zfs_namecheck.c revision edb901aab9c738b5eb15aa55933e82b0f2f9d9a2
7b1019a6d29ccb7999dc76cba3dde1c627e8e609Jerry Jelinek * CDDL HEADER START
7b1019a6d29ccb7999dc76cba3dde1c627e8e609Jerry Jelinek * The contents of this file are subject to the terms of the
7b1019a6d29ccb7999dc76cba3dde1c627e8e609Jerry Jelinek * Common Development and Distribution License (the "License").
7b1019a6d29ccb7999dc76cba3dde1c627e8e609Jerry Jelinek * You may not use this file except in compliance with the License.
7b1019a6d29ccb7999dc76cba3dde1c627e8e609Jerry Jelinek * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
7b1019a6d29ccb7999dc76cba3dde1c627e8e609Jerry Jelinek * See the License for the specific language governing permissions
7b1019a6d29ccb7999dc76cba3dde1c627e8e609Jerry Jelinek * and limitations under the License.
7b1019a6d29ccb7999dc76cba3dde1c627e8e609Jerry Jelinek * When distributing Covered Code, include this CDDL HEADER in each
7b1019a6d29ccb7999dc76cba3dde1c627e8e609Jerry Jelinek * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
7b1019a6d29ccb7999dc76cba3dde1c627e8e609Jerry Jelinek * If applicable, add the following below this CDDL HEADER, with the
7b1019a6d29ccb7999dc76cba3dde1c627e8e609Jerry Jelinek * fields enclosed by brackets "[]" replaced with your own identifying
7b1019a6d29ccb7999dc76cba3dde1c627e8e609Jerry Jelinek * information: Portions Copyright [yyyy] [name of copyright owner]
7b1019a6d29ccb7999dc76cba3dde1c627e8e609Jerry Jelinek * CDDL HEADER END
7b1019a6d29ccb7999dc76cba3dde1c627e8e609Jerry Jelinek * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
7b1019a6d29ccb7999dc76cba3dde1c627e8e609Jerry Jelinek * Use is subject to license terms.
7b1019a6d29ccb7999dc76cba3dde1c627e8e609Jerry Jelinek * Copyright (c) 2013 by Delphix. All rights reserved.
7b1019a6d29ccb7999dc76cba3dde1c627e8e609Jerry Jelinek * Common name validation routines for ZFS. These routines are shared by the
7b1019a6d29ccb7999dc76cba3dde1c627e8e609Jerry Jelinek * userland code as well as the ioctl() layer to ensure that we don't
7b1019a6d29ccb7999dc76cba3dde1c627e8e609Jerry Jelinek * inadvertently expose a hole through direct ioctl()s that never gets tested.
7b1019a6d29ccb7999dc76cba3dde1c627e8e609Jerry Jelinek * In userland, however, we want significantly more information about _why_ the
7b1019a6d29ccb7999dc76cba3dde1c627e8e609Jerry Jelinek * name is invalid. In the kernel, we only care whether it's valid or not.
7b1019a6d29ccb7999dc76cba3dde1c627e8e609Jerry Jelinek * Each routine therefore takes a 'namecheck_err_t' which describes exactly why
7b1019a6d29ccb7999dc76cba3dde1c627e8e609Jerry Jelinek * the name failed to validate.
7b1019a6d29ccb7999dc76cba3dde1c627e8e609Jerry Jelinek * Each function returns 0 on success, -1 on error.
7b1019a6d29ccb7999dc76cba3dde1c627e8e609Jerry Jelinek c == '-' || c == '_' || c == '.' || c == ':' || c == ' ');
7b1019a6d29ccb7999dc76cba3dde1c627e8e609Jerry Jelinek * Snapshot names must be made up of alphanumeric characters plus the following
7b1019a6d29ccb7999dc76cba3dde1c627e8e609Jerry Jelinek * characters:
7b1019a6d29ccb7999dc76cba3dde1c627e8e609Jerry Jelinekzfs_component_namecheck(const char *path, namecheck_err_t *why, char *what)
7b1019a6d29ccb7999dc76cba3dde1c627e8e609Jerry Jelinek const char *loc;
7b1019a6d29ccb7999dc76cba3dde1c627e8e609Jerry Jelinek if (strlen(path) >= ZFS_MAX_DATASET_NAME_LEN) {
7b1019a6d29ccb7999dc76cba3dde1c627e8e609Jerry Jelinek * Permissions set name must start with the letter '@' followed by the
7b1019a6d29ccb7999dc76cba3dde1c627e8e609Jerry Jelinek * same character restrictions as snapshot names, except that the name
7b1019a6d29ccb7999dc76cba3dde1c627e8e609Jerry Jelinek * cannot exceed 64 characters.
7b1019a6d29ccb7999dc76cba3dde1c627e8e609Jerry Jelinekpermset_namecheck(const char *path, namecheck_err_t *why, char *what)
7b1019a6d29ccb7999dc76cba3dde1c627e8e609Jerry Jelinek return (zfs_component_namecheck(&path[1], why, what));
7b1019a6d29ccb7999dc76cba3dde1c627e8e609Jerry Jelinek * Entity names must be of the following form:
7b1019a6d29ccb7999dc76cba3dde1c627e8e609Jerry Jelinek * [component/]*[component][(@|#)component]?
7b1019a6d29ccb7999dc76cba3dde1c627e8e609Jerry Jelinek * Where each component is made up of alphanumeric characters plus the following
7b1019a6d29ccb7999dc76cba3dde1c627e8e609Jerry Jelinek * characters:
7b1019a6d29ccb7999dc76cba3dde1c627e8e609Jerry Jelinek * We allow '%' here as we use that character internally to create unique
7b1019a6d29ccb7999dc76cba3dde1c627e8e609Jerry Jelinek * names for temporary clones (for online recv).
7b1019a6d29ccb7999dc76cba3dde1c627e8e609Jerry Jelinekentity_namecheck(const char *path, namecheck_err_t *why, char *what)
7b1019a6d29ccb7999dc76cba3dde1c627e8e609Jerry Jelinek * Make sure the name is not too long.
7b1019a6d29ccb7999dc76cba3dde1c627e8e609Jerry Jelinek if (strlen(path) >= ZFS_MAX_DATASET_NAME_LEN) {
7b1019a6d29ccb7999dc76cba3dde1c627e8e609Jerry Jelinek /* Explicitly check for a leading slash. */
7b1019a6d29ccb7999dc76cba3dde1c627e8e609Jerry Jelinek /* Find the end of this component */
7b1019a6d29ccb7999dc76cba3dde1c627e8e609Jerry Jelinek while (*end != '/' && *end != '@' && *end != '#' &&
7b1019a6d29ccb7999dc76cba3dde1c627e8e609Jerry Jelinek /* trailing slashes are not allowed */
7b1019a6d29ccb7999dc76cba3dde1c627e8e609Jerry Jelinek /* Validate the contents of this component */
7b1019a6d29ccb7999dc76cba3dde1c627e8e609Jerry Jelinek for (const char *loc = start; loc != end; loc++) {
7b1019a6d29ccb7999dc76cba3dde1c627e8e609Jerry Jelinek /* Snapshot or bookmark delimiter found */
7b1019a6d29ccb7999dc76cba3dde1c627e8e609Jerry Jelinek /* Multiple delimiters are not allowed */
7b1019a6d29ccb7999dc76cba3dde1c627e8e609Jerry Jelinek /* Zero-length components are not allowed */
7b1019a6d29ccb7999dc76cba3dde1c627e8e609Jerry Jelinek /* If we've reached the end of the string, we're OK */
7b1019a6d29ccb7999dc76cba3dde1c627e8e609Jerry Jelinek * If there is a '/' in a snapshot or bookmark name
7b1019a6d29ccb7999dc76cba3dde1c627e8e609Jerry Jelinek * then report an error
7b1019a6d29ccb7999dc76cba3dde1c627e8e609Jerry Jelinek /* Update to the next component */
7b1019a6d29ccb7999dc76cba3dde1c627e8e609Jerry Jelinek * Dataset is any entity, except bookmark
7b1019a6d29ccb7999dc76cba3dde1c627e8e609Jerry Jelinekdataset_namecheck(const char *path, namecheck_err_t *why, char *what)
7b1019a6d29ccb7999dc76cba3dde1c627e8e609Jerry Jelinek * mountpoint names must be of the following form:
7b1019a6d29ccb7999dc76cba3dde1c627e8e609Jerry Jelinek * /[component][/]*[component][/]
7b1019a6d29ccb7999dc76cba3dde1c627e8e609Jerry Jelinekmountpoint_namecheck(const char *path, namecheck_err_t *why)
7b1019a6d29ccb7999dc76cba3dde1c627e8e609Jerry Jelinek * Make sure none of the mountpoint component names are too long.
7b1019a6d29ccb7999dc76cba3dde1c627e8e609Jerry Jelinek * If a component name is too long then the mkdir of the mountpoint
7b1019a6d29ccb7999dc76cba3dde1c627e8e609Jerry Jelinek * will fail but then the mountpoint property will be set to a value
7b1019a6d29ccb7999dc76cba3dde1c627e8e609Jerry Jelinek * that can never be mounted. Better to fail before setting the prop.
7b1019a6d29ccb7999dc76cba3dde1c627e8e609Jerry Jelinek * Extra slashes are OK, they will be tossed by the mountpoint mkdir.
7b1019a6d29ccb7999dc76cba3dde1c627e8e609Jerry Jelinek /* Skip leading slash */
7b1019a6d29ccb7999dc76cba3dde1c627e8e609Jerry Jelinek if (end - start >= ZFS_MAX_DATASET_NAME_LEN) {
if (why)
c = pool;
if (!valid_char(*c)) {
if (why) {
*what = *c;
if (why)
if (why)
if (why)