libzfs_dataset.c revision 2e5e9e19867a0d75685f5beb2fe1b0e31491d49b
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
* Copyright 2009 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
#include <assert.h>
#include <ctype.h>
#include <errno.h>
#include <libdevinfo.h>
#include <libintl.h>
#include <math.h>
#include <stdio.h>
#include <stdlib.h>
#include <strings.h>
#include <unistd.h>
#include <stddef.h>
#include <zone.h>
#include <fcntl.h>
#include <priv.h>
#include <pwd.h>
#include <grp.h>
#include <stddef.h>
#include <ucred.h>
#include <libzfs.h>
#include "zfs_namecheck.h"
#include "zfs_prop.h"
#include "libzfs_impl.h"
#include "zfs_deleg.h"
static int zvol_create_link_common(libzfs_handle_t *, const char *, int);
/*
* Given a single type (not a mask of types), return the type in a human
* readable form.
*/
const char *
{
switch (type) {
case ZFS_TYPE_FILESYSTEM:
case ZFS_TYPE_SNAPSHOT:
case ZFS_TYPE_VOLUME:
}
return (NULL);
}
/*
* Given a path and mask of ZFS types, return a string describing this dataset.
* This is used when we fail to open a dataset and we cannot get an exact type.
* We guess what the type would have been based on the path and the mask of
* acceptable types.
*/
static const char *
{
/*
* When given a single type, always report the exact type.
*/
if (types == ZFS_TYPE_SNAPSHOT)
if (types == ZFS_TYPE_FILESYSTEM)
if (types == ZFS_TYPE_VOLUME)
/*
* The user is requesting more than one type of dataset. If this is the
* case, consult the path itself. If we're looking for a snapshot, and
* a '@' is found, then report it as "snapshot". Otherwise, remove the
* snapshot attribute and try again.
*/
if (types & ZFS_TYPE_SNAPSHOT) {
}
/*
* The user has requested either filesystems or volumes.
* We have no way of knowing a priori what type this would be, so always
* report it as "filesystem" or "volume", our two primitive types.
*/
if (types & ZFS_TYPE_FILESYSTEM)
}
/*
* Validate a ZFS path. This is used even before trying to open the dataset, to
* provide a more meaningful error message. We place a more useful message in
* 'buf' detailing exactly why the name was not valid.
*/
static int
{
char what;
switch (why) {
case NAME_ERR_TOOLONG:
"name is too long"));
break;
case NAME_ERR_LEADING_SLASH:
"leading slash in name"));
break;
case NAME_ERR_EMPTY_COMPONENT:
"empty component in name"));
break;
case NAME_ERR_TRAILING_SLASH:
"trailing slash in name"));
break;
case NAME_ERR_INVALCHAR:
"'%c' in name"), what);
break;
case NAME_ERR_MULTIPLE_AT:
"multiple '@' delimiters in name"));
break;
case NAME_ERR_NOLETTER:
"pool doesn't begin with a letter"));
break;
case NAME_ERR_RESERVED:
"name is reserved"));
break;
case NAME_ERR_DISKLIKE:
"reserved disk name"));
break;
}
}
return (0);
}
"snapshot delimiter '@' in filesystem name"));
return (0);
}
"missing '@' delimiter in snapshot name"));
return (0);
}
"invalid character %c in name"), '%');
return (0);
}
return (-1);
}
int
{
if (type == ZFS_TYPE_POOL)
}
/*
* This function takes the raw DSL properties, and filters out the user-defined
* properties into a separate nvlist.
*/
static nvlist_t *
{
return (NULL);
}
continue;
return (NULL);
}
}
return (nvl);
}
static zpool_handle_t *
{
}
return (zph);
}
static zpool_handle_t *
{
return (zph);
}
/*
* Returns a handle to the pool that contains the provided dataset.
* If a handle to that pool already exists then that handle is returned.
* Otherwise, a new handle is created and added to the list of handles.
*/
static zpool_handle_t *
{
char *pool_name;
int len;
return (zph);
}
void
{
}
}
/*
* Utility function to gather stats (objset and zpl) for the given object.
*/
static int
{
return (-1);
}
} else {
return (-1);
}
}
return (0);
}
static int
{
return (-1);
}
return (-1);
}
return (0);
}
static int
{
int rc = 0;
return (-1);
rc = -1;
rc = -1;
return (rc);
}
/*
* Refresh the properties currently stored in the handle.
*/
void
{
}
/*
* Makes a handle from the given dataset name. Used by zfs_open() and
* zfs_iter_* to create child handles on the fly.
*/
static int
{
char *logstr;
/*
* Preserve history log string.
* any changes performed here will be
* logged as an internal event.
*/
top:
return (-1);
}
/*
* If it is dds_inconsistent, then we've caught it in
* the middle of a 'zfs receive' or 'zfs destroy', and
* it is inconsistent from the ZPL's point of view, so
* can't be mounted. However, it could also be that we
* have crashed in the middle of one of those
* operations, in which case we need to get rid of the
* inconsistent state. We do that by either rolling
* back to the previous snapshot (which will fail if
* there is none), or destroying the filesystem. Note
* that if we are still in the middle of an active
* 'receive' or 'destroy', then the rollback and destroy
* will fail with EBUSY and we will drive on as usual.
*/
} else {
}
/*
* If we can successfully destroy it, pretend that it
* never existed.
*/
return (-1);
}
/* If we can successfully roll it back, reset the stats */
return (-1);
}
goto top;
}
}
/*
* We've managed to open the dataset and gather statistics. Determine
* the high-level type.
*/
else
abort();
else
abort(); /* we should never see any other types */
return (0);
}
{
return (NULL);
return (NULL);
}
return (NULL);
}
}
return (zhp);
}
static zfs_handle_t *
{
return (NULL);
return (NULL);
}
return (zhp);
}
/*
* Opens the given snapshot, filesystem, or volume. The 'types'
* argument is a mask of acceptable types. The function will print an
* appropriate error message and return NULL if it can't be opened.
*/
{
char errbuf[1024];
/*
* Validate the name before we even try to open it.
*/
"invalid dataset name"));
return (NULL);
}
/*
* Try to get stats for the dataset, which will tell us if it exists.
*/
errno = 0;
return (NULL);
}
return (NULL);
}
return (zhp);
}
/*
* Release a ZFS handle. Nothing to do but free the associated memory.
*/
void
{
if (zhp->zfs_mntopts)
}
typedef struct mnttab_node {
static int
{
int rv;
if (rv == 0)
return (0);
}
void
{
continue;
}
}
void
{
}
}
int
{
if (mtn) {
return (0);
}
return (ENOENT);
}
void
{
return;
}
void
{
}
}
int
{
if (zpool_handle == NULL)
return (-1);
return (0);
}
/*
* The choice of reservation property depends on the SPA version.
*/
static int
{
int spa_version;
return (-1);
else
return (0);
}
/*
* Given an nvlist of properties to set, validates that they are correct, and
* parses any numeric properties (index, boolean, etc) if they are specified as
* strings.
*/
nvlist_t *
{
char *strval;
int chosen_normal = -1;
int chosen_utf = -1;
return (NULL);
}
/*
* Make sure this property is valid and applies to this type.
*/
if (!zfs_prop_user(propname)) {
"invalid property '%s'"), propname);
goto error;
}
/*
* If this is a user property, make sure it's a
* string, and that it's less than ZAP_MAXNAMELEN.
*/
"'%s' must be a string"), propname);
goto error;
}
"property name '%s' is too long"),
propname);
goto error;
}
goto error;
}
continue;
}
if (type == ZFS_TYPE_SNAPSHOT) {
"this property can not be modified for snapshots"));
goto error;
}
"apply to datasets of this type"), propname);
goto error;
}
if (zfs_prop_readonly(prop) &&
propname);
goto error;
}
goto error;
/*
* Perform some additional checks for specific properties.
*/
switch (prop) {
case ZFS_PROP_VERSION:
{
int version;
break;
"Can not downgrade; already at version %u"),
version);
goto error;
}
break;
}
case ZFS_PROP_RECORDSIZE:
case ZFS_PROP_VOLBLOCKSIZE:
/* must be power of two within SPA_{MIN,MAX}BLOCKSIZE */
if (intval < SPA_MINBLOCKSIZE ||
"'%s' must be power of 2 from %u "
"to %uk"), propname,
goto error;
}
break;
case ZFS_PROP_SHAREISCSI:
"'%s' must be 'on', 'off', or 'type=disk'"),
propname);
goto error;
}
break;
case ZFS_PROP_MOUNTPOINT:
{
break;
switch (why) {
case NAME_ERR_LEADING_SLASH:
"'%s' must be an absolute path, "
"'none', or 'legacy'"), propname);
break;
case NAME_ERR_TOOLONG:
"component of '%s' is too long"),
propname);
break;
}
goto error;
}
}
/*FALLTHRU*/
case ZFS_PROP_SHARESMB:
case ZFS_PROP_SHARENFS:
/*
* For the mountpoint and sharenfs or sharesmb
* properties, check if it can be set in a
* global/non-global zone based on
* the zoned property value:
*
* global zone non-global zone
* --------------------------------------------------
* zoned=on mountpoint (no) mountpoint (yes)
* sharenfs (no) sharenfs (no)
* sharesmb (no) sharesmb (no)
*
* zoned=off mountpoint (yes) N/A
* sharenfs (yes)
* sharesmb (yes)
*/
if (zoned) {
if (getzoneid() == GLOBAL_ZONEID) {
"'%s' cannot be set on "
"dataset in a non-global zone"),
propname);
errbuf);
goto error;
} else if (prop == ZFS_PROP_SHARENFS ||
prop == ZFS_PROP_SHARESMB) {
"'%s' cannot be set in "
"a non-global zone"), propname);
errbuf);
goto error;
}
} else if (getzoneid() != GLOBAL_ZONEID) {
/*
* If zoned property is 'off', this must be in
* a globle zone. If not, something is wrong.
*/
"'%s' cannot be set while dataset "
"'zoned' property is set"), propname);
goto error;
}
/*
* At this point, it is legitimate to set the
* property. Now we want to make sure that the
* property value is valid if it is sharenfs.
*/
if ((prop == ZFS_PROP_SHARENFS ||
prop == ZFS_PROP_SHARESMB) &&
if (prop == ZFS_PROP_SHARESMB)
else
/*
* Must be an valid sharing protocol
* option string so init the libshare
* in order to enable the parser and
* then parse the options. We use the
* control API since we don't care about
* the current configuration and don't
* want the overhead of loading it
* until we actually do something.
*/
if (zfs_init_libshare(hdl,
SA_INIT_CONTROL_API) != SA_OK) {
/*
* An error occurred so we can't do
* anything
*/
"'%s' cannot be set: problem "
"in share initialization"),
propname);
errbuf);
goto error;
}
/*
* There was an error in parsing so
* deal with it by issuing an error
* message and leaving after
* uninitializing the the libshare
* interface.
*/
"'%s' cannot be set to invalid "
"options"), propname);
errbuf);
goto error;
}
}
break;
case ZFS_PROP_UTF8ONLY:
chosen_utf = (int)intval;
break;
case ZFS_PROP_NORMALIZE:
chosen_normal = (int)intval;
break;
}
/*
* For changes to existing volumes, we have some additional
* checks to enforce.
*/
char buf[64];
switch (prop) {
case ZFS_PROP_RESERVATION:
case ZFS_PROP_REFRESERVATION:
"'%s' is greater than current "
"volume size"), propname);
errbuf);
goto error;
}
break;
case ZFS_PROP_VOLSIZE:
sizeof (buf));
"'%s' must be a multiple of "
"volume block size (%s)"),
errbuf);
goto error;
}
if (intval == 0) {
"'%s' cannot be zero"),
propname);
errbuf);
goto error;
}
break;
}
}
}
/*
* If normalization was chosen, but no UTF8 choice was made,
* enforce rejection of non-UTF8 names.
*
* If normalization was chosen, but rejecting non-UTF8 names
* was explicitly not chosen, it is an error.
*/
if (chosen_normal > 0 && chosen_utf < 0) {
if (nvlist_add_uint64(ret,
goto error;
}
} else if (chosen_normal > 0 && chosen_utf == 0) {
"'%s' must be set 'on' if normalization chosen"),
goto error;
}
/*
* If this is an existing volume, and someone is setting the volsize,
* make sure that it matches the reservation, or add it if necessary.
*/
&intval) == 0) {
goto error;
if (old_volsize == old_reservation &&
&new_reservation) != 0) {
if (nvlist_add_uint64(ret,
goto error;
}
}
}
return (ret);
return (NULL);
}
static int
{
*who_type == ZFS_DELEG_NAMED_SET) {
*ret_who = -1;
return (0);
}
return (EZFS_BADWHO);
if (*who_type == ZFS_DELEG_WHO_UNKNOWN &&
*ret_who = -1;
return (0);
}
} else if (pwd) {
} else if (grp) {
} else {
char *end;
return (EZFS_BADWHO);
} else {
if (*who_type == ZFS_DELEG_WHO_UNKNOWN)
}
}
return (0);
}
static void
{
} else {
}
}
static void
{
char name[ZFS_MAX_DELEG_NAME];
if (do_perms) {
(who_type == ZFS_DELEG_NAMED_SET) ?
}
if (do_sets) {
(who_type == ZFS_DELEG_NAMED_SET) ?
}
}
static void
{
} else {
if (inherit & ZFS_DELEG_PERM_LOCAL) {
}
if (inherit & ZFS_DELEG_PERM_DESCENDENT) {
}
}
}
/*
*
* The nvlist is constructed as a series of nvpairs with an optional embedded
* nvlist of permissions to remove or set. The topmost nvpairs are the actual
* base attribute named stored in the dsl.
* Arguments:
*
* whostr: is a comma separated list of users, groups, or a single set name.
* whostr may be null for everyone or create perms.
* who_type: is the type of entry in whostr. Typically this will be
* ZFS_DELEG_WHO_UNKNOWN.
* perms: common separated list of permissions. May be null if user
* is requested to remove permissions by who.
* inherit: Specifies the inheritance of the permissions. Will be either
* nvp The constructed nvlist to pass to zfs_perm_set().
* The output nvp will look something like this.
* ul$1234 -> {create ; destroy }
* Ul$1234 -> { @myset }
* s-$@myset - { snapshot; checksum; compression }
*/
int
{
char errbuf[1024];
int error;
if (perms) {
NV_UNIQUE_NAME, 0)) != 0) {
return (1);
}
NV_UNIQUE_NAME, 0)) != 0) {
return (1);
}
}
if (perms_nvp)
if (sets_nvp)
return (1);
}
if (who_type == ZFS_DELEG_NAMED_SET) {
char what;
if (perms_nvp)
if (sets_nvp)
switch (why) {
case NAME_ERR_NO_AT:
"set definition must begin with an '@' "
"character"));
}
}
}
/*
* Build up nvlist(s) of permissions. Two nvlists are maintained.
* The first nvlist perms_nvp will have normal permissions and the
* other sets_nvp will have only permssion set names in it.
*/
if (perm_canonical) {
perm_canonical) == 0);
} else if (perm[0] == '@') {
} else {
}
}
if (perms_nvp)
if (sets_nvp)
whostr);
}
}
/*
* Now create the nvlist(s)
*/
do {
&who_id);
if (error) {
if (perms_nvp)
if (sets_nvp)
"%s "), who_tok);
}
/*
* add entries for both local and descendent when required
*/
return (0);
}
static int
{
int error;
char errbuf[1024];
return (-1);
} else if (error) {
}
return (error);
}
int
{
}
int
{
}
static int
{
int ret;
if (ret > 0)
return (1);
if (ret < 0)
return (-1);
else
return (0);
}
static void
{
}
static void
{
}
}
void
{
while (allownext) {
}
}
static zfs_allow_t *
{
sizeof (zfs_allow_t))) == NULL) {
return (NULL);
}
perm_compare, sizeof (zfs_allow_node_t),
perm_compare, sizeof (zfs_allow_node_t),
perm_compare, sizeof (zfs_allow_node_t),
perm_compare, sizeof (zfs_allow_node_t),
perm_compare, sizeof (zfs_allow_node_t),
if (prev)
return (ptree);
}
/*
* Add permissions to the appropriate AVL permission tree.
* The appropriate tree may not be the requested tree.
* For example if ld indicates a local permission, but
* same permission also exists as a descendent permission
* then the permission will be removed from the descendent
* tree and add the the local+descendent tree.
*/
static int
{
if (ld == ZFS_DELEG_NA) {
} else if (ld == ZFS_DELEG_LOCAL) {
} else {
}
if (permnode2) {
}
}
/*
* Now insert new permission in either requested location
* local/descendent or into ld when perm will exist in both.
*/
sizeof (zfs_perm_node_t))) == NULL) {
return (-1);
}
}
return (0);
}
/*
* Uggh, this is going to be a bit complicated.
* we have an nvlist coming out of the kernel that
* will indicate where the permission is set and then
* it will contain allow of the various "who's", and what
* their permissions are. To further complicate this
* we will then have to coalesce the local,descendent
* and local+descendent permissions where appropriate.
* The kernel only knows about a permission as being local
* or descendent, but not both.
*
* In order to make this easier for zfs_main to deal with
* a series of AVL trees will be used to maintain
* all of this, primarily for sorting purposes as well
* as the ability to quickly locate a specific entry.
*
* What we end up with are tree's for sets, create perms,
* user, groups and everyone. With each of those trees
* we have subtrees for local, descendent and local+descendent
* permissions.
*/
int
{
int error;
char errbuf[1024];
char ld;
char *nvpname;
return (-1);
return (-1);
}
gettext("Pool must be upgraded to use 'allow'"));
} else {
return (-1);
}
}
return (-1);
}
if (source_pair == NULL) {
return (0);
}
return (0);
}
for (;;) {
sizeof (zallowp->z_setpoint));
goto abort;
/*
* Make sure nvlist is composed correctly
*/
if (zfs_deleg_verify_nvlist(sourcenv)) {
goto abort;
}
goto abort;
}
do {
if (error) {
goto abort;
}
/*
* First build up the key to use
* for looking up in the various
* who trees.
*/
switch (nvpair_name(who_pair)[0]) {
case ZFS_DELEG_USER:
case ZFS_DELEG_USER_SETS:
break;
case ZFS_DELEG_GROUP:
case ZFS_DELEG_GROUP_SETS:
break;
case ZFS_DELEG_CREATE:
case ZFS_DELEG_CREATE_SETS:
sizeof (findallownode.z_key));
break;
case ZFS_DELEG_EVERYONE:
case ZFS_DELEG_EVERYONE_SETS:
break;
case ZFS_DELEG_NAMED_SET:
case ZFS_DELEG_NAMED_SET_SETS:
break;
}
/*
* Place who in tree
*/
sizeof (zfs_allow_node_t))) == NULL) {
goto abort;
}
sizeof (zfs_perm_node_t),
sizeof (zfs_perm_node_t),
sizeof (zfs_perm_node_t),
sizeof (findallownode.z_key));
}
/*
* Now iterate over the permissions and
* place them in the appropriate local,
* descendent or local+descendent tree.
*
* The permissions are added to the tree
* via zfs_coalesce_perm().
*/
goto abort;
do {
goto abort;
perm_pair));
if (source_pair == NULL)
break;
/*
* allocate another node from the link list of
* zfs_allow_t structures
*/
goto abort;
}
}
return (0);
return (-1);
}
static char *
{
/*
* Don't put newlines on end of lines
*/
switch (note) {
case ZFS_DELEG_NOTE_CREATE:
return (dgettext(TEXT_DOMAIN,
"Must also have the 'mount' ability"));
case ZFS_DELEG_NOTE_DESTROY:
return (dgettext(TEXT_DOMAIN,
"Must also have the 'mount' ability"));
case ZFS_DELEG_NOTE_SNAPSHOT:
return (dgettext(TEXT_DOMAIN,
"Must also have the 'mount' ability"));
case ZFS_DELEG_NOTE_ROLLBACK:
return (dgettext(TEXT_DOMAIN,
"Must also have the 'mount' ability"));
case ZFS_DELEG_NOTE_CLONE:
"ability and 'mount'\n"
"\t\t\t\tability in the origin file system"));
case ZFS_DELEG_NOTE_PROMOTE:
"\t\t\t\tand 'promote' ability in the origin file system"));
case ZFS_DELEG_NOTE_RENAME:
"and 'create' \n\t\t\t\tability in the new parent"));
case ZFS_DELEG_NOTE_RECEIVE:
" and 'create' ability"));
case ZFS_DELEG_NOTE_USERPROP:
return (dgettext(TEXT_DOMAIN,
"Allows changing any user property"));
case ZFS_DELEG_NOTE_ALLOW:
return (dgettext(TEXT_DOMAIN,
"Must also have the permission that is being\n"
"\t\t\t\tallowed"));
case ZFS_DELEG_NOTE_MOUNT:
return (dgettext(TEXT_DOMAIN,
case ZFS_DELEG_NOTE_SHARE:
return (dgettext(TEXT_DOMAIN,
"Allows sharing file systems over NFS or SMB\n"
"\t\t\t\tprotocols"));
case ZFS_DELEG_NOTE_NONE:
default:
}
}
typedef enum {
/*
* is the permission a subcommand or other?
*/
zfs_deleg_perm_type(const char *perm)
{
return (ZFS_DELEG_OTHER);
else
return (ZFS_DELEG_SUBCOMMAND);
}
static char *
{
switch (type) {
case ZFS_DELEG_SUBCOMMAND:
case ZFS_DELEG_PROP:
case ZFS_DELEG_OTHER:
}
return ("");
}
/*ARGSUSED*/
static int
{
if (zfs_prop_delegatable(prop))
return (ZPROP_CONT);
}
void
zfs_deleg_permissions(void)
{
int i;
"TYPE", "NOTES");
/*
* First print out the subcommands
*/
}
}
/*
* Given a property name and value, set the property for the given dataset.
*/
int
{
int ret = -1;
char errbuf[1024];
goto error;
}
goto error;
goto error;
"child dataset with inherited mountpoint is used "
"in a non-global zone"));
goto error;
}
/*
* If the dataset's canmount property is being set to noauto,
* then we want to prevent unmounting & remounting it.
*/
goto error;
/*
* Execute the corresponding ioctl() to set this property.
*/
goto error;
if (ret != 0) {
switch (errno) {
case ENOSPC:
/*
* For quotas and reservations, ENOSPC indicates
* something different; setting a quota or reservation
* doesn't use any disk space.
*/
switch (prop) {
case ZFS_PROP_QUOTA:
case ZFS_PROP_REFQUOTA:
"size is less than current used or "
"reserved space"));
break;
case ZFS_PROP_RESERVATION:
case ZFS_PROP_REFRESERVATION:
"size is greater than available space"));
break;
default:
break;
}
break;
case EBUSY:
if (prop == ZFS_PROP_VOLBLOCKSIZE)
else
break;
case EROFS:
break;
case ENOTSUP:
"pool and or dataset must be upgraded to set this "
"property or value"));
break;
case ERANGE:
if (prop == ZFS_PROP_COMPRESSION) {
"property setting is not allowed on "
"bootable datasets"));
} else {
}
break;
case EOVERFLOW:
/*
* This platform can't address a volume this big.
*/
#ifdef _ILP32
if (prop == ZFS_PROP_VOLSIZE) {
break;
}
#endif
/* FALLTHROUGH */
default:
}
} else {
if (do_prefix)
/*
* Refresh the statistics so the new property value
* is reflected.
*/
if (ret == 0)
}
if (cl)
return (ret);
}
/*
* Given a property, inherit the value from the parent dataset.
*/
int
{
int ret;
char errbuf[1024];
/*
* For user properties, the amount of work we have to do is very
* small, so just do it here.
*/
if (!zfs_prop_user(propname)) {
"invalid property"));
}
return (0);
}
/*
* Verify that this property is inheritable.
*/
if (zfs_prop_readonly(prop))
if (!zfs_prop_inheritable(prop))
/*
* Check to see if the value applies to this type
*/
/*
* Normalize the name, to get rid of shorthand abbrevations.
*/
"dataset is used in a non-global zone"));
}
/*
* Determine datasets which will be affected by this change, if any.
*/
return (-1);
"child dataset with inherited mountpoint is used "
"in a non-global zone"));
goto error;
}
goto error;
} else {
goto error;
/*
* Refresh the statistics so the new property is reflected.
*/
}
return (ret);
}
/*
* True DSL properties are stored in an nvlist. The following two functions
* extract them appropriately.
*/
static uint64_t
{
} else {
*source = "";
}
return (value);
}
static char *
{
char *value;
} else {
value = "";
*source = "";
}
return (value);
}
/*
* Internal function for getting a numeric property. Both zfs_prop_get() and
* zfs_prop_get_int() are built using this interface.
*
* Certain properties can be overridden using 'mount -o'. In this case, scan
* If they differ from the on-disk values, report the current values and mark
* the source "temporary".
*/
static int
{
char *mntopt_off = NULL;
switch (prop) {
case ZFS_PROP_ATIME:
break;
case ZFS_PROP_DEVICES:
break;
case ZFS_PROP_EXEC:
break;
case ZFS_PROP_READONLY:
break;
case ZFS_PROP_SETUID:
break;
case ZFS_PROP_XATTR:
break;
case ZFS_PROP_NBMAND:
break;
}
/*
* Because looking up the mount options is potentially expensive
* we're looking up a property which requires its presence.
*/
if (!zhp->zfs_mntcheck &&
return (-1);
}
}
else
switch (prop) {
case ZFS_PROP_ATIME:
case ZFS_PROP_DEVICES:
case ZFS_PROP_EXEC:
case ZFS_PROP_READONLY:
case ZFS_PROP_SETUID:
case ZFS_PROP_XATTR:
case ZFS_PROP_NBMAND:
if (src)
if (src)
}
break;
case ZFS_PROP_CANMOUNT:
if (*val != ZFS_CANMOUNT_ON)
else
break;
case ZFS_PROP_QUOTA:
case ZFS_PROP_REFQUOTA:
case ZFS_PROP_RESERVATION:
case ZFS_PROP_REFRESERVATION:
if (*val == 0)
else
break;
case ZFS_PROP_MOUNTED:
break;
case ZFS_PROP_NUMCLONES:
break;
case ZFS_PROP_VERSION:
case ZFS_PROP_NORMALIZE:
case ZFS_PROP_UTF8ONLY:
case ZFS_PROP_CASE:
return (-1);
"unable to get %s property"),
}
val) != 0) {
"unable to get %s property"),
}
if (zplprops)
break;
default:
switch (zfs_prop_get_type(prop)) {
case PROP_TYPE_NUMBER:
case PROP_TYPE_INDEX:
/*
* If we tried to use a defalut value for a
* readonly property, it means that it was not
* present; return an error.
*/
if (zfs_prop_readonly(prop) &&
return (-1);
}
break;
case PROP_TYPE_STRING:
default:
"cannot get non-numeric property"));
}
}
return (0);
}
/*
* Calculate the source type, given the raw source string.
*/
static void
{
return;
} else if (source[0] == '\0') {
} else {
} else {
}
}
}
/*
* Retrieve a property from the given object. If 'literal' is specified, then
* numbers are left as exact values. Otherwise, numbers are converted to a
* human-readable form.
*
* Returns 0 on success, or -1 on error.
*/
int
{
char *str;
const char *strval;
/*
* Check to see if this property applies to our object
*/
return (-1);
if (src)
*src = ZPROP_SRC_NONE;
switch (prop) {
case ZFS_PROP_CREATION:
/*
* 'creation' is a time_t stored in the statistics. We convert
* this into a string unless 'literal' is specified.
*/
{
struct tm t;
if (literal ||
&t) == 0)
}
break;
case ZFS_PROP_MOUNTPOINT:
/*
* Getting the precise mountpoint can be tricky.
*
* - for 'none' or 'legacy', return those values.
* - for inherited mountpoints, we want to take everything
* after our ancestor and append it to the inherited value.
*
* If the pool has an alternate root, we want to prepend that
* root to any values we return.
*/
if (str[0] == '/') {
char buf[MAXPATHLEN];
if (relpath[0] == '/')
relpath++;
root[0] = '\0';
/*
* Special case an alternate root of '/'. This will
* avoid having multiple leading slashes in the
* mountpoint path.
*/
root++;
/*
* If the mountpoint is '/' then skip over this
* if we are obtaining either an alternate root or
* an inherited mountpoint.
*/
relpath[0] != '\0'))
str++;
if (relpath[0] == '\0')
else
relpath);
} else {
/* 'legacy' or 'none' */
}
break;
case ZFS_PROP_ORIGIN:
proplen);
/*
* If there is no parent at all, return failure to indicate that
* it doesn't apply to this dataset.
*/
if (propbuf[0] == '\0')
return (-1);
break;
case ZFS_PROP_QUOTA:
case ZFS_PROP_REFQUOTA:
case ZFS_PROP_RESERVATION:
case ZFS_PROP_REFRESERVATION:
return (-1);
/*
* If quota or reservation is 0, we translate this into 'none'
* (unless literal is set), and indicate that it's the default
* value. Otherwise, we print the number nicely and indicate
* that its set locally.
*/
if (val == 0) {
if (literal)
else
} else {
if (literal)
(u_longlong_t)val);
else
}
break;
case ZFS_PROP_COMPRESSRATIO:
return (-1);
break;
case ZFS_PROP_TYPE:
case ZFS_TYPE_FILESYSTEM:
str = "filesystem";
break;
case ZFS_TYPE_VOLUME:
str = "volume";
break;
case ZFS_TYPE_SNAPSHOT:
str = "snapshot";
break;
default:
abort();
}
break;
case ZFS_PROP_MOUNTED:
/*
* The 'mounted' property is a pseudo-property that described
* whether the filesystem is currently mounted. Even though
* it's a boolean value, the typical values of "on" and "off"
* don't make sense, so we translate to "yes" and "no".
*/
return (-1);
if (val)
else
break;
case ZFS_PROP_NAME:
/*
* The 'name' property is a pseudo-property derived from the
* dataset name. It is presented as a real property to simplify
* consumers.
*/
break;
default:
switch (zfs_prop_get_type(prop)) {
case PROP_TYPE_NUMBER:
return (-1);
if (literal)
(u_longlong_t)val);
else
break;
case PROP_TYPE_STRING:
break;
case PROP_TYPE_INDEX:
return (-1);
return (-1);
break;
default:
abort();
}
}
return (0);
}
/*
* Utility function to get the given numeric property. Does no validation that
* the given property is the appropriate type; should only be used with
* hard-coded property types.
*/
{
char *source;
return (val);
}
int
{
char buf[64];
}
/*
* Similar to zfs_prop_get(), but returns the value as an integer.
*/
int
{
char *source;
/*
* Check to see if this property applies to our object
*/
zfs_prop_to_name(prop)));
}
if (src)
*src = ZPROP_SRC_NONE;
return (-1);
return (0);
}
/*
* Returns the name of the given zfs handle.
*/
const char *
{
}
/*
* Returns the type of the given zfs handle.
*/
{
}
static int
{
int rc;
top:
if (rc == -1) {
switch (errno) {
case ENOMEM:
/* expand nvlist memory and try again */
return (-1);
}
goto top;
/*
* An errno value of ESRCH indicates normal completion.
* If ENOENT is returned, then the underlying dataset
* has been removed since we obtained the handle.
*/
case ESRCH:
case ENOENT:
rc = 1;
break;
default:
"cannot iterate filesystems"));
break;
}
}
return (rc);
}
/*
* Iterate over all child filesystems
*/
int
{
int ret;
return (0);
return (-1);
&zc)) == 0) {
/*
* Ignore private dataset names.
*/
continue;
/*
* Silently ignore errors, as the only plausible explanation is
* that the pool has since been removed.
*/
continue;
}
return (ret);
}
}
}
/*
* Iterate over all snapshots
*/
int
{
int ret;
return (0);
return (-1);
&zc)) == 0) {
continue;
}
return (ret);
}
}
}
/*
* Iterate over all children, snapshots and filesystems
*/
int
{
int ret;
return (ret);
}
/*
* Given a complete name, return just the portion that refers to the parent.
* Can return NULL if this is a pool.
*/
static int
{
char *loc;
return (-1);
return (0);
}
/*
* If accept_ancestor is false, then check to make sure that the given path has
* a parent, and that it exists. If accept_ancestor is true, then find the
* closest existing ancestor for the given path. In prefixlen return the
* length of already existing prefix of the given path. We also fetch the
* 'zoned' property, which is used to validate property settings when creating
* new datasets.
*/
static int
{
char parent[ZFS_MAXNAMELEN];
char *slash;
char errbuf[1024];
/* get parent, and check to see if this is just a pool */
"missing dataset name"));
}
/* check to see if the pool exists */
}
/* check to see if the parent dataset exists */
/*
* Go deeper to find an ancestor, give up on top level.
*/
}
"parent does not exist"));
} else
}
/* we are in a non-global zone, but parent is in the global zone */
return (-1);
}
/* make sure parent is a filesystem */
"parent is not a filesystem"));
return (-1);
}
return (0);
}
/*
* Finds whether the dataset of the given type(s) exists.
*/
{
return (B_FALSE);
/*
* Try to get stats for the dataset, which will tell us if it exists.
*/
return (B_TRUE);
}
return (B_FALSE);
}
/*
* Given a path to 'target', create all the ancestors between
* the prefixlen portion of the path, and the target itself.
* Fail if the initial prefixlen-ancestor does not already exist.
*/
int
{
zfs_handle_t *h;
char *cp;
const char *opname;
/* make sure prefix exists */
if (*cp != '/') {
} else {
*cp = '\0';
*cp = '/';
}
if (h == NULL)
return (-1);
zfs_close(h);
/*
* Attempt to create, mount, and share any ancestor filesystems,
* up to the prefixlen-long one.
*/
char *logstr;
*cp = '\0';
if (h) {
/* it already exists, nothing to do here */
zfs_close(h);
continue;
}
NULL) != 0) {
goto ancestorerr;
}
if (h == NULL) {
goto ancestorerr;
}
goto ancestorerr;
}
if (zfs_share(h) != 0) {
goto ancestorerr;
}
zfs_close(h);
}
return (0);
return (-1);
}
/*
* Creates non-existing ancestors of the given path.
*/
int
{
int prefix;
char *path_copy;
int rc;
return (-1);
}
return (-1);
return (0);
}
/*
* Create a new filesystem or volume.
*/
int
{
int ret;
char errbuf[1024];
"cannot create '%s'"), path);
/* validate the path, taking care to note the extended error message */
/* validate parents exist */
return (-1);
/*
* The failure modes when creating a dataset of a different type over
* one that already exists is a little strange. In particular, if you
* try to create a dataset on top of an existing dataset, the ioctl()
* will return ENOENT, not EEXIST. To prevent this from happening, we
* first try to see if the dataset exists.
*/
"dataset already exists"));
}
if (type == ZFS_TYPE_VOLUME)
else
return (-1);
if (type == ZFS_TYPE_VOLUME) {
/*
* If we are creating a volume, the size and block size must
* satisfy a few restraints. First, the blocksize must be a
* valid block size between SPA_{MIN,MAX}BLOCKSIZE. Second, the
* volsize must be a multiple of the block size, and cannot be
* zero.
*/
"missing volume size"));
}
&blocksize)) != 0) {
} else {
"missing volume block size"));
}
}
if (size == 0) {
"volume size cannot be zero"));
}
"volume size must be a multiple of volume block "
"size"));
}
}
return (-1);
/* create the dataset */
if (ret) {
"Volume successfully created, but device links "
"were not created"));
return (-1);
}
}
/* check for failure */
if (ret != 0) {
char parent[ZFS_MAXNAMELEN];
switch (errno) {
case ENOENT:
"no such parent '%s'"), parent);
case EINVAL:
"parent '%s' is not a filesystem"), parent);
case EDOM:
"volume block size must be power of 2 from "
"%u to %uk"),
case ENOTSUP:
"pool must be upgraded to set this "
"property or value"));
#ifdef _ILP32
case EOVERFLOW:
/*
* This platform can't address a volume this big.
*/
if (type == ZFS_TYPE_VOLUME)
errbuf));
#endif
/* FALLTHROUGH */
default:
}
}
return (0);
}
/*
* Destroys the given dataset. The caller must make sure that the filesystem
* isn't mounted, and that there are no active dependents.
*/
int
{
if (ZFS_IS_VOLUME(zhp)) {
/*
* If user doesn't have permissions to unshare volume, then
* abort the request. This would only happen for a
* non-privileged user.
*/
if (zfs_unshare_iscsi(zhp) != 0) {
return (-1);
}
return (-1);
} else {
}
}
return (0);
}
struct destroydata {
char *snapname;
};
static int
{
char name[ZFS_MAXNAMELEN];
int rv;
if (szhp) {
}
/*
* NB: this is simply a best-effort. We don't want to
* return an error, because then we wouldn't visit all
* the volumes.
*/
}
if (closezhp)
return (rv);
}
/*
* Destroys all snapshots with the given name in zhp & descendants.
*/
int
{
int ret;
struct destroydata dd = { 0 };
}
if (ret != 0) {
char errbuf[1024];
switch (errno) {
case EEXIST:
"snapshot is cloned"));
default:
errbuf));
}
}
return (0);
}
/*
* Clones the given dataset. The target must be of the same type as the source.
*/
int
{
char parent[ZFS_MAXNAMELEN];
int ret;
char errbuf[1024];
"cannot create '%s'"), target);
/* validate the target name */
/* validate parents exist */
return (-1);
/* do the clone */
if (ZFS_IS_VOLUME(zhp)) {
} else {
}
if (props) {
return (-1);
return (-1);
}
}
if (ret != 0) {
switch (errno) {
case ENOENT:
/*
* The parent doesn't exist. We should have caught this
* above, but there may a race condition that has since
* destroyed the parent.
*
* At this point, we don't know whether it's the source
* that doesn't exist anymore, or whether the target
* dataset doesn't exist.
*/
"no such parent '%s'"), parent);
case EXDEV:
"source and target pools differ"));
errbuf));
default:
errbuf));
}
} else if (ZFS_IS_VOLUME(zhp)) {
}
return (ret);
}
typedef struct promote_data {
char cb_mountpoint[MAXPATHLEN];
const char *cb_target;
const char *cb_errbuf;
static int
{
char snapname[MAXPATHLEN];
int rv = 0;
/* We don't care about snapshots after the pivot point */
return (0);
}
/* Remove the device link if it's a zvol. */
if (ZFS_IS_VOLUME(zhp))
/* Check for conflicting names */
"snapshot name '%s' from origin \n"
"conflicts with '%s' from target"),
}
return (rv);
}
static int
{
/* We don't care about snapshots after the pivot point */
/* Create the device link if it's a zvol. */
if (ZFS_IS_VOLUME(zhp))
}
return (0);
}
/*
* Promotes the given clone fs to be the clone parent.
*/
int
{
char parent[MAXPATHLEN];
char *cp;
int ret;
char errbuf[1024];
"snapshots can not be promoted"));
}
if (parent[0] == '\0') {
"not a cloned filesystem"));
}
*cp = '\0';
/* Walk the snapshots we will be moving */
return (-1);
return (-1);
if (ret != 0) {
return (-1);
}
/* issue the ioctl */
if (ret != 0) {
int save_errno = errno;
switch (save_errno) {
case EEXIST:
/*
* There is a conflicting snapshot name. We
* should have caught this above, but they could
* have renamed something in the mean time.
*/
"conflicting snapshot name from parent '%s'"),
parent);
default:
}
} else {
}
return (ret);
}
struct createdata {
const char *cd_snapname;
int cd_ifexists;
};
static int
{
int ret;
char name[MAXPATHLEN];
cd->cd_ifexists);
/*
* NB: this is simply a best-effort. We don't want to
* return an error, because then we wouldn't visit all
* the volumes.
*/
}
return (ret);
}
/*
* Takes a snapshot of the given dataset.
*/
int
{
const char *delim;
char parent[ZFS_MAXNAMELEN];
int ret;
char errbuf[1024];
"cannot snapshot '%s'"), path);
/* validate the target name */
if (props) {
return (-1);
return (-1);
}
}
/* make sure the parent exists and is of the appropriate type */
ZFS_TYPE_VOLUME)) == NULL) {
return (-1);
}
if (ZFS_IS_VOLUME(zhp))
else
/*
* if it was recursive, the one that actually failed will be in
* zc.zc_name.
*/
if (ret != 0)
struct createdata cd;
}
if (ret != 0) {
"Volume successfully snapshotted, but device links "
"were not created"));
return (-1);
}
}
if (ret != 0)
return (ret);
}
/*
* Destroy any more recent snapshots. We invoke this callback on any dependents
* of the snapshot first. If the 'cb_dependent' member is non-zero, then this
* is a dependent and we should just destroy it without checking the transaction
* group.
*/
typedef struct rollback_data {
const char *cb_target; /* the snapshot */
static int
{
if (!cbp->cb_dependent) {
char *logstr;
}
} else {
/* We must destroy this clone; first unmount it */
return (0);
}
if (zfs_destroy(zhp) != 0)
else
(void) changelist_postfix(clp);
}
return (0);
}
/*
* Given a dataset, rollback to a specific snapshot, discarding any
* data changes since then and making it the active dataset.
*
* Any snapshots more recent than the target are destroyed, along with
* their dependents.
*/
int
{
rollback_data_t cb = { 0 };
int err;
boolean_t restore_resv = 0;
/*
* Destroy all recent snapshots and its dependends.
*/
return (-1);
/*
* Now that we have verified that the snapshot is the latest,
* rollback to the given snapshot.
*/
return (-1);
return (-1);
}
if (ZFS_IS_VOLUME(zhp))
else
/*
* We rely on zfs_iter_children() to verify that there are no
* newer snapshots for the given dataset. Therefore, we can
* simply pass the name on to the ioctl() call. There is still
* an unlikely race condition where the user has taken a
* snapshot since we verified that this was the most recent.
*
*/
return (err);
}
/*
* For volumes, if the pre-rollback volsize matched the pre-
* rollback reservation and the volsize has changed then set
* the reservation property to the post-rollback volsize.
* Make a new handle since the rollback closed the dataset.
*/
return (err);
}
if (restore_resv) {
if (old_volsize != new_volsize)
}
}
return (err);
}
/*
* Iterate over all dependents for a given dataset. This includes both
* hierarchical dependents (children) and data dependents (snapshots and
* clones). The bulk of the processing occurs in get_dependents() in
*/
int
{
char **dependents;
int i;
int ret = 0;
&dependents, &count) != 0)
return (-1);
for (i = 0; i < count; i++) {
dependents[i])) == NULL)
continue;
break;
}
for (i = 0; i < count; i++)
free(dependents[i]);
return (ret);
}
/*
* Renames the given dataset.
*/
int
{
int ret;
char *delim;
char *parentname = NULL;
char parent[ZFS_MAXNAMELEN];
char errbuf[1024];
/* if we have the same exact name, just return success */
return (0);
"cannot rename to '%s'"), target);
/*
* Make sure the target name is valid
*/
*target == '@') {
/*
* Snapshot target name is abbreviated,
* reconstruct full dataset name
*/
sizeof (parent));
*(++delim) = '\0';
else
*delim = '\0';
} else {
/*
* Make sure we're renaming within the same dataset.
*/
"snapshots must be part of same "
"dataset"));
errbuf));
}
}
} else {
if (recursive) {
"recursive rename must be a snapshot"));
}
/* validate parents */
return (-1);
/* make sure we're in the same pool */
"datasets must be within same pool"));
}
/* new name cannot be a child of the current dataset name */
"New dataset name cannot be a descendent of "
"current dataset name"));
}
}
if (getzoneid() == GLOBAL_ZONEID &&
"dataset is used in a non-global zone"));
}
if (recursive) {
struct destroydata dd;
if (parentname == NULL) {
ret = -1;
goto error;
}
*delim = '\0';
ret = -1;
goto error;
}
/* We remove any zvol links prior to renaming them */
if (ret) {
goto error;
}
} else {
return (-1);
if (changelist_haszonedchild(cl)) {
"child dataset with inherited mountpoint is used "
"in a non-global zone"));
goto error;
}
goto error;
}
if (ZFS_IS_VOLUME(zhp))
else
/*
* if it was recursive, the one that actually failed will
* be in zc.zc_name
*/
"a child dataset already has a snapshot "
"with the new name"));
} else {
}
/*
* On failure, we still want to remount any filesystems that
* were previously mounted, so we don't alter the system state.
*/
if (recursive) {
struct createdata cd;
/* only create links for datasets that had existed */
&cd);
} else {
(void) changelist_postfix(cl);
}
} else {
if (recursive) {
struct createdata cd;
/* only create links for datasets that had existed */
&cd);
} else {
}
}
if (parentname) {
}
if (zhrp) {
}
if (cl) {
}
return (ret);
}
/*
* Given a zvol dataset, issue the ioctl to create the appropriate minor node,
* poke devfsadm to create the /dev link, and then wait for the link to appear.
*/
int
{
}
static int
{
int privileged;
/*
* Issue the appropriate ioctl.
*/
switch (errno) {
case EEXIST:
/*
* Silently ignore the case where the link already
* exists. This allows 'zfs volinit' to be run multiple
* times without errors.
*/
return (0);
case ENOENT:
/*
* Dataset does not exist in the kernel. If we
* don't care (see zfs_rename), then ignore the
* error quietly.
*/
if (ifexists) {
return (0);
}
/* FALLTHROUGH */
default:
"for '%s'"), dataset));
}
}
/*
* If privileged call devfsadm and wait for the links to
* magically appear.
* Otherwise, print out an informational message.
*/
if (privileged) {
DI_MAKE_LINK)) == NULL) {
"for '%s'"), dataset);
return (-1);
} else {
(void) di_devlink_fini(&dhdl);
}
} else {
char pathname[MAXPATHLEN];
int i;
#define MAX_WAIT 10
/*
* This is the poor mans way of waiting for the link
* to show up. If after 10 seconds we still don't
* have it, then print out a message.
*/
dataset);
for (i = 0; i != MAX_WAIT; i++) {
break;
(void) sleep(1);
}
if (i == MAX_WAIT)
"available\n"), pathname);
}
return (0);
}
/*
* Remove a minor node for the given zvol and the associated /dev links.
*/
int
{
switch (errno) {
case ENXIO:
/*
* Silently ignore the case where the link no longer
* exists, so that 'zfs volfini' can be run multiple
* times without errors.
*/
return (0);
default:
"links for '%s'"), dataset));
}
}
return (0);
}
nvlist_t *
{
return (zhp->zfs_user_props);
}
/*
* This function is used by 'zfs list' to determine the exact set of columns to
* display, and their maximum widths. This does two main things:
*
* - If this is a list of all properties, then expand the list to include
* all native properties, and set a flag so that for each dataset we look
* for new unique user properties and add them to the list.
*
* - For non fixed-width properties, keep track of the maximum width seen
* so that we can size the column appropriately.
*/
int
{
char *strval;
char buf[ZFS_MAXPROPLEN];
return (-1);
/*
* Go through and add any user properties as necessary. We
* start by incrementing our list pointer to the first
* non-native property.
*/
break;
}
/*
* See if we've already found this property in our list.
*/
nvpair_name(elem)) == 0)
break;
}
sizeof (zprop_list_t))) == NULL ||
return (-1);
}
}
}
}
/*
* Now go through and check the width of any non-fixed columns
*/
continue;
}
} else if (nvlist_lookup_nvlist(userprops,
ZPROP_VALUE, &strval) == 0);
}
}
return (0);
}
int
{
int group_cnt;
int error;
return (1);
return (1);
}
return (1);
}
return (1);
}
return (-1);
return (error);
}
int
{
int error;
return (error);
}
void
{
/*
* Keep a reference to the props-table against which we prune the
* properties.
*/
while (curr) {
}
}