/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* or http://www.opensolaris.org/os/licensing.
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
* Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
*/
#include <libsysevent.h>
#include <pthread.h>
#include <stdlib.h>
#include <errno.h>
#include <fnmatch.h>
#include <strings.h>
#include <unistd.h>
#include <assert.h>
#include <libgen.h>
#include <libintl.h>
#include <alloca.h>
#include <ctype.h>
#include <sys/acl.h>
#include <sys/stat.h>
#include <sys/brand.h>
#include <sys/mntio.h>
#include <sys/mnttab.h>
#include <sys/nvpair.h>
#include <sys/types.h>
#include <sys/sockio.h>
#include <sys/systeminfo.h>
#include <ftw.h>
#include <pool.h>
#include <libscf.h>
#include <libproc.h>
#include <sys/priocntl.h>
#include <wait.h>
#include <bsm/adt.h>
#include <auth_attr.h>
#include <auth_list.h>
#include <secdb.h>
#include <user_attr.h>
#include <prof_attr.h>
#include <libzfs.h>
#include <arpa/inet.h>
#include <netdb.h>
#include <libxml/xmlmemory.h>
#include <libxml/parser.h>
#include <libdevinfo.h>
#include <uuid/uuid.h>
#include <dirent.h>
#include <libbrand.h>
#include <libzonecfg.h>
#include "zonecfg_impl.h"
#define _PATH_TMPFILE "/zonecfg.XXXXXX"
#define ZONE_CB_RETRY_COUNT 10
#define ZONE_EVENT_PING_SUBCLASS "ping"
#define ZONE_EVENT_PING_PUBLISHER "solaris"
#define ZONE_SYS_DEFAULT_TMPL SYS_ZONE_PREFIX "default"
#define ZONE_OLD_SYS_DEFAULT_TMPL "SUNWdefault"
/*
* Hard-code the DTD element/attribute/entity names just once, here.
*
* If you change something, also change dtd_to_pt(), dtd_to_rt(), etc.
*/
#define DTD_ELEM_ATTR (const xmlChar *) "attr"
#define DTD_ELEM_COMMENT (const xmlChar *) "comment"
#define DTD_ELEM_DEVICE (const xmlChar *) "device"
#define DTD_ELEM_FS (const xmlChar *) "filesystem"
#define DTD_ELEM_FSOPTION (const xmlChar *) "fsoption"
#define DTD_ELEM_NET (const xmlChar *) "network"
#define DTD_ELEM_ANET (const xmlChar *) "automatic-network"
#define DTD_ELEM_RCTL (const xmlChar *) "rctl"
#define DTD_ELEM_RCTLVALUE (const xmlChar *) "rctl-value"
#define DTD_ELEM_ZONE (const xmlChar *) "zone"
#define DTD_ELEM_DATASET (const xmlChar *) "dataset"
#define DTD_ELEM_TMPPOOL (const xmlChar *) "tmp_pool"
#define DTD_ELEM_PSET (const xmlChar *) "pset"
#define DTD_ELEM_MCAP (const xmlChar *) "mcap"
#define DTD_ELEM_ADMIN (const xmlChar *) "admin"
#define DTD_ELEM_WRP (const xmlChar *) "writable-path"
#define DTD_ELEM_ROP (const xmlChar *) "readonly-path"
#define DTD_ELEM_ROOTZPOOL (const xmlChar *) "rootzpool"
#define DTD_ELEM_ZPOOL (const xmlChar *) "zpool"
#define DTD_ELEM_STORAGE (const xmlChar *) "storage"
#define DTD_ATTR_ACTION (const xmlChar *) "action"
#define DTD_ATTR_ADDRESS (const xmlChar *) "address"
#define DTD_ATTR_ALIAS (const xmlChar *) "alias"
#define DTD_ATTR_ALLOWED_ADDRESS \
(const xmlChar *) "allowed-address"
#define DTD_ATTR_CONFIGURE_ALLOWED_ADDRESS \
(const xmlChar *) "configure-allowed-address"
#define DTD_ATTR_AUTOBOOT (const xmlChar *) "autoboot"
#define DTD_ATTR_IPTYPE (const xmlChar *) "ip-type"
#define DTD_ATTR_DEFROUTER (const xmlChar *) "defrouter"
#define DTD_ATTR_LINKNAME (const xmlChar *) "linkname"
#define DTD_ATTR_LOWER_LINK (const xmlChar *) "lower-link"
#define DTD_ATTR_ALLOWED_DHCP_CIDS \
(const xmlChar *) "allowed-dhcp-cids"
#define DTD_ATTR_MAC_ADDRESS (const xmlChar *) "mac-address"
#define DTD_ATTR_AUTO_MAC_ADDRESS \
(const xmlChar *) "auto-mac-address"
#define DTD_ATTR_MAC_PREFIX (const xmlChar *) "mac-prefix"
#define DTD_ATTR_MAC_SLOT (const xmlChar *) "mac-slot"
#define DTD_ATTR_MAXBW (const xmlChar *) "maxbw"
#define DTD_ATTR_PRIORITY (const xmlChar *) "priority"
#define DTD_ATTR_VLAN_ID (const xmlChar *) "vlan-id"
#define DTD_ATTR_RXRINGS (const xmlChar *) "rxrings"
#define DTD_ATTR_TXRINGS (const xmlChar *) "txrings"
#define DTD_ATTR_MTU (const xmlChar *) "mtu"
#define DTD_ATTR_LINK_PROTECTION \
(const xmlChar *) "link-protection"
#define DTD_ATTR_RXFANOUT (const xmlChar *) "rxfanout"
#define DTD_ATTR_VSITYPEID (const xmlChar *) "vsi-typeid"
#define DTD_ATTR_VSIVERS (const xmlChar *) "vsi-vers"
#define DTD_ATTR_VSIMGRID (const xmlChar *) "vsi-mgrid"
#define DTD_ATTR_ETSBWLCL (const xmlChar *) "etsbw-lcl"
#define DTD_ATTR_COS (const xmlChar *) "cos"
#define DTD_ATTR_PKEY (const xmlChar *) "pkey"
#define DTD_ATTR_LINKMODE (const xmlChar *) "linkmode"
#define DTD_ATTR_DIR (const xmlChar *) "directory"
#define DTD_ATTR_LIMIT (const xmlChar *) "limit"
#define DTD_ATTR_LIMITPRIV (const xmlChar *) "limitpriv"
#define DTD_ATTR_BOOTARGS (const xmlChar *) "bootargs"
#define DTD_ATTR_SCHED (const xmlChar *) "scheduling-class"
#define DTD_ATTR_MATCH (const xmlChar *) "match"
#define DTD_ATTR_NAME (const xmlChar *) "name"
#define DTD_ATTR_PHYSICAL (const xmlChar *) "physical"
#define DTD_ATTR_POOL (const xmlChar *) "pool"
#define DTD_ATTR_PRIV (const xmlChar *) "priv"
#define DTD_ATTR_RAW (const xmlChar *) "raw"
#define DTD_ATTR_SPECIAL (const xmlChar *) "special"
#define DTD_ATTR_TYPE (const xmlChar *) "type"
#define DTD_ATTR_VALUE (const xmlChar *) "value"
#define DTD_ATTR_ZONEPATH (const xmlChar *) "zonepath"
#define DTD_ATTR_NCPU_MIN (const xmlChar *) "ncpu_min"
#define DTD_ATTR_NCPU_MAX (const xmlChar *) "ncpu_max"
#define DTD_ATTR_IMPORTANCE (const xmlChar *) "importance"
#define DTD_ATTR_PHYSCAP (const xmlChar *) "physcap"
#define DTD_ATTR_VERSION (const xmlChar *) "version"
#define DTD_ATTR_BRAND (const xmlChar *) "brand"
#define DTD_ATTR_HOSTID (const xmlChar *) "hostid"
#define DTD_ATTR_USER (const xmlChar *) "user"
#define DTD_ATTR_AUTHS (const xmlChar *) "auths"
#define DTD_ATTR_FS_ALLOWED (const xmlChar *) "fs-allowed"
#define DTD_ATTR_ALLOW_PARTITION (const xmlChar *) "allow-partition"
#define DTD_ATTR_ALLOW_RAW_IO (const xmlChar *) "allow-raw-io"
#define DTD_ATTR_MAC_PROFILE (const xmlChar *) "file-mac-profile"
#define DTD_ATTR_URI (const xmlChar *) "uri"
#define DTD_ATTR_INSTALL_SIZE (const xmlChar *) "install-size"
#define DTD_ENTITY_BOOLEAN "boolean"
#define DTD_ENTITY_DEVPATH "devpath"
#define DTD_ENTITY_DRIVER "driver"
#define DTD_ENTITY_DRVMIN "drv_min"
#define DTD_ENTITY_FALSE "false"
#define DTD_ENTITY_INT "int"
#define DTD_ENTITY_STRING "string"
#define DTD_ENTITY_TRUE "true"
#define DTD_ENTITY_UINT "uint"
#define DTD_ENTITY_BOOL_LEN 6 /* "false" */
#define ATTACH_FORCED "SUNWattached.xml"
#define TMP_POOL_NAME "SUNWtmp_%s"
#define MAX_TMP_POOL_NAME (ZONENAME_MAX + 9)
#define ZONES_SERVICE "system/zones:default"
#define RCAP_SERVICE "system/rcap:default"
#define POOLD_SERVICE "system/pools/dynamic:default"
#define ZONECFG_PG "zonecfg"
#define DEFAULT_TEMPLATE_PROPNAME "default_template"
struct dtd_name {
const char *dn_name;
const xmlChar *dn_dtd;
};
static struct dtd_name rt_dtd_names[] = {
{ "admin", DTD_ELEM_ADMIN },
{ "anet", DTD_ELEM_ANET },
{ "attr", DTD_ELEM_ATTR },
{ "capped-memory", DTD_ELEM_MCAP },
{ "dataset", DTD_ELEM_DATASET },
{ "dedicated-cpu", DTD_ELEM_PSET },
{ "device", DTD_ELEM_DEVICE },
{ "fs", DTD_ELEM_FS },
{ "net", DTD_ELEM_NET },
{ "rctl", DTD_ELEM_RCTL },
{ "readonly-path", DTD_ELEM_ROP },
{ "rootzpool", DTD_ELEM_ROOTZPOOL },
/*
* A property, but an element in the DTD, so a resource from the point
* of view of libzonecfg.
*/
{ "storage", DTD_ELEM_STORAGE },
{ "writable-path", DTD_ELEM_WRP },
{ "zpool", DTD_ELEM_ZPOOL },
{ NULL, NULL },
};
/*
* See dtd_to_pt() for the complete conversion. In particular, if you're
* re-using an existing DTD attribute, you may need a special case.
*/
static struct dtd_name pt_dtd_names[] = {
{ "action", DTD_ATTR_ACTION },
{ "address", DTD_ATTR_ADDRESS },
{ "alias", DTD_ATTR_ALIAS },
{ "allow-partition", DTD_ATTR_ALLOW_PARTITION },
{ "allow-raw-io", DTD_ATTR_ALLOW_RAW_IO },
{ "allowed-address", DTD_ATTR_ALLOWED_ADDRESS },
{ "allowed-dhcp-cids", DTD_ATTR_ALLOWED_DHCP_CIDS },
{ "auths", DTD_ATTR_AUTHS },
{ "auto-mac-address", DTD_ATTR_AUTO_MAC_ADDRESS },
{ "autoboot", DTD_ATTR_AUTOBOOT },
{ "bootargs", DTD_ATTR_BOOTARGS },
{ "brand", DTD_ATTR_BRAND },
{ "configure-allowed-address", DTD_ATTR_CONFIGURE_ALLOWED_ADDRESS },
{ "cos", DTD_ATTR_COS },
{ "defrouter", DTD_ATTR_DEFROUTER },
{ "dir", DTD_ATTR_DIR },
{ "etsbw-lcl", DTD_ATTR_ETSBWLCL },
{ "file-mac-profile", DTD_ATTR_MAC_PROFILE },
{ "fs-allowed", DTD_ATTR_FS_ALLOWED },
{ "hostid", DTD_ATTR_HOSTID },
{ "importance", DTD_ATTR_IMPORTANCE },
{ "install-size", DTD_ATTR_INSTALL_SIZE },
{ "ip-type", DTD_ATTR_IPTYPE },
{ "limit", DTD_ATTR_LIMIT },
{ "limitpriv", DTD_ATTR_LIMITPRIV },
{ "link-protection", DTD_ATTR_LINK_PROTECTION },
{ "linkmode", DTD_ATTR_LINKMODE },
{ "linkname", DTD_ATTR_LINKNAME },
{ "lower-link", DTD_ATTR_LOWER_LINK },
{ "mac-address", DTD_ATTR_MAC_ADDRESS },
{ "mac-prefix", DTD_ATTR_MAC_PREFIX },
{ "mac-slot", DTD_ATTR_MAC_SLOT },
{ "match", DTD_ATTR_MATCH },
{ "maxbw", DTD_ATTR_MAXBW },
{ "mtu", DTD_ATTR_MTU },
{ "pkey", DTD_ATTR_PKEY },
{ "pool", DTD_ATTR_POOL },
{ "priority", DTD_ATTR_PRIORITY },
{ "priv", DTD_ATTR_PRIV },
{ "raw", DTD_ATTR_RAW },
{ "rxfanout", DTD_ATTR_RXFANOUT },
{ "rxrings", DTD_ATTR_RXRINGS },
{ "scheduling-class", DTD_ATTR_SCHED },
{ "special", DTD_ATTR_SPECIAL },
{ "txrings", DTD_ATTR_TXRINGS },
{ "type", DTD_ATTR_TYPE },
{ "uri", DTD_ATTR_URI },
{ "user", DTD_ATTR_USER },
{ "value", DTD_ATTR_VALUE },
{ "vlan-id", DTD_ATTR_VLAN_ID },
{ "vsi-mgrid", DTD_ATTR_VSIMGRID },
{ "vsi-typeid", DTD_ATTR_VSITYPEID },
{ "vsi-vers", DTD_ATTR_VSIVERS },
{ "zonepath", DTD_ATTR_ZONEPATH },
{ NULL, NULL },
};
/*
* rctl alias definitions
*
* This holds the alias, the full rctl name, the default priv value, action
* and lower limit. The functions that handle rctl aliases step through
* this table, matching on the alias, and using the full values for setting
* the rctl entry as well the limit for validation.
*/
static struct alias {
char *shortname;
char *realname;
char *priv;
char *action;
uint64_t low_limit;
} aliases[] = {
{ALIAS_MAXLWPS, "zone.max-lwps", "privileged", "deny", 100},
{ALIAS_MAXSHMMEM, "zone.max-shm-memory", "privileged", "deny", 0},
{ALIAS_MAXSHMIDS, "zone.max-shm-ids", "privileged", "deny", 0},
{ALIAS_MAXMSGIDS, "zone.max-msg-ids", "privileged", "deny", 0},
{ALIAS_MAXSEMIDS, "zone.max-sem-ids", "privileged", "deny", 0},
{ALIAS_MAXLOCKEDMEM, "zone.max-locked-memory", "privileged", "deny", 0},
{ALIAS_MAXSWAP, "zone.max-swap", "privileged", "deny", 0},
{ALIAS_SHARES, "zone.cpu-shares", "privileged", "none", 0},
{ALIAS_CPUCAP, "zone.cpu-cap", "privileged", "deny", 0},
{ALIAS_MAXPROCS, "zone.max-processes", "privileged", "deny", 100},
{NULL, NULL, NULL, NULL, 0}
};
static struct zone_state_map {
/*
* The value of zone_state must match the index in the zone_states
* array. This is used as a runtime sanity check to ensure that
* zone_state_t and zone_states[] are are properly maintained.
*/
zone_state_t zone_state;
char *zone_state_str;
} zone_states[] = {
/* States must be in same order as zone_state_t enum. */
{ZONE_STATE_CONFIGURED, "configured"},
{ZONE_STATE_INCOMPLETE, "incomplete"},
{ZONE_STATE_UNAVAILABLE, "unavailable"},
{ZONE_STATE_INSTALLED, "installed"},
{ZONE_STATE_READY, "ready"},
{ZONE_STATE_RUNNING, "running"},
{ZONE_STATE_SHUTTING_DOWN, "shutting_down"},
{ZONE_STATE_DOWN, "down"},
{ZONE_STATE_MOUNTED, "mounted"},
/* This must always be last. */
{ZONE_STATE_INVALID, "unknown"}
};
/*
* Structure for applying rctls to a running zone. It allows important
* process values to be passed together easily.
*/
typedef struct pr_info_handle {
struct ps_prochandle *pr;
pid_t pid;
} pr_info_handle_t;
struct zone_dochandle {
char *zone_dh_rootdir;
xmlDocPtr zone_dh_doc;
xmlNodePtr zone_dh_cur;
xmlNodePtr zone_dh_top;
boolean_t zone_dh_newzone;
boolean_t zone_dh_snapshot;
zone_userauths_t *zone_dh_userauths;
char zone_dh_delete_name[ZONENAME_MAX];
};
struct znotify {
void * zn_private;
evchan_t *zn_eventchan;
int (*zn_callback)(const char *zonename, zoneid_t zid,
const char *newstate, const char *oldstate, hrtime_t when, void *p);
pthread_mutex_t zn_mutex;
pthread_cond_t zn_cond;
pthread_mutex_t zn_bigmutex;
volatile enum {ZN_UNLOCKED, ZN_LOCKED, ZN_PING_INFLIGHT,
ZN_PING_RECEIVED} zn_state;
char zn_subscriber_id[MAX_SUBID_LEN];
volatile boolean_t zn_failed;
int zn_failure_count;
};
char *zonecfg_root = "";
/*
* For functions which return int, which is most of the functions herein,
* the return values should be from the Z_foo set defined in <libzonecfg.h>.
* In some instances, we take pains mapping some libc errno values to Z_foo
* values from this set.
*/
/*
* Set the root (/) path for all zonecfg configuration files. This is a
* private interface used by Live Upgrade extensions to access zone
* configuration inside mounted alternate boot environments.
* This interface is also used by zoneadm mount and unmount subcommands.
*/
void
zonecfg_set_root(const char *rootpath)
{
if (*zonecfg_root != '\0')
free(zonecfg_root);
if (rootpath == NULL || rootpath[0] == '\0' || rootpath[1] == '\0' ||
(zonecfg_root = strdup(rootpath)) == NULL)
zonecfg_root = "";
}
const char *
zonecfg_get_root(void)
{
return (zonecfg_root);
}
/*
* Similar to realpath() but just collapses unnecessary path elements. Unlike
* realpath(), zonecfg_simplify_path() does not resolve and/or remove symlinks
* or in any way examine the current state of mounted file systems. It does
* not call lstat(), chdir(), etc. That is, the following transforms are
* performed, regardless of whether all or part of the path exists.
*
* /dir1/ -> /dir
* /dir1//dir2 -> /dir/dir2
* /dir1/./dir2 -> /dir/dir2
* /dir/../dir2 -> /dir2
*/
int
zonecfg_simplify_path(const char *origpath, char *newpath, size_t newpathsz)
{
char *cur, *eob;
const char *next;
/* Absolute path required and newpath must be long enough for "/\0" */
if (*origpath != '/')
return (Z_INVAL);
if (newpathsz < 2)
return (Z_TOO_BIG);
cur = newpath;
*cur = '/';
next = origpath;
eob = newpath + newpathsz;
while (*next != '\0') {
assert(*cur == '/');
assert(*next == '/' || *next == '\0');
/*
* There are two phases to each pass. The first phase advances
* the next pointer forward skipping past extra "/", "/." and
* "/.." components. The cur pointer will move backward in
* response to each /.. component, but will never take on a
* value less than newpath. The second phase advances the cur
* pointer, copying from next with each advance.
*/
/* Phase 1 */
while (*next == '/') {
if (*(next + 1) != '.') {
next++;
continue;
}
/* /./ or /. */
if (*(next + 2) == '/' || *(next + 2) == '\0') {
next += 2;
continue;
}
/* /../ or /.. */
if (*(next + 2) == '.' &&
(*(next + 3) == '/' || *(next + 3) == '\0')) {
next += 3;
if (cur == newpath)
continue;
do {
cur--;
} while (cur >= newpath && *cur != '/');
continue;
}
/* This is /.something - copy it */
next++;
break;
}
/* Phase 2 */
/* next has just moved past a slash. cur must do the same. */
cur++;
/*
* Copy until the end of newpath, the next slash, or the end
* of origpath.
*/
while (cur < eob && *next != '/' && *next != '\0') {
*cur = *next;
cur++;
next++;
}
/* Copy the next '/' or '\0'. */
*cur = *next;
if (cur == eob) {
if (*cur != '\0')
return (Z_TOO_BIG);
break;
}
}
/*
* cur references the last character copied, which is always '\0'. The
* previous character copied may be / in the case of origpath like
* "/a/b/c/../..".
*
* NB: The cur++ at the beginning of phase 2 ensures cur > newpath.
*/
cur--;
if (cur > newpath && *cur == '/')
*cur = '\0';
return (Z_OK);
}
boolean_t
zonecfg_in_alt_root(void)
{
return (*zonecfg_root != '\0');
}
/*
* Callers of the _file_path() functions are expected to have the second
* parameter be a (char foo[MAXPATHLEN]).
*/
static boolean_t
config_file_path(const char *zonename, char *answer)
{
return (snprintf(answer, MAXPATHLEN, "%s%s/%s.xml", zonecfg_root,
ZONE_CONFIG_ROOT, zonename) < MAXPATHLEN);
}
static boolean_t
snap_file_path(const char *zonename, char *answer)
{
return (snprintf(answer, MAXPATHLEN, "%s%s/%s.snapshot.xml",
zonecfg_root, ZONE_SNAPSHOT_ROOT, zonename) < MAXPATHLEN);
}
/*ARGSUSED*/
static void
zonecfg_error_func(void *ctx, const char *msg, ...)
{
/*
* This function does nothing by design. Its purpose is to prevent
* libxml from dumping unwanted messages to stdout/stderr.
*/
}
zone_dochandle_t
zonecfg_init_handle(void)
{
zone_dochandle_t handle = calloc(1, sizeof (struct zone_dochandle));
if (handle == NULL) {
errno = Z_NOMEM;
return (NULL);
}
/* generic libxml initialization */
(void) xmlLineNumbersDefault(1);
xmlLoadExtDtdDefaultValue |= XML_DETECT_IDS;
xmlDoValidityCheckingDefaultValue = 1;
(void) xmlKeepBlanksDefault(0);
xmlGetWarningsDefaultValue = 0;
xmlSetGenericErrorFunc(NULL, zonecfg_error_func);
return (handle);
}
int
zonecfg_check_handle(zone_dochandle_t handle)
{
if (handle == NULL || handle->zone_dh_doc == NULL)
return (Z_BAD_HANDLE);
return (Z_OK);
}
void
zonecfg_fini_handle(zone_dochandle_t handle)
{
if (zonecfg_check_handle(handle) == Z_OK)
xmlFreeDoc(handle->zone_dh_doc);
if (handle != NULL)
free(handle);
}
static int
zonecfg_destroy_impl(char *filename)
{
if (unlink(filename) == -1) {
if (errno == EACCES)
return (Z_ACCES);
if (errno == ENOENT)
return (Z_NO_ZONE);
return (Z_MISC_FS);
}
return (Z_OK);
}
int
zonecfg_destroy(const char *zonename, boolean_t force)
{
char path[MAXPATHLEN];
struct zoneent ze;
int err, state_err;
zone_state_t state;
if (!config_file_path(zonename, path))
return (Z_MISC_FS);
state_err = zone_get_state((char *)zonename, &state);
err = access(path, W_OK);
/*
* If there is no file, and no index entry, reliably indicate that no
* such zone exists.
*/
if ((state_err == Z_NO_ZONE) && (err == -1) && (errno == ENOENT))
return (Z_NO_ZONE);
/*
* Handle any other filesystem related errors (except if the XML
* file is missing, which we treat silently), unless we're forcing,
* in which case we plow on.
*/
if (err == -1 && errno != ENOENT) {
if (errno == EACCES)
return (Z_ACCES);
else if (!force)
return (Z_MISC_FS);
}
if (state > ZONE_STATE_INSTALLED)
return (Z_BAD_ZONE_STATE);
if (!force && state > ZONE_STATE_CONFIGURED)
return (Z_BAD_ZONE_STATE);
/*
* Index deletion succeeds even if the entry doesn't exist. So this
* will fail only if we've had some more severe problem.
*/
bzero(&ze, sizeof (ze));
(void) strlcpy(ze.zone_name, zonename, sizeof (ze.zone_name));
if ((err = putzoneent(&ze, PZE_REMOVE)) != Z_OK)
if (!force)
return (err);
err = zonecfg_destroy_impl(path);
/*
* Treat failure to find the XML file silently, since, well, it's
* gone, and with the index file cleaned up, we're done.
*/
if (err == Z_OK || err == Z_NO_ZONE)
return (Z_OK);
return (err);
}
int
zonecfg_destroy_snapshot(const char *zonename)
{
char path[MAXPATHLEN];
if (!snap_file_path(zonename, path))
return (Z_MISC_FS);
return (zonecfg_destroy_impl(path));
}
/*
* This (and dtd_to_rt()) should include all resources that can contain
* properties (so not the fake ones in zonecfg like "fs-allowed"), and aren't
* synthetic (like the rctl ones).
*/
static const xmlChar *
rt_to_dtd(const char *nm)
{
struct dtd_name *dn;
for (dn = rt_dtd_names; dn->dn_name != NULL; dn++) {
if (strcmp(nm, dn->dn_name) == 0)
return (dn->dn_dtd);
}
return (NULL);
}
static const char *
dtd_to_rt(const xmlChar *dtd)
{
struct dtd_name *dn;
for (dn = rt_dtd_names; dn->dn_name != NULL; dn++) {
if (xmlStrcmp(dtd, dn->dn_dtd) == 0)
return (dn->dn_name);
}
return (NULL);
}
/*
* For the most part property types as understood by zonecfg are identical to
* their DTD_ATTRs however they sometimes do differ, for example the attribute:
* DTD_ATTR_DIR ("directory") and the property: PT_DIR ("dir").
*
* In some cases the same DTD_ATTR maps to different property types depending
* on the resource context, so must be handled outside of the table.
*
* DTD_ATTR_NCPU_MIN and DTD_ATTR_NCPU_MAX are also problematic, as they are
* stored in xml as two attributes but presented to the user as a single
* configuration property. The caller should be aware that looking up either of
* these attributes will return "ncpus".
*/
static const char *
dtd_to_pt(const xmlChar *rt, const xmlChar *dtd)
{
struct dtd_name *dn;
for (dn = pt_dtd_names; dn->dn_name != NULL; dn++) {
if (xmlStrcmp(dtd, dn->dn_dtd) == 0)
return (dn->dn_name);
}
if (xmlStrcmp(dtd, DTD_ATTR_NAME) == 0) {
if (xmlStrcmp(rt, DTD_ELEM_ZONE) == 0)
return ("zonename");
else
return ("name");
} else if (xmlStrcmp(dtd, DTD_ATTR_NCPU_MIN) == 0) {
return ("ncpus");
} else if (xmlStrcmp(dtd, DTD_ATTR_NCPU_MAX) == 0) {
return ("ncpus");
} else if (xmlStrcmp(dtd, DTD_ATTR_PHYSICAL) == 0 ||
xmlStrcmp(dtd, DTD_ATTR_PHYSCAP) == 0) {
/*
* The same resource string is used for both DTD_ATTR_PHYSCAP
* and DTD_ATTR_PHYSICAL.
*/
return ("physical");
}
return (NULL);
}
static int
getroot(zone_dochandle_t handle, xmlNodePtr *root)
{
if (zonecfg_check_handle(handle) == Z_BAD_HANDLE)
return (Z_BAD_HANDLE);
*root = xmlDocGetRootElement(handle->zone_dh_doc);
if (*root == NULL)
return (Z_EMPTY_DOCUMENT);
if (xmlStrcmp((*root)->name, DTD_ELEM_ZONE))
return (Z_WRONG_DOC_TYPE);
return (Z_OK);
}
static int
operation_prep(zone_dochandle_t handle)
{
xmlNodePtr root;
int err;
if ((err = getroot(handle, &root)) != 0)
return (err);
handle->zone_dh_cur = root;
handle->zone_dh_top = root;
return (Z_OK);
}
/*
* If the specific brand isn't installed, use the default brand. We need this
* to deal with zones with uninstalled brands, in particular we must allow
* delete. As zonecfg won't commit a zone config with a non-valid brand, this
* isn't as bad as it sounds.
*/
static int
get_brand_handle(zone_dochandle_t handle, brand_handle_t *bh)
{
char brand[MAXNAMELEN];
if (zonecfg_get_brand(handle, brand, sizeof (brand)) != 0)
return (Z_BRAND_ERROR);
if ((*bh = brand_open(brand)) != NULL)
return (Z_OK);
if (zonecfg_default_brand(brand, sizeof (brand)) != 0)
return (Z_BRAND_ERROR);
if ((*bh = brand_open(brand)) != NULL)
return (Z_OK);
return (Z_BRAND_ERROR);
}
static int
can_set_prop(zone_dochandle_t handle, const char *res,
const char *propname, const char *propval)
{
brand_handle_t bh;
if (get_brand_handle(handle, &bh) != Z_OK)
return (Z_BRAND_ERROR);
/* Fixed property */
if (brand_fixed_prop(bh, res, propname)) {
brand_close(bh);
return (Z_BRAND_FIXED_CFG);
}
/* Check to see if the property has been disabled */
if (brand_disabled_prop(bh, res, propname)) {
brand_close(bh);
return (Z_BRAND_DISABLED_CFG);
}
if (propval != NULL) {
/* Check to see if the property value has been disabled */
if (brand_disabled_prop_val(bh, res, propname, propval)) {
brand_close(bh);
return (Z_BRAND_DISABLED_VAL);
}
}
brand_close(bh);
return (Z_OK);
}
static int
fetchfixedprop(zone_dochandle_t handle, const char *res,
const xmlChar *prop, char **propval)
{
brand_handle_t bh;
if (get_brand_handle(handle, &bh) != Z_OK)
return (Z_BRAND_ERROR);
if (brand_get_fixed_prop(bh, res, (char *)prop, propval) != 0) {
brand_close(bh);
return (Z_BRAND_ERROR);
}
brand_close(bh);
return (Z_OK);
}
static int
fetch_xml_prop(xmlNodePtr cur, const xmlChar *propname, char **dst)
{
xmlChar *property;
if ((property = xmlGetProp(cur, propname)) == NULL)
return (Z_BAD_PROPERTY);
if ((*dst = strdup((char *)property)) == NULL) {
xmlFree(property);
return (Z_NOMEM);
}
xmlFree(property);
return (Z_OK);
}
static int
fetch_alloc_prop(zone_dochandle_t handle, xmlNodePtr cur, const xmlChar *prop,
char **dst)
{
int err;
char *val = NULL;
const char *res = dtd_to_rt(cur->name);
boolean_t empty_val = B_FALSE;
err = fetch_xml_prop(cur, prop, &val);
if (err != Z_OK && err != Z_BAD_PROPERTY)
return (err);
empty_val = (val != NULL && strlen(val) == 0);
/* See if the brand overrides this property or property value */
/* "brand" is a special case - it can't be branded */
if (!(res == NULL && xmlStrcmp(prop, DTD_ATTR_BRAND) == 0) &&
(err = can_set_prop(handle, res, (char *)prop, val)) != Z_OK) {
free(val);
switch (err) {
case Z_BRAND_DISABLED_VAL:
return (Z_BAD_PROPERTY);
case Z_BRAND_DISABLED_CFG:
/*
* The case where an empty string is returned and the
* configuration is disabled, return the empty string
* rather than Z_BAD_PROPERTY as some callers of
* libzonecfg expect this.
*/
if (empty_val)
return (fetch_xml_prop(cur, prop, dst));
return (Z_BAD_PROPERTY);
case Z_BRAND_FIXED_CFG:
return (fetchfixedprop(handle, res, prop, dst));
};
return (err);
}
free(val);
return (fetch_xml_prop(cur, prop, dst));
}
static int
fetchprop(zone_dochandle_t handle, xmlNodePtr cur, const xmlChar *propname,
char *dst, size_t dstsize)
{
char *tmp = NULL;
size_t srcsize = 0;
int err;
if ((err = fetch_alloc_prop(handle, cur, propname, &tmp)) != Z_OK)
return (err);
if (tmp != NULL) {
srcsize = strlcpy(dst, tmp, dstsize);
free(tmp);
}
if (srcsize >= dstsize)
return (Z_TOO_BIG);
return (Z_OK);
}
static int
getrootattr(zone_dochandle_t handle, const xmlChar *propname,
char *propval, size_t propsize)
{
xmlNodePtr root;
int err;
if ((err = getroot(handle, &root)) != 0)
return (err);
return (fetchprop(handle, root, propname, propval, propsize));
}
static int
get_alloc_rootattr(zone_dochandle_t handle, const xmlChar *propname,
char **propval)
{
xmlNodePtr root;
int err;
if ((err = getroot(handle, &root)) != 0)
return (err);
return (fetch_alloc_prop(handle, root, propname, propval));
}
static int
can_add_res(zone_dochandle_t handle, const char *res)
{
brand_handle_t bh;
if (get_brand_handle(handle, &bh) != Z_OK)
return (Z_BRAND_ERROR);
if (brand_disabled_res(bh, res)) {
brand_close(bh);
return (Z_BRAND_DISABLED_CFG);
}
brand_close(bh);
return (Z_OK);
}
static int
setprop(zone_dochandle_t handle, xmlNodePtr cur, const xmlChar *propname,
const char *propval)
{
int err;
/*
* Check to see if the proposed property and value can be set.
* The brand may have disabled the property or value or may have
* fixed this property.
*/
if ((err = can_set_prop(handle, dtd_to_rt(cur->name),
(char *)propname, propval)) != Z_OK)
return (err);
/*
* If we get a null propval remove the property (ignore return since it
* may not be set to begin with).
*/
if (propval == NULL) {
(void) xmlUnsetProp(cur, propname);
return (Z_OK);
}
if (xmlSetProp(cur, propname, (const xmlChar *) propval) == NULL)
return (Z_INVAL);
return (Z_OK);
}
static int
setrootattr(zone_dochandle_t handle, const xmlChar *propname,
const char *propval)
{
int err;
xmlNodePtr root;
if ((err = getroot(handle, &root)) != Z_OK)
return (err);
return (setprop(handle, root, propname, propval));
}
static void
addcomment(zone_dochandle_t handle, const char *comment)
{
xmlNodePtr node;
node = xmlNewComment((xmlChar *) comment);
if (node != NULL)
(void) xmlAddPrevSibling(handle->zone_dh_top, node);
}
static void
stripcomments(zone_dochandle_t handle)
{
xmlDocPtr top;
xmlNodePtr child, next;
top = handle->zone_dh_doc;
for (child = top->xmlChildrenNode; child != NULL; child = next) {
next = child->next;
if (child->name == NULL)
continue;
if (xmlStrcmp(child->name, DTD_ELEM_COMMENT) == 0) {
next = child->next;
xmlUnlinkNode(child);
xmlFreeNode(child);
}
}
}
#define IPKG_BRAND_NAME "ipkg"
static int
zonecfg_get_handle_impl(const char *zonename, const char *filename,
zone_dochandle_t handle)
{
xmlValidCtxtPtr cvp;
struct stat statbuf;
int valid;
char brand[MAXNAMELEN];
if (zonename == NULL)
return (Z_NO_ZONE);
if ((handle->zone_dh_doc = xmlParseFile(filename)) == NULL) {
/* distinguish file not found vs. found but not parsed */
if (stat(filename, &statbuf) == 0)
return (Z_INVALID_DOCUMENT);
return (Z_NO_ZONE);
}
if ((cvp = xmlNewValidCtxt()) == NULL)
return (Z_NOMEM);
cvp->error = zonecfg_error_func;
cvp->warning = zonecfg_error_func;
valid = xmlValidateDocument(cvp, handle->zone_dh_doc);
xmlFreeValidCtxt(cvp);
if (valid == 0)
return (Z_INVALID_DOCUMENT);
/* delete any comments such as inherited Sun copyright / ident str */
stripcomments(handle);
/* Update any legacy ipkg branded zones to solaris */
if (zonecfg_get_brand(handle, brand, sizeof (brand)) == Z_OK &&
strcmp(brand, IPKG_BRAND_NAME) == 0) {
/*
* Treat legacy "ipkg" branded zones as "solaris".
* Attempt to modify the backing file, although this
* may fail due to a read-only file when using ROZR.
*
* Dryrun attach uses a temporary copy of zone xml
* file, so this operation will not re-write the
* real target of a dry run attach.
*/
(void) strlcpy(brand, SOLARIS_BRAND_NAME, sizeof (brand));
(void) zonecfg_set_brand(handle, brand);
/* Don't write to alternate roots */
if (!zonecfg_in_alt_root())
(void) zonecfg_save(handle);
}
return (Z_OK);
}
int
zonecfg_get_handle(const char *zonename, zone_dochandle_t handle)
{
char path[MAXPATHLEN];
if (!config_file_path(zonename, path))
return (Z_MISC_FS);
handle->zone_dh_newzone = B_FALSE;
return (zonecfg_get_handle_impl(zonename, path, handle));
}
int
zonecfg_get_attach_handle(const char *path, const char *fname,
const char *zonename, zone_dochandle_t handle)
{
char migpath[MAXPATHLEN];
int err;
struct stat buf;
if (snprintf(migpath, sizeof (migpath), "%s/root", path) >=
sizeof (migpath))
return (Z_NOMEM);
if (stat(migpath, &buf) == -1 || !S_ISDIR(buf.st_mode))
return (Z_NO_ZONE);
if (snprintf(migpath, sizeof (migpath), "%s/%s", path, fname) >=
sizeof (migpath))
return (Z_NOMEM);
if ((err = zonecfg_get_handle_impl(zonename, migpath, handle)) != Z_OK)
return (err);
handle->zone_dh_newzone = B_TRUE;
if ((err = setrootattr(handle, DTD_ATTR_ZONEPATH, path)) != Z_OK)
return (err);
return (setrootattr(handle, DTD_ATTR_NAME, zonename));
}
int
zonecfg_get_snapshot_handle(const char *zonename, zone_dochandle_t handle)
{
char path[MAXPATHLEN];
if (!snap_file_path(zonename, path))
return (Z_MISC_FS);
handle->zone_dh_newzone = B_FALSE;
return (zonecfg_get_handle_impl(zonename, path, handle));
}
int
zonecfg_get_template_handle(const char *template, const char *zonename,
zone_dochandle_t handle)
{
char path[MAXPATHLEN];
int err;
if (!config_file_path(template, path))
return (Z_MISC_FS);
if ((err = zonecfg_get_handle_impl(template, path, handle)) != Z_OK)
return (err);
handle->zone_dh_newzone = B_TRUE;
return (setrootattr(handle, DTD_ATTR_NAME, zonename));
}
int
zonecfg_get_xml_handle(const char *path, zone_dochandle_t handle)
{
struct stat buf;
int err;
if (stat(path, &buf) == -1)
return (Z_MISC_FS);
if ((err = zonecfg_get_handle_impl("xml", path, handle)) != Z_OK)
return (err);
handle->zone_dh_newzone = B_TRUE;
return (Z_OK);
}
static boolean_t
is_renaming(zone_dochandle_t handle)
{
if (handle->zone_dh_newzone)
return (B_FALSE);
if (strlen(handle->zone_dh_delete_name) > 0)
return (B_TRUE);
return (B_FALSE);
}
static boolean_t
is_new(zone_dochandle_t handle)
{
return (handle->zone_dh_newzone || handle->zone_dh_snapshot);
}
static boolean_t
is_snapshot(zone_dochandle_t handle)
{
return (handle->zone_dh_snapshot);
}
/*
* It would be great to be able to use libc's ctype(3c) macros, but we
* can't, as they are locale sensitive, and it would break our limited thread
* safety if this routine had to change the app locale on the fly.
*/
int
zonecfg_validate_zonename(const char *zone)
{
int i;
if (strcmp(zone, GLOBAL_ZONENAME) == 0)
return (Z_BOGUS_ZONE_NAME);
if (strlen(zone) >= ZONENAME_MAX)
return (Z_BOGUS_ZONE_NAME);
if (!((zone[0] >= 'a' && zone[0] <= 'z') ||
(zone[0] >= 'A' && zone[0] <= 'Z') ||
(zone[0] >= '0' && zone[0] <= '9')))
return (Z_BOGUS_ZONE_NAME);
for (i = 1; zone[i] != '\0'; i++) {
if (!((zone[i] >= 'a' && zone[i] <= 'z') ||
(zone[i] >= 'A' && zone[i] <= 'Z') ||
(zone[i] >= '0' && zone[i] <= '9') ||
(zone[i] == '-') || (zone[i] == '_') || (zone[i] == '.')))
return (Z_BOGUS_ZONE_NAME);
}
return (Z_OK);
}
/*
* Changing the zone name requires us to track both the old and new
* name of the zone until commit time.
*/
int
zonecfg_get_name(zone_dochandle_t handle, char *name, size_t namesize)
{
return (getrootattr(handle, DTD_ATTR_NAME, name, namesize));
}
static int
insert_admins(zone_dochandle_t handle, char *zonename)
{
int err;
struct zone_admintab admintab;
if ((err = zonecfg_setadminent(handle)) != Z_OK) {
return (err);
}
while (zonecfg_getadminent(handle, &admintab) == Z_OK) {
err = zonecfg_insert_userauths(handle,
admintab.zone_admin_user, zonename);
if (err != Z_OK) {
(void) zonecfg_endadminent(handle);
return (err);
}
}
(void) zonecfg_endadminent(handle);
return (Z_OK);
}
int
zonecfg_set_name(zone_dochandle_t handle, char *name)
{
zone_state_t state;
char curname[ZONENAME_MAX], old_delname[ZONENAME_MAX];
int err;
if ((err = getrootattr(handle, DTD_ATTR_NAME, curname,
sizeof (curname))) != Z_OK)
return (err);
if (strcmp(name, curname) == 0)
return (Z_OK);
/*
* Switching zone names to one beginning with the system-reserved
* prefix is not permitted.
*/
if (strncmp(name, SYS_ZONE_PREFIX, strlen(SYS_ZONE_PREFIX)) == 0)
return (Z_BOGUS_ZONE_NAME);
if ((err = zonecfg_validate_zonename(name)) != Z_OK)
return (err);
/*
* Setting the name back to the original name (effectively a revert of
* the name) is fine. But if we carry on, we'll falsely identify the
* name as "in use," so special case here.
*/
if (strcmp(name, handle->zone_dh_delete_name) == 0) {
err = setrootattr(handle, DTD_ATTR_NAME, name);
handle->zone_dh_delete_name[0] = '\0';
return (err);
}
/* Check to see if new name chosen is already in use */
if (zone_get_state(name, &state) != Z_NO_ZONE)
return (Z_NAME_IN_USE);
/*
* If this isn't already "new" or in a renaming transition, then
* we're initiating a rename here; so stash the "delete name"
* (i.e. the name of the zone we'll be removing) for the rename.
*/
(void) strlcpy(old_delname, handle->zone_dh_delete_name,
sizeof (old_delname));
if (!is_new(handle) && !is_renaming(handle)) {
/*
* Name change is allowed only when the zone we're altering
* is not ready or running.
*/
err = zone_get_state(curname, &state);
if (err == Z_OK) {
if (state > ZONE_STATE_INSTALLED)
return (Z_BAD_ZONE_STATE);
} else if (err != Z_NO_ZONE) {
return (err);
}
(void) strlcpy(handle->zone_dh_delete_name, curname,
sizeof (handle->zone_dh_delete_name));
assert(is_renaming(handle));
} else if (is_renaming(handle)) {
err = zone_get_state(handle->zone_dh_delete_name, &state);
if (err == Z_OK) {
if (state > ZONE_STATE_INSTALLED)
return (Z_BAD_ZONE_STATE);
} else if (err != Z_NO_ZONE) {
return (err);
}
}
if ((err = setrootattr(handle, DTD_ATTR_NAME, name)) != Z_OK) {
/*
* Restore the deletename to whatever it was at the
* top of the routine, since we've had a failure.
*/
(void) strlcpy(handle->zone_dh_delete_name, old_delname,
sizeof (handle->zone_dh_delete_name));
return (err);
}
/*
* Record the old admins from the old zonename
* so that they can be deleted when the operation is committed.
*/
if ((err = insert_admins(handle, curname)) != Z_OK)
return (err);
else
return (Z_OK);
}
int
zonecfg_get_zonepath(zone_dochandle_t handle, char *path, size_t pathsize)
{
size_t len;
if ((len = strlcpy(path, zonecfg_root, pathsize)) >= pathsize)
return (Z_TOO_BIG);
return (getrootattr(handle, DTD_ATTR_ZONEPATH, path + len,
pathsize - len));
}
int
zonecfg_set_zonepath(zone_dochandle_t handle, char *zonepath)
{
size_t len;
char *modpath, *copy_mp, *curr_mp; /* modified path ptrs */
char last_copied;
int ret;
/*
* Collapse multiple contiguous slashes and remove trailing slash.
*/
modpath = strdup(zonepath);
if (modpath == NULL)
return (Z_NOMEM);
last_copied = '\0';
for (copy_mp = curr_mp = modpath; *curr_mp != '\0'; curr_mp++) {
if (*curr_mp != '/' || last_copied != '/') {
last_copied = *copy_mp = *curr_mp;
copy_mp++;
}
}
if (last_copied == '/')
copy_mp--;
*copy_mp = '\0';
/*
* The user deals in absolute paths in the running global zone, but the
* internal configuration files deal with boot environment relative
* paths. Strip out the alternate root when specified.
*/
len = strlen(zonecfg_root);
if (strncmp(modpath, zonecfg_root, len) != 0 || modpath[len] != '/') {
free(modpath);
return (Z_BAD_PROPERTY);
}
curr_mp = modpath + len;
ret = setrootattr(handle, DTD_ATTR_ZONEPATH, curr_mp);
free(modpath);
return (ret);
}
static int
i_zonecfg_get_brand(zone_dochandle_t handle, char *brand, size_t brandsize)
{
int ret;
ret = getrootattr(handle, DTD_ATTR_BRAND, brand, brandsize);
if (ret == Z_OK && brand[0] == '\0')
ret = Z_NO_ENTRY;
return (ret);
}
int
zonecfg_get_brand(zone_dochandle_t handle, char *brand, size_t brandsize)
{
int ret;
if ((ret = i_zonecfg_get_brand(handle, brand, brandsize)) != Z_OK)
ret = zonecfg_default_brand(brand, brandsize);
return (ret);
}
int
zonecfg_set_brand(zone_dochandle_t handle, char *brand)
{
xmlNodePtr root;
int err;
if (strcmp(brand, IPKG_BRAND_NAME) == 0) {
/*
* We presume that the "solaris" brand is always present.
*/
brand = SOLARIS_BRAND_NAME;
} else {
/* Verify that this brand actually exists */
brand_handle_t bh;
if ((bh = brand_open(brand)) == NULL)
return (Z_BRAND_ERROR);
brand_close(bh);
}
/*
* We have to route around setprop() here, otherwise we can end up in a
* loop if we're in an old BE where the default template brand is
* IPKG_BRAND_NAME.
*/
if ((err = getroot(handle, &root)) != Z_OK)
return (err);
if (xmlSetProp(root, DTD_ATTR_BRAND, (const xmlChar *)brand) == NULL)
return (Z_INVAL);
return (Z_OK);
}
int
zonecfg_get_autoboot(zone_dochandle_t handle, boolean_t *autoboot)
{
char autobootstr[DTD_ENTITY_BOOL_LEN];
int ret;
if ((ret = getrootattr(handle, DTD_ATTR_AUTOBOOT, autobootstr,
sizeof (autobootstr))) != Z_OK)
return (ret);
if (strcmp(autobootstr, DTD_ENTITY_TRUE) == 0)
*autoboot = B_TRUE;
else if (strcmp(autobootstr, DTD_ENTITY_FALSE) == 0)
*autoboot = B_FALSE;
else
ret = Z_BAD_PROPERTY;
return (ret);
}
int
zonecfg_set_autoboot(zone_dochandle_t handle, boolean_t autoboot)
{
return (setrootattr(handle, DTD_ATTR_AUTOBOOT,
autoboot ? DTD_ENTITY_TRUE : DTD_ENTITY_FALSE));
}
boolean_t
zonecfg_is_readonly(zone_dochandle_t handle)
{
char prof[MAXNAMELEN];
if (zonecfg_get_mac_profile(handle, prof, sizeof (prof)) != Z_OK ||
ZONECFG_READ_WRITE_PROFNAME(prof)) {
return (B_FALSE);
} else {
return (B_TRUE);
}
}
int
zonecfg_get_pool(zone_dochandle_t handle, char *pool, size_t poolsize)
{
return (getrootattr(handle, DTD_ATTR_POOL, pool, poolsize));
}
int
zonecfg_set_pool(zone_dochandle_t handle, char *pool)
{
return (setrootattr(handle, DTD_ATTR_POOL, pool));
}
int
zonecfg_get_limitpriv(zone_dochandle_t handle, char **limitpriv)
{
return (get_alloc_rootattr(handle, DTD_ATTR_LIMITPRIV, limitpriv));
}
int
zonecfg_set_limitpriv(zone_dochandle_t handle, char *limitpriv)
{
return (setrootattr(handle, DTD_ATTR_LIMITPRIV, limitpriv));
}
int
zonecfg_get_bootargs(zone_dochandle_t handle, char *bargs, size_t bargssize)
{
return (getrootattr(handle, DTD_ATTR_BOOTARGS, bargs, bargssize));
}
int
zonecfg_set_bootargs(zone_dochandle_t handle, char *bargs)
{
return (setrootattr(handle, DTD_ATTR_BOOTARGS, bargs));
}
int
zonecfg_get_sched_class(zone_dochandle_t handle, char *sched, size_t schedsize)
{
return (getrootattr(handle, DTD_ATTR_SCHED, sched, schedsize));
}
int
zonecfg_set_sched(zone_dochandle_t handle, char *sched)
{
return (setrootattr(handle, DTD_ATTR_SCHED, sched));
}
/*
* /etc/zones/index caches a vital piece of information which is also
* in the <zonename>.xml file: the path to the zone. This is for performance,
* since we need to walk all zonepath's in order to be able to detect conflicts
* (see crosscheck_zonepaths() in the zoneadm command).
*
* An additional complexity is that when doing a rename, we'd like the entire
* index update operation (rename, and potential state changes) to be atomic.
* In general, the operation of this function should succeed or fail as
* a unit.
*/
int
zonecfg_refresh_index_file(zone_dochandle_t handle)
{
char name[ZONENAME_MAX], zonepath[MAXPATHLEN];
struct zoneent ze;
int err;
int opcode;
char *zn;
bzero(&ze, sizeof (ze));
ze.zone_state = -1; /* Preserve existing state in index */
if ((err = zonecfg_get_name(handle, name, sizeof (name))) != Z_OK)
return (err);
(void) strlcpy(ze.zone_name, name, sizeof (ze.zone_name));
if ((err = zonecfg_get_zonepath(handle, zonepath,
sizeof (zonepath))) != Z_OK)
return (err);
(void) strlcpy(ze.zone_path, zonepath + strlen(zonecfg_root),
sizeof (ze.zone_path));
if (is_renaming(handle)) {
opcode = PZE_MODIFY;
(void) strlcpy(ze.zone_name, handle->zone_dh_delete_name,
sizeof (ze.zone_name));
(void) strlcpy(ze.zone_newname, name, sizeof (ze.zone_newname));
} else if (is_new(handle)) {
FILE *cookie;
/*
* Be tolerant of the zone already existing in the index file,
* since we might be forcibly overwriting an existing
* configuration with a new one (for example 'create -F'
* in zonecfg).
*/
opcode = PZE_ADD;
cookie = setzoneent();
while ((zn = getzoneent(cookie)) != NULL) {
if (strcmp(zn, name) == 0) {
opcode = PZE_MODIFY;
free(zn);
break;
}
free(zn);
}
endzoneent(cookie);
ze.zone_state = ZONE_STATE_CONFIGURED;
} else {
opcode = PZE_MODIFY;
}
if ((err = putzoneent(&ze, opcode)) != Z_OK)
return (err);
return (Z_OK);
}
/*
* The goal of this routine is to cause the index file update and the
* document save to happen as an atomic operation. We do the document
* first, saving a backup copy using a hard link; if that succeeds, we go
* on to the index. If that fails, we roll the document back into place.
*
* Strategy:
*
* New zone 'foo' configuration:
* Create tmpfile (zonecfg.xxxxxx)
* Write XML to tmpfile
* Rename tmpfile to xmlfile (zonecfg.xxxxxx -> foo.xml)
* Add entry to index file
* If it fails, delete foo.xml, leaving nothing behind.
*
* Save existing zone 'foo':
* Make backup of foo.xml -> .backup
* Create tmpfile (zonecfg.xxxxxx)
* Write XML to tmpfile
* Rename tmpfile to xmlfile (zonecfg.xxxxxx -> foo.xml)
* Modify index file as needed
* If it fails, recover from .backup -> foo.xml
*
* Rename 'foo' to 'bar':
* Create tmpfile (zonecfg.xxxxxx)
* Write XML to tmpfile
* Rename tmpfile to xmlfile (zonecfg.xxxxxx -> bar.xml)
* Add entry for 'bar' to index file, Remove entry for 'foo' (refresh)
* If it fails, delete bar.xml; foo.xml is left behind.
*/
static int
zonecfg_save_impl(zone_dochandle_t handle, char *filename)
{
char tmpfile[MAXPATHLEN];
char bakdir[MAXPATHLEN], bakbase[MAXPATHLEN], bakfile[MAXPATHLEN];
int tmpfd, err, valid;
xmlValidCtxt cvp = { NULL };
boolean_t backup;
(void) strlcpy(tmpfile, filename, sizeof (tmpfile));
(void) dirname(tmpfile);
(void) strlcat(tmpfile, _PATH_TMPFILE, sizeof (tmpfile));
tmpfd = mkstemp(tmpfile);
if (tmpfd == -1) {
(void) unlink(tmpfile);
return (Z_TEMP_FILE);
}
(void) close(tmpfd);
cvp.error = zonecfg_error_func;
cvp.warning = zonecfg_error_func;
/*
* We do a final validation of the document. Since the library has
* malfunctioned if it fails to validate, we follow-up with an
* assert() that the doc is valid.
*/
valid = xmlValidateDocument(&cvp, handle->zone_dh_doc);
assert(valid != 0);
if (xmlSaveFormatFile(tmpfile, handle->zone_dh_doc, 1) <= 0)
goto err;
(void) chmod(tmpfile, 0644);
/*
* In the event we are doing a standard save, hard link a copy of the
* original file in .backup.<pid>.filename so we can restore it if
* something goes wrong.
*/
if (!is_new(handle) && !is_renaming(handle)) {
backup = B_TRUE;
(void) strlcpy(bakdir, filename, sizeof (bakdir));
(void) strlcpy(bakbase, filename, sizeof (bakbase));
(void) snprintf(bakfile, sizeof (bakfile), "%s/.backup.%d.%s",
dirname(bakdir), getpid(), basename(bakbase));
if (link(filename, bakfile) == -1) {
err = errno;
(void) unlink(tmpfile);
if (errno == EACCES)
return (Z_ACCES);
return (Z_MISC_FS);
}
}
/*
* Move the new document over top of the old.
* i.e.: zonecfg.XXXXXX -> myzone.xml
*/
if (rename(tmpfile, filename) == -1) {
err = errno;
(void) unlink(tmpfile);
if (backup)
(void) unlink(bakfile);
if (err == EACCES)
return (Z_ACCES);
return (Z_MISC_FS);
}
/*
* If this is a snapshot, we're done-- don't add an index entry.
*/
if (is_snapshot(handle))
return (Z_OK);
/* now update the index file to reflect whatever we just did */
if ((err = zonecfg_refresh_index_file(handle)) != Z_OK) {
if (backup) {
/*
* Try to restore from our backup.
*/
(void) unlink(filename);
(void) rename(bakfile, filename);
} else {
/*
* Either the zone is new, in which case we can delete
* new.xml, or we're doing a rename, so ditto.
*/
assert(is_new(handle) || is_renaming(handle));
(void) unlink(filename);
}
return (Z_UPDATING_INDEX);
}
if (backup)
(void) unlink(bakfile);
return (Z_OK);
err:
(void) unlink(tmpfile);
return (Z_SAVING_FILE);
}
static int
cleanup_res(zone_dochandle_t handle, xmlNodePtr res)
{
xmlAttrPtr prop;
xmlChar *prop_val;
int err;
prop = res->properties;
while (prop != NULL) {
/* First pull out the value of the property */
if ((prop_val = xmlGetProp(res, prop->name)) == NULL)
return (Z_BAD_PROPERTY);
/* If it's not settable, it should be cleared */
err = can_set_prop(handle, dtd_to_rt(res->name),
(char *)prop->name, (char *)prop_val);
xmlFree(prop_val);
if (err != Z_OK) {
xmlAttrPtr tmpprop = prop;
prop = prop->next;
(void) xmlUnsetProp(res, tmpprop->name);
} else {
prop = prop->next;
}
}
return (Z_OK);
}
int
zonecfg_cleanup_config(zone_dochandle_t handle)
{
xmlNodePtr root, res;
int err;
if ((err = getroot(handle, &root)) != Z_OK)
return (err);
/* Start with the global properties */
if ((err = cleanup_res(handle, root)) != Z_OK)
return (err);
res = root->children;
while (res != NULL) {
/* Remove any resources which have been disabled */
if (can_add_res(handle, dtd_to_rt(res->name)) != Z_OK) {
xmlNodePtr tmpres = res;
res = res->next;
xmlUnlinkNode(tmpres);
xmlFreeNode(tmpres);
} else {
/* Remove any properties which have been disabled */
if ((err = cleanup_res(handle, res)) != Z_OK)
return (err);
res = res->next;
}
}
return (Z_OK);
}
int
zonecfg_save(zone_dochandle_t handle)
{
char zname[ZONENAME_MAX], path[MAXPATHLEN];
char delpath[MAXPATHLEN];
int err = Z_SAVING_FILE;
if (zonecfg_check_handle(handle) != Z_OK)
return (Z_BAD_HANDLE);
if (handle->zone_dh_snapshot)
return (Z_INVAL);
if ((err = zonecfg_get_name(handle, zname, sizeof (zname))) != Z_OK)
return (err);
if (!config_file_path(zname, path))
return (Z_MISC_FS);
addcomment(handle, "\n DO NOT EDIT THIS "
"FILE. Use zonecfg(1M) instead.\n");
/*
* Update user_attr first so that it will be older
* than the config file.
*/
(void) zonecfg_authorize_users(handle, zname);
err = zonecfg_save_impl(handle, path);
stripcomments(handle);
if (err != Z_OK)
return (err);
handle->zone_dh_newzone = B_FALSE;
if (is_renaming(handle)) {
if (config_file_path(handle->zone_dh_delete_name, delpath))
(void) unlink(delpath);
handle->zone_dh_delete_name[0] = '\0';
}
return (Z_OK);
}
int
zonecfg_verify_save(zone_dochandle_t handle, char *filename)
{
int valid;
xmlValidCtxt cvp = { NULL };
if (zonecfg_check_handle(handle) != Z_OK)
return (Z_BAD_HANDLE);
cvp.error = zonecfg_error_func;
cvp.warning = zonecfg_error_func;
/*
* We do a final validation of the document. Since the library has
* malfunctioned if it fails to validate, we follow-up with an
* assert() that the doc is valid.
*/
valid = xmlValidateDocument(&cvp, handle->zone_dh_doc);
assert(valid != 0);
if (xmlSaveFormatFile(filename, handle->zone_dh_doc, 1) <= 0)
return (Z_SAVING_FILE);
return (Z_OK);
}
int
zonecfg_detach_save(zone_dochandle_t handle, uint_t flags)
{
char zname[ZONENAME_MAX];
char path[MAXPATHLEN];
char migpath[MAXPATHLEN];
xmlValidCtxt cvp = { NULL };
int err = Z_SAVING_FILE;
int valid;
if (zonecfg_check_handle(handle) != Z_OK)
return (Z_BAD_HANDLE);
if (flags & ZONE_DRY_RUN) {
(void) strlcpy(migpath, "-", sizeof (migpath));
} else {
if ((err = zonecfg_get_name(handle, zname, sizeof (zname)))
!= Z_OK)
return (err);
if ((err = zone_get_zonepath(zname, path, sizeof (path)))
!= Z_OK)
return (err);
if (snprintf(migpath, sizeof (migpath), "%s/%s", path,
ZONE_DETACHED) >= sizeof (migpath))
return (Z_NOMEM);
}
if ((err = operation_prep(handle)) != Z_OK)
return (err);
addcomment(handle, "\n DO NOT EDIT THIS FILE. "
"Use zonecfg(1M) and zoneadm(1M) attach.\n");
cvp.error = zonecfg_error_func;
cvp.warning = zonecfg_error_func;
/*
* We do a final validation of the document. Since the library has
* malfunctioned if it fails to validate, we follow-up with an
* assert() that the doc is valid.
*/
valid = xmlValidateDocument(&cvp, handle->zone_dh_doc);
assert(valid != 0);
if (xmlSaveFormatFile(migpath, handle->zone_dh_doc, 1) <= 0)
return (Z_SAVING_FILE);
if (!(flags & ZONE_DRY_RUN))
(void) chmod(migpath, 0644);
stripcomments(handle);
handle->zone_dh_newzone = B_FALSE;
return (Z_OK);
}
void
zonecfg_rm_detached(zone_dochandle_t handle, boolean_t forced)
{
char zname[ZONENAME_MAX];
char path[MAXPATHLEN];
char detached[MAXPATHLEN];
char attached[MAXPATHLEN];
if (zonecfg_check_handle(handle) != Z_OK)
return;
if (zonecfg_get_name(handle, zname, sizeof (zname)) != Z_OK)
return;
if (zone_get_zonepath(zname, path, sizeof (path)) != Z_OK)
return;
(void) snprintf(detached, sizeof (detached), "%s/%s", path,
ZONE_DETACHED);
(void) snprintf(attached, sizeof (attached), "%s/%s", path,
ATTACH_FORCED);
if (forced) {
(void) rename(detached, attached);
} else {
(void) unlink(attached);
(void) unlink(detached);
}
}
/*
* Special case: if access(2) fails with ENOENT, then try again using
* ZONE_CONFIG_ROOT instead of config_file_path(zonename). This is how we
* work around the case of a config file which has not been created yet:
* the user will need access to the directory so use that as a heuristic.
*/
int
zonecfg_access(const char *zonename, int amode)
{
char path[MAXPATHLEN];
if (!config_file_path(zonename, path))
return (Z_INVAL);
if (access(path, amode) == 0)
return (Z_OK);
if (errno == ENOENT) {
if (snprintf(path, sizeof (path), "%s%s", zonecfg_root,
ZONE_CONFIG_ROOT) >= sizeof (path))
return (Z_INVAL);
if (access(path, amode) == 0)
return (Z_OK);
}
if (errno == EACCES)
return (Z_ACCES);
if (errno == EINVAL)
return (Z_INVAL);
return (Z_MISC_FS);
}
int
zonecfg_create_snapshot(const char *zonename)
{
zone_dochandle_t handle;
char path[MAXPATHLEN], zonepath[MAXPATHLEN], rpath[MAXPATHLEN];
int error = Z_OK, res;
if ((handle = zonecfg_init_handle()) == NULL) {
return (Z_NOMEM);
}
handle->zone_dh_newzone = B_TRUE;
handle->zone_dh_snapshot = B_TRUE;
if ((error = zonecfg_get_handle(zonename, handle)) != Z_OK)
goto out;
if ((error = operation_prep(handle)) != Z_OK)
goto out;
error = zonecfg_get_zonepath(handle, zonepath, sizeof (zonepath));
if (error != Z_OK)
goto out;
if ((res = resolvepath(zonepath, rpath, sizeof (rpath))) == -1) {
error = Z_RESOLVED_PATH;
goto out;
}
/*
* If the resolved path is not the same as the original path, then
* save the resolved path in the snapshot, thus preventing any
* potential problems down the line when zoneadmd goes to unmount
* file systems and depends on initial string matches with resolved
* paths.
*/
rpath[res] = '\0';
if (strcmp(zonepath, rpath) != 0) {
if ((error = zonecfg_set_zonepath(handle, rpath)) != Z_OK)
goto out;
}
if (snprintf(path, sizeof (path), "%s%s", zonecfg_root,
ZONE_SNAPSHOT_ROOT) >= sizeof (path)) {
error = Z_MISC_FS;
goto out;
}
if ((mkdir(path, S_IRWXU) == -1) && (errno != EEXIST)) {
error = Z_MISC_FS;
goto out;
}
if (!snap_file_path(zonename, path)) {
error = Z_MISC_FS;
goto out;
}
addcomment(handle, "\n DO NOT EDIT THIS FILE. "
"It is a snapshot of running zone state.\n");
error = zonecfg_save_impl(handle, path);
stripcomments(handle);
out:
zonecfg_fini_handle(handle);
return (error);
}
int
zonecfg_get_iptype(zone_dochandle_t handle, zone_iptype_t *iptypep)
{
char property[10]; /* 10 is big enough for "shared"/"exclusive" */
int err;
err = getrootattr(handle, DTD_ATTR_IPTYPE, property, sizeof (property));
if (err == Z_BAD_PROPERTY) {
/* Return default value */
*iptypep = ZS_EXCLUSIVE;
return (Z_OK);
} else if (err != Z_OK) {
return (err);
}
/*
* When the default for ip-type was shared, zonecfg_set_iptype() only
* wrote the ip-type property to the zone configuration if it was set
* to exclusive. It now always writes ip-type explicitly regardless
* of its value. As a result, we can assume that a missing ip-type
* property implies shared (getrootattr() returns the empty string if
* the attribute is missing).
*/
if (strlen(property) == 0 ||
strcmp(property, "shared") == 0)
*iptypep = ZS_SHARED;
else if (strcmp(property, "exclusive") == 0)
*iptypep = ZS_EXCLUSIVE;
else
return (Z_INVALID_PROPERTY);
return (Z_OK);
}
int
zonecfg_set_iptype(zone_dochandle_t handle, zone_iptype_t iptype)
{
return (setrootattr(handle, DTD_ATTR_IPTYPE,
(iptype == ZS_EXCLUSIVE ? "exclusive" : "shared")));
}
static int
newprop(zone_dochandle_t handle, xmlNodePtr node, const xmlChar *attrname,
char *src)
{
xmlAttrPtr newattr;
int err;
/*
* Check to see if the proposed property and value can be set.
* The brand may have disabled the property or value or may have
* fixed this property.
*/
err = can_set_prop(handle, dtd_to_rt(node->name), (char *)attrname,
src);
/*
* If the fixed value is the same as the new value, don't return a
* failure, but also don't add it to the zone's XML config as fixed
* properties should only live in the brand XML.
*/
if (err == Z_BRAND_FIXED_CFG) {
brand_handle_t bh;
char *fixed_val = NULL;
if (get_brand_handle(handle, &bh) != Z_OK)
return (Z_BRAND_ERROR);
if (brand_get_fixed_prop(bh, dtd_to_rt(node->name),
(char *)attrname, &fixed_val) != 0) {
brand_close(bh);
return (Z_BRAND_ERROR);
}
brand_close(bh);
if (strcmp(fixed_val, src) == 0)
return (Z_OK);
}
if (err != Z_OK)
return (err);
newattr = xmlNewProp(node, attrname, (xmlChar *)src);
if (newattr == NULL) {
xmlUnlinkNode(node);
xmlFreeNode(node);
return (Z_BAD_PROPERTY);
}
return (Z_OK);
}
static int
newres(zone_dochandle_t handle, xmlNodePtr cur, xmlNodePtr *newnode,
const xmlChar *dtd)
{
int err;
if ((err = can_add_res(handle, dtd_to_rt(dtd))) != Z_OK)
return (err);
*newnode = xmlNewTextChild(cur, NULL, dtd, NULL);
return (0);
}
static int
zonecfg_add_filesystem_core(zone_dochandle_t handle, struct zone_fstab *tabptr)
{
xmlNodePtr newnode, cur = handle->zone_dh_cur, options_node;
zone_fsopt_t *ptr;
int err;
if ((err = newres(handle, cur, &newnode, DTD_ELEM_FS)) != Z_OK)
return (err);
if ((err = newprop(handle, newnode, DTD_ATTR_SPECIAL,
tabptr->zone_fs_special)) != Z_OK)
return (err);
if (tabptr->zone_fs_raw[0] != '\0' && (err = newprop(handle, newnode,
DTD_ATTR_RAW, tabptr->zone_fs_raw)) != Z_OK)
return (err);
if ((err = newprop(handle, newnode, DTD_ATTR_DIR,
tabptr->zone_fs_dir)) != Z_OK)
return (err);
if ((err = newprop(handle, newnode, DTD_ATTR_TYPE,
tabptr->zone_fs_type)) != Z_OK)
return (err);
if (tabptr->zone_fs_options != NULL) {
for (ptr = tabptr->zone_fs_options; ptr != NULL;
ptr = ptr->zone_fsopt_next) {
options_node = xmlNewTextChild(newnode, NULL,
DTD_ELEM_FSOPTION, NULL);
if ((err = newprop(handle, options_node, DTD_ATTR_NAME,
ptr->zone_fsopt_opt)) != Z_OK)
return (err);
}
}
return (Z_OK);
}
int
zonecfg_add_filesystem(zone_dochandle_t handle, struct zone_fstab *tabptr)
{
int err;
if (tabptr == NULL)
return (Z_INVAL);
if ((err = operation_prep(handle)) != Z_OK)
return (err);
if ((err = zonecfg_add_filesystem_core(handle, tabptr)) != Z_OK)
return (err);
return (Z_OK);
}
int
zonecfg_add_fs_option(struct zone_fstab *tabptr, char *option)
{
zone_fsopt_t *last, *old, *new;
last = tabptr->zone_fs_options;
for (old = last; old != NULL; old = old->zone_fsopt_next)
last = old; /* walk to the end of the list */
new = (zone_fsopt_t *)malloc(sizeof (zone_fsopt_t));
if (new == NULL)
return (Z_NOMEM);
(void) strlcpy(new->zone_fsopt_opt, option,
sizeof (new->zone_fsopt_opt));
new->zone_fsopt_next = NULL;
if (last == NULL)
tabptr->zone_fs_options = new;
else
last->zone_fsopt_next = new;
return (Z_OK);
}
int
zonecfg_remove_fs_option(struct zone_fstab *tabptr, char *option)
{
zone_fsopt_t *last, *this, *next;
last = tabptr->zone_fs_options;
for (this = last; this != NULL; this = this->zone_fsopt_next) {
if (strcmp(this->zone_fsopt_opt, option) == 0) {
next = this->zone_fsopt_next;
if (this == tabptr->zone_fs_options)
tabptr->zone_fs_options = next;
else
last->zone_fsopt_next = next;
free(this);
return (Z_OK);
} else
last = this;
}
return (Z_NO_PROPERTY_ID);
}
void
zonecfg_free_fs_option_list(zone_fsopt_t *list)
{
zone_fsopt_t *this, *next;
for (this = list; this != NULL; this = next) {
next = this->zone_fsopt_next;
free(this);
}
}
void
zonecfg_free_rctl_value_list(struct zone_rctlvaltab *valtab)
{
if (valtab == NULL)
return;
zonecfg_free_rctl_value_list(valtab->zone_rctlval_next);
free(valtab);
}
static boolean_t
match_prop(zone_dochandle_t handle, xmlNodePtr cur, const xmlChar *attr,
char *user_prop)
{
char *gotten_prop;
int prop_result;
if (fetch_alloc_prop(handle, cur, attr, &gotten_prop) != Z_OK)
return (B_FALSE); /* shouldn't happen */
prop_result = strcmp(gotten_prop, user_prop);
free(gotten_prop);
return ((prop_result == 0));
}
static int
zonecfg_delete_filesystem_core(zone_dochandle_t handle,
struct zone_fstab *tabptr)
{
xmlNodePtr cur = handle->zone_dh_cur;
boolean_t dir_match, spec_match, raw_match, type_match;
for (cur = cur->xmlChildrenNode; cur != NULL; cur = cur->next) {
if (xmlStrcmp(cur->name, DTD_ELEM_FS))
continue;
dir_match = match_prop(handle, cur, DTD_ATTR_DIR,
tabptr->zone_fs_dir);
spec_match = match_prop(handle, cur, DTD_ATTR_SPECIAL,
tabptr->zone_fs_special);
raw_match = match_prop(handle, cur, DTD_ATTR_RAW,
tabptr->zone_fs_raw);
type_match = match_prop(handle, cur, DTD_ATTR_TYPE,
tabptr->zone_fs_type);
if (dir_match && spec_match && raw_match && type_match) {
xmlUnlinkNode(cur);
xmlFreeNode(cur);
return (Z_OK);
}
}
return (Z_NO_RESOURCE_ID);
}
int
zonecfg_delete_filesystem(zone_dochandle_t handle, struct zone_fstab *tabptr)
{
int err;
if (tabptr == NULL)
return (Z_INVAL);
if ((err = operation_prep(handle)) != Z_OK)
return (err);
if ((err = zonecfg_delete_filesystem_core(handle, tabptr)) != Z_OK)
return (err);
return (Z_OK);
}
int
zonecfg_modify_filesystem(
zone_dochandle_t handle,
struct zone_fstab *oldtabptr,
struct zone_fstab *newtabptr)
{
int err;
if (oldtabptr == NULL || newtabptr == NULL)
return (Z_INVAL);
if ((err = operation_prep(handle)) != Z_OK)
return (err);
if ((err = zonecfg_delete_filesystem_core(handle, oldtabptr)) != Z_OK)
return (err);
if ((err = zonecfg_add_filesystem_core(handle, newtabptr)) != Z_OK)
return (err);
return (Z_OK);
}
int
zonecfg_lookup_filesystem(
zone_dochandle_t handle,
struct zone_fstab *tabptr)
{
xmlNodePtr cur, options, firstmatch;
int err;
char dirname[MAXPATHLEN], special[MAXPATHLEN], raw[MAXPATHLEN];
char type[FSTYPSZ];
char options_str[MAX_MNTOPT_STR];
if (tabptr == NULL)
return (Z_INVAL);
if ((err = operation_prep(handle)) != Z_OK)
return (err);
/*
* Walk the list of children looking for matches on any properties
* specified in the fstab parameter. If more than one resource
* matches, we return Z_INSUFFICIENT_SPEC; if none match, we return
* Z_NO_RESOURCE_ID.
*/
cur = handle->zone_dh_cur;
firstmatch = NULL;
for (cur = cur->xmlChildrenNode; cur != NULL; cur = cur->next) {
if (xmlStrcmp(cur->name, DTD_ELEM_FS))
continue;
if (strlen(tabptr->zone_fs_dir) > 0) {
if ((fetchprop(handle, cur, DTD_ATTR_DIR, dirname,
sizeof (dirname)) == Z_OK) &&
(strcmp(tabptr->zone_fs_dir, dirname) == 0)) {
if (firstmatch == NULL)
firstmatch = cur;
else
return (Z_INSUFFICIENT_SPEC);
}
}
if (strlen(tabptr->zone_fs_special) > 0) {
if ((fetchprop(handle, cur, DTD_ATTR_SPECIAL, special,
sizeof (special)) == Z_OK)) {
if (strcmp(tabptr->zone_fs_special,
special) == 0) {
if (firstmatch == NULL)
firstmatch = cur;
else if (firstmatch != cur)
return (Z_INSUFFICIENT_SPEC);
} else {
/*
* If another property matched but this
* one doesn't then reset firstmatch.
*/
if (firstmatch == cur)
firstmatch = NULL;
}
}
}
if (strlen(tabptr->zone_fs_raw) > 0) {
if ((fetchprop(handle, cur, DTD_ATTR_RAW, raw,
sizeof (raw)) == Z_OK)) {
if (strcmp(tabptr->zone_fs_raw, raw) == 0) {
if (firstmatch == NULL)
firstmatch = cur;
else if (firstmatch != cur)
return (Z_INSUFFICIENT_SPEC);
} else {
/*
* If another property matched but this
* one doesn't then reset firstmatch.
*/
if (firstmatch == cur)
firstmatch = NULL;
}
}
}
if (strlen(tabptr->zone_fs_type) > 0) {
if ((fetchprop(handle, cur, DTD_ATTR_TYPE, type,
sizeof (type)) == Z_OK)) {
if (strcmp(tabptr->zone_fs_type, type) == 0) {
if (firstmatch == NULL)
firstmatch = cur;
else if (firstmatch != cur)
return (Z_INSUFFICIENT_SPEC);
} else {
/*
* If another property matched but this
* one doesn't then reset firstmatch.
*/
if (firstmatch == cur)
firstmatch = NULL;
}
}
}
}
if (firstmatch == NULL)
return (Z_NO_RESOURCE_ID);
cur = firstmatch;
if ((err = fetchprop(handle, cur, DTD_ATTR_DIR, tabptr->zone_fs_dir,
sizeof (tabptr->zone_fs_dir))) != Z_OK)
return (err);
if ((err = fetchprop(handle, cur, DTD_ATTR_SPECIAL,
tabptr->zone_fs_special,
sizeof (tabptr->zone_fs_special))) != Z_OK)
return (err);
if ((err = fetchprop(handle, cur, DTD_ATTR_RAW, tabptr->zone_fs_raw,
sizeof (tabptr->zone_fs_raw))) != Z_OK)
return (err);
if ((err = fetchprop(handle, cur, DTD_ATTR_TYPE, tabptr->zone_fs_type,
sizeof (tabptr->zone_fs_type))) != Z_OK)
return (err);
/* options are optional */
tabptr->zone_fs_options = NULL;
for (options = cur->xmlChildrenNode; options != NULL;
options = options->next) {
if ((fetchprop(handle, options, DTD_ATTR_NAME, options_str,
sizeof (options_str)) != Z_OK))
break;
if (zonecfg_add_fs_option(tabptr, options_str) != Z_OK)
break;
}
return (Z_OK);
}
/*
* Compare two IP addresses in string form. Allow for the possibility that
* one might have "/<prefix-length>" at the end: allow a match on just the
* IP address (or host name) part.
*/
boolean_t
zonecfg_same_net_address(char *a1, char *a2)
{
char *slashp, *slashp1, *slashp2;
int result;
if (strcmp(a1, a2) == 0)
return (B_TRUE);
/*
* If neither has a slash or both do, they need to match to be
* considered the same, but they did not match above, so fail.
*/
slashp1 = strchr(a1, '/');
slashp2 = strchr(a2, '/');
if ((slashp1 == NULL && slashp2 == NULL) ||
(slashp1 != NULL && slashp2 != NULL))
return (B_FALSE);
/*
* Only one had a slash: pick that one, zero out the slash, compare
* the "address only" strings, restore the slash, and return the
* result of the comparison.
*/
slashp = (slashp1 == NULL) ? slashp2 : slashp1;
*slashp = '\0';
result = strcmp(a1, a2);
*slashp = '/';
return ((result == 0));
}
int
zonecfg_valid_net_address(char *address, struct sockaddr_storage *saddr)
{
struct sockaddr_in *sin4;
struct sockaddr_in6 *sin6;
struct addrinfo hints, *result;
char *slashp = strchr(address, '/');
int ret = Z_OK;
bzero(saddr, sizeof (struct sockaddr_storage));
sin4 = (struct sockaddr_in *)saddr;
sin6 = (struct sockaddr_in6 *)saddr;
if (slashp != NULL)
*slashp = '\0';
if (inet_pton(AF_INET, address, &sin4->sin_addr) == 1) {
sin4->sin_family = AF_INET;
} else if (inet_pton(AF_INET6, address, &sin6->sin6_addr) == 1) {
if (slashp == NULL)
return (Z_IPV6_ADDR_PREFIX_LEN);
sin6->sin6_family = AF_INET6;
} else {
/* "address" may be a host name */
(void) memset(&hints, 0, sizeof (hints));
hints.ai_family = PF_INET;
if (getaddrinfo(address, NULL, &hints, &result) != 0) {
ret = Z_BOGUS_ADDRESS;
goto out;
}
sin4->sin_family = result->ai_family;
(void) memcpy(&sin4->sin_addr,
/* LINTED E_BAD_PTR_CAST_ALIGN */
&((struct sockaddr_in *)result->ai_addr)->sin_addr,
sizeof (struct in_addr));
freeaddrinfo(result);
}
out:
if (slashp != NULL)
*slashp = '/';
return (ret);
}
boolean_t
zonecfg_ifname_exists(sa_family_t af, char *ifname)
{
struct lifreq lifr;
int so;
int save_errno;
(void) memset(&lifr, 0, sizeof (lifr));
(void) strlcpy(lifr.lifr_name, ifname, sizeof (lifr.lifr_name));
lifr.lifr_addr.ss_family = af;
if ((so = socket(af, SOCK_DGRAM, 0)) < 0) {
/* Odd - can't tell if the ifname exists */
return (B_FALSE);
}
if (ioctl(so, SIOCGLIFFLAGS, (caddr_t)&lifr) < 0) {
save_errno = errno;
(void) close(so);
errno = save_errno;
return (B_FALSE);
}
(void) close(so);
return (B_TRUE);
}
/*
* Check if a net or anet resource exists with the given linkname.
*/
boolean_t
zonecfg_lookup_linkname(zone_dochandle_t handle, const char *linkname)
{
xmlNodePtr cur;
char str[MAXLINKNAMELEN];
int err;
if ((err = operation_prep(handle)) != Z_OK)
return (err);
cur = handle->zone_dh_cur;
for (cur = cur->xmlChildrenNode; cur != NULL; cur = cur->next) {
if (xmlStrcmp(cur->name, DTD_ELEM_NET) == 0) {
if ((fetchprop(handle, cur, DTD_ATTR_PHYSICAL,
str, sizeof (str)) == Z_OK &&
strcmp(linkname, str) == 0))
return (B_TRUE);
}
if (xmlStrcmp(cur->name, DTD_ELEM_ANET) == 0) {
if ((fetchprop(handle, cur, DTD_ATTR_LINKNAME,
str, sizeof (str)) == Z_OK &&
strcmp(linkname, str) == 0))
return (B_TRUE);
}
}
return (B_FALSE);
}
/*
* Determines whether there is a net resource with the physical interface, IP
* address, and default router specified by 'tabptr' in the zone configuration
* to which 'handle' refers. 'tabptr' must have an interface, an address, a
* default router, or a combination of the three. This function returns Z_OK
* iff there is exactly one net resource matching the query specified by
* 'tabptr'. The function returns Z_INSUFFICIENT_SPEC if there are multiple
* matches or 'tabptr' does not specify a physical interface, address, or
* default router. The function returns Z_NO_RESOURCE_ID if are no matches.
*
* Errors might also be returned if the entry that exactly matches the
* query lacks critical network resource information.
*
* If there is a single match, then the matching entry's physical interface, IP
* address, and default router information are stored in 'tabptr'.
*/
int
zonecfg_lookup_net(zone_dochandle_t handle, struct zone_nettab *tabptr)
{
xmlNodePtr cur;
xmlNodePtr firstmatch;
int err;
char address[INET6_ADDRSTRLEN];
char physical[LIFNAMSIZ];
char allowed_addr[ALLOWED_ADDRS_BUFSZ];
char defrouter[DEFROUTERS_BUFSZ];
size_t addrspec; /* nonzero if tabptr has IP addr */
size_t physspec; /* nonzero if tabptr has interface */
size_t defrouterspec; /* nonzero if tabptr has def. router */
size_t allowed_addrspec;
zone_iptype_t iptype;
if (tabptr == NULL)
return (Z_INVAL);
/*
* Determine the fields that will be searched. There must be at least
* one.
*
* zone_net_address, zone_net_physical, and zone_net_defrouter are
* arrays, so no NULL checks are necessary.
*/
addrspec = strlen(tabptr->zone_net_address);
physspec = strlen(tabptr->zone_net_physical);
defrouterspec = strlen(tabptr->zone_net_defrouter);
allowed_addrspec = strlen(tabptr->zone_net_allowed_addr);
if (addrspec != 0 && allowed_addrspec != 0)
return (Z_INVAL); /* can't specify both */
if (addrspec == 0 && physspec == 0 && defrouterspec == 0 &&
allowed_addrspec == 0)
return (Z_INSUFFICIENT_SPEC);
if ((err = operation_prep(handle)) != Z_OK)
return (err);
if ((err = zonecfg_get_iptype(handle, &iptype)) != Z_OK)
return (err);
/*
* Iterate over the configuration's elements and look for net elements
* that match the query.
*/
firstmatch = NULL;
cur = handle->zone_dh_cur;
for (cur = cur->xmlChildrenNode; cur != NULL; cur = cur->next) {
/* Skip non-net elements */
if (xmlStrcmp(cur->name, DTD_ELEM_NET))
continue;
/*
* If any relevant fields don't match the query, then skip
* the current net element.
*/
if (physspec != 0 && (fetchprop(handle, cur, DTD_ATTR_PHYSICAL,
physical, sizeof (physical)) != Z_OK ||
strcmp(tabptr->zone_net_physical, physical) != 0))
continue;
if (iptype == ZS_SHARED && addrspec != 0 &&
(fetchprop(handle, cur, DTD_ATTR_ADDRESS, address,
sizeof (address)) != Z_OK ||
!zonecfg_same_net_address(tabptr->zone_net_address,
address)))
continue;
if (iptype == ZS_EXCLUSIVE && allowed_addrspec != 0 &&
(fetchprop(handle, cur, DTD_ATTR_ALLOWED_ADDRESS,
allowed_addr, sizeof (allowed_addr)) != Z_OK ||
zonecfg_csscmp(tabptr->zone_net_allowed_addr,
allowed_addr) != 0))
continue;
if (defrouterspec != 0 && (fetchprop(handle, cur,
DTD_ATTR_DEFROUTER, defrouter, sizeof (defrouter))
!= Z_OK || zonecfg_csscmp(tabptr->zone_net_defrouter,
defrouter) != 0))
continue;
/*
* The current net element matches the query. Select it if
* it's the first match; otherwise, abort the search.
*/
if (firstmatch == NULL)
firstmatch = cur;
else
return (Z_INSUFFICIENT_SPEC);
}
if (firstmatch == NULL)
return (Z_NO_RESOURCE_ID);
cur = firstmatch;
if ((err = fetchprop(handle, cur, DTD_ATTR_PHYSICAL,
tabptr->zone_net_physical,
sizeof (tabptr->zone_net_physical))) != Z_OK)
return (err);
if (iptype == ZS_SHARED &&
(err = fetchprop(handle, cur, DTD_ATTR_ADDRESS,
tabptr->zone_net_address,
sizeof (tabptr->zone_net_address))) != Z_OK)
return (err);
if (iptype == ZS_EXCLUSIVE &&
(err = fetchprop(handle, cur, DTD_ATTR_ALLOWED_ADDRESS,
tabptr->zone_net_allowed_addr,
sizeof (tabptr->zone_net_allowed_addr))) != Z_OK)
return (err);
if ((err = fetchprop(handle, cur, DTD_ATTR_CONFIGURE_ALLOWED_ADDRESS,
tabptr->zone_net_configure_allowed_addr,
sizeof (tabptr->zone_net_configure_allowed_addr))) != Z_OK)
return (err);
if ((err = fetchprop(handle, cur, DTD_ATTR_DEFROUTER,
tabptr->zone_net_defrouter,
sizeof (tabptr->zone_net_defrouter))) != Z_OK)
return (err);
return (Z_OK);
}
static int
zonecfg_add_net_core(zone_dochandle_t handle, struct zone_nettab *tabptr)
{
xmlNodePtr newnode, cur = handle->zone_dh_cur;
int err;
if ((err = newres(handle, cur, &newnode, DTD_ELEM_NET)) != Z_OK)
return (err);
if ((err = newprop(handle, newnode, DTD_ATTR_PHYSICAL,
tabptr->zone_net_physical)) != Z_OK)
return (err);
/*
* Do not add these properties when not set, for backwards
* compatibility and because they are optional.
*/
if (strlen(tabptr->zone_net_address) > 0 &&
(err = newprop(handle, newnode, DTD_ATTR_ADDRESS,
tabptr->zone_net_address)) != Z_OK)
return (err);
if (strlen(tabptr->zone_net_allowed_addr) > 0) {
err = newprop(handle, newnode, DTD_ATTR_ALLOWED_ADDRESS,
tabptr->zone_net_allowed_addr);
if (err != Z_OK)
return (err);
}
if (strlen(tabptr->zone_net_configure_allowed_addr) > 0) {
if ((err = newprop(handle, newnode,
DTD_ATTR_CONFIGURE_ALLOWED_ADDRESS,
tabptr->zone_net_configure_allowed_addr)) != Z_OK)
return (err);
} else {
/*
* Default to "true" unless the property value comes from the
* brand
*/
err = can_set_prop(handle, dtd_to_rt(DTD_ELEM_NET),
(char *)DTD_ATTR_CONFIGURE_ALLOWED_ADDRESS,
DTD_ENTITY_TRUE);
if (err != Z_OK &&
err != Z_BRAND_DISABLED_VAL &&
err != Z_BRAND_DISABLED_CFG &&
err != Z_BRAND_FIXED_CFG)
return (err);
if (err == Z_OK) {
if ((err = newprop(handle, newnode,
DTD_ATTR_CONFIGURE_ALLOWED_ADDRESS,
DTD_ENTITY_TRUE)) != Z_OK)
return (err);
}
err = Z_OK;
}
if ((strlen(tabptr->zone_net_defrouter) > 0) &&
((err = newprop(handle, newnode, DTD_ATTR_DEFROUTER,
tabptr->zone_net_defrouter)) != Z_OK))
return (err);
return (Z_OK);
}
int
zonecfg_add_net(zone_dochandle_t handle, struct zone_nettab *tabptr)
{
int err;
if (tabptr == NULL)
return (Z_INVAL);
if ((err = operation_prep(handle)) != Z_OK)
return (err);
if ((err = zonecfg_add_net_core(handle, tabptr)) != Z_OK)
return (err);
return (Z_OK);
}
static int
zonecfg_delete_net_core(zone_dochandle_t handle, struct zone_nettab *tabptr)
{
xmlNodePtr cur = handle->zone_dh_cur;
boolean_t addr_match, phys_match, allowed_addr_match;
for (cur = cur->xmlChildrenNode; cur != NULL; cur = cur->next) {
if (xmlStrcmp(cur->name, DTD_ELEM_NET))
continue;
addr_match = match_prop(handle, cur, DTD_ATTR_ADDRESS,
tabptr->zone_net_address);
allowed_addr_match = match_prop(handle, cur,
DTD_ATTR_ALLOWED_ADDRESS,
tabptr->zone_net_allowed_addr);
phys_match = match_prop(handle, cur, DTD_ATTR_PHYSICAL,
tabptr->zone_net_physical);
if ((addr_match || allowed_addr_match) && phys_match) {
xmlUnlinkNode(cur);
xmlFreeNode(cur);
return (Z_OK);
}
}
return (Z_NO_RESOURCE_ID);
}
int
zonecfg_delete_net(zone_dochandle_t handle, struct zone_nettab *tabptr)
{
int err;
if (tabptr == NULL)
return (Z_INVAL);
if ((err = operation_prep(handle)) != Z_OK)
return (err);
if ((err = zonecfg_delete_net_core(handle, tabptr)) != Z_OK)
return (err);
return (Z_OK);
}
int
zonecfg_modify_net(zone_dochandle_t handle, struct zone_nettab *oldtabptr,
struct zone_nettab *newtabptr)
{
int err;
if (oldtabptr == NULL || newtabptr == NULL)
return (Z_INVAL);
if ((err = operation_prep(handle)) != Z_OK)
return (err);
if ((err = zonecfg_delete_net_core(handle, oldtabptr)) != Z_OK)
return (err);
if ((err = zonecfg_add_net_core(handle, newtabptr)) != Z_OK)
return (err);
return (Z_OK);
}
#define _FETCH_CMP_PROPERTY(pname, dtdattr, cmpfunc) \
if (tabptr->pname[0] != '\0' && (fetchprop(handle, cur, dtdattr, \
tmp.pname, sizeof (tmp.pname)) != Z_OK || \
cmpfunc(tabptr->pname, tmp.pname) != 0)) \
continue;
int
zonecfg_lookup_anet(zone_dochandle_t handle, struct zone_anettab *tabptr)
{
xmlNodePtr cur;
xmlNodePtr firstmatch;
int err;
struct zone_anettab tmp;
if (tabptr == NULL)
return (Z_INVAL);
if (tabptr->zone_anet_linkname[0] == '\0' &&
tabptr->zone_anet_lower_link[0] == '\0' &&
tabptr->zone_anet_allowed_addr[0] == '\0' &&
tabptr->zone_anet_defrouter[0] == '\0' &&
tabptr->zone_anet_allowed_dhcp_cids[0] == '\0' &&
tabptr->zone_anet_link_protection[0] == '\0' &&
tabptr->zone_anet_mac_addr[0] == '\0' &&
tabptr->zone_anet_mac_prefix[0] == '\0' &&
tabptr->zone_anet_mac_slot[0] == '\0' &&
tabptr->zone_anet_vlan_id[0] == '\0' &&
tabptr->zone_anet_priority[0] == '\0' &&
tabptr->zone_anet_rxrings[0] == '\0' &&
tabptr->zone_anet_txrings[0] == '\0' &&
tabptr->zone_anet_mtu[0] == '\0' &&
tabptr->zone_anet_maxbw[0] == '\0' &&
tabptr->zone_anet_rxfanout[0] == '\0' &&
tabptr->zone_anet_vsitypeid[0] == '\0' &&
tabptr->zone_anet_vsivers[0] == '\0' &&
tabptr->zone_anet_vsimgrid[0] == '\0' &&
tabptr->zone_anet_etsbwlcl[0] == '\0' &&
tabptr->zone_anet_cos[0] == '\0' &&
tabptr->zone_anet_pkey[0] == '\0'&&
tabptr->zone_anet_linkmode[0] == '\0')
return (Z_INSUFFICIENT_SPEC);
if ((err = operation_prep(handle)) != Z_OK)
return (err);
/*
* Iterate over the configuration's elements and look for anet elements
* that match the query.
*/
firstmatch = NULL;
cur = handle->zone_dh_cur;
for (cur = cur->xmlChildrenNode; cur != NULL; cur = cur->next) {
/* Skip non-anet elements */
if (xmlStrcmp(cur->name, DTD_ELEM_ANET))
continue;
/*
* If any relevant fields don't match the query, then skip
* the current net element.
* TBD
*/
_FETCH_CMP_PROPERTY(zone_anet_linkname,
DTD_ATTR_LINKNAME, strcmp);
_FETCH_CMP_PROPERTY(zone_anet_lower_link,
DTD_ATTR_LOWER_LINK, strcmp);
_FETCH_CMP_PROPERTY(zone_anet_priority,
DTD_ATTR_PRIORITY, strcasecmp);
_FETCH_CMP_PROPERTY(zone_anet_rxrings,
DTD_ATTR_RXRINGS, strcasecmp);
_FETCH_CMP_PROPERTY(zone_anet_txrings,
DTD_ATTR_TXRINGS, strcasecmp);
_FETCH_CMP_PROPERTY(zone_anet_mtu,
DTD_ATTR_MTU, strcasecmp);
_FETCH_CMP_PROPERTY(zone_anet_maxbw,
DTD_ATTR_MAXBW, strcasecmp);
_FETCH_CMP_PROPERTY(zone_anet_mac_addr,
DTD_ATTR_MAC_ADDRESS, strcasecmp);
_FETCH_CMP_PROPERTY(zone_anet_mac_prefix,
DTD_ATTR_MAC_PREFIX, strcasecmp);
_FETCH_CMP_PROPERTY(zone_anet_mac_slot,
DTD_ATTR_MAC_SLOT, strcmp);
_FETCH_CMP_PROPERTY(zone_anet_vlan_id,
DTD_ATTR_VLAN_ID, strcmp);
_FETCH_CMP_PROPERTY(zone_anet_allowed_addr,
DTD_ATTR_ALLOWED_ADDRESS, zonecfg_csscmp);
_FETCH_CMP_PROPERTY(zone_anet_defrouter,
DTD_ATTR_DEFROUTER, zonecfg_csscmp);
_FETCH_CMP_PROPERTY(zone_anet_allowed_dhcp_cids,
DTD_ATTR_ALLOWED_DHCP_CIDS, zonecfg_csscmp);
_FETCH_CMP_PROPERTY(zone_anet_link_protection,
DTD_ATTR_LINK_PROTECTION, zonecfg_csscmp);
_FETCH_CMP_PROPERTY(zone_anet_rxfanout,
DTD_ATTR_RXFANOUT, strcasecmp);
_FETCH_CMP_PROPERTY(zone_anet_vsitypeid,
DTD_ATTR_VSITYPEID, strcmp);
_FETCH_CMP_PROPERTY(zone_anet_vsivers,
DTD_ATTR_VSIVERS, strcmp);
_FETCH_CMP_PROPERTY(zone_anet_vsimgrid,
DTD_ATTR_VSIMGRID, strcmp);
_FETCH_CMP_PROPERTY(zone_anet_etsbwlcl,
DTD_ATTR_ETSBWLCL, strcmp);
_FETCH_CMP_PROPERTY(zone_anet_cos, DTD_ATTR_COS, strcmp);
_FETCH_CMP_PROPERTY(zone_anet_pkey,
DTD_ATTR_PKEY, strcmp);
_FETCH_CMP_PROPERTY(zone_anet_linkmode,
DTD_ATTR_LINKMODE, strcmp);
/*
* The current anet element matches the query. Select it if
* it's the first match; otherwise, abort the search.
*/
if (firstmatch == NULL)
firstmatch = cur;
else
return (Z_INSUFFICIENT_SPEC);
}
if (firstmatch == NULL)
return (Z_NO_RESOURCE_ID);
cur = firstmatch;
if ((err = fetchprop(handle, cur, DTD_ATTR_LINKNAME,
tabptr->zone_anet_linkname,
sizeof (tabptr->zone_anet_linkname))) != Z_OK)
return (err);
if ((err = fetchprop(handle, cur, DTD_ATTR_LOWER_LINK,
tabptr->zone_anet_lower_link,
sizeof (tabptr->zone_anet_lower_link))) != Z_OK)
return (err);
if ((err = fetchprop(handle, cur, DTD_ATTR_ALLOWED_ADDRESS,
tabptr->zone_anet_allowed_addr,
sizeof (tabptr->zone_anet_allowed_addr))) != Z_OK)
return (err);
if ((err = fetchprop(handle, cur, DTD_ATTR_CONFIGURE_ALLOWED_ADDRESS,
tabptr->zone_anet_configure_allowed_addr,
sizeof (tabptr->zone_anet_configure_allowed_addr))) != Z_OK)
return (err);
if ((err = fetchprop(handle, cur, DTD_ATTR_DEFROUTER,
tabptr->zone_anet_defrouter,
sizeof (tabptr->zone_anet_defrouter))) != Z_OK)
return (err);
if ((err = fetchprop(handle, cur, DTD_ATTR_ALLOWED_DHCP_CIDS,
tabptr->zone_anet_allowed_dhcp_cids,
sizeof (tabptr->zone_anet_allowed_dhcp_cids))) != Z_OK)
return (err);
if ((err = fetchprop(handle, cur, DTD_ATTR_LINK_PROTECTION,
tabptr->zone_anet_link_protection,
sizeof (tabptr->zone_anet_link_protection))) != Z_OK)
return (err);
if ((err = fetchprop(handle, cur, DTD_ATTR_AUTO_MAC_ADDRESS,
tabptr->zone_anet_auto_mac_addr,
sizeof (tabptr->zone_anet_auto_mac_addr))) != Z_OK)
return (err);
if ((err = fetchprop(handle, cur, DTD_ATTR_MAC_ADDRESS,
tabptr->zone_anet_mac_addr,
sizeof (tabptr->zone_anet_mac_addr))) != Z_OK)
return (err);
if ((err = fetchprop(handle, cur, DTD_ATTR_MAC_PREFIX,
tabptr->zone_anet_mac_prefix,
sizeof (tabptr->zone_anet_mac_prefix))) != Z_OK)
return (err);
if ((err = fetchprop(handle, cur, DTD_ATTR_MAC_SLOT,
tabptr->zone_anet_mac_slot,
sizeof (tabptr->zone_anet_mac_slot))) != Z_OK)
return (err);
if ((err = fetchprop(handle, cur, DTD_ATTR_VLAN_ID,
tabptr->zone_anet_vlan_id,
sizeof (tabptr->zone_anet_vlan_id))) != Z_OK)
return (err);
if ((err = fetchprop(handle, cur, DTD_ATTR_PRIORITY,
tabptr->zone_anet_priority,
sizeof (tabptr->zone_anet_priority))) != Z_OK)
return (err);
if ((err = fetchprop(handle, cur, DTD_ATTR_RXRINGS,
tabptr->zone_anet_rxrings,
sizeof (tabptr->zone_anet_rxrings))) != Z_OK)
return (err);
if ((err = fetchprop(handle, cur, DTD_ATTR_TXRINGS,
tabptr->zone_anet_txrings,
sizeof (tabptr->zone_anet_txrings))) != Z_OK)
return (err);
if ((err = fetchprop(handle, cur, DTD_ATTR_MTU,
tabptr->zone_anet_mtu,
sizeof (tabptr->zone_anet_mtu))) != Z_OK)
return (err);
if ((err = fetchprop(handle, cur, DTD_ATTR_MAXBW,
tabptr->zone_anet_maxbw,
sizeof (tabptr->zone_anet_maxbw))) != Z_OK)
return (err);
if ((err = fetchprop(handle, cur, DTD_ATTR_RXFANOUT,
tabptr->zone_anet_rxfanout,
sizeof (tabptr->zone_anet_rxfanout))) != Z_OK)
return (err);
if ((err = fetchprop(handle, cur, DTD_ATTR_VSITYPEID,
tabptr->zone_anet_vsitypeid,
sizeof (tabptr->zone_anet_vsitypeid))) != Z_OK)
return (err);
if ((err = fetchprop(handle, cur, DTD_ATTR_VSIVERS,
tabptr->zone_anet_vsivers,
sizeof (tabptr->zone_anet_vsivers))) != Z_OK)
return (err);
if ((err = fetchprop(handle, cur, DTD_ATTR_VSIMGRID,
tabptr->zone_anet_vsimgrid,
sizeof (tabptr->zone_anet_vsimgrid))) != Z_OK)
return (err);
if ((err = fetchprop(handle, cur, DTD_ATTR_ETSBWLCL,
tabptr->zone_anet_etsbwlcl,
sizeof (tabptr->zone_anet_etsbwlcl))) != Z_OK)
return (err);
if ((err = fetchprop(handle, cur, DTD_ATTR_COS,
tabptr->zone_anet_cos,
sizeof (tabptr->zone_anet_cos))) != Z_OK)
return (err);
if ((err = fetchprop(handle, cur, DTD_ATTR_PKEY,
tabptr->zone_anet_pkey,
sizeof (tabptr->zone_anet_pkey))) != Z_OK)
return (err);
if ((err = fetchprop(handle, cur, DTD_ATTR_LINKMODE,
tabptr->zone_anet_linkmode,
sizeof (tabptr->zone_anet_linkmode))) != Z_OK)
return (err);
return (Z_OK);
}
static int
zonecfg_add_anet_core(zone_dochandle_t handle, struct zone_anettab *tabptr)
{
xmlNodePtr newnode, cur = handle->zone_dh_cur;
int err;
if ((err = newres(handle, cur, &newnode, DTD_ELEM_ANET)) != Z_OK)
return (err);
/* mandatory */
if ((err = newprop(handle, newnode, DTD_ATTR_LOWER_LINK,
tabptr->zone_anet_lower_link)) != Z_OK)
return (err);
/* optional */
if (strlen(tabptr->zone_anet_linkname) > 0 &&
(err = newprop(handle, newnode, DTD_ATTR_LINKNAME,
tabptr->zone_anet_linkname)) != Z_OK)
return (err);
if (strlen(tabptr->zone_anet_allowed_addr) > 0) {
err = newprop(handle, newnode, DTD_ATTR_ALLOWED_ADDRESS,
tabptr->zone_anet_allowed_addr);
if (err != Z_OK)
return (err);
}
if (strlen(tabptr->zone_anet_configure_allowed_addr) > 0) {
if ((err = newprop(handle, newnode,
DTD_ATTR_CONFIGURE_ALLOWED_ADDRESS,
tabptr->zone_anet_configure_allowed_addr)) != Z_OK)
return (err);
} else {
/*
* Default to "true" unless the property value comes from the
* brand
*/
err = can_set_prop(handle, dtd_to_rt(DTD_ELEM_NET),
(char *)DTD_ATTR_CONFIGURE_ALLOWED_ADDRESS,
DTD_ENTITY_TRUE);
if (err != Z_OK &&
err != Z_BRAND_DISABLED_VAL &&
err != Z_BRAND_DISABLED_CFG &&
err != Z_BRAND_FIXED_CFG)
return (err);
if (err == Z_OK) {
if ((err = newprop(handle, newnode,
DTD_ATTR_CONFIGURE_ALLOWED_ADDRESS,
DTD_ENTITY_TRUE)) != Z_OK)
return (err);
}
err = Z_OK;
}
if ((strlen(tabptr->zone_anet_defrouter) > 0) &&
((err = newprop(handle, newnode, DTD_ATTR_DEFROUTER,
tabptr->zone_anet_defrouter)) != Z_OK))
return (err);
if ((strlen(tabptr->zone_anet_allowed_dhcp_cids) > 0) &&
((err = newprop(handle, newnode, DTD_ATTR_ALLOWED_DHCP_CIDS,
tabptr->zone_anet_allowed_dhcp_cids)) != Z_OK))
return (err);
if ((strlen(tabptr->zone_anet_link_protection) > 0) &&
((err = newprop(handle, newnode, DTD_ATTR_LINK_PROTECTION,
tabptr->zone_anet_link_protection)) != Z_OK))
return (err);
if ((strlen(tabptr->zone_anet_auto_mac_addr) > 0) &&
((err = newprop(handle, newnode, DTD_ATTR_AUTO_MAC_ADDRESS,
tabptr->zone_anet_auto_mac_addr)) != Z_OK))
return (err);
if ((strlen(tabptr->zone_anet_mac_addr) > 0) &&
((err = newprop(handle, newnode, DTD_ATTR_MAC_ADDRESS,
tabptr->zone_anet_mac_addr)) != Z_OK))
return (err);
if ((strlen(tabptr->zone_anet_mac_prefix) > 0) &&
((err = newprop(handle, newnode, DTD_ATTR_MAC_PREFIX,
tabptr->zone_anet_mac_prefix)) != Z_OK))
return (err);
if ((strlen(tabptr->zone_anet_mac_slot) > 0) &&
((err = newprop(handle, newnode, DTD_ATTR_MAC_SLOT,
tabptr->zone_anet_mac_slot)) != Z_OK))
return (err);
if ((strlen(tabptr->zone_anet_vlan_id) > 0) &&
((err = newprop(handle, newnode, DTD_ATTR_VLAN_ID,
tabptr->zone_anet_vlan_id)) != Z_OK))
return (err);
if ((strlen(tabptr->zone_anet_priority) > 0) &&
((err = newprop(handle, newnode, DTD_ATTR_PRIORITY,
tabptr->zone_anet_priority)) != Z_OK))
return (err);
if ((strlen(tabptr->zone_anet_rxrings) > 0) &&
((err = newprop(handle, newnode, DTD_ATTR_RXRINGS,
tabptr->zone_anet_rxrings)) != Z_OK))
return (err);
if ((strlen(tabptr->zone_anet_txrings) > 0) &&
((err = newprop(handle, newnode, DTD_ATTR_TXRINGS,
tabptr->zone_anet_txrings)) != Z_OK))
return (err);
if ((strlen(tabptr->zone_anet_mtu) > 0) &&
((err = newprop(handle, newnode, DTD_ATTR_MTU,
tabptr->zone_anet_mtu)) != Z_OK))
return (err);
if ((strlen(tabptr->zone_anet_maxbw) > 0) &&
((err = newprop(handle, newnode, DTD_ATTR_MAXBW,
tabptr->zone_anet_maxbw)) != Z_OK))
return (err);
if ((strlen(tabptr->zone_anet_rxfanout) > 0) &&
((err = newprop(handle, newnode, DTD_ATTR_RXFANOUT,
tabptr->zone_anet_rxfanout)) != Z_OK)) {
return (err);
}
if ((strlen(tabptr->zone_anet_vsitypeid) > 0) &&
((err = newprop(handle, newnode, DTD_ATTR_VSITYPEID,
tabptr->zone_anet_vsitypeid)) != Z_OK)) {
return (err);
}
if ((strlen(tabptr->zone_anet_vsivers) > 0) &&
((err = newprop(handle, newnode, DTD_ATTR_VSIVERS,
tabptr->zone_anet_vsivers)) != Z_OK)) {
return (err);
}
if ((strlen(tabptr->zone_anet_vsimgrid) > 0) &&
((err = newprop(handle, newnode, DTD_ATTR_VSIMGRID,
tabptr->zone_anet_vsimgrid)) != Z_OK)) {
return (err);
}
if ((strlen(tabptr->zone_anet_etsbwlcl) > 0) &&
((err = newprop(handle, newnode, DTD_ATTR_ETSBWLCL,
tabptr->zone_anet_etsbwlcl)) != Z_OK)) {
return (err);
}
if ((strlen(tabptr->zone_anet_cos) > 0) &&
((err = newprop(handle, newnode, DTD_ATTR_COS,
tabptr->zone_anet_cos)) != Z_OK)) {
return (err);
}
if ((strlen(tabptr->zone_anet_pkey) > 0) &&
((err = newprop(handle, newnode, DTD_ATTR_PKEY,
tabptr->zone_anet_pkey)) != Z_OK)) {
return (err);
}
if ((strlen(tabptr->zone_anet_linkmode) > 0) &&
((err = newprop(handle, newnode, DTD_ATTR_LINKMODE,
tabptr->zone_anet_linkmode)) != Z_OK)) {
return (err);
}
return (Z_OK);
}
int
zonecfg_add_anet(zone_dochandle_t handle, struct zone_anettab *tabptr)
{
int err;
if (tabptr == NULL)
return (Z_INVAL);
if ((err = operation_prep(handle)) != Z_OK)
return (err);
if ((err = zonecfg_add_anet_core(handle, tabptr)) != Z_OK)
return (err);
return (Z_OK);
}
static int
zonecfg_delete_anet_core(zone_dochandle_t handle, struct zone_anettab *tabptr)
{
xmlNodePtr cur = handle->zone_dh_cur;
for (cur = cur->xmlChildrenNode; cur != NULL; cur = cur->next) {
if (xmlStrcmp(cur->name, DTD_ELEM_ANET))
continue;
/*
* Each anet resource will have a unique linkname,
* so we only need to match the linkname for deletion.
*/
if (match_prop(handle, cur, DTD_ATTR_LINKNAME,
tabptr->zone_anet_linkname)) {
xmlUnlinkNode(cur);
xmlFreeNode(cur);
return (Z_OK);
}
}
return (Z_NO_RESOURCE_ID);
}
int
zonecfg_delete_anet(zone_dochandle_t handle, struct zone_anettab *tabptr)
{
int err;
if (tabptr == NULL)
return (Z_INVAL);
if ((err = operation_prep(handle)) != Z_OK)
return (err);
if ((err = zonecfg_delete_anet_core(handle, tabptr)) != Z_OK)
return (err);
return (Z_OK);
}
int
zonecfg_modify_anet(zone_dochandle_t handle,
struct zone_anettab *oldtabptr, struct zone_anettab *newtabptr)
{
int err;
if (oldtabptr == NULL || newtabptr == NULL)
return (Z_INVAL);
if ((err = operation_prep(handle)) != Z_OK)
return (err);
if ((err = zonecfg_delete_anet_core(handle, oldtabptr)) != Z_OK)
return (err);
if ((err = zonecfg_add_anet_core(handle, newtabptr)) != Z_OK)
return (err);
return (Z_OK);
}
/*
* Must be a comma-separated list of alpha-numeric file system names.
*/
static int
zonecfg_valid_fs_allowed(const char *fsallowedp)
{
char tmp[ZONE_FS_ALLOWED_MAX];
char *cp = tmp;
char *p;
if (strlen(fsallowedp) > ZONE_FS_ALLOWED_MAX)
return (Z_TOO_BIG);
(void) strlcpy(tmp, fsallowedp, sizeof (tmp));
while (*cp != '\0') {
p = cp;
while (*p != '\0' && *p != ',') {
if (!isalnum(*p))
return (Z_INVALID_PROPERTY);
p++;
}
if (*p == ',') {
if (p == cp)
return (Z_INVALID_PROPERTY);
p++;
if (*p == '\0')
return (Z_INVALID_PROPERTY);
}
cp = p;
}
return (Z_OK);
}
int
zonecfg_get_fs_allowed(zone_dochandle_t handle, char *bufp, size_t buflen)
{
int err;
if ((err = getrootattr(handle, DTD_ATTR_FS_ALLOWED,
bufp, buflen)) != Z_OK)
return (err);
if (bufp[0] == '\0')
return (Z_BAD_PROPERTY);
return (zonecfg_valid_fs_allowed(bufp));
}
int
zonecfg_set_fs_allowed(zone_dochandle_t handle, const char *bufp)
{
int err;
if (bufp == NULL || (err = zonecfg_valid_fs_allowed(bufp)) == Z_OK)
return (setrootattr(handle, DTD_ATTR_FS_ALLOWED, bufp));
return (err);
}
/*
* Determines if the specified string is a valid hostid string. This function
* returns Z_OK if the string is a valid hostid string. It returns Z_INVAL if
* 'hostidp' is NULL, Z_TOO_BIG if 'hostidp' refers to a string buffer
* containing a hex string with more than 8 digits, and Z_INVALID_PROPERTY if
* the string has an invalid format.
*/
static int
zonecfg_valid_hostid(const char *hostidp)
{
char *currentp;
u_longlong_t hostidval;
size_t len;
if (hostidp == NULL)
return (Z_INVAL);
/* Empty strings and strings with whitespace are invalid. */
if (*hostidp == '\0')
return (Z_INVALID_PROPERTY);
for (currentp = (char *)hostidp; *currentp != '\0'; ++currentp) {
if (isspace(*currentp))
return (Z_INVALID_PROPERTY);
}
len = (size_t)(currentp - hostidp);
/*
* The caller might pass a hostid that is larger than the maximum
* unsigned 32-bit integral value. Check for this! Also, make sure
* that the whole string is converted (this helps us find illegal
* characters) and that the whole string fits within a buffer of size
* HW_HOSTID_LEN.
*/
currentp = (char *)hostidp;
if (strncmp(hostidp, "0x", 2) == 0 || strncmp(hostidp, "0X", 2) == 0)
currentp += 2;
hostidval = strtoull(currentp, &currentp, 16);
if ((size_t)(currentp - hostidp) >= HW_HOSTID_LEN)
return (Z_TOO_BIG);
if (hostidval > UINT_MAX || hostidval == HW_INVALID_HOSTID ||
currentp != hostidp + len)
return (Z_INVALID_PROPERTY);
return (Z_OK);
}
/*
* Gets the zone hostid string stored in the specified zone configuration
* document. This function returns Z_OK on success. Z_BAD_PROPERTY is returned
* if the config file doesn't specify a hostid or if the hostid is blank.
*
* Note that buflen should be at least HW_HOSTID_LEN.
*/
int
zonecfg_get_hostid(zone_dochandle_t handle, char *bufp, size_t buflen)
{
int err;
if ((err = getrootattr(handle, DTD_ATTR_HOSTID, bufp, buflen)) != Z_OK)
return (err);
if (bufp[0] == '\0')
return (Z_BAD_PROPERTY);
return (zonecfg_valid_hostid(bufp));
}
/*
* Sets the hostid string in the specified zone config document to the given
* string value. If 'hostidp' is NULL, then the config document's hostid
* attribute is cleared. Non-NULL hostids are validated. This function returns
* Z_OK on success. Any other return value indicates failure.
*/
int
zonecfg_set_hostid(zone_dochandle_t handle, const char *hostidp)
{
int err;
/*
* A NULL hostid string is interpreted as a request to clear the
* hostid.
*/
if (hostidp == NULL || (err = zonecfg_valid_hostid(hostidp)) == Z_OK)
return (setrootattr(handle, DTD_ATTR_HOSTID, hostidp));
return (err);
}
int
zonecfg_lookup_dev(zone_dochandle_t handle, struct zone_devtab *tabptr)
{
xmlNodePtr cur, firstmatch;
int err;
char val[MAXPATHLEN];
if (tabptr == NULL)
return (Z_INVAL);
if ((err = operation_prep(handle)) != Z_OK)
return (err);
cur = handle->zone_dh_cur;
firstmatch = NULL;
for (cur = cur->xmlChildrenNode; cur != NULL; cur = cur->next) {
if (xmlStrcmp(cur->name, DTD_ELEM_DEVICE))
continue;
if (strlen(tabptr->zone_dev_match) > 0 &&
(fetchprop(handle, cur, DTD_ATTR_MATCH, val,
sizeof (val)) == Z_OK)) {
if (strcmp(tabptr->zone_dev_match, val) == 0) {
if (firstmatch == NULL)
firstmatch = cur;
else if (firstmatch != cur)
return (Z_INSUFFICIENT_SPEC);
} else {
/*
* If another property matched but this
* one doesn't then reset firstmatch.
*/
if (firstmatch == cur)
firstmatch = NULL;
}
}
if (strlen(tabptr->zone_dev_partition) > 0 &&
(fetchprop(handle, cur, DTD_ATTR_ALLOW_PARTITION, val,
sizeof (val)) == Z_OK)) {
if (strcmp(tabptr->zone_dev_partition, val) == 0) {
if (firstmatch == NULL)
firstmatch = cur;
else if (firstmatch != cur)
return (Z_INSUFFICIENT_SPEC);
} else {
/*
* If another property matched but this
* one doesn't then reset firstmatch.
*/
if (firstmatch == cur)
firstmatch = NULL;
}
}
if (strlen(tabptr->zone_dev_raw_io) > 0 &&
(fetchprop(handle, cur, DTD_ATTR_ALLOW_RAW_IO, val,
sizeof (val)) == Z_OK)) {
if (strcmp(tabptr->zone_dev_raw_io, val) == 0) {
if (firstmatch == NULL)
firstmatch = cur;
else if (firstmatch != cur)
return (Z_INSUFFICIENT_SPEC);
} else {
/*
* If another property matched but this
* one doesn't then reset firstmatch.
*/
if (firstmatch == cur)
firstmatch = NULL;
}
}
}
if (firstmatch == NULL)
return (Z_NO_RESOURCE_ID);
cur = firstmatch;
if ((err = fetchprop(handle, cur, DTD_ATTR_MATCH,
tabptr->zone_dev_match,
sizeof (tabptr->zone_dev_match))) != Z_OK)
return (err);
if ((err = fetchprop(handle, cur, DTD_ATTR_ALLOW_PARTITION,
tabptr->zone_dev_partition,
sizeof (tabptr->zone_dev_partition))) != Z_OK)
return (err);
if ((err = fetchprop(handle, cur, DTD_ATTR_ALLOW_RAW_IO,
tabptr->zone_dev_raw_io, sizeof (tabptr->zone_dev_raw_io))) != Z_OK)
return (err);
return (Z_OK);
}
static int
zonecfg_add_dev_core(zone_dochandle_t handle, struct zone_devtab *tabptr)
{
xmlNodePtr newnode, cur = handle->zone_dh_cur;
int err;
if ((err = newres(handle, cur, &newnode, DTD_ELEM_DEVICE)) != Z_OK)
return (err);
if ((err = newprop(handle, newnode, DTD_ATTR_MATCH,
tabptr->zone_dev_match)) != Z_OK)
return (err);
if (tabptr->zone_dev_partition[0] != '\0') {
if ((err = newprop(handle, newnode, DTD_ATTR_ALLOW_PARTITION,
tabptr->zone_dev_partition)) != Z_OK)
return (err);
}
if (tabptr->zone_dev_raw_io[0] != '\0') {
if ((err = newprop(handle, newnode, DTD_ATTR_ALLOW_RAW_IO,
tabptr->zone_dev_raw_io)) != Z_OK)
return (err);
}
return (Z_OK);
}
int
zonecfg_add_dev(zone_dochandle_t handle, struct zone_devtab *tabptr)
{
int err;
if (tabptr == NULL)
return (Z_INVAL);
if ((err = operation_prep(handle)) != Z_OK)
return (err);
if ((err = zonecfg_add_dev_core(handle, tabptr)) != Z_OK)
return (err);
return (Z_OK);
}
static int
zonecfg_delete_dev_core(zone_dochandle_t handle, struct zone_devtab *tabptr)
{
xmlNodePtr cur = handle->zone_dh_cur;
int match_match;
int partition_match;
int raw_io_match;
for (cur = cur->xmlChildrenNode; cur != NULL; cur = cur->next) {
if (xmlStrcmp(cur->name, DTD_ELEM_DEVICE))
continue;
match_match = match_prop(handle, cur, DTD_ATTR_MATCH,
tabptr->zone_dev_match);
partition_match = match_prop(handle, cur,
DTD_ATTR_ALLOW_PARTITION, tabptr->zone_dev_partition);
raw_io_match = match_prop(handle, cur, DTD_ATTR_ALLOW_RAW_IO,
tabptr->zone_dev_raw_io);
if (match_match && partition_match && raw_io_match) {
xmlUnlinkNode(cur);
xmlFreeNode(cur);
return (Z_OK);
}
}
return (Z_NO_RESOURCE_ID);
}
int
zonecfg_delete_dev(zone_dochandle_t handle, struct zone_devtab *tabptr)
{
int err;
if (tabptr == NULL)
return (Z_INVAL);
if ((err = operation_prep(handle)) != Z_OK)
return (err);
if ((err = zonecfg_delete_dev_core(handle, tabptr)) != Z_OK)
return (err);
return (Z_OK);
}
int
zonecfg_modify_dev(
zone_dochandle_t handle,
struct zone_devtab *oldtabptr,
struct zone_devtab *newtabptr)
{
int err;
if (oldtabptr == NULL || newtabptr == NULL)
return (Z_INVAL);
if ((err = operation_prep(handle)) != Z_OK)
return (err);
if ((err = zonecfg_delete_dev_core(handle, oldtabptr)) != Z_OK)
return (err);
if ((err = zonecfg_add_dev_core(handle, newtabptr)) != Z_OK)
return (err);
return (Z_OK);
}
static int
zonecfg_add_auth_core(zone_dochandle_t handle, struct zone_admintab *tabptr,
char *zonename)
{
xmlNodePtr newnode, cur = handle->zone_dh_cur;
int err;
if ((err = newres(handle, cur, &newnode, DTD_ELEM_ADMIN)) != Z_OK)
return (err);
if ((err = newprop(handle, newnode, DTD_ATTR_USER,
tabptr->zone_admin_user)) != Z_OK)
return (err);
err = newprop(handle, newnode, DTD_ATTR_AUTHS,
tabptr->zone_admin_auths);
if (err != Z_OK)
return (err);
if ((err = zonecfg_remove_userauths(
handle, tabptr->zone_admin_user, zonename, B_FALSE)) != Z_OK)
return (err);
return (Z_OK);
}
int
zonecfg_add_admin(zone_dochandle_t handle, struct zone_admintab *tabptr,
char *zonename)
{
int err;
if (tabptr == NULL)
return (Z_INVAL);
if ((err = operation_prep(handle)) != Z_OK)
return (err);
if ((err = zonecfg_add_auth_core(handle, tabptr, zonename)) != Z_OK)
return (err);
return (Z_OK);
}
static int
zonecfg_delete_auth_core(zone_dochandle_t handle, struct zone_admintab *tabptr,
char *zonename)
{
xmlNodePtr cur = handle->zone_dh_cur;
boolean_t auth_match;
int err;
for (cur = cur->xmlChildrenNode; cur != NULL; cur = cur->next) {
if (xmlStrcmp(cur->name, DTD_ELEM_ADMIN))
continue;
auth_match = match_prop(handle, cur, DTD_ATTR_USER,
tabptr->zone_admin_user);
if (auth_match) {
if ((err = zonecfg_insert_userauths(
handle, tabptr->zone_admin_user,
zonename)) != Z_OK)
return (err);
xmlUnlinkNode(cur);
xmlFreeNode(cur);
return (Z_OK);
}
}
return (Z_NO_RESOURCE_ID);
}
int
zonecfg_delete_admin(zone_dochandle_t handle, struct zone_admintab *tabptr,
char *zonename)
{
int err;
if (tabptr == NULL)
return (Z_INVAL);
if ((err = operation_prep(handle)) != Z_OK)
return (err);
if ((err = zonecfg_delete_auth_core(handle, tabptr, zonename)) != Z_OK)
return (err);
return (Z_OK);
}
int
zonecfg_modify_admin(zone_dochandle_t handle, struct zone_admintab *oldtabptr,
struct zone_admintab *newtabptr, char *zonename)
{
int err;
if (oldtabptr == NULL || newtabptr == NULL)
return (Z_INVAL);
if ((err = operation_prep(handle)) != Z_OK)
return (err);
if ((err = zonecfg_delete_auth_core(handle, oldtabptr, zonename))
!= Z_OK)
return (err);
if ((err = zonecfg_add_auth_core(handle, newtabptr, zonename)) != Z_OK)
return (err);
return (Z_OK);
}
int
zonecfg_lookup_admin(zone_dochandle_t handle, struct zone_admintab *tabptr)
{
xmlNodePtr cur, firstmatch;
int err;
char user[MAXUSERNAME];
if (tabptr == NULL)
return (Z_INVAL);
if ((err = operation_prep(handle)) != Z_OK)
return (err);
cur = handle->zone_dh_cur;
firstmatch = NULL;
for (cur = cur->xmlChildrenNode; cur != NULL; cur = cur->next) {
if (xmlStrcmp(cur->name, DTD_ELEM_ADMIN))
continue;
if (strlen(tabptr->zone_admin_user) > 0) {
if ((fetchprop(handle, cur, DTD_ATTR_USER, user,
sizeof (user)) == Z_OK) &&
(strcmp(tabptr->zone_admin_user, user) == 0)) {
if (firstmatch == NULL)
firstmatch = cur;
else
return (Z_INSUFFICIENT_SPEC);
}
}
}
if (firstmatch == NULL)
return (Z_NO_RESOURCE_ID);
cur = firstmatch;
if ((err = fetchprop(handle, cur, DTD_ATTR_USER,
tabptr->zone_admin_user,
sizeof (tabptr->zone_admin_user))) != Z_OK)
return (err);
if ((err = fetchprop(handle, cur, DTD_ATTR_AUTHS,
tabptr->zone_admin_auths,
sizeof (tabptr->zone_admin_auths))) != Z_OK)
return (err);
return (Z_OK);
}
/*
* This function finds everything mounted under a zone's rootpath.
* This returns the number of mounts under rootpath, or -1 on error.
* callback is called once per mount found with the first argument
* pointing to a mnttab structure containing the mount's information.
*
* If the callback function returns non-zero zonecfg_find_mounts
* aborts with an error.
*/
int
zonecfg_find_mounts(char *rootpath, int (*callback)(const struct mnttab *,
void *), void *priv) {
FILE *mnttab;
struct mnttab m;
size_t l;
int zfsl;
int rv = 0;
char zfs_path[MAXPATHLEN];
assert(rootpath != NULL);
if ((zfsl = snprintf(zfs_path, sizeof (zfs_path), "%s/.zfs/", rootpath))
>= sizeof (zfs_path))
return (-1);
l = strlen(rootpath);
mnttab = fopen("/etc/mnttab", "r");
if (mnttab == NULL)
return (-1);
if (ioctl(fileno(mnttab), MNTIOC_SHOWHIDDEN, NULL) < 0) {
rv = -1;
goto out;
}
while (!getmntent(mnttab, &m)) {
if ((strncmp(rootpath, m.mnt_mountp, l) == 0) &&
(m.mnt_mountp[l] == '/') &&
(strncmp(zfs_path, m.mnt_mountp, zfsl) != 0)) {
rv++;
if (callback == NULL)
continue;
if (callback(&m, priv)) {
rv = -1;
goto out;
}
}
}
out:
(void) fclose(mnttab);
return (rv);
}
int
zonecfg_lookup_attr(zone_dochandle_t handle, struct zone_attrtab *tabptr)
{
xmlNodePtr cur, firstmatch;
int err;
char name[MAXNAMELEN], type[MAXNAMELEN], value[MAXNAMELEN];
if (tabptr == NULL)
return (Z_INVAL);
if ((err = operation_prep(handle)) != Z_OK)
return (err);
cur = handle->zone_dh_cur;
firstmatch = NULL;
for (cur = cur->xmlChildrenNode; cur != NULL; cur = cur->next) {
if (xmlStrcmp(cur->name, DTD_ELEM_ATTR))
continue;
if (strlen(tabptr->zone_attr_name) > 0) {
if ((fetchprop(handle, cur, DTD_ATTR_NAME, name,
sizeof (name)) == Z_OK) &&
(strcmp(tabptr->zone_attr_name, name) == 0)) {
if (firstmatch == NULL)
firstmatch = cur;
else
return (Z_INSUFFICIENT_SPEC);
}
}
if (strlen(tabptr->zone_attr_type) > 0) {
if ((fetchprop(handle, cur, DTD_ATTR_TYPE, type,
sizeof (type)) == Z_OK)) {
if (strcmp(tabptr->zone_attr_type, type) == 0) {
if (firstmatch == NULL)
firstmatch = cur;
else if (firstmatch != cur)
return (Z_INSUFFICIENT_SPEC);
} else {
/*
* If another property matched but this
* one doesn't then reset firstmatch.
*/
if (firstmatch == cur)
firstmatch = NULL;
}
}
}
if (strlen(tabptr->zone_attr_value) > 0) {
if ((fetchprop(handle, cur, DTD_ATTR_VALUE, value,
sizeof (value)) == Z_OK)) {
if (strcmp(tabptr->zone_attr_value, value) ==
0) {
if (firstmatch == NULL)
firstmatch = cur;
else if (firstmatch != cur)
return (Z_INSUFFICIENT_SPEC);
} else {
/*
* If another property matched but this
* one doesn't then reset firstmatch.
*/
if (firstmatch == cur)
firstmatch = NULL;
}
}
}
}
if (firstmatch == NULL)
return (Z_NO_RESOURCE_ID);
cur = firstmatch;
if ((err = fetchprop(handle, cur, DTD_ATTR_NAME, tabptr->zone_attr_name,
sizeof (tabptr->zone_attr_name))) != Z_OK)
return (err);
if ((err = fetchprop(handle, cur, DTD_ATTR_TYPE, tabptr->zone_attr_type,
sizeof (tabptr->zone_attr_type))) != Z_OK)
return (err);
if ((err = fetchprop(handle, cur, DTD_ATTR_VALUE,
tabptr->zone_attr_value,
sizeof (tabptr->zone_attr_value))) != Z_OK)
return (err);
return (Z_OK);
}
static int
zonecfg_add_attr_core(zone_dochandle_t handle, struct zone_attrtab *tabptr)
{
xmlNodePtr newnode, cur = handle->zone_dh_cur;
int err;
if ((err = newres(handle, cur, &newnode, DTD_ELEM_ATTR)) != Z_OK)
return (err);
if ((err = newprop(handle, newnode, DTD_ATTR_NAME,
tabptr->zone_attr_name)) != Z_OK)
return (err);
if ((err = newprop(handle, newnode, DTD_ATTR_TYPE,
tabptr->zone_attr_type)) != Z_OK)
return (err);
if ((err = newprop(handle, newnode, DTD_ATTR_VALUE,
tabptr->zone_attr_value)) != Z_OK)
return (err);
return (Z_OK);
}
int
zonecfg_add_attr(zone_dochandle_t handle, struct zone_attrtab *tabptr)
{
int err;
if (tabptr == NULL)
return (Z_INVAL);
if ((err = operation_prep(handle)) != Z_OK)
return (err);
if ((err = zonecfg_add_attr_core(handle, tabptr)) != Z_OK)
return (err);
return (Z_OK);
}
static int
zonecfg_delete_attr_core(zone_dochandle_t handle, struct zone_attrtab *tabptr)
{
xmlNodePtr cur = handle->zone_dh_cur;
int name_match, type_match, value_match;
for (cur = cur->xmlChildrenNode; cur != NULL; cur = cur->next) {
if (xmlStrcmp(cur->name, DTD_ELEM_ATTR))
continue;
name_match = match_prop(handle, cur, DTD_ATTR_NAME,
tabptr->zone_attr_name);
type_match = match_prop(handle, cur, DTD_ATTR_TYPE,
tabptr->zone_attr_type);
value_match = match_prop(handle, cur, DTD_ATTR_VALUE,
tabptr->zone_attr_value);
if (name_match && type_match && value_match) {
xmlUnlinkNode(cur);
xmlFreeNode(cur);
return (Z_OK);
}
}
return (Z_NO_RESOURCE_ID);
}
int
zonecfg_delete_attr(zone_dochandle_t handle, struct zone_attrtab *tabptr)
{
int err;
if (tabptr == NULL)
return (Z_INVAL);
if ((err = operation_prep(handle)) != Z_OK)
return (err);
if ((err = zonecfg_delete_attr_core(handle, tabptr)) != Z_OK)
return (err);
return (Z_OK);
}
int
zonecfg_modify_attr(
zone_dochandle_t handle,
struct zone_attrtab *oldtabptr,
struct zone_attrtab *newtabptr)
{
int err;
if (oldtabptr == NULL || newtabptr == NULL)
return (Z_INVAL);
if ((err = operation_prep(handle)) != Z_OK)
return (err);
if ((err = zonecfg_delete_attr_core(handle, oldtabptr)) != Z_OK)
return (err);
if ((err = zonecfg_add_attr_core(handle, newtabptr)) != Z_OK)
return (err);
return (Z_OK);
}
int
zonecfg_get_attr_boolean(const struct zone_attrtab *attr, boolean_t *value)
{
if (attr == NULL)
return (Z_INVAL);
if (strcmp(attr->zone_attr_type, DTD_ENTITY_BOOLEAN) != 0)
return (Z_INVAL);
if (strcmp(attr->zone_attr_value, DTD_ENTITY_TRUE) == 0) {
*value = B_TRUE;
return (Z_OK);
}
if (strcmp(attr->zone_attr_value, DTD_ENTITY_FALSE) == 0) {
*value = B_FALSE;
return (Z_OK);
}
return (Z_INVAL);
}
int
zonecfg_get_attr_int(const struct zone_attrtab *attr, int64_t *value)
{
long long result;
char *endptr;
if (attr == NULL)
return (Z_INVAL);
if (strcmp(attr->zone_attr_type, DTD_ENTITY_INT) != 0)
return (Z_INVAL);
errno = 0;
result = strtoll(attr->zone_attr_value, &endptr, 10);
if (errno != 0 || *endptr != '\0')
return (Z_INVAL);
*value = result;
return (Z_OK);
}
int
zonecfg_get_attr_string(const struct zone_attrtab *attr, char *value,
size_t val_sz)
{
if (attr == NULL)
return (Z_INVAL);
if (strcmp(attr->zone_attr_type, DTD_ENTITY_STRING) != 0)
return (Z_INVAL);
if (strlcpy(value, attr->zone_attr_value, val_sz) >= val_sz)
return (Z_TOO_BIG);
return (Z_OK);
}
int
zonecfg_get_attr_uint(const struct zone_attrtab *attr, uint64_t *value)
{
unsigned long long result;
long long neg_result;
char *endptr;
if (attr == NULL)
return (Z_INVAL);
if (strcmp(attr->zone_attr_type, DTD_ENTITY_UINT) != 0)
return (Z_INVAL);
errno = 0;
result = strtoull(attr->zone_attr_value, &endptr, 10);
if (errno != 0 || *endptr != '\0')
return (Z_INVAL);
errno = 0;
neg_result = strtoll(attr->zone_attr_value, &endptr, 10);
/*
* Incredibly, strtoull("<negative number>", ...) will not fail but
* return whatever (negative) number cast as a u_longlong_t, so we
* need to look for this here.
*/
if (errno == 0 && neg_result < 0)
return (Z_INVAL);
*value = result;
return (Z_OK);
}
int
zonecfg_lookup_rctl(zone_dochandle_t handle, struct zone_rctltab *tabptr)
{
xmlNodePtr cur, val;
char savedname[MAXNAMELEN];
struct zone_rctlvaltab *valptr;
int err;
if (strlen(tabptr->zone_rctl_name) == 0)
return (Z_INVAL);
if ((err = operation_prep(handle)) != Z_OK)
return (err);
cur = handle->zone_dh_cur;
for (cur = cur->xmlChildrenNode; cur != NULL; cur = cur->next) {
if (xmlStrcmp(cur->name, DTD_ELEM_RCTL))
continue;
if ((fetchprop(handle, cur, DTD_ATTR_NAME, savedname,
sizeof (savedname)) == Z_OK) &&
(strcmp(savedname, tabptr->zone_rctl_name) == 0)) {
tabptr->zone_rctl_valptr = NULL;
for (val = cur->xmlChildrenNode; val != NULL;
val = val->next) {
valptr = (struct zone_rctlvaltab *)malloc(
sizeof (struct zone_rctlvaltab));
if (valptr == NULL)
return (Z_NOMEM);
if ((fetchprop(handle, val, DTD_ATTR_PRIV,
valptr->zone_rctlval_priv,
sizeof (valptr->zone_rctlval_priv)) !=
Z_OK))
break;
if ((fetchprop(handle, val, DTD_ATTR_LIMIT,
valptr->zone_rctlval_limit,
sizeof (valptr->zone_rctlval_limit)) !=
Z_OK))
break;
if ((fetchprop(handle, val, DTD_ATTR_ACTION,
valptr->zone_rctlval_action,
sizeof (valptr->zone_rctlval_action)) !=
Z_OK))
break;
if (zonecfg_add_rctl_value(tabptr, valptr) !=
Z_OK)
break;
}
return (Z_OK);
}
}
return (Z_NO_RESOURCE_ID);
}
static int
zonecfg_add_rctl_core(zone_dochandle_t handle, struct zone_rctltab *tabptr)
{
xmlNodePtr newnode, cur = handle->zone_dh_cur, valnode;
struct zone_rctlvaltab *valptr;
int err;
if ((err = newres(handle, cur, &newnode, DTD_ELEM_RCTL)) != Z_OK)
return (err);
err = newprop(handle, newnode, DTD_ATTR_NAME, tabptr->zone_rctl_name);
if (err != Z_OK)
return (err);
for (valptr = tabptr->zone_rctl_valptr; valptr != NULL;
valptr = valptr->zone_rctlval_next) {
valnode = xmlNewTextChild(newnode, NULL,
DTD_ELEM_RCTLVALUE, NULL);
err = newprop(handle, valnode, DTD_ATTR_PRIV,
valptr->zone_rctlval_priv);
if (err != Z_OK)
return (err);
err = newprop(handle, valnode, DTD_ATTR_LIMIT,
valptr->zone_rctlval_limit);
if (err != Z_OK)
return (err);
err = newprop(handle, valnode, DTD_ATTR_ACTION,
valptr->zone_rctlval_action);
if (err != Z_OK)
return (err);
}
return (Z_OK);
}
int
zonecfg_add_rctl(zone_dochandle_t handle, struct zone_rctltab *tabptr)
{
int err;
if (tabptr == NULL)
return (Z_INVAL);
if ((err = operation_prep(handle)) != Z_OK)
return (err);
if ((err = zonecfg_add_rctl_core(handle, tabptr)) != Z_OK)
return (err);
return (Z_OK);
}
static int
zonecfg_delete_rctl_core(zone_dochandle_t handle, struct zone_rctltab *tabptr)
{
xmlNodePtr cur = handle->zone_dh_cur;
for (cur = cur->xmlChildrenNode; cur != NULL; cur = cur->next) {
if (xmlStrcmp(cur->name, DTD_ELEM_RCTL))
continue;
if (match_prop(handle, cur, DTD_ATTR_NAME,
tabptr->zone_rctl_name)) {
xmlUnlinkNode(cur);
xmlFreeNode(cur);
return (Z_OK);
}
}
return (Z_NO_RESOURCE_ID);
}
int
zonecfg_delete_rctl(zone_dochandle_t handle, struct zone_rctltab *tabptr)
{
int err;
if (tabptr == NULL)
return (Z_INVAL);
if ((err = operation_prep(handle)) != Z_OK)
return (err);
if ((err = zonecfg_delete_rctl_core(handle, tabptr)) != Z_OK)
return (err);
return (Z_OK);
}
int
zonecfg_modify_rctl(
zone_dochandle_t handle,
struct zone_rctltab *oldtabptr,
struct zone_rctltab *newtabptr)
{
int err;
if (oldtabptr == NULL || newtabptr == NULL)
return (Z_INVAL);
if ((err = operation_prep(handle)) != Z_OK)
return (err);
if ((err = zonecfg_delete_rctl_core(handle, oldtabptr)) != Z_OK)
return (err);
if ((err = zonecfg_add_rctl_core(handle, newtabptr)) != Z_OK)
return (err);
return (Z_OK);
}
int
zonecfg_add_rctl_value(
struct zone_rctltab *tabptr,
struct zone_rctlvaltab *valtabptr)
{
struct zone_rctlvaltab *last, *old, *new;
rctlblk_t *rctlblk = alloca(rctlblk_size());
last = tabptr->zone_rctl_valptr;
for (old = last; old != NULL; old = old->zone_rctlval_next)
last = old; /* walk to the end of the list */
new = valtabptr; /* alloc'd by caller */
new->zone_rctlval_next = NULL;
if (zonecfg_construct_rctlblk(valtabptr, rctlblk) != Z_OK)
return (Z_INVAL);
if (!zonecfg_valid_rctlblk(rctlblk))
return (Z_INVAL);
if (last == NULL)
tabptr->zone_rctl_valptr = new;
else
last->zone_rctlval_next = new;
return (Z_OK);
}
int
zonecfg_remove_rctl_value(
struct zone_rctltab *tabptr,
struct zone_rctlvaltab *valtabptr)
{
struct zone_rctlvaltab *last, *this, *next;
last = tabptr->zone_rctl_valptr;
for (this = last; this != NULL; this = this->zone_rctlval_next) {
if (strcmp(this->zone_rctlval_priv,
valtabptr->zone_rctlval_priv) == 0 &&
strcmp(this->zone_rctlval_limit,
valtabptr->zone_rctlval_limit) == 0 &&
strcmp(this->zone_rctlval_action,
valtabptr->zone_rctlval_action) == 0) {
next = this->zone_rctlval_next;
if (this == tabptr->zone_rctl_valptr)
tabptr->zone_rctl_valptr = next;
else
last->zone_rctlval_next = next;
free(this);
return (Z_OK);
} else
last = this;
}
return (Z_NO_PROPERTY_ID);
}
char *
zonecfg_strerror(int errnum)
{
switch (errnum) {
case Z_OK:
return (dgettext(TEXT_DOMAIN, "OK"));
case Z_EMPTY_DOCUMENT:
return (dgettext(TEXT_DOMAIN, "Empty document"));
case Z_WRONG_DOC_TYPE:
return (dgettext(TEXT_DOMAIN, "Wrong document type"));
case Z_BAD_PROPERTY:
return (dgettext(TEXT_DOMAIN, "Bad document property"));
case Z_TEMP_FILE:
return (dgettext(TEXT_DOMAIN,
"Problem creating temporary file"));
case Z_SAVING_FILE:
return (dgettext(TEXT_DOMAIN, "Problem saving file"));
case Z_NO_ENTRY:
return (dgettext(TEXT_DOMAIN, "No such entry"));
case Z_BOGUS_ZONE_NAME:
return (dgettext(TEXT_DOMAIN, "Bogus zone name"));
case Z_REQD_RESOURCE_MISSING:
return (dgettext(TEXT_DOMAIN, "Required resource missing"));
case Z_REQD_PROPERTY_MISSING:
return (dgettext(TEXT_DOMAIN, "Required property missing"));
case Z_BAD_HANDLE:
return (dgettext(TEXT_DOMAIN, "Bad handle"));
case Z_NOMEM:
return (dgettext(TEXT_DOMAIN, "Out of memory"));
case Z_INVAL:
return (dgettext(TEXT_DOMAIN, "Invalid argument"));
case Z_ACCES:
return (dgettext(TEXT_DOMAIN, "Permission denied"));
case Z_TOO_BIG:
return (dgettext(TEXT_DOMAIN, "Argument list too long"));
case Z_MISC_FS:
return (dgettext(TEXT_DOMAIN,
"Miscellaneous file system error"));
case Z_NO_ZONE:
return (dgettext(TEXT_DOMAIN, "No such zone configured"));
case Z_NO_RESOURCE_TYPE:
return (dgettext(TEXT_DOMAIN, "No such resource type"));
case Z_NO_RESOURCE_ID:
return (dgettext(TEXT_DOMAIN, "No such resource with that id"));
case Z_NO_PROPERTY_TYPE:
return (dgettext(TEXT_DOMAIN, "No such property type"));
case Z_NO_PROPERTY_ID:
return (dgettext(TEXT_DOMAIN, "No such property with that id"));
case Z_BAD_ZONE_STATE:
return (dgettext(TEXT_DOMAIN,
"Zone state is invalid for the requested operation"));
case Z_INVALID_DOCUMENT:
return (dgettext(TEXT_DOMAIN, "Invalid document"));
case Z_NAME_IN_USE:
return (dgettext(TEXT_DOMAIN, "Zone name already in use"));
case Z_NO_SUCH_ID:
return (dgettext(TEXT_DOMAIN, "No such zone ID"));
case Z_UPDATING_INDEX:
return (dgettext(TEXT_DOMAIN, "Problem updating index file"));
case Z_LOCKING_FILE:
return (dgettext(TEXT_DOMAIN, "Locking index file"));
case Z_UNLOCKING_FILE:
return (dgettext(TEXT_DOMAIN, "Unlocking index file"));
case Z_INSUFFICIENT_SPEC:
return (dgettext(TEXT_DOMAIN, "Insufficient specification"));
case Z_RESOLVED_PATH:
return (dgettext(TEXT_DOMAIN, "Resolved path mismatch"));
case Z_IPV6_ADDR_PREFIX_LEN:
return (dgettext(TEXT_DOMAIN,
"IPv6 address missing required prefix length"));
case Z_BOGUS_ADDRESS:
return (dgettext(TEXT_DOMAIN,
"Neither an IPv4 nor an IPv6 address nor a host name"));
case Z_PRIV_PROHIBITED:
return (dgettext(TEXT_DOMAIN,
"Specified privilege is prohibited"));
case Z_PRIV_REQUIRED:
return (dgettext(TEXT_DOMAIN,
"Required privilege is missing"));
case Z_PRIV_UNKNOWN:
return (dgettext(TEXT_DOMAIN,
"Specified privilege is unknown"));
case Z_BRAND_ERROR:
return (dgettext(TEXT_DOMAIN,
"Brand-specific error"));
case Z_BRAND_DISABLED_CFG:
return (dgettext(TEXT_DOMAIN,
"Brand doesn't support this property or resource"));
case Z_BRAND_DISABLED_VAL:
return (dgettext(TEXT_DOMAIN,
"Brand doesn't support setting this property value"));
case Z_BRAND_FIXED_CFG:
return (dgettext(TEXT_DOMAIN,
"Brand doesn't support setting this property"));
case Z_INCOMPATIBLE:
return (dgettext(TEXT_DOMAIN, "Incompatible settings"));
case Z_ALIAS_DISALLOW:
return (dgettext(TEXT_DOMAIN,
"An incompatible rctl already exists for this property"));
case Z_CLEAR_DISALLOW:
return (dgettext(TEXT_DOMAIN,
"Clearing this property is not allowed"));
case Z_POOL:
return (dgettext(TEXT_DOMAIN, "libpool(3LIB) error"));
case Z_POOLS_NOT_ACTIVE:
return (dgettext(TEXT_DOMAIN, "Pools facility not active; "
"zone will not be bound to pool"));
case Z_POOL_ENABLE:
return (dgettext(TEXT_DOMAIN,
"Could not enable pools facility"));
case Z_NO_POOL:
return (dgettext(TEXT_DOMAIN,
"Pool not found; using default pool"));
case Z_POOL_CREATE:
return (dgettext(TEXT_DOMAIN,
"Could not create a temporary pool"));
case Z_POOL_BIND:
return (dgettext(TEXT_DOMAIN, "Could not bind zone to pool"));
case Z_INVALID_PROPERTY:
return (dgettext(TEXT_DOMAIN, "Specified property is invalid"));
case Z_POSSIBLE_CONFLICT:
return (dgettext(TEXT_DOMAIN,
"Possible conflicts in non-global zone's /dev/zvol"));
case Z_SYSTEM:
return (strerror(errno));
case Z_STORAGE_MISC:
return (dgettext(TEXT_DOMAIN,
"Miscellaneous storage resource error"));
case Z_STORAGE_INUSE:
return (dgettext(TEXT_DOMAIN,
"Storage resource or zpool already in use"));
case Z_STORAGE_AGAIN:
return (dgettext(TEXT_DOMAIN,
"Storage resource or zpool busy"));
case Z_DUP_PROPERTY:
return (dgettext(TEXT_DOMAIN,
"Duplicate property value"));
default:
return (dgettext(TEXT_DOMAIN, "Unknown error"));
}
}
/*
* Note that the zonecfg_setXent() and zonecfg_endXent() calls are all the
* same, as they just turn around and call zonecfg_setent() / zonecfg_endent().
*/
static int
zonecfg_setent(zone_dochandle_t handle)
{
xmlNodePtr cur;
int err;
if (handle == NULL)
return (Z_INVAL);
if ((err = operation_prep(handle)) != Z_OK) {
handle->zone_dh_cur = NULL;
return (err);
}
cur = handle->zone_dh_cur;
cur = cur->xmlChildrenNode;
handle->zone_dh_cur = cur;
return (Z_OK);
}
static int
zonecfg_endent(zone_dochandle_t handle)
{
if (handle == NULL)
return (Z_INVAL);
handle->zone_dh_cur = handle->zone_dh_top;
return (Z_OK);
}
/*
* Do the work required to manipulate a process through libproc.
* If grab_process() returns no errors (0), then release_process()
* must eventually be called.
*
* Return values:
* 0 Successful creation of agent thread
* 1 Error grabbing
* 2 Error creating agent
*/
static int
grab_process(pr_info_handle_t *p)
{
int ret;
if ((p->pr = Pgrab(p->pid, 0, &ret)) != NULL) {
if (Psetflags(p->pr, PR_RLC) != 0) {
Prelease(p->pr, 0);
return (1);
}
if (Pcreate_agent(p->pr) == 0) {
return (0);
} else {
Prelease(p->pr, 0);
return (2);
}
} else {
return (1);
}
}
/*
* Release the specified process. This destroys the agent
* and releases the process. If the process is NULL, nothing
* is done. This function should only be called if grab_process()
* has previously been called and returned success.
*
* This function is Pgrab-safe.
*/
static void
release_process(struct ps_prochandle *Pr)
{
if (Pr == NULL)
return;
Pdestroy_agent(Pr);
Prelease(Pr, 0);
}
static boolean_t
grab_zone_proc(char *zonename, pr_info_handle_t *p)
{
DIR *dirp;
struct dirent *dentp;
zoneid_t zoneid;
int pid_self;
psinfo_t psinfo;
if (zone_get_id(zonename, &zoneid) != 0)
return (B_FALSE);
pid_self = getpid();
if ((dirp = opendir("/proc")) == NULL)
return (B_FALSE);
while (dentp = readdir(dirp)) {
p->pid = atoi(dentp->d_name);
/* Skip self */
if (p->pid == pid_self)
continue;
if (proc_get_psinfo(p->pid, &psinfo) != 0)
continue;
if (psinfo.pr_zoneid != zoneid)
continue;
/* attempt to grab process */
if (grab_process(p) != 0)
continue;
if (pr_getzoneid(p->pr) != zoneid) {
release_process(p->pr);
continue;
}
(void) closedir(dirp);
return (B_TRUE);
}
(void) closedir(dirp);
return (B_FALSE);
}
static boolean_t
get_priv_rctl(struct ps_prochandle *pr, char *name, rctlblk_t *rblk)
{
if (pr_getrctl(pr, name, NULL, rblk, RCTL_FIRST))
return (B_FALSE);
if (rctlblk_get_privilege(rblk) == RCPRIV_PRIVILEGED)
return (B_TRUE);
while (pr_getrctl(pr, name, rblk, rblk, RCTL_NEXT) == 0) {
if (rctlblk_get_privilege(rblk) == RCPRIV_PRIVILEGED)
return (B_TRUE);
}
return (B_FALSE);
}
/*
* Apply the current rctl settings to the specified, running zone.
*/
int
zonecfg_apply_rctls(char *zone_name, zone_dochandle_t handle)
{
int err;
int res = Z_OK;
rctlblk_t *rblk;
pr_info_handle_t p;
struct zone_rctltab rctl;
if ((err = zonecfg_setrctlent(handle)) != Z_OK)
return (err);
if ((rblk = (rctlblk_t *)malloc(rctlblk_size())) == NULL) {
(void) zonecfg_endrctlent(handle);
return (Z_NOMEM);
}
if (!grab_zone_proc(zone_name, &p)) {
(void) zonecfg_endrctlent(handle);
free(rblk);
return (Z_SYSTEM);
}
while (zonecfg_getrctlent(handle, &rctl) == Z_OK) {
char *rname;
struct zone_rctlvaltab *valptr;
rname = rctl.zone_rctl_name;
/* first delete all current privileged settings for this rctl */
while (get_priv_rctl(p.pr, rname, rblk)) {
if (pr_setrctl(p.pr, rname, NULL, rblk, RCTL_DELETE) !=
0) {
res = Z_SYSTEM;
goto done;
}
}
/* now set each new value for the rctl */
for (valptr = rctl.zone_rctl_valptr; valptr != NULL;
valptr = valptr->zone_rctlval_next) {
if ((err = zonecfg_construct_rctlblk(valptr, rblk))
!= Z_OK) {
res = errno = err;
goto done;
}
if (pr_setrctl(p.pr, rname, NULL, rblk, RCTL_INSERT)) {
res = Z_SYSTEM;
goto done;
}
}
}
done:
release_process(p.pr);
free(rblk);
(void) zonecfg_endrctlent(handle);
return (res);
}
int
zonecfg_num_resources(zone_dochandle_t handle, const char *rsrc)
{
int num = 0;
const xmlChar *dtd;
xmlNodePtr cur;
if ((dtd = rt_to_dtd(rsrc)) == NULL)
return (num);
if (zonecfg_setent(handle) != Z_OK)
return (num);
for (cur = handle->zone_dh_cur; cur != NULL; cur = cur->next)
if (xmlStrcmp(cur->name, dtd) == 0)
num++;
(void) zonecfg_endent(handle);
return (num);
}
int
zonecfg_del_all_resources(zone_dochandle_t handle, const char *rsrc)
{
int err;
const xmlChar *dtd;
xmlNodePtr cur;
if ((dtd = rt_to_dtd(rsrc)) == NULL)
return (Z_NO_RESOURCE_TYPE);
if ((err = zonecfg_setent(handle)) != Z_OK)
return (err);
cur = handle->zone_dh_cur;
while (cur != NULL) {
xmlNodePtr tmp;
if (xmlStrcmp(cur->name, dtd)) {
cur = cur->next;
continue;
}
tmp = cur->next;
xmlUnlinkNode(cur);
xmlFreeNode(cur);
cur = tmp;
}
(void) zonecfg_endent(handle);
return (Z_OK);
}
static boolean_t
valid_uint(char *s, uint64_t *n)
{
char *endp;
/* strtoull accepts '-'?! so we want to flag that as an error */
if (strchr(s, '-') != NULL)
return (B_FALSE);
errno = 0;
*n = strtoull(s, &endp, 10);
if (errno != 0 || *endp != '\0')
return (B_FALSE);
return (B_TRUE);
}
/*
* Convert a string representing a number (possibly a fraction) into an integer.
* The string can have a modifier (K, M, G or T). The modifiers are treated
* as powers of two (not 10).
*/
int
zonecfg_str_to_bytes(char *str, uint64_t *bytes)
{
long double val;
char *unitp;
uint64_t scale;
*bytes = 0;
if ((val = strtold(str, &unitp)) < 0)
return (-1);
/* remove any leading white space from units string */
while (isspace(*unitp) != 0)
++unitp;
/* if no units explicitly set, error */
if (unitp == NULL || *unitp == '\0') {
scale = 1;
} else {
int i;
char *units[] = {"K", "M", "G", "T", NULL};
scale = 1024;
/* update scale based on units */
for (i = 0; units[i] != NULL; i++) {
if (strcasecmp(unitp, units[i]) == 0)
break;
scale <<= 10;
}
if (units[i] == NULL)
return (-1);
}
*bytes = (uint64_t)(val * scale);
return (0);
}
boolean_t
zonecfg_valid_ncpus(char *lowstr, char *highstr)
{
uint64_t low, high;
if (!valid_uint(lowstr, &low) || !valid_uint(highstr, &high) ||
low < 1 || low > high)
return (B_FALSE);
return (B_TRUE);
}
boolean_t
zonecfg_valid_importance(char *impstr)
{
uint64_t num;
if (!valid_uint(impstr, &num))
return (B_FALSE);
return (B_TRUE);
}
boolean_t
zonecfg_valid_alias_limit(char *name, char *limitstr, uint64_t *limit)
{
int i;
for (i = 0; aliases[i].shortname != NULL; i++)
if (strcmp(name, aliases[i].shortname) == 0)
break;
if (aliases[i].shortname == NULL)
return (B_FALSE);
if (!valid_uint(limitstr, limit) || *limit < aliases[i].low_limit)
return (B_FALSE);
return (B_TRUE);
}
boolean_t
zonecfg_valid_memlimit(char *memstr, uint64_t *mem_val)
{
if (zonecfg_str_to_bytes(memstr, mem_val) != 0)
return (B_FALSE);
return (B_TRUE);
}
static int
zerr_pool(char *pool_err, int err_size, int res)
{
(void) strlcpy(pool_err, pool_strerror(pool_error()), err_size);
return (res);
}
static int
create_tmp_pset(char *pool_err, int err_size, pool_conf_t *pconf, pool_t *pool,
char *name, int min, int max)
{
pool_resource_t *res;
pool_elem_t *elem;
pool_value_t *val;
if ((res = pool_resource_create(pconf, "pset", name)) == NULL)
return (zerr_pool(pool_err, err_size, Z_POOL));
if (pool_associate(pconf, pool, res) != PO_SUCCESS)
return (zerr_pool(pool_err, err_size, Z_POOL));
if ((elem = pool_resource_to_elem(pconf, res)) == NULL)
return (zerr_pool(pool_err, err_size, Z_POOL));
if ((val = pool_value_alloc()) == NULL)
return (zerr_pool(pool_err, err_size, Z_POOL));
/* set the maximum number of cpus for the pset */
pool_value_set_uint64(val, (uint64_t)max);
if (pool_put_property(pconf, elem, "pset.max", val) != PO_SUCCESS) {
pool_value_free(val);
return (zerr_pool(pool_err, err_size, Z_POOL));
}
/* set the minimum number of cpus for the pset */
pool_value_set_uint64(val, (uint64_t)min);
if (pool_put_property(pconf, elem, "pset.min", val) != PO_SUCCESS) {
pool_value_free(val);
return (zerr_pool(pool_err, err_size, Z_POOL));
}
pool_value_free(val);
return (Z_OK);
}
static int
create_tmp_pool(char *pool_err, int err_size, pool_conf_t *pconf, char *name,
struct zone_psettab *pset_tab)
{
pool_t *pool;
int res = Z_OK;
/* create a temporary pool configuration */
if (pool_conf_open(pconf, NULL, PO_TEMP) != PO_SUCCESS) {
res = zerr_pool(pool_err, err_size, Z_POOL);
return (res);
}
if ((pool = pool_create(pconf, name)) == NULL) {
res = zerr_pool(pool_err, err_size, Z_POOL_CREATE);
goto done;
}
/* set pool importance */
if (pset_tab->zone_importance[0] != '\0') {
pool_elem_t *elem;
pool_value_t *val;
if ((elem = pool_to_elem(pconf, pool)) == NULL) {
res = zerr_pool(pool_err, err_size, Z_POOL);
goto done;
}
if ((val = pool_value_alloc()) == NULL) {
res = zerr_pool(pool_err, err_size, Z_POOL);
goto done;
}
pool_value_set_int64(val,
(int64_t)atoi(pset_tab->zone_importance));
if (pool_put_property(pconf, elem, "pool.importance", val)
!= PO_SUCCESS) {
res = zerr_pool(pool_err, err_size, Z_POOL);
pool_value_free(val);
goto done;
}
pool_value_free(val);
}
if ((res = create_tmp_pset(pool_err, err_size, pconf, pool, name,
atoi(pset_tab->zone_ncpu_min),
atoi(pset_tab->zone_ncpu_max))) != Z_OK)
goto done;
/* validation */
if (pool_conf_status(pconf) == POF_INVALID) {
res = zerr_pool(pool_err, err_size, Z_POOL);
goto done;
}
/*
* This validation is the one we expect to fail if the user specified
* an invalid configuration (too many cpus) for this system.
*/
if (pool_conf_validate(pconf, POV_RUNTIME) != PO_SUCCESS) {
res = zerr_pool(pool_err, err_size, Z_POOL_CREATE);
goto done;
}
/*
* Commit the dynamic configuration but not the pool configuration
* file.
*/
if (pool_conf_commit(pconf, 1) != PO_SUCCESS)
res = zerr_pool(pool_err, err_size, Z_POOL);
done:
(void) pool_conf_close(pconf);
return (res);
}
static int
get_running_tmp_pset(pool_conf_t *pconf, pool_t *pool, pool_resource_t *pset,
struct zone_psettab *pset_tab)
{
int nfound = 0;
pool_elem_t *pe;
pool_value_t *pv = pool_value_alloc();
uint64_t val_uint;
if (pool != NULL) {
pe = pool_to_elem(pconf, pool);
if (pool_get_property(pconf, pe, "pool.importance", pv)
!= POC_INVAL) {
int64_t val_int;
(void) pool_value_get_int64(pv, &val_int);
(void) snprintf(pset_tab->zone_importance,
sizeof (pset_tab->zone_importance), "%d", val_int);
nfound++;
}
}
if (pset != NULL) {
pe = pool_resource_to_elem(pconf, pset);
if (pool_get_property(pconf, pe, "pset.min", pv) != POC_INVAL) {
(void) pool_value_get_uint64(pv, &val_uint);
(void) snprintf(pset_tab->zone_ncpu_min,
sizeof (pset_tab->zone_ncpu_min), "%u", val_uint);
nfound++;
}
if (pool_get_property(pconf, pe, "pset.max", pv) != POC_INVAL) {
(void) pool_value_get_uint64(pv, &val_uint);
(void) snprintf(pset_tab->zone_ncpu_max,
sizeof (pset_tab->zone_ncpu_max), "%u", val_uint);
nfound++;
}
}
pool_value_free(pv);
if (nfound == 3)
return (PO_SUCCESS);
return (PO_FAIL);
}
/*
* Determine if a tmp pool is configured and if so, if the configuration is
* still valid or if it has been changed since the tmp pool was created.
* If the tmp pool configuration is no longer valid, delete the tmp pool.
*
* Set *valid=B_TRUE if there is an existing, valid tmp pool configuration.
*/
static int
verify_del_tmp_pool(pool_conf_t *pconf, char *tmp_name, char *pool_err,
int err_size, struct zone_psettab *pset_tab, boolean_t *exists)
{
int res = Z_OK;
pool_t *pool;
pool_resource_t *pset;
struct zone_psettab pset_current;
*exists = B_FALSE;
if (pool_conf_open(pconf, pool_dynamic_location(), PO_RDWR)
!= PO_SUCCESS) {
res = zerr_pool(pool_err, err_size, Z_POOL);
return (res);
}
pool = pool_get_pool(pconf, tmp_name);
pset = pool_get_resource(pconf, "pset", tmp_name);
if (pool == NULL && pset == NULL) {
/* no tmp pool configured */
goto done;
}
/*
* If an existing tmp pool for this zone is configured with the proper
* settings, then the tmp pool is valid.
*/
if (get_running_tmp_pset(pconf, pool, pset, &pset_current)
== PO_SUCCESS &&
strcmp(pset_tab->zone_ncpu_min,
pset_current.zone_ncpu_min) == 0 &&
strcmp(pset_tab->zone_ncpu_max,
pset_current.zone_ncpu_max) == 0 &&
strcmp(pset_tab->zone_importance,
pset_current.zone_importance) == 0) {
*exists = B_TRUE;
} else {
/*
* An out-of-date tmp pool configuration exists. Delete it
* so that we can create the correct tmp pool config.
*/
if (pset != NULL &&
pool_resource_destroy(pconf, pset) != PO_SUCCESS) {
res = zerr_pool(pool_err, err_size, Z_POOL);
goto done;
}
if (pool != NULL &&
pool_destroy(pconf, pool) != PO_SUCCESS) {
res = zerr_pool(pool_err, err_size, Z_POOL);
goto done;
}
/* commit dynamic config */
if (pool_conf_commit(pconf, 0) != PO_SUCCESS)
res = zerr_pool(pool_err, err_size, Z_POOL);
}
done:
(void) pool_conf_close(pconf);
return (res);
}
/*
* Destroy any existing tmp pool.
*/
int
zonecfg_destroy_tmp_pool(char *zone_name, char *pool_err, int err_size)
{
int status;
int res = Z_OK;
pool_conf_t *pconf;
pool_t *pool;
pool_resource_t *pset;
char tmp_name[MAX_TMP_POOL_NAME];
/* if pools not enabled then nothing to do */
if (pool_get_status(&status) != PO_SUCCESS || status != POOL_ENABLED)
return (Z_OK);
if ((pconf = pool_conf_alloc()) == NULL)
return (zerr_pool(pool_err, err_size, Z_POOL));
(void) snprintf(tmp_name, sizeof (tmp_name), TMP_POOL_NAME, zone_name);
if (pool_conf_open(pconf, pool_dynamic_location(), PO_RDWR)
!= PO_SUCCESS) {
res = zerr_pool(pool_err, err_size, Z_POOL);
pool_conf_free(pconf);
return (res);
}
pool = pool_get_pool(pconf, tmp_name);
pset = pool_get_resource(pconf, "pset", tmp_name);
if (pool == NULL && pset == NULL) {
/* nothing to destroy, we're done */
goto done;
}
if (pset != NULL && pool_resource_destroy(pconf, pset) != PO_SUCCESS) {
res = zerr_pool(pool_err, err_size, Z_POOL);
goto done;
}
if (pool != NULL && pool_destroy(pconf, pool) != PO_SUCCESS) {
res = zerr_pool(pool_err, err_size, Z_POOL);
goto done;
}
/* commit dynamic config */
if (pool_conf_commit(pconf, 0) != PO_SUCCESS)
res = zerr_pool(pool_err, err_size, Z_POOL);
done:
(void) pool_conf_close(pconf);
pool_conf_free(pconf);
return (res);
}
/*
* Attempt to bind to a tmp pool for this zone. If there is no tmp pool
* configured, we just return Z_OK.
*
* We either attempt to create the tmp pool for this zone or rebind to an
* existing tmp pool for this zone.
*
* Rebinding is used when a zone with a tmp pool reboots so that we don't have
* to recreate the tmp pool. To do this we need to be sure we work correctly
* for the following cases:
*
* - there is an existing, properly configured tmp pool.
* - zonecfg added tmp pool after zone was booted, must now create.
* - zonecfg updated tmp pool config after zone was booted, in this case
* we destroy the old tmp pool and create a new one.
*/
int
zonecfg_bind_tmp_pool(zone_dochandle_t handle, zoneid_t zoneid, char *pool_err,
int err_size)
{
struct zone_psettab pset_tab;
int err;
int status;
pool_conf_t *pconf;
boolean_t exists;
char zone_name[ZONENAME_MAX];
char tmp_name[MAX_TMP_POOL_NAME];
(void) getzonenamebyid(zoneid, zone_name, sizeof (zone_name));
err = zonecfg_lookup_pset(handle, &pset_tab);
/* if no temporary pool configured, we're done */
if (err == Z_NO_ENTRY)
return (Z_OK);
/*
* importance might not have a value but we need to validate it here,
* so set the default.
*/
if (pset_tab.zone_importance[0] == '\0')
(void) strlcpy(pset_tab.zone_importance, "1",
sizeof (pset_tab.zone_importance));
/* if pools not enabled, enable them now */
if (pool_get_status(&status) != PO_SUCCESS || status != POOL_ENABLED) {
if (pool_set_status(POOL_ENABLED) != PO_SUCCESS)
return (Z_POOL_ENABLE);
}
if ((pconf = pool_conf_alloc()) == NULL)
return (zerr_pool(pool_err, err_size, Z_POOL));
(void) snprintf(tmp_name, sizeof (tmp_name), TMP_POOL_NAME, zone_name);
/*
* Check if a valid tmp pool/pset already exists. If so, we just
* reuse it.
*/
if ((err = verify_del_tmp_pool(pconf, tmp_name, pool_err, err_size,
&pset_tab, &exists)) != Z_OK) {
pool_conf_free(pconf);
return (err);
}
if (!exists)
err = create_tmp_pool(pool_err, err_size, pconf, tmp_name,
&pset_tab);
pool_conf_free(pconf);
if (err != Z_OK)
return (err);
/* Bind the zone to the pool. */
if (pool_set_binding(tmp_name, P_ZONEID, zoneid) != PO_SUCCESS)
return (zerr_pool(pool_err, err_size, Z_POOL_BIND));
return (Z_OK);
}
/*
* Attempt to bind to a permanent pool for this zone. If there is no
* permanent pool configured, we just return Z_OK.
*/
int
zonecfg_bind_pool(zone_dochandle_t handle, zoneid_t zoneid, char *pool_err,
int err_size)
{
pool_conf_t *poolconf;
pool_t *pool;
char poolname[MAXPATHLEN];
int status;
int error;
/*
* Find the pool mentioned in the zone configuration, and bind to it.
*/
error = zonecfg_get_pool(handle, poolname, sizeof (poolname));
if (error == Z_NO_ENTRY || (error == Z_OK && strlen(poolname) == 0)) {
/*
* The property is not set on the zone, so the pool
* should be bound to the default pool. But that's
* already done by the kernel, so we can just return.
*/
return (Z_OK);
}
if (error != Z_OK) {
/*
* Not an error, even though it shouldn't be happening.
*/
return (Z_OK);
}
/*
* Don't do anything if pools aren't enabled.
*/
if (pool_get_status(&status) != PO_SUCCESS || status != POOL_ENABLED)
return (Z_POOLS_NOT_ACTIVE);
/*
* Try to provide a sane error message if the requested pool doesn't
* exist.
*/
if ((poolconf = pool_conf_alloc()) == NULL)
return (zerr_pool(pool_err, err_size, Z_POOL));
if (pool_conf_open(poolconf, pool_dynamic_location(), PO_RDONLY) !=
PO_SUCCESS) {
pool_conf_free(poolconf);
return (zerr_pool(pool_err, err_size, Z_POOL));
}
pool = pool_get_pool(poolconf, poolname);
(void) pool_conf_close(poolconf);
pool_conf_free(poolconf);
if (pool == NULL)
return (Z_NO_POOL);
/*
* Bind the zone to the pool.
*/
if (pool_set_binding(poolname, P_ZONEID, zoneid) != PO_SUCCESS) {
/* if bind fails, return poolname for the error msg */
(void) strlcpy(pool_err, poolname, err_size);
return (Z_POOL_BIND);
}
return (Z_OK);
}
int
zonecfg_get_poolname(zone_dochandle_t handle, char *zone, char *pool,
size_t poolsize)
{
int err;
struct zone_psettab pset_tab;
err = zonecfg_lookup_pset(handle, &pset_tab);
if ((err != Z_NO_ENTRY) && (err != Z_OK))
return (err);
/* pset was found so a temporary pool was created */
if (err == Z_OK) {
(void) snprintf(pool, poolsize, TMP_POOL_NAME, zone);
return (Z_OK);
}
/* lookup the poolname in zonecfg */
return (zonecfg_get_pool(handle, pool, poolsize));
}
static boolean_t
svc_enabled(char *svc_name)
{
scf_simple_prop_t *prop;
boolean_t found = B_FALSE;
prop = scf_simple_prop_get(NULL, svc_name, SCF_PG_GENERAL,
SCF_PROPERTY_ENABLED);
if (scf_simple_prop_numvalues(prop) == 1 &&
*scf_simple_prop_next_boolean(prop) != 0)
found = B_TRUE;
scf_simple_prop_free(prop);
return (found);
}
/*
* If the zone has capped-memory, make sure the rcap service is enabled.
*/
int
zonecfg_enable_rcapd(char *err, int size)
{
if (!svc_enabled(RCAP_SERVICE) &&
smf_enable_instance(RCAP_SERVICE, 0) == -1) {
(void) strlcpy(err, scf_strerror(scf_error()), size);
return (Z_SYSTEM);
}
return (Z_OK);
}
/*
* Return true if pset has cpu range specified and poold is not enabled.
*/
boolean_t
zonecfg_warn_poold(zone_dochandle_t handle)
{
struct zone_psettab pset_tab;
int min, max;
int err;
err = zonecfg_lookup_pset(handle, &pset_tab);
/* if no temporary pool configured, we're done */
if (err == Z_NO_ENTRY)
return (B_FALSE);
min = atoi(pset_tab.zone_ncpu_min);
max = atoi(pset_tab.zone_ncpu_max);
/* range not specified, no need for poold */
if (min == max)
return (B_FALSE);
/* we have a range, check if poold service is enabled */
if (svc_enabled(POOLD_SERVICE))
return (B_FALSE);
return (B_TRUE);
}
/*
* Retrieve the specified pool's thread scheduling class. 'poolname' must
* refer to the name of a configured resource pool. The thread scheduling
* class specified by the pool will be stored in the buffer to which 'class'
* points. 'clsize' is the byte size of the buffer to which 'class' points.
*
* This function returns Z_OK if it successfully stored the specified pool's
* thread scheduling class into the buffer to which 'class' points. It returns
* Z_NO_POOL if resource pools are not enabled, the function is unable to
* access the system's resource pools configuration, or the specified pool
* does not exist. The function returns Z_TOO_BIG if the buffer to which
* 'class' points is not large enough to contain the thread scheduling class'
* name. The function returns Z_NO_ENTRY if the pool does not specify a thread
* scheduling class.
*/
static int
get_pool_sched_class(char *poolname, char *class, int clsize)
{
int status;
pool_conf_t *poolconf;
pool_t *pool;
pool_elem_t *pe;
pool_value_t *pv = pool_value_alloc();
const char *sched_str;
if (pool_get_status(&status) != PO_SUCCESS || status != POOL_ENABLED)
return (Z_NO_POOL);
if ((poolconf = pool_conf_alloc()) == NULL)
return (Z_NO_POOL);
if (pool_conf_open(poolconf, pool_dynamic_location(), PO_RDONLY) !=
PO_SUCCESS) {
pool_conf_free(poolconf);
return (Z_NO_POOL);
}
if ((pool = pool_get_pool(poolconf, poolname)) == NULL) {
(void) pool_conf_close(poolconf);
pool_conf_free(poolconf);
return (Z_NO_POOL);
}
pe = pool_to_elem(poolconf, pool);
if (pool_get_property(poolconf, pe, "pool.scheduler", pv) !=
POC_STRING) {
(void) pool_conf_close(poolconf);
pool_conf_free(poolconf);
return (Z_NO_ENTRY);
}
(void) pool_value_get_string(pv, &sched_str);
(void) pool_conf_close(poolconf);
pool_conf_free(poolconf);
if (strlcpy(class, sched_str, clsize) >= clsize)
return (Z_TOO_BIG);
return (Z_OK);
}
/*
* Get the default scheduling class for the zone. This will either be the
* class set on the zone's pool or the system default scheduling class.
*/
int
zonecfg_get_dflt_sched_class(zone_dochandle_t handle, char *class, int clsize)
{
char poolname[MAXPATHLEN];
if (zonecfg_get_pool(handle, poolname, sizeof (poolname)) == Z_OK) {
/* check if the zone's pool specified a sched class */
if (get_pool_sched_class(poolname, class, clsize) == Z_OK)
return (Z_OK);
}
if (priocntl(0, 0, PC_GETDFLCL, class, (uint64_t)clsize) == -1)
return (Z_TOO_BIG);
return (Z_OK);
}
int
zonecfg_setfsent(zone_dochandle_t handle)
{
return (zonecfg_setent(handle));
}
static xmlNodePtr
find_elem_node(zone_dochandle_t handle, const xmlChar *elem)
{
xmlNodePtr cur;
brand_handle_t bh;
/*
* Before searching the doc, the brand needs to be checked to see if
* the resource has been disabled.
*/
if (get_brand_handle(handle, &bh) != Z_OK)
return (NULL);
if (brand_disabled_res(bh, dtd_to_rt(elem))) {
brand_close(bh);
return (NULL);
}
brand_close(bh);
if ((cur = handle->zone_dh_cur) != NULL) {
for (; cur != NULL; cur = cur->next)
if (!xmlStrcmp(cur->name, elem))
break;
}
return (cur);
}
int
zonecfg_getfsent(zone_dochandle_t handle, struct zone_fstab *tabptr)
{
xmlNodePtr cur, options;
char options_str[MAX_MNTOPT_STR];
int err;
if (handle == NULL)
return (Z_INVAL);
cur = find_elem_node(handle, DTD_ELEM_FS);
if (cur == NULL) {
handle->zone_dh_cur = handle->zone_dh_top;
return (Z_NO_ENTRY);
}
if ((err = fetchprop(handle, cur, DTD_ATTR_SPECIAL,
tabptr->zone_fs_special,
sizeof (tabptr->zone_fs_special))) != Z_OK) {
handle->zone_dh_cur = handle->zone_dh_top;
return (err);
}
if ((err = fetchprop(handle, cur, DTD_ATTR_RAW, tabptr->zone_fs_raw,
sizeof (tabptr->zone_fs_raw))) != Z_OK) {
handle->zone_dh_cur = handle->zone_dh_top;
return (err);
}
if ((err = fetchprop(handle, cur, DTD_ATTR_DIR, tabptr->zone_fs_dir,
sizeof (tabptr->zone_fs_dir))) != Z_OK) {
handle->zone_dh_cur = handle->zone_dh_top;
return (err);
}
if ((err = fetchprop(handle, cur, DTD_ATTR_TYPE, tabptr->zone_fs_type,
sizeof (tabptr->zone_fs_type))) != Z_OK) {
handle->zone_dh_cur = handle->zone_dh_top;
return (err);
}
/* OK for options to be NULL */
tabptr->zone_fs_options = NULL;
for (options = cur->xmlChildrenNode; options != NULL;
options = options->next) {
if (fetchprop(handle, options, DTD_ATTR_NAME, options_str,
sizeof (options_str)) != Z_OK)
break;
if (zonecfg_add_fs_option(tabptr, options_str) != Z_OK)
break;
}
handle->zone_dh_cur = cur->next;
return (Z_OK);
}
int
zonecfg_endfsent(zone_dochandle_t handle)
{
return (zonecfg_endent(handle));
}
int
zonecfg_setnetent(zone_dochandle_t handle)
{
return (zonecfg_setent(handle));
}
int
zonecfg_getnetent(zone_dochandle_t handle, struct zone_nettab *tabptr)
{
xmlNodePtr cur;
int err;
if (handle == NULL)
return (Z_INVAL);
cur = find_elem_node(handle, DTD_ELEM_NET);
if (cur == NULL) {
handle->zone_dh_cur = handle->zone_dh_top;
return (Z_NO_ENTRY);
}
if ((err = fetchprop(handle, cur, DTD_ATTR_ADDRESS,
tabptr->zone_net_address,
sizeof (tabptr->zone_net_address))) != Z_OK) {
handle->zone_dh_cur = handle->zone_dh_top;
return (err);
}
if ((err = fetchprop(handle, cur, DTD_ATTR_ALLOWED_ADDRESS,
tabptr->zone_net_allowed_addr,
sizeof (tabptr->zone_net_allowed_addr))) != Z_OK) {
handle->zone_dh_cur = handle->zone_dh_top;
return (err);
}
if ((err = fetchprop(handle, cur, DTD_ATTR_CONFIGURE_ALLOWED_ADDRESS,
tabptr->zone_net_configure_allowed_addr,
sizeof (tabptr->zone_net_configure_allowed_addr))) != Z_OK)
return (err);
/* Default to "true" if not set */
if (strlen(tabptr->zone_net_configure_allowed_addr) == 0) {
size_t sz = sizeof (tabptr->zone_net_configure_allowed_addr);
if (strlcpy(tabptr->zone_net_configure_allowed_addr, "true", sz)
>= sz)
return (Z_TOO_BIG);
}
if ((err = fetchprop(handle, cur, DTD_ATTR_PHYSICAL,
tabptr->zone_net_physical,
sizeof (tabptr->zone_net_physical))) != Z_OK) {
handle->zone_dh_cur = handle->zone_dh_top;
return (err);
}
if ((err = fetchprop(handle, cur, DTD_ATTR_DEFROUTER,
tabptr->zone_net_defrouter,
sizeof (tabptr->zone_net_defrouter))) != Z_OK) {
handle->zone_dh_cur = handle->zone_dh_top;
return (err);
}
handle->zone_dh_cur = cur->next;
return (Z_OK);
}
int
zonecfg_endnetent(zone_dochandle_t handle)
{
return (zonecfg_endent(handle));
}
int
zonecfg_setanetent(zone_dochandle_t handle)
{
return (zonecfg_setent(handle));
}
int
zonecfg_getanetent(zone_dochandle_t handle, struct zone_anettab *tabptr)
{
xmlNodePtr cur;
int err;
if (handle == NULL)
return (Z_INVAL);
cur = find_elem_node(handle, DTD_ELEM_ANET);
if (cur == NULL) {
handle->zone_dh_cur = handle->zone_dh_top;
return (Z_NO_ENTRY);
}
if ((err = fetchprop(handle, cur, DTD_ATTR_LINKNAME,
tabptr->zone_anet_linkname,
sizeof (tabptr->zone_anet_linkname))) != Z_OK) {
handle->zone_dh_cur = handle->zone_dh_top;
return (err);
}
if ((err = fetchprop(handle, cur, DTD_ATTR_LOWER_LINK,
tabptr->zone_anet_lower_link,
sizeof (tabptr->zone_anet_lower_link))) != Z_OK) {
handle->zone_dh_cur = handle->zone_dh_top;
return (err);
}
if ((err = fetchprop(handle, cur, DTD_ATTR_ALLOWED_ADDRESS,
tabptr->zone_anet_allowed_addr,
sizeof (tabptr->zone_anet_allowed_addr))) != Z_OK) {
handle->zone_dh_cur = handle->zone_dh_top;
return (err);
}
if ((err = fetchprop(handle, cur, DTD_ATTR_CONFIGURE_ALLOWED_ADDRESS,
tabptr->zone_anet_configure_allowed_addr,
sizeof (tabptr->zone_anet_configure_allowed_addr))) != Z_OK)
return (err);
/* Default to "true" if not set */
if (strlen(tabptr->zone_anet_configure_allowed_addr) == 0) {
size_t sz = sizeof (tabptr->zone_anet_configure_allowed_addr);
if (strlcpy(tabptr->zone_anet_configure_allowed_addr, "true",
sz) >= sz)
return (Z_TOO_BIG);
}
if ((err = fetchprop(handle, cur, DTD_ATTR_DEFROUTER,
tabptr->zone_anet_defrouter,
sizeof (tabptr->zone_anet_defrouter))) != Z_OK) {
handle->zone_dh_cur = handle->zone_dh_top;
return (err);
}
if ((err = fetchprop(handle, cur, DTD_ATTR_ALLOWED_DHCP_CIDS,
tabptr->zone_anet_allowed_dhcp_cids,
sizeof (tabptr->zone_anet_allowed_dhcp_cids))) != Z_OK) {
handle->zone_dh_cur = handle->zone_dh_top;
return (err);
}
if ((err = fetchprop(handle, cur, DTD_ATTR_LINK_PROTECTION,
tabptr->zone_anet_link_protection,
sizeof (tabptr->zone_anet_link_protection))) != Z_OK) {
handle->zone_dh_cur = handle->zone_dh_top;
return (err);
}
if ((err = fetchprop(handle, cur, DTD_ATTR_AUTO_MAC_ADDRESS,
tabptr->zone_anet_auto_mac_addr,
sizeof (tabptr->zone_anet_auto_mac_addr))) != Z_OK) {
handle->zone_dh_cur = handle->zone_dh_top;
return (err);
}
if ((err = fetchprop(handle, cur, DTD_ATTR_MAC_ADDRESS,
tabptr->zone_anet_mac_addr,
sizeof (tabptr->zone_anet_mac_addr))) != Z_OK) {
handle->zone_dh_cur = handle->zone_dh_top;
return (err);
}
if ((err = fetchprop(handle, cur, DTD_ATTR_MAC_PREFIX,
tabptr->zone_anet_mac_prefix,
sizeof (tabptr->zone_anet_mac_prefix))) != Z_OK) {
handle->zone_dh_cur = handle->zone_dh_top;
return (err);
}
if ((err = fetchprop(handle, cur, DTD_ATTR_MAC_SLOT,
tabptr->zone_anet_mac_slot,
sizeof (tabptr->zone_anet_mac_slot))) != Z_OK) {
handle->zone_dh_cur = handle->zone_dh_top;
return (err);
}
if ((err = fetchprop(handle, cur, DTD_ATTR_VLAN_ID,
tabptr->zone_anet_vlan_id,
sizeof (tabptr->zone_anet_vlan_id))) != Z_OK) {
handle->zone_dh_cur = handle->zone_dh_top;
return (err);
}
if ((err = fetchprop(handle, cur, DTD_ATTR_PRIORITY,
tabptr->zone_anet_priority,
sizeof (tabptr->zone_anet_priority))) != Z_OK) {
handle->zone_dh_cur = handle->zone_dh_top;
return (err);
}
if ((err = fetchprop(handle, cur, DTD_ATTR_RXRINGS,
tabptr->zone_anet_rxrings,
sizeof (tabptr->zone_anet_rxrings))) != Z_OK) {
handle->zone_dh_cur = handle->zone_dh_top;
return (err);
}
if ((err = fetchprop(handle, cur, DTD_ATTR_TXRINGS,
tabptr->zone_anet_txrings,
sizeof (tabptr->zone_anet_txrings))) != Z_OK) {
handle->zone_dh_cur = handle->zone_dh_top;
return (err);
}
if ((err = fetchprop(handle, cur, DTD_ATTR_MTU,
tabptr->zone_anet_mtu,
sizeof (tabptr->zone_anet_mtu))) != Z_OK) {
handle->zone_dh_cur = handle->zone_dh_top;
return (err);
}
if ((err = fetchprop(handle, cur, DTD_ATTR_MAXBW,
tabptr->zone_anet_maxbw,
sizeof (tabptr->zone_anet_maxbw))) != Z_OK) {
handle->zone_dh_cur = handle->zone_dh_top;
return (err);
}
if ((err = fetchprop(handle, cur, DTD_ATTR_RXFANOUT,
tabptr->zone_anet_rxfanout,
sizeof (tabptr->zone_anet_rxfanout))) != Z_OK) {
handle->zone_dh_cur = handle->zone_dh_top;
return (err);
}
if ((err = fetchprop(handle, cur, DTD_ATTR_VSITYPEID,
tabptr->zone_anet_vsitypeid,
sizeof (tabptr->zone_anet_vsitypeid))) != Z_OK) {
handle->zone_dh_cur = handle->zone_dh_top;
return (err);
}
if ((err = fetchprop(handle, cur, DTD_ATTR_VSIVERS,
tabptr->zone_anet_vsivers,
sizeof (tabptr->zone_anet_vsivers))) != Z_OK) {
handle->zone_dh_cur = handle->zone_dh_top;
return (err);
}
if ((err = fetchprop(handle, cur, DTD_ATTR_VSIMGRID,
tabptr->zone_anet_vsimgrid,
sizeof (tabptr->zone_anet_vsimgrid))) != Z_OK) {
handle->zone_dh_cur = handle->zone_dh_top;
return (err);
}
if ((err = fetchprop(handle, cur, DTD_ATTR_ETSBWLCL,
tabptr->zone_anet_etsbwlcl,
sizeof (tabptr->zone_anet_etsbwlcl))) != Z_OK) {
handle->zone_dh_cur = handle->zone_dh_top;
return (err);
}
if ((err = fetchprop(handle, cur, DTD_ATTR_COS,
tabptr->zone_anet_cos,
sizeof (tabptr->zone_anet_cos))) != Z_OK) {
handle->zone_dh_cur = handle->zone_dh_top;
return (err);
}
if ((err = fetchprop(handle, cur, DTD_ATTR_PKEY,
tabptr->zone_anet_pkey,
sizeof (tabptr->zone_anet_pkey))) != Z_OK) {
handle->zone_dh_cur = handle->zone_dh_top;
return (err);
}
if ((err = fetchprop(handle, cur, DTD_ATTR_LINKMODE,
tabptr->zone_anet_linkmode,
sizeof (tabptr->zone_anet_linkmode))) != Z_OK) {
handle->zone_dh_cur = handle->zone_dh_top;
return (err);
}
handle->zone_dh_cur = cur->next;
return (Z_OK);
}
int
zonecfg_endanetent(zone_dochandle_t handle)
{
return (zonecfg_endent(handle));
}
int
zonecfg_setdevent(zone_dochandle_t handle)
{
return (zonecfg_setent(handle));
}
int
zonecfg_getdevent(zone_dochandle_t handle, struct zone_devtab *tabptr)
{
xmlNodePtr cur;
int err;
if (handle == NULL)
return (Z_INVAL);
cur = find_elem_node(handle, DTD_ELEM_DEVICE);
if (cur == NULL) {
handle->zone_dh_cur = handle->zone_dh_top;
return (Z_NO_ENTRY);
}
if ((err = fetchprop(handle, cur, DTD_ATTR_MATCH,
tabptr->zone_dev_match,
sizeof (tabptr->zone_dev_match))) != Z_OK) {
handle->zone_dh_cur = handle->zone_dh_top;
return (err);
}
if ((err = fetchprop(handle, cur, DTD_ATTR_ALLOW_PARTITION,
tabptr->zone_dev_partition,
sizeof (tabptr->zone_dev_partition))) != Z_OK) {
handle->zone_dh_cur = handle->zone_dh_top;
return (err);
}
if ((err = fetchprop(handle, cur,
DTD_ATTR_ALLOW_RAW_IO, tabptr->zone_dev_raw_io,
sizeof (tabptr->zone_dev_raw_io))) != Z_OK) {
handle->zone_dh_cur = handle->zone_dh_top;
return (err);
}
handle->zone_dh_cur = cur->next;
return (Z_OK);
}
int
zonecfg_enddevent(zone_dochandle_t handle)
{
return (zonecfg_endent(handle));
}
int
zonecfg_setrctlent(zone_dochandle_t handle)
{
return (zonecfg_setent(handle));
}
int
zonecfg_getrctlent(zone_dochandle_t handle, struct zone_rctltab *tabptr)
{
xmlNodePtr cur, val;
struct zone_rctlvaltab *valptr;
int err;
if (handle == NULL)
return (Z_INVAL);
cur = find_elem_node(handle, DTD_ELEM_RCTL);
if (cur == NULL) {
handle->zone_dh_cur = handle->zone_dh_top;
return (Z_NO_ENTRY);
}
if ((err = fetchprop(handle, cur, DTD_ATTR_NAME, tabptr->zone_rctl_name,
sizeof (tabptr->zone_rctl_name))) != Z_OK) {
handle->zone_dh_cur = handle->zone_dh_top;
return (err);
}
tabptr->zone_rctl_valptr = NULL;
for (val = cur->xmlChildrenNode; val != NULL; val = val->next) {
valptr = (struct zone_rctlvaltab *)malloc(
sizeof (struct zone_rctlvaltab));
if (valptr == NULL)
return (Z_NOMEM);
if (fetchprop(handle, val, DTD_ATTR_PRIV,
valptr->zone_rctlval_priv,
sizeof (valptr->zone_rctlval_priv)) != Z_OK)
break;
if (fetchprop(handle, val, DTD_ATTR_LIMIT,
valptr->zone_rctlval_limit,
sizeof (valptr->zone_rctlval_limit)) != Z_OK)
break;
if (fetchprop(handle, val, DTD_ATTR_ACTION,
valptr->zone_rctlval_action,
sizeof (valptr->zone_rctlval_action)) != Z_OK)
break;
if (zonecfg_add_rctl_value(tabptr, valptr) != Z_OK)
break;
}
handle->zone_dh_cur = cur->next;
return (Z_OK);
}
int
zonecfg_endrctlent(zone_dochandle_t handle)
{
return (zonecfg_endent(handle));
}
int
zonecfg_setattrent(zone_dochandle_t handle)
{
return (zonecfg_setent(handle));
}
int
zonecfg_getattrent(zone_dochandle_t handle, struct zone_attrtab *tabptr)
{
xmlNodePtr cur;
int err;
if (handle == NULL)
return (Z_INVAL);
cur = find_elem_node(handle, DTD_ELEM_ATTR);
if (cur == NULL) {
handle->zone_dh_cur = handle->zone_dh_top;
return (Z_NO_ENTRY);
}
if ((err = fetchprop(handle, cur, DTD_ATTR_NAME, tabptr->zone_attr_name,
sizeof (tabptr->zone_attr_name))) != Z_OK) {
handle->zone_dh_cur = handle->zone_dh_top;
return (err);
}
if ((err = fetchprop(handle, cur, DTD_ATTR_TYPE, tabptr->zone_attr_type,
sizeof (tabptr->zone_attr_type))) != Z_OK) {
handle->zone_dh_cur = handle->zone_dh_top;
return (err);
}
if ((err = fetchprop(handle, cur, DTD_ATTR_VALUE,
tabptr->zone_attr_value,
sizeof (tabptr->zone_attr_value))) != Z_OK) {
handle->zone_dh_cur = handle->zone_dh_top;
return (err);
}
handle->zone_dh_cur = cur->next;
return (Z_OK);
}
int
zonecfg_endattrent(zone_dochandle_t handle)
{
return (zonecfg_endent(handle));
}
int
zonecfg_setadminent(zone_dochandle_t handle)
{
return (zonecfg_setent(handle));
}
int
zonecfg_getadminent(zone_dochandle_t handle, struct zone_admintab *tabptr)
{
xmlNodePtr cur;
int err;
if (handle == NULL)
return (Z_INVAL);
cur = find_elem_node(handle, DTD_ELEM_ADMIN);
if (cur == NULL) {
handle->zone_dh_cur = handle->zone_dh_top;
return (Z_NO_ENTRY);
}
if ((err = fetchprop(handle, cur, DTD_ATTR_USER,
tabptr->zone_admin_user,
sizeof (tabptr->zone_admin_user))) != Z_OK) {
handle->zone_dh_cur = handle->zone_dh_top;
return (err);
}
if ((err = fetchprop(handle, cur, DTD_ATTR_AUTHS,
tabptr->zone_admin_auths,
sizeof (tabptr->zone_admin_auths))) != Z_OK) {
handle->zone_dh_cur = handle->zone_dh_top;
return (err);
}
handle->zone_dh_cur = cur->next;
return (Z_OK);
}
int
zonecfg_endadminent(zone_dochandle_t handle)
{
return (zonecfg_endent(handle));
}
/*
* The privileges available on the system and described in privileges(5)
* fall into four categories with respect to non-global zones:
*
* Default set of privileges considered safe for all non-global
* zones. These privileges are "safe" in the sense that a
* privileged process in the zone cannot affect processes in any
* other zone on the system.
*
* Set of privileges not currently permitted within a non-global
* zone. These privileges are considered by default, "unsafe,"
* and include ones which affect global resources (such as the
* system clock or physical memory) or are overly broad and cover
* more than one mechanism in the system. In other cases, there
* has not been sufficient virtualization in the parts of the
* system the privilege covers to allow its use within a
* non-global zone.
*
* Set of privileges required in order to get a zone booted and
* init(1M) started. These cannot be removed from the zone's
* privilege set.
*
* All other privileges are optional and are potentially useful for
* processes executing inside a non-global zone.
*
* When privileges are added to the system, a determination needs to be
* made as to which category the privilege belongs to. Ideally,
* privileges should be fine-grained enough and the mechanisms they cover
* virtualized enough so that they can be made available to non-global
* zones.
*/
/*
* Define some of the tokens that priv_str_to_set(3C) recognizes. Since
* the privilege string separator can be any character, although it is
* usually a comma character, define these here as well in the event that
* they change or are augmented in the future.
*/
#define BASIC_TOKEN "basic"
#define DEFAULT_TOKEN "default"
#define ZONE_TOKEN "zone"
#define TOKEN_PRIV_CHAR ','
#define TOKEN_PRIV_STR ","
typedef struct priv_node {
struct priv_node *pn_next; /* Next privilege */
char *pn_priv; /* Privileges name */
} priv_node_t;
/* Privileges lists can differ across brands */
typedef struct priv_lists {
/* Privileges considered safe for all non-global zones of a brand */
struct priv_node *pl_default;
/* Privileges not permitted for all non-global zones of a brand */
struct priv_node *pl_prohibited;
/* Privileges required for all non-global zones of a brand */
struct priv_node *pl_required;
/*
* ip-type of the zone these privileges lists apply to.
* It is used to pass ip-type to the callback function,
* priv_lists_cb, which has no way of getting the ip-type.
*/
const char *pl_iptype;
} priv_lists_t;
static int
priv_lists_cb(void *data, priv_iter_t *priv_iter)
{
priv_lists_t *plp = (priv_lists_t *)data;
priv_node_t *pnp;
/* Skip this privilege if ip-type does not match */
if ((strcmp(priv_iter->pi_iptype, "all") != 0) &&
(strcmp(priv_iter->pi_iptype, plp->pl_iptype) != 0))
return (0);
/* Allocate a new priv list node. */
if ((pnp = malloc(sizeof (*pnp))) == NULL)
return (-1);
if ((pnp->pn_priv = strdup(priv_iter->pi_name)) == NULL) {
free(pnp);
return (-1);
}
/* Insert the new priv list node into the right list */
if (strcmp(priv_iter->pi_set, "default") == 0) {
pnp->pn_next = plp->pl_default;
plp->pl_default = pnp;
} else if (strcmp(priv_iter->pi_set, "prohibited") == 0) {
pnp->pn_next = plp->pl_prohibited;
plp->pl_prohibited = pnp;
} else if (strcmp(priv_iter->pi_set, "required") == 0) {
pnp->pn_next = plp->pl_required;
plp->pl_required = pnp;
} else {
free(pnp->pn_priv);
free(pnp);
return (-1);
}
return (0);
}
static void
priv_lists_destroy(priv_lists_t *plp)
{
priv_node_t *pnp;
assert(plp != NULL);
while ((pnp = plp->pl_default) != NULL) {
plp->pl_default = pnp->pn_next;
free(pnp->pn_priv);
free(pnp);
}
while ((pnp = plp->pl_prohibited) != NULL) {
plp->pl_prohibited = pnp->pn_next;
free(pnp->pn_priv);
free(pnp);
}
while ((pnp = plp->pl_required) != NULL) {
plp->pl_required = pnp->pn_next;
free(pnp->pn_priv);
free(pnp);
}
free(plp);
}
static int
priv_lists_create(zone_dochandle_t handle, char *brand, priv_lists_t **plpp,
const char *curr_iptype)
{
priv_lists_t *plp;
brand_handle_t bh;
/* handle or brand must be set, but never both */
assert((handle != NULL) || (brand != NULL));
assert((handle == NULL) || (brand == NULL));
if (handle == NULL) {
if ((bh = brand_open(brand)) == NULL)
return (Z_BRAND_ERROR);
} else {
if (get_brand_handle(handle, &bh) != Z_OK)
return (Z_BRAND_ERROR);
}
if ((plp = calloc(1, sizeof (priv_lists_t))) == NULL) {
brand_close(bh);
return (Z_NOMEM);
}
plp->pl_iptype = curr_iptype;
/* construct the privilege lists */
if (brand_config_iter_privilege(bh, priv_lists_cb, plp) != 0) {
priv_lists_destroy(plp);
brand_close(bh);
return (Z_BRAND_ERROR);
}
brand_close(bh);
*plpp = plp;
return (Z_OK);
}
static int
get_default_privset(priv_set_t *privs, priv_lists_t *plp)
{
priv_node_t *pnp;
priv_set_t *basic;
basic = priv_str_to_set(BASIC_TOKEN, TOKEN_PRIV_STR, NULL);
if (basic == NULL)
return (errno == ENOMEM ? Z_NOMEM : Z_INVAL);
priv_union(basic, privs);
priv_freeset(basic);
for (pnp = plp->pl_default; pnp != NULL; pnp = pnp->pn_next) {
if (priv_addset(privs, pnp->pn_priv) != 0)
return (Z_INVAL);
}
return (Z_OK);
}
/*
* This function retrieves the property value of the zonecfg/default_template
* SMF property from the svc:/system/zones:default service and copies that
* value into the template argument.
*/
int
zonecfg_default_template(char *template, size_t templatesize)
{
scf_simple_prop_t *prop;
char *propval = NULL;
int ret = Z_INVAL;
if ((prop = scf_simple_prop_get(NULL, ZONES_SERVICE, ZONECFG_PG,
DEFAULT_TEMPLATE_PROPNAME)) != NULL) {
propval = scf_simple_prop_next_astring(prop);
if (propval != NULL) {
if (strlcpy(template, propval, templatesize) >=
templatesize)
ret = Z_TOO_BIG;
else
ret = Z_OK;
}
scf_simple_prop_free(prop);
}
return (ret);
}
/*
* The default brand is the global zone's brand, or the current zone's brand
* if called from within a non-global zone.
*/
int
zonecfg_default_brand(char *brand, size_t brandsize)
{
zone_dochandle_t handle;
int myzoneid = getzoneid();
int ret;
/*
* If we're running within a zone, then the default brand is the
* current zone's brand.
*/
if (myzoneid != GLOBAL_ZONEID) {
ret = zone_getattr(myzoneid, ZONE_ATTR_BRAND, brand, brandsize);
if (ret < 0)
return ((errno == EFAULT) ? Z_TOO_BIG : Z_INVAL);
return (Z_OK);
}
if ((handle = zonecfg_init_handle()) == NULL)
return (Z_NOMEM);
ret = zonecfg_get_handle(ZONE_SYS_DEFAULT_TMPL, handle);
if (ret == Z_NO_ZONE && zonecfg_in_alt_root()) {
/*
* If we're operating on an alternate root, try the old system
* default template, as we could be querying an old boot
* environment.
*/
ret = zonecfg_get_handle(ZONE_OLD_SYS_DEFAULT_TMPL, handle);
}
if (ret != Z_OK) {
zonecfg_fini_handle(handle);
return (ret);
}
ret = i_zonecfg_get_brand(handle, brand, brandsize);
zonecfg_fini_handle(handle);
return (ret);
}
int
zonecfg_default_privset(priv_set_t *privs, const char *curr_iptype)
{
priv_lists_t *plp;
char buf[MAXNAMELEN];
int ret;
if ((ret = zonecfg_default_brand(buf, sizeof (buf))) != Z_OK)
return (ret);
if ((ret = priv_lists_create(NULL, buf, &plp, curr_iptype)) != Z_OK)
return (ret);
ret = get_default_privset(privs, plp);
priv_lists_destroy(plp);
return (ret);
}
void
append_priv_token(char *priv, char *str, size_t strlen)
{
if (*str != '\0')
(void) strlcat(str, TOKEN_PRIV_STR, strlen);
(void) strlcat(str, priv, strlen);
}
/*
* Verify that the supplied string is a valid privilege limit set for a
* non-global zone. This string must not only be acceptable to
* priv_str_to_set(3C) which parses it, but it also must resolve to a
* privilege set that includes certain required privileges and lacks
* certain prohibited privileges.
*/
static int
verify_privset(char *privbuf, priv_set_t *privs, char **privname,
boolean_t add_default, priv_lists_t *plp)
{
priv_node_t *pnp;
char *tmp, *cp, *lasts;
size_t len;
priv_set_t *mergeset;
const char *token;
/*
* The verification of the privilege string occurs in several
* phases. In the first phase, the supplied string is scanned for
* the ZONE_TOKEN token which is not support as part of the
* "limitpriv" property.
*
* Duplicate the supplied privilege string since strtok_r(3C)
* tokenizes its input by null-terminating the tokens.
*/
if ((tmp = strdup(privbuf)) == NULL)
return (Z_NOMEM);
for (cp = strtok_r(tmp, TOKEN_PRIV_STR, &lasts); cp != NULL;
cp = strtok_r(NULL, TOKEN_PRIV_STR, &lasts)) {
if (strcmp(cp, ZONE_TOKEN) == 0) {
free(tmp);
if ((*privname = strdup(ZONE_TOKEN)) == NULL)
return (Z_NOMEM);
else
return (Z_PRIV_UNKNOWN);
}
}
free(tmp);
if (add_default) {
/*
* If DEFAULT_TOKEN was specified, a string needs to be
* built containing the privileges from the default, safe
* set along with those of the "limitpriv" property.
*/
len = strlen(privbuf) + sizeof (BASIC_TOKEN) + 2;
for (pnp = plp->pl_default; pnp != NULL; pnp = pnp->pn_next)
len += strlen(pnp->pn_priv) + 1;
tmp = alloca(len);
*tmp = '\0';
append_priv_token(BASIC_TOKEN, tmp, len);
for (pnp = plp->pl_default; pnp != NULL; pnp = pnp->pn_next)
append_priv_token(pnp->pn_priv, tmp, len);
(void) strlcat(tmp, TOKEN_PRIV_STR, len);
(void) strlcat(tmp, privbuf, len);
} else {
tmp = privbuf;
}
/*
* In the next phase, attempt to convert the merged privilege
* string into a privilege set. In the case of an error, either
* there was a memory allocation failure or there was an invalid
* privilege token in the string. In either case, return an
* appropriate error code but in the event of an invalid token,
* allocate a string containing its name and return that back to
* the caller.
*/
mergeset = priv_str_to_set(tmp, TOKEN_PRIV_STR, &token);
if (mergeset == NULL) {
if (token == NULL)
return (Z_NOMEM);
if ((cp = strchr(token, TOKEN_PRIV_CHAR)) != NULL)
*cp = '\0';
if ((*privname = strdup(token)) == NULL)
return (Z_NOMEM);
else
return (Z_PRIV_UNKNOWN);
}
/*
* Next, verify that none of the prohibited zone privileges are
* present in the merged privilege set.
*/
for (pnp = plp->pl_prohibited; pnp != NULL; pnp = pnp->pn_next) {
if (priv_ismember(mergeset, pnp->pn_priv)) {
priv_freeset(mergeset);
if ((*privname = strdup(pnp->pn_priv)) == NULL)
return (Z_NOMEM);
else
return (Z_PRIV_PROHIBITED);
}
}
/*
* Finally, verify that all of the required zone privileges are
* present in the merged privilege set.
*/
for (pnp = plp->pl_required; pnp != NULL; pnp = pnp->pn_next) {
if (!priv_ismember(mergeset, pnp->pn_priv)) {
priv_freeset(mergeset);
if ((*privname = strdup(pnp->pn_priv)) == NULL)
return (Z_NOMEM);
else
return (Z_PRIV_REQUIRED);
}
}
priv_copyset(mergeset, privs);
priv_freeset(mergeset);
return (Z_OK);
}
/*
* Fill in the supplied privilege set with either the default, safe set of
* privileges suitable for a non-global zone, or one based on the
* "limitpriv" property in the zone's configuration.
*
* In the event of an invalid privilege specification in the
* configuration, a string is allocated and returned containing the
* "privilege" causing the issue. It is the caller's responsibility to
* free this memory when it is done with it.
*/
int
zonecfg_get_privset(zone_dochandle_t handle, priv_set_t *privs,
char **privname)
{
priv_lists_t *plp;
char *cp, *limitpriv = NULL;
int err, limitlen;
zone_iptype_t iptype;
const char *curr_iptype;
/*
* Attempt to lookup the "limitpriv" property. If it does not
* exist or matches the string DEFAULT_TOKEN exactly, then the
* default, safe privilege set is returned.
*/
if ((err = zonecfg_get_limitpriv(handle, &limitpriv)) != Z_OK)
return (err);
if ((err = zonecfg_get_iptype(handle, &iptype)) != Z_OK)
return (err);
switch (iptype) {
case ZS_SHARED:
curr_iptype = "shared";
break;
case ZS_EXCLUSIVE:
curr_iptype = "exclusive";
break;
}
if ((err = priv_lists_create(handle, NULL, &plp, curr_iptype)) != Z_OK)
return (err);
limitlen = strlen(limitpriv);
if (limitlen == 0 || strcmp(limitpriv, DEFAULT_TOKEN) == 0) {
free(limitpriv);
err = get_default_privset(privs, plp);
priv_lists_destroy(plp);
return (err);
}
/*
* Check if the string DEFAULT_TOKEN is the first token in a list
* of privileges.
*/
cp = strchr(limitpriv, TOKEN_PRIV_CHAR);
if (cp != NULL &&
strncmp(limitpriv, DEFAULT_TOKEN, cp - limitpriv) == 0)
err = verify_privset(cp + 1, privs, privname, B_TRUE, plp);
else
err = verify_privset(limitpriv, privs, privname, B_FALSE, plp);
free(limitpriv);
priv_lists_destroy(plp);
return (err);
}
int
zone_get_zonepath(char *zone_name, char *zonepath, size_t rp_sz)
{
zone_dochandle_t handle;
boolean_t found = B_FALSE;
struct zoneent *ze;
FILE *cookie;
int err;
char *cp;
if (zone_name == NULL)
return (Z_INVAL);
(void) strlcpy(zonepath, zonecfg_root, rp_sz);
cp = zonepath + strlen(zonepath);
while (cp > zonepath && cp[-1] == '/')
*--cp = '\0';
if (strcmp(zone_name, GLOBAL_ZONENAME) == 0) {
if (zonepath[0] == '\0')
(void) strlcpy(zonepath, "/", rp_sz);
return (Z_OK);
}
/*
* First check the index file. Because older versions did not have
* a copy of the zone path, allow for it to be zero length, in which
* case we ignore this result and fall back to the XML files.
*/
cookie = setzoneent();
while ((ze = getzoneent_private(cookie)) != NULL) {
if (strcmp(ze->zone_name, zone_name) == 0) {
found = B_TRUE;
if (ze->zone_path[0] != '\0')
(void) strlcpy(cp, ze->zone_path,
rp_sz - (cp - zonepath));
}
free(ze);
if (found)
break;
}
endzoneent(cookie);
if (found && *cp != '\0')
return (Z_OK);
/* Fall back to the XML files. */
if ((handle = zonecfg_init_handle()) == NULL)
return (Z_NOMEM);
/*
* Check the snapshot first: if a zone is running, its zonepath
* may have changed.
*/
if (zonecfg_get_snapshot_handle(zone_name, handle) != Z_OK) {
if ((err = zonecfg_get_handle(zone_name, handle)) != Z_OK) {
zonecfg_fini_handle(handle);
return (err);
}
}
err = zonecfg_get_zonepath(handle, zonepath, rp_sz);
zonecfg_fini_handle(handle);
return (err);
}
int
zone_get_rootpath(char *zone_name, char *rootpath, size_t rp_sz)
{
int err;
/* This function makes sense for non-global zones only. */
if (strcmp(zone_name, GLOBAL_ZONENAME) == 0)
return (Z_BOGUS_ZONE_NAME);
if ((err = zone_get_zonepath(zone_name, rootpath, rp_sz)) != Z_OK)
return (err);
if (strlcat(rootpath, "/root", rp_sz) >= rp_sz)
return (Z_TOO_BIG);
return (Z_OK);
}
int
zone_get_brand(char *zone_name, char *brandname, size_t rp_sz)
{
int err;
zone_dochandle_t handle;
char myzone[MAXNAMELEN];
int myzoneid = getzoneid();
/*
* If we are not in the global zone, then we don't have the zone
* .xml files with the brand name available. Thus, we are going to
* have to ask the kernel for the information.
*/
if (myzoneid != GLOBAL_ZONEID) {
if (is_system_labeled()) {
(void) strlcpy(brandname, SOLARIS_BRAND_NAME, rp_sz);
return (Z_OK);
}
if (zone_getattr(myzoneid, ZONE_ATTR_NAME, myzone,
sizeof (myzone)) < 0)
return (Z_NO_ZONE);
if (!zonecfg_is_scratch(myzone)) {
if (strncmp(zone_name, myzone, MAXNAMELEN) != 0)
return (Z_NO_ZONE);
}
err = zone_getattr(myzoneid, ZONE_ATTR_BRAND, brandname, rp_sz);
if (err < 0)
return ((errno == EFAULT) ? Z_TOO_BIG : Z_INVAL);
return (Z_OK);
}
if (strcmp(zone_name, "global") == 0)
return (zonecfg_default_brand(brandname, rp_sz));
if ((handle = zonecfg_init_handle()) == NULL)
return (Z_NOMEM);
err = zonecfg_get_handle((char *)zone_name, handle);
if (err == Z_OK)
err = zonecfg_get_brand(handle, brandname, rp_sz);
zonecfg_fini_handle(handle);
return (err);
}
/*
* Return the appropriate root for the active /dev.
* For normal zone, the path is $ZONEPATH/root;
* for scratch zone, the dev path is $ZONEPATH/lu.
*/
int
zone_get_devroot(char *zone_name, char *devroot, size_t rp_sz)
{
int err;
char *suffix;
zone_state_t state;
/* This function makes sense for non-global zones only. */
if (strcmp(zone_name, GLOBAL_ZONENAME) == 0)
return (Z_BOGUS_ZONE_NAME);
if ((err = zone_get_zonepath(zone_name, devroot, rp_sz)) != Z_OK)
return (err);
if (zone_get_state(zone_name, &state) == Z_OK &&
state == ZONE_STATE_MOUNTED)
suffix = "/lu";
else
suffix = "/root";
if (strlcat(devroot, suffix, rp_sz) >= rp_sz)
return (Z_TOO_BIG);
return (Z_OK);
}
static zone_state_t
kernel_state_to_user_state(zoneid_t zoneid, zone_status_t kernel_state)
{
char zoneroot[MAXPATHLEN];
size_t zlen;
assert(kernel_state <= ZONE_MAX_STATE);
switch (kernel_state) {
case ZONE_IS_UNINITIALIZED:
case ZONE_IS_INITIALIZED:
/* The kernel will not return these two states */
return (ZONE_STATE_READY);
case ZONE_IS_READY:
case ZONE_IS_DOWN:
/*
* If the zone's root is mounted on $ZONEPATH/lu, then
* it's a mounted scratch zone.
*/
if (zone_getattr(zoneid, ZONE_ATTR_ROOT, zoneroot,
sizeof (zoneroot)) >= 0) {
zlen = strlen(zoneroot);
if (zlen > 3 &&
strcmp(zoneroot + zlen - 3, "/lu") == 0)
return (ZONE_STATE_MOUNTED);
}
return (kernel_state == ZONE_IS_READY ?
ZONE_STATE_READY : ZONE_STATE_DOWN);
case ZONE_IS_BOOTING:
case ZONE_IS_RUNNING:
return (ZONE_STATE_RUNNING);
case ZONE_IS_SHUTTING_DOWN:
case ZONE_IS_EMPTY:
return (ZONE_STATE_SHUTTING_DOWN);
case ZONE_IS_DYING:
case ZONE_IS_DEAD:
default:
return (ZONE_STATE_DOWN);
}
/* NOTREACHED */
}
int
zone_get_state(char *zone_name, zone_state_t *state_num)
{
zone_status_t status;
zoneid_t zone_id;
struct zoneent *ze;
boolean_t found = B_FALSE;
FILE *cookie;
char kernzone[ZONENAME_MAX];
FILE *fp;
if (zone_name == NULL)
return (Z_INVAL);
/*
* If we're looking at an alternate root, then we need to query the
* kernel using the scratch zone name.
*/
zone_id = -1;
if (*zonecfg_root != '\0' && !zonecfg_is_scratch(zone_name)) {
if ((fp = zonecfg_open_scratch("", B_FALSE)) != NULL) {
if (zonecfg_find_scratch(fp, zone_name, zonecfg_root,
kernzone, sizeof (kernzone)) == 0)
zone_id = getzoneidbyname(kernzone);
zonecfg_close_scratch(fp);
}
} else {
zone_id = getzoneidbyname(zone_name);
}
/* check to see if zone is running */
if (zone_id != -1 &&
zone_getattr(zone_id, ZONE_ATTR_STATUS, &status,
sizeof (status)) >= 0) {
*state_num = kernel_state_to_user_state(zone_id, status);
return (Z_OK);
}
cookie = setzoneent();
while ((ze = getzoneent_private(cookie)) != NULL) {
if (strcmp(ze->zone_name, zone_name) == 0) {
found = B_TRUE;
*state_num = ze->zone_state;
}
free(ze);
if (found)
break;
}
endzoneent(cookie);
return ((found) ? Z_OK : Z_NO_ZONE);
}
int
zone_set_state(char *zone, zone_state_t state)
{
struct zoneent ze;
if (state != ZONE_STATE_CONFIGURED && state != ZONE_STATE_INSTALLED &&
state != ZONE_STATE_INCOMPLETE && state != ZONE_STATE_UNAVAILABLE)
return (Z_INVAL);
bzero(&ze, sizeof (ze));
(void) strlcpy(ze.zone_name, zone, sizeof (ze.zone_name));
ze.zone_state = state;
(void) strlcpy(ze.zone_path, "", sizeof (ze.zone_path));
return (putzoneent(&ze, PZE_MODIFY));
}
/*
* Get id (if any) for specified zone. There are four possible outcomes:
* - If the string corresponds to the numeric id of an active (booted)
* zone, sets *zip to the zone id and returns 0.
* - If the string corresponds to the name of an active (booted) zone,
* sets *zip to the zone id and returns 0.
* - If the string is a name in the configuration but is not booted,
* sets *zip to ZONE_ID_UNDEFINED and returns 0.
* - Otherwise, leaves *zip unchanged and returns -1.
*
* This function acts as an auxiliary filter on the function of the same
* name in libc; the linker binds to this version if libzonecfg exists,
* and the libc version if it doesn't. Any changes to this version of
* the function should probably be reflected in the libc version as well.
*/
int
zone_get_id(const char *str, zoneid_t *zip)
{
zone_dochandle_t hdl;
zoneid_t zoneid;
char *cp;
int err;
/* first try looking for active zone by id */
errno = 0;
zoneid = (zoneid_t)strtol(str, &cp, 0);
if (errno == 0 && cp != str && *cp == '\0' &&
getzonenamebyid(zoneid, NULL, 0) != -1) {
*zip = zoneid;
return (0);
}
/* then look for active zone by name */
if ((zoneid = getzoneidbyname(str)) != -1) {
*zip = zoneid;
return (0);
}
/* if in global zone, try looking up name in configuration database */
if (getzoneid() != GLOBAL_ZONEID ||
(hdl = zonecfg_init_handle()) == NULL)
return (-1);
if (zonecfg_get_handle(str, hdl) == Z_OK) {
/* zone exists but isn't active */
*zip = ZONE_ID_UNDEFINED;
err = 0;
} else {
err = -1;
}
zonecfg_fini_handle(hdl);
return (err);
}
char *
zone_state_str(zone_state_t state_num)
{
if (state_num < ZONE_STATE_CONFIGURED ||
state_num >= ZONE_STATE_INVALID)
return (zone_states[ZONE_STATE_INVALID].zone_state_str);
/* Be sure states are maintained properly. */
assert(state_num == zone_states[state_num].zone_state);
return (zone_states[state_num].zone_state_str);
}
zone_state_t
zone_state_num(const char *state_str)
{
int i;
for (i = 0; i < ZONE_STATE_INVALID; i++) {
/* Be sure states are maintained properly. */
assert(i == zone_states[i].zone_state);
if (strcmp(state_str, zone_states[i].zone_state_str) == 0)
return (zone_states[i].zone_state);
}
return (ZONE_STATE_INVALID);
}
/*
* Given a UUID value, find an associated zone name. This is intended to be
* used by callers who set up some 'default' name (corresponding to the
* expected name for the zone) in the zonename buffer, and thus the function
* doesn't touch this buffer on failure.
*/
int
zonecfg_get_name_by_uuid(const uuid_t uuidin, char *zonename, size_t namelen)
{
FILE *fp;
struct zoneent *ze;
uchar_t *uuid;
/*
* A small amount of subterfuge via casts is necessary here because
* libuuid doesn't use const correctly, but we don't want to export
* this brokenness to our clients.
*/
uuid = (uchar_t *)uuidin;
if (uuid_is_null(uuid))
return (Z_NO_ZONE);
if ((fp = setzoneent()) == NULL)
return (Z_NO_ZONE);
while ((ze = getzoneent_private(fp)) != NULL) {
if (uuid_compare(uuid, ze->zone_uuid) == 0)
break;
free(ze);
}
endzoneent(fp);
if (ze != NULL) {
(void) strlcpy(zonename, ze->zone_name, namelen);
free(ze);
return (Z_OK);
} else {
return (Z_NO_ZONE);
}
}
/*
* Given a zone name, get its UUID. Returns a "NULL" UUID value if the zone
* exists but the file doesn't have a value set yet. Returns an error if the
* zone cannot be located.
*/
int
zonecfg_get_uuid(const char *zonename, uuid_t uuid)
{
FILE *fp;
struct zoneent *ze;
if ((fp = setzoneent()) == NULL)
return (Z_NO_ZONE);
while ((ze = getzoneent_private(fp)) != NULL) {
if (strcmp(ze->zone_name, zonename) == 0)
break;
free(ze);
}
endzoneent(fp);
if (ze != NULL) {
uuid_copy(uuid, ze->zone_uuid);
free(ze);
return (Z_OK);
} else {
return (Z_NO_ZONE);
}
}
/*
* File-system convenience functions.
*/
boolean_t
zonecfg_valid_fs_type(const char *type)
{
/*
* We already know which FS types don't work.
*/
if (strcmp(type, "proc") == 0 ||
strcmp(type, "mntfs") == 0 ||
strcmp(type, "autofs") == 0 ||
strncmp(type, "nfs", sizeof ("nfs") - 1) == 0)
return (B_FALSE);
/*
* The caller may do more detailed verification to make sure other
* aspects of this filesystem type make sense.
*/
return (B_TRUE);
}
/*
* Generally uninteresting rctl convenience functions.
*/
int
zonecfg_construct_rctlblk(const struct zone_rctlvaltab *rctlval,
rctlblk_t *rctlblk)
{
unsigned long long ull;
char *endp;
rctl_priv_t priv;
rctl_qty_t limit;
uint_t action;
/* Get the privilege */
if (strcmp(rctlval->zone_rctlval_priv, "basic") == 0) {
priv = RCPRIV_BASIC;
} else if (strcmp(rctlval->zone_rctlval_priv, "privileged") == 0) {
priv = RCPRIV_PRIVILEGED;
} else {
/* Invalid privilege */
return (Z_INVAL);
}
/* deal with negative input; strtoull(3c) doesn't do what we want */
if (rctlval->zone_rctlval_limit[0] == '-')
return (Z_INVAL);
/* Get the limit */
errno = 0;
ull = strtoull(rctlval->zone_rctlval_limit, &endp, 0);
if (errno != 0 || *endp != '\0') {
/* parse failed */
return (Z_INVAL);
}
limit = (rctl_qty_t)ull;
/* Get the action */
if (strcmp(rctlval->zone_rctlval_action, "none") == 0) {
action = RCTL_LOCAL_NOACTION;
} else if (strcmp(rctlval->zone_rctlval_action, "signal") == 0) {
action = RCTL_LOCAL_SIGNAL;
} else if (strcmp(rctlval->zone_rctlval_action, "deny") == 0) {
action = RCTL_LOCAL_DENY;
} else {
/* Invalid Action */
return (Z_INVAL);
}
rctlblk_set_local_action(rctlblk, action, 0);
rctlblk_set_privilege(rctlblk, priv);
rctlblk_set_value(rctlblk, limit);
return (Z_OK);
}
static int
rctl_check(const char *rctlname, void *arg)
{
const char *attrname = arg;
/*
* Returning 1 here is our signal to zonecfg_is_rctl() that it is
* indeed an rctl name recognized by the system.
*/
return (strcmp(rctlname, attrname) == 0 ? 1 : 0);
}
boolean_t
zonecfg_is_rctl(const char *name)
{
return (rctl_walk(rctl_check, (void *)name) == 1);
}
boolean_t
zonecfg_valid_rctlname(const char *name)
{
const char *c;
if (strncmp(name, "zone.", sizeof ("zone.") - 1) != 0)
return (B_FALSE);
if (strlen(name) == sizeof ("zone.") - 1)
return (B_FALSE);
for (c = name + sizeof ("zone.") - 1; *c != '\0'; c++) {
if (!isalpha(*c) && *c != '-')
return (B_FALSE);
}
return (B_TRUE);
}
boolean_t
zonecfg_valid_rctlblk(const rctlblk_t *rctlblk)
{
rctl_priv_t priv = rctlblk_get_privilege((rctlblk_t *)rctlblk);
uint_t action = rctlblk_get_local_action((rctlblk_t *)rctlblk, NULL);
if (priv != RCPRIV_PRIVILEGED)
return (B_FALSE);
if (action != RCTL_LOCAL_NOACTION && action != RCTL_LOCAL_DENY)
return (B_FALSE);
return (B_TRUE);
}
boolean_t
zonecfg_valid_rctl(const char *name, const rctlblk_t *rctlblk)
{
rctlblk_t *current, *next;
rctl_qty_t limit = rctlblk_get_value((rctlblk_t *)rctlblk);
uint_t action = rctlblk_get_local_action((rctlblk_t *)rctlblk, NULL);
uint_t global_flags;
if (!zonecfg_valid_rctlblk(rctlblk))
return (B_FALSE);
if (!zonecfg_valid_rctlname(name))
return (B_FALSE);
current = alloca(rctlblk_size());
if (getrctl(name, NULL, current, RCTL_FIRST) != 0)
return (B_TRUE); /* not an rctl on this system */
/*
* Make sure the proposed value isn't greater than the current system
* value.
*/
next = alloca(rctlblk_size());
while (rctlblk_get_privilege(current) != RCPRIV_SYSTEM) {
rctlblk_t *tmp;
if (getrctl(name, current, next, RCTL_NEXT) != 0)
return (B_FALSE); /* shouldn't happen */
tmp = current;
current = next;
next = tmp;
}
if (limit > rctlblk_get_value(current))
return (B_FALSE);
/*
* Make sure the proposed action is allowed.
*/
global_flags = rctlblk_get_global_flags(current);
if ((global_flags & RCTL_GLOBAL_DENY_NEVER) &&
action == RCTL_LOCAL_DENY)
return (B_FALSE);
if ((global_flags & RCTL_GLOBAL_DENY_ALWAYS) &&
action == RCTL_LOCAL_NOACTION)
return (B_FALSE);
return (B_TRUE);
}
/*
* There is always a race condition between reading the initial copy of
* a zones state and its state changing. We address this by providing
* zonecfg_notify_critical_enter and zonecfg_noticy_critical_exit functions.
* When zonecfg_critical_enter is called, sets the state field to LOCKED
* and aquires biglock. Biglock protects against other threads executing
* critical_enter and the state field protects against state changes during
* the critical period.
*
* If any state changes occur, zn_cb will set the failed field of the znotify
* structure. This will cause the critical_exit function to re-lock the
* channel and return an error. Since evsnts may be delayed, the critical_exit
* function "flushes" the queue by putting an event on the queue and waiting for
* zn_cb to notify critical_exit that it received the ping event.
*/
static const char *
string_get_tok(const char *in, char delim, int num)
{
int i = 0;
for (; i < num; in++) {
if (*in == delim)
i++;
if (*in == 0)
return (NULL);
}
return (in);
}
static boolean_t
is_ping(sysevent_t *ev)
{
if (strcmp(sysevent_get_subclass_name(ev),
ZONE_EVENT_PING_SUBCLASS) == 0) {
return (B_TRUE);
} else {
return (B_FALSE);
}
}
static boolean_t
is_my_ping(sysevent_t *ev)
{
const char *sender;
char mypid[sizeof (pid_t) * 3 + 1];
(void) snprintf(mypid, sizeof (mypid), "%i", getpid());
sender = string_get_tok(sysevent_get_pub(ev), ':', 3);
if (sender == NULL)
return (B_FALSE);
if (strcmp(sender, mypid) != 0)
return (B_FALSE);
return (B_TRUE);
}
static int
do_callback(struct znotify *zevtchan, sysevent_t *ev)
{
nvlist_t *l;
int zid;
char *zonename;
char *newstate;
char *oldstate;
int ret;
hrtime_t when;
if (strcmp(sysevent_get_subclass_name(ev),
ZONE_EVENT_STATUS_SUBCLASS) == 0) {
if (sysevent_get_attr_list(ev, &l) != 0) {
if (errno == ENOMEM) {
zevtchan->zn_failure_count++;
return (EAGAIN);
}
return (0);
}
ret = 0;
if ((nvlist_lookup_string(l, ZONE_CB_NAME, &zonename) == 0) &&
(nvlist_lookup_string(l, ZONE_CB_NEWSTATE, &newstate)
== 0) &&
(nvlist_lookup_string(l, ZONE_CB_OLDSTATE, &oldstate)
== 0) &&
(nvlist_lookup_uint64(l, ZONE_CB_TIMESTAMP,
(uint64_t *)&when) == 0) &&
(nvlist_lookup_int32(l, ZONE_CB_ZONEID, &zid) == 0)) {
ret = zevtchan->zn_callback(zonename, zid, newstate,
oldstate, when, zevtchan->zn_private);
}
zevtchan->zn_failure_count = 0;
nvlist_free(l);
return (ret);
} else {
/*
* We have received an event in an unknown subclass. Ignore.
*/
zevtchan->zn_failure_count = 0;
return (0);
}
}
static int
zn_cb(sysevent_t *ev, void *p)
{
struct znotify *zevtchan = p;
int error;
(void) pthread_mutex_lock(&(zevtchan->zn_mutex));
if (is_ping(ev) && !is_my_ping(ev)) {
(void) pthread_mutex_unlock((&zevtchan->zn_mutex));
return (0);
}
if (zevtchan->zn_state == ZN_LOCKED) {
assert(!is_ping(ev));
zevtchan->zn_failed = B_TRUE;
(void) pthread_mutex_unlock(&(zevtchan->zn_mutex));
return (0);
}
if (zevtchan->zn_state == ZN_PING_INFLIGHT) {
if (is_ping(ev)) {
zevtchan->zn_state = ZN_PING_RECEIVED;
(void) pthread_cond_signal(&(zevtchan->zn_cond));
(void) pthread_mutex_unlock(&(zevtchan->zn_mutex));
return (0);
} else {
zevtchan->zn_failed = B_TRUE;
(void) pthread_mutex_unlock(&(zevtchan->zn_mutex));
return (0);
}
}
if (zevtchan->zn_state == ZN_UNLOCKED) {
error = do_callback(zevtchan, ev);
(void) pthread_mutex_unlock(&(zevtchan->zn_mutex));
/*
* Every ENOMEM failure causes do_callback to increment
* zn_failure_count and every success causes it to
* set zn_failure_count to zero. If we got EAGAIN,
* we will sleep for zn_failure_count seconds and return
* EAGAIN to gpec to try again.
*
* After 55 seconds, or 10 try's we give up and drop the
* event.
*/
if (error == EAGAIN) {
if (zevtchan->zn_failure_count > ZONE_CB_RETRY_COUNT) {
return (0);
}
(void) sleep(zevtchan->zn_failure_count);
}
return (error);
}
if (zevtchan->zn_state == ZN_PING_RECEIVED) {
(void) pthread_mutex_unlock(&(zevtchan->zn_mutex));
return (0);
}
abort();
}
void
zonecfg_notify_critical_enter(void *h)
{
struct znotify *zevtchan = h;
(void) pthread_mutex_lock(&(zevtchan->zn_bigmutex));
zevtchan->zn_state = ZN_LOCKED;
}
int
zonecfg_notify_critical_exit(void * h)
{
struct znotify *zevtchan = h;
if (zevtchan->zn_state == ZN_UNLOCKED)
return (0);
(void) pthread_mutex_lock(&(zevtchan->zn_mutex));
zevtchan->zn_state = ZN_PING_INFLIGHT;
(void) sysevent_evc_publish(zevtchan->zn_eventchan,
ZONE_EVENT_STATUS_CLASS,
ZONE_EVENT_PING_SUBCLASS, ZONE_EVENT_PING_PUBLISHER,
zevtchan->zn_subscriber_id, NULL, EVCH_SLEEP);
while (zevtchan->zn_state != ZN_PING_RECEIVED) {
(void) pthread_cond_wait(&(zevtchan->zn_cond),
&(zevtchan->zn_mutex));
}
if (zevtchan->zn_failed == B_TRUE) {
zevtchan->zn_state = ZN_LOCKED;
zevtchan->zn_failed = B_FALSE;
(void) pthread_mutex_unlock(&(zevtchan->zn_mutex));
return (1);
}
zevtchan->zn_state = ZN_UNLOCKED;
(void) pthread_mutex_unlock(&(zevtchan->zn_mutex));
(void) pthread_mutex_unlock(&(zevtchan->zn_bigmutex));
return (0);
}
void
zonecfg_notify_critical_abort(void *h)
{
struct znotify *zevtchan = h;
zevtchan->zn_state = ZN_UNLOCKED;
zevtchan->zn_failed = B_FALSE;
/*
* Don't do anything about zn_lock. If it is held, it could only be
* held by zn_cb and it will be unlocked soon.
*/
(void) pthread_mutex_unlock(&(zevtchan->zn_bigmutex));
}
void *
zonecfg_notify_bind(int(*func)(const char *zonename, zoneid_t zid,
const char *newstate, const char *oldstate, hrtime_t when, void *p),
void *p)
{
struct znotify *zevtchan;
int i = 1;
int r;
zevtchan = malloc(sizeof (struct znotify));
if (zevtchan == NULL)
return (NULL);
zevtchan->zn_private = p;
zevtchan->zn_callback = func;
zevtchan->zn_state = ZN_UNLOCKED;
zevtchan->zn_failed = B_FALSE;
if (pthread_mutex_init(&(zevtchan->zn_mutex), NULL))
goto out3;
if (pthread_cond_init(&(zevtchan->zn_cond), NULL)) {
(void) pthread_mutex_destroy(&(zevtchan->zn_mutex));
goto out3;
}
if (pthread_mutex_init(&(zevtchan->zn_bigmutex), NULL)) {
(void) pthread_mutex_destroy(&(zevtchan->zn_mutex));
(void) pthread_cond_destroy(&(zevtchan->zn_cond));
goto out3;
}
if (sysevent_evc_bind(ZONE_EVENT_CHANNEL, &(zevtchan->zn_eventchan),
0) != 0)
goto out2;
do {
/*
* At 4 digits the subscriber ID gets too long and we have
* no chance of successfully registering.
*/
if (i > 999)
goto out1;
(void) sprintf(zevtchan->zn_subscriber_id, "zone_%li_%i",
getpid() % 999999l, i);
r = sysevent_evc_subscribe(zevtchan->zn_eventchan,
zevtchan->zn_subscriber_id, ZONE_EVENT_STATUS_CLASS, zn_cb,
zevtchan, 0);
i++;
} while (r);
return (zevtchan);
out1:
(void) sysevent_evc_unbind(zevtchan->zn_eventchan);
out2:
(void) pthread_mutex_destroy(&zevtchan->zn_mutex);
(void) pthread_cond_destroy(&zevtchan->zn_cond);
(void) pthread_mutex_destroy(&(zevtchan->zn_bigmutex));
out3:
free(zevtchan);
return (NULL);
}
void
zonecfg_notify_unbind(void *handle)
{
int ret;
(void) sysevent_evc_unbind(((struct znotify *)handle)->zn_eventchan);
/*
* Check that all evc threads have gone away. This should be
* enforced by sysevent_evc_unbind.
*/
ret = pthread_mutex_trylock(&((struct znotify *)handle)->zn_mutex);
if (ret)
abort();
(void) pthread_mutex_unlock(&((struct znotify *)handle)->zn_mutex);
(void) pthread_mutex_destroy(&((struct znotify *)handle)->zn_mutex);
(void) pthread_cond_destroy(&((struct znotify *)handle)->zn_cond);
(void) pthread_mutex_destroy(&((struct znotify *)handle)->zn_bigmutex);
free(handle);
}
static int
zonecfg_add_ds_core(zone_dochandle_t handle, struct zone_dstab *tabptr)
{
xmlNodePtr newnode, cur = handle->zone_dh_cur;
int err;
if ((err = newres(handle, cur, &newnode, DTD_ELEM_DATASET)) != Z_OK)
return (err);
if ((err = newprop(handle, newnode, DTD_ATTR_NAME,
tabptr->zone_dataset_name)) != Z_OK)
return (err);
if ((err = newprop(handle, newnode, DTD_ATTR_ALIAS,
tabptr->zone_dataset_alias)) != Z_OK)
return (err);
return (Z_OK);
}
int
zonecfg_add_ds(zone_dochandle_t handle, struct zone_dstab *tabptr)
{
int err;
if (tabptr == NULL)
return (Z_INVAL);
if ((err = operation_prep(handle)) != Z_OK)
return (err);
if ((err = zonecfg_add_ds_core(handle, tabptr)) != Z_OK)
return (err);
return (Z_OK);
}
static int
zonecfg_delete_ds_core(zone_dochandle_t handle, struct zone_dstab *tabptr)
{
xmlNodePtr cur = handle->zone_dh_cur;
for (cur = cur->xmlChildrenNode; cur != NULL; cur = cur->next) {
if (xmlStrcmp(cur->name, DTD_ELEM_DATASET))
continue;
if (match_prop(handle, cur, DTD_ATTR_NAME,
tabptr->zone_dataset_name)) {
xmlUnlinkNode(cur);
xmlFreeNode(cur);
return (Z_OK);
}
}
return (Z_NO_RESOURCE_ID);
}
int
zonecfg_delete_ds(zone_dochandle_t handle, struct zone_dstab *tabptr)
{
int err;
if (tabptr == NULL)
return (Z_INVAL);
if ((err = operation_prep(handle)) != Z_OK)
return (err);
if ((err = zonecfg_delete_ds_core(handle, tabptr)) != Z_OK)
return (err);
return (Z_OK);
}
int
zonecfg_modify_ds(
zone_dochandle_t handle,
struct zone_dstab *oldtabptr,
struct zone_dstab *newtabptr)
{
int err;
if (oldtabptr == NULL || newtabptr == NULL)
return (Z_INVAL);
if ((err = operation_prep(handle)) != Z_OK)
return (err);
if ((err = zonecfg_delete_ds_core(handle, oldtabptr)) != Z_OK)
return (err);
if ((err = zonecfg_add_ds_core(handle, newtabptr)) != Z_OK)
return (err);
return (Z_OK);
}
int
zonecfg_lookup_ds(zone_dochandle_t handle, struct zone_dstab *tabptr)
{
xmlNodePtr cur, firstmatch;
int err;
char name[MAXNAMELEN];
if (tabptr == NULL)
return (Z_INVAL);
if ((err = operation_prep(handle)) != Z_OK)
return (err);
cur = handle->zone_dh_cur;
firstmatch = NULL;
for (cur = cur->xmlChildrenNode; cur != NULL; cur = cur->next) {
if (xmlStrcmp(cur->name, DTD_ELEM_DATASET))
continue;
if (strlen(tabptr->zone_dataset_name) > 0) {
if ((fetchprop(handle, cur, DTD_ATTR_NAME, name,
sizeof (name)) == Z_OK) &&
(strcmp(tabptr->zone_dataset_name, name) == 0)) {
if (firstmatch == NULL)
firstmatch = cur;
else
return (Z_INSUFFICIENT_SPEC);
}
}
if (strlen(tabptr->zone_dataset_alias) > 0) {
if ((fetchprop(handle, cur, DTD_ATTR_ALIAS, name,
sizeof (name)) == Z_OK) &&
(strcmp(tabptr->zone_dataset_alias, name) == 0)) {
if (firstmatch == NULL)
firstmatch = cur;
else
return (Z_INSUFFICIENT_SPEC);
}
}
}
if (firstmatch == NULL)
return (Z_NO_RESOURCE_ID);
cur = firstmatch;
if ((err = fetchprop(handle, cur, DTD_ATTR_NAME,
tabptr->zone_dataset_name,
sizeof (tabptr->zone_dataset_name))) != Z_OK)
return (err);
if ((err = fetchprop(handle, cur, DTD_ATTR_ALIAS,
tabptr->zone_dataset_alias,
sizeof (tabptr->zone_dataset_alias))) != Z_OK)
return (err);
return (Z_OK);
}
int
zonecfg_setdsent(zone_dochandle_t handle)
{
return (zonecfg_setent(handle));
}
int
zonecfg_getdsent(zone_dochandle_t handle, struct zone_dstab *tabptr)
{
xmlNodePtr cur;
int err;
if (handle == NULL)
return (Z_INVAL);
cur = find_elem_node(handle, DTD_ELEM_DATASET);
if (cur == NULL) {
handle->zone_dh_cur = handle->zone_dh_top;
return (Z_NO_ENTRY);
}
if ((err = fetchprop(handle, cur, DTD_ATTR_NAME,
tabptr->zone_dataset_name,
sizeof (tabptr->zone_dataset_name))) != Z_OK) {
handle->zone_dh_cur = handle->zone_dh_top;
return (err);
}
/* Dataset alias is an optional property. */
if (fetchprop(handle, cur, DTD_ATTR_ALIAS, tabptr->zone_dataset_alias,
sizeof (tabptr->zone_dataset_alias)) != Z_OK) {
tabptr->zone_dataset_alias[0] = '\0';
}
handle->zone_dh_cur = cur->next;
return (Z_OK);
}
int
zonecfg_enddsent(zone_dochandle_t handle)
{
return (zonecfg_endent(handle));
}
/*
* Support for aliased rctls; that is, rctls that have simplified names in
* zonecfg. For example, max-lwps is an alias for a well defined zone.max-lwps
* rctl. If there are multiple existing values for one of these rctls or if
* there is a single value that does not match the well defined template (i.e.
* it has a different action) then we cannot treat the rctl as having an alias
* so we return Z_ALIAS_DISALLOW. That means that the rctl cannot be
* managed in zonecfg via an alias and that the standard rctl syntax must be
* used.
*
* The possible return values are:
* Z_NO_PROPERTY_ID - invalid alias name
* Z_ALIAS_DISALLOW - pre-existing, incompatible rctl definition
* Z_NO_ENTRY - no rctl is configured for this alias
* Z_OK - we got a valid rctl for the specified alias
*/
int
zonecfg_get_aliased_rctl(zone_dochandle_t handle, const char *name,
uint64_t *rval)
{
boolean_t found = B_FALSE;
boolean_t found_val = B_FALSE;
xmlNodePtr cur, val;
char savedname[MAXNAMELEN];
struct zone_rctlvaltab rctl;
int i;
int err;
for (i = 0; aliases[i].shortname != NULL; i++)
if (strcmp(name, aliases[i].shortname) == 0)
break;
if (aliases[i].shortname == NULL)
return (Z_NO_PROPERTY_ID);
if ((err = operation_prep(handle)) != Z_OK)
return (err);
cur = handle->zone_dh_cur;
for (cur = cur->xmlChildrenNode; cur != NULL; cur = cur->next) {
if (xmlStrcmp(cur->name, DTD_ELEM_RCTL) != 0)
continue;
if ((fetchprop(handle, cur, DTD_ATTR_NAME, savedname,
sizeof (savedname)) == Z_OK) &&
(strcmp(savedname, aliases[i].realname) == 0)) {
/*
* If we already saw one of these, we can't have an
* alias since we just found another.
*/
if (found)
return (Z_ALIAS_DISALLOW);
found = B_TRUE;
for (val = cur->xmlChildrenNode; val != NULL;
val = val->next) {
/*
* If we already have one value, we can't have
* an alias since we just found another.
*/
if (found_val)
return (Z_ALIAS_DISALLOW);
found_val = B_TRUE;
if ((fetchprop(handle, val, DTD_ATTR_PRIV,
rctl.zone_rctlval_priv,
sizeof (rctl.zone_rctlval_priv)) != Z_OK))
break;
if ((fetchprop(handle, val, DTD_ATTR_LIMIT,
rctl.zone_rctlval_limit,
sizeof (rctl.zone_rctlval_limit)) != Z_OK))
break;
if ((fetchprop(handle, val, DTD_ATTR_ACTION,
rctl.zone_rctlval_action,
sizeof (rctl.zone_rctlval_action)) != Z_OK))
break;
}
/* check priv and action match the expected vals */
if (strcmp(rctl.zone_rctlval_priv,
aliases[i].priv) != 0 ||
strcmp(rctl.zone_rctlval_action,
aliases[i].action) != 0)
return (Z_ALIAS_DISALLOW);
}
}
if (found) {
*rval = strtoull(rctl.zone_rctlval_limit, NULL, 10);
return (Z_OK);
}
return (Z_NO_ENTRY);
}
int
zonecfg_rm_aliased_rctl(zone_dochandle_t handle, char *name)
{
int i;
uint64_t val;
struct zone_rctltab rctltab;
/*
* First check that we have a valid aliased rctl to remove.
* This will catch an rctl entry with non-standard values or
* multiple rctl values for this name. We need to ignore those
* rctl entries.
*/
if (zonecfg_get_aliased_rctl(handle, name, &val) != Z_OK)
return (Z_OK);
for (i = 0; aliases[i].shortname != NULL; i++)
if (strcmp(name, aliases[i].shortname) == 0)
break;
if (aliases[i].shortname == NULL)
return (Z_NO_RESOURCE_ID);
(void) strlcpy(rctltab.zone_rctl_name, aliases[i].realname,
sizeof (rctltab.zone_rctl_name));
return (zonecfg_delete_rctl(handle, &rctltab));
}
boolean_t
zonecfg_aliased_rctl_ok(zone_dochandle_t handle, char *name)
{
uint64_t tmp_val;
switch (zonecfg_get_aliased_rctl(handle, name, &tmp_val)) {
case Z_OK:
/*FALLTHRU*/
case Z_NO_ENTRY:
return (B_TRUE);
default:
return (B_FALSE);
}
}
int
zonecfg_set_aliased_rctl(zone_dochandle_t handle, char *name, uint64_t val)
{
int i;
int err;
struct zone_rctltab rctltab;
struct zone_rctlvaltab *rctlvaltab;
char buf[128];
if (!zonecfg_aliased_rctl_ok(handle, name))
return (Z_ALIAS_DISALLOW);
for (i = 0; aliases[i].shortname != NULL; i++)
if (strcmp(name, aliases[i].shortname) == 0)
break;
if (aliases[i].shortname == NULL)
return (Z_NO_RESOURCE_ID);
/* remove any pre-existing definition for this rctl */
(void) zonecfg_rm_aliased_rctl(handle, name);
(void) strlcpy(rctltab.zone_rctl_name, aliases[i].realname,
sizeof (rctltab.zone_rctl_name));
rctltab.zone_rctl_valptr = NULL;
if ((rctlvaltab = calloc(1, sizeof (struct zone_rctlvaltab))) == NULL)
return (Z_NOMEM);
(void) snprintf(buf, sizeof (buf), "%llu", (long long)val);
(void) strlcpy(rctlvaltab->zone_rctlval_priv, aliases[i].priv,
sizeof (rctlvaltab->zone_rctlval_priv));
(void) strlcpy(rctlvaltab->zone_rctlval_limit, buf,
sizeof (rctlvaltab->zone_rctlval_limit));
(void) strlcpy(rctlvaltab->zone_rctlval_action, aliases[i].action,
sizeof (rctlvaltab->zone_rctlval_action));
rctlvaltab->zone_rctlval_next = NULL;
if ((err = zonecfg_add_rctl_value(&rctltab, rctlvaltab)) != Z_OK)
return (err);
return (zonecfg_add_rctl(handle, &rctltab));
}
static int
delete_tmp_pool(zone_dochandle_t handle)
{
int err;
xmlNodePtr cur = handle->zone_dh_cur;
if ((err = operation_prep(handle)) != Z_OK)
return (err);
for (cur = cur->xmlChildrenNode; cur != NULL; cur = cur->next) {
if (xmlStrcmp(cur->name, DTD_ELEM_TMPPOOL) == 0) {
xmlUnlinkNode(cur);
xmlFreeNode(cur);
return (Z_OK);
}
}
return (Z_NO_RESOURCE_ID);
}
static int
modify_tmp_pool(zone_dochandle_t handle, char *pool_importance)
{
int err;
xmlNodePtr cur = handle->zone_dh_cur;
xmlNodePtr newnode;
err = delete_tmp_pool(handle);
if (err != Z_OK && err != Z_NO_RESOURCE_ID)
return (err);
if (*pool_importance != '\0') {
if ((err = operation_prep(handle)) != Z_OK)
return (err);
newnode = xmlNewTextChild(cur, NULL, DTD_ELEM_TMPPOOL, NULL);
if ((err = newprop(handle, newnode, DTD_ATTR_IMPORTANCE,
pool_importance)) != Z_OK)
return (err);
}
return (Z_OK);
}
static int
add_pset_core(zone_dochandle_t handle, struct zone_psettab *tabptr)
{
xmlNodePtr newnode, cur = handle->zone_dh_cur;
int err;
newnode = xmlNewTextChild(cur, NULL, DTD_ELEM_PSET, NULL);
if ((err = newprop(handle, newnode, DTD_ATTR_NCPU_MIN,
tabptr->zone_ncpu_min)) != Z_OK)
return (err);
if ((err = newprop(handle, newnode, DTD_ATTR_NCPU_MAX,
tabptr->zone_ncpu_max)) != Z_OK)
return (err);
if ((err = modify_tmp_pool(handle, tabptr->zone_importance)) != Z_OK)
return (err);
return (Z_OK);
}
int
zonecfg_add_pset(zone_dochandle_t handle, struct zone_psettab *tabptr)
{
int err;
if (tabptr == NULL)
return (Z_INVAL);
if ((err = operation_prep(handle)) != Z_OK)
return (err);
if ((err = add_pset_core(handle, tabptr)) != Z_OK)
return (err);
return (Z_OK);
}
int
zonecfg_delete_pset(zone_dochandle_t handle)
{
int err;
int res = Z_NO_RESOURCE_ID;
xmlNodePtr cur = handle->zone_dh_cur;
if ((err = operation_prep(handle)) != Z_OK)
return (err);
for (cur = cur->xmlChildrenNode; cur != NULL; cur = cur->next) {
if (xmlStrcmp(cur->name, DTD_ELEM_PSET) == 0) {
xmlUnlinkNode(cur);
xmlFreeNode(cur);
res = Z_OK;
break;
}
}
/*
* Once we have msets, we should check that a mset
* do not exist before we delete the tmp_pool data.
*/
err = delete_tmp_pool(handle);
if (err != Z_OK && err != Z_NO_RESOURCE_ID)
return (err);
return (res);
}
int
zonecfg_modify_pset(zone_dochandle_t handle, struct zone_psettab *tabptr)
{
int err;
if (tabptr == NULL)
return (Z_INVAL);
if ((err = zonecfg_delete_pset(handle)) != Z_OK)
return (err);
if ((err = add_pset_core(handle, tabptr)) != Z_OK)
return (err);
return (Z_OK);
}
int
zonecfg_lookup_pset(zone_dochandle_t handle, struct zone_psettab *tabptr)
{
xmlNodePtr cur;
int err;
int res = Z_NO_ENTRY;
if (tabptr == NULL)
return (Z_INVAL);
if ((err = operation_prep(handle)) != Z_OK)
return (err);
/* this is an optional component */
tabptr->zone_importance[0] = '\0';
cur = handle->zone_dh_cur;
for (cur = cur->xmlChildrenNode; cur != NULL; cur = cur->next) {
if (xmlStrcmp(cur->name, DTD_ELEM_PSET) == 0) {
if ((err = fetchprop(handle, cur, DTD_ATTR_NCPU_MIN,
tabptr->zone_ncpu_min,
sizeof (tabptr->zone_ncpu_min))) != Z_OK) {
handle->zone_dh_cur = handle->zone_dh_top;
return (err);
}
if ((err = fetchprop(handle, cur, DTD_ATTR_NCPU_MAX,
tabptr->zone_ncpu_max,
sizeof (tabptr->zone_ncpu_max))) != Z_OK) {
handle->zone_dh_cur = handle->zone_dh_top;
return (err);
}
res = Z_OK;
} else if (xmlStrcmp(cur->name, DTD_ELEM_TMPPOOL) == 0) {
if ((err = fetchprop(handle, cur, DTD_ATTR_IMPORTANCE,
tabptr->zone_importance,
sizeof (tabptr->zone_importance))) != Z_OK) {
handle->zone_dh_cur = handle->zone_dh_top;
return (err);
}
}
}
return (res);
}
int
zonecfg_getpsetent(zone_dochandle_t handle, struct zone_psettab *tabptr)
{
int err;
if ((err = zonecfg_setent(handle)) != Z_OK)
return (err);
err = zonecfg_lookup_pset(handle, tabptr);
(void) zonecfg_endent(handle);
return (err);
}
static int
add_mcap(zone_dochandle_t handle, struct zone_mcaptab *tabptr)
{
xmlNodePtr newnode, cur = handle->zone_dh_cur;
int err;
if ((err = newres(handle, cur, &newnode, DTD_ELEM_MCAP)) != Z_OK)
return (err);
if ((err = newprop(handle, newnode, DTD_ATTR_PHYSCAP,
tabptr->zone_physmem_cap)) != Z_OK)
return (err);
return (Z_OK);
}
int
zonecfg_delete_mcap(zone_dochandle_t handle)
{
int err;
xmlNodePtr cur = handle->zone_dh_cur;
if ((err = operation_prep(handle)) != Z_OK)
return (err);
for (cur = cur->xmlChildrenNode; cur != NULL; cur = cur->next) {
if (xmlStrcmp(cur->name, DTD_ELEM_MCAP) != 0)
continue;
xmlUnlinkNode(cur);
xmlFreeNode(cur);
return (Z_OK);
}
return (Z_NO_RESOURCE_ID);
}
int
zonecfg_modify_mcap(zone_dochandle_t handle, struct zone_mcaptab *tabptr)
{
int err;
if (tabptr == NULL)
return (Z_INVAL);
err = zonecfg_delete_mcap(handle);
/* it is ok if there is no mcap entry */
if (err != Z_OK && err != Z_NO_RESOURCE_ID)
return (err);
if ((err = add_mcap(handle, tabptr)) != Z_OK)
return (err);
return (Z_OK);
}
int
zonecfg_lookup_mcap(zone_dochandle_t handle, struct zone_mcaptab *tabptr)
{
xmlNodePtr cur;
int err;
if (tabptr == NULL)
return (Z_INVAL);
if ((err = operation_prep(handle)) != Z_OK)
return (err);
cur = handle->zone_dh_cur;
for (cur = cur->xmlChildrenNode; cur != NULL; cur = cur->next) {
if (xmlStrcmp(cur->name, DTD_ELEM_MCAP) != 0)
continue;
if ((err = fetchprop(handle, cur, DTD_ATTR_PHYSCAP,
tabptr->zone_physmem_cap,
sizeof (tabptr->zone_physmem_cap))) != Z_OK) {
handle->zone_dh_cur = handle->zone_dh_top;
return (err);
}
return (Z_OK);
}
return (Z_NO_ENTRY);
}
static int
getmcapent_core(zone_dochandle_t handle, struct zone_mcaptab *tabptr)
{
xmlNodePtr cur;
int err;
if (handle == NULL)
return (Z_INVAL);
cur = find_elem_node(handle, DTD_ELEM_MCAP);
if (cur == NULL) {
handle->zone_dh_cur = handle->zone_dh_top;
return (Z_NO_ENTRY);
}
if ((err = fetchprop(handle, cur, DTD_ATTR_PHYSCAP,
tabptr->zone_physmem_cap,
sizeof (tabptr->zone_physmem_cap))) != Z_OK) {
handle->zone_dh_cur = handle->zone_dh_top;
return (err);
}
handle->zone_dh_cur = cur->next;
return (Z_OK);
}
int
zonecfg_getmcapent(zone_dochandle_t handle, struct zone_mcaptab *tabptr)
{
int err;
if ((err = zonecfg_setent(handle)) != Z_OK)
return (err);
err = getmcapent_core(handle, tabptr);
(void) zonecfg_endent(handle);
return (err);
}
/* PRINTFLIKE1 */
static void
zerror(const char *zone_name, const char *fmt, ...)
{
va_list alist;
va_start(alist, fmt);
(void) fprintf(stderr, "zone '%s': ", zone_name);
(void) vfprintf(stderr, fmt, alist);
(void) fprintf(stderr, "\n");
va_end(alist);
}
static void
zperror(const char *str)
{
(void) fprintf(stderr, "%s: %s\n", str, strerror(errno));
}
/*
* The following routines implement a simple locking mechanism to
* ensure that only one zone utility at a time is able to manipulate
* a given zone. The lock is built on top of an fcntl(2) lock of
* [<altroot>]_PATH_SYSVOL/zones/<zonename>.zoneadm.lock. If a utility
* can grab that lock, it is allowed to manipulate the zone.
*
* One of these lock files is created for each zone (when needed). The
* lock files are not cleaned up (except on system reboot), but since
* there is only one per zone, there is no resource starvation issue.
*
* Since zoneadm may call external applications which in turn invoke
* zoneadm again, we introduce the notion of "lock inheritance". Any
* instance of zoneadm that has another instance in its ancestry is assumed
* to be acting on behalf of the original zoneadm, and is thus allowed to
* manipulate its zone.
*
* This inheritance is implemented by checking if the process holding the
* lock is an ancestor of the current process.
*/
/*
* Check if the supplied pid is an ancestor of the current process.
* Return: 1 if ancestor, 0 if not, -1 on error.
*/
static int
pid_is_ancestor(const char *zone_name, pid_t p)
{
pid_t curr = getpid();
pid_t last;
char pname[100]; /* ptree uses this array size */
int procfd;
psinfo_t info;
do {
last = curr;
(void) snprintf(pname, sizeof (pname), "/proc/%d/psinfo", curr);
if ((procfd = open(pname, O_RDONLY)) == -1) {
zerror(zone_name, gettext("could not open %s: %s"),
pname, strerror(errno));
return (-1);
}
/*
* Get the info structure for the process and close quickly.
*/
if (read(procfd, &info, sizeof (info)) != sizeof (info)) {
(void) close(procfd);
zerror(zone_name, gettext("could not read %s: %s"),
pname, strerror(errno));
return (-1);
}
(void) close(procfd);
curr = info.pr_ppid;
if (p == curr)
return (1);
} while (curr != last);
return (0);
}
/*
* Determine which pid (if any) has a lock on the supplied fd.
* Return: 0 if unlocked (or locked by current process) or pid of
* locking process, -1 on error.
*/
static pid_t
get_lock_owner(const char *zone_name, int lockfd)
{
struct flock flock;
/*
* Lock the file to synchronize with other utilities
*/
flock.l_type = F_WRLCK;
flock.l_whence = SEEK_SET;
flock.l_start = (off_t)0;
flock.l_len = (off_t)0;
if ((fcntl(lockfd, F_GETLK, &flock) < 0)) {
zerror(zone_name, gettext("unable to read lock: %s"),
strerror(errno));
return (-1);
}
if (flock.l_type == F_UNLCK)
return (0);
return (flock.l_pid);
}
/*
* Ensure the lock file path exists.
* Return: 0 on success, -1 on error.
*/
static int
create_lock_file_path(const char *zone_name)
{
char pathbuf[PATH_MAX];
if (snprintf(pathbuf, sizeof (pathbuf), "%s%s", zonecfg_get_root(),
ZONES_TMPDIR) >= sizeof (pathbuf)) {
zerror(zone_name, gettext("root path is too long"));
return (-1);
}
if (mkdir(pathbuf, S_IRWXU) < 0 && errno != EEXIST) {
zerror(zone_name, gettext("could not mkdir %s: %s"), pathbuf,
strerror(errno));
return (-1);
}
(void) chmod(pathbuf, S_IRWXU);
return (0);
}
int
zonecfg_grab_lock_file(const char *zone_name)
{
char pathbuf[PATH_MAX];
struct flock flock;
struct stat s;
pid_t owner;
int lockfd;
assert(zone_name != NULL);
if (snprintf(pathbuf, sizeof (pathbuf), "%s%s/%s.zoneadm.lock",
zonecfg_get_root(), ZONES_TMPDIR, zone_name) >= sizeof (pathbuf)) {
zerror(zone_name, gettext("root path is too long"));
return (-1);
}
if (stat(pathbuf, &s) < 0) {
if (errno != ENOENT) {
zerror(zone_name, gettext("could not stat %s: %s"),
pathbuf, strerror(errno));
return (-1);
}
if (create_lock_file_path(zone_name) < 0)
return (-1);
}
if ((lockfd = open(pathbuf, O_RDWR|O_CREAT, S_IRUSR|S_IWUSR)) < 0) {
zerror(zone_name, gettext("could not open %s: %s"), pathbuf,
strerror(errno));
return (-1);
}
/*
* Try to get details of the current lock owner. Return
* an error if we can't get the details.
*/
if ((owner = get_lock_owner(zone_name, lockfd)) == -1) {
(void) close(lockfd);
return (-1);
}
/*
* If an ancestor has previously locked this file,
* return success.
*/
if (owner > 0) {
switch (pid_is_ancestor(zone_name, owner)) {
case -1:
(void) close(lockfd);
return (-1);
case 0:
break;
case 1:
(void) close(lockfd);
return (Z_OK);
}
}
/*
* At this point, either the owner is 0 (which means the file is
* locked by this process, or unlocked) or the owner is not
* an ancestor. Try to lock it. We don't wait for the lock, this
* allows the user to control re-try behaviour.
*/
flock.l_type = F_WRLCK;
flock.l_whence = SEEK_SET;
flock.l_start = (off_t)0;
flock.l_len = (off_t)0;
if (fcntl(lockfd, F_SETLK, &flock) < 0) {
zerror(zone_name, gettext("unable to lock %s: %s"), pathbuf,
strerror(errno));
(void) close(lockfd);
return (-1);
}
/*
* We have locked the file, return success.
*/
return (Z_OK);
}
int
zonecfg_release_lock_file(const char *zone_name)
{
char pathbuf[PATH_MAX];
struct stat s;
pid_t owner;
int lockfd;
assert(zone_name != NULL);
if (snprintf(pathbuf, sizeof (pathbuf), "%s%s/%s.zoneadm.lock",
zonecfg_get_root(), ZONES_TMPDIR, zone_name) >= sizeof (pathbuf)) {
zerror(zone_name, gettext("root path is too long"));
return (-1);
}
if (stat(pathbuf, &s) < 0) {
zerror(zone_name, gettext("could not stat %s: %s"),
pathbuf, strerror(errno));
return (-1);
}
if ((lockfd = open(pathbuf, O_RDWR, S_IRUSR|S_IWUSR)) < 0) {
zerror(zone_name, gettext("could not open %s: %s"), pathbuf,
strerror(errno));
return (-1);
}
/*
* Try to get details of the current lock owner. Return
* an error if we can't get the details.
*/
if ((owner = get_lock_owner(zone_name, lockfd)) == -1) {
(void) close(lockfd);
return (-1);
}
/*
* If the file is locked by a non-ancestral process, then we
* cannot unlock it and must return failure. If the owner is
* an ancestor, simply close the file descriptor and return
* success.
*/
if (owner > 0) {
switch (pid_is_ancestor(zone_name, owner)) {
case -1:
case 0:
(void) close(lockfd);
return (-1);
case 1:
(void) close(lockfd);
return (Z_OK);
}
}
/*
* At this point, the owner must be 0. This means either that
* the file is unlocked OR that it has been locked by this
* process. In either case, simply closing the file descriptor
* and returning success is the correct course of action.
*/
(void) close(lockfd);
return (Z_OK);
}
static boolean_t
get_doorname(const char *zone_name, char *buffer)
{
return (snprintf(buffer, PATH_MAX, "%s" ZONE_DOOR_PATH,
zonecfg_get_root(), zone_name) < PATH_MAX);
}
/*
* system daemons are not audited. For the global zone, this occurs
* "naturally" since init is started with the default audit
* characteristics. Since zoneadmd is a system daemon and it starts
* init for a zone, it is necessary to clear out the audit
* characteristics inherited from whomever started zoneadmd. This is
* indicated by the audit id, which is set from the ruid parameter of
* adt_set_user(), below.
*/
static void
prepare_audit_context(const char *zone_name)
{
adt_session_data_t *ah;
char *failure = gettext("audit failure: %s");
if (adt_start_session(&ah, NULL, 0)) {
zerror(zone_name, failure, strerror(errno));
return;
}
if (adt_set_user(ah, ADT_NO_AUDIT, ADT_NO_AUDIT,
ADT_NO_AUDIT, ADT_NO_AUDIT, NULL, ADT_NEW)) {
zerror(zone_name, failure, strerror(errno));
(void) adt_end_session(ah);
return;
}
if (adt_set_proc(ah))
zerror(zone_name, failure, strerror(errno));
(void) adt_end_session(ah);
}
static int
is_door_open(const char *zone_name)
{
char doorpath[PATH_MAX];
struct door_info info;
int doorfd;
if (!get_doorname(zone_name, doorpath))
return (-1);
if ((doorfd = open(doorpath, O_RDONLY)) != -1) {
if (door_info(doorfd, &info) == 0 &&
((info.di_attributes & DOOR_REVOKED) == 0)) {
(void) close(doorfd);
return (1);
}
(void) close(doorfd);
return (0);
} else if (errno != ENOENT) {
zerror(zone_name, gettext("failed to open %s: %s"), doorpath,
strerror(errno));
return (-1);
}
return (0);
}
int
zonecfg_start_zoneadmd(const char *zone_name)
{
pid_t retval, child_pid;
int pstatus = 0, error = -1, release = 0;
/*
* First try the door without any lock: the lock might be held
* already, with a functional zoneadmd running.
*/
switch (is_door_open(zone_name)) {
case -1:
return (-1);
case 0:
break;
case 1:
error = Z_OK;
goto out;
}
/*
* The zoneadmd door isn't open; try to start zoneadmd. We want
* to hold the lock to prevent racing against other clients.
* zoneadmd will detect this, and fail, but we prefer this to be
* as seamless as is practical, from a user perspective.
*/
if (zonecfg_grab_lock_file(zone_name) != Z_OK)
return (-1);
release = 1;
/*
* Recheck the door.
*/
switch (is_door_open(zone_name)) {
case -1:
goto out;
case 0:
break;
case 1:
goto out;
}
if ((child_pid = fork()) == -1) {
zperror(gettext("could not fork"));
goto out;
} else if (child_pid == 0) {
/* child process */
const char *argv[6], **ap;
prepare_audit_context(zone_name);
ap = argv;
*ap++ = "zoneadmd";
*ap++ = "-z";
*ap++ = zone_name;
if (zonecfg_in_alt_root()) {
*ap++ = "-R";
*ap++ = zonecfg_get_root();
}
*ap = NULL;
(void) execv("/usr/lib/zones/zoneadmd", (char * const *)argv);
/*
* TRANSLATION_NOTE
* zoneadmd is a literal that should not be translated.
*/
zperror(gettext("could not exec zoneadmd"));
_exit(1);
}
/* parent process */
do {
retval = waitpid(child_pid, &pstatus, 0);
} while (retval != child_pid);
if (WIFSIGNALED(pstatus) ||
(WIFEXITED(pstatus) && WEXITSTATUS(pstatus) != 0)) {
zerror(zone_name, gettext("could not start %s"), "zoneadmd");
goto out;
}
error = Z_OK;
out:
if (release == 1) {
/*
* Release the lock file. Only update the error status if
* there are no errors so far.
*/
if (error == Z_OK)
error = zonecfg_release_lock_file(zone_name);
else
(void) zonecfg_release_lock_file(zone_name);
}
return (error);
}
int
zonecfg_ping_zoneadmd(const char *zone_name)
{
char doorpath[PATH_MAX];
int doorfd;
struct door_info info;
if (!get_doorname(zone_name, doorpath))
return (-1);
if ((doorfd = open(doorpath, O_RDONLY)) < 0) {
return (-1);
}
if (door_info(doorfd, &info) == 0 &&
((info.di_attributes & DOOR_REVOKED) == 0)) {
(void) close(doorfd);
return (Z_OK);
}
(void) close(doorfd);
return (-1);
}
int
zonecfg_call_zoneadmd(const char *zone_name, zone_cmd_arg_t *arg, char *locale)
{
char doorpath[PATH_MAX];
int doorfd, result;
door_arg_t darg;
zoneid_t zoneid;
uint64_t uniqid = 0;
zone_cmd_rval_t *rvalp;
size_t rlen;
char *cp, *errbuf;
rlen = getpagesize();
if ((rvalp = malloc(rlen)) == NULL) {
zerror(zone_name, gettext("failed to allocate %lu bytes: %s"),
rlen, strerror(errno));
return (-1);
}
if ((zoneid = getzoneidbyname(zone_name)) != ZONE_ID_UNDEFINED) {
(void) zone_getattr(zoneid, ZONE_ATTR_UNIQID, &uniqid,
sizeof (uniqid));
}
arg->uniqid = uniqid;
(void) strlcpy(arg->locale, locale, sizeof (arg->locale));
if (!get_doorname(zone_name, doorpath)) {
zerror(zone_name, gettext("alternate root path is too long"));
free(rvalp);
return (-1);
}
/*
* Loop trying to start zoneadmd; if something goes seriously
* wrong we break out and fail.
*/
for (;;) {
if (zonecfg_start_zoneadmd(zone_name) != Z_OK)
break;
if ((doorfd = open(doorpath, O_RDONLY)) < 0) {
zperror(gettext("failed to open zone door"));
break;
}
darg.data_ptr = (char *)arg;
darg.data_size = sizeof (*arg);
darg.desc_ptr = NULL;
darg.desc_num = 0;
darg.rbuf = (char *)rvalp;
darg.rsize = rlen;
if (door_call(doorfd, &darg) != 0) {
(void) close(doorfd);
/*
* We'll get EBADF if the door has been revoked.
*/
if (errno != EBADF) {
zperror(gettext("door_call failed"));
break;
}
continue; /* take another lap */
}
(void) close(doorfd);
if (darg.data_size == 0) {
/* Door server is going away; kick it again. */
continue;
}
errbuf = rvalp->errbuf;
while (*errbuf != '\0') {
/*
* Remove any newlines since zerror()
* will append one automatically.
*/
cp = strchr(errbuf, '\n');
if (cp != NULL)
*cp = '\0';
zerror(zone_name, "%s", errbuf);
if (cp == NULL)
break;
errbuf = cp + 1;
}
result = rvalp->rval == 0 ? 0 : -1;
free(rvalp);
return (result);
}
free(rvalp);
return (-1);
}
boolean_t
zonecfg_valid_auths(const char *auths, const char *zonename)
{
char *right;
char *tmpauths;
char *lasts;
char authname[MAXAUTHS];
boolean_t status = B_TRUE;
tmpauths = strdup(auths);
if (tmpauths == NULL) {
zerror(zonename, gettext("Out of memory"));
return (B_FALSE);
}
right = strtok_r(tmpauths, ",", &lasts);
while (right != NULL) {
(void) snprintf(authname, MAXAUTHS, "%s%s",
ZONE_AUTH_PREFIX, right);
if (getauthnam(authname) == NULL) {
status = B_FALSE;
zerror(zonename,
gettext("'%s' is not a valid authorization"),
right);
}
right = strtok_r(NULL, ",", &lasts);
}
free(tmpauths);
return (status);
}
int
zonecfg_delete_admins(zone_dochandle_t handle, char *zonename)
{
int err;
struct zone_admintab admintab;
boolean_t changed = B_FALSE;
if ((err = zonecfg_setadminent(handle)) != Z_OK) {
return (err);
}
while (zonecfg_getadminent(handle, &admintab) == Z_OK) {
err = zonecfg_delete_admin(handle, &admintab,
zonename);
if (err != Z_OK) {
(void) zonecfg_endadminent(handle);
return (err);
} else {
changed = B_TRUE;
}
if ((err = zonecfg_setadminent(handle)) != Z_OK) {
return (err);
}
}
(void) zonecfg_endadminent(handle);
return (changed? Z_OK:Z_NO_ENTRY);
}
/*
* Checks if a long authorization applies to this zone.
* If so, it returns true, after destructively stripping
* the authorization of its prefix and zone suffix.
*/
static boolean_t
is_zone_auth(char **auth, char *zonename, char *oldzonename)
{
char *suffix;
size_t offset;
offset = strlen(ZONE_AUTH_PREFIX);
if ((strncmp(*auth, ZONE_AUTH_PREFIX, offset) == 0) &&
((suffix = strchr(*auth, '/')) != NULL)) {
if (strcmp(suffix + 1, zonename) == 0) {
*auth += offset;
suffix[0] = '\0';
return (B_TRUE);
} else if ((oldzonename != NULL) &&
(strcmp(suffix + 1, oldzonename) == 0)) {
*auth += offset;
suffix[0] = '\0';
return (B_TRUE);
}
}
return (B_FALSE);
}
/*
* This function determines whether the zone-specific authorization
* assignments in /etc/user_attr have been changed more recently
* than the equivalent data stored in the zone's configuration file.
* This should only happen if the zone-specific authorizations in
* the user_attr file were modified using a tool other than zonecfg.
* If the configuration file is out-of-date with respect to these
* authorization assignments, it is updated to match those specified
* in /etc/user_attr.
*/
int
zonecfg_update_userauths(zone_dochandle_t handle, char *zonename)
{
userattr_t *ua_ptr;
char *authlist;
char *lasts;
FILE *uaf;
struct zone_admintab admintab;
struct stat config_st, ua_st;
char config_file[MAXPATHLEN];
boolean_t changed = B_FALSE;
int err;
if ((uaf = fopen(USERATTR_FILENAME, "r")) == NULL) {
zerror(zonename, gettext("could not open file %s: %s"),
USERATTR_FILENAME, strerror(errno));
if (errno == EACCES)
return (Z_ACCES);
if (errno == ENOENT)
return (Z_NO_ZONE);
return (Z_MISC_FS);
}
if ((err = fstat(fileno(uaf), &ua_st)) != 0) {
zerror(zonename, gettext("could not stat file %s: %s"),
USERATTR_FILENAME, strerror(errno));
(void) fclose(uaf);
return (Z_MISC_FS);
}
if (!config_file_path(zonename, config_file)) {
(void) fclose(uaf);
return (Z_MISC_FS);
}
if ((err = stat(config_file, &config_st)) != 0) {
zerror(zonename, gettext("could not stat file %s: %s"),
config_file, strerror(errno));
(void) fclose(uaf);
return (Z_MISC_FS);
}
if (config_st.st_mtime >= ua_st.st_mtime) {
(void) fclose(uaf);
return (Z_NO_ENTRY);
}
if ((err = zonecfg_delete_admins(handle, zonename)) == Z_OK) {
changed = B_TRUE;
} else if (err != Z_NO_ENTRY) {
(void) fclose(uaf);
return (err);
}
while ((ua_ptr = fgetuserattr(uaf)) != NULL) {
if (ua_ptr->name[0] == '#') {
continue;
}
authlist = kva_match(ua_ptr->attr, USERATTR_AUTHS_KW);
if (authlist != NULL) {
char *cur_auth;
boolean_t first;
first = B_TRUE;
bzero(&admintab.zone_admin_auths, MAXAUTHS);
cur_auth = strtok_r(authlist, ",", &lasts);
while (cur_auth != NULL) {
if (is_zone_auth(&cur_auth, zonename,
NULL)) {
/*
* Add auths for this zone
*/
if (first) {
first = B_FALSE;
} else {
(void) strlcat(
admintab.zone_admin_auths,
",", MAXAUTHS);
}
(void) strlcat(
admintab.zone_admin_auths,
cur_auth, MAXAUTHS);
}
cur_auth = strtok_r(NULL, ",", &lasts);
}
if (!first) {
/*
* Add this right to config file
*/
(void) strlcpy(admintab.zone_admin_user,
ua_ptr->name,
sizeof (admintab.zone_admin_user));
err = zonecfg_add_admin(handle,
&admintab, zonename);
if (err != Z_OK) {
(void) fclose(uaf);
return (err);
} else {
changed = B_TRUE;
}
}
}
} /* end-of-while-loop */
(void) fclose(uaf);
return (changed? Z_OK: Z_NO_ENTRY);
}
static void
update_profiles(char *rbac_profs, boolean_t add)
{
char new_profs[MAXPROFS];
char *cur_prof;
boolean_t first = B_TRUE;
boolean_t found = B_FALSE;
char *lasts;
cur_prof = strtok_r(rbac_profs, ",", &lasts);
while (cur_prof != NULL) {
if (strcmp(cur_prof, ZONE_MGMT_PROF) == 0) {
found = B_TRUE;
if (!add) {
cur_prof = strtok_r(NULL, ",", &lasts);
continue;
}
}
if (first) {
first = B_FALSE;
} else {
(void) strlcat(new_profs, ",",
MAXPROFS);
}
(void) strlcat(new_profs, cur_prof,
MAXPROFS);
cur_prof = strtok_r(NULL, ",", &lasts);
}
/*
* Now prepend the Zone Management profile at the beginning
* of the list if it is needed, and append the rest.
* Return the updated list in the original buffer.
*/
if (add && !found) {
first = B_FALSE;
(void) strlcpy(rbac_profs, ZONE_MGMT_PROF, MAXPROFS);
} else {
first = B_TRUE;
rbac_profs[0] = '\0';
}
if (strlen(new_profs) > 0) {
if (!first)
(void) strlcat(rbac_profs, ",", MAXPROFS);
(void) strlcat(rbac_profs, new_profs, MAXPROFS);
}
}
#define MAX_CMD_LEN 1024
static int
do_subproc(char *zonename, char *cmdbuf)
{
char inbuf[MAX_CMD_LEN];
FILE *file;
int status;
file = popen(cmdbuf, "r");
if (file == NULL) {
zerror(zonename, gettext("Could not launch: %s"), cmdbuf);
return (-1);
}
while (fgets(inbuf, sizeof (inbuf), file) != NULL)
(void) fprintf(stderr, "%s", inbuf);
status = pclose(file);
if (WIFSIGNALED(status)) {
zerror(zonename, gettext("%s unexpectedly terminated "
"due to signal %d"),
cmdbuf, WTERMSIG(status));
return (-1);
}
assert(WIFEXITED(status));
return (WEXITSTATUS(status));
}
/*
* This function updates the local /etc/user_attr file to
* correspond to the admin settings that are currently being
* committed. The updates are done via usermod and/or rolemod
* depending on the type of the specified user. It is also
* invoked to remove entries from user_attr corresponding to
* removed admin assignments, using an empty auths string.
*
* Because the removed entries are no longer included in the
* cofiguration that is being committed, a linked list of
* removed admin entries is maintained to keep track of such
* transactions. The head of the list is stored in the zone_dh_userauths
* element of the handle strcture.
*/
static int
zonecfg_authorize_user_impl(zone_dochandle_t handle, char *user,
char *auths, char *zonename)
{
char *right;
char old_auths[MAXAUTHS];
char new_auths[MAXAUTHS];
char rbac_profs[MAXPROFS];
char *lasts;
userattr_t *u;
boolean_t first = B_TRUE;
boolean_t is_zone_admin = B_FALSE;
char user_cmd[] = "/usr/sbin/usermod";
char role_cmd[] = "/usr/sbin/rolemod";
char *auths_cmd = user_cmd; /* either usermod or rolemod */
char *new_auth_start; /* string containing the new auths */
int new_auth_cnt = 0; /* delta of changed authorizations */
/*
* First get the existing authorizations for this user
*/
bzero(&old_auths, sizeof (old_auths));
bzero(&new_auths, sizeof (new_auths));
bzero(&rbac_profs, sizeof (rbac_profs));
if ((u = getusernam(user)) != NULL) {
char *current_auths;
char *current_profs;
char *type;
type = kva_match(u->attr, USERATTR_TYPE_KW);
if (type != NULL) {
if (strcmp(type, USERATTR_TYPE_NONADMIN_KW) == 0)
auths_cmd = role_cmd;
}
current_auths = kva_match(u->attr, USERATTR_AUTHS_KW);
if (current_auths != NULL) {
char *cur_auth;
char *delete_name;
size_t offset;
offset = strlen(ZONE_AUTH_PREFIX);
(void) strlcpy(old_auths, current_auths, MAXAUTHS);
cur_auth = strtok_r(current_auths, ",", &lasts);
/*
* Next, remove any existing authorizations
* for this zone, and determine if the
* user still needs the Zone Management Profile.
*/
if (is_renaming(handle))
delete_name = handle->zone_dh_delete_name;
else
delete_name = NULL;
while (cur_auth != NULL) {
if (!is_zone_auth(&cur_auth, zonename,
delete_name)) {
if (first) {
first = B_FALSE;
} else {
(void) strlcat(new_auths, ",",
MAXAUTHS);
}
(void) strlcat(new_auths, cur_auth,
MAXAUTHS);
/*
* If the user has authorizations
* for other zones, then set a
* flag indicate that the Zone
* Management profile should be
* preserved in user_attr.
*/
if (strncmp(cur_auth,
ZONE_AUTH_PREFIX, offset) == 0)
is_zone_admin = B_TRUE;
} else {
new_auth_cnt++;
}
cur_auth = strtok_r(NULL, ",", &lasts);
}
}
current_profs = kva_match(u->attr, USERATTR_PROFILES_KW);
if (current_profs != NULL) {
(void) strlcpy(rbac_profs, current_profs, MAXPROFS);
}
free_userattr(u);
}
/*
* The following is done to avoid revisiting the
* user_attr entry for this user
*/
(void) zonecfg_remove_userauths(handle, user, "", B_FALSE);
/*
* Convert each right into a properly formatted authorization
*/
new_auth_start = new_auths + strlen(new_auths);
if (!first)
new_auth_start++;
right = strtok_r(auths, ",", &lasts);
while (right != NULL) {
char auth[MAXAUTHS];
(void) snprintf(auth, MAXAUTHS, "%s%s/%s",
ZONE_AUTH_PREFIX, right, zonename);
if (first) {
first = B_FALSE;
} else {
(void) strlcat(new_auths, ",", MAXAUTHS);
}
(void) strlcat(new_auths, auth, MAXAUTHS);
is_zone_admin = B_TRUE;
new_auth_cnt--;
right = strtok_r(NULL, ",", &lasts);
}
/*
* Need to update the authorizations in user_attr unless
* the number of old and new authorizations is unchanged
* and the new auths are a substrings of the old auths.
*
* If the user's previous authorizations have changed
* execute the usermod progam to update them in user_attr.
*/
if ((new_auth_cnt != 0) ||
(strstr(old_auths, new_auth_start) == NULL)) {
char *cmdbuf;
size_t cmd_len;
update_profiles(rbac_profs, is_zone_admin);
cmd_len = snprintf(NULL, 0, "%s -A \"%s\" -P \"%s\" %s",
auths_cmd, new_auths, rbac_profs, user) + 1;
if ((cmdbuf = malloc(cmd_len)) == NULL) {
return (Z_NOMEM);
}
(void) snprintf(cmdbuf, cmd_len, "%s -A \"%s\" -P \"%s\" %s",
auths_cmd, new_auths, rbac_profs, user);
if (do_subproc(zonename, cmdbuf) != 0) {
free(cmdbuf);
return (Z_SYSTEM);
}
free(cmdbuf);
}
return (Z_OK);
}
int
zonecfg_authorize_users(zone_dochandle_t handle, char *zonename)
{
xmlNodePtr cur;
int err;
char user[MAXUSERNAME];
char auths[MAXAUTHS];
if ((err = operation_prep(handle)) != Z_OK)
return (err);
cur = handle->zone_dh_cur;
for (cur = cur->xmlChildrenNode; cur != NULL; cur = cur->next) {
if (xmlStrcmp(cur->name, DTD_ELEM_ADMIN))
continue;
if (fetchprop(handle, cur, DTD_ATTR_USER, user,
sizeof (user)) != Z_OK)
continue;
if (fetchprop(handle, cur, DTD_ATTR_AUTHS, auths,
sizeof (auths)) != Z_OK)
continue;
if (zonecfg_authorize_user_impl(handle, user, auths, zonename)
!= Z_OK)
return (Z_SYSTEM);
}
(void) zonecfg_remove_userauths(handle, "", "", B_TRUE);
return (Z_OK);
}
int
zonecfg_deauthorize_user(zone_dochandle_t handle, char *user, char *zonename)
{
return (zonecfg_authorize_user_impl(handle, user, "", zonename));
}
int
zonecfg_deauthorize_users(zone_dochandle_t handle, char *zonename)
{
xmlNodePtr cur;
int err;
char user[MAXUSERNAME];
if ((err = operation_prep(handle)) != Z_OK)
return (err);
cur = handle->zone_dh_cur;
for (cur = cur->xmlChildrenNode; cur != NULL; cur = cur->next) {
if (xmlStrcmp(cur->name, DTD_ELEM_ADMIN))
continue;
if (fetchprop(handle, cur, DTD_ATTR_USER, user,
sizeof (user)) != Z_OK)
continue;
if ((err = zonecfg_deauthorize_user(handle, user,
zonename)) != Z_OK)
return (err);
}
return (Z_OK);
}
int
zonecfg_insert_userauths(zone_dochandle_t handle, char *user, char *zonename)
{
zone_userauths_t *new, **prev, *next;
prev = &handle->zone_dh_userauths;
next = *prev;
while (next) {
if ((strncmp(next->user, user, MAXUSERNAME) == 0) &&
(strncmp(next->zonename, zonename,
ZONENAME_MAX) == 0)) {
/*
* user is already in list
* which isn't supposed to happen!
*/
return (Z_OK);
}
prev = &next->next;
next = *prev;
}
new = (zone_userauths_t *)malloc(sizeof (zone_userauths_t));
if (new == NULL)
return (Z_NOMEM);
(void) strlcpy(new->user, user, sizeof (new->user));
(void) strlcpy(new->zonename, zonename, sizeof (new->zonename));
new->next = NULL;
*prev = new;
return (Z_OK);
}
int
zonecfg_remove_userauths(zone_dochandle_t handle, char *user, char *zonename,
boolean_t deauthorize)
{
zone_userauths_t *new, **prev, *next;
prev = &handle->zone_dh_userauths;
next = *prev;
while (next) {
if ((strlen(user) == 0 ||
strncmp(next->user, user, MAXUSERNAME) == 0) &&
(strlen(zonename) == 0 ||
(strncmp(next->zonename, zonename, ZONENAME_MAX) == 0))) {
new = next;
*prev = next->next;
next = *prev;
if (deauthorize)
(void) zonecfg_deauthorize_user(handle,
new->user, new->zonename);
free(new);
continue;
}
prev = &next->next;
next = *prev;
}
return (Z_OK);
}
int
zonecfg_csscmp(const char *str1, const char *str2)
{
int i, rc = -1;
int str1cnt = 1, str2cnt = 1;
char *c;
char **str2list = NULL, *tmp1 = NULL, *tmp2 = NULL;
char *tok, *lasts;
if (strcasecmp(str1, str2) == 0)
return (0);
if (str1[0] == '\0' || str2[0] == '\0')
return (-1);
for (c = (char *)str1; *c; c++) {
if (*c == ',')
str1cnt++;
}
for (c = (char *)str2; *c; c++) {
if (*c == ',')
str2cnt++;
}
if (str1cnt != str2cnt)
return (-1);
if ((str2list = (char **)calloc(str2cnt, sizeof (*str2))) == NULL)
goto out;
if ((tmp1 = strdup(str1)) == NULL)
goto out;
if ((tmp2 = strdup(str2)) == NULL)
goto out;
for (i = 0, tok = strtok_r(tmp2, ", \t\r\n", &lasts); tok != NULL;
tok = strtok_r(NULL, ", ", &lasts)) {
str2list[i++] = tok;
}
for (tok = strtok_r(tmp1, ", \t\r\n", &lasts); tok != NULL;
tok = strtok_r(NULL, ", \t\r\n", &lasts)) {
for (i = 0; i < str2cnt; i++) {
if (str2list[i] != NULL &&
strcasecmp(tok, str2list[i]) == 0) {
str2list[i] = NULL;
break;
}
}
if (i == str2cnt)
goto out;
}
rc = 0;
out:
free(str2list);
free(tmp1);
free(tmp2);
return (rc);
}
void
zonecfg_free_rootzpool_storage_list(zone_rzptab_t *tabptr)
{
zone_storage_t *this, *next;
for (this = tabptr->zone_storage_list; this != NULL; this = next) {
next = this->zone_storage_next;
free(this);
}
tabptr->zone_storage_list = NULL;
}
void
zonecfg_free_zpool_storage_list(zone_zptab_t *tabptr)
{
zone_storage_t *this, *next;
for (this = tabptr->zone_storage_list; this != NULL; this = next) {
next = this->zone_storage_next;
free(this);
}
tabptr->zone_storage_list = NULL;
}
int
zonecfg_add_rootzpool_uri(zone_rzptab_t *tabptr, const char *uri)
{
zone_storage_t *new, *old, *last;
last = tabptr->zone_storage_list;
for (old = last; old != NULL; old = old->zone_storage_next)
last = old; /* move to the end of storage list */
if ((new = calloc(1, sizeof (zone_storage_t))) == NULL)
return (Z_NOMEM);
(void) strlcpy(new->zone_storage_uri, uri,
sizeof (new->zone_storage_uri));
new->zone_storage_next = NULL;
if (last == NULL)
tabptr->zone_storage_list = new;
else
last->zone_storage_next = new;
return (Z_OK);
}
int
zonecfg_add_zpool_uri(zone_zptab_t *tabptr, const char *uri)
{
zone_storage_t *new, *old, *last;
last = tabptr->zone_storage_list;
for (old = last; old != NULL; old = old->zone_storage_next)
last = old; /* move to the end of storage list */
if ((new = calloc(1, sizeof (zone_storage_t))) == NULL)
return (Z_NOMEM);
(void) strlcpy(new->zone_storage_uri, uri,
sizeof (new->zone_storage_uri));
new->zone_storage_next = NULL;
if (last == NULL)
tabptr->zone_storage_list = new;
else
last->zone_storage_next = new;
return (Z_OK);
}
int
zonecfg_remove_rootzpool_uri(zone_rzptab_t *tabptr, const char *uri)
{
zone_storage_t *last, *this, *next;
last = tabptr->zone_storage_list;
for (this = last; this != NULL; this = this->zone_storage_next) {
if (strcmp(this->zone_storage_uri, uri) == 0) {
next = this->zone_storage_next;
if (this == tabptr->zone_storage_list)
tabptr->zone_storage_list = next;
else
last->zone_storage_next = next;
free(this);
return (Z_OK);
}
last = this;
}
return (Z_NO_PROPERTY_ID);
}
int
zonecfg_remove_zpool_uri(zone_zptab_t *tabptr, const char *uri)
{
zone_storage_t *last, *this, *next;
last = tabptr->zone_storage_list;
for (this = last; this != NULL; this = this->zone_storage_next) {
if (strcmp(this->zone_storage_uri, uri) == 0) {
next = this->zone_storage_next;
if (this == tabptr->zone_storage_list)
tabptr->zone_storage_list = next;
else
last->zone_storage_next = next;
free(this);
return (Z_OK);
}
last = this;
}
return (Z_NO_PROPERTY_ID);
}
static int
zonecfg_match_storage_core(zone_storage_t *source, zone_storage_t *compare)
{
/* We should always be called here with 2 fully populated entries */
if (source == NULL || compare == NULL)
return (Z_BAD_PROPERTY);
if (strlen(source->zone_storage_uri) == 0 ||
strlen(compare->zone_storage_uri) == 0)
return (Z_BAD_PROPERTY);
if (strcmp(source->zone_storage_uri, compare->zone_storage_uri) == 0)
return (Z_OK); /* entries match */
return (Z_NO_ENTRY); /* no match found */
}
/*
* Compare 2 lists of storage resources if they contain the same URI,
* if yes return Z_OK (check was successfull), if not Z_NO_ENTRY or
* specific error in case a property was suspect.
*/
int
zonecfg_match_storage_list(zone_storage_t *source, zone_storage_t *compare)
{
int err = Z_NO_ENTRY;
if (source == NULL || compare == NULL)
return (err); /* no entries (yet), nothing todo */
for (; source != NULL; source = source->zone_storage_next) {
zone_storage_t *tcomp = compare;
for (; tcomp != NULL; tcomp = tcomp->zone_storage_next) {
err = zonecfg_match_storage_core(source, tcomp);
if (err == Z_OK) {
goto out; /* match found, done here */
} else if (err != Z_NO_ENTRY) {
goto out; /* something wrong, escape */
}
}
}
out:
return (err);
}
/*
* Check an entire storage list whether it contains the URI or not.
* Return Z_OK on match, Z_NO_ENTRY if not or specific error in case a
* property was suspect.
*/
int
zonecfg_match_storage_uri(zone_storage_t *source, const char *uri)
{
assert(uri != NULL);
if (source == NULL)
return (Z_NO_ENTRY); /* no entries (yet), nothing todo */
for (; source != NULL; source = source->zone_storage_next) {
if (strlen(source->zone_storage_uri) == 0)
return (Z_BAD_PROPERTY); /* internal error */
if (strcmp(source->zone_storage_uri, uri) == 0)
return (Z_OK); /* match found, done */
}
return (Z_NO_ENTRY);
}
static int
zonecfg_fetch_rootzpool_storage(zone_dochandle_t handle, xmlNodePtr cur,
zone_rzptab_t *tabptr)
{
xmlNodePtr src;
char uri[SURI_MAX_URI_LEN];
int err = Z_OK;
tabptr->zone_storage_list = NULL;
for (src = cur->xmlChildrenNode; src != NULL; src = src->next) {
if ((err = fetchprop(handle, src, DTD_ATTR_URI,
uri, sizeof (uri))) != Z_OK)
break;
if ((err = zonecfg_add_rootzpool_uri(tabptr, uri)) != Z_OK)
break;
}
if (tabptr->zone_storage_list == NULL)
err = Z_NO_RESOURCE_ID;
return (err);
}
static int
zonecfg_fetch_zpool_storage(zone_dochandle_t handle, xmlNodePtr cur,
zone_zptab_t *tabptr)
{
xmlNodePtr src;
char uri[SURI_MAX_URI_LEN];
int err = Z_OK;
tabptr->zone_storage_list = NULL;
for (src = cur->xmlChildrenNode; src != NULL; src = src->next) {
if ((err = fetchprop(handle, src, DTD_ATTR_URI,
uri, sizeof (uri))) != Z_OK)
break;
if ((err = zonecfg_add_zpool_uri(tabptr, uri)) != Z_OK)
break;
}
if (tabptr->zone_storage_list == NULL)
err = Z_NO_RESOURCE_ID;
return (err);
}
static int
zonecfg_add_storage_node(zone_dochandle_t handle, xmlNodePtr newnode,
zone_storage_t *this)
{
xmlNodePtr storagenode;
int err;
if ((err = newres(handle, newnode, &storagenode, DTD_ELEM_STORAGE)))
return (err);
return (newprop(handle, storagenode, DTD_ATTR_URI,
this->zone_storage_uri));
}
int
zonecfg_lookup_rootzpool(zone_dochandle_t handle, zone_rzptab_t *tabptr)
{
xmlNodePtr cur, firstmatch;
int err;
boolean_t search = B_FALSE;
if (tabptr == NULL)
return (Z_INVAL);
if ((err = operation_prep(handle)) != Z_OK)
return (err);
/* Specific search query or generic resource lookup ? */
if (tabptr->zone_storage_list != NULL)
search = B_TRUE;
firstmatch = NULL;
cur = handle->zone_dh_cur;
for (cur = cur->xmlChildrenNode; cur != NULL; cur = cur->next) {
zone_rzptab_t temp_rzptab;
boolean_t match = B_FALSE;
if (xmlStrcmp(cur->name, DTD_ELEM_ROOTZPOOL) != 0)
continue;
/*
* If 'uri' property doesn't match and we've been asked for
* a specific one, ignore it, else select this element.
*/
if (tabptr->zone_storage_list != NULL &&
zonecfg_fetch_rootzpool_storage(handle, cur, &temp_rzptab)
== Z_OK) {
if (zonecfg_match_storage_list(
tabptr->zone_storage_list,
temp_rzptab.zone_storage_list) == Z_OK) {
firstmatch = cur;
match = B_TRUE;
}
zonecfg_free_rootzpool_storage_list(&temp_rzptab);
if (match)
break;
}
/*
* No match, but the resource is present in the config.
* If it was just a lookup if the resource is present
* at all, we're done but don't fail instead return
* the 1st match.
*/
if (!search) {
firstmatch = cur;
break;
}
}
/*
* Fail with different errors for specific search query or generic
* resource lookup.
*/
if (firstmatch == NULL)
return ((search) ? Z_NO_RESOURCE_ID : Z_NO_ENTRY);
cur = firstmatch;
if ((err = zonecfg_fetch_rootzpool_storage(handle, cur,
tabptr)) != Z_OK)
return (err);
/* install-size is optional */
if (fetchprop(handle, cur, DTD_ATTR_INSTALL_SIZE,
tabptr->zone_rzp_installsize,
sizeof (tabptr->zone_rzp_installsize)) != Z_OK)
tabptr->zone_rzp_installsize[0] = '\0';
return (Z_OK);
}
int
zonecfg_lookup_zpool(zone_dochandle_t handle, zone_zptab_t *tabptr)
{
xmlNodePtr cur, firstmatch;
int err;
char name[MAXNAMELEN];
boolean_t search = B_FALSE;
if (tabptr == NULL)
return (Z_INVAL);
if ((err = operation_prep(handle)) != Z_OK)
return (err);
/* Specific search query or generic resource lookup ? */
if (tabptr->zone_storage_list != NULL ||
strlen(tabptr->zone_zp_name) > 0)
search = B_TRUE;
firstmatch = NULL;
cur = handle->zone_dh_cur;
for (cur = cur->xmlChildrenNode; cur != NULL; cur = cur->next) {
zone_zptab_t temp_zptab;
boolean_t match = B_FALSE;
if (xmlStrcmp(cur->name, DTD_ELEM_ZPOOL) != 0)
continue;
/*
* If 'uri' or 'name' property doesn't match and we've
* been asked for a specific one, ignore it, else
* select the 1st matching element and stop search.
*/
if (tabptr->zone_storage_list != NULL &&
zonecfg_fetch_zpool_storage(handle, cur,
&temp_zptab) == Z_OK) {
if (zonecfg_match_storage_list(
tabptr->zone_storage_list,
temp_zptab.zone_storage_list) == Z_OK) {
firstmatch = cur;
match = B_TRUE;
}
zonecfg_free_zpool_storage_list(&temp_zptab);
if (match)
break;
}
if (strlen(tabptr->zone_zp_name) > 0 &&
(fetchprop(handle, cur, DTD_ATTR_NAME, name, sizeof (name))
== Z_OK && strcmp(tabptr->zone_zp_name, name) == 0)) {
firstmatch = cur;
break;
}
/*
* No match, but the resource is present in the config.
* If it was just a lookup if the resource is present
* at all, we're done but don't fail instead return
* the 1st match.
*/
if (!search) {
firstmatch = cur;
break;
}
}
/*
* Fail with different errors for specific search query or generic
* resource lookup.
*/
if (firstmatch == NULL)
return ((search) ? Z_NO_RESOURCE_ID : Z_NO_ENTRY);
cur = firstmatch;
if ((err = zonecfg_fetch_zpool_storage(handle, cur, tabptr)) != Z_OK)
return (err);
if ((err = fetchprop(handle, cur, DTD_ATTR_NAME, tabptr->zone_zp_name,
sizeof (tabptr->zone_zp_name))) != Z_OK)
return (err);
/* install-size is optional */
if (fetchprop(handle, cur, DTD_ATTR_INSTALL_SIZE,
tabptr->zone_zp_installsize,
sizeof (tabptr->zone_zp_installsize)) != Z_OK)
tabptr->zone_zp_installsize[0] = '\0';
return (Z_OK);
}
/*
* There is only one rootzpool resource per zone so we don't need to match
* any property within to allow deletion.
*/
/* ARGSUSED */
static int
zonecfg_delete_rootzpool_core(zone_dochandle_t handle, zone_rzptab_t *tabptr)
{
xmlNodePtr cur = handle->zone_dh_cur;
for (cur = cur->xmlChildrenNode; cur != NULL; cur = cur->next) {
if (xmlStrcmp(cur->name, DTD_ELEM_ROOTZPOOL))
continue;
/* found it */
xmlUnlinkNode(cur);
xmlFreeNode(cur);
return (Z_OK);
}
return (Z_NO_RESOURCE_ID);
}
int
zonecfg_delete_rootzpool(zone_dochandle_t handle, zone_rzptab_t *tabptr)
{
int err;
if (tabptr == NULL)
return (Z_INVAL);
if ((err = operation_prep(handle)) != Z_OK)
return (err);
return (zonecfg_delete_rootzpool_core(handle, tabptr));
}
/*
* Since we can have multiple DTD_ATTR_STORAGE properties per DTD_ELEM_ZPOOL
* resource, selecting via the DTD_ATTR_NAME property is the most reasonable
* criteria as it has to be unique across different DTD_ELEM_ZPOOL resources.
*/
static int
zonecfg_delete_zpool_core(zone_dochandle_t handle, zone_zptab_t *tabptr)
{
xmlNodePtr cur = handle->zone_dh_cur;
for (cur = cur->xmlChildrenNode; cur != NULL; cur = cur->next) {
if (xmlStrcmp(cur->name, DTD_ELEM_ZPOOL))
continue;
if (match_prop(handle, cur, DTD_ATTR_NAME,
tabptr->zone_zp_name)) {
xmlUnlinkNode(cur);
xmlFreeNode(cur);
return (Z_OK);
}
}
return (Z_NO_RESOURCE_ID);
}
int
zonecfg_delete_zpool(zone_dochandle_t handle, zone_zptab_t *tabptr)
{
int err;
if (tabptr == NULL)
return (Z_INVAL);
if ((err = operation_prep(handle)) != Z_OK)
return (err);
return (zonecfg_delete_zpool_core(handle, tabptr));
}
int
zonecfg_setrzpent(zone_dochandle_t handle)
{
return (zonecfg_setent(handle));
}
int
zonecfg_getrzpent(zone_dochandle_t handle, zone_rzptab_t *tabptr)
{
xmlNodePtr cur;
int err;
if ((tabptr == NULL) || (handle == NULL))
return (Z_INVAL);
cur = find_elem_node(handle, DTD_ELEM_ROOTZPOOL);
if (cur == NULL) {
handle->zone_dh_cur = handle->zone_dh_top;
return (Z_NO_ENTRY);
}
if ((err = zonecfg_fetch_rootzpool_storage(handle,
cur, tabptr)) != Z_OK) {
handle->zone_dh_cur = handle->zone_dh_top;
return (err);
}
/* install-size is optional */
if (fetchprop(handle, cur, DTD_ATTR_INSTALL_SIZE,
tabptr->zone_rzp_installsize,
sizeof (tabptr->zone_rzp_installsize)) != Z_OK)
tabptr->zone_rzp_installsize[0] = '\0';
handle->zone_dh_cur = cur->next;
return (Z_OK);
}
int
zonecfg_endrzpent(zone_dochandle_t handle)
{
return (zonecfg_endent(handle));
}
int
zonecfg_setzpent(zone_dochandle_t handle)
{
return (zonecfg_setent(handle));
}
int
zonecfg_getzpent(zone_dochandle_t handle, zone_zptab_t *tabptr)
{
xmlNodePtr cur;
int err;
if ((tabptr == NULL) || (handle == NULL))
return (Z_INVAL);
cur = find_elem_node(handle, DTD_ELEM_ZPOOL);
if (cur == NULL) {
handle->zone_dh_cur = handle->zone_dh_top;
return (Z_NO_ENTRY);
}
if ((err = zonecfg_fetch_zpool_storage(handle, cur, tabptr)) != Z_OK) {
handle->zone_dh_cur = handle->zone_dh_top;
return (err);
}
if ((err = fetchprop(handle, cur, DTD_ATTR_NAME, tabptr->zone_zp_name,
sizeof (tabptr->zone_zp_name))) != Z_OK) {
handle->zone_dh_cur = handle->zone_dh_top;
return (err);
}
/* install-size is optional */
if (fetchprop(handle, cur, DTD_ATTR_INSTALL_SIZE,
tabptr->zone_zp_installsize,
sizeof (tabptr->zone_zp_installsize)) != Z_OK)
tabptr->zone_zp_installsize[0] = '\0';
handle->zone_dh_cur = cur->next;
return (Z_OK);
}
int
zonecfg_endzpent(zone_dochandle_t handle)
{
return (zonecfg_endent(handle));
}
static int
zonecfg_add_rootzpool_core(zone_dochandle_t handle, zone_rzptab_t *tabptr)
{
xmlNodePtr newnode;
xmlNodePtr cur = handle->zone_dh_cur;
int err;
zone_storage_t *sp;
if ((err = newres(handle, cur, &newnode,
DTD_ELEM_ROOTZPOOL)) != Z_OK)
return (err);
if ((err = newprop(handle, newnode, DTD_ATTR_INSTALL_SIZE,
tabptr->zone_rzp_installsize)) != Z_OK)
return (err);
for (sp = tabptr->zone_storage_list; sp != NULL;
sp = sp->zone_storage_next) {
if ((err = zonecfg_add_storage_node(handle,
newnode, sp)) != Z_OK)
return (err);
}
return (Z_OK);
}
int
zonecfg_add_rootzpool(zone_dochandle_t handle, zone_rzptab_t *tabptr)
{
int err;
if (tabptr == NULL)
return (Z_INVAL);
if ((err = operation_prep(handle)) != Z_OK)
return (err);
return (zonecfg_add_rootzpool_core(handle, tabptr));
}
static int
zonecfg_add_zpool_core(zone_dochandle_t handle, zone_zptab_t *tabptr)
{
xmlNodePtr newnode;
xmlNodePtr cur = handle->zone_dh_cur;
int err;
zone_storage_t *sp;
if ((err = newres(handle, cur, &newnode, DTD_ELEM_ZPOOL)) != Z_OK)
return (err);
if ((err = newprop(handle, newnode, DTD_ATTR_INSTALL_SIZE,
tabptr->zone_zp_installsize)) != Z_OK)
return (err);
if ((err = newprop(handle, newnode, DTD_ATTR_NAME,
tabptr->zone_zp_name)) != Z_OK)
return (err);
for (sp = tabptr->zone_storage_list; sp != NULL;
sp = sp->zone_storage_next) {
if ((err = zonecfg_add_storage_node(handle,
newnode, sp)) != Z_OK)
return (err);
}
return (Z_OK);
}
int
zonecfg_add_zpool(zone_dochandle_t handle, zone_zptab_t *tabptr)
{
int err;
if (tabptr == NULL)
return (Z_INVAL);
if ((err = operation_prep(handle)) != Z_OK)
return (err);
return (zonecfg_add_zpool_core(handle, tabptr));
}
int
zonecfg_modify_rootzpool(zone_dochandle_t handle, zone_rzptab_t *oldtabptr,
zone_rzptab_t *newtabptr)
{
int err;
if (oldtabptr == NULL || newtabptr == NULL)
return (Z_INVAL);
if ((err = operation_prep(handle)) != Z_OK)
return (err);
if ((err = zonecfg_delete_rootzpool_core(handle, oldtabptr)) != Z_OK)
return (err);
if ((err = zonecfg_add_rootzpool_core(handle, newtabptr)) != Z_OK)
return (err);
return (Z_OK);
}
int
zonecfg_modify_zpool(zone_dochandle_t handle, zone_zptab_t *oldtabptr,
zone_zptab_t *newtabptr)
{
int err;
if (oldtabptr == NULL || newtabptr == NULL)
return (Z_INVAL);
if ((err = operation_prep(handle)) != Z_OK)
return (err);
if ((err = zonecfg_delete_zpool_core(handle, oldtabptr)) != Z_OK)
return (err);
if ((err = zonecfg_add_zpool_core(handle, newtabptr)) != Z_OK)
return (err);
return (Z_OK);
}
/*
* Query function to identify a zoss zone. Check whether or not the zone
* has DTD_ELEM_ROOTZPOOL or DTD_ELEM_ZPOOL resources configured.
* In 'iszoss' return B_TRUE if either of those resources are configured
* indicating a zoss zone, else B_FALSE.
* In 'zpiszoss' return B_TRUE if the zonepath is configured in its own,
* seperate zpool via the DTD_ELEM_ROOTZPOOL resource, else B_FALSE.
*/
int
zonecfg_is_zoss(const char *zonename, boolean_t *iszoss, boolean_t *zpiszoss)
{
zone_dochandle_t zh;
zone_rzptab_t rzptab;
zone_zptab_t zptab;
int err;
int myzoneid = getzoneid();
assert(zonename != NULL);
assert(*zonename != '\0');
*iszoss = *zpiszoss = B_FALSE;
/*
* Makes only sense in the GZ, if we're not in the GZ there won't be
* any XML repos to query nor any zoss releated actions to execute.
*/
if (myzoneid != GLOBAL_ZONEID)
return (Z_OK);
if ((zh = zonecfg_init_handle()) == NULL)
return (Z_NOMEM);
if ((err = zonecfg_get_handle(zonename, zh)) != Z_OK)
goto leave;
/* First check if a DTD_ELEM_ROOTZPOOL resource is present */
if ((err = zonecfg_setrzpent(zh)) != Z_OK)
goto leave;
if ((err = zonecfg_getrzpent(zh, &rzptab)) == Z_OK) {
zonecfg_free_rootzpool_storage_list(&rzptab);
*iszoss = *zpiszoss = B_TRUE;
}
(void) zonecfg_endrzpent(zh);
/*
* If we did not have a DTD_ELEM_ROOTZPOOL resource we have to
* check if any DTD_ELEM_ZPOOL resources are present.
*/
if (err == Z_NO_ENTRY) {
/* Now check if any DTD_ELEM_ZPOOL resources are present */
if ((err = zonecfg_setzpent(zh)) == Z_OK) {
while (zonecfg_getzpent(zh, &zptab) == Z_OK) {
zonecfg_free_zpool_storage_list(&zptab);
*iszoss = B_TRUE;
}
(void) zonecfg_endzpent(zh);
}
}
leave:
zonecfg_fini_handle(zh);
return (err);
}
/*
* Check whether or not a given name is a valid name for a zpool.
*/
boolean_t
zonecfg_valid_zpoolname(const char *s)
{
if (strcmp(s, ZONE_RZPNAME) == 0 ||
!zfs_name_valid(s, ZFS_TYPE_POOL))
return (B_FALSE);
return (B_TRUE);
}
/*
* Build names for zone zpools.
* For DTD_ELEM_ROOTZPOOL we just use the zonename plus ZONE_RZPNAME to
* build the zpool name. For DTD_ELEM_ZPOOL we use the zonename
* plus the 'name' zonecfg property.
* Example:
* rootzpool: <zonename>_<rpool>
* zpool: <zonename>_<name>
*/
int
zonecfg_get_zpoolname(const char *zonename, const char *namein,
char *nameout, size_t outsz)
{
assert(zonename != NULL);
assert(namein != NULL);
assert(outsz != 0);
if (snprintf(nameout, outsz, "%s_%s", zonename, namein) >= outsz)
return (Z_INVAL);
return (Z_OK);
}
static int
verify_mac_profile(zone_dochandle_t handle, char *prof)
{
brand_handle_t bh;
int err;
if (prof == NULL)
return (Z_OK);
if (ZONECFG_READ_WRITE_PROFNAME(prof))
return (Z_OK);
if (get_brand_handle(handle, &bh) != Z_OK)
return (Z_BRAND_ERROR);
if (brand_verify_mac_profile(bh, prof))
err = Z_OK;
else
err = Z_INVALID_PROPERTY;
brand_close(bh);
return (err);
}
static int
sortit(const void *ap, const void *bp)
{
return (strcmp(*(const char **)ap, *(const char **)bp));
}
struct paths_store {
int count;
int max;
char **paths;
};
/*
* Callback to count the number of the paths listed in the profile.
*/
/*ARGSUSED*/
static int
cb_enum(void *voidp, const char *path)
{
struct paths_store *ps = voidp;
ps->max += 1;
return (0);
}
/*
* Callback to store the paths in the paths_store struct pointed to by voidp.
*/
static int
cb_store(void *voidp, const char *path)
{
struct paths_store *ps = voidp;
if (ps->count >= ps->max)
return (-1);
if ((ps->paths[ps->count] = strdup(path)) == NULL)
return (-1);
ps->count++;
return (0);
}
static void
free_paths_store(struct paths_store *ps)
{
zone_mactype_t b;
int i;
for (b = ZS_BLACK; b <= ZS_WHITE; b++) {
for (i = 0; i < ps[b].count; i++)
free(ps[b].paths[i]);
}
}
/*
* Build the white list and the black list for the zone for zoneadmd.
*/
int
zonecfg_get_mac_lists(zone_dochandle_t handle, zone_maclist_t *ml)
{
brand_handle_t bh;
char prof[MAXNAMELEN];
int err;
zone_mactype_t w;
int n;
struct paths_store ps[2];
int i, j;
(void) memset(ml, 0, sizeof (*ml));
if ((err = zonecfg_get_mac_profile(handle, prof, sizeof (prof))) != 0)
return (err);
if (ZONECFG_READ_WRITE_PROFNAME(prof))
return (Z_OK);
if (get_brand_handle(handle, &bh) != Z_OK)
return (Z_BRAND_ERROR);
(void) memset(&ps, 0, sizeof (ps));
/* count the list of writable/readonly paths */
for (w = ZS_BLACK; w <= ZS_WHITE; w++) {
ps[w].max = ps[w].count = 0;
if (brand_config_iter_rwp(bh, cb_enum, prof, &ps[w],
w == ZS_WHITE) != 0) {
brand_close(bh);
return (Z_INVALID_PROPERTY);
}
}
n = zonecfg_num_resources(handle, "fs");
/* Additional entries are added for each fs. */
ps[ZS_WHITE].max += n;
/* allocate the list of writable/readonly paths */
for (w = ZS_BLACK; w <= ZS_WHITE; w++) {
ps[w].paths = alloca(ps[w].max * sizeof (char *));
if (brand_config_iter_rwp(bh, cb_store, prof, &ps[w],
w == ZS_WHITE) != 0) {
brand_close(bh);
free_paths_store(ps);
return (Z_INVALID_PROPERTY);
}
}
brand_close(bh);
/*
* Mark the added filesystems as read-write, so add them to the
* writable set.
*/
if (n > 0) {
struct zone_fstab fstab;
char **list = alloca(n * sizeof (char *));
i = 0;
if ((err = zonecfg_setfsent(handle)) != Z_OK) {
free_paths_store(ps);
return (err);
}
while (zonecfg_getfsent(handle, &fstab) == Z_OK) {
int len = strlen(fstab.zone_fs_dir) + 1;
list[i] = alloca(len);
(void) strlcpy(list[i++], fstab.zone_fs_dir, len);
}
(void) zonecfg_endfsent(handle);
qsort(list, n, sizeof (char *), sortit);
/*
* Create a wild card matching everything under the mountpoint.
* Make sure that we don't add conflicting patterns.
*/
for (i = 0; i < n; i++) {
char *fsd = list[i];
int len;
for (j = 0; j < ps[ZS_WHITE].count; j++) {
char *psd = ps[ZS_WHITE].paths[j];
/* Check for a direct match */
if (strcmp(fsd, psd) == 0)
break;
len = strlen(psd);
/* ... or a wildcard match */
if (len >= 1 && psd[len - 1] == '*' &&
strncmp(fsd, psd, len - 1) == 0) {
break;
}
}
if (j == ps[ZS_WHITE].count) {
/* New pattern, add it */
char *newp;
len = strlen(fsd) + sizeof ("/*");
newp = malloc(len);
if (newp == NULL) {
free_paths_store(ps);
return (Z_NOMEM);
}
ps[ZS_WHITE].paths[ps[ZS_WHITE].count++] = newp;
(void) strlcpy(newp, fsd, len);
(void) strlcat(newp, "/*", len);
}
}
}
/*
* For each list we count the number of bytes needed for every list,
* allocate the memory and then concatenate all the paths (including
* a NUL as separator).
*/
for (w = ZS_BLACK; w <= ZS_WHITE; w++) {
size_t totlen = 0;
char *temp, *q;
for (i = 0; i < ps[w].count; i++)
totlen += strlen(ps[w].paths[i]) + 1;
if (totlen == 0)
continue;
temp = malloc(totlen);
if (temp == NULL) {
free_paths_store(ps);
if (w == ZS_WHITE)
free(ml->zmac_list[ZS_BLACK]);
return (Z_NOMEM);
}
q = temp;
*q = '\0';
for (i = 0; i < ps[w].count; i++) {
(void) strcpy(q, ps[w].paths[i]);
q += strlen(ps[w].paths[i]) + 1;
}
ml->zmac_list[w] = temp;
ml->zmac_size[w] = totlen;
}
free_paths_store(ps);
return (Z_OK);
}
int
zonecfg_set_mac_profile(zone_dochandle_t handle, char *profile)
{
int ret;
if ((ret = verify_mac_profile(handle, profile)) != Z_OK) {
(void) setrootattr(handle, DTD_ATTR_MAC_PROFILE, NULL);
return (ret);
}
return (setrootattr(handle, DTD_ATTR_MAC_PROFILE, profile));
}
int
zonecfg_get_mac_profile(zone_dochandle_t handle, char *prof, size_t profsz)
{
return (getrootattr(handle, DTD_ATTR_MAC_PROFILE, prof, profsz));
}
/*
* Iterate through the resource of a given zone configuration calling func()
* each resource.
*/
int
zonecfg_iter_resource(zone_dochandle_t handle,
iter_resource_cb_t func, void *in, void *out)
{
xmlNodePtr root, res;
int ret;
if ((ret = getroot(handle, &root)) != Z_OK)
return (ret);
/* Special case the "global" resource */
if ((ret = func(in, out, NULL)) != 0)
return (ret);
for (res = root->children; res != NULL; res = res->next) {
if ((ret = func(in, out, dtd_to_rt(res->name))) != 0)
return (ret);
}
return (Z_OK);
}
/*
* For each resource (and the "global" resource) iterate through the properties
* calling func() for each property.
* NOTE: func() won't be called for complex types which aren't represented as
* attributes of the resource node.
*/
int
zonecfg_iter_property(zone_dochandle_t handle,
iter_property_cb_t func, void *in, void *out)
{
xmlNodePtr root, res;
xmlAttrPtr prop;
xmlChar *prop_val;
int ret;
if ((ret = getroot(handle, &root)) != Z_OK)
return (ret);
/* Start with the "global" resource */
res = root;
while (res != NULL) {
prop = res->properties;
while (prop != NULL) {
prop_val = xmlGetProp(res, prop->name);
if (prop_val == NULL)
return (Z_BAD_PROPERTY);
ret = func(in, out, dtd_to_rt(res->name),
dtd_to_pt(res->name, prop->name), (char *)prop_val);
xmlFree(prop_val);
if (ret != 0)
return (ret);
prop = prop->next;
}
if (res == root)
res = root->children;
else
res = res->next;
}
return (Z_OK);
}