xref: /titanic_52/usr/src/lib/libzfs/common/libzfs_dataset.c (revision ecd6cf800b63704be73fb264c3f5b6e0dafc068d)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 
22 /*
23  * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
24  * Use is subject to license terms.
25  */
26 
27 #pragma ident	"%Z%%M%	%I%	%E% SMI"
28 
29 #include <assert.h>
30 #include <ctype.h>
31 #include <errno.h>
32 #include <libdevinfo.h>
33 #include <libintl.h>
34 #include <math.h>
35 #include <stdio.h>
36 #include <stdlib.h>
37 #include <strings.h>
38 #include <unistd.h>
39 #include <zone.h>
40 #include <fcntl.h>
41 #include <sys/mntent.h>
42 #include <sys/mnttab.h>
43 #include <sys/mount.h>
44 #include <sys/avl.h>
45 #include <priv.h>
46 #include <pwd.h>
47 #include <grp.h>
48 #include <stddef.h>
49 #include <ucred.h>
50 
51 #include <sys/spa.h>
52 #include <sys/zio.h>
53 #include <sys/zap.h>
54 #include <libzfs.h>
55 
56 #include "zfs_namecheck.h"
57 #include "zfs_prop.h"
58 #include "libzfs_impl.h"
59 #include "zfs_deleg.h"
60 
61 static int create_parents(libzfs_handle_t *, char *, int);
62 static int zvol_create_link_common(libzfs_handle_t *, const char *, int);
63 
64 /*
65  * Given a single type (not a mask of types), return the type in a human
66  * readable form.
67  */
68 const char *
69 zfs_type_to_name(zfs_type_t type)
70 {
71 	switch (type) {
72 	case ZFS_TYPE_FILESYSTEM:
73 		return (dgettext(TEXT_DOMAIN, "filesystem"));
74 	case ZFS_TYPE_SNAPSHOT:
75 		return (dgettext(TEXT_DOMAIN, "snapshot"));
76 	case ZFS_TYPE_VOLUME:
77 		return (dgettext(TEXT_DOMAIN, "volume"));
78 	}
79 
80 	return (NULL);
81 }
82 
83 /*
84  * Given a path and mask of ZFS types, return a string describing this dataset.
85  * This is used when we fail to open a dataset and we cannot get an exact type.
86  * We guess what the type would have been based on the path and the mask of
87  * acceptable types.
88  */
89 static const char *
90 path_to_str(const char *path, int types)
91 {
92 	/*
93 	 * When given a single type, always report the exact type.
94 	 */
95 	if (types == ZFS_TYPE_SNAPSHOT)
96 		return (dgettext(TEXT_DOMAIN, "snapshot"));
97 	if (types == ZFS_TYPE_FILESYSTEM)
98 		return (dgettext(TEXT_DOMAIN, "filesystem"));
99 	if (types == ZFS_TYPE_VOLUME)
100 		return (dgettext(TEXT_DOMAIN, "volume"));
101 
102 	/*
103 	 * The user is requesting more than one type of dataset.  If this is the
104 	 * case, consult the path itself.  If we're looking for a snapshot, and
105 	 * a '@' is found, then report it as "snapshot".  Otherwise, remove the
106 	 * snapshot attribute and try again.
107 	 */
108 	if (types & ZFS_TYPE_SNAPSHOT) {
109 		if (strchr(path, '@') != NULL)
110 			return (dgettext(TEXT_DOMAIN, "snapshot"));
111 		return (path_to_str(path, types & ~ZFS_TYPE_SNAPSHOT));
112 	}
113 
114 
115 	/*
116 	 * The user has requested either filesystems or volumes.
117 	 * We have no way of knowing a priori what type this would be, so always
118 	 * report it as "filesystem" or "volume", our two primitive types.
119 	 */
120 	if (types & ZFS_TYPE_FILESYSTEM)
121 		return (dgettext(TEXT_DOMAIN, "filesystem"));
122 
123 	assert(types & ZFS_TYPE_VOLUME);
124 	return (dgettext(TEXT_DOMAIN, "volume"));
125 }
126 
127 /*
128  * Validate a ZFS path.  This is used even before trying to open the dataset, to
129  * provide a more meaningful error message.  We place a more useful message in
130  * 'buf' detailing exactly why the name was not valid.
131  */
132 static int
133 zfs_validate_name(libzfs_handle_t *hdl, const char *path, int type)
134 {
135 	namecheck_err_t why;
136 	char what;
137 
138 	if (dataset_namecheck(path, &why, &what) != 0) {
139 		if (hdl != NULL) {
140 			switch (why) {
141 			case NAME_ERR_TOOLONG:
142 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
143 				    "name is too long"));
144 				break;
145 
146 			case NAME_ERR_LEADING_SLASH:
147 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
148 				    "leading slash in name"));
149 				break;
150 
151 			case NAME_ERR_EMPTY_COMPONENT:
152 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
153 				    "empty component in name"));
154 				break;
155 
156 			case NAME_ERR_TRAILING_SLASH:
157 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
158 				    "trailing slash in name"));
159 				break;
160 
161 			case NAME_ERR_INVALCHAR:
162 				zfs_error_aux(hdl,
163 				    dgettext(TEXT_DOMAIN, "invalid character "
164 				    "'%c' in name"), what);
165 				break;
166 
167 			case NAME_ERR_MULTIPLE_AT:
168 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
169 				    "multiple '@' delimiters in name"));
170 				break;
171 
172 			case NAME_ERR_NOLETTER:
173 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
174 				    "pool doesn't begin with a letter"));
175 				break;
176 
177 			case NAME_ERR_RESERVED:
178 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
179 				    "name is reserved"));
180 				break;
181 
182 			case NAME_ERR_DISKLIKE:
183 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
184 				    "reserved disk name"));
185 				break;
186 			}
187 		}
188 
189 		return (0);
190 	}
191 
192 	if (!(type & ZFS_TYPE_SNAPSHOT) && strchr(path, '@') != NULL) {
193 		if (hdl != NULL)
194 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
195 			    "snapshot delimiter '@' in filesystem name"));
196 		return (0);
197 	}
198 
199 	if (type == ZFS_TYPE_SNAPSHOT && strchr(path, '@') == NULL) {
200 		if (hdl != NULL)
201 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
202 			    "missing '@' delimiter in snapshot name"));
203 		return (0);
204 	}
205 
206 	return (-1);
207 }
208 
209 int
210 zfs_name_valid(const char *name, zfs_type_t type)
211 {
212 	return (zfs_validate_name(NULL, name, type));
213 }
214 
215 /*
216  * This function takes the raw DSL properties, and filters out the user-defined
217  * properties into a separate nvlist.
218  */
219 static nvlist_t *
220 process_user_props(zfs_handle_t *zhp, nvlist_t *props)
221 {
222 	libzfs_handle_t *hdl = zhp->zfs_hdl;
223 	nvpair_t *elem;
224 	nvlist_t *propval;
225 	nvlist_t *nvl;
226 
227 	if (nvlist_alloc(&nvl, NV_UNIQUE_NAME, 0) != 0) {
228 		(void) no_memory(hdl);
229 		return (NULL);
230 	}
231 
232 	elem = NULL;
233 	while ((elem = nvlist_next_nvpair(props, elem)) != NULL) {
234 		if (!zfs_prop_user(nvpair_name(elem)))
235 			continue;
236 
237 		verify(nvpair_value_nvlist(elem, &propval) == 0);
238 		if (nvlist_add_nvlist(nvl, nvpair_name(elem), propval) != 0) {
239 			nvlist_free(nvl);
240 			(void) no_memory(hdl);
241 			return (NULL);
242 		}
243 	}
244 
245 	return (nvl);
246 }
247 
248 /*
249  * Utility function to gather stats (objset and zpl) for the given object.
250  */
251 static int
252 get_stats(zfs_handle_t *zhp)
253 {
254 	zfs_cmd_t zc = { 0 };
255 	libzfs_handle_t *hdl = zhp->zfs_hdl;
256 	nvlist_t *allprops, *userprops;
257 
258 	(void) strlcpy(zc.zc_name, zhp->zfs_name, sizeof (zc.zc_name));
259 
260 	if (zcmd_alloc_dst_nvlist(hdl, &zc, 0) != 0)
261 		return (-1);
262 
263 	while (ioctl(zhp->zfs_hdl->libzfs_fd, ZFS_IOC_OBJSET_STATS, &zc) != 0) {
264 		if (errno == ENOMEM) {
265 			if (zcmd_expand_dst_nvlist(hdl, &zc) != 0) {
266 				zcmd_free_nvlists(&zc);
267 				return (-1);
268 			}
269 		} else {
270 			zcmd_free_nvlists(&zc);
271 			return (-1);
272 		}
273 	}
274 
275 	zhp->zfs_dmustats = zc.zc_objset_stats; /* structure assignment */
276 
277 	(void) strlcpy(zhp->zfs_root, zc.zc_value, sizeof (zhp->zfs_root));
278 
279 	if (zcmd_read_dst_nvlist(hdl, &zc, &allprops) != 0) {
280 		zcmd_free_nvlists(&zc);
281 		return (-1);
282 	}
283 
284 	zcmd_free_nvlists(&zc);
285 
286 	if ((userprops = process_user_props(zhp, allprops)) == NULL) {
287 		nvlist_free(allprops);
288 		return (-1);
289 	}
290 
291 	nvlist_free(zhp->zfs_props);
292 	nvlist_free(zhp->zfs_user_props);
293 
294 	zhp->zfs_props = allprops;
295 	zhp->zfs_user_props = userprops;
296 
297 	return (0);
298 }
299 
300 /*
301  * Refresh the properties currently stored in the handle.
302  */
303 void
304 zfs_refresh_properties(zfs_handle_t *zhp)
305 {
306 	(void) get_stats(zhp);
307 }
308 
309 /*
310  * Makes a handle from the given dataset name.  Used by zfs_open() and
311  * zfs_iter_* to create child handles on the fly.
312  */
313 zfs_handle_t *
314 make_dataset_handle(libzfs_handle_t *hdl, const char *path)
315 {
316 	zfs_handle_t *zhp = calloc(sizeof (zfs_handle_t), 1);
317 	char *logstr;
318 
319 	if (zhp == NULL)
320 		return (NULL);
321 
322 	zhp->zfs_hdl = hdl;
323 
324 	/*
325 	 * Preserve history log string.
326 	 * any changes performed here will be
327 	 * logged as an internal event.
328 	 */
329 	logstr = zhp->zfs_hdl->libzfs_log_str;
330 	zhp->zfs_hdl->libzfs_log_str = NULL;
331 top:
332 	(void) strlcpy(zhp->zfs_name, path, sizeof (zhp->zfs_name));
333 
334 	if (get_stats(zhp) != 0) {
335 		zhp->zfs_hdl->libzfs_log_str = logstr;
336 		free(zhp);
337 		return (NULL);
338 	}
339 
340 	if (zhp->zfs_dmustats.dds_inconsistent) {
341 		zfs_cmd_t zc = { 0 };
342 
343 		/*
344 		 * If it is dds_inconsistent, then we've caught it in
345 		 * the middle of a 'zfs receive' or 'zfs destroy', and
346 		 * it is inconsistent from the ZPL's point of view, so
347 		 * can't be mounted.  However, it could also be that we
348 		 * have crashed in the middle of one of those
349 		 * operations, in which case we need to get rid of the
350 		 * inconsistent state.  We do that by either rolling
351 		 * back to the previous snapshot (which will fail if
352 		 * there is none), or destroying the filesystem.  Note
353 		 * that if we are still in the middle of an active
354 		 * 'receive' or 'destroy', then the rollback and destroy
355 		 * will fail with EBUSY and we will drive on as usual.
356 		 */
357 
358 		(void) strlcpy(zc.zc_name, zhp->zfs_name, sizeof (zc.zc_name));
359 
360 		if (zhp->zfs_dmustats.dds_type == DMU_OST_ZVOL) {
361 			(void) zvol_remove_link(hdl, zhp->zfs_name);
362 			zc.zc_objset_type = DMU_OST_ZVOL;
363 		} else {
364 			zc.zc_objset_type = DMU_OST_ZFS;
365 		}
366 
367 		/* If we can successfully roll it back, reget the stats */
368 		if (ioctl(hdl->libzfs_fd, ZFS_IOC_ROLLBACK, &zc) == 0)
369 			goto top;
370 		/*
371 		 * If we can sucessfully destroy it, pretend that it
372 		 * never existed.
373 		 */
374 		if (ioctl(hdl->libzfs_fd, ZFS_IOC_DESTROY, &zc) == 0) {
375 			zhp->zfs_hdl->libzfs_log_str = logstr;
376 			free(zhp);
377 			errno = ENOENT;
378 			return (NULL);
379 		}
380 	}
381 
382 	/*
383 	 * We've managed to open the dataset and gather statistics.  Determine
384 	 * the high-level type.
385 	 */
386 	if (zhp->zfs_dmustats.dds_type == DMU_OST_ZVOL)
387 		zhp->zfs_head_type = ZFS_TYPE_VOLUME;
388 	else if (zhp->zfs_dmustats.dds_type == DMU_OST_ZFS)
389 		zhp->zfs_head_type = ZFS_TYPE_FILESYSTEM;
390 	else
391 		abort();
392 
393 	if (zhp->zfs_dmustats.dds_is_snapshot)
394 		zhp->zfs_type = ZFS_TYPE_SNAPSHOT;
395 	else if (zhp->zfs_dmustats.dds_type == DMU_OST_ZVOL)
396 		zhp->zfs_type = ZFS_TYPE_VOLUME;
397 	else if (zhp->zfs_dmustats.dds_type == DMU_OST_ZFS)
398 		zhp->zfs_type = ZFS_TYPE_FILESYSTEM;
399 	else
400 		abort();	/* we should never see any other types */
401 
402 	zhp->zfs_hdl->libzfs_log_str = logstr;
403 	return (zhp);
404 }
405 
406 /*
407  * Opens the given snapshot, filesystem, or volume.   The 'types'
408  * argument is a mask of acceptable types.  The function will print an
409  * appropriate error message and return NULL if it can't be opened.
410  */
411 zfs_handle_t *
412 zfs_open(libzfs_handle_t *hdl, const char *path, int types)
413 {
414 	zfs_handle_t *zhp;
415 	char errbuf[1024];
416 
417 	(void) snprintf(errbuf, sizeof (errbuf),
418 	    dgettext(TEXT_DOMAIN, "cannot open '%s'"), path);
419 
420 	/*
421 	 * Validate the name before we even try to open it.
422 	 */
423 	if (!zfs_validate_name(hdl, path, ZFS_TYPE_ANY)) {
424 		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
425 		    "invalid dataset name"));
426 		(void) zfs_error(hdl, EZFS_INVALIDNAME, errbuf);
427 		return (NULL);
428 	}
429 
430 	/*
431 	 * Try to get stats for the dataset, which will tell us if it exists.
432 	 */
433 	errno = 0;
434 	if ((zhp = make_dataset_handle(hdl, path)) == NULL) {
435 		(void) zfs_standard_error(hdl, errno, errbuf);
436 		return (NULL);
437 	}
438 
439 	if (!(types & zhp->zfs_type)) {
440 		(void) zfs_error(hdl, EZFS_BADTYPE, errbuf);
441 		zfs_close(zhp);
442 		return (NULL);
443 	}
444 
445 	return (zhp);
446 }
447 
448 /*
449  * Release a ZFS handle.  Nothing to do but free the associated memory.
450  */
451 void
452 zfs_close(zfs_handle_t *zhp)
453 {
454 	if (zhp->zfs_mntopts)
455 		free(zhp->zfs_mntopts);
456 	nvlist_free(zhp->zfs_props);
457 	nvlist_free(zhp->zfs_user_props);
458 	free(zhp);
459 }
460 
461 /*
462  * Given a numeric suffix, convert the value into a number of bits that the
463  * resulting value must be shifted.
464  */
465 static int
466 str2shift(libzfs_handle_t *hdl, const char *buf)
467 {
468 	const char *ends = "BKMGTPEZ";
469 	int i;
470 
471 	if (buf[0] == '\0')
472 		return (0);
473 	for (i = 0; i < strlen(ends); i++) {
474 		if (toupper(buf[0]) == ends[i])
475 			break;
476 	}
477 	if (i == strlen(ends)) {
478 		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
479 		    "invalid numeric suffix '%s'"), buf);
480 		return (-1);
481 	}
482 
483 	/*
484 	 * We want to allow trailing 'b' characters for 'GB' or 'Mb'.  But don't
485 	 * allow 'BB' - that's just weird.
486 	 */
487 	if (buf[1] == '\0' || (toupper(buf[1]) == 'B' && buf[2] == '\0' &&
488 	    toupper(buf[0]) != 'B'))
489 		return (10*i);
490 
491 	zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
492 	    "invalid numeric suffix '%s'"), buf);
493 	return (-1);
494 }
495 
496 /*
497  * Convert a string of the form '100G' into a real number.  Used when setting
498  * properties or creating a volume.  'buf' is used to place an extended error
499  * message for the caller to use.
500  */
501 static int
502 nicestrtonum(libzfs_handle_t *hdl, const char *value, uint64_t *num)
503 {
504 	char *end;
505 	int shift;
506 
507 	*num = 0;
508 
509 	/* Check to see if this looks like a number.  */
510 	if ((value[0] < '0' || value[0] > '9') && value[0] != '.') {
511 		if (hdl)
512 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
513 			    "bad numeric value '%s'"), value);
514 		return (-1);
515 	}
516 
517 	/* Rely on stroll() to process the numeric portion.  */
518 	errno = 0;
519 	*num = strtoll(value, &end, 10);
520 
521 	/*
522 	 * Check for ERANGE, which indicates that the value is too large to fit
523 	 * in a 64-bit value.
524 	 */
525 	if (errno == ERANGE) {
526 		if (hdl)
527 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
528 			    "numeric value is too large"));
529 		return (-1);
530 	}
531 
532 	/*
533 	 * If we have a decimal value, then do the computation with floating
534 	 * point arithmetic.  Otherwise, use standard arithmetic.
535 	 */
536 	if (*end == '.') {
537 		double fval = strtod(value, &end);
538 
539 		if ((shift = str2shift(hdl, end)) == -1)
540 			return (-1);
541 
542 		fval *= pow(2, shift);
543 
544 		if (fval > UINT64_MAX) {
545 			if (hdl)
546 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
547 				    "numeric value is too large"));
548 			return (-1);
549 		}
550 
551 		*num = (uint64_t)fval;
552 	} else {
553 		if ((shift = str2shift(hdl, end)) == -1)
554 			return (-1);
555 
556 		/* Check for overflow */
557 		if (shift >= 64 || (*num << shift) >> shift != *num) {
558 			if (hdl)
559 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
560 				    "numeric value is too large"));
561 			return (-1);
562 		}
563 
564 		*num <<= shift;
565 	}
566 
567 	return (0);
568 }
569 
570 int
571 zfs_nicestrtonum(libzfs_handle_t *hdl, const char *str, uint64_t *val)
572 {
573 	return (nicestrtonum(hdl, str, val));
574 }
575 
576 /*
577  * The prop_parse_*() functions are designed to allow flexibility in callers
578  * when setting properties.  At the DSL layer, all properties are either 64-bit
579  * numbers or strings.  We want the user to be able to ignore this fact and
580  * specify properties as native values (boolean, for example) or as strings (to
581  * simplify command line utilities).  This also handles converting index types
582  * (compression, checksum, etc) from strings to their on-disk index.
583  */
584 
585 static int
586 prop_parse_boolean(libzfs_handle_t *hdl, nvpair_t *elem, uint64_t *val)
587 {
588 	uint64_t ret;
589 
590 	switch (nvpair_type(elem)) {
591 	case DATA_TYPE_STRING:
592 		{
593 			char *value;
594 			verify(nvpair_value_string(elem, &value) == 0);
595 
596 			if (strcmp(value, "on") == 0) {
597 				ret = 1;
598 			} else if (strcmp(value, "off") == 0) {
599 				ret = 0;
600 			} else {
601 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
602 				    "property '%s' must be 'on' or 'off'"),
603 				    nvpair_name(elem));
604 				return (-1);
605 			}
606 			break;
607 		}
608 
609 	case DATA_TYPE_UINT64:
610 		{
611 			verify(nvpair_value_uint64(elem, &ret) == 0);
612 			if (ret > 1) {
613 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
614 				    "'%s' must be a boolean value"),
615 				    nvpair_name(elem));
616 				return (-1);
617 			}
618 			break;
619 		}
620 
621 	case DATA_TYPE_BOOLEAN_VALUE:
622 		{
623 			boolean_t value;
624 			verify(nvpair_value_boolean_value(elem, &value) == 0);
625 			ret = value;
626 			break;
627 		}
628 
629 	default:
630 		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
631 		    "'%s' must be a boolean value"),
632 		    nvpair_name(elem));
633 		return (-1);
634 	}
635 
636 	*val = ret;
637 	return (0);
638 }
639 
640 static int
641 prop_parse_number(libzfs_handle_t *hdl, nvpair_t *elem, zfs_prop_t prop,
642     uint64_t *val)
643 {
644 	uint64_t ret;
645 	boolean_t isnone = B_FALSE;
646 
647 	switch (nvpair_type(elem)) {
648 	case DATA_TYPE_STRING:
649 		{
650 			char *value;
651 			(void) nvpair_value_string(elem, &value);
652 			if (strcmp(value, "none") == 0) {
653 				isnone = B_TRUE;
654 				ret = 0;
655 			} else if (nicestrtonum(hdl, value, &ret) != 0) {
656 				return (-1);
657 			}
658 			break;
659 		}
660 
661 	case DATA_TYPE_UINT64:
662 		(void) nvpair_value_uint64(elem, &ret);
663 		break;
664 
665 	default:
666 		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
667 		    "'%s' must be a number"),
668 		    nvpair_name(elem));
669 		return (-1);
670 	}
671 
672 	/*
673 	 * Quota special: force 'none' and don't allow 0.
674 	 */
675 	if (ret == 0 && !isnone && prop == ZFS_PROP_QUOTA) {
676 		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
677 		    "use 'none' to disable quota"));
678 		return (-1);
679 	}
680 
681 	*val = ret;
682 	return (0);
683 }
684 
685 static int
686 prop_parse_index(libzfs_handle_t *hdl, nvpair_t *elem, zfs_prop_t prop,
687     uint64_t *val)
688 {
689 	char *propname = nvpair_name(elem);
690 	char *value;
691 
692 	if (nvpair_type(elem) != DATA_TYPE_STRING) {
693 		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
694 		    "'%s' must be a string"), propname);
695 		return (-1);
696 	}
697 
698 	(void) nvpair_value_string(elem, &value);
699 
700 	if (zfs_prop_string_to_index(prop, value, val) != 0) {
701 		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
702 		    "'%s' must be one of '%s'"), propname,
703 		    zfs_prop_values(prop));
704 		return (-1);
705 	}
706 
707 	return (0);
708 }
709 
710 /*
711  * Check if the bootfs name has the same pool name as it is set to.
712  * Assuming bootfs is a valid dataset name.
713  */
714 static boolean_t
715 bootfs_poolname_valid(char *pool, char *bootfs)
716 {
717 	char ch, *pname;
718 
719 	/* get the pool name from the bootfs name */
720 	pname = bootfs;
721 	while (*bootfs && !isspace(*bootfs) && *bootfs != '/')
722 		bootfs++;
723 
724 	ch = *bootfs;
725 	*bootfs = 0;
726 
727 	if (strcmp(pool, pname) == 0) {
728 		*bootfs = ch;
729 		return (B_TRUE);
730 	}
731 
732 	*bootfs = ch;
733 	return (B_FALSE);
734 }
735 
736 /*
737  * Given an nvlist of properties to set, validates that they are correct, and
738  * parses any numeric properties (index, boolean, etc) if they are specified as
739  * strings.
740  */
741 nvlist_t *
742 zfs_validate_properties(libzfs_handle_t *hdl, zfs_type_t type, char *pool_name,
743     nvlist_t *nvl, uint64_t zoned, zfs_handle_t *zhp, const char *errbuf)
744 {
745 	nvpair_t *elem;
746 	const char *propname;
747 	zfs_prop_t prop;
748 	uint64_t intval;
749 	char *strval;
750 	nvlist_t *ret;
751 	int isuser;
752 
753 	if (nvlist_alloc(&ret, NV_UNIQUE_NAME, 0) != 0) {
754 		(void) no_memory(hdl);
755 		return (NULL);
756 	}
757 
758 	if (type == ZFS_TYPE_SNAPSHOT) {
759 		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
760 		    "snapshot properties cannot be modified"));
761 		(void) zfs_error(hdl, EZFS_PROPTYPE, errbuf);
762 		goto error;
763 	}
764 
765 	elem = NULL;
766 	while ((elem = nvlist_next_nvpair(nvl, elem)) != NULL) {
767 		propname = nvpair_name(elem);
768 
769 		/*
770 		 * Make sure this property is valid and applies to this type.
771 		 */
772 		if ((prop = zfs_name_to_prop_common(propname, type))
773 		    == ZFS_PROP_INVAL) {
774 			isuser = zfs_prop_user(propname);
775 			if (!isuser || (isuser && (type & ZFS_TYPE_POOL))) {
776 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
777 				    "invalid property '%s'"),
778 				    propname);
779 				(void) zfs_error(hdl, EZFS_BADPROP, errbuf);
780 				goto error;
781 			} else {
782 				/*
783 				 * If this is a user property, make sure it's a
784 				 * string, and that it's less than
785 				 * ZAP_MAXNAMELEN.
786 				 */
787 				if (nvpair_type(elem) != DATA_TYPE_STRING) {
788 					zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
789 					    "'%s' must be a string"),
790 					    propname);
791 					(void) zfs_error(hdl, EZFS_BADPROP,
792 					    errbuf);
793 					goto error;
794 				}
795 
796 				if (strlen(nvpair_name(elem)) >=
797 				    ZAP_MAXNAMELEN) {
798 					zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
799 					    "property name '%s' is too long"),
800 					    propname);
801 					(void) zfs_error(hdl, EZFS_BADPROP,
802 					    errbuf);
803 					goto error;
804 				}
805 			}
806 
807 			(void) nvpair_value_string(elem, &strval);
808 			if (nvlist_add_string(ret, propname, strval) != 0) {
809 				(void) no_memory(hdl);
810 				goto error;
811 			}
812 			continue;
813 		}
814 
815 		/*
816 		 * Normalize the name, to get rid of shorthand abbrevations.
817 		 */
818 		propname = zfs_prop_to_name(prop);
819 
820 		if (!zfs_prop_valid_for_type(prop, type)) {
821 			zfs_error_aux(hdl,
822 			    dgettext(TEXT_DOMAIN, "'%s' does not "
823 			    "apply to datasets of this type"), propname);
824 			(void) zfs_error(hdl, EZFS_PROPTYPE, errbuf);
825 			goto error;
826 		}
827 
828 		if (zfs_prop_readonly(prop) &&
829 		    (prop != ZFS_PROP_VOLBLOCKSIZE || zhp != NULL)) {
830 			zfs_error_aux(hdl,
831 			    dgettext(TEXT_DOMAIN, "'%s' is readonly"),
832 			    propname);
833 			(void) zfs_error(hdl, EZFS_PROPREADONLY, errbuf);
834 			goto error;
835 		}
836 
837 		/*
838 		 * Convert any properties to the internal DSL value types.
839 		 */
840 		strval = NULL;
841 		switch (zfs_prop_get_type(prop)) {
842 		case prop_type_boolean:
843 			if (prop_parse_boolean(hdl, elem, &intval) != 0) {
844 				(void) zfs_error(hdl, EZFS_BADPROP, errbuf);
845 				goto error;
846 			}
847 			break;
848 
849 		case prop_type_string:
850 			if (nvpair_type(elem) != DATA_TYPE_STRING) {
851 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
852 				    "'%s' must be a string"),
853 				    propname);
854 				(void) zfs_error(hdl, EZFS_BADPROP, errbuf);
855 				goto error;
856 			}
857 			(void) nvpair_value_string(elem, &strval);
858 			if (strlen(strval) >= ZFS_MAXPROPLEN) {
859 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
860 				    "'%s' is too long"), propname);
861 				(void) zfs_error(hdl, EZFS_BADPROP, errbuf);
862 				goto error;
863 			}
864 			break;
865 
866 		case prop_type_number:
867 			if (prop_parse_number(hdl, elem, prop, &intval) != 0) {
868 				(void) zfs_error(hdl, EZFS_BADPROP, errbuf);
869 				goto error;
870 			}
871 			break;
872 
873 		case prop_type_index:
874 			if (prop_parse_index(hdl, elem, prop, &intval) != 0) {
875 				(void) zfs_error(hdl, EZFS_BADPROP, errbuf);
876 				goto error;
877 			}
878 			break;
879 
880 		default:
881 			abort();
882 		}
883 
884 		/*
885 		 * Add the result to our return set of properties.
886 		 */
887 		if (strval) {
888 			if (nvlist_add_string(ret, propname, strval) != 0) {
889 				(void) no_memory(hdl);
890 				goto error;
891 			}
892 		} else if (nvlist_add_uint64(ret, propname, intval) != 0) {
893 			(void) no_memory(hdl);
894 			goto error;
895 		}
896 
897 		/*
898 		 * Perform some additional checks for specific properties.
899 		 */
900 		switch (prop) {
901 		case ZFS_PROP_RECORDSIZE:
902 		case ZFS_PROP_VOLBLOCKSIZE:
903 			/* must be power of two within SPA_{MIN,MAX}BLOCKSIZE */
904 			if (intval < SPA_MINBLOCKSIZE ||
905 			    intval > SPA_MAXBLOCKSIZE || !ISP2(intval)) {
906 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
907 				    "'%s' must be power of 2 from %u "
908 				    "to %uk"), propname,
909 				    (uint_t)SPA_MINBLOCKSIZE,
910 				    (uint_t)SPA_MAXBLOCKSIZE >> 10);
911 				(void) zfs_error(hdl, EZFS_BADPROP, errbuf);
912 				goto error;
913 			}
914 			break;
915 
916 		case ZFS_PROP_SHAREISCSI:
917 			if (strcmp(strval, "off") != 0 &&
918 			    strcmp(strval, "on") != 0 &&
919 			    strcmp(strval, "type=disk") != 0) {
920 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
921 				    "'%s' must be 'on', 'off', or 'type=disk'"),
922 				    propname);
923 				(void) zfs_error(hdl, EZFS_BADPROP, errbuf);
924 				goto error;
925 			}
926 
927 			break;
928 
929 		case ZFS_PROP_MOUNTPOINT:
930 			if (strcmp(strval, ZFS_MOUNTPOINT_NONE) == 0 ||
931 			    strcmp(strval, ZFS_MOUNTPOINT_LEGACY) == 0)
932 				break;
933 
934 			if (strval[0] != '/') {
935 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
936 				    "'%s' must be an absolute path, "
937 				    "'none', or 'legacy'"), propname);
938 				(void) zfs_error(hdl, EZFS_BADPROP, errbuf);
939 				goto error;
940 			}
941 			/*FALLTHRU*/
942 
943 		case ZFS_PROP_SHARENFS:
944 			/*
945 			 * For the mountpoint and sharenfs properties, check if
946 			 * it can be set in a global/non-global zone based on
947 			 * the zoned property value:
948 			 *
949 			 *		global zone	    non-global zone
950 			 * --------------------------------------------------
951 			 * zoned=on	mountpoint (no)	    mountpoint (yes)
952 			 *		sharenfs (no)	    sharenfs (no)
953 			 *
954 			 * zoned=off	mountpoint (yes)	N/A
955 			 *		sharenfs (yes)
956 			 */
957 			if (zoned) {
958 				if (getzoneid() == GLOBAL_ZONEID) {
959 					zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
960 					    "'%s' cannot be set on "
961 					    "dataset in a non-global zone"),
962 					    propname);
963 					(void) zfs_error(hdl, EZFS_ZONED,
964 					    errbuf);
965 					goto error;
966 				} else if (prop == ZFS_PROP_SHARENFS) {
967 					zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
968 					    "'%s' cannot be set in "
969 					    "a non-global zone"), propname);
970 					(void) zfs_error(hdl, EZFS_ZONED,
971 					    errbuf);
972 					goto error;
973 				}
974 			} else if (getzoneid() != GLOBAL_ZONEID) {
975 				/*
976 				 * If zoned property is 'off', this must be in
977 				 * a globle zone. If not, something is wrong.
978 				 */
979 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
980 				    "'%s' cannot be set while dataset "
981 				    "'zoned' property is set"), propname);
982 				(void) zfs_error(hdl, EZFS_ZONED, errbuf);
983 				goto error;
984 			}
985 
986 			/*
987 			 * At this point, it is legitimate to set the
988 			 * property. Now we want to make sure that the
989 			 * property value is valid if it is sharenfs.
990 			 */
991 			if (prop == ZFS_PROP_SHARENFS &&
992 			    strcmp(strval, "on") != 0 &&
993 			    strcmp(strval, "off") != 0) {
994 
995 				/*
996 				 * Must be an NFS option string so
997 				 * init the libshare in order to
998 				 * enable the parser and then parse
999 				 * the options. We use the control API
1000 				 * since we don't care about the
1001 				 * current configuration and don't
1002 				 * want the overhead of loading it
1003 				 * until we actually do something.
1004 				 */
1005 
1006 				if (zfs_init_libshare(hdl,
1007 				    SA_INIT_CONTROL_API) != SA_OK) {
1008 					/*
1009 					 * An error occurred so we can't do
1010 					 * anything
1011 					 */
1012 					zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1013 					    "'%s' cannot be set: problem "
1014 					    "in share initialization"),
1015 					    propname);
1016 					(void) zfs_error(hdl, EZFS_BADPROP,
1017 					    errbuf);
1018 					goto error;
1019 				}
1020 
1021 				if (zfs_parse_options(strval, "nfs") != SA_OK) {
1022 					/*
1023 					 * There was an error in parsing so
1024 					 * deal with it by issuing an error
1025 					 * message and leaving after
1026 					 * uninitializing the the libshare
1027 					 * interface.
1028 					 */
1029 					zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1030 					    "'%s' cannot be set to invalid "
1031 					    "options"), propname);
1032 					(void) zfs_error(hdl, EZFS_BADPROP,
1033 					    errbuf);
1034 					zfs_uninit_libshare(hdl);
1035 					goto error;
1036 				}
1037 				zfs_uninit_libshare(hdl);
1038 			}
1039 
1040 			break;
1041 
1042 		case ZPOOL_PROP_BOOTFS:
1043 			/*
1044 			 * bootfs property value has to be a dataset name and
1045 			 * the dataset has to be in the same pool as it sets to.
1046 			 */
1047 			if (strval[0] != '\0' && (!zfs_name_valid(strval,
1048 			    ZFS_TYPE_FILESYSTEM) || !bootfs_poolname_valid(
1049 			    pool_name, strval))) {
1050 
1051 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, "'%s' "
1052 				    "is an invalid name"), strval);
1053 				(void) zfs_error(hdl, EZFS_INVALIDNAME, errbuf);
1054 				goto error;
1055 			}
1056 			break;
1057 		}
1058 
1059 		/*
1060 		 * For changes to existing volumes, we have some additional
1061 		 * checks to enforce.
1062 		 */
1063 		if (type == ZFS_TYPE_VOLUME && zhp != NULL) {
1064 			uint64_t volsize = zfs_prop_get_int(zhp,
1065 			    ZFS_PROP_VOLSIZE);
1066 			uint64_t blocksize = zfs_prop_get_int(zhp,
1067 			    ZFS_PROP_VOLBLOCKSIZE);
1068 			char buf[64];
1069 
1070 			switch (prop) {
1071 			case ZFS_PROP_RESERVATION:
1072 				if (intval > volsize) {
1073 					zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1074 					    "'%s' is greater than current "
1075 					    "volume size"), propname);
1076 					(void) zfs_error(hdl, EZFS_BADPROP,
1077 					    errbuf);
1078 					goto error;
1079 				}
1080 				break;
1081 
1082 			case ZFS_PROP_VOLSIZE:
1083 				if (intval % blocksize != 0) {
1084 					zfs_nicenum(blocksize, buf,
1085 					    sizeof (buf));
1086 					zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1087 					    "'%s' must be a multiple of "
1088 					    "volume block size (%s)"),
1089 					    propname, buf);
1090 					(void) zfs_error(hdl, EZFS_BADPROP,
1091 					    errbuf);
1092 					goto error;
1093 				}
1094 
1095 				if (intval == 0) {
1096 					zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1097 					    "'%s' cannot be zero"),
1098 					    propname);
1099 					(void) zfs_error(hdl, EZFS_BADPROP,
1100 					    errbuf);
1101 					goto error;
1102 				}
1103 				break;
1104 			}
1105 		}
1106 	}
1107 
1108 	/*
1109 	 * If this is an existing volume, and someone is setting the volsize,
1110 	 * make sure that it matches the reservation, or add it if necessary.
1111 	 */
1112 	if (zhp != NULL && type == ZFS_TYPE_VOLUME &&
1113 	    nvlist_lookup_uint64(ret, zfs_prop_to_name(ZFS_PROP_VOLSIZE),
1114 	    &intval) == 0) {
1115 		uint64_t old_volsize = zfs_prop_get_int(zhp,
1116 		    ZFS_PROP_VOLSIZE);
1117 		uint64_t old_reservation = zfs_prop_get_int(zhp,
1118 		    ZFS_PROP_RESERVATION);
1119 		uint64_t new_reservation;
1120 
1121 		if (old_volsize == old_reservation &&
1122 		    nvlist_lookup_uint64(ret,
1123 		    zfs_prop_to_name(ZFS_PROP_RESERVATION),
1124 		    &new_reservation) != 0) {
1125 			if (nvlist_add_uint64(ret,
1126 			    zfs_prop_to_name(ZFS_PROP_RESERVATION),
1127 			    intval) != 0) {
1128 				(void) no_memory(hdl);
1129 				goto error;
1130 			}
1131 		}
1132 	}
1133 
1134 	return (ret);
1135 
1136 error:
1137 	nvlist_free(ret);
1138 	return (NULL);
1139 }
1140 
1141 static int
1142 zfs_get_perm_who(const char *who, zfs_deleg_who_type_t *who_type,
1143     uint64_t *ret_who)
1144 {
1145 	struct passwd *pwd;
1146 	struct group *grp;
1147 	uid_t id;
1148 
1149 	if (*who_type == ZFS_DELEG_EVERYONE || *who_type == ZFS_DELEG_CREATE ||
1150 	    *who_type == ZFS_DELEG_NAMED_SET) {
1151 		*ret_who = -1;
1152 		return (0);
1153 	}
1154 	if (who == NULL && !(*who_type == ZFS_DELEG_EVERYONE))
1155 		return (EZFS_BADWHO);
1156 
1157 	if (*who_type == ZFS_DELEG_WHO_UNKNOWN &&
1158 	    strcmp(who, "everyone") == 0) {
1159 		*ret_who = -1;
1160 		*who_type = ZFS_DELEG_EVERYONE;
1161 		return (0);
1162 	}
1163 
1164 	pwd = getpwnam(who);
1165 	grp = getgrnam(who);
1166 
1167 	if ((*who_type == ZFS_DELEG_USER) && pwd) {
1168 		*ret_who = pwd->pw_uid;
1169 	} else if ((*who_type == ZFS_DELEG_GROUP) && grp) {
1170 		*ret_who = grp->gr_gid;
1171 	} else if (pwd) {
1172 		*ret_who = pwd->pw_uid;
1173 		*who_type = ZFS_DELEG_USER;
1174 	} else if (grp) {
1175 		*ret_who = grp->gr_gid;
1176 		*who_type = ZFS_DELEG_GROUP;
1177 	} else {
1178 		char *end;
1179 
1180 		id = strtol(who, &end, 10);
1181 		if (errno != 0 || *end != '\0') {
1182 			return (EZFS_BADWHO);
1183 		} else {
1184 			*ret_who = id;
1185 			if (*who_type == ZFS_DELEG_WHO_UNKNOWN)
1186 				*who_type = ZFS_DELEG_USER;
1187 		}
1188 	}
1189 
1190 	return (0);
1191 }
1192 
1193 static void
1194 zfs_perms_add_to_nvlist(nvlist_t *who_nvp, char *name, nvlist_t *perms_nvp)
1195 {
1196 	if (perms_nvp != NULL) {
1197 		verify(nvlist_add_nvlist(who_nvp,
1198 		    name, perms_nvp) == 0);
1199 	} else {
1200 		verify(nvlist_add_boolean(who_nvp, name) == 0);
1201 	}
1202 }
1203 
1204 static void
1205 helper(zfs_deleg_who_type_t who_type, uint64_t whoid, char *whostr,
1206     zfs_deleg_inherit_t inherit, nvlist_t *who_nvp, nvlist_t *perms_nvp,
1207     nvlist_t *sets_nvp)
1208 {
1209 	boolean_t do_perms, do_sets;
1210 	char name[ZFS_MAX_DELEG_NAME];
1211 
1212 	do_perms = (nvlist_next_nvpair(perms_nvp, NULL) != NULL);
1213 	do_sets = (nvlist_next_nvpair(sets_nvp, NULL) != NULL);
1214 
1215 	if (!do_perms && !do_sets)
1216 		do_perms = do_sets = B_TRUE;
1217 
1218 	if (do_perms) {
1219 		zfs_deleg_whokey(name, who_type, inherit,
1220 		    (who_type == ZFS_DELEG_NAMED_SET) ?
1221 		    whostr : (void *)&whoid);
1222 		zfs_perms_add_to_nvlist(who_nvp, name, perms_nvp);
1223 	}
1224 	if (do_sets) {
1225 		zfs_deleg_whokey(name, toupper(who_type), inherit,
1226 		    (who_type == ZFS_DELEG_NAMED_SET) ?
1227 		    whostr : (void *)&whoid);
1228 		zfs_perms_add_to_nvlist(who_nvp, name, sets_nvp);
1229 	}
1230 }
1231 
1232 static void
1233 zfs_perms_add_who_nvlist(nvlist_t *who_nvp, uint64_t whoid, void *whostr,
1234     nvlist_t *perms_nvp, nvlist_t *sets_nvp,
1235     zfs_deleg_who_type_t who_type, zfs_deleg_inherit_t inherit)
1236 {
1237 	if (who_type == ZFS_DELEG_NAMED_SET || who_type == ZFS_DELEG_CREATE) {
1238 		helper(who_type, whoid, whostr, 0,
1239 		    who_nvp, perms_nvp, sets_nvp);
1240 	} else {
1241 		if (inherit & ZFS_DELEG_PERM_LOCAL) {
1242 			helper(who_type, whoid, whostr, ZFS_DELEG_LOCAL,
1243 			    who_nvp, perms_nvp, sets_nvp);
1244 		}
1245 		if (inherit & ZFS_DELEG_PERM_DESCENDENT) {
1246 			helper(who_type, whoid, whostr, ZFS_DELEG_DESCENDENT,
1247 			    who_nvp, perms_nvp, sets_nvp);
1248 		}
1249 	}
1250 }
1251 
1252 /*
1253  * Construct nvlist to pass down to kernel for setting/removing permissions.
1254  *
1255  * The nvlist is constructed as a series of nvpairs with an optional embedded
1256  * nvlist of permissions to remove or set.  The topmost nvpairs are the actual
1257  * base attribute named stored in the dsl.
1258  * Arguments:
1259  *
1260  * whostr:   is a comma separated list of users, groups, or a single set name.
1261  *           whostr may be null for everyone or create perms.
1262  * who_type: is the type of entry in whostr.  Typically this will be
1263  *           ZFS_DELEG_WHO_UNKNOWN.
1264  * perms:    comman separated list of permissions.  May be null if user
1265  *           is requested to remove permissions by who.
1266  * inherit:  Specifies the inheritance of the permissions.  Will be either
1267  *           ZFS_DELEG_PERM_LOCAL and/or  ZFS_DELEG_PERM_DESCENDENT.
1268  * nvp       The constructed nvlist to pass to zfs_perm_set().
1269  *           The output nvp will look something like this.
1270  *              ul$1234 -> {create ; destroy }
1271  *              Ul$1234 -> { @myset }
1272  *              s-$@myset - { snapshot; checksum; compression }
1273  */
1274 int
1275 zfs_build_perms(zfs_handle_t *zhp, char *whostr, char *perms,
1276     zfs_deleg_who_type_t who_type, zfs_deleg_inherit_t inherit, nvlist_t **nvp)
1277 {
1278 	nvlist_t *who_nvp;
1279 	nvlist_t *perms_nvp = NULL;
1280 	nvlist_t *sets_nvp = NULL;
1281 	char errbuf[1024];
1282 	char *who_tok;
1283 	int error;
1284 
1285 	*nvp = NULL;
1286 
1287 	if (perms) {
1288 		/* Make sure permission string doesn't have an '=' sign in it */
1289 		if (strchr(perms, '=') != NULL) {
1290 			(void) snprintf(errbuf, sizeof (errbuf),
1291 			    dgettext(TEXT_DOMAIN,
1292 			    "permissions can't contain equal sign : '%s'"),
1293 			    perms);
1294 			return (zfs_error(zhp->zfs_hdl, EZFS_BADPERM, errbuf));
1295 		}
1296 
1297 		if ((error = nvlist_alloc(&perms_nvp,
1298 		    NV_UNIQUE_NAME, 0)) != 0) {
1299 			return (1);
1300 		}
1301 		if ((error = nvlist_alloc(&sets_nvp,
1302 		    NV_UNIQUE_NAME, 0)) != 0) {
1303 			nvlist_free(perms_nvp);
1304 			return (1);
1305 		}
1306 	}
1307 
1308 	if ((error = nvlist_alloc(&who_nvp, NV_UNIQUE_NAME, 0)) != 0) {
1309 		if (perms_nvp)
1310 			nvlist_free(perms_nvp);
1311 		if (sets_nvp)
1312 			nvlist_free(sets_nvp);
1313 		return (1);
1314 	}
1315 
1316 	if (who_type == ZFS_DELEG_NAMED_SET) {
1317 		namecheck_err_t why;
1318 		char what;
1319 
1320 		if ((error = permset_namecheck(whostr, &why, &what)) != 0) {
1321 			switch (why) {
1322 			case NAME_ERR_NO_AT:
1323 				zfs_error_aux(zhp->zfs_hdl,
1324 				    dgettext(TEXT_DOMAIN,
1325 				    "set definition must begin with an '@' "
1326 				    "character"));
1327 			}
1328 			return (zfs_error(zhp->zfs_hdl,
1329 			    EZFS_BADPERMSET, whostr));
1330 		}
1331 	}
1332 
1333 	/*
1334 	 * Build up nvlist(s) of permissions.  Two nvlists are maintained.
1335 	 * The first nvlist perms_nvp will have normal permissions and the
1336 	 * other sets_nvp will have only permssion set names in it.
1337 	 */
1338 
1339 
1340 	while (perms && *perms != '\0') {
1341 		char *value;
1342 		char *perm_name;
1343 		nvlist_t *update_nvp;
1344 		int  perm_num;
1345 		char canonical_name[64];
1346 		char *canonicalp = canonical_name;
1347 
1348 
1349 		update_nvp = perms_nvp;
1350 
1351 		perm_num = getsubopt(&perms, zfs_deleg_perm_tab, &value);
1352 		if (perm_num == -1) {
1353 			zfs_prop_t prop;
1354 
1355 			prop = zfs_name_to_prop(value);
1356 			if (prop != ZFS_PROP_INVAL) {
1357 				(void) snprintf(canonical_name,
1358 				    sizeof (canonical_name), "%s",
1359 				    zfs_prop_to_name(prop));
1360 				perm_num = getsubopt(&canonicalp,
1361 				    zfs_deleg_perm_tab, &value);
1362 			}
1363 		}
1364 		if (perm_num != -1) {
1365 			perm_name = zfs_deleg_perm_tab[perm_num];
1366 		} else {  /* check and see if permission is a named set */
1367 			if (value[0] == '@') {
1368 
1369 				/*
1370 				 * make sure permssion set isn't defined
1371 				 * in terms of itself. ie.
1372 				 * @set1 = create,destroy,@set1
1373 				 */
1374 				if (who_type == ZFS_DELEG_NAMED_SET &&
1375 				    strcmp(value, whostr) == 0) {
1376 					nvlist_free(who_nvp);
1377 					nvlist_free(perms_nvp);
1378 					if (sets_nvp)
1379 						nvlist_free(sets_nvp);
1380 					(void) snprintf(errbuf,
1381 					    sizeof (errbuf),
1382 					    dgettext(TEXT_DOMAIN,
1383 					    "Invalid permission %s"), value);
1384 					return (zfs_error(zhp->zfs_hdl,
1385 					    EZFS_PERMSET_CIRCULAR, errbuf));
1386 				}
1387 				update_nvp = sets_nvp;
1388 				perm_name = value;
1389 			} else {
1390 				nvlist_free(who_nvp);
1391 				nvlist_free(perms_nvp);
1392 				if (sets_nvp)
1393 					nvlist_free(sets_nvp);
1394 				return (zfs_error(zhp->zfs_hdl,
1395 				    EZFS_BADPERM, value));
1396 			}
1397 		}
1398 		verify(nvlist_add_boolean(update_nvp, perm_name) == 0);
1399 	}
1400 
1401 	if (whostr && who_type != ZFS_DELEG_CREATE) {
1402 		who_tok = strtok(whostr, ",");
1403 		if (who_tok == NULL) {
1404 			nvlist_free(who_nvp);
1405 			nvlist_free(perms_nvp);
1406 			if (sets_nvp)
1407 				nvlist_free(sets_nvp);
1408 			(void) snprintf(errbuf, sizeof (errbuf),
1409 			    dgettext(TEXT_DOMAIN, "Who string is NULL"),
1410 			    whostr);
1411 			return (zfs_error(zhp->zfs_hdl, EZFS_BADWHO, errbuf));
1412 		}
1413 	}
1414 
1415 	/*
1416 	 * Now create the nvlist(s)
1417 	 */
1418 	do {
1419 		uint64_t who_id;
1420 
1421 		error = zfs_get_perm_who(who_tok, &who_type,
1422 		    &who_id);
1423 		if (error) {
1424 			nvlist_free(who_nvp);
1425 			nvlist_free(perms_nvp);
1426 			if (sets_nvp)
1427 				nvlist_free(sets_nvp);
1428 			(void) snprintf(errbuf, sizeof (errbuf),
1429 			    dgettext(TEXT_DOMAIN,
1430 			    "Unable to determine uid/gid for "
1431 			    "%s "), who_tok);
1432 			return (zfs_error(zhp->zfs_hdl, EZFS_BADWHO, errbuf));
1433 		}
1434 
1435 		/*
1436 		 * add entries for both local and descendent when required
1437 		 */
1438 
1439 		zfs_perms_add_who_nvlist(who_nvp, who_id, who_tok,
1440 		    perms_nvp, sets_nvp, who_type, inherit);
1441 
1442 	} while (who_tok = strtok(NULL, ","));
1443 	*nvp = who_nvp;
1444 	return (0);
1445 }
1446 
1447 static int
1448 zfs_perm_set_common(zfs_handle_t *zhp, nvlist_t *nvp, boolean_t unset)
1449 {
1450 	zfs_cmd_t zc = { 0 };
1451 	int error;
1452 	size_t sz;
1453 	char errbuf[1024];
1454 
1455 	(void) snprintf(errbuf, sizeof (errbuf),
1456 	    dgettext(TEXT_DOMAIN, "Cannot update 'allows' for '%s'"),
1457 	    zhp->zfs_name);
1458 
1459 	if (zcmd_write_src_nvlist(zhp->zfs_hdl, &zc, nvp, &sz))
1460 		return (-1);
1461 
1462 	(void) strlcpy(zc.zc_name, zhp->zfs_name, sizeof (zc.zc_name));
1463 	zc.zc_perm_action = unset;
1464 
1465 	error = zfs_ioctl(zhp->zfs_hdl, ZFS_IOC_SET_FSACL, &zc);
1466 	if (error && errno == ENOTSUP) {
1467 		(void) snprintf(errbuf, sizeof (errbuf),
1468 		    gettext("Pool must be upgraded to use 'allow/unallow'"));
1469 		zcmd_free_nvlists(&zc);
1470 		return (zfs_error(zhp->zfs_hdl, EZFS_BADVERSION, errbuf));
1471 	} else if (error) {
1472 		return (zfs_standard_error(zhp->zfs_hdl, errno, errbuf));
1473 	}
1474 	zcmd_free_nvlists(&zc);
1475 
1476 	return (error);
1477 }
1478 
1479 int
1480 zfs_perm_set(zfs_handle_t *zhp, nvlist_t *nvp)
1481 {
1482 	return (zfs_perm_set_common(zhp, nvp, B_FALSE));
1483 }
1484 
1485 int
1486 zfs_perm_remove(zfs_handle_t *zhp, nvlist_t *perms)
1487 {
1488 	return (zfs_perm_set_common(zhp, perms, B_TRUE));
1489 }
1490 
1491 static int
1492 perm_compare(const void *arg1, const void *arg2)
1493 {
1494 	const zfs_perm_node_t *node1 = arg1;
1495 	const zfs_perm_node_t *node2 = arg2;
1496 	int ret;
1497 
1498 	ret = strcmp(node1->z_pname, node2->z_pname);
1499 
1500 	if (ret > 0)
1501 		return (1);
1502 	if (ret < 0)
1503 		return (-1);
1504 	else
1505 		return (0);
1506 }
1507 
1508 static void
1509 zfs_destroy_perm_tree(avl_tree_t *tree)
1510 {
1511 	zfs_perm_node_t *permnode;
1512 	void *cookie;
1513 
1514 	cookie = NULL;
1515 	while ((permnode = avl_destroy_nodes(tree,  &cookie)) != NULL) {
1516 		avl_remove(tree, permnode);
1517 		free(permnode);
1518 	}
1519 }
1520 
1521 static void
1522 zfs_destroy_tree(avl_tree_t *tree)
1523 {
1524 	zfs_allow_node_t *allownode;
1525 	void *cookie;
1526 
1527 	cookie = NULL;
1528 	while ((allownode = avl_destroy_nodes(tree, &cookie)) != NULL) {
1529 		zfs_destroy_perm_tree(&allownode->z_localdescend);
1530 		zfs_destroy_perm_tree(&allownode->z_local);
1531 		zfs_destroy_perm_tree(&allownode->z_descend);
1532 		avl_remove(tree, allownode);
1533 		free(allownode);
1534 	}
1535 }
1536 
1537 void
1538 zfs_free_allows(zfs_allow_t *allow)
1539 {
1540 	zfs_allow_t *allownext;
1541 	zfs_allow_t *freeallow;
1542 
1543 	allownext = allow;
1544 	while (allownext) {
1545 		zfs_destroy_tree(&allownext->z_sets);
1546 		zfs_destroy_tree(&allownext->z_crperms);
1547 		zfs_destroy_tree(&allownext->z_user);
1548 		zfs_destroy_tree(&allownext->z_group);
1549 		zfs_destroy_tree(&allownext->z_everyone);
1550 		freeallow = allownext;
1551 		allownext = allownext->z_next;
1552 		free(freeallow);
1553 	}
1554 }
1555 
1556 static zfs_allow_t *
1557 zfs_alloc_perm_tree(zfs_handle_t *zhp, zfs_allow_t *prev, char *setpoint)
1558 {
1559 	zfs_allow_t *ptree;
1560 
1561 	if ((ptree = zfs_alloc(zhp->zfs_hdl,
1562 	    sizeof (zfs_allow_t))) == NULL) {
1563 		return (NULL);
1564 	}
1565 
1566 	(void) strlcpy(ptree->z_setpoint, setpoint, sizeof (ptree->z_setpoint));
1567 	avl_create(&ptree->z_sets,
1568 	    perm_compare, sizeof (zfs_allow_node_t),
1569 	    offsetof(zfs_allow_node_t, z_node));
1570 	avl_create(&ptree->z_crperms,
1571 	    perm_compare, sizeof (zfs_allow_node_t),
1572 	    offsetof(zfs_allow_node_t, z_node));
1573 	avl_create(&ptree->z_user,
1574 	    perm_compare, sizeof (zfs_allow_node_t),
1575 	    offsetof(zfs_allow_node_t, z_node));
1576 	avl_create(&ptree->z_group,
1577 	    perm_compare, sizeof (zfs_allow_node_t),
1578 	    offsetof(zfs_allow_node_t, z_node));
1579 	avl_create(&ptree->z_everyone,
1580 	    perm_compare, sizeof (zfs_allow_node_t),
1581 	    offsetof(zfs_allow_node_t, z_node));
1582 
1583 	if (prev)
1584 		prev->z_next = ptree;
1585 	ptree->z_next = NULL;
1586 	return (ptree);
1587 }
1588 
1589 /*
1590  * Add permissions to the appropriate AVL permission tree.
1591  * The appropriate tree may not be the requested tree.
1592  * For example if ld indicates a local permission, but
1593  * same permission also exists as a descendent permission
1594  * then the permission will be removed from the descendent
1595  * tree and add the the local+descendent tree.
1596  */
1597 static int
1598 zfs_coalesce_perm(zfs_handle_t *zhp, zfs_allow_node_t *allownode,
1599     char *perm, char ld)
1600 {
1601 	zfs_perm_node_t pnode, *permnode, *permnode2;
1602 	zfs_perm_node_t *newnode;
1603 	avl_index_t where, where2;
1604 	avl_tree_t *tree, *altree;
1605 
1606 	(void) strlcpy(pnode.z_pname, perm, sizeof (pnode.z_pname));
1607 
1608 	if (ld == ZFS_DELEG_NA) {
1609 		tree =  &allownode->z_localdescend;
1610 		altree = &allownode->z_descend;
1611 	} else if (ld == ZFS_DELEG_LOCAL) {
1612 		tree = &allownode->z_local;
1613 		altree = &allownode->z_descend;
1614 	} else {
1615 		tree = &allownode->z_descend;
1616 		altree = &allownode->z_local;
1617 	}
1618 	permnode = avl_find(tree, &pnode, &where);
1619 	permnode2 = avl_find(altree, &pnode, &where2);
1620 
1621 	if (permnode2) {
1622 		avl_remove(altree, permnode2);
1623 		free(permnode2);
1624 		if (permnode == NULL) {
1625 			tree =  &allownode->z_localdescend;
1626 		}
1627 	}
1628 
1629 	/*
1630 	 * Now insert new permission in either requested location
1631 	 * local/descendent or into ld when perm will exist in both.
1632 	 */
1633 	if (permnode == NULL) {
1634 		if ((newnode = zfs_alloc(zhp->zfs_hdl,
1635 		    sizeof (zfs_perm_node_t))) == NULL) {
1636 			return (-1);
1637 		}
1638 		*newnode = pnode;
1639 		avl_add(tree, newnode);
1640 	}
1641 	return (0);
1642 }
1643 /*
1644  * Uggh, this is going to be a bit complicated.
1645  * we have an nvlist coming out of the kernel that
1646  * will indicate where the permission is set and then
1647  * it will contain allow of the various "who's", and what
1648  * their permissions are.  To further complicate this
1649  * we will then have to coalesce the local,descendent
1650  * and local+descendent permissions where appropriate.
1651  * The kernel only knows about a permission as being local
1652  * or descendent, but not both.
1653  *
1654  * In order to make this easier for zfs_main to deal with
1655  * a series of AVL trees will be used to maintain
1656  * all of this, primarily for sorting purposes as well
1657  * as the ability to quickly locate a specific entry.
1658  *
1659  * What we end up with are tree's for sets, create perms,
1660  * user, groups and everyone.  With each of those trees
1661  * we have subtrees for local, descendent and local+descendent
1662  * permissions.
1663  */
1664 int
1665 zfs_perm_get(zfs_handle_t *zhp, zfs_allow_t **zfs_perms)
1666 {
1667 	zfs_cmd_t zc = { 0 };
1668 	int error;
1669 	nvlist_t *nvlist;
1670 	nvlist_t *permnv, *sourcenv;
1671 	nvpair_t *who_pair, *source_pair;
1672 	nvpair_t *perm_pair;
1673 	char errbuf[1024];
1674 	zfs_allow_t *zallowp, *newallowp;
1675 	char  ld;
1676 	char *nvpname;
1677 	uid_t	uid;
1678 	gid_t	gid;
1679 	avl_tree_t *tree;
1680 	avl_index_t where;
1681 
1682 	(void) strlcpy(zc.zc_name, zhp->zfs_name, sizeof (zc.zc_name));
1683 
1684 	if (zcmd_alloc_dst_nvlist(zhp->zfs_hdl, &zc, 0) != 0)
1685 		return (-1);
1686 
1687 	while (ioctl(zhp->zfs_hdl->libzfs_fd, ZFS_IOC_GET_FSACL, &zc) != 0) {
1688 		if (errno == ENOMEM) {
1689 			if (zcmd_expand_dst_nvlist(zhp->zfs_hdl, &zc) != 0) {
1690 				zcmd_free_nvlists(&zc);
1691 				return (-1);
1692 			}
1693 		} else if (errno == ENOTSUP) {
1694 			zcmd_free_nvlists(&zc);
1695 			(void) snprintf(errbuf, sizeof (errbuf),
1696 			    gettext("Pool must be upgraded to use 'allow'"));
1697 			return (zfs_error(zhp->zfs_hdl,
1698 			    EZFS_BADVERSION, errbuf));
1699 		} else {
1700 			zcmd_free_nvlists(&zc);
1701 			return (-1);
1702 		}
1703 	}
1704 
1705 	if (zcmd_read_dst_nvlist(zhp->zfs_hdl, &zc, &nvlist) != 0) {
1706 		zcmd_free_nvlists(&zc);
1707 		return (-1);
1708 	}
1709 
1710 	zcmd_free_nvlists(&zc);
1711 
1712 	source_pair = nvlist_next_nvpair(nvlist, NULL);
1713 
1714 	if (source_pair == NULL) {
1715 		*zfs_perms = NULL;
1716 		return (0);
1717 	}
1718 
1719 	*zfs_perms = zfs_alloc_perm_tree(zhp, NULL, nvpair_name(source_pair));
1720 	if (*zfs_perms == NULL) {
1721 		return (0);
1722 	}
1723 
1724 	zallowp = *zfs_perms;
1725 
1726 	for (;;) {
1727 		struct passwd *pwd;
1728 		struct group *grp;
1729 		zfs_allow_node_t *allownode;
1730 		zfs_allow_node_t  findallownode;
1731 		zfs_allow_node_t *newallownode;
1732 
1733 		(void) strlcpy(zallowp->z_setpoint,
1734 		    nvpair_name(source_pair),
1735 		    sizeof (zallowp->z_setpoint));
1736 
1737 		if ((error = nvpair_value_nvlist(source_pair, &sourcenv)) != 0)
1738 			goto abort;
1739 
1740 		/*
1741 		 * Make sure nvlist is composed correctly
1742 		 */
1743 		if (zfs_deleg_verify_nvlist(sourcenv)) {
1744 			goto abort;
1745 		}
1746 
1747 		who_pair = nvlist_next_nvpair(sourcenv, NULL);
1748 		if (who_pair == NULL) {
1749 			goto abort;
1750 		}
1751 
1752 		do {
1753 			error = nvpair_value_nvlist(who_pair, &permnv);
1754 			if (error) {
1755 				goto abort;
1756 			}
1757 
1758 			/*
1759 			 * First build up the key to use
1760 			 * for looking up in the various
1761 			 * who trees.
1762 			 */
1763 			ld = nvpair_name(who_pair)[1];
1764 			nvpname = nvpair_name(who_pair);
1765 			switch (nvpair_name(who_pair)[0]) {
1766 			case ZFS_DELEG_USER:
1767 			case ZFS_DELEG_USER_SETS:
1768 				tree = &zallowp->z_user;
1769 				uid = atol(&nvpname[3]);
1770 				pwd = getpwuid(uid);
1771 				(void) snprintf(findallownode.z_key,
1772 				    sizeof (findallownode.z_key), "user %s",
1773 				    (pwd) ? pwd->pw_name :
1774 				    &nvpair_name(who_pair)[3]);
1775 				break;
1776 			case ZFS_DELEG_GROUP:
1777 			case ZFS_DELEG_GROUP_SETS:
1778 				tree = &zallowp->z_group;
1779 				gid = atol(&nvpname[3]);
1780 				grp = getgrgid(gid);
1781 				(void) snprintf(findallownode.z_key,
1782 				    sizeof (findallownode.z_key), "group %s",
1783 				    (grp) ? grp->gr_name :
1784 				    &nvpair_name(who_pair)[3]);
1785 				break;
1786 			case ZFS_DELEG_CREATE:
1787 			case ZFS_DELEG_CREATE_SETS:
1788 				tree = &zallowp->z_crperms;
1789 				(void) strlcpy(findallownode.z_key, "",
1790 				    sizeof (findallownode.z_key));
1791 				break;
1792 			case ZFS_DELEG_EVERYONE:
1793 			case ZFS_DELEG_EVERYONE_SETS:
1794 				(void) snprintf(findallownode.z_key,
1795 				    sizeof (findallownode.z_key), "everyone");
1796 				tree = &zallowp->z_everyone;
1797 				break;
1798 			case ZFS_DELEG_NAMED_SET:
1799 			case ZFS_DELEG_NAMED_SET_SETS:
1800 				(void) snprintf(findallownode.z_key,
1801 				    sizeof (findallownode.z_key), "%s",
1802 				    &nvpair_name(who_pair)[3]);
1803 				tree = &zallowp->z_sets;
1804 				break;
1805 			}
1806 
1807 			/*
1808 			 * Place who in tree
1809 			 */
1810 			allownode = avl_find(tree, &findallownode, &where);
1811 			if (allownode == NULL) {
1812 				if ((newallownode = zfs_alloc(zhp->zfs_hdl,
1813 				    sizeof (zfs_allow_node_t))) == NULL) {
1814 					goto abort;
1815 				}
1816 				avl_create(&newallownode->z_localdescend,
1817 				    perm_compare,
1818 				    sizeof (zfs_perm_node_t),
1819 				    offsetof(zfs_perm_node_t, z_node));
1820 				avl_create(&newallownode->z_local,
1821 				    perm_compare,
1822 				    sizeof (zfs_perm_node_t),
1823 				    offsetof(zfs_perm_node_t, z_node));
1824 				avl_create(&newallownode->z_descend,
1825 				    perm_compare,
1826 				    sizeof (zfs_perm_node_t),
1827 				    offsetof(zfs_perm_node_t, z_node));
1828 				(void) strlcpy(newallownode->z_key,
1829 				    findallownode.z_key,
1830 				    sizeof (findallownode.z_key));
1831 				avl_insert(tree, newallownode, where);
1832 				allownode = newallownode;
1833 			}
1834 
1835 			/*
1836 			 * Now iterate over the permissions and
1837 			 * place them in the appropriate local,
1838 			 * descendent or local+descendent tree.
1839 			 *
1840 			 * The permissions are added to the tree
1841 			 * via zfs_coalesce_perm().
1842 			 */
1843 			perm_pair = nvlist_next_nvpair(permnv, NULL);
1844 			if (perm_pair == NULL)
1845 				goto abort;
1846 			do {
1847 				if (zfs_coalesce_perm(zhp, allownode,
1848 				    nvpair_name(perm_pair), ld) != 0)
1849 					goto abort;
1850 			} while (perm_pair = nvlist_next_nvpair(permnv,
1851 			    perm_pair));
1852 		} while (who_pair = nvlist_next_nvpair(sourcenv, who_pair));
1853 
1854 		source_pair = nvlist_next_nvpair(nvlist, source_pair);
1855 		if (source_pair == NULL)
1856 			break;
1857 
1858 		/*
1859 		 * allocate another node from the link list of
1860 		 * zfs_allow_t structures
1861 		 */
1862 		newallowp = zfs_alloc_perm_tree(zhp, zallowp,
1863 		    nvpair_name(source_pair));
1864 		if (newallowp == NULL) {
1865 			goto abort;
1866 		}
1867 		zallowp = newallowp;
1868 	}
1869 	nvlist_free(nvlist);
1870 	return (0);
1871 abort:
1872 	zfs_free_allows(*zfs_perms);
1873 	nvlist_free(nvlist);
1874 	return (-1);
1875 }
1876 
1877 /*
1878  * Given a property name and value, set the property for the given dataset.
1879  */
1880 int
1881 zfs_prop_set(zfs_handle_t *zhp, const char *propname, const char *propval)
1882 {
1883 	zfs_cmd_t zc = { 0 };
1884 	int ret = -1;
1885 	prop_changelist_t *cl = NULL;
1886 	char errbuf[1024];
1887 	libzfs_handle_t *hdl = zhp->zfs_hdl;
1888 	nvlist_t *nvl = NULL, *realprops;
1889 	zfs_prop_t prop;
1890 
1891 	(void) snprintf(errbuf, sizeof (errbuf),
1892 	    dgettext(TEXT_DOMAIN, "cannot set property for '%s'"),
1893 	    zhp->zfs_name);
1894 
1895 	if (nvlist_alloc(&nvl, NV_UNIQUE_NAME, 0) != 0 ||
1896 	    nvlist_add_string(nvl, propname, propval) != 0) {
1897 		(void) no_memory(hdl);
1898 		goto error;
1899 	}
1900 
1901 	if ((realprops = zfs_validate_properties(hdl, zhp->zfs_type, NULL, nvl,
1902 	    zfs_prop_get_int(zhp, ZFS_PROP_ZONED), zhp, errbuf)) == NULL)
1903 		goto error;
1904 	nvlist_free(nvl);
1905 	nvl = realprops;
1906 
1907 	prop = zfs_name_to_prop(propname);
1908 
1909 	if ((cl = changelist_gather(zhp, prop, 0)) == NULL)
1910 		goto error;
1911 
1912 	if (prop == ZFS_PROP_MOUNTPOINT && changelist_haszonedchild(cl)) {
1913 		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1914 		    "child dataset with inherited mountpoint is used "
1915 		    "in a non-global zone"));
1916 		ret = zfs_error(hdl, EZFS_ZONED, errbuf);
1917 		goto error;
1918 	}
1919 
1920 	if ((ret = changelist_prefix(cl)) != 0)
1921 		goto error;
1922 
1923 	/*
1924 	 * Execute the corresponding ioctl() to set this property.
1925 	 */
1926 	(void) strlcpy(zc.zc_name, zhp->zfs_name, sizeof (zc.zc_name));
1927 
1928 	if (zcmd_write_src_nvlist(hdl, &zc, nvl, NULL) != 0)
1929 		goto error;
1930 
1931 	ret = zfs_ioctl(hdl, ZFS_IOC_SET_PROP, &zc);
1932 
1933 	if (ret != 0) {
1934 		switch (errno) {
1935 
1936 		case ENOSPC:
1937 			/*
1938 			 * For quotas and reservations, ENOSPC indicates
1939 			 * something different; setting a quota or reservation
1940 			 * doesn't use any disk space.
1941 			 */
1942 			switch (prop) {
1943 			case ZFS_PROP_QUOTA:
1944 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1945 				    "size is less than current used or "
1946 				    "reserved space"));
1947 				(void) zfs_error(hdl, EZFS_PROPSPACE, errbuf);
1948 				break;
1949 
1950 			case ZFS_PROP_RESERVATION:
1951 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1952 				    "size is greater than available space"));
1953 				(void) zfs_error(hdl, EZFS_PROPSPACE, errbuf);
1954 				break;
1955 
1956 			default:
1957 				(void) zfs_standard_error(hdl, errno, errbuf);
1958 				break;
1959 			}
1960 			break;
1961 
1962 		case EBUSY:
1963 			if (prop == ZFS_PROP_VOLBLOCKSIZE)
1964 				(void) zfs_error(hdl, EZFS_VOLHASDATA, errbuf);
1965 			else
1966 				(void) zfs_standard_error(hdl, EBUSY, errbuf);
1967 			break;
1968 
1969 		case EROFS:
1970 			(void) zfs_error(hdl, EZFS_DSREADONLY, errbuf);
1971 			break;
1972 
1973 		case ENOTSUP:
1974 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1975 			    "pool must be upgraded to allow gzip compression"));
1976 			(void) zfs_error(hdl, EZFS_BADVERSION, errbuf);
1977 			break;
1978 
1979 		case EOVERFLOW:
1980 			/*
1981 			 * This platform can't address a volume this big.
1982 			 */
1983 #ifdef _ILP32
1984 			if (prop == ZFS_PROP_VOLSIZE) {
1985 				(void) zfs_error(hdl, EZFS_VOLTOOBIG, errbuf);
1986 				break;
1987 			}
1988 #endif
1989 			/* FALLTHROUGH */
1990 		default:
1991 			(void) zfs_standard_error(hdl, errno, errbuf);
1992 		}
1993 	} else {
1994 		/*
1995 		 * Refresh the statistics so the new property value
1996 		 * is reflected.
1997 		 */
1998 		if ((ret = changelist_postfix(cl)) == 0)
1999 			(void) get_stats(zhp);
2000 	}
2001 
2002 error:
2003 	nvlist_free(nvl);
2004 	zcmd_free_nvlists(&zc);
2005 	if (cl)
2006 		changelist_free(cl);
2007 	return (ret);
2008 }
2009 
2010 /*
2011  * Given a property, inherit the value from the parent dataset.
2012  */
2013 int
2014 zfs_prop_inherit(zfs_handle_t *zhp, const char *propname)
2015 {
2016 	zfs_cmd_t zc = { 0 };
2017 	int ret;
2018 	prop_changelist_t *cl;
2019 	libzfs_handle_t *hdl = zhp->zfs_hdl;
2020 	char errbuf[1024];
2021 	zfs_prop_t prop;
2022 
2023 	(void) snprintf(errbuf, sizeof (errbuf), dgettext(TEXT_DOMAIN,
2024 	    "cannot inherit %s for '%s'"), propname, zhp->zfs_name);
2025 
2026 	if ((prop = zfs_name_to_prop(propname)) == ZFS_PROP_INVAL) {
2027 		/*
2028 		 * For user properties, the amount of work we have to do is very
2029 		 * small, so just do it here.
2030 		 */
2031 		if (!zfs_prop_user(propname)) {
2032 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
2033 			    "invalid property"));
2034 			return (zfs_error(hdl, EZFS_BADPROP, errbuf));
2035 		}
2036 
2037 		(void) strlcpy(zc.zc_name, zhp->zfs_name, sizeof (zc.zc_name));
2038 		(void) strlcpy(zc.zc_value, propname, sizeof (zc.zc_value));
2039 
2040 		if (zfs_ioctl(zhp->zfs_hdl, ZFS_IOC_SET_PROP, &zc) != 0)
2041 			return (zfs_standard_error(hdl, errno, errbuf));
2042 
2043 		return (0);
2044 	}
2045 
2046 	/*
2047 	 * Verify that this property is inheritable.
2048 	 */
2049 	if (zfs_prop_readonly(prop))
2050 		return (zfs_error(hdl, EZFS_PROPREADONLY, errbuf));
2051 
2052 	if (!zfs_prop_inheritable(prop))
2053 		return (zfs_error(hdl, EZFS_PROPNONINHERIT, errbuf));
2054 
2055 	/*
2056 	 * Check to see if the value applies to this type
2057 	 */
2058 	if (!zfs_prop_valid_for_type(prop, zhp->zfs_type))
2059 		return (zfs_error(hdl, EZFS_PROPTYPE, errbuf));
2060 
2061 	/*
2062 	 * Normalize the name, to get rid of shorthand abbrevations.
2063 	 */
2064 	propname = zfs_prop_to_name(prop);
2065 	(void) strlcpy(zc.zc_name, zhp->zfs_name, sizeof (zc.zc_name));
2066 	(void) strlcpy(zc.zc_value, propname, sizeof (zc.zc_value));
2067 
2068 	if (prop == ZFS_PROP_MOUNTPOINT && getzoneid() == GLOBAL_ZONEID &&
2069 	    zfs_prop_get_int(zhp, ZFS_PROP_ZONED)) {
2070 		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
2071 		    "dataset is used in a non-global zone"));
2072 		return (zfs_error(hdl, EZFS_ZONED, errbuf));
2073 	}
2074 
2075 	/*
2076 	 * Determine datasets which will be affected by this change, if any.
2077 	 */
2078 	if ((cl = changelist_gather(zhp, prop, 0)) == NULL)
2079 		return (-1);
2080 
2081 	if (prop == ZFS_PROP_MOUNTPOINT && changelist_haszonedchild(cl)) {
2082 		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
2083 		    "child dataset with inherited mountpoint is used "
2084 		    "in a non-global zone"));
2085 		ret = zfs_error(hdl, EZFS_ZONED, errbuf);
2086 		goto error;
2087 	}
2088 
2089 	if ((ret = changelist_prefix(cl)) != 0)
2090 		goto error;
2091 
2092 	if ((ret = zfs_ioctl(zhp->zfs_hdl, ZFS_IOC_SET_PROP, &zc)) != 0) {
2093 		return (zfs_standard_error(hdl, errno, errbuf));
2094 	} else {
2095 
2096 		if ((ret = changelist_postfix(cl)) != 0)
2097 			goto error;
2098 
2099 		/*
2100 		 * Refresh the statistics so the new property is reflected.
2101 		 */
2102 		(void) get_stats(zhp);
2103 	}
2104 
2105 error:
2106 	changelist_free(cl);
2107 	return (ret);
2108 }
2109 
2110 void
2111 nicebool(int value, char *buf, size_t buflen)
2112 {
2113 	if (value)
2114 		(void) strlcpy(buf, "on", buflen);
2115 	else
2116 		(void) strlcpy(buf, "off", buflen);
2117 }
2118 
2119 /*
2120  * True DSL properties are stored in an nvlist.  The following two functions
2121  * extract them appropriately.
2122  */
2123 static uint64_t
2124 getprop_uint64(zfs_handle_t *zhp, zfs_prop_t prop, char **source)
2125 {
2126 	nvlist_t *nv;
2127 	uint64_t value;
2128 
2129 	*source = NULL;
2130 	if (nvlist_lookup_nvlist(zhp->zfs_props,
2131 	    zfs_prop_to_name(prop), &nv) == 0) {
2132 		verify(nvlist_lookup_uint64(nv, ZFS_PROP_VALUE, &value) == 0);
2133 		(void) nvlist_lookup_string(nv, ZFS_PROP_SOURCE, source);
2134 	} else {
2135 		value = zfs_prop_default_numeric(prop);
2136 		*source = "";
2137 	}
2138 
2139 	return (value);
2140 }
2141 
2142 static char *
2143 getprop_string(zfs_handle_t *zhp, zfs_prop_t prop, char **source)
2144 {
2145 	nvlist_t *nv;
2146 	char *value;
2147 
2148 	*source = NULL;
2149 	if (nvlist_lookup_nvlist(zhp->zfs_props,
2150 	    zfs_prop_to_name(prop), &nv) == 0) {
2151 		verify(nvlist_lookup_string(nv, ZFS_PROP_VALUE, &value) == 0);
2152 		(void) nvlist_lookup_string(nv, ZFS_PROP_SOURCE, source);
2153 	} else {
2154 		if ((value = (char *)zfs_prop_default_string(prop)) == NULL)
2155 			value = "";
2156 		*source = "";
2157 	}
2158 
2159 	return (value);
2160 }
2161 
2162 /*
2163  * Internal function for getting a numeric property.  Both zfs_prop_get() and
2164  * zfs_prop_get_int() are built using this interface.
2165  *
2166  * Certain properties can be overridden using 'mount -o'.  In this case, scan
2167  * the contents of the /etc/mnttab entry, searching for the appropriate options.
2168  * If they differ from the on-disk values, report the current values and mark
2169  * the source "temporary".
2170  */
2171 static int
2172 get_numeric_property(zfs_handle_t *zhp, zfs_prop_t prop, zfs_source_t *src,
2173     char **source, uint64_t *val)
2174 {
2175 	struct mnttab mnt;
2176 	char *mntopt_on = NULL;
2177 	char *mntopt_off = NULL;
2178 
2179 	*source = NULL;
2180 
2181 	switch (prop) {
2182 	case ZFS_PROP_ATIME:
2183 		mntopt_on = MNTOPT_ATIME;
2184 		mntopt_off = MNTOPT_NOATIME;
2185 		break;
2186 
2187 	case ZFS_PROP_DEVICES:
2188 		mntopt_on = MNTOPT_DEVICES;
2189 		mntopt_off = MNTOPT_NODEVICES;
2190 		break;
2191 
2192 	case ZFS_PROP_EXEC:
2193 		mntopt_on = MNTOPT_EXEC;
2194 		mntopt_off = MNTOPT_NOEXEC;
2195 		break;
2196 
2197 	case ZFS_PROP_READONLY:
2198 		mntopt_on = MNTOPT_RO;
2199 		mntopt_off = MNTOPT_RW;
2200 		break;
2201 
2202 	case ZFS_PROP_SETUID:
2203 		mntopt_on = MNTOPT_SETUID;
2204 		mntopt_off = MNTOPT_NOSETUID;
2205 		break;
2206 
2207 	case ZFS_PROP_XATTR:
2208 		mntopt_on = MNTOPT_XATTR;
2209 		mntopt_off = MNTOPT_NOXATTR;
2210 		break;
2211 	}
2212 
2213 	/*
2214 	 * Because looking up the mount options is potentially expensive
2215 	 * (iterating over all of /etc/mnttab), we defer its calculation until
2216 	 * we're looking up a property which requires its presence.
2217 	 */
2218 	if (!zhp->zfs_mntcheck &&
2219 	    (mntopt_on != NULL || prop == ZFS_PROP_MOUNTED)) {
2220 		struct mnttab entry, search = { 0 };
2221 		FILE *mnttab = zhp->zfs_hdl->libzfs_mnttab;
2222 
2223 		search.mnt_special = (char *)zhp->zfs_name;
2224 		search.mnt_fstype = MNTTYPE_ZFS;
2225 		rewind(mnttab);
2226 
2227 		if (getmntany(mnttab, &entry, &search) == 0) {
2228 			zhp->zfs_mntopts = zfs_strdup(zhp->zfs_hdl,
2229 			    entry.mnt_mntopts);
2230 			if (zhp->zfs_mntopts == NULL)
2231 				return (-1);
2232 		}
2233 
2234 		zhp->zfs_mntcheck = B_TRUE;
2235 	}
2236 
2237 	if (zhp->zfs_mntopts == NULL)
2238 		mnt.mnt_mntopts = "";
2239 	else
2240 		mnt.mnt_mntopts = zhp->zfs_mntopts;
2241 
2242 	switch (prop) {
2243 	case ZFS_PROP_ATIME:
2244 	case ZFS_PROP_DEVICES:
2245 	case ZFS_PROP_EXEC:
2246 	case ZFS_PROP_READONLY:
2247 	case ZFS_PROP_SETUID:
2248 	case ZFS_PROP_XATTR:
2249 		*val = getprop_uint64(zhp, prop, source);
2250 
2251 		if (hasmntopt(&mnt, mntopt_on) && !*val) {
2252 			*val = B_TRUE;
2253 			if (src)
2254 				*src = ZFS_SRC_TEMPORARY;
2255 		} else if (hasmntopt(&mnt, mntopt_off) && *val) {
2256 			*val = B_FALSE;
2257 			if (src)
2258 				*src = ZFS_SRC_TEMPORARY;
2259 		}
2260 		break;
2261 
2262 	case ZFS_PROP_RECORDSIZE:
2263 	case ZFS_PROP_COMPRESSION:
2264 	case ZFS_PROP_ZONED:
2265 	case ZFS_PROP_CREATION:
2266 	case ZFS_PROP_COMPRESSRATIO:
2267 	case ZFS_PROP_REFERENCED:
2268 	case ZFS_PROP_USED:
2269 	case ZFS_PROP_CREATETXG:
2270 	case ZFS_PROP_AVAILABLE:
2271 	case ZFS_PROP_VOLSIZE:
2272 	case ZFS_PROP_VOLBLOCKSIZE:
2273 		*val = getprop_uint64(zhp, prop, source);
2274 		break;
2275 
2276 	case ZFS_PROP_CANMOUNT:
2277 		*val = getprop_uint64(zhp, prop, source);
2278 		if (*val == 0)
2279 			*source = zhp->zfs_name;
2280 		else
2281 			*source = "";	/* default */
2282 		break;
2283 
2284 	case ZFS_PROP_QUOTA:
2285 	case ZFS_PROP_RESERVATION:
2286 		*val = getprop_uint64(zhp, prop, source);
2287 		if (*val == 0)
2288 			*source = "";	/* default */
2289 		else
2290 			*source = zhp->zfs_name;
2291 		break;
2292 
2293 	case ZFS_PROP_MOUNTED:
2294 		*val = (zhp->zfs_mntopts != NULL);
2295 		break;
2296 
2297 	case ZFS_PROP_NUMCLONES:
2298 		*val = zhp->zfs_dmustats.dds_num_clones;
2299 		break;
2300 
2301 	default:
2302 		zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
2303 		    "cannot get non-numeric property"));
2304 		return (zfs_error(zhp->zfs_hdl, EZFS_BADPROP,
2305 		    dgettext(TEXT_DOMAIN, "internal error")));
2306 	}
2307 
2308 	return (0);
2309 }
2310 
2311 /*
2312  * Calculate the source type, given the raw source string.
2313  */
2314 static void
2315 get_source(zfs_handle_t *zhp, zfs_source_t *srctype, char *source,
2316     char *statbuf, size_t statlen)
2317 {
2318 	if (statbuf == NULL || *srctype == ZFS_SRC_TEMPORARY)
2319 		return;
2320 
2321 	if (source == NULL) {
2322 		*srctype = ZFS_SRC_NONE;
2323 	} else if (source[0] == '\0') {
2324 		*srctype = ZFS_SRC_DEFAULT;
2325 	} else {
2326 		if (strcmp(source, zhp->zfs_name) == 0) {
2327 			*srctype = ZFS_SRC_LOCAL;
2328 		} else {
2329 			(void) strlcpy(statbuf, source, statlen);
2330 			*srctype = ZFS_SRC_INHERITED;
2331 		}
2332 	}
2333 
2334 }
2335 
2336 /*
2337  * Retrieve a property from the given object.  If 'literal' is specified, then
2338  * numbers are left as exact values.  Otherwise, numbers are converted to a
2339  * human-readable form.
2340  *
2341  * Returns 0 on success, or -1 on error.
2342  */
2343 int
2344 zfs_prop_get(zfs_handle_t *zhp, zfs_prop_t prop, char *propbuf, size_t proplen,
2345     zfs_source_t *src, char *statbuf, size_t statlen, boolean_t literal)
2346 {
2347 	char *source = NULL;
2348 	uint64_t val;
2349 	char *str;
2350 	const char *root;
2351 	const char *strval;
2352 
2353 	/*
2354 	 * Check to see if this property applies to our object
2355 	 */
2356 	if (!zfs_prop_valid_for_type(prop, zhp->zfs_type))
2357 		return (-1);
2358 
2359 	if (src)
2360 		*src = ZFS_SRC_NONE;
2361 
2362 	switch (prop) {
2363 	case ZFS_PROP_ATIME:
2364 	case ZFS_PROP_READONLY:
2365 	case ZFS_PROP_SETUID:
2366 	case ZFS_PROP_ZONED:
2367 	case ZFS_PROP_DEVICES:
2368 	case ZFS_PROP_EXEC:
2369 	case ZFS_PROP_CANMOUNT:
2370 	case ZFS_PROP_XATTR:
2371 		/*
2372 		 * Basic boolean values are built on top of
2373 		 * get_numeric_property().
2374 		 */
2375 		if (get_numeric_property(zhp, prop, src, &source, &val) != 0)
2376 			return (-1);
2377 		nicebool(val, propbuf, proplen);
2378 
2379 		break;
2380 
2381 	case ZFS_PROP_AVAILABLE:
2382 	case ZFS_PROP_RECORDSIZE:
2383 	case ZFS_PROP_CREATETXG:
2384 	case ZFS_PROP_REFERENCED:
2385 	case ZFS_PROP_USED:
2386 	case ZFS_PROP_VOLSIZE:
2387 	case ZFS_PROP_VOLBLOCKSIZE:
2388 	case ZFS_PROP_NUMCLONES:
2389 		/*
2390 		 * Basic numeric values are built on top of
2391 		 * get_numeric_property().
2392 		 */
2393 		if (get_numeric_property(zhp, prop, src, &source, &val) != 0)
2394 			return (-1);
2395 		if (literal)
2396 			(void) snprintf(propbuf, proplen, "%llu",
2397 			    (u_longlong_t)val);
2398 		else
2399 			zfs_nicenum(val, propbuf, proplen);
2400 		break;
2401 
2402 	case ZFS_PROP_COMPRESSION:
2403 	case ZFS_PROP_CHECKSUM:
2404 	case ZFS_PROP_SNAPDIR:
2405 	case ZFS_PROP_ACLMODE:
2406 	case ZFS_PROP_ACLINHERIT:
2407 	case ZFS_PROP_COPIES:
2408 		val = getprop_uint64(zhp, prop, &source);
2409 		verify(zfs_prop_index_to_string(prop, val, &strval) == 0);
2410 		(void) strlcpy(propbuf, strval, proplen);
2411 		break;
2412 
2413 	case ZFS_PROP_CREATION:
2414 		/*
2415 		 * 'creation' is a time_t stored in the statistics.  We convert
2416 		 * this into a string unless 'literal' is specified.
2417 		 */
2418 		{
2419 			val = getprop_uint64(zhp, prop, &source);
2420 			time_t time = (time_t)val;
2421 			struct tm t;
2422 
2423 			if (literal ||
2424 			    localtime_r(&time, &t) == NULL ||
2425 			    strftime(propbuf, proplen, "%a %b %e %k:%M %Y",
2426 			    &t) == 0)
2427 				(void) snprintf(propbuf, proplen, "%llu", val);
2428 		}
2429 		break;
2430 
2431 	case ZFS_PROP_MOUNTPOINT:
2432 		/*
2433 		 * Getting the precise mountpoint can be tricky.
2434 		 *
2435 		 *  - for 'none' or 'legacy', return those values.
2436 		 *  - for default mountpoints, construct it as /zfs/<dataset>
2437 		 *  - for inherited mountpoints, we want to take everything
2438 		 *    after our ancestor and append it to the inherited value.
2439 		 *
2440 		 * If the pool has an alternate root, we want to prepend that
2441 		 * root to any values we return.
2442 		 */
2443 		root = zhp->zfs_root;
2444 		str = getprop_string(zhp, prop, &source);
2445 
2446 		if (str[0] == '\0') {
2447 			(void) snprintf(propbuf, proplen, "%s/zfs/%s",
2448 			    root, zhp->zfs_name);
2449 		} else if (str[0] == '/') {
2450 			const char *relpath = zhp->zfs_name + strlen(source);
2451 
2452 			if (relpath[0] == '/')
2453 				relpath++;
2454 			if (str[1] == '\0')
2455 				str++;
2456 
2457 			if (relpath[0] == '\0')
2458 				(void) snprintf(propbuf, proplen, "%s%s",
2459 				    root, str);
2460 			else
2461 				(void) snprintf(propbuf, proplen, "%s%s%s%s",
2462 				    root, str, relpath[0] == '@' ? "" : "/",
2463 				    relpath);
2464 		} else {
2465 			/* 'legacy' or 'none' */
2466 			(void) strlcpy(propbuf, str, proplen);
2467 		}
2468 
2469 		break;
2470 
2471 	case ZFS_PROP_SHARENFS:
2472 	case ZFS_PROP_SHAREISCSI:
2473 	case ZFS_PROP_ISCSIOPTIONS:
2474 		(void) strlcpy(propbuf, getprop_string(zhp, prop, &source),
2475 		    proplen);
2476 		break;
2477 
2478 	case ZFS_PROP_ORIGIN:
2479 		(void) strlcpy(propbuf, getprop_string(zhp, prop, &source),
2480 		    proplen);
2481 		/*
2482 		 * If there is no parent at all, return failure to indicate that
2483 		 * it doesn't apply to this dataset.
2484 		 */
2485 		if (propbuf[0] == '\0')
2486 			return (-1);
2487 		break;
2488 
2489 	case ZFS_PROP_QUOTA:
2490 	case ZFS_PROP_RESERVATION:
2491 		if (get_numeric_property(zhp, prop, src, &source, &val) != 0)
2492 			return (-1);
2493 
2494 		/*
2495 		 * If quota or reservation is 0, we translate this into 'none'
2496 		 * (unless literal is set), and indicate that it's the default
2497 		 * value.  Otherwise, we print the number nicely and indicate
2498 		 * that its set locally.
2499 		 */
2500 		if (val == 0) {
2501 			if (literal)
2502 				(void) strlcpy(propbuf, "0", proplen);
2503 			else
2504 				(void) strlcpy(propbuf, "none", proplen);
2505 		} else {
2506 			if (literal)
2507 				(void) snprintf(propbuf, proplen, "%llu",
2508 				    (u_longlong_t)val);
2509 			else
2510 				zfs_nicenum(val, propbuf, proplen);
2511 		}
2512 		break;
2513 
2514 	case ZFS_PROP_COMPRESSRATIO:
2515 		if (get_numeric_property(zhp, prop, src, &source, &val) != 0)
2516 			return (-1);
2517 		(void) snprintf(propbuf, proplen, "%lld.%02lldx", (longlong_t)
2518 		    val / 100, (longlong_t)val % 100);
2519 		break;
2520 
2521 	case ZFS_PROP_TYPE:
2522 		switch (zhp->zfs_type) {
2523 		case ZFS_TYPE_FILESYSTEM:
2524 			str = "filesystem";
2525 			break;
2526 		case ZFS_TYPE_VOLUME:
2527 			str = "volume";
2528 			break;
2529 		case ZFS_TYPE_SNAPSHOT:
2530 			str = "snapshot";
2531 			break;
2532 		default:
2533 			abort();
2534 		}
2535 		(void) snprintf(propbuf, proplen, "%s", str);
2536 		break;
2537 
2538 	case ZFS_PROP_MOUNTED:
2539 		/*
2540 		 * The 'mounted' property is a pseudo-property that described
2541 		 * whether the filesystem is currently mounted.  Even though
2542 		 * it's a boolean value, the typical values of "on" and "off"
2543 		 * don't make sense, so we translate to "yes" and "no".
2544 		 */
2545 		if (get_numeric_property(zhp, ZFS_PROP_MOUNTED,
2546 		    src, &source, &val) != 0)
2547 			return (-1);
2548 		if (val)
2549 			(void) strlcpy(propbuf, "yes", proplen);
2550 		else
2551 			(void) strlcpy(propbuf, "no", proplen);
2552 		break;
2553 
2554 	case ZFS_PROP_NAME:
2555 		/*
2556 		 * The 'name' property is a pseudo-property derived from the
2557 		 * dataset name.  It is presented as a real property to simplify
2558 		 * consumers.
2559 		 */
2560 		(void) strlcpy(propbuf, zhp->zfs_name, proplen);
2561 		break;
2562 
2563 	default:
2564 		abort();
2565 	}
2566 
2567 	get_source(zhp, src, source, statbuf, statlen);
2568 
2569 	return (0);
2570 }
2571 
2572 /*
2573  * Utility function to get the given numeric property.  Does no validation that
2574  * the given property is the appropriate type; should only be used with
2575  * hard-coded property types.
2576  */
2577 uint64_t
2578 zfs_prop_get_int(zfs_handle_t *zhp, zfs_prop_t prop)
2579 {
2580 	char *source;
2581 	zfs_source_t sourcetype = ZFS_SRC_NONE;
2582 	uint64_t val;
2583 
2584 	(void) get_numeric_property(zhp, prop, &sourcetype, &source, &val);
2585 
2586 	return (val);
2587 }
2588 
2589 /*
2590  * Similar to zfs_prop_get(), but returns the value as an integer.
2591  */
2592 int
2593 zfs_prop_get_numeric(zfs_handle_t *zhp, zfs_prop_t prop, uint64_t *value,
2594     zfs_source_t *src, char *statbuf, size_t statlen)
2595 {
2596 	char *source;
2597 
2598 	/*
2599 	 * Check to see if this property applies to our object
2600 	 */
2601 	if (!zfs_prop_valid_for_type(prop, zhp->zfs_type))
2602 		return (zfs_error_fmt(zhp->zfs_hdl, EZFS_PROPTYPE,
2603 		    dgettext(TEXT_DOMAIN, "cannot get property '%s'"),
2604 		    zfs_prop_to_name(prop)));
2605 
2606 	if (src)
2607 		*src = ZFS_SRC_NONE;
2608 
2609 	if (get_numeric_property(zhp, prop, src, &source, value) != 0)
2610 		return (-1);
2611 
2612 	get_source(zhp, src, source, statbuf, statlen);
2613 
2614 	return (0);
2615 }
2616 
2617 /*
2618  * Returns the name of the given zfs handle.
2619  */
2620 const char *
2621 zfs_get_name(const zfs_handle_t *zhp)
2622 {
2623 	return (zhp->zfs_name);
2624 }
2625 
2626 /*
2627  * Returns the type of the given zfs handle.
2628  */
2629 zfs_type_t
2630 zfs_get_type(const zfs_handle_t *zhp)
2631 {
2632 	return (zhp->zfs_type);
2633 }
2634 
2635 /*
2636  * Iterate over all child filesystems
2637  */
2638 int
2639 zfs_iter_filesystems(zfs_handle_t *zhp, zfs_iter_f func, void *data)
2640 {
2641 	zfs_cmd_t zc = { 0 };
2642 	zfs_handle_t *nzhp;
2643 	int ret;
2644 
2645 	for ((void) strlcpy(zc.zc_name, zhp->zfs_name, sizeof (zc.zc_name));
2646 	    ioctl(zhp->zfs_hdl->libzfs_fd, ZFS_IOC_DATASET_LIST_NEXT, &zc) == 0;
2647 	    (void) strlcpy(zc.zc_name, zhp->zfs_name, sizeof (zc.zc_name))) {
2648 		/*
2649 		 * Ignore private dataset names.
2650 		 */
2651 		if (dataset_name_hidden(zc.zc_name))
2652 			continue;
2653 
2654 		/*
2655 		 * Silently ignore errors, as the only plausible explanation is
2656 		 * that the pool has since been removed.
2657 		 */
2658 		if ((nzhp = make_dataset_handle(zhp->zfs_hdl,
2659 		    zc.zc_name)) == NULL)
2660 			continue;
2661 
2662 		if ((ret = func(nzhp, data)) != 0)
2663 			return (ret);
2664 	}
2665 
2666 	/*
2667 	 * An errno value of ESRCH indicates normal completion.  If ENOENT is
2668 	 * returned, then the underlying dataset has been removed since we
2669 	 * obtained the handle.
2670 	 */
2671 	if (errno != ESRCH && errno != ENOENT)
2672 		return (zfs_standard_error(zhp->zfs_hdl, errno,
2673 		    dgettext(TEXT_DOMAIN, "cannot iterate filesystems")));
2674 
2675 	return (0);
2676 }
2677 
2678 /*
2679  * Iterate over all snapshots
2680  */
2681 int
2682 zfs_iter_snapshots(zfs_handle_t *zhp, zfs_iter_f func, void *data)
2683 {
2684 	zfs_cmd_t zc = { 0 };
2685 	zfs_handle_t *nzhp;
2686 	int ret;
2687 
2688 	for ((void) strlcpy(zc.zc_name, zhp->zfs_name, sizeof (zc.zc_name));
2689 	    ioctl(zhp->zfs_hdl->libzfs_fd, ZFS_IOC_SNAPSHOT_LIST_NEXT,
2690 	    &zc) == 0;
2691 	    (void) strlcpy(zc.zc_name, zhp->zfs_name, sizeof (zc.zc_name))) {
2692 
2693 		if ((nzhp = make_dataset_handle(zhp->zfs_hdl,
2694 		    zc.zc_name)) == NULL)
2695 			continue;
2696 
2697 		if ((ret = func(nzhp, data)) != 0)
2698 			return (ret);
2699 	}
2700 
2701 	/*
2702 	 * An errno value of ESRCH indicates normal completion.  If ENOENT is
2703 	 * returned, then the underlying dataset has been removed since we
2704 	 * obtained the handle.  Silently ignore this case, and return success.
2705 	 */
2706 	if (errno != ESRCH && errno != ENOENT)
2707 		return (zfs_standard_error(zhp->zfs_hdl, errno,
2708 		    dgettext(TEXT_DOMAIN, "cannot iterate filesystems")));
2709 
2710 	return (0);
2711 }
2712 
2713 /*
2714  * Iterate over all children, snapshots and filesystems
2715  */
2716 int
2717 zfs_iter_children(zfs_handle_t *zhp, zfs_iter_f func, void *data)
2718 {
2719 	int ret;
2720 
2721 	if ((ret = zfs_iter_filesystems(zhp, func, data)) != 0)
2722 		return (ret);
2723 
2724 	return (zfs_iter_snapshots(zhp, func, data));
2725 }
2726 
2727 /*
2728  * Given a complete name, return just the portion that refers to the parent.
2729  * Can return NULL if this is a pool.
2730  */
2731 static int
2732 parent_name(const char *path, char *buf, size_t buflen)
2733 {
2734 	char *loc;
2735 
2736 	if ((loc = strrchr(path, '/')) == NULL)
2737 		return (-1);
2738 
2739 	(void) strncpy(buf, path, MIN(buflen, loc - path));
2740 	buf[loc - path] = '\0';
2741 
2742 	return (0);
2743 }
2744 
2745 /*
2746  * If accept_ancestor is false, then check to make sure that the given path has
2747  * a parent, and that it exists.  If accept_ancestor is true, then find the
2748  * closest existing ancestor for the given path.  In prefixlen return the
2749  * length of already existing prefix of the given path.  We also fetch the
2750  * 'zoned' property, which is used to validate property settings when creating
2751  * new datasets.
2752  */
2753 static int
2754 check_parents(libzfs_handle_t *hdl, const char *path, uint64_t *zoned,
2755     boolean_t accept_ancestor, int *prefixlen)
2756 {
2757 	zfs_cmd_t zc = { 0 };
2758 	char parent[ZFS_MAXNAMELEN];
2759 	char *slash;
2760 	zfs_handle_t *zhp;
2761 	char errbuf[1024];
2762 
2763 	(void) snprintf(errbuf, sizeof (errbuf), "cannot create '%s'",
2764 	    path);
2765 
2766 	/* get parent, and check to see if this is just a pool */
2767 	if (parent_name(path, parent, sizeof (parent)) != 0) {
2768 		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
2769 		    "missing dataset name"));
2770 		return (zfs_error(hdl, EZFS_INVALIDNAME, errbuf));
2771 	}
2772 
2773 	/* check to see if the pool exists */
2774 	if ((slash = strchr(parent, '/')) == NULL)
2775 		slash = parent + strlen(parent);
2776 	(void) strncpy(zc.zc_name, parent, slash - parent);
2777 	zc.zc_name[slash - parent] = '\0';
2778 	if (ioctl(hdl->libzfs_fd, ZFS_IOC_OBJSET_STATS, &zc) != 0 &&
2779 	    errno == ENOENT) {
2780 		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
2781 		    "no such pool '%s'"), zc.zc_name);
2782 		return (zfs_error(hdl, EZFS_NOENT, errbuf));
2783 	}
2784 
2785 	/* check to see if the parent dataset exists */
2786 	while ((zhp = make_dataset_handle(hdl, parent)) == NULL) {
2787 		if (errno == ENOENT && accept_ancestor) {
2788 			/*
2789 			 * Go deeper to find an ancestor, give up on top level.
2790 			 */
2791 			if (parent_name(parent, parent, sizeof (parent)) != 0) {
2792 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
2793 				    "no such pool '%s'"), zc.zc_name);
2794 				return (zfs_error(hdl, EZFS_NOENT, errbuf));
2795 			}
2796 		} else if (errno == ENOENT) {
2797 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
2798 			    "parent does not exist"));
2799 			return (zfs_error(hdl, EZFS_NOENT, errbuf));
2800 		} else
2801 			return (zfs_standard_error(hdl, errno, errbuf));
2802 	}
2803 
2804 	*zoned = zfs_prop_get_int(zhp, ZFS_PROP_ZONED);
2805 	/* we are in a non-global zone, but parent is in the global zone */
2806 	if (getzoneid() != GLOBAL_ZONEID && !(*zoned)) {
2807 		(void) zfs_standard_error(hdl, EPERM, errbuf);
2808 		zfs_close(zhp);
2809 		return (-1);
2810 	}
2811 
2812 	/* make sure parent is a filesystem */
2813 	if (zfs_get_type(zhp) != ZFS_TYPE_FILESYSTEM) {
2814 		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
2815 		    "parent is not a filesystem"));
2816 		(void) zfs_error(hdl, EZFS_BADTYPE, errbuf);
2817 		zfs_close(zhp);
2818 		return (-1);
2819 	}
2820 
2821 	zfs_close(zhp);
2822 	if (prefixlen != NULL)
2823 		*prefixlen = strlen(parent);
2824 	return (0);
2825 }
2826 
2827 /*
2828  * Finds whether the dataset of the given type(s) exists.
2829  */
2830 boolean_t
2831 zfs_dataset_exists(libzfs_handle_t *hdl, const char *path, zfs_type_t types)
2832 {
2833 	zfs_handle_t *zhp;
2834 
2835 	if (!zfs_validate_name(hdl, path, types))
2836 		return (B_FALSE);
2837 
2838 	/*
2839 	 * Try to get stats for the dataset, which will tell us if it exists.
2840 	 */
2841 	if ((zhp = make_dataset_handle(hdl, path)) != NULL) {
2842 		int ds_type = zhp->zfs_type;
2843 
2844 		zfs_close(zhp);
2845 		if (types & ds_type)
2846 			return (B_TRUE);
2847 	}
2848 	return (B_FALSE);
2849 }
2850 
2851 /*
2852  * Creates non-existing ancestors of the given path.
2853  */
2854 int
2855 zfs_create_ancestors(libzfs_handle_t *hdl, const char *path)
2856 {
2857 	int prefix;
2858 	uint64_t zoned;
2859 	char *path_copy;
2860 	int rc;
2861 
2862 	if (check_parents(hdl, path, &zoned, B_TRUE, &prefix) != 0)
2863 		return (-1);
2864 
2865 	if ((path_copy = strdup(path)) != NULL) {
2866 		rc = create_parents(hdl, path_copy, prefix);
2867 		free(path_copy);
2868 	}
2869 	if (path_copy == NULL || rc != 0)
2870 		return (-1);
2871 
2872 	return (0);
2873 }
2874 
2875 /*
2876  * Create a new filesystem or volume.
2877  */
2878 int
2879 zfs_create(libzfs_handle_t *hdl, const char *path, zfs_type_t type,
2880     nvlist_t *props)
2881 {
2882 	zfs_cmd_t zc = { 0 };
2883 	int ret;
2884 	uint64_t size = 0;
2885 	uint64_t blocksize = zfs_prop_default_numeric(ZFS_PROP_VOLBLOCKSIZE);
2886 	char errbuf[1024];
2887 	uint64_t zoned;
2888 
2889 	(void) snprintf(errbuf, sizeof (errbuf), dgettext(TEXT_DOMAIN,
2890 	    "cannot create '%s'"), path);
2891 
2892 	/* validate the path, taking care to note the extended error message */
2893 	if (!zfs_validate_name(hdl, path, type))
2894 		return (zfs_error(hdl, EZFS_INVALIDNAME, errbuf));
2895 
2896 	/* validate parents exist */
2897 	if (check_parents(hdl, path, &zoned, B_FALSE, NULL) != 0)
2898 		return (-1);
2899 
2900 	/*
2901 	 * The failure modes when creating a dataset of a different type over
2902 	 * one that already exists is a little strange.  In particular, if you
2903 	 * try to create a dataset on top of an existing dataset, the ioctl()
2904 	 * will return ENOENT, not EEXIST.  To prevent this from happening, we
2905 	 * first try to see if the dataset exists.
2906 	 */
2907 	(void) strlcpy(zc.zc_name, path, sizeof (zc.zc_name));
2908 	if (zfs_dataset_exists(hdl, zc.zc_name, ZFS_TYPE_ANY)) {
2909 		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
2910 		    "dataset already exists"));
2911 		return (zfs_error(hdl, EZFS_EXISTS, errbuf));
2912 	}
2913 
2914 	if (type == ZFS_TYPE_VOLUME)
2915 		zc.zc_objset_type = DMU_OST_ZVOL;
2916 	else
2917 		zc.zc_objset_type = DMU_OST_ZFS;
2918 
2919 	if (props && (props = zfs_validate_properties(hdl, type, NULL, props,
2920 	    zoned, NULL, errbuf)) == 0)
2921 		return (-1);
2922 
2923 	if (type == ZFS_TYPE_VOLUME) {
2924 		/*
2925 		 * If we are creating a volume, the size and block size must
2926 		 * satisfy a few restraints.  First, the blocksize must be a
2927 		 * valid block size between SPA_{MIN,MAX}BLOCKSIZE.  Second, the
2928 		 * volsize must be a multiple of the block size, and cannot be
2929 		 * zero.
2930 		 */
2931 		if (props == NULL || nvlist_lookup_uint64(props,
2932 		    zfs_prop_to_name(ZFS_PROP_VOLSIZE), &size) != 0) {
2933 			nvlist_free(props);
2934 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
2935 			    "missing volume size"));
2936 			return (zfs_error(hdl, EZFS_BADPROP, errbuf));
2937 		}
2938 
2939 		if ((ret = nvlist_lookup_uint64(props,
2940 		    zfs_prop_to_name(ZFS_PROP_VOLBLOCKSIZE),
2941 		    &blocksize)) != 0) {
2942 			if (ret == ENOENT) {
2943 				blocksize = zfs_prop_default_numeric(
2944 				    ZFS_PROP_VOLBLOCKSIZE);
2945 			} else {
2946 				nvlist_free(props);
2947 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
2948 				    "missing volume block size"));
2949 				return (zfs_error(hdl, EZFS_BADPROP, errbuf));
2950 			}
2951 		}
2952 
2953 		if (size == 0) {
2954 			nvlist_free(props);
2955 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
2956 			    "volume size cannot be zero"));
2957 			return (zfs_error(hdl, EZFS_BADPROP, errbuf));
2958 		}
2959 
2960 		if (size % blocksize != 0) {
2961 			nvlist_free(props);
2962 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
2963 			    "volume size must be a multiple of volume block "
2964 			    "size"));
2965 			return (zfs_error(hdl, EZFS_BADPROP, errbuf));
2966 		}
2967 	}
2968 
2969 	if (props &&
2970 	    zcmd_write_src_nvlist(hdl, &zc, props, NULL) != 0)
2971 		return (-1);
2972 	nvlist_free(props);
2973 
2974 	/* create the dataset */
2975 	ret = zfs_ioctl(hdl, ZFS_IOC_CREATE, &zc);
2976 
2977 	if (ret == 0 && type == ZFS_TYPE_VOLUME) {
2978 		ret = zvol_create_link(hdl, path);
2979 		if (ret) {
2980 			(void) zfs_standard_error(hdl, errno,
2981 			    dgettext(TEXT_DOMAIN,
2982 			    "Volume successfully created, but device links "
2983 			    "were not created"));
2984 			zcmd_free_nvlists(&zc);
2985 			return (-1);
2986 		}
2987 	}
2988 
2989 	zcmd_free_nvlists(&zc);
2990 
2991 	/* check for failure */
2992 	if (ret != 0) {
2993 		char parent[ZFS_MAXNAMELEN];
2994 		(void) parent_name(path, parent, sizeof (parent));
2995 
2996 		switch (errno) {
2997 		case ENOENT:
2998 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
2999 			    "no such parent '%s'"), parent);
3000 			return (zfs_error(hdl, EZFS_NOENT, errbuf));
3001 
3002 		case EINVAL:
3003 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
3004 			    "parent '%s' is not a filesystem"), parent);
3005 			return (zfs_error(hdl, EZFS_BADTYPE, errbuf));
3006 
3007 		case EDOM:
3008 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
3009 			    "volume block size must be power of 2 from "
3010 			    "%u to %uk"),
3011 			    (uint_t)SPA_MINBLOCKSIZE,
3012 			    (uint_t)SPA_MAXBLOCKSIZE >> 10);
3013 
3014 			return (zfs_error(hdl, EZFS_BADPROP, errbuf));
3015 
3016 #ifdef _ILP32
3017 		case EOVERFLOW:
3018 			/*
3019 			 * This platform can't address a volume this big.
3020 			 */
3021 			if (type == ZFS_TYPE_VOLUME)
3022 				return (zfs_error(hdl, EZFS_VOLTOOBIG,
3023 				    errbuf));
3024 #endif
3025 			/* FALLTHROUGH */
3026 		default:
3027 			return (zfs_standard_error(hdl, errno, errbuf));
3028 		}
3029 	}
3030 
3031 	return (0);
3032 }
3033 
3034 /*
3035  * Destroys the given dataset.  The caller must make sure that the filesystem
3036  * isn't mounted, and that there are no active dependents.
3037  */
3038 int
3039 zfs_destroy(zfs_handle_t *zhp)
3040 {
3041 	zfs_cmd_t zc = { 0 };
3042 
3043 	(void) strlcpy(zc.zc_name, zhp->zfs_name, sizeof (zc.zc_name));
3044 
3045 	if (ZFS_IS_VOLUME(zhp)) {
3046 		/*
3047 		 * If user doesn't have permissions to unshare volume, then
3048 		 * abort the request.  This would only happen for a
3049 		 * non-privileged user.
3050 		 */
3051 		if (zfs_unshare_iscsi(zhp) != 0) {
3052 			return (-1);
3053 		}
3054 
3055 		if (zvol_remove_link(zhp->zfs_hdl, zhp->zfs_name) != 0)
3056 			return (-1);
3057 
3058 		zc.zc_objset_type = DMU_OST_ZVOL;
3059 	} else {
3060 		zc.zc_objset_type = DMU_OST_ZFS;
3061 	}
3062 
3063 	if (zfs_ioctl(zhp->zfs_hdl, ZFS_IOC_DESTROY, &zc) != 0) {
3064 		return (zfs_standard_error_fmt(zhp->zfs_hdl, errno,
3065 		    dgettext(TEXT_DOMAIN, "cannot destroy '%s'"),
3066 		    zhp->zfs_name));
3067 	}
3068 
3069 	remove_mountpoint(zhp);
3070 
3071 	return (0);
3072 }
3073 
3074 struct destroydata {
3075 	char *snapname;
3076 	boolean_t gotone;
3077 	boolean_t closezhp;
3078 };
3079 
3080 static int
3081 zfs_remove_link_cb(zfs_handle_t *zhp, void *arg)
3082 {
3083 	struct destroydata *dd = arg;
3084 	zfs_handle_t *szhp;
3085 	char name[ZFS_MAXNAMELEN];
3086 	boolean_t closezhp = dd->closezhp;
3087 	int rv;
3088 
3089 	(void) strlcpy(name, zhp->zfs_name, sizeof (name));
3090 	(void) strlcat(name, "@", sizeof (name));
3091 	(void) strlcat(name, dd->snapname, sizeof (name));
3092 
3093 	szhp = make_dataset_handle(zhp->zfs_hdl, name);
3094 	if (szhp) {
3095 		dd->gotone = B_TRUE;
3096 		zfs_close(szhp);
3097 	}
3098 
3099 	if (zhp->zfs_type == ZFS_TYPE_VOLUME) {
3100 		(void) zvol_remove_link(zhp->zfs_hdl, name);
3101 		/*
3102 		 * NB: this is simply a best-effort.  We don't want to
3103 		 * return an error, because then we wouldn't visit all
3104 		 * the volumes.
3105 		 */
3106 	}
3107 
3108 	dd->closezhp = B_TRUE;
3109 	rv = zfs_iter_filesystems(zhp, zfs_remove_link_cb, arg);
3110 	if (closezhp)
3111 		zfs_close(zhp);
3112 	return (rv);
3113 }
3114 
3115 /*
3116  * Destroys all snapshots with the given name in zhp & descendants.
3117  */
3118 int
3119 zfs_destroy_snaps(zfs_handle_t *zhp, char *snapname)
3120 {
3121 	zfs_cmd_t zc = { 0 };
3122 	int ret;
3123 	struct destroydata dd = { 0 };
3124 
3125 	dd.snapname = snapname;
3126 	(void) zfs_remove_link_cb(zhp, &dd);
3127 
3128 	if (!dd.gotone) {
3129 		return (zfs_standard_error_fmt(zhp->zfs_hdl, ENOENT,
3130 		    dgettext(TEXT_DOMAIN, "cannot destroy '%s@%s'"),
3131 		    zhp->zfs_name, snapname));
3132 	}
3133 
3134 	(void) strlcpy(zc.zc_name, zhp->zfs_name, sizeof (zc.zc_name));
3135 	(void) strlcpy(zc.zc_value, snapname, sizeof (zc.zc_value));
3136 
3137 	ret = zfs_ioctl(zhp->zfs_hdl, ZFS_IOC_DESTROY_SNAPS, &zc);
3138 	if (ret != 0) {
3139 		char errbuf[1024];
3140 
3141 		(void) snprintf(errbuf, sizeof (errbuf), dgettext(TEXT_DOMAIN,
3142 		    "cannot destroy '%s@%s'"), zc.zc_name, snapname);
3143 
3144 		switch (errno) {
3145 		case EEXIST:
3146 			zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
3147 			    "snapshot is cloned"));
3148 			return (zfs_error(zhp->zfs_hdl, EZFS_EXISTS, errbuf));
3149 
3150 		default:
3151 			return (zfs_standard_error(zhp->zfs_hdl, errno,
3152 			    errbuf));
3153 		}
3154 	}
3155 
3156 	return (0);
3157 }
3158 
3159 /*
3160  * Clones the given dataset.  The target must be of the same type as the source.
3161  */
3162 int
3163 zfs_clone(zfs_handle_t *zhp, const char *target, nvlist_t *props)
3164 {
3165 	zfs_cmd_t zc = { 0 };
3166 	char parent[ZFS_MAXNAMELEN];
3167 	int ret;
3168 	char errbuf[1024];
3169 	libzfs_handle_t *hdl = zhp->zfs_hdl;
3170 	zfs_type_t type;
3171 	uint64_t zoned;
3172 
3173 	assert(zhp->zfs_type == ZFS_TYPE_SNAPSHOT);
3174 
3175 	(void) snprintf(errbuf, sizeof (errbuf), dgettext(TEXT_DOMAIN,
3176 	    "cannot create '%s'"), target);
3177 
3178 	/* validate the target name */
3179 	if (!zfs_validate_name(hdl, target, ZFS_TYPE_FILESYSTEM))
3180 		return (zfs_error(hdl, EZFS_INVALIDNAME, errbuf));
3181 
3182 	/* validate parents exist */
3183 	if (check_parents(hdl, target, &zoned, B_FALSE, NULL) != 0)
3184 		return (-1);
3185 
3186 	(void) parent_name(target, parent, sizeof (parent));
3187 
3188 	/* do the clone */
3189 	if (ZFS_IS_VOLUME(zhp)) {
3190 		zc.zc_objset_type = DMU_OST_ZVOL;
3191 		type = ZFS_TYPE_VOLUME;
3192 	} else {
3193 		zc.zc_objset_type = DMU_OST_ZFS;
3194 		type = ZFS_TYPE_FILESYSTEM;
3195 	}
3196 
3197 	if (props) {
3198 		if ((props = zfs_validate_properties(hdl, type, NULL, props,
3199 		    zoned, zhp, errbuf)) == NULL)
3200 			return (-1);
3201 
3202 		if (zcmd_write_src_nvlist(hdl, &zc, props, NULL) != 0) {
3203 			nvlist_free(props);
3204 			return (-1);
3205 		}
3206 
3207 		nvlist_free(props);
3208 	}
3209 
3210 	(void) strlcpy(zc.zc_name, target, sizeof (zc.zc_name));
3211 	(void) strlcpy(zc.zc_value, zhp->zfs_name, sizeof (zc.zc_value));
3212 	ret = zfs_ioctl(zhp->zfs_hdl, ZFS_IOC_CREATE, &zc);
3213 
3214 	zcmd_free_nvlists(&zc);
3215 
3216 	if (ret != 0) {
3217 		switch (errno) {
3218 
3219 		case ENOENT:
3220 			/*
3221 			 * The parent doesn't exist.  We should have caught this
3222 			 * above, but there may a race condition that has since
3223 			 * destroyed the parent.
3224 			 *
3225 			 * At this point, we don't know whether it's the source
3226 			 * that doesn't exist anymore, or whether the target
3227 			 * dataset doesn't exist.
3228 			 */
3229 			zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
3230 			    "no such parent '%s'"), parent);
3231 			return (zfs_error(zhp->zfs_hdl, EZFS_NOENT, errbuf));
3232 
3233 		case EXDEV:
3234 			zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
3235 			    "source and target pools differ"));
3236 			return (zfs_error(zhp->zfs_hdl, EZFS_CROSSTARGET,
3237 			    errbuf));
3238 
3239 		default:
3240 			return (zfs_standard_error(zhp->zfs_hdl, errno,
3241 			    errbuf));
3242 		}
3243 	} else if (ZFS_IS_VOLUME(zhp)) {
3244 		ret = zvol_create_link(zhp->zfs_hdl, target);
3245 	}
3246 
3247 	return (ret);
3248 }
3249 
3250 typedef struct promote_data {
3251 	char cb_mountpoint[MAXPATHLEN];
3252 	const char *cb_target;
3253 	const char *cb_errbuf;
3254 	uint64_t cb_pivot_txg;
3255 } promote_data_t;
3256 
3257 static int
3258 promote_snap_cb(zfs_handle_t *zhp, void *data)
3259 {
3260 	promote_data_t *pd = data;
3261 	zfs_handle_t *szhp;
3262 	char snapname[MAXPATHLEN];
3263 	int rv = 0;
3264 
3265 	/* We don't care about snapshots after the pivot point */
3266 	if (zfs_prop_get_int(zhp, ZFS_PROP_CREATETXG) > pd->cb_pivot_txg) {
3267 		zfs_close(zhp);
3268 		return (0);
3269 	}
3270 
3271 	/* Remove the device link if it's a zvol. */
3272 	if (ZFS_IS_VOLUME(zhp))
3273 		(void) zvol_remove_link(zhp->zfs_hdl, zhp->zfs_name);
3274 
3275 	/* Check for conflicting names */
3276 	(void) strlcpy(snapname, pd->cb_target, sizeof (snapname));
3277 	(void) strlcat(snapname, strchr(zhp->zfs_name, '@'), sizeof (snapname));
3278 	szhp = make_dataset_handle(zhp->zfs_hdl, snapname);
3279 	if (szhp != NULL) {
3280 		zfs_close(szhp);
3281 		zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
3282 		    "snapshot name '%s' from origin \n"
3283 		    "conflicts with '%s' from target"),
3284 		    zhp->zfs_name, snapname);
3285 		rv = zfs_error(zhp->zfs_hdl, EZFS_EXISTS, pd->cb_errbuf);
3286 	}
3287 	zfs_close(zhp);
3288 	return (rv);
3289 }
3290 
3291 static int
3292 promote_snap_done_cb(zfs_handle_t *zhp, void *data)
3293 {
3294 	promote_data_t *pd = data;
3295 
3296 	/* We don't care about snapshots after the pivot point */
3297 	if (zfs_prop_get_int(zhp, ZFS_PROP_CREATETXG) <= pd->cb_pivot_txg) {
3298 		/* Create the device link if it's a zvol. */
3299 		if (ZFS_IS_VOLUME(zhp))
3300 			(void) zvol_create_link(zhp->zfs_hdl, zhp->zfs_name);
3301 	}
3302 
3303 	zfs_close(zhp);
3304 	return (0);
3305 }
3306 
3307 /*
3308  * Promotes the given clone fs to be the clone parent.
3309  */
3310 int
3311 zfs_promote(zfs_handle_t *zhp)
3312 {
3313 	libzfs_handle_t *hdl = zhp->zfs_hdl;
3314 	zfs_cmd_t zc = { 0 };
3315 	char parent[MAXPATHLEN];
3316 	char *cp;
3317 	int ret;
3318 	zfs_handle_t *pzhp;
3319 	promote_data_t pd;
3320 	char errbuf[1024];
3321 
3322 	(void) snprintf(errbuf, sizeof (errbuf), dgettext(TEXT_DOMAIN,
3323 	    "cannot promote '%s'"), zhp->zfs_name);
3324 
3325 	if (zhp->zfs_type == ZFS_TYPE_SNAPSHOT) {
3326 		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
3327 		    "snapshots can not be promoted"));
3328 		return (zfs_error(hdl, EZFS_BADTYPE, errbuf));
3329 	}
3330 
3331 	(void) strlcpy(parent, zhp->zfs_dmustats.dds_clone_of, sizeof (parent));
3332 	if (parent[0] == '\0') {
3333 		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
3334 		    "not a cloned filesystem"));
3335 		return (zfs_error(hdl, EZFS_BADTYPE, errbuf));
3336 	}
3337 	cp = strchr(parent, '@');
3338 	*cp = '\0';
3339 
3340 	/* Walk the snapshots we will be moving */
3341 	pzhp = zfs_open(hdl, zhp->zfs_dmustats.dds_clone_of, ZFS_TYPE_SNAPSHOT);
3342 	if (pzhp == NULL)
3343 		return (-1);
3344 	pd.cb_pivot_txg = zfs_prop_get_int(pzhp, ZFS_PROP_CREATETXG);
3345 	zfs_close(pzhp);
3346 	pd.cb_target = zhp->zfs_name;
3347 	pd.cb_errbuf = errbuf;
3348 	pzhp = zfs_open(hdl, parent, ZFS_TYPE_ANY);
3349 	if (pzhp == NULL)
3350 		return (-1);
3351 	(void) zfs_prop_get(pzhp, ZFS_PROP_MOUNTPOINT, pd.cb_mountpoint,
3352 	    sizeof (pd.cb_mountpoint), NULL, NULL, 0, FALSE);
3353 	ret = zfs_iter_snapshots(pzhp, promote_snap_cb, &pd);
3354 	if (ret != 0) {
3355 		zfs_close(pzhp);
3356 		return (-1);
3357 	}
3358 
3359 	/* issue the ioctl */
3360 	(void) strlcpy(zc.zc_value, zhp->zfs_dmustats.dds_clone_of,
3361 	    sizeof (zc.zc_value));
3362 	(void) strlcpy(zc.zc_name, zhp->zfs_name, sizeof (zc.zc_name));
3363 	ret = zfs_ioctl(hdl, ZFS_IOC_PROMOTE, &zc);
3364 
3365 	if (ret != 0) {
3366 		int save_errno = errno;
3367 
3368 		(void) zfs_iter_snapshots(pzhp, promote_snap_done_cb, &pd);
3369 		zfs_close(pzhp);
3370 
3371 		switch (save_errno) {
3372 		case EEXIST:
3373 			/*
3374 			 * There is a conflicting snapshot name.  We
3375 			 * should have caught this above, but they could
3376 			 * have renamed something in the mean time.
3377 			 */
3378 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
3379 			    "conflicting snapshot name from parent '%s'"),
3380 			    parent);
3381 			return (zfs_error(hdl, EZFS_EXISTS, errbuf));
3382 
3383 		default:
3384 			return (zfs_standard_error(hdl, save_errno, errbuf));
3385 		}
3386 	} else {
3387 		(void) zfs_iter_snapshots(zhp, promote_snap_done_cb, &pd);
3388 	}
3389 
3390 	zfs_close(pzhp);
3391 	return (ret);
3392 }
3393 
3394 struct createdata {
3395 	const char *cd_snapname;
3396 	int cd_ifexists;
3397 };
3398 
3399 static int
3400 zfs_create_link_cb(zfs_handle_t *zhp, void *arg)
3401 {
3402 	struct createdata *cd = arg;
3403 	int ret;
3404 
3405 	if (zhp->zfs_type == ZFS_TYPE_VOLUME) {
3406 		char name[MAXPATHLEN];
3407 
3408 		(void) strlcpy(name, zhp->zfs_name, sizeof (name));
3409 		(void) strlcat(name, "@", sizeof (name));
3410 		(void) strlcat(name, cd->cd_snapname, sizeof (name));
3411 		(void) zvol_create_link_common(zhp->zfs_hdl, name,
3412 		    cd->cd_ifexists);
3413 		/*
3414 		 * NB: this is simply a best-effort.  We don't want to
3415 		 * return an error, because then we wouldn't visit all
3416 		 * the volumes.
3417 		 */
3418 	}
3419 
3420 	ret = zfs_iter_filesystems(zhp, zfs_create_link_cb, cd);
3421 
3422 	zfs_close(zhp);
3423 
3424 	return (ret);
3425 }
3426 
3427 /*
3428  * Takes a snapshot of the given dataset.
3429  */
3430 int
3431 zfs_snapshot(libzfs_handle_t *hdl, const char *path, boolean_t recursive)
3432 {
3433 	const char *delim;
3434 	char *parent;
3435 	zfs_handle_t *zhp;
3436 	zfs_cmd_t zc = { 0 };
3437 	int ret;
3438 	char errbuf[1024];
3439 
3440 	(void) snprintf(errbuf, sizeof (errbuf), dgettext(TEXT_DOMAIN,
3441 	    "cannot snapshot '%s'"), path);
3442 
3443 	/* validate the target name */
3444 	if (!zfs_validate_name(hdl, path, ZFS_TYPE_SNAPSHOT))
3445 		return (zfs_error(hdl, EZFS_INVALIDNAME, errbuf));
3446 
3447 	/* make sure the parent exists and is of the appropriate type */
3448 	delim = strchr(path, '@');
3449 	if ((parent = zfs_alloc(hdl, delim - path + 1)) == NULL)
3450 		return (-1);
3451 	(void) strncpy(parent, path, delim - path);
3452 	parent[delim - path] = '\0';
3453 
3454 	if ((zhp = zfs_open(hdl, parent, ZFS_TYPE_FILESYSTEM |
3455 	    ZFS_TYPE_VOLUME)) == NULL) {
3456 		free(parent);
3457 		return (-1);
3458 	}
3459 
3460 	(void) strlcpy(zc.zc_name, zhp->zfs_name, sizeof (zc.zc_name));
3461 	(void) strlcpy(zc.zc_value, delim+1, sizeof (zc.zc_value));
3462 	if (ZFS_IS_VOLUME(zhp))
3463 		zc.zc_objset_type = DMU_OST_ZVOL;
3464 	else
3465 		zc.zc_objset_type = DMU_OST_ZFS;
3466 	zc.zc_cookie = recursive;
3467 	ret = zfs_ioctl(zhp->zfs_hdl, ZFS_IOC_SNAPSHOT, &zc);
3468 
3469 	/*
3470 	 * if it was recursive, the one that actually failed will be in
3471 	 * zc.zc_name.
3472 	 */
3473 	if (ret != 0)
3474 		(void) snprintf(errbuf, sizeof (errbuf), dgettext(TEXT_DOMAIN,
3475 		    "cannot create snapshot '%s@%s'"), zc.zc_name, zc.zc_value);
3476 
3477 	if (ret == 0 && recursive) {
3478 		struct createdata cd;
3479 
3480 		cd.cd_snapname = delim + 1;
3481 		cd.cd_ifexists = B_FALSE;
3482 		(void) zfs_iter_filesystems(zhp, zfs_create_link_cb, &cd);
3483 	}
3484 	if (ret == 0 && zhp->zfs_type == ZFS_TYPE_VOLUME) {
3485 		ret = zvol_create_link(zhp->zfs_hdl, path);
3486 		if (ret != 0) {
3487 			(void) zfs_standard_error(hdl, errno,
3488 			    dgettext(TEXT_DOMAIN,
3489 			    "Volume successfully snapshotted, but device links "
3490 			    "were not created"));
3491 			free(parent);
3492 			zfs_close(zhp);
3493 			return (-1);
3494 		}
3495 	}
3496 
3497 	if (ret != 0)
3498 		(void) zfs_standard_error(hdl, errno, errbuf);
3499 
3500 	free(parent);
3501 	zfs_close(zhp);
3502 
3503 	return (ret);
3504 }
3505 
3506 /*
3507  * Dumps a backup of the given snapshot (incremental from fromsnap if it's not
3508  * NULL) to the file descriptor specified by outfd.
3509  */
3510 int
3511 zfs_send(zfs_handle_t *zhp, const char *fromsnap, int outfd)
3512 {
3513 	zfs_cmd_t zc = { 0 };
3514 	char errbuf[1024];
3515 	libzfs_handle_t *hdl = zhp->zfs_hdl;
3516 
3517 	assert(zhp->zfs_type == ZFS_TYPE_SNAPSHOT);
3518 
3519 	(void) strlcpy(zc.zc_name, zhp->zfs_name, sizeof (zc.zc_name));
3520 	if (fromsnap)
3521 		(void) strlcpy(zc.zc_value, fromsnap, sizeof (zc.zc_name));
3522 	zc.zc_cookie = outfd;
3523 
3524 	if (ioctl(zhp->zfs_hdl->libzfs_fd, ZFS_IOC_SENDBACKUP, &zc) != 0) {
3525 		(void) snprintf(errbuf, sizeof (errbuf), dgettext(TEXT_DOMAIN,
3526 		    "cannot send '%s'"), zhp->zfs_name);
3527 
3528 		switch (errno) {
3529 
3530 		case EXDEV:
3531 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
3532 			    "not an earlier snapshot from the same fs"));
3533 			return (zfs_error(hdl, EZFS_CROSSTARGET, errbuf));
3534 
3535 		case EDQUOT:
3536 		case EFBIG:
3537 		case EIO:
3538 		case ENOLINK:
3539 		case ENOSPC:
3540 		case ENOSTR:
3541 		case ENXIO:
3542 		case EPIPE:
3543 		case ERANGE:
3544 		case EFAULT:
3545 		case EROFS:
3546 			zfs_error_aux(hdl, strerror(errno));
3547 			return (zfs_error(hdl, EZFS_BADBACKUP, errbuf));
3548 
3549 		default:
3550 			return (zfs_standard_error(hdl, errno, errbuf));
3551 		}
3552 	}
3553 
3554 	return (0);
3555 }
3556 
3557 /*
3558  * Create ancestors of 'target', but not target itself, and not
3559  * ancestors whose names are shorter than prefixlen.  Die if
3560  * prefixlen-ancestor does not exist.
3561  */
3562 static int
3563 create_parents(libzfs_handle_t *hdl, char *target, int prefixlen)
3564 {
3565 	zfs_handle_t *h;
3566 	char *cp;
3567 
3568 	/* make sure prefix exists */
3569 	cp = strchr(target + prefixlen, '/');
3570 	*cp = '\0';
3571 	h = zfs_open(hdl, target, ZFS_TYPE_FILESYSTEM);
3572 	*cp = '/';
3573 	if (h == NULL)
3574 		return (-1);
3575 	zfs_close(h);
3576 
3577 	/*
3578 	 * Attempt to create, mount, and share any ancestor filesystems,
3579 	 * up to the prefixlen-long one.
3580 	 */
3581 	for (cp = target + prefixlen + 1;
3582 	    cp = strchr(cp, '/'); *cp = '/', cp++) {
3583 		const char *opname;
3584 		char *logstr;
3585 
3586 		*cp = '\0';
3587 
3588 		h = make_dataset_handle(hdl, target);
3589 		if (h) {
3590 			/* it already exists, nothing to do here */
3591 			zfs_close(h);
3592 			continue;
3593 		}
3594 
3595 		opname = dgettext(TEXT_DOMAIN, "create");
3596 		logstr = hdl->libzfs_log_str;
3597 		hdl->libzfs_log_str = NULL;
3598 		if (zfs_create(hdl, target, ZFS_TYPE_FILESYSTEM,
3599 		    NULL) != 0) {
3600 			hdl->libzfs_log_str = logstr;
3601 			goto ancestorerr;
3602 		}
3603 
3604 		hdl->libzfs_log_str = logstr;
3605 		opname = dgettext(TEXT_DOMAIN, "open");
3606 		h = zfs_open(hdl, target, ZFS_TYPE_FILESYSTEM);
3607 		if (h == NULL)
3608 			goto ancestorerr;
3609 
3610 		opname = dgettext(TEXT_DOMAIN, "mount");
3611 		if (zfs_mount(h, NULL, 0) != 0)
3612 			goto ancestorerr;
3613 
3614 		opname = dgettext(TEXT_DOMAIN, "share");
3615 		if (zfs_share(h) != 0)
3616 			goto ancestorerr;
3617 
3618 		zfs_close(h);
3619 
3620 		continue;
3621 ancestorerr:
3622 		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
3623 		    "failed to %s ancestor '%s'"), opname, target);
3624 		return (-1);
3625 	}
3626 
3627 	return (0);
3628 }
3629 
3630 /*
3631  * Restores a backup of tosnap from the file descriptor specified by infd.
3632  */
3633 int
3634 zfs_receive(libzfs_handle_t *hdl, const char *tosnap, int isprefix,
3635     int verbose, int dryrun, boolean_t force, int infd)
3636 {
3637 	zfs_cmd_t zc = { 0 };
3638 	time_t begin_time;
3639 	int ioctl_err, err, bytes, size, choplen;
3640 	char *cp;
3641 	dmu_replay_record_t drr;
3642 	struct drr_begin *drrb = &zc.zc_begin_record;
3643 	char errbuf[1024];
3644 	prop_changelist_t *clp;
3645 	char chopprefix[ZFS_MAXNAMELEN];
3646 
3647 	begin_time = time(NULL);
3648 
3649 	(void) snprintf(errbuf, sizeof (errbuf), dgettext(TEXT_DOMAIN,
3650 	    "cannot receive"));
3651 
3652 	/* read in the BEGIN record */
3653 	cp = (char *)&drr;
3654 	bytes = 0;
3655 	do {
3656 		size = read(infd, cp, sizeof (drr) - bytes);
3657 		cp += size;
3658 		bytes += size;
3659 	} while (size > 0);
3660 
3661 	if (size < 0 || bytes != sizeof (drr)) {
3662 		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, "invalid "
3663 		    "stream (failed to read first record)"));
3664 		return (zfs_error(hdl, EZFS_BADSTREAM, errbuf));
3665 	}
3666 
3667 	zc.zc_begin_record = drr.drr_u.drr_begin;
3668 
3669 	if (drrb->drr_magic != DMU_BACKUP_MAGIC &&
3670 	    drrb->drr_magic != BSWAP_64(DMU_BACKUP_MAGIC)) {
3671 		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, "invalid "
3672 		    "stream (bad magic number)"));
3673 		return (zfs_error(hdl, EZFS_BADSTREAM, errbuf));
3674 	}
3675 
3676 	if (drrb->drr_version != DMU_BACKUP_VERSION &&
3677 	    drrb->drr_version != BSWAP_64(DMU_BACKUP_VERSION)) {
3678 		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, "only version "
3679 		    "0x%llx is supported (stream is version 0x%llx)"),
3680 		    DMU_BACKUP_VERSION, drrb->drr_version);
3681 		return (zfs_error(hdl, EZFS_BADSTREAM, errbuf));
3682 	}
3683 
3684 	if (strchr(drr.drr_u.drr_begin.drr_toname, '@') == NULL) {
3685 		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, "invalid "
3686 		    "stream (bad snapshot name)"));
3687 		return (zfs_error(hdl, EZFS_BADSTREAM, errbuf));
3688 	}
3689 	/*
3690 	 * Determine how much of the snapshot name stored in the stream
3691 	 * we are going to tack on to the name they specified on the
3692 	 * command line, and how much we are going to chop off.
3693 	 *
3694 	 * If they specified a snapshot, chop the entire name stored in
3695 	 * the stream.
3696 	 */
3697 	(void) strcpy(chopprefix, drr.drr_u.drr_begin.drr_toname);
3698 	if (isprefix) {
3699 		/*
3700 		 * They specified a fs with -d, we want to tack on
3701 		 * everything but the pool name stored in the stream
3702 		 */
3703 		if (strchr(tosnap, '@')) {
3704 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, "invalid "
3705 			    "argument - snapshot not allowed with -d"));
3706 			return (zfs_error(hdl, EZFS_INVALIDNAME, errbuf));
3707 		}
3708 		cp = strchr(chopprefix, '/');
3709 		if (cp == NULL)
3710 			cp = strchr(chopprefix, '@');
3711 		*cp = '\0';
3712 	} else if (strchr(tosnap, '@') == NULL) {
3713 		/*
3714 		 * If they specified a filesystem without -d, we want to
3715 		 * tack on everything after the fs specified in the
3716 		 * first name from the stream.
3717 		 */
3718 		cp = strchr(chopprefix, '@');
3719 		*cp = '\0';
3720 	}
3721 	choplen = strlen(chopprefix);
3722 
3723 	/*
3724 	 * Determine name of destination snapshot, store in zc_value.
3725 	 */
3726 	(void) strcpy(zc.zc_value, tosnap);
3727 	(void) strncat(zc.zc_value, drr.drr_u.drr_begin.drr_toname+choplen,
3728 	    sizeof (zc.zc_value));
3729 	if (!zfs_validate_name(hdl, zc.zc_value, ZFS_TYPE_SNAPSHOT))
3730 		return (zfs_error(hdl, EZFS_INVALIDNAME, errbuf));
3731 
3732 	(void) strcpy(zc.zc_name, zc.zc_value);
3733 	if (drrb->drr_fromguid) {
3734 		/* incremental backup stream */
3735 		zfs_handle_t *h;
3736 
3737 		/* do the recvbackup ioctl to the containing fs */
3738 		*strchr(zc.zc_name, '@') = '\0';
3739 
3740 		/* make sure destination fs exists */
3741 		h = zfs_open(hdl, zc.zc_name,
3742 		    ZFS_TYPE_FILESYSTEM | ZFS_TYPE_VOLUME);
3743 		if (h == NULL)
3744 			return (-1);
3745 		if (!dryrun) {
3746 			/*
3747 			 * We need to unmount all the dependents of the dataset
3748 			 * and the dataset itself. If it's a volume
3749 			 * then remove device link.
3750 			 */
3751 			if (h->zfs_type == ZFS_TYPE_FILESYSTEM) {
3752 				clp = changelist_gather(h, ZFS_PROP_NAME, 0);
3753 				if (clp == NULL)
3754 					return (-1);
3755 				if (changelist_prefix(clp) != 0) {
3756 					changelist_free(clp);
3757 					return (-1);
3758 				}
3759 			} else {
3760 				if (zvol_remove_link(hdl, h->zfs_name) != 0) {
3761 					zfs_close(h);
3762 					return (-1);
3763 				}
3764 
3765 			}
3766 		}
3767 		zfs_close(h);
3768 	} else {
3769 		/* full backup stream */
3770 
3771 		/* Make sure destination fs does not exist */
3772 		*strchr(zc.zc_name, '@') = '\0';
3773 		if (zfs_dataset_exists(hdl, zc.zc_name, ZFS_TYPE_ANY)) {
3774 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
3775 			    "destination '%s' exists"), zc.zc_name);
3776 			return (zfs_error(hdl, EZFS_EXISTS, errbuf));
3777 		}
3778 
3779 		if (strchr(zc.zc_name, '/') == NULL) {
3780 			/*
3781 			 * they're trying to do a recv into a
3782 			 * nonexistant topmost filesystem.
3783 			 */
3784 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
3785 			    "destination does not exist"), zc.zc_name);
3786 			return (zfs_error(hdl, EZFS_EXISTS, errbuf));
3787 		}
3788 
3789 		/* Do the recvbackup ioctl to the fs's parent. */
3790 		*strrchr(zc.zc_name, '/') = '\0';
3791 
3792 		if (isprefix && (err = create_parents(hdl,
3793 		    zc.zc_value, strlen(tosnap))) != 0) {
3794 			return (zfs_error(hdl, EZFS_BADRESTORE, errbuf));
3795 		}
3796 
3797 	}
3798 
3799 	zc.zc_cookie = infd;
3800 	zc.zc_guid = force;
3801 	if (verbose) {
3802 		(void) printf("%s %s stream of %s into %s\n",
3803 		    dryrun ? "would receive" : "receiving",
3804 		    drrb->drr_fromguid ? "incremental" : "full",
3805 		    drr.drr_u.drr_begin.drr_toname,
3806 		    zc.zc_value);
3807 		(void) fflush(stdout);
3808 	}
3809 	if (dryrun)
3810 		return (0);
3811 	err = ioctl_err = zfs_ioctl(hdl, ZFS_IOC_RECVBACKUP, &zc);
3812 	if (ioctl_err != 0) {
3813 		switch (errno) {
3814 		case ENODEV:
3815 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
3816 			    "most recent snapshot does not match incremental "
3817 			    "source"));
3818 			(void) zfs_error(hdl, EZFS_BADRESTORE, errbuf);
3819 			break;
3820 		case ETXTBSY:
3821 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
3822 			    "destination has been modified since most recent "
3823 			    "snapshot"));
3824 			(void) zfs_error(hdl, EZFS_BADRESTORE, errbuf);
3825 			break;
3826 		case EEXIST:
3827 			if (drrb->drr_fromguid == 0) {
3828 				/* it's the containing fs that exists */
3829 				cp = strchr(zc.zc_value, '@');
3830 				*cp = '\0';
3831 			}
3832 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
3833 			    "destination already exists"));
3834 			(void) zfs_error_fmt(hdl, EZFS_EXISTS,
3835 			    dgettext(TEXT_DOMAIN, "cannot restore to %s"),
3836 			    zc.zc_value);
3837 			break;
3838 		case EINVAL:
3839 			(void) zfs_error(hdl, EZFS_BADSTREAM, errbuf);
3840 			break;
3841 		case ECKSUM:
3842 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
3843 			    "invalid stream (checksum mismatch)"));
3844 			(void) zfs_error(hdl, EZFS_BADSTREAM, errbuf);
3845 			break;
3846 		default:
3847 			(void) zfs_standard_error(hdl, errno, errbuf);
3848 		}
3849 	}
3850 
3851 	/*
3852 	 * Mount or recreate the /dev links for the target filesystem
3853 	 * (if created, or if we tore them down to do an incremental
3854 	 * restore), and the /dev links for the new snapshot (if
3855 	 * created). Also mount any children of the target filesystem
3856 	 * if we did an incremental receive.
3857 	 */
3858 	cp = strchr(zc.zc_value, '@');
3859 	if (cp && (ioctl_err == 0 || drrb->drr_fromguid)) {
3860 		zfs_handle_t *h;
3861 
3862 		*cp = '\0';
3863 		h = zfs_open(hdl, zc.zc_value,
3864 		    ZFS_TYPE_FILESYSTEM | ZFS_TYPE_VOLUME);
3865 		*cp = '@';
3866 		if (h) {
3867 			if (h->zfs_type == ZFS_TYPE_VOLUME) {
3868 				err = zvol_create_link(hdl, h->zfs_name);
3869 				if (err == 0 && ioctl_err == 0)
3870 					err = zvol_create_link(hdl,
3871 					    zc.zc_value);
3872 			} else {
3873 				if (drrb->drr_fromguid) {
3874 					err = changelist_postfix(clp);
3875 					changelist_free(clp);
3876 				} else {
3877 					err = zfs_mount(h, NULL, 0);
3878 				}
3879 			}
3880 		zfs_close(h);
3881 		}
3882 	}
3883 
3884 	if (err || ioctl_err)
3885 		return (-1);
3886 
3887 	if (verbose) {
3888 		char buf1[64];
3889 		char buf2[64];
3890 		uint64_t bytes = zc.zc_cookie;
3891 		time_t delta = time(NULL) - begin_time;
3892 		if (delta == 0)
3893 			delta = 1;
3894 		zfs_nicenum(bytes, buf1, sizeof (buf1));
3895 		zfs_nicenum(bytes/delta, buf2, sizeof (buf1));
3896 
3897 		(void) printf("received %sb stream in %lu seconds (%sb/sec)\n",
3898 		    buf1, delta, buf2);
3899 	}
3900 
3901 	return (0);
3902 }
3903 
3904 /*
3905  * Destroy any more recent snapshots.  We invoke this callback on any dependents
3906  * of the snapshot first.  If the 'cb_dependent' member is non-zero, then this
3907  * is a dependent and we should just destroy it without checking the transaction
3908  * group.
3909  */
3910 typedef struct rollback_data {
3911 	const char	*cb_target;		/* the snapshot */
3912 	uint64_t	cb_create;		/* creation time reference */
3913 	prop_changelist_t *cb_clp;		/* changelist pointer */
3914 	int		cb_error;
3915 	boolean_t	cb_dependent;
3916 } rollback_data_t;
3917 
3918 static int
3919 rollback_destroy(zfs_handle_t *zhp, void *data)
3920 {
3921 	rollback_data_t *cbp = data;
3922 
3923 	if (!cbp->cb_dependent) {
3924 		if (strcmp(zhp->zfs_name, cbp->cb_target) != 0 &&
3925 		    zfs_get_type(zhp) == ZFS_TYPE_SNAPSHOT &&
3926 		    zfs_prop_get_int(zhp, ZFS_PROP_CREATETXG) >
3927 		    cbp->cb_create) {
3928 			char *logstr;
3929 
3930 			cbp->cb_dependent = B_TRUE;
3931 			if (zfs_iter_dependents(zhp, B_FALSE, rollback_destroy,
3932 			    cbp) != 0)
3933 				cbp->cb_error = 1;
3934 			cbp->cb_dependent = B_FALSE;
3935 
3936 			logstr = zhp->zfs_hdl->libzfs_log_str;
3937 			zhp->zfs_hdl->libzfs_log_str = NULL;
3938 			if (zfs_destroy(zhp) != 0)
3939 				cbp->cb_error = 1;
3940 			else
3941 				changelist_remove(zhp, cbp->cb_clp);
3942 			zhp->zfs_hdl->libzfs_log_str = logstr;
3943 		}
3944 	} else {
3945 		if (zfs_destroy(zhp) != 0)
3946 			cbp->cb_error = 1;
3947 		else
3948 			changelist_remove(zhp, cbp->cb_clp);
3949 	}
3950 
3951 	zfs_close(zhp);
3952 	return (0);
3953 }
3954 
3955 /*
3956  * Rollback the dataset to its latest snapshot.
3957  */
3958 static int
3959 do_rollback(zfs_handle_t *zhp)
3960 {
3961 	int ret;
3962 	zfs_cmd_t zc = { 0 };
3963 
3964 	assert(zhp->zfs_type == ZFS_TYPE_FILESYSTEM ||
3965 	    zhp->zfs_type == ZFS_TYPE_VOLUME);
3966 
3967 	if (zhp->zfs_type == ZFS_TYPE_VOLUME &&
3968 	    zvol_remove_link(zhp->zfs_hdl, zhp->zfs_name) != 0)
3969 		return (-1);
3970 
3971 	(void) strlcpy(zc.zc_name, zhp->zfs_name, sizeof (zc.zc_name));
3972 
3973 	if (ZFS_IS_VOLUME(zhp))
3974 		zc.zc_objset_type = DMU_OST_ZVOL;
3975 	else
3976 		zc.zc_objset_type = DMU_OST_ZFS;
3977 
3978 	/*
3979 	 * We rely on the consumer to verify that there are no newer snapshots
3980 	 * for the given dataset.  Given these constraints, we can simply pass
3981 	 * the name on to the ioctl() call.  There is still an unlikely race
3982 	 * condition where the user has taken a snapshot since we verified that
3983 	 * this was the most recent.
3984 	 */
3985 	if ((ret = zfs_ioctl(zhp->zfs_hdl, ZFS_IOC_ROLLBACK, &zc)) != 0) {
3986 		(void) zfs_standard_error_fmt(zhp->zfs_hdl, errno,
3987 		    dgettext(TEXT_DOMAIN, "cannot rollback '%s'"),
3988 		    zhp->zfs_name);
3989 	} else if (zhp->zfs_type == ZFS_TYPE_VOLUME) {
3990 		ret = zvol_create_link(zhp->zfs_hdl, zhp->zfs_name);
3991 	}
3992 
3993 	return (ret);
3994 }
3995 
3996 /*
3997  * Given a dataset, rollback to a specific snapshot, discarding any
3998  * data changes since then and making it the active dataset.
3999  *
4000  * Any snapshots more recent than the target are destroyed, along with
4001  * their dependents.
4002  */
4003 int
4004 zfs_rollback(zfs_handle_t *zhp, zfs_handle_t *snap, int flag)
4005 {
4006 	int ret;
4007 	rollback_data_t cb = { 0 };
4008 	prop_changelist_t *clp;
4009 
4010 	/*
4011 	 * Unmount all dependendents of the dataset and the dataset itself.
4012 	 * The list we need to gather is the same as for doing rename
4013 	 */
4014 	clp = changelist_gather(zhp, ZFS_PROP_NAME, flag ? MS_FORCE: 0);
4015 	if (clp == NULL)
4016 		return (-1);
4017 
4018 	if ((ret = changelist_prefix(clp)) != 0)
4019 		goto out;
4020 
4021 	/*
4022 	 * Destroy all recent snapshots and its dependends.
4023 	 */
4024 	cb.cb_target = snap->zfs_name;
4025 	cb.cb_create = zfs_prop_get_int(snap, ZFS_PROP_CREATETXG);
4026 	cb.cb_clp = clp;
4027 	(void) zfs_iter_children(zhp, rollback_destroy, &cb);
4028 
4029 	if ((ret = cb.cb_error) != 0) {
4030 		(void) changelist_postfix(clp);
4031 		goto out;
4032 	}
4033 
4034 	/*
4035 	 * Now that we have verified that the snapshot is the latest,
4036 	 * rollback to the given snapshot.
4037 	 */
4038 	ret = do_rollback(zhp);
4039 
4040 	if (ret != 0) {
4041 		(void) changelist_postfix(clp);
4042 		goto out;
4043 	}
4044 
4045 	/*
4046 	 * We only want to re-mount the filesystem if it was mounted in the
4047 	 * first place.
4048 	 */
4049 	ret = changelist_postfix(clp);
4050 
4051 out:
4052 	changelist_free(clp);
4053 	return (ret);
4054 }
4055 
4056 /*
4057  * Iterate over all dependents for a given dataset.  This includes both
4058  * hierarchical dependents (children) and data dependents (snapshots and
4059  * clones).  The bulk of the processing occurs in get_dependents() in
4060  * libzfs_graph.c.
4061  */
4062 int
4063 zfs_iter_dependents(zfs_handle_t *zhp, boolean_t allowrecursion,
4064     zfs_iter_f func, void *data)
4065 {
4066 	char **dependents;
4067 	size_t count;
4068 	int i;
4069 	zfs_handle_t *child;
4070 	int ret = 0;
4071 
4072 	if (get_dependents(zhp->zfs_hdl, allowrecursion, zhp->zfs_name,
4073 	    &dependents, &count) != 0)
4074 		return (-1);
4075 
4076 	for (i = 0; i < count; i++) {
4077 		if ((child = make_dataset_handle(zhp->zfs_hdl,
4078 		    dependents[i])) == NULL)
4079 			continue;
4080 
4081 		if ((ret = func(child, data)) != 0)
4082 			break;
4083 	}
4084 
4085 	for (i = 0; i < count; i++)
4086 		free(dependents[i]);
4087 	free(dependents);
4088 
4089 	return (ret);
4090 }
4091 
4092 /*
4093  * Renames the given dataset.
4094  */
4095 int
4096 zfs_rename(zfs_handle_t *zhp, const char *target, boolean_t recursive)
4097 {
4098 	int ret;
4099 	zfs_cmd_t zc = { 0 };
4100 	char *delim;
4101 	prop_changelist_t *cl = NULL;
4102 	zfs_handle_t *zhrp = NULL;
4103 	char *parentname = NULL;
4104 	char parent[ZFS_MAXNAMELEN];
4105 	libzfs_handle_t *hdl = zhp->zfs_hdl;
4106 	char errbuf[1024];
4107 
4108 	/* if we have the same exact name, just return success */
4109 	if (strcmp(zhp->zfs_name, target) == 0)
4110 		return (0);
4111 
4112 	(void) snprintf(errbuf, sizeof (errbuf), dgettext(TEXT_DOMAIN,
4113 	    "cannot rename to '%s'"), target);
4114 
4115 	/*
4116 	 * Make sure the target name is valid
4117 	 */
4118 	if (zhp->zfs_type == ZFS_TYPE_SNAPSHOT) {
4119 		if ((strchr(target, '@') == NULL) ||
4120 		    *target == '@') {
4121 			/*
4122 			 * Snapshot target name is abbreviated,
4123 			 * reconstruct full dataset name
4124 			 */
4125 			(void) strlcpy(parent, zhp->zfs_name,
4126 			    sizeof (parent));
4127 			delim = strchr(parent, '@');
4128 			if (strchr(target, '@') == NULL)
4129 				*(++delim) = '\0';
4130 			else
4131 				*delim = '\0';
4132 			(void) strlcat(parent, target, sizeof (parent));
4133 			target = parent;
4134 		} else {
4135 			/*
4136 			 * Make sure we're renaming within the same dataset.
4137 			 */
4138 			delim = strchr(target, '@');
4139 			if (strncmp(zhp->zfs_name, target, delim - target)
4140 			    != 0 || zhp->zfs_name[delim - target] != '@') {
4141 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
4142 				    "snapshots must be part of same "
4143 				    "dataset"));
4144 				return (zfs_error(hdl, EZFS_CROSSTARGET,
4145 				    errbuf));
4146 			}
4147 		}
4148 		if (!zfs_validate_name(hdl, target, zhp->zfs_type))
4149 			return (zfs_error(hdl, EZFS_INVALIDNAME, errbuf));
4150 	} else {
4151 		if (recursive) {
4152 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
4153 			    "recursive rename must be a snapshot"));
4154 			return (zfs_error(hdl, EZFS_BADTYPE, errbuf));
4155 		}
4156 
4157 		if (!zfs_validate_name(hdl, target, zhp->zfs_type))
4158 			return (zfs_error(hdl, EZFS_INVALIDNAME, errbuf));
4159 		uint64_t unused;
4160 
4161 		/* validate parents */
4162 		if (check_parents(hdl, target, &unused, B_FALSE, NULL) != 0)
4163 			return (-1);
4164 
4165 		(void) parent_name(target, parent, sizeof (parent));
4166 
4167 		/* make sure we're in the same pool */
4168 		verify((delim = strchr(target, '/')) != NULL);
4169 		if (strncmp(zhp->zfs_name, target, delim - target) != 0 ||
4170 		    zhp->zfs_name[delim - target] != '/') {
4171 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
4172 			    "datasets must be within same pool"));
4173 			return (zfs_error(hdl, EZFS_CROSSTARGET, errbuf));
4174 		}
4175 
4176 		/* new name cannot be a child of the current dataset name */
4177 		if (strncmp(parent, zhp->zfs_name,
4178 		    strlen(zhp->zfs_name)) == 0) {
4179 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
4180 			    "New dataset name cannot be a descendent of "
4181 			    "current dataset name"));
4182 			return (zfs_error(hdl, EZFS_INVALIDNAME, errbuf));
4183 		}
4184 	}
4185 
4186 	(void) snprintf(errbuf, sizeof (errbuf),
4187 	    dgettext(TEXT_DOMAIN, "cannot rename '%s'"), zhp->zfs_name);
4188 
4189 	if (getzoneid() == GLOBAL_ZONEID &&
4190 	    zfs_prop_get_int(zhp, ZFS_PROP_ZONED)) {
4191 		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
4192 		    "dataset is used in a non-global zone"));
4193 		return (zfs_error(hdl, EZFS_ZONED, errbuf));
4194 	}
4195 
4196 	if (recursive) {
4197 		struct destroydata dd;
4198 
4199 		parentname = zfs_strdup(zhp->zfs_hdl, zhp->zfs_name);
4200 		if (parentname == NULL) {
4201 			ret = -1;
4202 			goto error;
4203 		}
4204 		delim = strchr(parentname, '@');
4205 		*delim = '\0';
4206 		zhrp = zfs_open(zhp->zfs_hdl, parentname, ZFS_TYPE_ANY);
4207 		if (zhrp == NULL) {
4208 			ret = -1;
4209 			goto error;
4210 		}
4211 
4212 		dd.snapname = delim + 1;
4213 		dd.gotone = B_FALSE;
4214 		dd.closezhp = B_TRUE;
4215 
4216 		/* We remove any zvol links prior to renaming them */
4217 		ret = zfs_iter_filesystems(zhrp, zfs_remove_link_cb, &dd);
4218 		if (ret) {
4219 			goto error;
4220 		}
4221 	} else {
4222 		if ((cl = changelist_gather(zhp, ZFS_PROP_NAME, 0)) == NULL)
4223 			return (-1);
4224 
4225 		if (changelist_haszonedchild(cl)) {
4226 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
4227 			    "child dataset with inherited mountpoint is used "
4228 			    "in a non-global zone"));
4229 			(void) zfs_error(hdl, EZFS_ZONED, errbuf);
4230 			goto error;
4231 		}
4232 
4233 		if ((ret = changelist_prefix(cl)) != 0)
4234 			goto error;
4235 	}
4236 
4237 	if (ZFS_IS_VOLUME(zhp))
4238 		zc.zc_objset_type = DMU_OST_ZVOL;
4239 	else
4240 		zc.zc_objset_type = DMU_OST_ZFS;
4241 
4242 	(void) strlcpy(zc.zc_name, zhp->zfs_name, sizeof (zc.zc_name));
4243 	(void) strlcpy(zc.zc_value, target, sizeof (zc.zc_value));
4244 
4245 	zc.zc_cookie = recursive;
4246 
4247 	if ((ret = zfs_ioctl(zhp->zfs_hdl, ZFS_IOC_RENAME, &zc)) != 0) {
4248 		/*
4249 		 * if it was recursive, the one that actually failed will
4250 		 * be in zc.zc_name
4251 		 */
4252 		(void) snprintf(errbuf, sizeof (errbuf), dgettext(TEXT_DOMAIN,
4253 		    "cannot rename to '%s'"), zc.zc_name);
4254 
4255 		if (recursive && errno == EEXIST) {
4256 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
4257 			    "a child dataset already has a snapshot "
4258 			    "with the new name"));
4259 			(void) zfs_error(hdl, EZFS_CROSSTARGET, errbuf);
4260 		} else {
4261 			(void) zfs_standard_error(zhp->zfs_hdl, errno, errbuf);
4262 		}
4263 
4264 		/*
4265 		 * On failure, we still want to remount any filesystems that
4266 		 * were previously mounted, so we don't alter the system state.
4267 		 */
4268 		if (recursive) {
4269 			struct createdata cd;
4270 
4271 			/* only create links for datasets that had existed */
4272 			cd.cd_snapname = delim + 1;
4273 			cd.cd_ifexists = B_TRUE;
4274 			(void) zfs_iter_filesystems(zhrp, zfs_create_link_cb,
4275 			    &cd);
4276 		} else {
4277 			(void) changelist_postfix(cl);
4278 		}
4279 	} else {
4280 		if (recursive) {
4281 			struct createdata cd;
4282 
4283 			/* only create links for datasets that had existed */
4284 			cd.cd_snapname = strchr(target, '@') + 1;
4285 			cd.cd_ifexists = B_TRUE;
4286 			ret = zfs_iter_filesystems(zhrp, zfs_create_link_cb,
4287 			    &cd);
4288 		} else {
4289 			changelist_rename(cl, zfs_get_name(zhp), target);
4290 			ret = changelist_postfix(cl);
4291 		}
4292 	}
4293 
4294 error:
4295 	if (parentname) {
4296 		free(parentname);
4297 	}
4298 	if (zhrp) {
4299 		zfs_close(zhrp);
4300 	}
4301 	if (cl) {
4302 		changelist_free(cl);
4303 	}
4304 	return (ret);
4305 }
4306 
4307 /*
4308  * Given a zvol dataset, issue the ioctl to create the appropriate minor node,
4309  * poke devfsadm to create the /dev link, and then wait for the link to appear.
4310  */
4311 int
4312 zvol_create_link(libzfs_handle_t *hdl, const char *dataset)
4313 {
4314 	return (zvol_create_link_common(hdl, dataset, B_FALSE));
4315 }
4316 
4317 static int
4318 zvol_create_link_common(libzfs_handle_t *hdl, const char *dataset, int ifexists)
4319 {
4320 	zfs_cmd_t zc = { 0 };
4321 	di_devlink_handle_t dhdl;
4322 	priv_set_t *priv_effective;
4323 	int privileged;
4324 
4325 	(void) strlcpy(zc.zc_name, dataset, sizeof (zc.zc_name));
4326 
4327 	/*
4328 	 * Issue the appropriate ioctl.
4329 	 */
4330 	if (ioctl(hdl->libzfs_fd, ZFS_IOC_CREATE_MINOR, &zc) != 0) {
4331 		switch (errno) {
4332 		case EEXIST:
4333 			/*
4334 			 * Silently ignore the case where the link already
4335 			 * exists.  This allows 'zfs volinit' to be run multiple
4336 			 * times without errors.
4337 			 */
4338 			return (0);
4339 
4340 		case ENOENT:
4341 			/*
4342 			 * Dataset does not exist in the kernel.  If we
4343 			 * don't care (see zfs_rename), then ignore the
4344 			 * error quietly.
4345 			 */
4346 			if (ifexists) {
4347 				return (0);
4348 			}
4349 
4350 			/* FALLTHROUGH */
4351 
4352 		default:
4353 			return (zfs_standard_error_fmt(hdl, errno,
4354 			    dgettext(TEXT_DOMAIN, "cannot create device links "
4355 			    "for '%s'"), dataset));
4356 		}
4357 	}
4358 
4359 	/*
4360 	 * If privileged call devfsadm and wait for the links to
4361 	 * magically appear.
4362 	 * Otherwise, print out an informational message.
4363 	 */
4364 
4365 	priv_effective = priv_allocset();
4366 	(void) getppriv(PRIV_EFFECTIVE, priv_effective);
4367 	privileged = (priv_isfullset(priv_effective) == B_TRUE);
4368 	priv_freeset(priv_effective);
4369 
4370 	if (privileged) {
4371 		if ((dhdl = di_devlink_init(ZFS_DRIVER,
4372 		    DI_MAKE_LINK)) == NULL) {
4373 			zfs_error_aux(hdl, strerror(errno));
4374 			(void) zfs_standard_error_fmt(hdl, EZFS_DEVLINKS,
4375 			    dgettext(TEXT_DOMAIN, "cannot create device links "
4376 			    "for '%s'"), dataset);
4377 			(void) ioctl(hdl->libzfs_fd, ZFS_IOC_REMOVE_MINOR, &zc);
4378 			return (-1);
4379 		} else {
4380 			(void) di_devlink_fini(&dhdl);
4381 		}
4382 	} else {
4383 		char pathname[MAXPATHLEN];
4384 		struct stat64 statbuf;
4385 		int i;
4386 
4387 #define	MAX_WAIT	10
4388 
4389 		/*
4390 		 * This is the poor mans way of waiting for the link
4391 		 * to show up.  If after 10 seconds we still don't
4392 		 * have it, then print out a message.
4393 		 */
4394 		(void) snprintf(pathname, sizeof (pathname), "/dev/zvol/dsk/%s",
4395 		    dataset);
4396 
4397 		for (i = 0; i != MAX_WAIT; i++) {
4398 			if (stat64(pathname, &statbuf) == 0)
4399 				break;
4400 			(void) sleep(1);
4401 		}
4402 		if (i == MAX_WAIT)
4403 			(void) printf(gettext("%s may not be immediately "
4404 			    "available\n"), pathname);
4405 	}
4406 
4407 	return (0);
4408 }
4409 
4410 /*
4411  * Remove a minor node for the given zvol and the associated /dev links.
4412  */
4413 int
4414 zvol_remove_link(libzfs_handle_t *hdl, const char *dataset)
4415 {
4416 	zfs_cmd_t zc = { 0 };
4417 
4418 	(void) strlcpy(zc.zc_name, dataset, sizeof (zc.zc_name));
4419 
4420 	if (ioctl(hdl->libzfs_fd, ZFS_IOC_REMOVE_MINOR, &zc) != 0) {
4421 		switch (errno) {
4422 		case ENXIO:
4423 			/*
4424 			 * Silently ignore the case where the link no longer
4425 			 * exists, so that 'zfs volfini' can be run multiple
4426 			 * times without errors.
4427 			 */
4428 			return (0);
4429 
4430 		default:
4431 			return (zfs_standard_error_fmt(hdl, errno,
4432 			    dgettext(TEXT_DOMAIN, "cannot remove device "
4433 			    "links for '%s'"), dataset));
4434 		}
4435 	}
4436 
4437 	return (0);
4438 }
4439 
4440 nvlist_t *
4441 zfs_get_user_props(zfs_handle_t *zhp)
4442 {
4443 	return (zhp->zfs_user_props);
4444 }
4445 
4446 /*
4447  * Given a comma-separated list of properties, construct a property list
4448  * containing both user-defined and native properties.  This function will
4449  * return a NULL list if 'all' is specified, which can later be expanded on a
4450  * per-dataset basis by zfs_expand_proplist().
4451  */
4452 int
4453 zfs_get_proplist_common(libzfs_handle_t *hdl, char *fields,
4454     zfs_proplist_t **listp, zfs_type_t type)
4455 {
4456 	size_t len;
4457 	char *s, *p;
4458 	char c;
4459 	zfs_prop_t prop;
4460 	zfs_proplist_t *entry;
4461 	zfs_proplist_t **last;
4462 
4463 	*listp = NULL;
4464 	last = listp;
4465 
4466 	/*
4467 	 * If 'all' is specified, return a NULL list.
4468 	 */
4469 	if (strcmp(fields, "all") == 0)
4470 		return (0);
4471 
4472 	/*
4473 	 * If no fields were specified, return an error.
4474 	 */
4475 	if (fields[0] == '\0') {
4476 		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
4477 		    "no properties specified"));
4478 		return (zfs_error(hdl, EZFS_BADPROP, dgettext(TEXT_DOMAIN,
4479 		    "bad property list")));
4480 	}
4481 
4482 	/*
4483 	 * It would be nice to use getsubopt() here, but the inclusion of column
4484 	 * aliases makes this more effort than it's worth.
4485 	 */
4486 	s = fields;
4487 	while (*s != '\0') {
4488 		if ((p = strchr(s, ',')) == NULL) {
4489 			len = strlen(s);
4490 			p = s + len;
4491 		} else {
4492 			len = p - s;
4493 		}
4494 
4495 		/*
4496 		 * Check for empty options.
4497 		 */
4498 		if (len == 0) {
4499 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
4500 			    "empty property name"));
4501 			return (zfs_error(hdl, EZFS_BADPROP,
4502 			    dgettext(TEXT_DOMAIN, "bad property list")));
4503 		}
4504 
4505 		/*
4506 		 * Check all regular property names.
4507 		 */
4508 		c = s[len];
4509 		s[len] = '\0';
4510 		prop = type == ZFS_TYPE_POOL ? zpool_name_to_prop(s) :
4511 		    zfs_name_to_prop(s);
4512 
4513 		if (prop != ZFS_PROP_INVAL &&
4514 		    !zfs_prop_valid_for_type(prop, type))
4515 			prop = ZFS_PROP_INVAL;
4516 
4517 		/*
4518 		 * When no property table entry can be found, return failure if
4519 		 * this is a pool property or if this isn't a user-defined
4520 		 * dataset property,
4521 		 */
4522 		if (prop == ZFS_PROP_INVAL &&
4523 		    (type & ZFS_TYPE_POOL || !zfs_prop_user(s))) {
4524 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
4525 			    "invalid property '%s'"), s);
4526 			return (zfs_error(hdl, EZFS_BADPROP,
4527 			    dgettext(TEXT_DOMAIN, "bad property list")));
4528 		}
4529 
4530 		if ((entry = zfs_alloc(hdl, sizeof (zfs_proplist_t))) == NULL)
4531 			return (-1);
4532 
4533 		entry->pl_prop = prop;
4534 		if (prop == ZFS_PROP_INVAL) {
4535 			if ((entry->pl_user_prop =
4536 			    zfs_strdup(hdl, s)) == NULL) {
4537 				free(entry);
4538 				return (-1);
4539 			}
4540 			entry->pl_width = strlen(s);
4541 		} else {
4542 			entry->pl_width = zfs_prop_width(prop,
4543 			    &entry->pl_fixed);
4544 		}
4545 
4546 		*last = entry;
4547 		last = &entry->pl_next;
4548 
4549 		s = p;
4550 		if (c == ',')
4551 			s++;
4552 	}
4553 
4554 	return (0);
4555 }
4556 
4557 int
4558 zfs_get_proplist(libzfs_handle_t *hdl, char *fields, zfs_proplist_t **listp)
4559 {
4560 	return (zfs_get_proplist_common(hdl, fields, listp, ZFS_TYPE_ANY));
4561 }
4562 
4563 void
4564 zfs_free_proplist(zfs_proplist_t *pl)
4565 {
4566 	zfs_proplist_t *next;
4567 
4568 	while (pl != NULL) {
4569 		next = pl->pl_next;
4570 		free(pl->pl_user_prop);
4571 		free(pl);
4572 		pl = next;
4573 	}
4574 }
4575 
4576 typedef struct expand_data {
4577 	zfs_proplist_t	**last;
4578 	libzfs_handle_t	*hdl;
4579 } expand_data_t;
4580 
4581 static zfs_prop_t
4582 zfs_expand_proplist_cb(zfs_prop_t prop, void *cb)
4583 {
4584 	zfs_proplist_t *entry;
4585 	expand_data_t *edp = cb;
4586 
4587 	if ((entry = zfs_alloc(edp->hdl, sizeof (zfs_proplist_t))) == NULL)
4588 		return (ZFS_PROP_INVAL);
4589 
4590 	entry->pl_prop = prop;
4591 	entry->pl_width = zfs_prop_width(prop, &entry->pl_fixed);
4592 	entry->pl_all = B_TRUE;
4593 
4594 	*(edp->last) = entry;
4595 	edp->last = &entry->pl_next;
4596 
4597 	return (ZFS_PROP_CONT);
4598 }
4599 
4600 int
4601 zfs_expand_proplist_common(libzfs_handle_t *hdl, zfs_proplist_t **plp,
4602 	zfs_type_t type)
4603 {
4604 	zfs_proplist_t *entry;
4605 	zfs_proplist_t **last;
4606 	expand_data_t exp;
4607 
4608 	if (*plp == NULL) {
4609 		/*
4610 		 * If this is the very first time we've been called for an 'all'
4611 		 * specification, expand the list to include all native
4612 		 * properties.
4613 		 */
4614 		last = plp;
4615 
4616 		exp.last = last;
4617 		exp.hdl = hdl;
4618 
4619 		if (zfs_prop_iter_common(zfs_expand_proplist_cb, &exp, type,
4620 		    B_FALSE) == ZFS_PROP_INVAL)
4621 			return (-1);
4622 
4623 		/*
4624 		 * Add 'name' to the beginning of the list, which is handled
4625 		 * specially.
4626 		 */
4627 		if ((entry = zfs_alloc(hdl,
4628 		    sizeof (zfs_proplist_t))) == NULL)
4629 			return (-1);
4630 
4631 		entry->pl_prop = ZFS_PROP_NAME;
4632 		entry->pl_width = zfs_prop_width(ZFS_PROP_NAME,
4633 		    &entry->pl_fixed);
4634 		entry->pl_all = B_TRUE;
4635 		entry->pl_next = *plp;
4636 		*plp = entry;
4637 	}
4638 	return (0);
4639 }
4640 
4641 /*
4642  * This function is used by 'zfs list' to determine the exact set of columns to
4643  * display, and their maximum widths.  This does two main things:
4644  *
4645  *      - If this is a list of all properties, then expand the list to include
4646  *        all native properties, and set a flag so that for each dataset we look
4647  *        for new unique user properties and add them to the list.
4648  *
4649  *      - For non fixed-width properties, keep track of the maximum width seen
4650  *        so that we can size the column appropriately.
4651  */
4652 int
4653 zfs_expand_proplist(zfs_handle_t *zhp, zfs_proplist_t **plp)
4654 {
4655 	libzfs_handle_t *hdl = zhp->zfs_hdl;
4656 	zfs_proplist_t *entry;
4657 	zfs_proplist_t **last, **start;
4658 	nvlist_t *userprops, *propval;
4659 	nvpair_t *elem;
4660 	char *strval;
4661 	char buf[ZFS_MAXPROPLEN];
4662 
4663 	if (zfs_expand_proplist_common(hdl, plp, ZFS_TYPE_ANY) != 0)
4664 		return (-1);
4665 
4666 	userprops = zfs_get_user_props(zhp);
4667 
4668 	entry = *plp;
4669 	if (entry->pl_all && nvlist_next_nvpair(userprops, NULL) != NULL) {
4670 		/*
4671 		 * Go through and add any user properties as necessary.  We
4672 		 * start by incrementing our list pointer to the first
4673 		 * non-native property.
4674 		 */
4675 		start = plp;
4676 		while (*start != NULL) {
4677 			if ((*start)->pl_prop == ZFS_PROP_INVAL)
4678 				break;
4679 			start = &(*start)->pl_next;
4680 		}
4681 
4682 		elem = NULL;
4683 		while ((elem = nvlist_next_nvpair(userprops, elem)) != NULL) {
4684 			/*
4685 			 * See if we've already found this property in our list.
4686 			 */
4687 			for (last = start; *last != NULL;
4688 			    last = &(*last)->pl_next) {
4689 				if (strcmp((*last)->pl_user_prop,
4690 				    nvpair_name(elem)) == 0)
4691 					break;
4692 			}
4693 
4694 			if (*last == NULL) {
4695 				if ((entry = zfs_alloc(hdl,
4696 				    sizeof (zfs_proplist_t))) == NULL ||
4697 				    ((entry->pl_user_prop = zfs_strdup(hdl,
4698 				    nvpair_name(elem)))) == NULL) {
4699 					free(entry);
4700 					return (-1);
4701 				}
4702 
4703 				entry->pl_prop = ZFS_PROP_INVAL;
4704 				entry->pl_width = strlen(nvpair_name(elem));
4705 				entry->pl_all = B_TRUE;
4706 				*last = entry;
4707 			}
4708 		}
4709 	}
4710 
4711 	/*
4712 	 * Now go through and check the width of any non-fixed columns
4713 	 */
4714 	for (entry = *plp; entry != NULL; entry = entry->pl_next) {
4715 		if (entry->pl_fixed)
4716 			continue;
4717 
4718 		if (entry->pl_prop != ZFS_PROP_INVAL) {
4719 			if (zfs_prop_get(zhp, entry->pl_prop,
4720 			    buf, sizeof (buf), NULL, NULL, 0, B_FALSE) == 0) {
4721 				if (strlen(buf) > entry->pl_width)
4722 					entry->pl_width = strlen(buf);
4723 			}
4724 		} else if (nvlist_lookup_nvlist(userprops,
4725 		    entry->pl_user_prop, &propval)  == 0) {
4726 			verify(nvlist_lookup_string(propval,
4727 			    ZFS_PROP_VALUE, &strval) == 0);
4728 			if (strlen(strval) > entry->pl_width)
4729 				entry->pl_width = strlen(strval);
4730 		}
4731 	}
4732 
4733 	return (0);
4734 }
4735 
4736 int
4737 zfs_iscsi_perm_check(libzfs_handle_t *hdl, char *dataset, ucred_t *cred)
4738 {
4739 	zfs_cmd_t zc = { 0 };
4740 	nvlist_t *nvp;
4741 	size_t sz;
4742 	gid_t gid;
4743 	uid_t uid;
4744 	const gid_t *groups;
4745 	int group_cnt;
4746 	int error;
4747 
4748 	if (nvlist_alloc(&nvp, NV_UNIQUE_NAME, 0) != 0)
4749 		return (no_memory(hdl));
4750 
4751 	uid = ucred_geteuid(cred);
4752 	gid = ucred_getegid(cred);
4753 	group_cnt = ucred_getgroups(cred, &groups);
4754 
4755 	if (uid == (uid_t)-1 || gid == (uid_t)-1 || group_cnt == (uid_t)-1)
4756 		return (1);
4757 
4758 	if (nvlist_add_uint32(nvp, ZFS_DELEG_PERM_UID, uid) != 0) {
4759 		nvlist_free(nvp);
4760 		return (1);
4761 	}
4762 
4763 	if (nvlist_add_uint32(nvp, ZFS_DELEG_PERM_GID, gid) != 0) {
4764 		nvlist_free(nvp);
4765 		return (1);
4766 	}
4767 
4768 	if (nvlist_add_uint32_array(nvp,
4769 	    ZFS_DELEG_PERM_GROUPS, (uint32_t *)groups, group_cnt) != 0) {
4770 		nvlist_free(nvp);
4771 		return (1);
4772 	}
4773 	(void) strlcpy(zc.zc_name, dataset, sizeof (zc.zc_name));
4774 
4775 	if (zcmd_write_src_nvlist(hdl, &zc, nvp, &sz))
4776 		return (-1);
4777 
4778 	error = ioctl(hdl->libzfs_fd, ZFS_IOC_ISCSI_PERM_CHECK, &zc);
4779 	nvlist_free(nvp);
4780 	return (error);
4781 }
4782 
4783 int
4784 zfs_deleg_share_nfs(libzfs_handle_t *hdl, char *dataset, char *path,
4785     void *export, void *sharetab, int sharemax, boolean_t share_on)
4786 {
4787 	zfs_cmd_t zc = { 0 };
4788 	int error;
4789 
4790 	(void) strlcpy(zc.zc_name, dataset, sizeof (zc.zc_name));
4791 	(void) strlcpy(zc.zc_value, path, sizeof (zc.zc_value));
4792 	zc.zc_share.z_sharedata = (uint64_t)(uintptr_t)sharetab;
4793 	zc.zc_share.z_exportdata = (uint64_t)(uintptr_t)export;
4794 	zc.zc_share.z_sharetype = share_on;
4795 	zc.zc_share.z_sharemax = sharemax;
4796 
4797 	error = ioctl(hdl->libzfs_fd, ZFS_IOC_SHARE, &zc);
4798 	return (error);
4799 }
4800