;
721 					break;
722 				}
723 			}
724 
725 			if (acl_mode_table[i].name == NULL) {
726 				zfs_error(dgettext(TEXT_DOMAIN,
727 				    "bad %s value '%s': must be 'discard', "
728 				    "'groupmask' or 'passthrough'"),
729 				    propname, value);
730 				return (-1);
731 			}
732 			break;
733 
734 		case ZFS_PROP_ACLINHERIT:
735 			for (i = 0; acl_inherit_table[i].name != NULL; i++) {
736 				if (strcmp(value, acl_inherit_table[i].name)
737 				    == 0) {
738 					number = acl_inherit_table[i].value;
739 					break;
740 				}
741 			}
742 
743 			if (acl_inherit_table[i].name == NULL) {
744 				zfs_error(dgettext(TEXT_DOMAIN,
745 				    "bad %s value '%s': must be 'discard', "
746 				    "'noallow', 'secure' or 'passthrough'"),
747 				    propname, value);
748 				return (-1);
749 			}
750 			break;
751 
752 		case ZFS_PROP_SHARENFS:
753 			/*
754 			 * Nothing to do for 'sharenfs', this gets passed on to
755 			 * share(1M) verbatim.
756 			 */
757 			break;
758 		}
759 	}
760 
761 	if (intval != NULL)
762 		*intval = number;
763 
764 	return (0);
765 }
766 
767 /*
768  * Given a property name and value, set the property for the given dataset.
769  */
770 int
771 zfs_prop_set(zfs_handle_t *zhp, zfs_prop_t prop, const char *propval)
772 {
773 	const char *propname = zfs_prop_to_name(prop);
774 	uint64_t number;
775 	zfs_cmd_t zc = { 0 };
776 	int ret;
777 	prop_changelist_t *cl;
778 
779 	if (zfs_prop_validate(prop, propval, &number) != 0)
780 		return (-1);
781 
782 	/*
783 	 * Check to see if the value applies to this type
784 	 */
785 	if (!zfs_prop_valid_for_type(prop, zhp->zfs_type)) {
786 		zfs_error(dgettext(TEXT_DOMAIN,
787 		    "cannot set %s for '%s': property does not apply to %ss"),
788 		    propname, zhp->zfs_name, zfs_type_to_name(zhp->zfs_type));
789 		return (-1);
790 	}
791 
792 	/*
793 	 * For the mountpoint and sharenfs properties, check if it can be set
794 	 * in a global/non-global zone based on the zoned property value:
795 	 *
796 	 *		global zone	    non-global zone
797 	 * -----------------------------------------------------
798 	 * zoned=on	mountpoint (no)	    mountpoint (yes)
799 	 *		sharenfs (no)	    sharenfs (no)
800 	 *
801 	 * zoned=off	mountpoint (yes)	N/A
802 	 *		sharenfs (yes)
803 	 */
804 	if (prop == ZFS_PROP_MOUNTPOINT || prop == ZFS_PROP_SHARENFS) {
805 		if (zfs_prop_get_int(zhp, ZFS_PROP_ZONED)) {
806 			if (getzoneid() == GLOBAL_ZONEID) {
807 				zfs_error(dgettext(TEXT_DOMAIN,
808 				    "cannot set %s for '%s': "
809 				    "dataset is used in a non-global zone"),
810 				    propname, zhp->zfs_name);
811 				return (-1);
812 			} else if (prop == ZFS_PROP_SHARENFS) {
813 				zfs_error(dgettext(TEXT_DOMAIN,
814 				    "cannot set %s for '%s': filesystems "
815 				    "cannot be shared in a non-global zone"),
816 				    propname, zhp->zfs_name);
817 				return (-1);
818 			}
819 		} else if (getzoneid() != GLOBAL_ZONEID) {
820 			/*
821 			 * If zoned property is 'off', this must be in
822 			 * a globle zone. If not, something is wrong.
823 			 */
824 			zfs_error(dgettext(TEXT_DOMAIN,
825 			    "cannot set %s for '%s': dataset is "
826 			    "used in a non-global zone, but 'zoned' "
827 			    "property is not set"),
828 			    propname, zhp->zfs_name);
829 			return (-1);
830 		}
831 	}
832 
833 	if ((cl = changelist_gather(zhp, prop, 0)) == NULL)
834 		return (-1);
835 
836 	if (prop == ZFS_PROP_MOUNTPOINT && changelist_haszonedchild(cl)) {
837 		zfs_error(dgettext(TEXT_DOMAIN, "cannot set %s for '%s', "
838 			"child dataset with inherited mountpoint is used "
839 			"in a non-global zone"),
840 			propname, zhp->zfs_name);
841 		ret = -1;
842 		goto error;
843 	}
844 
845 	if ((ret = changelist_prefix(cl)) != 0)
846 		goto error;
847 
848 	/*
849 	 * Execute the corresponding ioctl() to set this property.
850 	 */
851 	(void) strlcpy(zc.zc_name, zhp->zfs_name, sizeof (zc.zc_name));
852 
853 	switch (prop) {
854 	case ZFS_PROP_QUOTA:
855 		zc.zc_cookie = number;
856 		ret = zfs_ioctl(ZFS_IOC_SET_QUOTA, &zc);
857 		break;
858 	case ZFS_PROP_RESERVATION:
859 		zc.zc_cookie = number;
860 		ret = zfs_ioctl(ZFS_IOC_SET_RESERVATION, &zc);
861 		break;
862 	case ZFS_PROP_MOUNTPOINT:
863 	case ZFS_PROP_SHARENFS:
864 		/*
865 		 * These properties are passed down as real strings.
866 		 */
867 		(void) strlcpy(zc.zc_prop_name, propname,
868 		    sizeof (zc.zc_prop_name));
869 		(void) strlcpy(zc.zc_prop_value, propval,
870 		    sizeof (zc.zc_prop_value));
871 		zc.zc_intsz = 1;
872 		zc.zc_numints = strlen(propval) + 1;
873 		ret = zfs_ioctl(ZFS_IOC_SET_PROP, &zc);
874 		break;
875 	case ZFS_PROP_VOLSIZE:
876 		zc.zc_volsize = number;
877 		ret = zfs_ioctl(ZFS_IOC_SET_VOLSIZE, &zc);
878 		break;
879 	case ZFS_PROP_VOLBLOCKSIZE:
880 		zc.zc_volblocksize = number;
881 		ret = zfs_ioctl(ZFS_IOC_SET_VOLBLOCKSIZE, &zc);
882 		break;
883 	default:
884 		(void) strlcpy(zc.zc_prop_name, propname,
885 		    sizeof (zc.zc_prop_name));
886 		/* LINTED - alignment */
887 		*(uint64_t *)zc.zc_prop_value = number;
888 		zc.zc_intsz = 8;
889 		zc.zc_numints = 1;
890 		ret = zfs_ioctl(ZFS_IOC_SET_PROP, &zc);
891 		break;
892 	}
893 
894 	if (ret != 0) {
895 		switch (errno) {
896 
897 		case EPERM:
898 			zfs_error(dgettext(TEXT_DOMAIN,
899 			    "cannot set %s for '%s': permission "
900 			    "denied"), propname, zhp->zfs_name);
901 			break;
902 
903 		case ENOENT:
904 			zfs_error(dgettext(TEXT_DOMAIN,
905 			    "cannot open '%s': no such %s"), zhp->zfs_name,
906 			    zfs_type_to_name(zhp->zfs_type));
907 			break;
908 
909 		case ENOSPC:
910 			/*
911 			 * For quotas and reservations, ENOSPC indicates
912 			 * something different; setting a quota or reservation
913 			 * doesn't use any disk space.
914 			 */
915 			switch (prop) {
916 			case ZFS_PROP_QUOTA:
917 				zfs_error(dgettext(TEXT_DOMAIN, "cannot set %s "
918 				    "for '%s': size is less than current "
919 				    "used or reserved space"), propname,
920 				    zhp->zfs_name);
921 				break;
922 
923 			case ZFS_PROP_RESERVATION:
924 				zfs_error(dgettext(TEXT_DOMAIN, "cannot set %s "
925 				    "for '%s': size is greater than available "
926 				    "space"), propname, zhp->zfs_name);
927 				break;
928 
929 			default:
930 				zfs_error(dgettext(TEXT_DOMAIN,
931 				    "cannot set %s for '%s': out of space"),
932 				    propname, zhp->zfs_name);
933 				break;
934 			}
935 			break;
936 
937 		case EBUSY:
938 			if (prop == ZFS_PROP_VOLBLOCKSIZE) {
939 				zfs_error(dgettext(TEXT_DOMAIN,
940 				    "cannot set %s for '%s': "
941 				    "volume already contains data"),
942 				    propname, zhp->zfs_name);
943 			} else {
944 				zfs_baderror(errno);
945 			}
946 			break;
947 
948 		case EROFS:
949 			zfs_error(dgettext(TEXT_DOMAIN, "cannot set %s for "
950 			    "'%s': read only %s"), propname, zhp->zfs_name,
951 			    zfs_type_to_name(zhp->zfs_type));
952 			break;
953 
954 		case EOVERFLOW:
955 			/*
956 			 * This platform can't address a volume this big.
957 			 */
958 #ifdef _ILP32
959 			if (prop == ZFS_PROP_VOLSIZE) {
960 				zfs_error(dgettext(TEXT_DOMAIN,
961 				    "cannot set %s for '%s': "
962 				    "max volume size is 1TB on 32-bit systems"),
963 				    propname, zhp->zfs_name);
964 				break;
965 			}
966 #endif
967 			zfs_baderror(errno);
968 		default:
969 			zfs_baderror(errno);
970 		}
971 	} else {
972 		/*
973 		 * Refresh the statistics so the new property value
974 		 * is reflected.
975 		 */
976 		if ((ret = changelist_postfix(cl)) != 0)
977 			goto error;
978 
979 		(void) get_stats(zhp);
980 	}
981 
982 error:
983 	changelist_free(cl);
984 	return (ret);
985 }
986 
987 /*
988  * Given a property, inherit the value from the parent dataset.
989  */
990 int
991 zfs_prop_inherit(zfs_handle_t *zhp, zfs_prop_t prop)
992 {
993 	const char *propname = zfs_prop_to_name(prop);
994 	zfs_cmd_t zc = { 0 };
995 	int ret;
996 	prop_changelist_t *cl;
997 
998 	/*
999 	 * Verify that this property is inheritable.
1000 	 */
1001 	if (zfs_prop_readonly(prop)) {
1002 		zfs_error(dgettext(TEXT_DOMAIN,
1003 		    "cannot inherit %s for '%s': property is read-only"),
1004 		    propname, zhp->zfs_name);
1005 		return (-1);
1006 	}
1007 
1008 	if (!zfs_prop_inheritable(prop)) {
1009 		zfs_error(dgettext(TEXT_DOMAIN,
1010 		    "cannot inherit %s for '%s': property is not inheritable"),
1011 		    propname, zhp->zfs_name);
1012 		return (-1);
1013 	}
1014 
1015 	/*
1016 	 * Check to see if the value applies to this type
1017 	 */
1018 	if (!zfs_prop_valid_for_type(prop, zhp->zfs_type)) {
1019 		zfs_error(dgettext(TEXT_DOMAIN,
1020 		    "cannot inherit %s for '%s': property does "
1021 		    "not apply to %ss"), propname, zhp->zfs_name,
1022 		    zfs_type_to_name(zhp->zfs_type));
1023 		return (-1);
1024 	}
1025 
1026 	(void) strlcpy(zc.zc_name, zhp->zfs_name, sizeof (zc.zc_name));
1027 	(void) strlcpy(zc.zc_prop_name, propname, sizeof (zc.zc_prop_name));
1028 
1029 	if (prop == ZFS_PROP_MOUNTPOINT && getzoneid() == GLOBAL_ZONEID &&
1030 	    zfs_prop_get_int(zhp, ZFS_PROP_ZONED)) {
1031 		zfs_error(dgettext(TEXT_DOMAIN, "cannot inherit %s for '%s', "
1032 		    "dataset is used in a non-global zone"), propname,
1033 		    zhp->zfs_name);
1034 		return (-1);
1035 	}
1036 
1037 	/*
1038 	 * Determine datasets which will be affected by this change, if any.
1039 	 */
1040 	if ((cl = changelist_gather(zhp, prop, 0)) == NULL)
1041 		return (-1);
1042 
1043 	if (prop == ZFS_PROP_MOUNTPOINT && changelist_haszonedchild(cl)) {
1044 		zfs_error(dgettext(TEXT_DOMAIN, "cannot inherit %s for '%s', "
1045 			"child dataset with inherited mountpoint is "
1046 			"used in a non-global zone"),
1047 			propname, zhp->zfs_name);
1048 		ret = -1;
1049 		goto error;
1050 	}
1051 
1052 	if ((ret = changelist_prefix(cl)) != 0)
1053 		goto error;
1054 
1055 	zc.zc_numints = 0;
1056 
1057 	if ((ret = zfs_ioctl(ZFS_IOC_SET_PROP, &zc)) != 0) {
1058 		switch (errno) {
1059 		case EPERM:
1060 			zfs_error(dgettext(TEXT_DOMAIN,
1061 			    "cannot inherit %s for '%s': permission "
1062 			    "denied"), propname, zhp->zfs_name);
1063 			break;
1064 		case ENOENT:
1065 			zfs_error(dgettext(TEXT_DOMAIN,
1066 			    "cannot open '%s': no such %s"), zhp->zfs_name,
1067 			    zfs_type_to_name(zhp->zfs_type));
1068 			break;
1069 		case ENOSPC:
1070 			zfs_error(dgettext(TEXT_DOMAIN,
1071 			    "cannot inherit %s for '%s': "
1072 			    "out of space"), propname, zhp->zfs_name);
1073 			break;
1074 		default:
1075 			zfs_baderror(errno);
1076 		}
1077 
1078 	} else {
1079 
1080 		if ((ret = changelist_postfix(cl)) != 0)
1081 			goto error;
1082 
1083 		/*
1084 		 * Refresh the statistics so the new property is reflected.
1085 		 */
1086 		(void) get_stats(zhp);
1087 	}
1088 
1089 
1090 error:
1091 	changelist_free(cl);
1092 	return (ret);
1093 }
1094 
1095 static void
1096 nicebool(int value, char *buf, size_t buflen)
1097 {
1098 	if (value)
1099 		(void) strlcpy(buf, "on", buflen);
1100 	else
1101 		(void) strlcpy(buf, "off", buflen);
1102 }
1103 
1104 /*
1105  * True DSL properties are stored in an nvlist.  The following two functions
1106  * extract them appropriately.
1107  */
1108 static uint64_t
1109 getprop_uint64(zfs_handle_t *zhp, zfs_prop_t prop, char **source)
1110 {
1111 	nvlist_t *nv;
1112 	uint64_t value;
1113 
1114 	if (nvlist_lookup_nvlist(zhp->zfs_props,
1115 	    zfs_prop_to_name(prop), &nv) == 0) {
1116 		verify(nvlist_lookup_uint64(nv, ZFS_PROP_VALUE, &value) == 0);
1117 		verify(nvlist_lookup_string(nv, ZFS_PROP_SOURCE, source) == 0);
1118 	} else {
1119 		value = zfs_prop_default_numeric(prop);
1120 		*source = "";
1121 	}
1122 
1123 	return (value);
1124 }
1125 
1126 static char *
1127 getprop_string(zfs_handle_t *zhp, zfs_prop_t prop, char **source)
1128 {
1129 	nvlist_t *nv;
1130 	char *value;
1131 
1132 	if (nvlist_lookup_nvlist(zhp->zfs_props,
1133 	    zfs_prop_to_name(prop), &nv) == 0) {
1134 		verify(nvlist_lookup_string(nv, ZFS_PROP_VALUE, &value) == 0);
1135 		verify(nvlist_lookup_string(nv, ZFS_PROP_SOURCE, source) == 0);
1136 	} else {
1137 		if ((value = (char *)zfs_prop_default_string(prop)) == NULL)
1138 			value = "";
1139 		*source = "";
1140 	}
1141 
1142 	return (value);
1143 }
1144 
1145 /*
1146  * Internal function for getting a numeric property.  Both zfs_prop_get() and
1147  * zfs_prop_get_int() are built using this interface.
1148  *
1149  * Certain properties can be overridden using 'mount -o'.  In this case, scan
1150  * the contents of the /etc/mnttab entry, searching for the appropriate options.
1151  * If they differ from the on-disk values, report the current values and mark
1152  * the source "temporary".
1153  */
1154 static uint64_t
1155 get_numeric_property(zfs_handle_t *zhp, zfs_prop_t prop, zfs_source_t *src,
1156     char **source)
1157 {
1158 	uint64_t val;
1159 	struct mnttab mnt;
1160 
1161 	*source = NULL;
1162 
1163 	if (zhp->zfs_mntopts == NULL)
1164 		mnt.mnt_mntopts = "";
1165 	else
1166 		mnt.mnt_mntopts = zhp->zfs_mntopts;
1167 
1168 	switch (prop) {
1169 	case ZFS_PROP_ATIME:
1170 		val = getprop_uint64(zhp, prop, source);
1171 
1172 		if (hasmntopt(&mnt, MNTOPT_ATIME) && !val) {
1173 			val = TRUE;
1174 			if (src)
1175 				*src = ZFS_SRC_TEMPORARY;
1176 		} else if (hasmntopt(&mnt, MNTOPT_NOATIME) && val) {
1177 			val = FALSE;
1178 			if (src)
1179 				*src = ZFS_SRC_TEMPORARY;
1180 		}
1181 		return (val);
1182 
1183 	case ZFS_PROP_AVAILABLE:
1184 		return (zhp->zfs_dmustats.dds_available);
1185 
1186 	case ZFS_PROP_DEVICES:
1187 		val = getprop_uint64(zhp, prop, source);
1188 
1189 		if (hasmntopt(&mnt, MNTOPT_DEVICES) && !val) {
1190 			val = TRUE;
1191 			if (src)
1192 				*src = ZFS_SRC_TEMPORARY;
1193 		} else if (hasmntopt(&mnt, MNTOPT_NODEVICES) && val) {
1194 			val = FALSE;
1195 			if (src)
1196 				*src = ZFS_SRC_TEMPORARY;
1197 		}
1198 		return (val);
1199 
1200 	case ZFS_PROP_EXEC:
1201 		val = getprop_uint64(zhp, prop, source);
1202 
1203 		if (hasmntopt(&mnt, MNTOPT_EXEC) && !val) {
1204 			val = TRUE;
1205 			if (src)
1206 				*src = ZFS_SRC_TEMPORARY;
1207 		} else if (hasmntopt(&mnt, MNTOPT_NOEXEC) && val) {
1208 			val = FALSE;
1209 			if (src)
1210 				*src = ZFS_SRC_TEMPORARY;
1211 		}
1212 		return (val);
1213 
1214 	case ZFS_PROP_RECORDSIZE:
1215 	case ZFS_PROP_COMPRESSION:
1216 	case ZFS_PROP_ZONED:
1217 		val = getprop_uint64(zhp, prop, source);
1218 		return (val);
1219 
1220 	case ZFS_PROP_READONLY:
1221 		val = getprop_uint64(zhp, prop, source);
1222 
1223 		if (hasmntopt(&mnt, MNTOPT_RO) && !val) {
1224 			val = TRUE;
1225 			if (src)
1226 				*src = ZFS_SRC_TEMPORARY;
1227 		} else if (hasmntopt(&mnt, MNTOPT_RW) && val) {
1228 			val = FALSE;
1229 			if (src)
1230 				*src = ZFS_SRC_TEMPORARY;
1231 		}
1232 		return (val);
1233 
1234 	case ZFS_PROP_CREATION:
1235 		return (zhp->zfs_dmustats.dds_creation_time);
1236 
1237 	case ZFS_PROP_QUOTA:
1238 		if (zhp->zfs_dmustats.dds_quota == 0)
1239 			*source = "";	/* default */
1240 		else
1241 			*source = zhp->zfs_name;
1242 		return (zhp->zfs_dmustats.dds_quota);
1243 
1244 	case ZFS_PROP_RESERVATION:
1245 		if (zhp->zfs_dmustats.dds_reserved == 0)
1246 			*source = "";	/* default */
1247 		else
1248 			*source = zhp->zfs_name;
1249 		return (zhp->zfs_dmustats.dds_reserved);
1250 
1251 	case ZFS_PROP_COMPRESSRATIO:
1252 		/*
1253 		 * Using physical space and logical space, calculate the
1254 		 * compression ratio.  We return the number as a multiple of
1255 		 * 100, so '2.5x' would be returned as 250.
1256 		 */
1257 		if (zhp->zfs_dmustats.dds_compressed_bytes == 0)
1258 			return (100ULL);
1259 		else
1260 			return (zhp->zfs_dmustats.dds_uncompressed_bytes * 100 /
1261 			    zhp->zfs_dmustats.dds_compressed_bytes);
1262 
1263 	case ZFS_PROP_REFERENCED:
1264 		/*
1265 		 * 'referenced' refers to the amount of physical space
1266 		 * referenced (possibly shared) by this object.
1267 		 */
1268 		return (zhp->zfs_dmustats.dds_space_refd);
1269 
1270 	case ZFS_PROP_SETUID:
1271 		val = getprop_uint64(zhp, prop, source);
1272 
1273 		if (hasmntopt(&mnt, MNTOPT_SETUID) && !val) {
1274 			val = TRUE;
1275 			if (src)
1276 				*src = ZFS_SRC_TEMPORARY;
1277 		} else if (hasmntopt(&mnt, MNTOPT_NOSETUID) && val) {
1278 			val = FALSE;
1279 			if (src)
1280 				*src = ZFS_SRC_TEMPORARY;
1281 		}
1282 		return (val);
1283 
1284 	case ZFS_PROP_VOLSIZE:
1285 		return (zhp->zfs_volsize);
1286 
1287 	case ZFS_PROP_VOLBLOCKSIZE:
1288 		return (zhp->zfs_volblocksize);
1289 
1290 	case ZFS_PROP_USED:
1291 		return (zhp->zfs_dmustats.dds_space_used);
1292 
1293 	case ZFS_PROP_CREATETXG:
1294 		return (zhp->zfs_dmustats.dds_creation_txg);
1295 
1296 	case ZFS_PROP_MOUNTED:
1297 		/*
1298 		 * Unlike other properties, we defer calculation of 'MOUNTED'
1299 		 * until actually requested.  This is because the getmntany()
1300 		 * call can be extremely expensive on systems with a large
1301 		 * number of filesystems, and the property isn't needed in
1302 		 * normal use cases.
1303 		 */
1304 		if (zhp->zfs_mntopts == NULL) {
1305 			struct mnttab search = { 0 }, entry;
1306 
1307 			search.mnt_special = (char *)zhp->zfs_name;
1308 			search.mnt_fstype = MNTTYPE_ZFS;
1309 			rewind(zfs_mnttab());
1310 
1311 			if (getmntany(zfs_mnttab(), &entry, &search) == 0)
1312 				zhp->zfs_mntopts =
1313 				    zfs_strdup(entry.mnt_mntopts);
1314 		}
1315 		return (zhp->zfs_mntopts != NULL);
1316 
1317 	default:
1318 		zfs_baderror(EINVAL);
1319 	}
1320 
1321 	return (0);
1322 }
1323 
1324 /*
1325  * Calculate the source type, given the raw source string.
1326  */
1327 static void
1328 get_source(zfs_handle_t *zhp, zfs_source_t *srctype, char *source,
1329     char *statbuf, size_t statlen)
1330 {
1331 	if (statbuf == NULL || *srctype == ZFS_SRC_TEMPORARY)
1332 		return;
1333 
1334 	if (source == NULL) {
1335 		*srctype = ZFS_SRC_NONE;
1336 	} else if (source[0] == '\0') {
1337 		*srctype = ZFS_SRC_DEFAULT;
1338 	} else {
1339 		if (strcmp(source, zhp->zfs_name) == 0) {
1340 			*srctype = ZFS_SRC_LOCAL;
1341 		} else {
1342 			(void) strlcpy(statbuf, source, statlen);
1343 			*srctype = ZFS_SRC_INHERITED;
1344 		}
1345 	}
1346 
1347 }
1348 
1349 /*
1350  * Retrieve a property from the given object.  If 'literal' is specified, then
1351  * numbers are left as exact values.  Otherwise, numbers are converted to a
1352  * human-readable form.
1353  *
1354  * Returns 0 on success, or -1 on error.
1355  */
1356 int
1357 zfs_prop_get(zfs_handle_t *zhp, zfs_prop_t prop, char *propbuf, size_t proplen,
1358     zfs_source_t *src, char *statbuf, size_t statlen, int literal)
1359 {
1360 	char *source = NULL;
1361 	uint64_t val;
1362 	char *str;
1363 	int i;
1364 	const char *root;
1365 
1366 	/*
1367 	 * Check to see if this property applies to our object
1368 	 */
1369 	if (!zfs_prop_valid_for_type(prop, zhp->zfs_type))
1370 		return (-1);
1371 
1372 	if (src)
1373 		*src = ZFS_SRC_NONE;
1374 
1375 	switch (prop) {
1376 	case ZFS_PROP_ATIME:
1377 	case ZFS_PROP_READONLY:
1378 	case ZFS_PROP_SETUID:
1379 	case ZFS_PROP_ZONED:
1380 	case ZFS_PROP_DEVICES:
1381 	case ZFS_PROP_EXEC:
1382 		/*
1383 		 * Basic boolean values are built on top of
1384 		 * get_numeric_property().
1385 		 */
1386 		nicebool(get_numeric_property(zhp, prop, src, &source),
1387 		    propbuf, proplen);
1388 
1389 		break;
1390 
1391 	case ZFS_PROP_AVAILABLE:
1392 	case ZFS_PROP_RECORDSIZE:
1393 	case ZFS_PROP_CREATETXG:
1394 	case ZFS_PROP_REFERENCED:
1395 	case ZFS_PROP_USED:
1396 	case ZFS_PROP_VOLSIZE:
1397 	case ZFS_PROP_VOLBLOCKSIZE:
1398 		/*
1399 		 * Basic numeric values are built on top of
1400 		 * get_numeric_property().
1401 		 */
1402 		val = get_numeric_property(zhp, prop, src, &source);
1403 		if (literal)
1404 			(void) snprintf(propbuf, proplen, "%llu", val);
1405 		else
1406 			zfs_nicenum(val, propbuf, proplen);
1407 		break;
1408 
1409 	case ZFS_PROP_COMPRESSION:
1410 		val = getprop_uint64(zhp, prop, &source);
1411 		for (i = 0; compress_table[i].name != NULL; i++) {
1412 			if (compress_table[i].value == val)
1413 				break;
1414 		}
1415 		assert(compress_table[i].name != NULL);
1416 		(void) strlcpy(propbuf, compress_table[i].name, proplen);
1417 		break;
1418 
1419 	case ZFS_PROP_CHECKSUM:
1420 		val = getprop_uint64(zhp, prop, &source);
1421 		for (i = 0; checksum_table[i].name != NULL; i++) {
1422 			if (checksum_table[i].value == val)
1423 				break;
1424 		}
1425 		assert(checksum_table[i].name != NULL);
1426 		(void) strlcpy(propbuf, checksum_table[i].name, proplen);
1427 		break;
1428 
1429 	case ZFS_PROP_SNAPDIR:
1430 		val = getprop_uint64(zhp, prop, &source);
1431 		for (i = 0; snapdir_table[i].name != NULL; i++) {
1432 			if (snapdir_table[i].value == val)
1433 				break;
1434 		}
1435 		assert(snapdir_table[i].name != NULL);
1436 		(void) strlcpy(propbuf, snapdir_table[i].name, proplen);
1437 		break;
1438 
1439 	case ZFS_PROP_ACLMODE:
1440 		val = getprop_uint64(zhp, prop, &source);
1441 		for (i = 0; acl_mode_table[i].name != NULL; i++) {
1442 			if (acl_mode_table[i].value == val)
1443 				break;
1444 		}
1445 		assert(acl_mode_table[i].name != NULL);
1446 		(void) strlcpy(propbuf, acl_mode_table[i].name, proplen);
1447 		break;
1448 
1449 	case ZFS_PROP_ACLINHERIT:
1450 		val = getprop_uint64(zhp, prop, &source);
1451 		for (i = 0; acl_inherit_table[i].name != NULL; i++) {
1452 			if (acl_inherit_table[i].value == val)
1453 				break;
1454 		}
1455 		assert(acl_inherit_table[i].name != NULL);
1456 		(void) strlcpy(propbuf, acl_inherit_table[i].name, proplen);
1457 		break;
1458 
1459 	case ZFS_PROP_CREATION:
1460 		/*
1461 		 * 'creation' is a time_t stored in the statistics.  We convert
1462 		 * this into a string unless 'literal' is specified.
1463 		 */
1464 		{
1465 			time_t time = (time_t)
1466 			    zhp->zfs_dmustats.dds_creation_time;
1467 			struct tm t;
1468 
1469 			if (literal ||
1470 			    localtime_r(&time, &t) == NULL ||
1471 			    strftime(propbuf, proplen, "%a %b %e %k:%M %Y",
1472 			    &t) == 0)
1473 				(void) snprintf(propbuf, proplen, "%llu",
1474 				    zhp->zfs_dmustats.dds_creation_time);
1475 		}
1476 		break;
1477 
1478 	case ZFS_PROP_MOUNTPOINT:
1479 		/*
1480 		 * Getting the precise mountpoint can be tricky.
1481 		 *
1482 		 *  - for 'none' or 'legacy', return those values.
1483 		 *  - for default mountpoints, construct it as /zfs/<dataset>
1484 		 *  - for inherited mountpoints, we want to take everything
1485 		 *    after our ancestor and append it to the inherited value.
1486 		 *
1487 		 * If the pool has an alternate root, we want to prepend that
1488 		 * root to any values we return.
1489 		 */
1490 		root = zhp->zfs_root;
1491 		str = getprop_string(zhp, prop, &source);
1492 
1493 		if (str[0] == '\0') {
1494 			(void) snprintf(propbuf, proplen, "%s/zfs/%s",
1495 			    root, zhp->zfs_name);
1496 		} else if (str[0] == '/') {
1497 			const char *relpath = zhp->zfs_name + strlen(source);
1498 
1499 			if (relpath[0] == '/')
1500 				relpath++;
1501 			if (str[1] == '\0')
1502 				str++;
1503 
1504 			if (relpath[0] == '\0')
1505 				(void) snprintf(propbuf, proplen, "%s%s",
1506 				    root, str);
1507 			else
1508 				(void) snprintf(propbuf, proplen, "%s%s%s%s",
1509 				    root, str, relpath[0] == '@' ? "" : "/",
1510 				    relpath);
1511 		} else {
1512 			/* 'legacy' or 'none' */
1513 			(void) strlcpy(propbuf, str, proplen);
1514 		}
1515 
1516 		break;
1517 
1518 	case ZFS_PROP_SHARENFS:
1519 		(void) strlcpy(propbuf, getprop_string(zhp, prop, &source),
1520 		    proplen);
1521 		break;
1522 
1523 	case ZFS_PROP_ORIGIN:
1524 		(void) strlcpy(propbuf, zhp->zfs_dmustats.dds_clone_of,
1525 		    proplen);
1526 		/*
1527 		 * If there is no parent at all, return failure to indicate that
1528 		 * it doesn't apply to this dataset.
1529 		 */
1530 		if (propbuf[0] == '\0')
1531 			return (-1);
1532 		break;
1533 
1534 	case ZFS_PROP_QUOTA:
1535 	case ZFS_PROP_RESERVATION:
1536 		val = get_numeric_property(zhp, prop, src, &source);
1537 
1538 		/*
1539 		 * If quota or reservation is 0, we translate this into 'none'
1540 		 * (unless literal is set), and indicate that it's the default
1541 		 * value.  Otherwise, we print the number nicely and indicate
1542 		 * that its set locally.
1543 		 */
1544 		if (val == 0) {
1545 			if (literal)
1546 				(void) strlcpy(propbuf, "0", proplen);
1547 			else
1548 				(void) strlcpy(propbuf, "none", proplen);
1549 		} else {
1550 			if (literal)
1551 				(void) snprintf(propbuf, proplen, "%llu", val);
1552 			else
1553 				zfs_nicenum(val, propbuf, proplen);
1554 		}
1555 		break;
1556 
1557 	case ZFS_PROP_COMPRESSRATIO:
1558 		val = get_numeric_property(zhp, prop, src, &source);
1559 		(void) snprintf(propbuf, proplen, "%lld.%02lldx", val / 100,
1560 		    val % 100);
1561 		break;
1562 
1563 	case ZFS_PROP_TYPE:
1564 		switch (zhp->zfs_type) {
1565 		case ZFS_TYPE_FILESYSTEM:
1566 			str = "filesystem";
1567 			break;
1568 		case ZFS_TYPE_VOLUME:
1569 			str = "volume";
1570 			break;
1571 		case ZFS_TYPE_SNAPSHOT:
1572 			str = "snapshot";
1573 			break;
1574 		default:
1575 			zfs_baderror(zhp->zfs_type);
1576 		}
1577 		(void) snprintf(propbuf, proplen, "%s", str);
1578 		break;
1579 
1580 	case ZFS_PROP_MOUNTED:
1581 		/*
1582 		 * The 'mounted' property is a pseudo-property that described
1583 		 * whether the filesystem is currently mounted.  Even though
1584 		 * it's a boolean value, the typical values of "on" and "off"
1585 		 * don't make sense, so we translate to "yes" and "no".
1586 		 */
1587 		if (get_numeric_property(zhp, ZFS_PROP_MOUNTED, src, &source))
1588 			(void) strlcpy(propbuf, "yes", proplen);
1589 		else
1590 			(void) strlcpy(propbuf, "no", proplen);
1591 		break;
1592 
1593 	case ZFS_PROP_NAME:
1594 		/*
1595 		 * The 'name' property is a pseudo-property derived from the
1596 		 * dataset name.  It is presented as a real property to simplify
1597 		 * consumers.
1598 		 */
1599 		(void) strlcpy(propbuf, zhp->zfs_name, proplen);
1600 		break;
1601 
1602 	default:
1603 		zfs_baderror(EINVAL);
1604 	}
1605 
1606 	get_source(zhp, src, source, statbuf, statlen);
1607 
1608 	return (0);
1609 }
1610 
1611 /*
1612  * Utility function to get the given numeric property.  Does no validation that
1613  * the given property is the appropriate type; should only be used with
1614  * hard-coded property types.
1615  */
1616 uint64_t
1617 zfs_prop_get_int(zfs_handle_t *zhp, zfs_prop_t prop)
1618 {
1619 	char *source;
1620 	zfs_source_t sourcetype = ZFS_SRC_NONE;
1621 
1622 	return (get_numeric_property(zhp, prop, &sourcetype, &source));
1623 }
1624 
1625 /*
1626  * Similar to zfs_prop_get(), but returns the value as an integer.
1627  */
1628 int
1629 zfs_prop_get_numeric(zfs_handle_t *zhp, zfs_prop_t prop, uint64_t *value,
1630     zfs_source_t *src, char *statbuf, size_t statlen)
1631 {
1632 	char *source;
1633 
1634 	/*
1635 	 * Check to see if this property applies to our object
1636 	 */
1637 	if (!zfs_prop_valid_for_type(prop, zhp->zfs_type))
1638 		return (-1);
1639 
1640 	if (src)
1641 		*src = ZFS_SRC_NONE;
1642 
1643 	*value = get_numeric_property(zhp, prop, src, &source);
1644 
1645 	get_source(zhp, src, source, statbuf, statlen);
1646 
1647 	return (0);
1648 }
1649 
1650 /*
1651  * Returns the name of the given zfs handle.
1652  */
1653 const char *
1654 zfs_get_name(const zfs_handle_t *zhp)
1655 {
1656 	return (zhp->zfs_name);
1657 }
1658 
1659 /*
1660  * Returns the type of the given zfs handle.
1661  */
1662 zfs_type_t
1663 zfs_get_type(const zfs_handle_t *zhp)
1664 {
1665 	return (zhp->zfs_type);
1666 }
1667 
1668 /*
1669  * Iterate over all child filesystems
1670  */
1671 int
1672 zfs_iter_filesystems(zfs_handle_t *zhp, zfs_iter_f func, void *data)
1673 {
1674 	zfs_cmd_t zc = { 0 };
1675 	zfs_handle_t *nzhp;
1676 	int ret;
1677 
1678 	for ((void) strlcpy(zc.zc_name, zhp->zfs_name, sizeof (zc.zc_name));
1679 	    zfs_ioctl(ZFS_IOC_DATASET_LIST_NEXT, &zc) == 0;
1680 	    (void) strlcpy(zc.zc_name, zhp->zfs_name, sizeof (zc.zc_name))) {
1681 		/*
1682 		 * Ignore private dataset names.
1683 		 */
1684 		if (dataset_name_hidden(zc.zc_name))
1685 			continue;
1686 
1687 		/*
1688 		 * Silently ignore errors, as the only plausible explanation is
1689 		 * that the pool has since been removed.
1690 		 */
1691 		if ((nzhp = make_dataset_handle(zc.zc_name)) == NULL)
1692 			continue;
1693 
1694 		if ((ret = func(nzhp, data)) != 0)
1695 			return (ret);
1696 	}
1697 
1698 	/*
1699 	 * An errno value of ESRCH indicates normal completion.  If ENOENT is
1700 	 * returned, then the underlying dataset has been removed since we
1701 	 * obtained the handle.
1702 	 */
1703 	if (errno != ESRCH && errno != ENOENT)
1704 		zfs_baderror(errno);
1705 
1706 	return (0);
1707 }
1708 
1709 /*
1710  * Iterate over all snapshots
1711  */
1712 int
1713 zfs_iter_snapshots(zfs_handle_t *zhp, zfs_iter_f func, void *data)
1714 {
1715 	zfs_cmd_t zc = { 0 };
1716 	zfs_handle_t *nzhp;
1717 	int ret;
1718 
1719 	for ((void) strlcpy(zc.zc_name, zhp->zfs_name, sizeof (zc.zc_name));
1720 	    zfs_ioctl(ZFS_IOC_SNAPSHOT_LIST_NEXT, &zc) == 0;
1721 	    (void) strlcpy(zc.zc_name, zhp->zfs_name, sizeof (zc.zc_name))) {
1722 
1723 		if ((nzhp = make_dataset_handle(zc.zc_name)) == NULL)
1724 			continue;
1725 
1726 		if ((ret = func(nzhp, data)) != 0)
1727 			return (ret);
1728 	}
1729 
1730 	/*
1731 	 * An errno value of ESRCH indicates normal completion.  If ENOENT is
1732 	 * returned, then the underlying dataset has been removed since we
1733 	 * obtained the handle.  Silently ignore this case, and return success.
1734 	 */
1735 	if (errno != ESRCH && errno != ENOENT)
1736 		zfs_baderror(errno);
1737 
1738 	return (0);
1739 }
1740 
1741 /*
1742  * Iterate over all children, snapshots and filesystems
1743  */
1744 int
1745 zfs_iter_children(zfs_handle_t *zhp, zfs_iter_f func, void *data)
1746 {
1747 	int ret;
1748 
1749 	if ((ret = zfs_iter_filesystems(zhp, func, data)) != 0)
1750 		return (ret);
1751 
1752 	return (zfs_iter_snapshots(zhp, func, data));
1753 }
1754 
1755 /*
1756  * Given a complete name, return just the portion that refers to the parent.
1757  * Can return NULL if this is a pool.
1758  */
1759 static int
1760 parent_name(const char *path, char *buf, size_t buflen)
1761 {
1762 	char *loc;
1763 
1764 	if ((loc = strrchr(path, '/')) == NULL)
1765 		return (-1);
1766 
1767 	(void) strncpy(buf, path, MIN(buflen, loc - path));
1768 	buf[loc - path] = '\0';
1769 
1770 	return (0);
1771 }
1772 
1773 /*
1774  * Checks to make sure that the given path has a parent, and that it exists.
1775  */
1776 static int
1777 check_parents(const char *path, zfs_type_t type)
1778 {
1779 	zfs_cmd_t zc = { 0 };
1780 	char parent[ZFS_MAXNAMELEN];
1781 	char *slash;
1782 	zfs_handle_t *zhp;
1783 
1784 	/* get parent, and check to see if this is just a pool */
1785 	if (parent_name(path, parent, sizeof (parent)) != 0) {
1786 		zfs_error(dgettext(TEXT_DOMAIN,
1787 		    "cannot create '%s': missing dataset name"),
1788 		    path, zfs_type_to_name(type));
1789 		zfs_error(dgettext(TEXT_DOMAIN,
1790 		    "use 'zpool create' to create a storage pool"));
1791 		return (-1);
1792 	}
1793 
1794 	/* check to see if the pool exists */
1795 	if ((slash = strchr(parent, '/')) == NULL)
1796 		slash = parent + strlen(parent);
1797 	(void) strncpy(zc.zc_name, parent, slash - parent);
1798 	zc.zc_name[slash - parent] = '\0';
1799 	if (zfs_ioctl(ZFS_IOC_OBJSET_STATS, &zc) != 0 &&
1800 	    errno == ENOENT) {
1801 		zfs_error(dgettext(TEXT_DOMAIN,
1802 		    "cannot create '%s': no such pool '%s'"), path, zc.zc_name);
1803 		return (-1);
1804 	}
1805 
1806 	/* check to see if the parent dataset exists */
1807 	if ((zhp = make_dataset_handle(parent)) == NULL) {
1808 		switch (errno) {
1809 		case ENOENT:
1810 			zfs_error(dgettext(TEXT_DOMAIN,
1811 			    "cannot create '%s': parent does not exist"), path);
1812 			return (-1);
1813 
1814 		default:
1815 			zfs_baderror(errno);
1816 		}
1817 	}
1818 
1819 	/* we are in a non-global zone, but parent is in the global zone */
1820 	if (getzoneid() != GLOBAL_ZONEID &&
1821 	    !zfs_prop_get_int(zhp, ZFS_PROP_ZONED)) {
1822 		zfs_error(dgettext(TEXT_DOMAIN,
1823 		    "cannot create '%s': permission denied"), path);
1824 		zfs_close(zhp);
1825 		return (-1);
1826 	}
1827 
1828 	/* make sure parent is a filesystem */
1829 	if (zfs_get_type(zhp) != ZFS_TYPE_FILESYSTEM) {
1830 		zfs_error(dgettext(TEXT_DOMAIN,
1831 		    "cannot create '%s': parent is not a filesystem"),
1832 		    path);
1833 		zfs_close(zhp);
1834 		return (-1);
1835 	}
1836 
1837 	zfs_close(zhp);
1838 	return (0);
1839 }
1840 
1841 /*
1842  * Create a new filesystem or volume.  'sizestr' and 'blocksizestr' are used
1843  * only for volumes, and indicate the size and blocksize of the volume.
1844  */
1845 int
1846 zfs_create(const char *path, zfs_type_t type,
1847 	const char *sizestr, const char *blocksizestr)
1848 {
1849 	char reason[64];
1850 	zfs_cmd_t zc = { 0 };
1851 	int ret;
1852 	uint64_t size = 0;
1853 	uint64_t blocksize = zfs_prop_default_numeric(ZFS_PROP_VOLBLOCKSIZE);
1854 
1855 	/* convert sizestr into integer size */
1856 	if (sizestr != NULL && nicestrtonum(sizestr, &size,
1857 	    reason, sizeof (reason)) != 0) {
1858 		zfs_error(dgettext(TEXT_DOMAIN,
1859 		    "bad volume size '%s': %s"), sizestr, reason);
1860 		return (-1);
1861 	}
1862 
1863 	/* convert blocksizestr into integer blocksize */
1864 	if (blocksizestr != NULL && nicestrtonum(blocksizestr, &blocksize,
1865 	    reason, sizeof (reason)) != 0) {
1866 		zfs_error(dgettext(TEXT_DOMAIN,
1867 		    "bad volume blocksize '%s': %s"), blocksizestr, reason);
1868 		return (-1);
1869 	}
1870 
1871 	/* validate the path, taking care to note the extended error message */
1872 	if (!zfs_validate_name(path, type, reason, sizeof (reason))) {
1873 		zfs_error(dgettext(TEXT_DOMAIN,
1874 		    "cannot create '%s': %s in %s name"), path, reason,
1875 		    zfs_type_to_name(type));
1876 		if (strstr(reason, "snapshot") != NULL)
1877 			zfs_error(dgettext(TEXT_DOMAIN,
1878 			    "use 'zfs snapshot' to create a snapshot"));
1879 		return (-1);
1880 	}
1881 
1882 	/* validate parents exist */
1883 	if (check_parents(path, type) != 0)
1884 		return (-1);
1885 
1886 	/*
1887 	 * The failure modes when creating a dataset of a different type over
1888 	 * one that already exists is a little strange.  In particular, if you
1889 	 * try to create a dataset on top of an existing dataset, the ioctl()
1890 	 * will return ENOENT, not EEXIST.  To prevent this from happening, we
1891 	 * first try to see if the dataset exists.
1892 	 */
1893 	(void) strlcpy(zc.zc_name, path, sizeof (zc.zc_name));
1894 	if (zfs_ioctl(ZFS_IOC_OBJSET_STATS, &zc) == 0) {
1895 		zfs_error(dgettext(TEXT_DOMAIN,
1896 		    "cannot create '%s': dataset exists"), path);
1897 		return (-1);
1898 	}
1899 
1900 	if (type == ZFS_TYPE_VOLUME)
1901 		zc.zc_objset_type = DMU_OST_ZVOL;
1902 	else
1903 		zc.zc_objset_type = DMU_OST_ZFS;
1904 
1905 	if (type == ZFS_TYPE_VOLUME) {
1906 		/*
1907 		 * If we are creating a volume, the size and block size must
1908 		 * satisfy a few restraints.  First, the blocksize must be a
1909 		 * valid block size between SPA_{MIN,MAX}BLOCKSIZE.  Second, the
1910 		 * volsize must be a multiple of the block size, and cannot be
1911 		 * zero.
1912 		 */
1913 		if (size == 0) {
1914 			zfs_error(dgettext(TEXT_DOMAIN,
1915 			    "bad volume size '%s': cannot be zero"), sizestr);
1916 			return (-1);
1917 		}
1918 
1919 		if (blocksize < SPA_MINBLOCKSIZE ||
1920 		    blocksize > SPA_MAXBLOCKSIZE || !ISP2(blocksize)) {
1921 			zfs_error(dgettext(TEXT_DOMAIN,
1922 			    "bad volume block size '%s': "
1923 			    "must be power of 2 from %u to %uk"),
1924 			    blocksizestr,
1925 			    (uint_t)SPA_MINBLOCKSIZE,
1926 			    (uint_t)SPA_MAXBLOCKSIZE >> 10);
1927 			return (-1);
1928 		}
1929 
1930 		if (size % blocksize != 0) {
1931 			char buf[64];
1932 			zfs_nicenum(blocksize, buf, sizeof (buf));
1933 			zfs_error(dgettext(TEXT_DOMAIN,
1934 			    "bad volume size '%s': "
1935 			    "must be multiple of volume block size (%s)"),
1936 			    sizestr, buf);
1937 			return (-1);
1938 		}
1939 
1940 		zc.zc_volsize = size;
1941 		zc.zc_volblocksize = blocksize;
1942 	}
1943 
1944 	/* create the dataset */
1945 	ret = zfs_ioctl(ZFS_IOC_CREATE, &zc);
1946 
1947 	if (ret == 0 && type == ZFS_TYPE_VOLUME)
1948 		ret = zvol_create_link(path);
1949 
1950 	/* check for failure */
1951 	if (ret != 0) {
1952 		char parent[ZFS_MAXNAMELEN];
1953 		(void) parent_name(path, parent, sizeof (parent));
1954 
1955 		switch (errno) {
1956 		case ENOENT:
1957 			/*
1958 			 * The parent dataset has been deleted since our
1959 			 * previous check.
1960 			 */
1961 			zfs_error(dgettext(TEXT_DOMAIN,
1962 			    "cannot create '%s': no such parent '%s'"),
1963 			    path, parent);
1964 			break;
1965 
1966 		case EPERM:
1967 			/*
1968 			 * The user doesn't have permission to create a new
1969 			 * dataset here.
1970 			 */
1971 			zfs_error(dgettext(TEXT_DOMAIN,
1972 			    "cannot create '%s': permission denied"), path);
1973 			break;
1974 
1975 		case EDQUOT:
1976 		case ENOSPC:
1977 			/*
1978 			 * The parent dataset does not have enough free space
1979 			 * to create a new dataset.
1980 			 */
1981 			zfs_error(dgettext(TEXT_DOMAIN,
1982 			    "cannot create '%s': not enough space in '%s'"),
1983 			    path, parent);
1984 			break;
1985 
1986 		case EEXIST:
1987 			/*
1988 			 * The target dataset already exists.  We should have
1989 			 * caught this above, but there may be some unexplained
1990 			 * race condition.
1991 			 */
1992 			zfs_error(dgettext(TEXT_DOMAIN,
1993 			    "cannot create '%s': dataset exists"), path);
1994 			break;
1995 
1996 		case EINVAL:
1997 			/*
1998 			 * The target dataset does not support children.
1999 			 */
2000 			zfs_error(dgettext(TEXT_DOMAIN,
2001 			    "cannot create '%s': children unsupported in '%s'"),
2002 			    path, parent);
2003 			break;
2004 
2005 		case EDOM:
2006 			zfs_error(dgettext(TEXT_DOMAIN, "bad %s value '%s': "
2007 			    "must be power of 2 from %u to %uk"),
2008 			    zfs_prop_to_name(ZFS_PROP_VOLBLOCKSIZE),
2009 			    blocksizestr ? blocksizestr : "<unknown>",
2010 			    (uint_t)SPA_MINBLOCKSIZE,
2011 			    (uint_t)SPA_MAXBLOCKSIZE >> 10);
2012 			break;
2013 #ifdef _ILP32
2014 		case EOVERFLOW:
2015 			/*
2016 			 * This platform can't address a volume this big.
2017 			 */
2018 			if (type == ZFS_TYPE_VOLUME) {
2019 				zfs_error(dgettext(TEXT_DOMAIN,
2020 				    "cannot create '%s': "
2021 				    "max volume size is 1TB on 32-bit systems"),
2022 				    path);
2023 				break;
2024 			}
2025 #endif
2026 
2027 		default:
2028 			zfs_baderror(errno);
2029 		}
2030 
2031 		return (-1);
2032 	}
2033 
2034 	return (0);
2035 }
2036 
2037 /*
2038  * Destroys the given dataset.  The caller must make sure that the filesystem
2039  * isn't mounted, and that there are no active dependents.
2040  */
2041 int
2042 zfs_destroy(zfs_handle_t *zhp)
2043 {
2044 	zfs_cmd_t zc = { 0 };
2045 	int ret;
2046 
2047 	(void) strlcpy(zc.zc_name, zhp->zfs_name, sizeof (zc.zc_name));
2048 
2049 	/*
2050 	 * We use the check for 'zfs_volblocksize' instead of ZFS_TYPE_VOLUME
2051 	 * so that we do the right thing for snapshots of volumes.
2052 	 */
2053 	if (zhp->zfs_volblocksize != 0) {
2054 		if (zvol_remove_link(zhp->zfs_name) != 0)
2055 			return (-1);
2056 
2057 		zc.zc_objset_type = DMU_OST_ZVOL;
2058 	} else {
2059 		zc.zc_objset_type = DMU_OST_ZFS;
2060 	}
2061 
2062 	ret = zfs_ioctl(ZFS_IOC_DESTROY, &zc);
2063 
2064 	if (ret != 0) {
2065 		switch (errno) {
2066 
2067 		case EPERM:
2068 			/*
2069 			 * We don't have permission to destroy this dataset.
2070 			 */
2071 			zfs_error(dgettext(TEXT_DOMAIN,
2072 			    "cannot destroy '%s': permission denied"),
2073 			    zhp->zfs_name);
2074 			break;
2075 
2076 		case EIO:
2077 			/*
2078 			 * I/O error.
2079 			 */
2080 			zfs_error(dgettext(TEXT_DOMAIN,
2081 			    "cannot destroy '%s': I/O error"),
2082 			    zhp->zfs_name);
2083 			break;
2084 
2085 		case ENOENT:
2086 			/*
2087 			 * We've hit a race condition where the dataset has been
2088 			 * destroyed since we opened it.
2089 			 */
2090 			zfs_error(dgettext(TEXT_DOMAIN,
2091 			    "cannot destroy '%s': no such %s"),
2092 			    zhp->zfs_name, zfs_type_to_name(zhp->zfs_type));
2093 			break;
2094 
2095 		case EBUSY:
2096 			/*
2097 			 * Even if we destroy all children, there is a chance we
2098 			 * can hit this case if:
2099 			 *
2100 			 * 	- A child dataset has since been created
2101 			 * 	- A filesystem is mounted
2102 			 *
2103 			 * This error message is awful, but hopefully we've
2104 			 * already caught the common cases (and aborted more
2105 			 * appropriately) before calling this function.  There's
2106 			 * nothing else we can do at this point.
2107 			 */
2108 			zfs_error(dgettext(TEXT_DOMAIN,
2109 			    "cannot destroy '%s': %s is busy"),
2110 			    zhp->zfs_name, zfs_type_to_name(zhp->zfs_type));
2111 			break;
2112 
2113 		default:
2114 			zfs_baderror(errno);
2115 		}
2116 
2117 		return (-1);
2118 	}
2119 
2120 	remove_mountpoint(zhp);
2121 
2122 	return (0);
2123 }
2124 
2125 /*
2126  * Clones the given dataset.  The target must be of the same type as the source.
2127  */
2128 int
2129 zfs_clone(zfs_handle_t *zhp, const char *target)
2130 {
2131 	char reason[64];
2132 	zfs_cmd_t zc = { 0 };
2133 	char parent[ZFS_MAXNAMELEN];
2134 	int ret;
2135 
2136 	assert(zhp->zfs_type == ZFS_TYPE_SNAPSHOT);
2137 
2138 	/* validate the target name */
2139 	if (!zfs_validate_name(target, ZFS_TYPE_FILESYSTEM, reason,
2140 	    sizeof (reason))) {
2141 		zfs_error(dgettext(TEXT_DOMAIN,
2142 		    "cannot create '%s': %s in filesystem name"), target,
2143 		    reason, zfs_type_to_name(ZFS_TYPE_FILESYSTEM));
2144 		return (-1);
2145 	}
2146 
2147 	/* validate parents exist */
2148 	if (check_parents(target, zhp->zfs_type) != 0)
2149 		return (-1);
2150 
2151 	(void) parent_name(target, parent, sizeof (parent));
2152 
2153 	/* do the clone */
2154 	if (zhp->zfs_volblocksize != 0)
2155 		zc.zc_objset_type = DMU_OST_ZVOL;
2156 	else
2157 		zc.zc_objset_type = DMU_OST_ZFS;
2158 
2159 	(void) strlcpy(zc.zc_name, target, sizeof (zc.zc_name));
2160 	(void) strlcpy(zc.zc_filename, zhp->zfs_name, sizeof (zc.zc_filename));
2161 	ret = zfs_ioctl(ZFS_IOC_CREATE, &zc);
2162 
2163 	if (ret != 0) {
2164 		switch (errno) {
2165 		case EPERM:
2166 			/*
2167 			 * The user doesn't have permission to create the clone.
2168 			 */
2169 			zfs_error(dgettext(TEXT_DOMAIN,
2170 			    "cannot create '%s': permission denied"),
2171 			    target);
2172 			break;
2173 
2174 		case ENOENT:
2175 			/*
2176 			 * The parent doesn't exist.  We should have caught this
2177 			 * above, but there may a race condition that has since
2178 			 * destroyed the parent.
2179 			 *
2180 			 * At this point, we don't know whether it's the source
2181 			 * that doesn't exist anymore, or whether the target
2182 			 * dataset doesn't exist.
2183 			 */
2184 			zfs_error(dgettext(TEXT_DOMAIN,
2185 			    "cannot create '%s': no such parent '%s'"),
2186 			    target, parent);
2187 			break;
2188 
2189 		case EDQUOT:
2190 		case ENOSPC:
2191 			/*
2192 			 * There is not enough space in the target dataset
2193 			 */
2194 			zfs_error(dgettext(TEXT_DOMAIN,
2195 			    "cannot create '%s': not enough space in '%s'"),
2196 			    target, parent);
2197 			break;
2198 
2199 		case EEXIST:
2200 			/*
2201 			 * The target already exists.
2202 			 */
2203 			zfs_error(dgettext(TEXT_DOMAIN,
2204 			    "cannot create '%s': dataset exists"), target);
2205 			break;
2206 
2207 		case EXDEV:
2208 			/*
2209 			 * The source and target pools differ.
2210 			 */
2211 			zfs_error(dgettext(TEXT_DOMAIN, "cannot create '%s': "
2212 			    "source and target pools differ"), target);
2213 			break;
2214 
2215 		default:
2216 			zfs_baderror(errno);
2217 		}
2218 	} else if (zhp->zfs_volblocksize != 0) {
2219 		ret = zvol_create_link(target);
2220 	}
2221 
2222 	return (ret);
2223 }
2224 
2225 /*
2226  * Takes a snapshot of the given dataset
2227  */
2228 int
2229 zfs_snapshot(const char *path)
2230 {
2231 	char reason[64];
2232 	const char *delim;
2233 	char *parent;
2234 	zfs_handle_t *zhp;
2235 	zfs_cmd_t zc = { 0 };
2236 	int ret;
2237 
2238 	/* validate the snapshot name */
2239 	if (!zfs_validate_name(path, ZFS_TYPE_SNAPSHOT, reason,
2240 	    sizeof (reason))) {
2241 		zfs_error(dgettext(TEXT_DOMAIN,
2242 		    "cannot snapshot '%s': %s in snapshot name"), path,
2243 		    reason);
2244 		return (-1);
2245 	}
2246 
2247 	/* make sure we have a snapshot */
2248 	if ((delim = strchr(path, '@')) == NULL) {
2249 		zfs_error(dgettext(TEXT_DOMAIN,
2250 		    "cannot snapshot '%s': missing '@' delim in snapshot "
2251 		    "name"), path);
2252 		zfs_error(dgettext(TEXT_DOMAIN,
2253 		    "use 'zfs create' to create a filesystem"));
2254 		return (-1);
2255 	}
2256 
2257 	/* make sure the parent exists and is of the appropriate type */
2258 	parent = zfs_malloc(delim - path + 1);
2259 	(void) strncpy(parent, path, delim - path);
2260 	parent[delim - path] = '\0';
2261 
2262 	if ((zhp = zfs_open(parent, ZFS_TYPE_FILESYSTEM |
2263 	    ZFS_TYPE_VOLUME)) == NULL) {
2264 		free(parent);
2265 		return (-1);
2266 	}
2267 
2268 	(void) strlcpy(zc.zc_name, path, sizeof (zc.zc_name));
2269 
2270 	if (zhp->zfs_type == ZFS_TYPE_VOLUME)
2271 		zc.zc_objset_type = DMU_OST_ZVOL;
2272 	else
2273 		zc.zc_objset_type = DMU_OST_ZFS;
2274 
2275 	ret = zfs_ioctl(ZFS_IOC_CREATE, &zc);
2276 
2277 	if (ret == 0 && zhp->zfs_type == ZFS_TYPE_VOLUME) {
2278 		ret = zvol_create_link(path);
2279 		if (ret != 0)
2280 			(void) zfs_ioctl(ZFS_IOC_DESTROY, &zc);
2281 	}
2282 
2283 	if (ret != 0) {
2284 		switch (errno) {
2285 		case EPERM:
2286 			/*
2287 			 * User doesn't have permission to create a snapshot
2288 			 */
2289 			zfs_error(dgettext(TEXT_DOMAIN, "cannot create '%s': "
2290 			    "permission denied"), path);
2291 			break;
2292 
2293 		case EDQUOT:
2294 		case ENOSPC:
2295 			/*
2296 			 * Out of space in parent.
2297 			 */
2298 			zfs_error(dgettext(TEXT_DOMAIN, "cannot create '%s': "
2299 			    "not enough space in '%s'"), path, parent);
2300 			break;
2301 
2302 		case EEXIST:
2303 			/*
2304 			 * Snapshot already exists.
2305 			 */
2306 			zfs_error(dgettext(TEXT_DOMAIN, "cannot create '%s': "
2307 			    "snapshot exists"), path);
2308 			break;
2309 
2310 		case ENOENT:
2311 			/*
2312 			 * Shouldn't happen because we verified the parent
2313 			 * above.  But there may be a race condition where it
2314 			 * has since been removed.
2315 			 */
2316 			zfs_error(dgettext(TEXT_DOMAIN, "cannot open '%s': "
2317 			    "no such %s"), parent,
2318 			    zfs_type_to_name(zhp->zfs_type));
2319 			break;
2320 
2321 		default:
2322 			zfs_baderror(errno);
2323 		}
2324 	}
2325 
2326 	free(parent);
2327 	zfs_close(zhp);
2328 
2329 	return (ret);
2330 }
2331 
2332 /*
2333  * Dumps a backup of tosnap, incremental from fromsnap if it isn't NULL.
2334  */
2335 int
2336 zfs_send(zfs_handle_t *zhp_to, zfs_handle_t *zhp_from)
2337 {
2338 	zfs_cmd_t zc = { 0 };
2339 	int ret;
2340 
2341 	/* do the ioctl() */
2342 	(void) strlcpy(zc.zc_name, zhp_to->zfs_name, sizeof (zc.zc_name));
2343 	if (zhp_from) {
2344 		(void) strlcpy(zc.zc_prop_value, zhp_from->zfs_name,
2345 		    sizeof (zc.zc_name));
2346 	} else {
2347 		zc.zc_prop_value[0] = '\0';
2348 	}
2349 	zc.zc_cookie = STDOUT_FILENO;
2350 
2351 	ret = zfs_ioctl(ZFS_IOC_SENDBACKUP, &zc);
2352 	if (ret != 0) {
2353 		switch (errno) {
2354 		case EPERM:
2355 			/*
2356 			 * User doesn't have permission to do a send
2357 			 */
2358 			zfs_error(dgettext(TEXT_DOMAIN, "cannot send '%s': "
2359 			    "permission denied"), zhp_to->zfs_name);
2360 			break;
2361 
2362 		case EXDEV:
2363 			zfs_error(dgettext(TEXT_DOMAIN,
2364 			    "cannot send incremental from %s:\n"
2365 			    "it is not an earlier snapshot from the "
2366 			    "same fs as %s"),
2367 			    zhp_from->zfs_name, zhp_to->zfs_name);
2368 			break;
2369 
2370 		case ENOENT:
2371 			/*
2372 			 * Shouldn't happen because we verified the parent
2373 			 * above.  But there may be a race condition where it
2374 			 * has since been removed.
2375 			 */
2376 			zfs_error(dgettext(TEXT_DOMAIN, "cannot open: "
2377 			    "no such snapshot"));
2378 			break;
2379 
2380 		case EDQUOT:
2381 		case EFBIG:
2382 		case EIO:
2383 		case ENOLINK:
2384 		case ENOSPC:
2385 		case ENOSTR:
2386 		case ENXIO:
2387 		case EPIPE:
2388 		case ERANGE:
2389 		case EFAULT:
2390 		case EROFS:
2391 			zfs_error(dgettext(TEXT_DOMAIN,
2392 			    "cannot write stream: %s"),
2393 			    strerror(errno));
2394 			break;
2395 
2396 		case EINTR:
2397 			zfs_error(dgettext(TEXT_DOMAIN,
2398 			    "send failed: signal received"));
2399 			break;
2400 
2401 		default:
2402 			zfs_baderror(errno);
2403 		}
2404 	}
2405 
2406 	return (ret);
2407 }
2408 
2409 /*
2410  * Restores a backup of tosnap from stdin.
2411  */
2412 int
2413 zfs_receive(const char *tosnap, int isprefix, int verbose, int dryrun)
2414 {
2415 	zfs_cmd_t zc = { 0 };
2416 	time_t begin_time;
2417 	int ioctl_err, err, bytes, size;
2418 	char *cp;
2419 	dmu_replay_record_t drr;
2420 	struct drr_begin *drrb = &zc.zc_begin_record;
2421 
2422 	begin_time = time(NULL);
2423 
2424 	/* trim off snapname, if any */
2425 	(void) strcpy(zc.zc_name, tosnap);
2426 	cp = strchr(zc.zc_name, '@');
2427 	if (cp)
2428 		*cp = '\0';
2429 
2430 	/* read in the BEGIN record */
2431 	cp = (char *)&drr;
2432 	bytes = 0;
2433 	do {
2434 		size = read(STDIN_FILENO, cp, sizeof (drr) - bytes);
2435 		cp += size;
2436 		bytes += size;
2437 	} while (size > 0);
2438 
2439 	if (size < 0 || bytes != sizeof (drr)) {
2440 		zfs_error(dgettext(TEXT_DOMAIN,
2441 		    "cannot receive: invalid stream "
2442 		    "(couldn't read first record)"));
2443 		return (-1);
2444 	}
2445 
2446 	zc.zc_begin_record = drr.drr_u.drr_begin;
2447 
2448 	if (drrb->drr_magic != DMU_BACKUP_MAGIC &&
2449 	    drrb->drr_magic != BSWAP_64(DMU_BACKUP_MAGIC)) {
2450 		zfs_error(dgettext(TEXT_DOMAIN,
2451 		    "cannot receive: invalid stream "
2452 		    "(invalid magic number)"));
2453 		return (-1);
2454 	}
2455 
2456 	if (drrb->drr_version != DMU_BACKUP_VERSION &&
2457 	    drrb->drr_version != BSWAP_64(DMU_BACKUP_VERSION)) {
2458 		if (drrb->drr_magic == BSWAP_64(DMU_BACKUP_MAGIC))
2459 			drrb->drr_version = BSWAP_64(drrb->drr_version);
2460 		zfs_error(dgettext(TEXT_DOMAIN,
2461 		    "cannot receive: only stream version 0x%llx is supported, "
2462 		    "stream is version %llx."),
2463 		    DMU_BACKUP_VERSION, drrb->drr_version);
2464 		return (-1);
2465 	}
2466 
2467 	/*
2468 	 * Determine name of destination snapshot.
2469 	 */
2470 	(void) strcpy(zc.zc_filename, tosnap);
2471 	if (isprefix) {
2472 		if (strchr(tosnap, '@') != NULL) {
2473 			zfs_error(dgettext(TEXT_DOMAIN,
2474 			    "cannot receive: "
2475 			    "argument to -d must be a filesystem"));
2476 			return (-1);
2477 		}
2478 
2479 		cp = strchr(drr.drr_u.drr_begin.drr_toname, '/');
2480 		if (cp == NULL)
2481 			cp = drr.drr_u.drr_begin.drr_toname;
2482 		else
2483 			cp++;
2484 
2485 		(void) strcat(zc.zc_filename, "/");
2486 		(void) strcat(zc.zc_filename, cp);
2487 	} else if (strchr(tosnap, '@') == NULL) {
2488 		/*
2489 		 * they specified just a filesystem; tack on the
2490 		 * snapname from the backup.
2491 		 */
2492 		cp = strchr(drr.drr_u.drr_begin.drr_toname, '@');
2493 		if (cp == NULL || strlen(tosnap) + strlen(cp) >= MAXNAMELEN) {
2494 			zfs_error(dgettext(TEXT_DOMAIN,
2495 			    "cannot receive: invalid snapshot name"));
2496 			return (-1);
2497 		}
2498 		(void) strcat(zc.zc_filename, cp);
2499 	}
2500 
2501 	if (drrb->drr_fromguid) {
2502 		zfs_handle_t *h;
2503 		/* incremental backup stream */
2504 
2505 		/* do the ioctl to the containing fs */
2506 		(void) strcpy(zc.zc_name, zc.zc_filename);
2507 		cp = strchr(zc.zc_name, '@');
2508 		*cp = '\0';
2509 
2510 		/* make sure destination fs exists */
2511 		h = zfs_open(zc.zc_name, ZFS_TYPE_FILESYSTEM | ZFS_TYPE_VOLUME);
2512 		if (h == NULL) {
2513 			zfs_error(dgettext(TEXT_DOMAIN,
2514 			    "cannot receive incrememtal stream: destination\n"
2515 			    "filesystem %s does not exist"),
2516 			    zc.zc_name);
2517 			return (-1);
2518 		}
2519 		if (!dryrun) {
2520 			/* unmount destination fs or remove device link. */
2521 			if (h->zfs_type == ZFS_TYPE_FILESYSTEM) {
2522 				(void) zfs_unmount(h, NULL, 0);
2523 			} else {
2524 				(void) zvol_remove_link(h->zfs_name);
2525 			}
2526 		}
2527 		zfs_close(h);
2528 	} else {
2529 		/* full backup stream */
2530 
2531 		(void) strcpy(zc.zc_name, zc.zc_filename);
2532 
2533 		/* make sure they aren't trying to receive into the root */
2534 		if (strchr(zc.zc_name, '/') == NULL) {
2535 			cp = strchr(zc.zc_name, '@');
2536 			if (cp)
2537 				*cp = '\0';
2538 			zfs_error(dgettext(TEXT_DOMAIN,
2539 			    "cannot receive: destination fs %s already exists"),
2540 			    zc.zc_name);
2541 			return (-1);
2542 		}
2543 
2544 		if (isprefix) {
2545 			zfs_handle_t *h;
2546 
2547 			/* make sure prefix exists */
2548 			h = zfs_open(tosnap, ZFS_TYPE_FILESYSTEM);
2549 			if (h == NULL) {
2550 				zfs_error(dgettext(TEXT_DOMAIN,
2551 				    "cannot receive: "
2552 				    "%s is an invalid destination"),
2553 				    tosnap);
2554 				return (-1);
2555 			}
2556 			zfs_close(h);
2557 
2558 			/* create any necessary ancestors up to prefix */
2559 			zc.zc_objset_type = DMU_OST_ZFS;
2560 
2561 			/*
2562 			 * zc.zc_name is now the full name of the snap
2563 			 * we're restoring into.  Attempt to create,
2564 			 * mount, and share any ancestor filesystems, up
2565 			 * to the one that was named.
2566 			 */
2567 			for (cp = zc.zc_name + strlen(tosnap) + 1;
2568 			    cp = strchr(cp, '/'); *cp = '/', cp++) {
2569 				const char *opname;
2570 				*cp = '\0';
2571 
2572 				opname = "create";
2573 				if (zfs_create(zc.zc_name, ZFS_TYPE_FILESYSTEM,
2574 				    NULL, NULL) != 0) {
2575 					if (errno == EEXIST)
2576 						continue;
2577 					goto ancestorerr;
2578 				}
2579 
2580 				opname = "open";
2581 				h = zfs_open(zc.zc_name, ZFS_TYPE_FILESYSTEM);
2582 				if (h == NULL)
2583 					goto ancestorerr;
2584 
2585 				opname = "mount";
2586 				if (zfs_mount(h, NULL, 0) != 0)
2587 					goto ancestorerr;
2588 
2589 				opname = "share";
2590 				if (zfs_share(h) != 0)
2591 					goto ancestorerr;
2592 
2593 				zfs_close(h);
2594 
2595 				continue;
2596 ancestorerr:
2597 				zfs_error(dgettext(TEXT_DOMAIN,
2598 				    "cannot receive: couldn't %s ancestor %s"),
2599 				    opname, zc.zc_name);
2600 				return (-1);
2601 			}
2602 		}
2603 
2604 		/* Make sure destination fs does not exist */
2605 		cp = strchr(zc.zc_name, '@');
2606 		*cp = '\0';
2607 		if (zfs_ioctl(ZFS_IOC_OBJSET_STATS, &zc) == 0) {
2608 			zfs_error(dgettext(TEXT_DOMAIN,
2609 			    "cannot receive full stream: "
2610 			    "destination filesystem %s already exists"),
2611 			    zc.zc_name);
2612 			return (-1);
2613 		}
2614 
2615 		/* Do the recvbackup ioctl to the fs's parent. */
2616 		cp = strrchr(zc.zc_name, '/');
2617 		*cp = '\0';
2618 	}
2619 
2620 	(void) strcpy(zc.zc_prop_value, tosnap);
2621 	zc.zc_cookie = STDIN_FILENO;
2622 	zc.zc_intsz = isprefix;
2623 	if (verbose) {
2624 		(void) printf("%s %s stream of %s into %s\n",
2625 		    dryrun ? "would receive" : "receiving",
2626 		    drrb->drr_fromguid ? "incremental" : "full",
2627 		    drr.drr_u.drr_begin.drr_toname,
2628 		    zc.zc_filename);
2629 		(void) fflush(stdout);
2630 	}
2631 	if (dryrun)
2632 		return (0);
2633 	err = ioctl_err = zfs_ioctl(ZFS_IOC_RECVBACKUP, &zc);
2634 	if (ioctl_err != 0) {
2635 		switch (errno) {
2636 		case ENODEV:
2637 			zfs_error(dgettext(TEXT_DOMAIN,
2638 			    "cannot receive: "
2639 			    "most recent snapshot does not "
2640 			    "match incremental source"));
2641 			break;
2642 		case ETXTBSY:
2643 			zfs_error(dgettext(TEXT_DOMAIN,
2644 			    "cannot receive: "
2645 			    "destination has been modified since "
2646 			    "most recent snapshot --\n"
2647 			    "use 'zfs rollback' to discard changes"));
2648 			break;
2649 		case EEXIST:
2650 			if (drrb->drr_fromguid == 0) {
2651 				/* it's the containing fs that exists */
2652 				cp = strchr(zc.zc_filename, '@');
2653 				*cp = '\0';
2654 			}
2655 			zfs_error(dgettext(TEXT_DOMAIN,
2656 			    "cannot receive to %s: destination already exists"),
2657 			    zc.zc_filename);
2658 			break;
2659 		case ENOENT:
2660 			zfs_error(dgettext(TEXT_DOMAIN,
2661 			    "cannot receive: destination does not exist"));
2662 			break;
2663 		case EBUSY:
2664 			zfs_error(dgettext(TEXT_DOMAIN,
2665 			    "cannot receive: destination is in use"));
2666 			break;
2667 		case ENOSPC:
2668 			zfs_error(dgettext(TEXT_DOMAIN,
2669 			    "cannot receive: out of space"));
2670 			break;
2671 		case EDQUOT:
2672 			zfs_error(dgettext(TEXT_DOMAIN,
2673 			    "cannot receive: quota exceeded"));
2674 			break;
2675 		case EINTR:
2676 			zfs_error(dgettext(TEXT_DOMAIN,
2677 			    "receive failed: signal received"));
2678 			break;
2679 		case EINVAL:
2680 			zfs_error(dgettext(TEXT_DOMAIN,
2681 			    "cannot receive: invalid stream"));
2682 			break;
2683 		case ECKSUM:
2684 			zfs_error(dgettext(TEXT_DOMAIN,
2685 			    "cannot receive: invalid stream "
2686 			    "(checksum mismatch)"));
2687 			break;
2688 		case EPERM:
2689 			zfs_error(dgettext(TEXT_DOMAIN,
2690 			    "cannot receive: permission denied"));
2691 			break;
2692 		default:
2693 			zfs_baderror(errno);
2694 		}
2695 	}
2696 
2697 	/*
2698 	 * Mount or recreate the /dev links for the target filesystem
2699 	 * (if created, or if we tore them down to do an incremental
2700 	 * restore), and the /dev links for the new snapshot (if
2701 	 * created).
2702 	 */
2703 	cp = strchr(zc.zc_filename, '@');
2704 	if (cp && (ioctl_err == 0 || drrb->drr_fromguid)) {
2705 		zfs_handle_t *h;
2706 
2707 		*cp = '\0';
2708 		h = zfs_open(zc.zc_filename,
2709 		    ZFS_TYPE_FILESYSTEM | ZFS_TYPE_VOLUME);
2710 		*cp = '@';
2711 		if (h) {
2712 			if (h->zfs_type == ZFS_TYPE_FILESYSTEM) {
2713 				err = zfs_mount(h, NULL, 0);
2714 			} else {
2715 				err = zvol_create_link(h->zfs_name);
2716 				if (err == 0 && ioctl_err == 0)
2717 					err = zvol_create_link(zc.zc_filename);
2718 			}
2719 			zfs_close(h);
2720 		}
2721 	}
2722 
2723 	if (err || ioctl_err)
2724 		return (-1);
2725 
2726 	if (verbose) {
2727 		char buf1[64];
2728 		char buf2[64];
2729 		uint64_t bytes = zc.zc_cookie;
2730 		time_t delta = time(NULL) - begin_time;
2731 		if (delta == 0)
2732 			delta = 1;
2733 		zfs_nicenum(bytes, buf1, sizeof (buf1));
2734 		zfs_nicenum(bytes/delta, buf2, sizeof (buf1));
2735 
2736 		(void) printf("received %sb stream in %lu seconds (%sb/sec)\n",
2737 		    buf1, delta, buf2);
2738 	}
2739 	return (0);
2740 }
2741 
2742 /*
2743  * Destroy any more recent snapshots.  We invoke this callback on any dependents
2744  * of the snapshot first.  If the 'cb_dependent' member is non-zero, then this
2745  * is a dependent and we should just destroy it without checking the transaction
2746  * group.
2747  */
2748 typedef struct rollback_data {
2749 	const char	*cb_target;		/* the snapshot */
2750 	uint64_t	cb_create;		/* creation time reference */
2751 	prop_changelist_t *cb_clp;		/* changelist pointer */
2752 	int		cb_error;
2753 	int		cb_dependent;
2754 } rollback_data_t;
2755 
2756 static int
2757 rollback_destroy(zfs_handle_t *zhp, void *data)
2758 {
2759 	rollback_data_t *cbp = data;
2760 
2761 	if (!cbp->cb_dependent) {
2762 		if (strcmp(zhp->zfs_name, cbp->cb_target) != 0 &&
2763 		    zfs_get_type(zhp) == ZFS_TYPE_SNAPSHOT &&
2764 		    zfs_prop_get_int(zhp, ZFS_PROP_CREATETXG) >
2765 		    cbp->cb_create) {
2766 
2767 			cbp->cb_dependent = TRUE;
2768 			(void) zfs_iter_dependents(zhp, rollback_destroy, cbp);
2769 			cbp->cb_dependent = FALSE;
2770 
2771 			if (zfs_destroy(zhp) != 0)
2772 				cbp->cb_error = 1;
2773 			else
2774 				changelist_remove(zhp, cbp->cb_clp);
2775 		}
2776 	} else {
2777 		if (zfs_destroy(zhp) != 0)
2778 			cbp->cb_error = 1;
2779 		else
2780 			changelist_remove(zhp, cbp->cb_clp);
2781 	}
2782 
2783 	zfs_close(zhp);
2784 	return (0);
2785 }
2786 
2787 /*
2788  * Rollback the dataset to its latest snapshot.
2789  */
2790 static int
2791 do_rollback(zfs_handle_t *zhp)
2792 {
2793 	int ret;
2794 	zfs_cmd_t zc = { 0 };
2795 
2796 	assert(zhp->zfs_type == ZFS_TYPE_FILESYSTEM ||
2797 	    zhp->zfs_type == ZFS_TYPE_VOLUME);
2798 
2799 	if (zhp->zfs_type == ZFS_TYPE_VOLUME &&
2800 	    zvol_remove_link(zhp->zfs_name) != 0)
2801 		return (-1);
2802 
2803 	(void) strlcpy(zc.zc_name, zhp->zfs_name, sizeof (zc.zc_name));
2804 
2805 	if (zhp->zfs_volblocksize != 0)
2806 		zc.zc_objset_type = DMU_OST_ZVOL;
2807 	else
2808 		zc.zc_objset_type = DMU_OST_ZFS;
2809 
2810 	/*
2811 	 * We rely on the consumer to verify that there are no newer snapshots
2812 	 * for the given dataset.  Given these constraints, we can simply pass
2813 	 * the name on to the ioctl() call.  There is still an unlikely race
2814 	 * condition where the user has taken a snapshot since we verified that
2815 	 * this was the most recent.
2816 	 */
2817 	if ((ret = zfs_ioctl(ZFS_IOC_ROLLBACK, &zc)) != 0) {
2818 		switch (errno) {
2819 		case EPERM:
2820 			/*
2821 			 * The user doesn't have permission to rollback the
2822 			 * given dataset.
2823 			 */
2824 			zfs_error(dgettext(TEXT_DOMAIN, "cannot rollback '%s': "
2825 			    "permission denied"), zhp->zfs_name);
2826 			break;
2827 
2828 		case EDQUOT:
2829 		case ENOSPC:
2830 			/*
2831 			 * The parent dataset doesn't have enough space to
2832 			 * rollback to the last snapshot.
2833 			 */
2834 			{
2835 				char parent[ZFS_MAXNAMELEN];
2836 				(void) parent_name(zhp->zfs_name, parent,
2837 				    sizeof (parent));
2838 				zfs_error(dgettext(TEXT_DOMAIN, "cannot "
2839 				    "rollback '%s': out of space"), parent);
2840 			}
2841 			break;
2842 
2843 		case ENOENT:
2844 			/*
2845 			 * The dataset doesn't exist.  This shouldn't happen
2846 			 * except in race conditions.
2847 			 */
2848 			zfs_error(dgettext(TEXT_DOMAIN, "cannot rollback '%s': "
2849 			    "no such %s"), zhp->zfs_name,
2850 			    zfs_type_to_name(zhp->zfs_type));
2851 			break;
2852 
2853 		case EBUSY:
2854 			/*
2855 			 * The filesystem is busy.  This should have been caught
2856 			 * by the caller before getting here, but there may be
2857 			 * an unexpected problem.
2858 			 */
2859 			zfs_error(dgettext(TEXT_DOMAIN, "cannot rollback '%s': "
2860 			    "%s is busy"), zhp->zfs_name,
2861 			    zfs_type_to_name(zhp->zfs_type));
2862 			break;
2863 
2864 		default:
2865 			zfs_baderror(errno);
2866 		}
2867 	} else if (zhp->zfs_type == ZFS_TYPE_VOLUME) {
2868 		ret = zvol_create_link(zhp->zfs_name);
2869 	}
2870 
2871 	return (ret);
2872 }
2873 
2874 /*
2875  * Given a dataset, rollback to a specific snapshot, discarding any
2876  * data changes since then and making it the active dataset.
2877  *
2878  * Any snapshots more recent than the target are destroyed, along with
2879  * their dependents.
2880  */
2881 int
2882 zfs_rollback(zfs_handle_t *zhp, zfs_handle_t *snap, int flag)
2883 {
2884 	int ret;
2885 	rollback_data_t cb = { 0 };
2886 	prop_changelist_t *clp;
2887 
2888 	/*
2889 	 * Unmount all dependendents of the dataset and the dataset itself.
2890 	 * The list we need to gather is the same as for doing rename
2891 	 */
2892 	clp = changelist_gather(zhp, ZFS_PROP_NAME, flag ? MS_FORCE: 0);
2893 	if (clp == NULL)
2894 		return (-1);
2895 
2896 	if ((ret = changelist_prefix(clp)) != 0)
2897 		goto out;
2898 
2899 	/*
2900 	 * Destroy all recent snapshots and its dependends.
2901 	 */
2902 	cb.cb_target = snap->zfs_name;
2903 	cb.cb_create = zfs_prop_get_int(snap, ZFS_PROP_CREATETXG);
2904 	cb.cb_clp = clp;
2905 	(void) zfs_iter_children(zhp, rollback_destroy, &cb);
2906 
2907 	if ((ret = cb.cb_error) != 0) {
2908 		(void) changelist_postfix(clp);
2909 		goto out;
2910 	}
2911 
2912 	/*
2913 	 * Now that we have verified that the snapshot is the latest,
2914 	 * rollback to the given snapshot.
2915 	 */
2916 	ret = do_rollback(zhp);
2917 
2918 	if (ret != 0) {
2919 		(void) changelist_postfix(clp);
2920 		goto out;
2921 	}
2922 
2923 	/*
2924 	 * We only want to re-mount the filesystem if it was mounted in the
2925 	 * first place.
2926 	 */
2927 	ret = changelist_postfix(clp);
2928 
2929 out:
2930 	changelist_free(clp);
2931 	return (ret);
2932 }
2933 
2934 /*
2935  * Iterate over all dependents for a given dataset.  This includes both
2936  * hierarchical dependents (children) and data dependents (snapshots and
2937  * clones).  The bulk of the processing occurs in get_dependents() in
2938  * libzfs_graph.c.
2939  */
2940 int
2941 zfs_iter_dependents(zfs_handle_t *zhp, zfs_iter_f func, void *data)
2942 {
2943 	char **dependents;
2944 	size_t count;
2945 	int i;
2946 	zfs_handle_t *child;
2947 	int ret = 0;
2948 
2949 	dependents = get_dependents(zhp->zfs_name, &count);
2950 	for (i = 0; i < count; i++) {
2951 		if ((child = make_dataset_handle(dependents[i])) == NULL)
2952 			continue;
2953 
2954 		if ((ret = func(child, data)) != 0)
2955 			break;
2956 	}
2957 
2958 	for (i = 0; i < count; i++)
2959 		free(dependents[i]);
2960 	free(dependents);
2961 
2962 	return (ret);
2963 }
2964 
2965 /*
2966  * Renames the given dataset.
2967  */
2968 int
2969 zfs_rename(zfs_handle_t *zhp, const char *target)
2970 {
2971 	int ret;
2972 	zfs_cmd_t zc = { 0 };
2973 	char reason[64];
2974 	char *delim;
2975 	prop_changelist_t *cl;
2976 	char parent[ZFS_MAXNAMELEN];
2977 
2978 	(void) strlcpy(zc.zc_name, zhp->zfs_name, sizeof (zc.zc_name));
2979 	(void) strlcpy(zc.zc_prop_value, target, sizeof (zc.zc_prop_value));
2980 
2981 	/* if we have the same exact name, just return success */
2982 	if (strcmp(zhp->zfs_name, target) == 0)
2983 		return (0);
2984 
2985 	/*
2986 	 * Make sure the target name is valid
2987 	 */
2988 	if (!zfs_validate_name(target, zhp->zfs_type, reason,
2989 	    sizeof (reason))) {
2990 		zfs_error(dgettext(TEXT_DOMAIN,
2991 		    "cannot create '%s': %s in %s name"), target, reason,
2992 		    zfs_type_to_name(zhp->zfs_type));
2993 		return (-1);
2994 	}
2995 
2996 	if (zhp->zfs_type == ZFS_TYPE_SNAPSHOT) {
2997 		if ((delim = strchr(target, '@')) == NULL) {
2998 			zfs_error(dgettext(TEXT_DOMAIN,
2999 			    "cannot rename to '%s': not a snapshot"), target);
3000 			return (-1);
3001 		}
3002 
3003 		/*
3004 		 * Make sure we're renaming within the same dataset.
3005 		 */
3006 		if (strncmp(zhp->zfs_name, target, delim - target) != 0 ||
3007 		    zhp->zfs_name[delim - target] != '@') {
3008 			zfs_error(dgettext(TEXT_DOMAIN,
3009 			    "cannot rename to '%s': snapshots must be part "
3010 			    "of same dataset"), target);
3011 			return (-1);
3012 		}
3013 
3014 		(void) strncpy(parent, target, delim - target);
3015 		parent[delim - target] = '\0';
3016 	} else {
3017 		/* validate parents */
3018 		if (check_parents(target, zhp->zfs_type) != 0)
3019 			return (-1);
3020 
3021 		(void) parent_name(target, parent, sizeof (parent));
3022 
3023 		/* make sure we're in the same pool */
3024 		verify((delim = strchr(target, '/')) != NULL);
3025 		if (strncmp(zhp->zfs_name, target, delim - target) != 0 ||
3026 		    zhp->zfs_name[delim - target] != '/') {
3027 			zfs_error(dgettext(TEXT_DOMAIN,
3028 			    "cannot rename to '%s': "
3029 			    "datasets must be within same pool"), target);
3030 			return (-1);
3031 		}
3032 	}
3033 
3034 	if (getzoneid() == GLOBAL_ZONEID &&
3035 	    zfs_prop_get_int(zhp, ZFS_PROP_ZONED)) {
3036 		zfs_error(dgettext(TEXT_DOMAIN, "cannot rename %s, "
3037 		    "dataset is used in a non-global zone"), zhp->zfs_name);
3038 		return (-1);
3039 	}
3040 
3041 	if ((cl = changelist_gather(zhp, ZFS_PROP_NAME, 0)) == NULL)
3042 		return (1);
3043 
3044 	if (changelist_haszonedchild(cl)) {
3045 		zfs_error(dgettext(TEXT_DOMAIN,
3046 		    "cannot rename '%s': child dataset with inherited "
3047 		    "mountpoint is used in a non-global zone"), zhp->zfs_name);
3048 		ret = -1;
3049 		goto error;
3050 	}
3051 
3052 	if ((ret = changelist_prefix(cl)) != 0)
3053 		goto error;
3054 
3055 	if (zhp->zfs_volblocksize != 0)
3056 		zc.zc_objset_type = DMU_OST_ZVOL;
3057 	else
3058 		zc.zc_objset_type = DMU_OST_ZFS;
3059 
3060 	if ((ret = zfs_ioctl(ZFS_IOC_RENAME, &zc)) != 0) {
3061 		switch (errno) {
3062 		case EPERM:
3063 			/*
3064 			 * The user doesn't have permission to rename the
3065 			 * given dataset.
3066 			 */
3067 			zfs_error(dgettext(TEXT_DOMAIN, "cannot rename '%s': "
3068 			    "permission denied"), zhp->zfs_name);
3069 			break;
3070 
3071 		case EDQUOT:
3072 		case ENOSPC:
3073 			/*
3074 			 * Not enough space in the parent dataset.
3075 			 */
3076 			zfs_error(dgettext(TEXT_DOMAIN, "cannot "
3077 			    "rename '%s': not enough space in '%s'"),
3078 			    zhp->zfs_name, parent);
3079 			break;
3080 
3081 		case ENOENT:
3082 			/*
3083 			 * The destination doesn't exist.
3084 			 */
3085 			zfs_error(dgettext(TEXT_DOMAIN, "cannot rename '%s' "
3086 			    "to '%s': destination doesn't exist"),
3087 			    zhp->zfs_name, target);
3088 			break;
3089 
3090 		case EEXIST:
3091 			/*
3092 			 * The destination already exists.
3093 			 */
3094 			zfs_error(dgettext(TEXT_DOMAIN, "cannot rename '%s' "
3095 			    "to '%s': destination already exists"),
3096 			    zhp->zfs_name, target);
3097 			break;
3098 
3099 		case EBUSY:
3100 			/*
3101 			 * The filesystem is busy.  This should have been caught
3102 			 * by the caller before getting here, but there may be
3103 			 * an unexpected problem.
3104 			 */
3105 			zfs_error(dgettext(TEXT_DOMAIN, "cannot rename '%s': "
3106 			    "%s is busy"), zhp->zfs_name,
3107 			    zfs_type_to_name(zhp->zfs_type));
3108 			break;
3109 
3110 		default:
3111 			zfs_baderror(errno);
3112 		}
3113 
3114 		/*
3115 		 * On failure, we still want to remount any filesystems that
3116 		 * were previously mounted, so we don't alter the system state.
3117 		 */
3118 		(void) changelist_postfix(cl);
3119 	} else {
3120 		changelist_rename(cl, zfs_get_name(zhp), target);
3121 
3122 		ret = changelist_postfix(cl);
3123 	}
3124 
3125 error:
3126 	changelist_free(cl);
3127 	return (ret);
3128 }
3129 
3130 /*
3131  * Given a zvol dataset, issue the ioctl to create the appropriate minor node,
3132  * poke devfsadm to create the /dev link, and then wait for the link to appear.
3133  */
3134 int
3135 zvol_create_link(const char *dataset)
3136 {
3137 	zfs_cmd_t zc = { 0 };
3138 	di_devlink_handle_t hdl;
3139 
3140 	(void) strlcpy(zc.zc_name, dataset, sizeof (zc.zc_name));
3141 
3142 	/*
3143 	 * Issue the appropriate ioctl.
3144 	 */
3145 	if (zfs_ioctl(ZFS_IOC_CREATE_MINOR, &zc) != 0) {
3146 		switch (errno) {
3147 		case EPERM:
3148 			zfs_error(dgettext(TEXT_DOMAIN, "cannot create "
3149 			    "device links for '%s': permission denied"),
3150 			    dataset);
3151 			break;
3152 
3153 		case EEXIST:
3154 			/*
3155 			 * Silently ignore the case where the link already
3156 			 * exists.  This allows 'zfs volinit' to be run multiple
3157 			 * times without errors.
3158 			 */
3159 			return (0);
3160 
3161 		default:
3162 			zfs_baderror(errno);
3163 		}
3164 
3165 		return (-1);
3166 	}
3167 
3168 	/*
3169 	 * Call devfsadm and wait for the links to magically appear.
3170 	 */
3171 	if ((hdl = di_devlink_init(ZFS_DRIVER, DI_MAKE_LINK)) == NULL) {
3172 		zfs_error(dgettext(TEXT_DOMAIN,
3173 		    "cannot create device links for '%s'"), dataset);
3174 		(void) zfs_ioctl(ZFS_IOC_REMOVE_MINOR, &zc);
3175 		return (-1);
3176 	} else {
3177 		(void) di_devlink_fini(&hdl);
3178 	}
3179 
3180 	return (0);
3181 }
3182 
3183 /*
3184  * Remove a minor node for the given zvol and the associated /dev links.
3185  */
3186 int
3187 zvol_remove_link(const char *dataset)
3188 {
3189 	zfs_cmd_t zc = { 0 };
3190 
3191 	(void) strlcpy(zc.zc_name, dataset, sizeof (zc.zc_name));
3192 
3193 	if (zfs_ioctl(ZFS_IOC_REMOVE_MINOR, &zc) != 0) {
3194 		switch (errno) {
3195 		case EPERM:
3196 			zfs_error(dgettext(TEXT_DOMAIN, "cannot remove "
3197 			    "device links for '%s': permission denied"),
3198 			    dataset);
3199 			break;
3200 
3201 		case EBUSY:
3202 			zfs_error(dgettext(TEXT_DOMAIN, "cannot remove "
3203 			    "device links for '%s': volume is in use"),
3204 			    dataset);
3205 			break;
3206 
3207 		case ENXIO:
3208 			/*
3209 			 * Silently ignore the case where the link no longer
3210 			 * exists, so that 'zfs volfini' can be run multiple
3211 			 * times without errors.
3212 			 */
3213 			return (0);
3214 
3215 		default:
3216 			zfs_baderror(errno);
3217 		}
3218 
3219 		return (-1);
3220 	}
3221 
3222 	return (0);
3223 }
3224