xref: /illumos-gate/usr/src/cmd/zonecfg/zonecfg.c (revision bbf21555)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 
22 /*
23  * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
24  * Copyright 2014 Nexenta Systems, Inc.  All rights reserved.
25  * Copyright 2014 Gary Mills
26  * Copyright 2019 Joyent, Inc.
27  */
28 
29 /*
30  * zonecfg is a lex/yacc based command interpreter used to manage zone
31  * configurations.  The lexer (see zonecfg_lex.l) builds up tokens, which
32  * the grammar (see zonecfg_grammar.y) builds up into commands, some of
33  * which takes resources and/or properties as arguments.  See the block
34  * comments near the end of zonecfg_grammar.y for how the data structures
35  * which keep track of these resources and properties are built up.
36  *
37  * The resource/property data structures are inserted into a command
38  * structure (see zonecfg.h), which also keeps track of command names,
39  * miscellaneous arguments, and function handlers.  The grammar selects
40  * the appropriate function handler, each of which takes a pointer to a
41  * command structure as its sole argument, and invokes it.  The grammar
42  * itself is "entered" (a la the Matrix) by yyparse(), which is called
43  * from read_input(), our main driving function.  That in turn is called
44  * by one of do_interactive(), cmd_file() or one_command_at_a_time(), each
45  * of which is called from main() depending on how the program was invoked.
46  *
47  * The rest of this module consists of the various function handlers and
48  * their helper functions.  Some of these functions, particularly the
49  * X_to_str() functions, which maps command, resource and property numbers
50  * to strings, are used quite liberally, as doing so results in a better
51  * program w/rt I18N, reducing the need for translation notes.
52  */
53 
54 #include <sys/mntent.h>
55 #include <sys/varargs.h>
56 #include <sys/sysmacros.h>
57 #include <sys/secflags.h>
58 
59 #include <errno.h>
60 #include <fcntl.h>
61 #include <strings.h>
62 #include <unistd.h>
63 #include <ctype.h>
64 #include <stdlib.h>
65 #include <assert.h>
66 #include <sys/stat.h>
67 #include <zone.h>
68 #include <arpa/inet.h>
69 #include <netdb.h>
70 #include <locale.h>
71 #include <libintl.h>
72 #include <alloca.h>
73 #include <signal.h>
74 #include <wait.h>
75 #include <libtecla.h>
76 #include <libzfs.h>
77 #include <sys/brand.h>
78 #include <libbrand.h>
79 #include <sys/systeminfo.h>
80 #include <libdladm.h>
81 #include <libinetutil.h>
82 #include <pwd.h>
83 #include <inet/ip.h>
84 
85 #include <libzonecfg.h>
86 #include "zonecfg.h"
87 
88 #if !defined(TEXT_DOMAIN)		/* should be defined by cc -D */
89 #define	TEXT_DOMAIN	"SYS_TEST"	/* Use this only if it wasn't */
90 #endif
91 
92 #define	PAGER	"/usr/bin/more"
93 #define	EXEC_PREFIX	"exec "
94 #define	EXEC_LEN	(strlen(EXEC_PREFIX))
95 
96 struct help {
97 	uint_t	cmd_num;
98 	char	*cmd_name;
99 	uint_t	flags;
100 	char	*short_usage;
101 };
102 
103 extern int yyparse(void);
104 extern int lex_lineno;
105 
106 #define	MAX_LINE_LEN	1024
107 #define	MAX_CMD_HIST	1024
108 #define	MAX_CMD_LEN	1024
109 
110 #define	ONE_MB		1048576
111 
112 /*
113  * Each SHELP_ should be a simple string.
114  */
115 
116 #define	SHELP_ADD	"add <resource-type>\n\t(global scope)\n" \
117 	"add <property-name> <property-value>\n\t(resource scope)"
118 #define	SHELP_CANCEL	"cancel"
119 #define	SHELP_CLEAR	"clear <property-name>"
120 #define	SHELP_COMMIT	"commit"
121 #define	SHELP_CREATE	"create [-F] [ -a <path> | -b | -t <template> ]"
122 #define	SHELP_DELETE	"delete [-F]"
123 #define	SHELP_END	"end"
124 #define	SHELP_EXIT	"exit [-F]"
125 #define	SHELP_EXPORT	"export [-f output-file]"
126 #define	SHELP_HELP	"help [commands] [syntax] [usage] [<command-name>]"
127 #define	SHELP_INFO	"info [<resource-type> [property-name=property-value]*]"
128 #define	SHELP_REMOVE	"remove [-F] <resource-type> " \
129 	"[ <property-name>=<property-value> ]*\n" \
130 	"\t(global scope)\n" \
131 	"remove <property-name> <property-value>\n" \
132 	"\t(resource scope)"
133 #define	SHELP_REVERT	"revert [-F]"
134 #define	SHELP_SELECT	"select <resource-type> { <property-name>=" \
135 	"<property-value> }"
136 #define	SHELP_SET	"set <property-name>=<property-value>"
137 #define	SHELP_VERIFY	"verify"
138 
139 static struct help helptab[] = {
140 	{ CMD_ADD,	"add",		HELP_RES_PROPS,	SHELP_ADD, },
141 	{ CMD_CANCEL,	"cancel",	0,		SHELP_CANCEL, },
142 	{ CMD_CLEAR,	"clear",	HELP_PROPS,	SHELP_CLEAR, },
143 	{ CMD_COMMIT,	"commit",	0,		SHELP_COMMIT, },
144 	{ CMD_CREATE,	"create",	0,		SHELP_CREATE, },
145 	{ CMD_DELETE,	"delete",	0,		SHELP_DELETE, },
146 	{ CMD_END,	"end",		0,		SHELP_END, },
147 	{ CMD_EXIT,	"exit",		0,		SHELP_EXIT, },
148 	{ CMD_EXPORT,	"export",	0,		SHELP_EXPORT, },
149 	{ CMD_HELP,	"help",		0,		SHELP_HELP },
150 	{ CMD_INFO,	"info",		HELP_RES_PROPS,	SHELP_INFO, },
151 	{ CMD_REMOVE,	"remove",	HELP_RES_PROPS,	SHELP_REMOVE, },
152 	{ CMD_REVERT,	"revert",	0,		SHELP_REVERT, },
153 	{ CMD_SELECT,	"select",	HELP_RES_PROPS,	SHELP_SELECT, },
154 	{ CMD_SET,	"set",		HELP_PROPS,	SHELP_SET, },
155 	{ CMD_VERIFY,	"verify",	0,		SHELP_VERIFY, },
156 	{ 0 },
157 };
158 
159 #define	MAX_RT_STRLEN	16
160 
161 /* These *must* match the order of the RT_ define's from zonecfg.h */
162 char *res_types[] = {
163 	"unknown",
164 	"zonename",
165 	"zonepath",
166 	"autoboot",
167 	"pool",
168 	"fs",
169 	"net",
170 	"device",
171 	"rctl",
172 	"attr",
173 	"dataset",
174 	"limitpriv",
175 	"bootargs",
176 	"brand",
177 	"dedicated-cpu",
178 	"capped-memory",
179 	ALIAS_MAXLWPS,
180 	ALIAS_MAXSHMMEM,
181 	ALIAS_MAXSHMIDS,
182 	ALIAS_MAXMSGIDS,
183 	ALIAS_MAXSEMIDS,
184 	ALIAS_SHARES,
185 	"scheduling-class",
186 	"ip-type",
187 	"capped-cpu",
188 	"hostid",
189 	"admin",
190 	"fs-allowed",
191 	ALIAS_MAXPROCS,
192 	"security-flags",
193 	NULL
194 };
195 
196 /* These *must* match the order of the PT_ define's from zonecfg.h */
197 char *prop_types[] = {
198 	"unknown",
199 	"zonename",
200 	"zonepath",
201 	"autoboot",
202 	"pool",
203 	"dir",
204 	"special",
205 	"type",
206 	"options",
207 	"address",
208 	"physical",
209 	"name",
210 	"value",
211 	"match",
212 	"priv",
213 	"limit",
214 	"action",
215 	"raw",
216 	"limitpriv",
217 	"bootargs",
218 	"brand",
219 	"ncpus",
220 	"importance",
221 	"swap",
222 	"locked",
223 	ALIAS_SHARES,
224 	ALIAS_MAXLWPS,
225 	ALIAS_MAXSHMMEM,
226 	ALIAS_MAXSHMIDS,
227 	ALIAS_MAXMSGIDS,
228 	ALIAS_MAXSEMIDS,
229 	ALIAS_MAXLOCKEDMEM,
230 	ALIAS_MAXSWAP,
231 	"scheduling-class",
232 	"ip-type",
233 	"defrouter",
234 	"hostid",
235 	"user",
236 	"auths",
237 	"fs-allowed",
238 	ALIAS_MAXPROCS,
239 	"allowed-address",
240 	"default",
241 	"lower",
242 	"upper",
243 	NULL
244 };
245 
246 /* These *must* match the order of the PROP_VAL_ define's from zonecfg.h */
247 static char *prop_val_types[] = {
248 	"simple",
249 	"complex",
250 	"list",
251 };
252 
253 /*
254  * The various _cmds[] lists below are for command tab-completion.
255  */
256 
257 /*
258  * remove has a space afterwards because it has qualifiers; the other commands
259  * that have qualifiers (add, select, etc.) don't need a space here because
260  * they have their own _cmds[] lists below.
261  */
262 static const char *global_scope_cmds[] = {
263 	"add",
264 	"clear",
265 	"commit",
266 	"create",
267 	"delete",
268 	"exit",
269 	"export",
270 	"help",
271 	"info",
272 	"remove ",
273 	"revert",
274 	"select",
275 	"set",
276 	"verify",
277 	NULL
278 };
279 
280 static const char *add_cmds[] = {
281 	"add fs",
282 	"add net",
283 	"add device",
284 	"add rctl",
285 	"add attr",
286 	"add dataset",
287 	"add dedicated-cpu",
288 	"add capped-cpu",
289 	"add capped-memory",
290 	"add admin",
291 	"add security-flags",
292 	NULL
293 };
294 
295 static const char *clear_cmds[] = {
296 	"clear autoboot",
297 	"clear pool",
298 	"clear limitpriv",
299 	"clear bootargs",
300 	"clear scheduling-class",
301 	"clear ip-type",
302 	"clear " ALIAS_MAXLWPS,
303 	"clear " ALIAS_MAXSHMMEM,
304 	"clear " ALIAS_MAXSHMIDS,
305 	"clear " ALIAS_MAXMSGIDS,
306 	"clear " ALIAS_MAXSEMIDS,
307 	"clear " ALIAS_SHARES,
308 	"clear " ALIAS_MAXPROCS,
309 	NULL
310 };
311 
312 static const char *remove_cmds[] = {
313 	"remove fs ",
314 	"remove net ",
315 	"remove device ",
316 	"remove rctl ",
317 	"remove attr ",
318 	"remove dataset ",
319 	"remove dedicated-cpu ",
320 	"remove capped-cpu ",
321 	"remove capped-memory ",
322 	"remove admin ",
323 	"remove security-flags",
324 	NULL
325 };
326 
327 static const char *select_cmds[] = {
328 	"select fs ",
329 	"select net ",
330 	"select device ",
331 	"select rctl ",
332 	"select attr ",
333 	"select dataset ",
334 	"select dedicated-cpu",
335 	"select capped-cpu",
336 	"select capped-memory",
337 	"select admin",
338 	"select security-flags",
339 	NULL
340 };
341 
342 static const char *set_cmds[] = {
343 	"set zonename=",
344 	"set zonepath=",
345 	"set brand=",
346 	"set autoboot=",
347 	"set pool=",
348 	"set limitpriv=",
349 	"set bootargs=",
350 	"set scheduling-class=",
351 	"set ip-type=",
352 	"set " ALIAS_MAXLWPS "=",
353 	"set " ALIAS_MAXSHMMEM "=",
354 	"set " ALIAS_MAXSHMIDS "=",
355 	"set " ALIAS_MAXMSGIDS "=",
356 	"set " ALIAS_MAXSEMIDS "=",
357 	"set " ALIAS_SHARES "=",
358 	"set hostid=",
359 	"set fs-allowed=",
360 	"set " ALIAS_MAXPROCS "=",
361 	NULL
362 };
363 
364 static const char *info_cmds[] = {
365 	"info fs ",
366 	"info net ",
367 	"info device ",
368 	"info rctl ",
369 	"info attr ",
370 	"info dataset ",
371 	"info capped-memory",
372 	"info dedicated-cpu",
373 	"info capped-cpu",
374 	"info security-flags",
375 	"info zonename",
376 	"info zonepath",
377 	"info autoboot",
378 	"info pool",
379 	"info limitpriv",
380 	"info bootargs",
381 	"info brand",
382 	"info scheduling-class",
383 	"info ip-type",
384 	"info max-lwps",
385 	"info max-shm-memory",
386 	"info max-shm-ids",
387 	"info max-msg-ids",
388 	"info max-sem-ids",
389 	"info cpu-shares",
390 	"info hostid",
391 	"info admin",
392 	"info fs-allowed",
393 	"info max-processes",
394 	NULL
395 };
396 
397 static const char *fs_res_scope_cmds[] = {
398 	"add options ",
399 	"cancel",
400 	"end",
401 	"exit",
402 	"help",
403 	"info",
404 	"remove options ",
405 	"set dir=",
406 	"set raw=",
407 	"set special=",
408 	"set type=",
409 	"clear raw",
410 	NULL
411 };
412 
413 static const char *net_res_scope_cmds[] = {
414 	"cancel",
415 	"end",
416 	"exit",
417 	"help",
418 	"info",
419 	"set address=",
420 	"set allowed-address=",
421 	"set physical=",
422 	"set defrouter=",
423 	NULL
424 };
425 
426 static const char *device_res_scope_cmds[] = {
427 	"cancel",
428 	"end",
429 	"exit",
430 	"help",
431 	"info",
432 	"set match=",
433 	NULL
434 };
435 
436 static const char *attr_res_scope_cmds[] = {
437 	"cancel",
438 	"end",
439 	"exit",
440 	"help",
441 	"info",
442 	"set name=",
443 	"set type=",
444 	"set value=",
445 	NULL
446 };
447 
448 static const char *rctl_res_scope_cmds[] = {
449 	"add value ",
450 	"cancel",
451 	"end",
452 	"exit",
453 	"help",
454 	"info",
455 	"remove value ",
456 	"set name=",
457 	NULL
458 };
459 
460 static const char *dataset_res_scope_cmds[] = {
461 	"cancel",
462 	"end",
463 	"exit",
464 	"help",
465 	"info",
466 	"set name=",
467 	NULL
468 };
469 
470 static const char *pset_res_scope_cmds[] = {
471 	"cancel",
472 	"end",
473 	"exit",
474 	"help",
475 	"info",
476 	"set ncpus=",
477 	"set importance=",
478 	"clear importance",
479 	NULL
480 };
481 
482 static const char *pcap_res_scope_cmds[] = {
483 	"cancel",
484 	"end",
485 	"exit",
486 	"help",
487 	"info",
488 	"set ncpus=",
489 	NULL
490 };
491 
492 static const char *mcap_res_scope_cmds[] = {
493 	"cancel",
494 	"end",
495 	"exit",
496 	"help",
497 	"info",
498 	"set physical=",
499 	"set swap=",
500 	"set locked=",
501 	"clear physical",
502 	"clear swap",
503 	"clear locked",
504 	NULL
505 };
506 
507 static const char *admin_res_scope_cmds[] = {
508 	"cancel",
509 	"end",
510 	"exit",
511 	"help",
512 	"info",
513 	"set user=",
514 	"set auths=",
515 	NULL
516 };
517 
518 static const char *secflags_res_scope_cmds[] = {
519 	"cancel",
520 	"end",
521 	"exit",
522 	"set default=",
523 	"set lower=",
524 	"set upper=",
525 	NULL
526 };
527 
528 struct xif {
529 	struct xif	*xif_next;
530 	char		xif_name[LIFNAMSIZ];
531 	boolean_t	xif_has_address;
532 	boolean_t	xif_has_defrouter;
533 };
534 
535 /* Global variables */
536 
537 /* list of network interfaces specified for exclusive IP zone */
538 struct xif *xif;
539 
540 /* set early in main(), never modified thereafter, used all over the place */
541 static char *execname;
542 
543 /* set in main(), used all over the place */
544 static zone_dochandle_t handle;
545 
546 /* used all over the place */
547 static char zone[ZONENAME_MAX];
548 static char revert_zone[ZONENAME_MAX];
549 
550 /* global brand operations */
551 static brand_handle_t brand;
552 
553 /* set in modifying functions, checked in read_input() */
554 static boolean_t need_to_commit = B_FALSE;
555 boolean_t saw_error;
556 
557 /* set in yacc parser, checked in read_input() */
558 boolean_t newline_terminated;
559 
560 /* set in main(), checked in lex error handler */
561 boolean_t cmd_file_mode;
562 
563 /* set in exit_func(), checked in read_input() */
564 static boolean_t time_to_exit = B_FALSE, force_exit = B_FALSE;
565 
566 /* used in short_usage() and zerr() */
567 static char *cmd_file_name = NULL;
568 
569 /* checked in read_input() and other places */
570 static boolean_t ok_to_prompt = B_FALSE;
571 
572 /* set and checked in initialize() */
573 static boolean_t got_handle = B_FALSE;
574 
575 /* initialized in do_interactive(), checked in initialize() */
576 static boolean_t interactive_mode;
577 
578 /* set if configuring the global zone */
579 static boolean_t global_zone = B_FALSE;
580 
581 /* set in main(), checked in multiple places */
582 static boolean_t read_only_mode;
583 
584 /* scope is outer/global or inner/resource */
585 static boolean_t global_scope = B_TRUE;
586 static int resource_scope;	/* should be in the RT_ list from zonecfg.h */
587 static int end_op = -1;		/* operation on end is either add or modify */
588 
589 int num_prop_vals;		/* for grammar */
590 
591 /*
592  * These are for keeping track of resources as they are specified as part of
593  * the multi-step process.  They should be initialized by add_resource() or
594  * select_func() and filled in by add_property() or set_func().
595  */
596 static struct zone_fstab	old_fstab, in_progress_fstab;
597 static struct zone_nwiftab	old_nwiftab, in_progress_nwiftab;
598 static struct zone_devtab	old_devtab, in_progress_devtab;
599 static struct zone_rctltab	old_rctltab, in_progress_rctltab;
600 static struct zone_attrtab	old_attrtab, in_progress_attrtab;
601 static struct zone_dstab	old_dstab, in_progress_dstab;
602 static struct zone_psettab	old_psettab, in_progress_psettab;
603 static struct zone_mcaptab	old_mcaptab, in_progress_mcaptab;
604 static struct zone_admintab	old_admintab, in_progress_admintab;
605 static struct zone_secflagstab	old_secflagstab, in_progress_secflagstab;
606 
607 static GetLine *gl;	/* The gl_get_line() resource object */
608 
609 static void bytes_to_units(char *str, char *buf, int bufsize);
610 
611 /* Functions begin here */
612 
613 static boolean_t
initial_match(const char * line1,const char * line2,int word_end)614 initial_match(const char *line1, const char *line2, int word_end)
615 {
616 	if (word_end <= 0)
617 		return (B_TRUE);
618 	return (strncmp(line1, line2, word_end) == 0);
619 }
620 
621 static int
add_stuff(WordCompletion * cpl,const char * line1,const char ** list,int word_end)622 add_stuff(WordCompletion *cpl, const char *line1, const char **list,
623     int word_end)
624 {
625 	int i, err;
626 
627 	for (i = 0; list[i] != NULL; i++) {
628 		if (initial_match(line1, list[i], word_end)) {
629 			err = cpl_add_completion(cpl, line1, 0, word_end,
630 			    list[i] + word_end, "", "");
631 			if (err != 0)
632 				return (err);
633 		}
634 	}
635 	return (0);
636 }
637 
638 static
639 /* ARGSUSED */
CPL_MATCH_FN(cmd_cpl_fn)640 CPL_MATCH_FN(cmd_cpl_fn)
641 {
642 	if (global_scope) {
643 		/*
644 		 * The MAX/MIN tests below are to make sure we have at least
645 		 * enough characters to distinguish from other prefixes (MAX)
646 		 * but only check MIN(what we have, what we're checking).
647 		 */
648 		if (strncmp(line, "add ", MAX(MIN(word_end, 4), 1)) == 0)
649 			return (add_stuff(cpl, line, add_cmds, word_end));
650 		if (strncmp(line, "clear ", MAX(MIN(word_end, 6), 2)) == 0)
651 			return (add_stuff(cpl, line, clear_cmds, word_end));
652 		if (strncmp(line, "select ", MAX(MIN(word_end, 7), 3)) == 0)
653 			return (add_stuff(cpl, line, select_cmds, word_end));
654 		if (strncmp(line, "set ", MAX(MIN(word_end, 4), 3)) == 0)
655 			return (add_stuff(cpl, line, set_cmds, word_end));
656 		if (strncmp(line, "remove ", MAX(MIN(word_end, 7), 1)) == 0)
657 			return (add_stuff(cpl, line, remove_cmds, word_end));
658 		if (strncmp(line, "info ", MAX(MIN(word_end, 5), 1)) == 0)
659 			return (add_stuff(cpl, line, info_cmds, word_end));
660 		return (add_stuff(cpl, line, global_scope_cmds, word_end));
661 	}
662 	switch (resource_scope) {
663 	case RT_FS:
664 		return (add_stuff(cpl, line, fs_res_scope_cmds, word_end));
665 	case RT_NET:
666 		return (add_stuff(cpl, line, net_res_scope_cmds, word_end));
667 	case RT_DEVICE:
668 		return (add_stuff(cpl, line, device_res_scope_cmds, word_end));
669 	case RT_RCTL:
670 		return (add_stuff(cpl, line, rctl_res_scope_cmds, word_end));
671 	case RT_ATTR:
672 		return (add_stuff(cpl, line, attr_res_scope_cmds, word_end));
673 	case RT_DATASET:
674 		return (add_stuff(cpl, line, dataset_res_scope_cmds, word_end));
675 	case RT_DCPU:
676 		return (add_stuff(cpl, line, pset_res_scope_cmds, word_end));
677 	case RT_PCAP:
678 		return (add_stuff(cpl, line, pcap_res_scope_cmds, word_end));
679 	case RT_MCAP:
680 		return (add_stuff(cpl, line, mcap_res_scope_cmds, word_end));
681 	case RT_ADMIN:
682 		return (add_stuff(cpl, line, admin_res_scope_cmds, word_end));
683 	case RT_SECFLAGS:
684 		return (add_stuff(cpl, line, secflags_res_scope_cmds,
685 		    word_end));
686 
687 	}
688 	return (0);
689 }
690 
691 /*
692  * For the main CMD_func() functions below, several of them call getopt()
693  * then check optind against argc to make sure an extra parameter was not
694  * passed in.  The reason this is not caught in the grammar is that the
695  * grammar just checks for a miscellaneous TOKEN, which is *expected* to
696  * be "-F" (for example), but could be anything.  So (for example) this
697  * check will prevent "create bogus".
698  */
699 
700 cmd_t *
alloc_cmd(void)701 alloc_cmd(void)
702 {
703 	return (calloc(1, sizeof (cmd_t)));
704 }
705 
706 void
free_cmd(cmd_t * cmd)707 free_cmd(cmd_t *cmd)
708 {
709 	int i;
710 
711 	for (i = 0; i < MAX_EQ_PROP_PAIRS; i++)
712 		if (cmd->cmd_property_ptr[i] != NULL) {
713 			property_value_ptr_t pp = cmd->cmd_property_ptr[i];
714 
715 			switch (pp->pv_type) {
716 			case PROP_VAL_SIMPLE:
717 				free(pp->pv_simple);
718 				break;
719 			case PROP_VAL_COMPLEX:
720 				free_complex(pp->pv_complex);
721 				break;
722 			case PROP_VAL_LIST:
723 				free_list(pp->pv_list);
724 				break;
725 			}
726 		}
727 	for (i = 0; i < cmd->cmd_argc; i++)
728 		free(cmd->cmd_argv[i]);
729 	free(cmd);
730 }
731 
732 complex_property_ptr_t
alloc_complex(void)733 alloc_complex(void)
734 {
735 	return (calloc(1, sizeof (complex_property_t)));
736 }
737 
738 void
free_complex(complex_property_ptr_t complex)739 free_complex(complex_property_ptr_t complex)
740 {
741 	if (complex == NULL)
742 		return;
743 	free_complex(complex->cp_next);
744 	if (complex->cp_value != NULL)
745 		free(complex->cp_value);
746 	free(complex);
747 }
748 
749 list_property_ptr_t
alloc_list(void)750 alloc_list(void)
751 {
752 	return (calloc(1, sizeof (list_property_t)));
753 }
754 
755 void
free_list(list_property_ptr_t list)756 free_list(list_property_ptr_t list)
757 {
758 	if (list == NULL)
759 		return;
760 	if (list->lp_simple != NULL)
761 		free(list->lp_simple);
762 	free_complex(list->lp_complex);
763 	free_list(list->lp_next);
764 	free(list);
765 }
766 
767 void
free_outer_list(list_property_ptr_t list)768 free_outer_list(list_property_ptr_t list)
769 {
770 	if (list == NULL)
771 		return;
772 	free_outer_list(list->lp_next);
773 	free(list);
774 }
775 
776 static struct zone_rctlvaltab *
alloc_rctlvaltab(void)777 alloc_rctlvaltab(void)
778 {
779 	return (calloc(1, sizeof (struct zone_rctlvaltab)));
780 }
781 
782 static char *
rt_to_str(int res_type)783 rt_to_str(int res_type)
784 {
785 	assert(res_type >= RT_MIN && res_type <= RT_MAX);
786 	return (res_types[res_type]);
787 }
788 
789 static char *
pt_to_str(int prop_type)790 pt_to_str(int prop_type)
791 {
792 	assert(prop_type >= PT_MIN && prop_type <= PT_MAX);
793 	return (prop_types[prop_type]);
794 }
795 
796 static char *
pvt_to_str(int pv_type)797 pvt_to_str(int pv_type)
798 {
799 	assert(pv_type >= PROP_VAL_MIN && pv_type <= PROP_VAL_MAX);
800 	return (prop_val_types[pv_type]);
801 }
802 
803 static char *
cmd_to_str(int cmd_num)804 cmd_to_str(int cmd_num)
805 {
806 	assert(cmd_num >= CMD_MIN && cmd_num <= CMD_MAX);
807 	return (helptab[cmd_num].cmd_name);
808 }
809 
810 /* PRINTFLIKE1 */
811 static void
zerr(const char * fmt,...)812 zerr(const char *fmt, ...)
813 {
814 	va_list alist;
815 	static int last_lineno;
816 
817 	/* lex_lineno has already been incremented in the lexer; compensate */
818 	if (cmd_file_mode && lex_lineno > last_lineno) {
819 		if (strcmp(cmd_file_name, "-") == 0)
820 			(void) fprintf(stderr, gettext("On line %d:\n"),
821 			    lex_lineno - 1);
822 		else
823 			(void) fprintf(stderr, gettext("On line %d of %s:\n"),
824 			    lex_lineno - 1, cmd_file_name);
825 		last_lineno = lex_lineno;
826 	}
827 	va_start(alist, fmt);
828 	(void) vfprintf(stderr, fmt, alist);
829 	(void) fprintf(stderr, "\n");
830 	va_end(alist);
831 }
832 
833 /*
834  * This is a separate function rather than a set of define's because of the
835  * gettext() wrapping.
836  */
837 
838 /*
839  * TRANSLATION_NOTE
840  * Each string below should have \t follow \n whenever needed; the
841  * initial \t and the terminal \n will be provided by the calling function.
842  */
843 
844 static char *
long_help(int cmd_num)845 long_help(int cmd_num)
846 {
847 	static char line[1024];	/* arbitrary large amount */
848 
849 	assert(cmd_num >= CMD_MIN && cmd_num <= CMD_MAX);
850 	switch (cmd_num) {
851 		case CMD_HELP:
852 			return (gettext("Prints help message."));
853 		case CMD_CREATE:
854 			(void) snprintf(line, sizeof (line),
855 			    gettext("Creates a configuration for the "
856 			    "specified zone.  %s should be\n\tused to "
857 			    "begin configuring a new zone.  If overwriting an "
858 			    "existing\n\tconfiguration, the -F flag can be "
859 			    "used to force the action.  If\n\t-t template is "
860 			    "given, creates a configuration identical to the\n"
861 			    "\tspecified template, except that the zone name "
862 			    "is changed from\n\ttemplate to zonename.  '%s -a' "
863 			    "creates a configuration from a\n\tdetached "
864 			    "zonepath.  '%s -b' results in a blank "
865 			    "configuration.\n\t'%s' with no arguments applies "
866 			    "the Sun default settings."),
867 			    cmd_to_str(CMD_CREATE), cmd_to_str(CMD_CREATE),
868 			    cmd_to_str(CMD_CREATE), cmd_to_str(CMD_CREATE));
869 			return (line);
870 		case CMD_EXIT:
871 			return (gettext("Exits the program.  The -F flag can "
872 			    "be used to force the action."));
873 		case CMD_EXPORT:
874 			return (gettext("Prints configuration to standard "
875 			    "output, or to output-file if\n\tspecified, in "
876 			    "a form suitable for use in a command-file."));
877 		case CMD_ADD:
878 			return (gettext("Add specified resource to "
879 			    "configuration."));
880 		case CMD_DELETE:
881 			return (gettext("Deletes the specified zone.  The -F "
882 			    "flag can be used to force the\n\taction."));
883 		case CMD_REMOVE:
884 			return (gettext("Remove specified resource from "
885 			    "configuration.  The -F flag can be used\n\tto "
886 			    "force the action."));
887 		case CMD_SELECT:
888 			(void) snprintf(line, sizeof (line),
889 			    gettext("Selects a resource to modify.  "
890 			    "Resource modification is completed\n\twith the "
891 			    "command \"%s\".  The property name/value pairs "
892 			    "must uniquely\n\tidentify a resource.  Note that "
893 			    "the curly braces ('{', '}') mean one\n\tor more "
894 			    "of whatever is between them."),
895 			    cmd_to_str(CMD_END));
896 			return (line);
897 		case CMD_SET:
898 			return (gettext("Sets property values."));
899 		case CMD_CLEAR:
900 			return (gettext("Clears property values."));
901 		case CMD_INFO:
902 			return (gettext("Displays information about the "
903 			    "current configuration.  If resource\n\ttype is "
904 			    "specified, displays only information about "
905 			    "resources of\n\tthe relevant type.  If resource "
906 			    "id is specified, displays only\n\tinformation "
907 			    "about that resource."));
908 		case CMD_VERIFY:
909 			return (gettext("Verifies current configuration "
910 			    "for correctness (some resource types\n\thave "
911 			    "required properties)."));
912 		case CMD_COMMIT:
913 			(void) snprintf(line, sizeof (line),
914 			    gettext("Commits current configuration.  "
915 			    "Configuration must be committed to\n\tbe used by "
916 			    "%s.  Until the configuration is committed, "
917 			    "changes \n\tcan be removed with the %s "
918 			    "command.  This operation is\n\tattempted "
919 			    "automatically upon completion of a %s "
920 			    "session."), "zoneadm", cmd_to_str(CMD_REVERT),
921 			    "zonecfg");
922 			return (line);
923 		case CMD_REVERT:
924 			return (gettext("Reverts configuration back to the "
925 			    "last committed state.  The -F flag\n\tcan be "
926 			    "used to force the action."));
927 		case CMD_CANCEL:
928 			return (gettext("Cancels resource/property "
929 			    "specification."));
930 		case CMD_END:
931 			return (gettext("Ends resource/property "
932 			    "specification."));
933 	}
934 	/* NOTREACHED */
935 	return (NULL);
936 }
937 
938 /*
939  * Return the input filename appended to each component of the path
940  * or the filename itself if it is absolute.
941  * Parameters: path string, file name, output string.
942  */
943 /* Copied almost verbatim from libtnfctl/prb_findexec.c */
944 static const char *
exec_cat(const char * s1,const char * s2,char * si)945 exec_cat(const char *s1, const char *s2, char *si)
946 {
947 	char		   *s;
948 	/* Number of remaining characters in s */
949 	int			 cnt = PATH_MAX + 1;
950 
951 	s = si;
952 	while (*s1 && *s1 != ':') { /* Copy first component of path to si */
953 		if (cnt > 0) {
954 			*s++ = *s1++;
955 			cnt--;
956 		} else {
957 			s1++;
958 		}
959 	}
960 	if (si != s && cnt > 0) { /* Add slash if s2 is not absolute */
961 		*s++ = '/';
962 		cnt--;
963 	}
964 	while (*s2 && cnt > 0) { /* Copy s2 to si */
965 		*s++ = *s2++;
966 		cnt--;
967 	}
968 	*s = '\0';  /* Terminate the output string */
969 	return (*s1 ? ++s1 : NULL);  /* Return next path component or NULL */
970 }
971 
972 /* Determine that a name exists in PATH */
973 /* Copied with changes from libtnfctl/prb_findexec.c */
974 static int
path_find(const char * name)975 path_find(const char *name)
976 {
977 	const char	 *pathstr;
978 	char		fname[PATH_MAX + 2];
979 	const char	 *cp;
980 	struct stat	 stat_buf;
981 
982 	if ((pathstr = getenv("PATH")) == NULL) {
983 		if (geteuid() == 0 || getuid() == 0)
984 			pathstr = "/usr/sbin:/usr/bin";
985 		else
986 			pathstr = "/usr/bin:";
987 	}
988 	cp = strchr(name, '/') ? (const char *) "" : pathstr;
989 
990 	do {
991 		cp = exec_cat(cp, name, fname);
992 		if (stat(fname, &stat_buf) != -1) {
993 			/* successful find of the file */
994 			return (0);
995 		}
996 	} while (cp != NULL);
997 
998 	return (-1);
999 }
1000 
1001 static FILE *
pager_open(void)1002 pager_open(void)
1003 {
1004 	FILE *newfp;
1005 	char *pager, *space;
1006 
1007 	pager = getenv("PAGER");
1008 	if (pager == NULL || *pager == '\0')
1009 		pager = PAGER;
1010 
1011 	space = strchr(pager, ' ');
1012 	if (space)
1013 		*space = '\0';
1014 	if (path_find(pager) == 0) {
1015 		if (space)
1016 			*space = ' ';
1017 		if ((newfp = popen(pager, "w")) == NULL)
1018 			zerr(gettext("PAGER open failed (%s)."),
1019 			    strerror(errno));
1020 		return (newfp);
1021 	} else {
1022 		zerr(gettext("PAGER %s does not exist (%s)."),
1023 		    pager, strerror(errno));
1024 	}
1025 	return (NULL);
1026 }
1027 
1028 static void
pager_close(FILE * fp)1029 pager_close(FILE *fp)
1030 {
1031 	int status;
1032 
1033 	status = pclose(fp);
1034 	if (status == -1)
1035 		zerr(gettext("PAGER close failed (%s)."),
1036 		    strerror(errno));
1037 }
1038 
1039 /*
1040  * Called with verbose TRUE when help is explicitly requested, FALSE for
1041  * unexpected errors.
1042  */
1043 
1044 void
usage(boolean_t verbose,uint_t flags)1045 usage(boolean_t verbose, uint_t flags)
1046 {
1047 	FILE *fp = verbose ? stdout : stderr;
1048 	FILE *newfp;
1049 	boolean_t need_to_close = B_FALSE;
1050 	int i;
1051 
1052 	/* don't page error output */
1053 	if (verbose && interactive_mode) {
1054 		if ((newfp = pager_open()) != NULL) {
1055 			need_to_close = B_TRUE;
1056 			fp = newfp;
1057 		}
1058 	}
1059 
1060 	if (flags & HELP_META) {
1061 		(void) fprintf(fp, gettext("More help is available for the "
1062 		    "following:\n"));
1063 		(void) fprintf(fp, "\n\tcommands ('%s commands')\n",
1064 		    cmd_to_str(CMD_HELP));
1065 		(void) fprintf(fp, "\tsyntax ('%s syntax')\n",
1066 		    cmd_to_str(CMD_HELP));
1067 		(void) fprintf(fp, "\tusage ('%s usage')\n\n",
1068 		    cmd_to_str(CMD_HELP));
1069 		(void) fprintf(fp, gettext("You may also obtain help on any "
1070 		    "command by typing '%s <command-name>.'\n"),
1071 		    cmd_to_str(CMD_HELP));
1072 	}
1073 	if (flags & HELP_RES_SCOPE) {
1074 		switch (resource_scope) {
1075 		case RT_FS:
1076 			(void) fprintf(fp, gettext("The '%s' resource scope is "
1077 			    "used to configure a file-system.\n"),
1078 			    rt_to_str(resource_scope));
1079 			(void) fprintf(fp, gettext("Valid commands:\n"));
1080 			(void) fprintf(fp, "\t%s %s=%s\n", cmd_to_str(CMD_SET),
1081 			    pt_to_str(PT_DIR), gettext("<path>"));
1082 			(void) fprintf(fp, "\t%s %s=%s\n", cmd_to_str(CMD_SET),
1083 			    pt_to_str(PT_SPECIAL), gettext("<path>"));
1084 			(void) fprintf(fp, "\t%s %s=%s\n", cmd_to_str(CMD_SET),
1085 			    pt_to_str(PT_RAW), gettext("<raw-device>"));
1086 			(void) fprintf(fp, "\t%s %s=%s\n", cmd_to_str(CMD_SET),
1087 			    pt_to_str(PT_TYPE), gettext("<file-system type>"));
1088 			(void) fprintf(fp, "\t%s %s %s\n", cmd_to_str(CMD_ADD),
1089 			    pt_to_str(PT_OPTIONS),
1090 			    gettext("<file-system options>"));
1091 			(void) fprintf(fp, "\t%s %s %s\n",
1092 			    cmd_to_str(CMD_REMOVE), pt_to_str(PT_OPTIONS),
1093 			    gettext("<file-system options>"));
1094 			(void) fprintf(fp, gettext("Consult the file-system "
1095 			    "specific manual page, such as mount_ufs(8), "
1096 			    "for\ndetails about file-system options.  Note "
1097 			    "that any file-system options with an\nembedded "
1098 			    "'=' character must be enclosed in double quotes, "
1099 			    /*CSTYLED*/
1100 			    "such as \"%s=5\".\n"), MNTOPT_RETRY);
1101 			break;
1102 		case RT_NET:
1103 			(void) fprintf(fp, gettext("The '%s' resource scope is "
1104 			    "used to configure a network interface.\n"),
1105 			    rt_to_str(resource_scope));
1106 			(void) fprintf(fp, gettext("Valid commands:\n"));
1107 			(void) fprintf(fp, "\t%s %s=%s\n", cmd_to_str(CMD_SET),
1108 			    pt_to_str(PT_ADDRESS), gettext("<IP-address>"));
1109 			(void) fprintf(fp, "\t%s %s=%s\n", cmd_to_str(CMD_SET),
1110 			    pt_to_str(PT_ALLOWED_ADDRESS),
1111 			    gettext("<IP-address>"));
1112 			(void) fprintf(fp, "\t%s %s=%s\n", cmd_to_str(CMD_SET),
1113 			    pt_to_str(PT_PHYSICAL), gettext("<interface>"));
1114 			(void) fprintf(fp, gettext("See ifconfig(8) for "
1115 			    "details of the <interface> string.\n"));
1116 			(void) fprintf(fp, gettext("%s %s is valid "
1117 			    "if the %s property is set to %s, otherwise it "
1118 			    "must not be set.\n"),
1119 			    cmd_to_str(CMD_SET), pt_to_str(PT_ADDRESS),
1120 			    pt_to_str(PT_IPTYPE), gettext("shared"));
1121 			(void) fprintf(fp, gettext("%s %s is valid "
1122 			    "if the %s property is set to %s, otherwise it "
1123 			    "must not be set.\n"),
1124 			    cmd_to_str(CMD_SET), pt_to_str(PT_ALLOWED_ADDRESS),
1125 			    pt_to_str(PT_IPTYPE), gettext("exclusive"));
1126 			(void) fprintf(fp, gettext("\t%s %s=%s\n%s %s "
1127 			    "is valid if the %s or %s property is set, "
1128 			    "otherwise it must not be set\n"),
1129 			    cmd_to_str(CMD_SET),
1130 			    pt_to_str(PT_DEFROUTER), gettext("<IP-address>"),
1131 			    cmd_to_str(CMD_SET), pt_to_str(PT_DEFROUTER),
1132 			    gettext(pt_to_str(PT_ADDRESS)),
1133 			    gettext(pt_to_str(PT_ALLOWED_ADDRESS)));
1134 			break;
1135 		case RT_DEVICE:
1136 			(void) fprintf(fp, gettext("The '%s' resource scope is "
1137 			    "used to configure a device node.\n"),
1138 			    rt_to_str(resource_scope));
1139 			(void) fprintf(fp, gettext("Valid commands:\n"));
1140 			(void) fprintf(fp, "\t%s %s=%s\n", cmd_to_str(CMD_SET),
1141 			    pt_to_str(PT_MATCH), gettext("<device-path>"));
1142 			break;
1143 		case RT_RCTL:
1144 			(void) fprintf(fp, gettext("The '%s' resource scope is "
1145 			    "used to configure a resource control.\n"),
1146 			    rt_to_str(resource_scope));
1147 			(void) fprintf(fp, gettext("Valid commands:\n"));
1148 			(void) fprintf(fp, "\t%s %s=%s\n", cmd_to_str(CMD_SET),
1149 			    pt_to_str(PT_NAME), gettext("<string>"));
1150 			(void) fprintf(fp, "\t%s %s (%s=%s,%s=%s,%s=%s)\n",
1151 			    cmd_to_str(CMD_ADD), pt_to_str(PT_VALUE),
1152 			    pt_to_str(PT_PRIV), gettext("<priv-value>"),
1153 			    pt_to_str(PT_LIMIT), gettext("<number>"),
1154 			    pt_to_str(PT_ACTION), gettext("<action-value>"));
1155 			(void) fprintf(fp, "\t%s %s (%s=%s,%s=%s,%s=%s)\n",
1156 			    cmd_to_str(CMD_REMOVE), pt_to_str(PT_VALUE),
1157 			    pt_to_str(PT_PRIV), gettext("<priv-value>"),
1158 			    pt_to_str(PT_LIMIT), gettext("<number>"),
1159 			    pt_to_str(PT_ACTION), gettext("<action-value>"));
1160 			(void) fprintf(fp, "%s\n\t%s := privileged\n"
1161 			    "\t%s := none | deny\n", gettext("Where"),
1162 			    gettext("<priv-value>"), gettext("<action-value>"));
1163 			break;
1164 		case RT_ATTR:
1165 			(void) fprintf(fp, gettext("The '%s' resource scope is "
1166 			    "used to configure a generic attribute.\n"),
1167 			    rt_to_str(resource_scope));
1168 			(void) fprintf(fp, gettext("Valid commands:\n"));
1169 			(void) fprintf(fp, "\t%s %s=%s\n", cmd_to_str(CMD_SET),
1170 			    pt_to_str(PT_NAME), gettext("<name>"));
1171 			(void) fprintf(fp, "\t%s %s=boolean\n",
1172 			    cmd_to_str(CMD_SET), pt_to_str(PT_TYPE));
1173 			(void) fprintf(fp, "\t%s %s=true | false\n",
1174 			    cmd_to_str(CMD_SET), pt_to_str(PT_VALUE));
1175 			(void) fprintf(fp, gettext("or\n"));
1176 			(void) fprintf(fp, "\t%s %s=int\n", cmd_to_str(CMD_SET),
1177 			    pt_to_str(PT_TYPE));
1178 			(void) fprintf(fp, "\t%s %s=%s\n", cmd_to_str(CMD_SET),
1179 			    pt_to_str(PT_VALUE), gettext("<integer>"));
1180 			(void) fprintf(fp, gettext("or\n"));
1181 			(void) fprintf(fp, "\t%s %s=string\n",
1182 			    cmd_to_str(CMD_SET), pt_to_str(PT_TYPE));
1183 			(void) fprintf(fp, "\t%s %s=%s\n", cmd_to_str(CMD_SET),
1184 			    pt_to_str(PT_VALUE), gettext("<string>"));
1185 			(void) fprintf(fp, gettext("or\n"));
1186 			(void) fprintf(fp, "\t%s %s=uint\n",
1187 			    cmd_to_str(CMD_SET), pt_to_str(PT_TYPE));
1188 			(void) fprintf(fp, "\t%s %s=%s\n", cmd_to_str(CMD_SET),
1189 			    pt_to_str(PT_VALUE), gettext("<unsigned integer>"));
1190 			break;
1191 		case RT_DATASET:
1192 			(void) fprintf(fp, gettext("The '%s' resource scope is "
1193 			    "used to export ZFS datasets.\n"),
1194 			    rt_to_str(resource_scope));
1195 			(void) fprintf(fp, gettext("Valid commands:\n"));
1196 			(void) fprintf(fp, "\t%s %s=%s\n", cmd_to_str(CMD_SET),
1197 			    pt_to_str(PT_NAME), gettext("<name>"));
1198 			break;
1199 		case RT_DCPU:
1200 			(void) fprintf(fp, gettext("The '%s' resource scope "
1201 			    "configures the 'pools' facility to dedicate\na "
1202 			    "subset of the system's processors to this zone "
1203 			    "while it is running.\n"),
1204 			    rt_to_str(resource_scope));
1205 			(void) fprintf(fp, gettext("Valid commands:\n"));
1206 			(void) fprintf(fp, "\t%s %s=%s\n", cmd_to_str(CMD_SET),
1207 			    pt_to_str(PT_NCPUS),
1208 			    gettext("<unsigned integer | range>"));
1209 			(void) fprintf(fp, "\t%s %s=%s\n", cmd_to_str(CMD_SET),
1210 			    pt_to_str(PT_IMPORTANCE),
1211 			    gettext("<unsigned integer>"));
1212 			break;
1213 		case RT_PCAP:
1214 			(void) fprintf(fp, gettext("The '%s' resource scope is "
1215 			    "used to set an upper limit (a cap) on the\n"
1216 			    "percentage of CPU that can be used by this zone.  "
1217 			    "A '%s' value of 1\ncorresponds to one cpu.  The "
1218 			    "value can be set higher than 1, up to the total\n"
1219 			    "number of CPUs on the system.  The value can "
1220 			    "also be less than 1,\nrepresenting a fraction of "
1221 			    "a cpu.\n"),
1222 			    rt_to_str(resource_scope), pt_to_str(PT_NCPUS));
1223 			(void) fprintf(fp, gettext("Valid commands:\n"));
1224 			(void) fprintf(fp, "\t%s %s=%s\n", cmd_to_str(CMD_SET),
1225 			    pt_to_str(PT_NCPUS), gettext("<unsigned decimal>"));
1226 			break;
1227 		case RT_MCAP:
1228 			(void) fprintf(fp, gettext("The '%s' resource scope is "
1229 			    "used to set an upper limit (a cap) on the\n"
1230 			    "amount of physical memory, swap space and locked "
1231 			    "memory that can be used by\nthis zone.\n"),
1232 			    rt_to_str(resource_scope));
1233 			(void) fprintf(fp, gettext("Valid commands:\n"));
1234 			(void) fprintf(fp, "\t%s %s=%s\n", cmd_to_str(CMD_SET),
1235 			    pt_to_str(PT_PHYSICAL),
1236 			    gettext("<qualified unsigned decimal>"));
1237 			(void) fprintf(fp, "\t%s %s=%s\n", cmd_to_str(CMD_SET),
1238 			    pt_to_str(PT_SWAP),
1239 			    gettext("<qualified unsigned decimal>"));
1240 			(void) fprintf(fp, "\t%s %s=%s\n", cmd_to_str(CMD_SET),
1241 			    pt_to_str(PT_LOCKED),
1242 			    gettext("<qualified unsigned decimal>"));
1243 			break;
1244 		case RT_ADMIN:
1245 			(void) fprintf(fp, gettext("The '%s' resource scope is "
1246 			    "used to delegate specific zone management\n"
1247 			    "rights to users and roles. These rights are "
1248 			    "only applicable to this zone.\n"),
1249 			    rt_to_str(resource_scope));
1250 			(void) fprintf(fp, gettext("Valid commands:\n"));
1251 			(void) fprintf(fp, "\t%s %s=%s\n", cmd_to_str(CMD_SET),
1252 			    pt_to_str(PT_USER),
1253 			    gettext("<single user or role name>"));
1254 			(void) fprintf(fp, "\t%s %s=%s\n", cmd_to_str(CMD_SET),
1255 			    pt_to_str(PT_AUTHS),
1256 			    gettext("<comma separated list>"));
1257 			break;
1258 		case RT_SECFLAGS:
1259 			(void) fprintf(fp, gettext("The '%s' resource scope is "
1260 			    "used to specify the default security-flags\n"
1261 			    "of this zone, and their upper and lower bound.\n"),
1262 			    rt_to_str(resource_scope));
1263 			(void) fprintf(fp, "\t%s %s=%s\n",
1264 			    cmd_to_str(CMD_SET), pt_to_str(PT_DEFAULT),
1265 			    gettext("<security flags>"));
1266 			(void) fprintf(fp, "\t%s %s=%s\n",
1267 			    cmd_to_str(CMD_SET), pt_to_str(PT_LOWER),
1268 			    gettext("<security flags>"));
1269 			(void) fprintf(fp, "\t%s %s=%s\n",
1270 			    cmd_to_str(CMD_SET), pt_to_str(PT_UPPER),
1271 			    gettext("<security flags>"));
1272 			break;
1273 		}
1274 		(void) fprintf(fp, gettext("And from any resource scope, you "
1275 		    "can:\n"));
1276 		(void) fprintf(fp, "\t%s\t%s\n", cmd_to_str(CMD_END),
1277 		    gettext("(to conclude this operation)"));
1278 		(void) fprintf(fp, "\t%s\t%s\n", cmd_to_str(CMD_CANCEL),
1279 		    gettext("(to cancel this operation)"));
1280 		(void) fprintf(fp, "\t%s\t%s\n", cmd_to_str(CMD_EXIT),
1281 		    gettext("(to exit the zonecfg utility)"));
1282 	}
1283 	if (flags & HELP_USAGE) {
1284 		(void) fprintf(fp, "%s:\t%s %s\n", gettext("usage"),
1285 		    execname, cmd_to_str(CMD_HELP));
1286 		(void) fprintf(fp, "\t%s -z <zone>\t\t\t(%s)\n",
1287 		    execname, gettext("interactive"));
1288 		(void) fprintf(fp, "\t%s -z <zone> <command>\n", execname);
1289 		(void) fprintf(fp, "\t%s -z <zone> -f <command-file>\n",
1290 		    execname);
1291 	}
1292 	if (flags & HELP_SUBCMDS) {
1293 		(void) fprintf(fp, "%s:\n\n", gettext("Commands"));
1294 		for (i = 0; i <= CMD_MAX; i++) {
1295 			(void) fprintf(fp, "%s\n", helptab[i].short_usage);
1296 			if (verbose)
1297 				(void) fprintf(fp, "\t%s\n\n", long_help(i));
1298 		}
1299 	}
1300 	if (flags & HELP_SYNTAX) {
1301 		if (!verbose)
1302 			(void) fprintf(fp, "\n");
1303 		(void) fprintf(fp, "<zone> := [A-Za-z0-9][A-Za-z0-9_.-]*\n");
1304 		(void) fprintf(fp, gettext("\t(except the reserved words "
1305 		    "'%s' and anything starting with '%s')\n"), "global",
1306 		    "SUNW");
1307 		(void) fprintf(fp,
1308 		    gettext("\tName must be less than %d characters.\n"),
1309 		    ZONENAME_MAX);
1310 		if (verbose)
1311 			(void) fprintf(fp, "\n");
1312 	}
1313 	if (flags & HELP_NETADDR) {
1314 		(void) fprintf(fp, gettext("\n<net-addr> :="));
1315 		(void) fprintf(fp,
1316 		    gettext("\t<IPv4-address>[/<IPv4-prefix-length>] |\n"));
1317 		(void) fprintf(fp,
1318 		    gettext("\t\t<IPv6-address>/<IPv6-prefix-length> |\n"));
1319 		(void) fprintf(fp,
1320 		    gettext("\t\t<hostname>[/<IPv4-prefix-length>]\n"));
1321 		(void) fprintf(fp, gettext("See inet(3SOCKET) for IPv4 and "
1322 		    "IPv6 address syntax.\n"));
1323 		(void) fprintf(fp, gettext("<IPv4-prefix-length> := [0-32]\n"));
1324 		(void) fprintf(fp,
1325 		    gettext("<IPv6-prefix-length> := [0-128]\n"));
1326 		(void) fprintf(fp,
1327 		    gettext("<hostname> := [A-Za-z0-9][A-Za-z0-9-.]*\n"));
1328 	}
1329 	if (flags & HELP_RESOURCES) {
1330 		(void) fprintf(fp, "<%s> := %s | %s | %s | %s | %s |\n\t"
1331 		    "%s | %s | %s | %s | %s\n\n",
1332 		    gettext("resource type"), rt_to_str(RT_FS),
1333 		    rt_to_str(RT_NET), rt_to_str(RT_DEVICE),
1334 		    rt_to_str(RT_RCTL), rt_to_str(RT_ATTR),
1335 		    rt_to_str(RT_DATASET), rt_to_str(RT_DCPU),
1336 		    rt_to_str(RT_PCAP), rt_to_str(RT_MCAP),
1337 		    rt_to_str(RT_ADMIN), rt_to_str(RT_SECFLAGS));
1338 	}
1339 	if (flags & HELP_PROPS) {
1340 		(void) fprintf(fp, gettext("For resource type ... there are "
1341 		    "property types ...:\n"));
1342 		(void) fprintf(fp, "\t%s\t%s\n", gettext("(global)"),
1343 		    pt_to_str(PT_ZONENAME));
1344 		(void) fprintf(fp, "\t%s\t%s\n", gettext("(global)"),
1345 		    pt_to_str(PT_ZONEPATH));
1346 		(void) fprintf(fp, "\t%s\t%s\n", gettext("(global)"),
1347 		    pt_to_str(PT_BRAND));
1348 		(void) fprintf(fp, "\t%s\t%s\n", gettext("(global)"),
1349 		    pt_to_str(PT_AUTOBOOT));
1350 		(void) fprintf(fp, "\t%s\t%s\n", gettext("(global)"),
1351 		    pt_to_str(PT_BOOTARGS));
1352 		(void) fprintf(fp, "\t%s\t%s\n", gettext("(global)"),
1353 		    pt_to_str(PT_POOL));
1354 		(void) fprintf(fp, "\t%s\t%s\n", gettext("(global)"),
1355 		    pt_to_str(PT_LIMITPRIV));
1356 		(void) fprintf(fp, "\t%s\t%s\n", gettext("(global)"),
1357 		    pt_to_str(PT_SCHED));
1358 		(void) fprintf(fp, "\t%s\t%s\n", gettext("(global)"),
1359 		    pt_to_str(PT_IPTYPE));
1360 		(void) fprintf(fp, "\t%s\t%s\n", gettext("(global)"),
1361 		    pt_to_str(PT_HOSTID));
1362 		(void) fprintf(fp, "\t%s\t%s\n", gettext("(global)"),
1363 		    pt_to_str(PT_FS_ALLOWED));
1364 		(void) fprintf(fp, "\t%s\t%s\n", gettext("(global)"),
1365 		    pt_to_str(PT_MAXLWPS));
1366 		(void) fprintf(fp, "\t%s\t%s\n", gettext("(global)"),
1367 		    pt_to_str(PT_MAXPROCS));
1368 		(void) fprintf(fp, "\t%s\t%s\n", gettext("(global)"),
1369 		    pt_to_str(PT_MAXSHMMEM));
1370 		(void) fprintf(fp, "\t%s\t%s\n", gettext("(global)"),
1371 		    pt_to_str(PT_MAXSHMIDS));
1372 		(void) fprintf(fp, "\t%s\t%s\n", gettext("(global)"),
1373 		    pt_to_str(PT_MAXMSGIDS));
1374 		(void) fprintf(fp, "\t%s\t%s\n", gettext("(global)"),
1375 		    pt_to_str(PT_MAXSEMIDS));
1376 		(void) fprintf(fp, "\t%s\t%s\n", gettext("(global)"),
1377 		    pt_to_str(PT_SHARES));
1378 		(void) fprintf(fp, "\t%s\t\t%s, %s, %s, %s, %s\n",
1379 		    rt_to_str(RT_FS), pt_to_str(PT_DIR),
1380 		    pt_to_str(PT_SPECIAL), pt_to_str(PT_RAW),
1381 		    pt_to_str(PT_TYPE), pt_to_str(PT_OPTIONS));
1382 		(void) fprintf(fp, "\t%s\t\t%s, %s, %s|%s\n", rt_to_str(RT_NET),
1383 		    pt_to_str(PT_ADDRESS), pt_to_str(PT_ALLOWED_ADDRESS),
1384 		    pt_to_str(PT_PHYSICAL), pt_to_str(PT_DEFROUTER));
1385 		(void) fprintf(fp, "\t%s\t\t%s\n", rt_to_str(RT_DEVICE),
1386 		    pt_to_str(PT_MATCH));
1387 		(void) fprintf(fp, "\t%s\t\t%s, %s\n", rt_to_str(RT_RCTL),
1388 		    pt_to_str(PT_NAME), pt_to_str(PT_VALUE));
1389 		(void) fprintf(fp, "\t%s\t\t%s, %s, %s\n", rt_to_str(RT_ATTR),
1390 		    pt_to_str(PT_NAME), pt_to_str(PT_TYPE),
1391 		    pt_to_str(PT_VALUE));
1392 		(void) fprintf(fp, "\t%s\t\t%s\n", rt_to_str(RT_DATASET),
1393 		    pt_to_str(PT_NAME));
1394 		(void) fprintf(fp, "\t%s\t%s, %s\n", rt_to_str(RT_DCPU),
1395 		    pt_to_str(PT_NCPUS), pt_to_str(PT_IMPORTANCE));
1396 		(void) fprintf(fp, "\t%s\t%s\n", rt_to_str(RT_PCAP),
1397 		    pt_to_str(PT_NCPUS));
1398 		(void) fprintf(fp, "\t%s\t%s, %s, %s\n", rt_to_str(RT_MCAP),
1399 		    pt_to_str(PT_PHYSICAL), pt_to_str(PT_SWAP),
1400 		    pt_to_str(PT_LOCKED));
1401 		(void) fprintf(fp, "\t%s\t\t%s, %s\n", rt_to_str(RT_ADMIN),
1402 		    pt_to_str(PT_USER), pt_to_str(PT_AUTHS));
1403 		(void) fprintf(fp, "\t%s\t\t%s, %s, %s\n",
1404 		    rt_to_str(RT_SECFLAGS), pt_to_str(PT_DEFAULT),
1405 		    pt_to_str(PT_LOWER), pt_to_str(PT_UPPER));
1406 	}
1407 	if (need_to_close)
1408 		(void) pager_close(fp);
1409 }
1410 
1411 static void
zone_perror(char * prefix,int err,boolean_t set_saw)1412 zone_perror(char *prefix, int err, boolean_t set_saw)
1413 {
1414 	zerr("%s: %s", prefix, zonecfg_strerror(err));
1415 	if (set_saw)
1416 		saw_error = B_TRUE;
1417 }
1418 
1419 /*
1420  * zone_perror() expects a single string, but for remove and select
1421  * we have both the command and the resource type, so this wrapper
1422  * function serves the same purpose in a slightly different way.
1423  */
1424 
1425 static void
z_cmd_rt_perror(int cmd_num,int res_num,int err,boolean_t set_saw)1426 z_cmd_rt_perror(int cmd_num, int res_num, int err, boolean_t set_saw)
1427 {
1428 	zerr("%s %s: %s", cmd_to_str(cmd_num), rt_to_str(res_num),
1429 	    zonecfg_strerror(err));
1430 	if (set_saw)
1431 		saw_error = B_TRUE;
1432 }
1433 
1434 /* returns Z_OK if successful, Z_foo from <libzonecfg.h> otherwise */
1435 static int
initialize(boolean_t handle_expected)1436 initialize(boolean_t handle_expected)
1437 {
1438 	int err;
1439 	char brandname[MAXNAMELEN];
1440 
1441 	if (zonecfg_check_handle(handle) != Z_OK) {
1442 		if ((err = zonecfg_get_handle(zone, handle)) == Z_OK) {
1443 			got_handle = B_TRUE;
1444 			if (zonecfg_get_brand(handle, brandname,
1445 			    sizeof (brandname)) != Z_OK) {
1446 				zerr("Zone %s is inconsistent: missing "
1447 				    "brand attribute", zone);
1448 				exit(Z_ERR);
1449 			}
1450 			if ((brand = brand_open(brandname)) == NULL) {
1451 				zerr("Zone %s uses non-existent brand \"%s\"."
1452 				    "  Unable to continue", zone, brandname);
1453 				exit(Z_ERR);
1454 			}
1455 			/*
1456 			 * If the user_attr file is newer than
1457 			 * the zone config file, the admins
1458 			 * may need to be updated since the
1459 			 * RBAC files are authoritative for
1460 			 * authorization checks.
1461 			 */
1462 			err = zonecfg_update_userauths(handle, zone);
1463 			if (err == Z_OK) {
1464 				zerr(gettext("The administrative rights "
1465 				    "were updated to match "
1466 				    "the current RBAC configuration.\n"
1467 				    "Use \"info admin\" and \"revert\" to "
1468 				    "compare with the previous settings."));
1469 				need_to_commit = B_TRUE;
1470 			} else if (err != Z_NO_ENTRY) {
1471 				zerr(gettext("failed to update "
1472 				    "admin  rights."));
1473 				exit(Z_ERR);
1474 			} else if (need_to_commit) {
1475 				zerr(gettext("admin rights were updated "
1476 				    "to match RBAC configuration."));
1477 			}
1478 
1479 		} else if (global_zone && err == Z_NO_ZONE && !got_handle &&
1480 		    !read_only_mode) {
1481 			/*
1482 			 * We implicitly create the global zone config if it
1483 			 * doesn't exist.
1484 			 */
1485 			zone_dochandle_t tmphandle;
1486 
1487 			if ((tmphandle = zonecfg_init_handle()) == NULL) {
1488 				zone_perror(execname, Z_NOMEM, B_TRUE);
1489 				exit(Z_ERR);
1490 			}
1491 
1492 			err = zonecfg_get_template_handle("SUNWblank", zone,
1493 			    tmphandle);
1494 
1495 			if (err != Z_OK) {
1496 				zonecfg_fini_handle(tmphandle);
1497 				zone_perror("SUNWblank", err, B_TRUE);
1498 				return (err);
1499 			}
1500 
1501 			need_to_commit = B_TRUE;
1502 			zonecfg_fini_handle(handle);
1503 			handle = tmphandle;
1504 			got_handle = B_TRUE;
1505 
1506 		} else {
1507 			zone_perror(zone, err, handle_expected || got_handle);
1508 			if (err == Z_NO_ZONE && !got_handle &&
1509 			    interactive_mode && !read_only_mode)
1510 				(void) printf(gettext("Use '%s' to begin "
1511 				    "configuring a new zone.\n"),
1512 				    cmd_to_str(CMD_CREATE));
1513 			return (err);
1514 		}
1515 	}
1516 	return (Z_OK);
1517 }
1518 
1519 static boolean_t
state_atleast(zone_state_t state)1520 state_atleast(zone_state_t state)
1521 {
1522 	zone_state_t state_num;
1523 	int err;
1524 
1525 	if ((err = zone_get_state(zone, &state_num)) != Z_OK) {
1526 		/* all states are greater than "non-existent" */
1527 		if (err == Z_NO_ZONE)
1528 			return (B_FALSE);
1529 		zerr(gettext("Unexpectedly failed to determine state "
1530 		    "of zone %s: %s"), zone, zonecfg_strerror(err));
1531 		exit(Z_ERR);
1532 	}
1533 	return (state_num >= state);
1534 }
1535 
1536 /*
1537  * short_usage() is for bad syntax: getopt() issues, too many arguments, etc.
1538  */
1539 
1540 void
short_usage(int command)1541 short_usage(int command)
1542 {
1543 	/* lex_lineno has already been incremented in the lexer; compensate */
1544 	if (cmd_file_mode) {
1545 		if (strcmp(cmd_file_name, "-") == 0)
1546 			(void) fprintf(stderr,
1547 			    gettext("syntax error on line %d\n"),
1548 			    lex_lineno - 1);
1549 		else
1550 			(void) fprintf(stderr,
1551 			    gettext("syntax error on line %d of %s\n"),
1552 			    lex_lineno - 1, cmd_file_name);
1553 	}
1554 	(void) fprintf(stderr, "%s:\n%s\n", gettext("usage"),
1555 	    helptab[command].short_usage);
1556 	saw_error = B_TRUE;
1557 }
1558 
1559 /*
1560  * long_usage() is for bad semantics: e.g., wrong property type for a given
1561  * resource type.  It is also used by longer_usage() below.
1562  */
1563 
1564 void
long_usage(uint_t cmd_num,boolean_t set_saw)1565 long_usage(uint_t cmd_num, boolean_t set_saw)
1566 {
1567 	(void) fprintf(set_saw ? stderr : stdout, "%s:\n%s\n", gettext("usage"),
1568 	    helptab[cmd_num].short_usage);
1569 	(void) fprintf(set_saw ? stderr : stdout, "\t%s\n", long_help(cmd_num));
1570 	if (set_saw)
1571 		saw_error = B_TRUE;
1572 }
1573 
1574 /*
1575  * longer_usage() is for 'help foo' and 'foo -?': call long_usage() and also
1576  * any extra usage() flags as appropriate for whatever command.
1577  */
1578 
1579 void
longer_usage(uint_t cmd_num)1580 longer_usage(uint_t cmd_num)
1581 {
1582 	long_usage(cmd_num, B_FALSE);
1583 	if (helptab[cmd_num].flags != 0) {
1584 		(void) printf("\n");
1585 		usage(B_TRUE, helptab[cmd_num].flags);
1586 	}
1587 }
1588 
1589 /*
1590  * scope_usage() is simply used when a command is called from the wrong scope.
1591  */
1592 
1593 static void
scope_usage(uint_t cmd_num)1594 scope_usage(uint_t cmd_num)
1595 {
1596 	zerr(gettext("The %s command only makes sense in the %s scope."),
1597 	    cmd_to_str(cmd_num),
1598 	    global_scope ?  gettext("resource") : gettext("global"));
1599 	saw_error = B_TRUE;
1600 }
1601 
1602 /*
1603  * On input, B_TRUE => yes, B_FALSE => no.
1604  * On return, B_TRUE => 1, B_FALSE => no, could not ask => -1.
1605  */
1606 
1607 static int
ask_yesno(boolean_t default_answer,const char * question)1608 ask_yesno(boolean_t default_answer, const char *question)
1609 {
1610 	char line[64];	/* should be enough to answer yes or no */
1611 
1612 	if (!ok_to_prompt) {
1613 		saw_error = B_TRUE;
1614 		return (-1);
1615 	}
1616 	for (;;) {
1617 		if (printf("%s (%s)? ", question,
1618 		    default_answer ? "[y]/n" : "y/[n]") < 0)
1619 			return (-1);
1620 		if (fgets(line, sizeof (line), stdin) == NULL)
1621 			return (-1);
1622 
1623 		if (line[0] == '\n')
1624 			return (default_answer ? 1 : 0);
1625 		if (tolower(line[0]) == 'y')
1626 			return (1);
1627 		if (tolower(line[0]) == 'n')
1628 			return (0);
1629 	}
1630 }
1631 
1632 /*
1633  * Prints warning if zone already exists.
1634  * In interactive mode, prompts if we should continue anyway and returns Z_OK
1635  * if so, Z_ERR if not.  In non-interactive mode, exits with Z_ERR.
1636  *
1637  * Note that if a zone exists and its state is >= INSTALLED, an error message
1638  * will be printed and this function will return Z_ERR regardless of mode.
1639  */
1640 
1641 static int
check_if_zone_already_exists(boolean_t force)1642 check_if_zone_already_exists(boolean_t force)
1643 {
1644 	char line[ZONENAME_MAX + 128];	/* enough to ask a question */
1645 	zone_dochandle_t tmphandle;
1646 	int res, answer;
1647 
1648 	if ((tmphandle = zonecfg_init_handle()) == NULL) {
1649 		zone_perror(execname, Z_NOMEM, B_TRUE);
1650 		exit(Z_ERR);
1651 	}
1652 	res = zonecfg_get_handle(zone, tmphandle);
1653 	zonecfg_fini_handle(tmphandle);
1654 	if (res != Z_OK)
1655 		return (Z_OK);
1656 
1657 	if (state_atleast(ZONE_STATE_INSTALLED)) {
1658 		zerr(gettext("Zone %s already installed; %s not allowed."),
1659 		    zone, cmd_to_str(CMD_CREATE));
1660 		return (Z_ERR);
1661 	}
1662 
1663 	if (force) {
1664 		(void) printf(gettext("Zone %s already exists; overwriting.\n"),
1665 		    zone);
1666 		return (Z_OK);
1667 	}
1668 	(void) snprintf(line, sizeof (line),
1669 	    gettext("Zone %s already exists; %s anyway"), zone,
1670 	    cmd_to_str(CMD_CREATE));
1671 	if ((answer = ask_yesno(B_FALSE, line)) == -1) {
1672 		zerr(gettext("Zone exists, input not from terminal and -F not "
1673 		    "specified:\n%s command ignored, exiting."),
1674 		    cmd_to_str(CMD_CREATE));
1675 		exit(Z_ERR);
1676 	}
1677 	return (answer == 1 ? Z_OK : Z_ERR);
1678 }
1679 
1680 static boolean_t
zone_is_read_only(int cmd_num)1681 zone_is_read_only(int cmd_num)
1682 {
1683 	if (strncmp(zone, "SUNW", 4) == 0) {
1684 		zerr(gettext("%s: zones beginning with SUNW are read-only."),
1685 		    zone);
1686 		saw_error = B_TRUE;
1687 		return (B_TRUE);
1688 	}
1689 	if (read_only_mode) {
1690 		zerr(gettext("%s: cannot %s in read-only mode."), zone,
1691 		    cmd_to_str(cmd_num));
1692 		saw_error = B_TRUE;
1693 		return (B_TRUE);
1694 	}
1695 	return (B_FALSE);
1696 }
1697 
1698 /*
1699  * Create a new configuration.
1700  */
1701 void
create_func(cmd_t * cmd)1702 create_func(cmd_t *cmd)
1703 {
1704 	int err, arg;
1705 	char zone_template[ZONENAME_MAX];
1706 	char attach_path[MAXPATHLEN];
1707 	zone_dochandle_t tmphandle;
1708 	boolean_t force = B_FALSE;
1709 	boolean_t attach = B_FALSE;
1710 	boolean_t arg_err = B_FALSE;
1711 
1712 	assert(cmd != NULL);
1713 
1714 	/* This is the default if no arguments are given. */
1715 	(void) strlcpy(zone_template, "SUNWdefault", sizeof (zone_template));
1716 
1717 	optind = 0;
1718 	while ((arg = getopt(cmd->cmd_argc, cmd->cmd_argv, "?a:bFt:"))
1719 	    != EOF) {
1720 		switch (arg) {
1721 		case '?':
1722 			if (optopt == '?')
1723 				longer_usage(CMD_CREATE);
1724 			else
1725 				short_usage(CMD_CREATE);
1726 			arg_err = B_TRUE;
1727 			break;
1728 		case 'a':
1729 			(void) strlcpy(attach_path, optarg,
1730 			    sizeof (attach_path));
1731 			attach = B_TRUE;
1732 			break;
1733 		case 'b':
1734 			(void) strlcpy(zone_template, "SUNWblank",
1735 			    sizeof (zone_template));
1736 			break;
1737 		case 'F':
1738 			force = B_TRUE;
1739 			break;
1740 		case 't':
1741 			(void) strlcpy(zone_template, optarg,
1742 			    sizeof (zone_template));
1743 			break;
1744 		default:
1745 			short_usage(CMD_CREATE);
1746 			arg_err = B_TRUE;
1747 			break;
1748 		}
1749 	}
1750 	if (arg_err)
1751 		return;
1752 
1753 	if (optind != cmd->cmd_argc) {
1754 		short_usage(CMD_CREATE);
1755 		return;
1756 	}
1757 
1758 	if (zone_is_read_only(CMD_CREATE))
1759 		return;
1760 
1761 	if (check_if_zone_already_exists(force) != Z_OK)
1762 		return;
1763 
1764 	/*
1765 	 * Get a temporary handle first.  If that fails, the old handle
1766 	 * will not be lost.  Then finish whichever one we don't need,
1767 	 * to avoid leaks.  Then get the handle for zone_template, and
1768 	 * set the name to zone: this "copy, rename" method is how
1769 	 * create -[b|t] works.
1770 	 */
1771 	if ((tmphandle = zonecfg_init_handle()) == NULL) {
1772 		zone_perror(execname, Z_NOMEM, B_TRUE);
1773 		exit(Z_ERR);
1774 	}
1775 
1776 	if (attach)
1777 		err = zonecfg_get_attach_handle(attach_path, ZONE_DETACHED,
1778 		    zone, B_FALSE, tmphandle);
1779 	else
1780 		err = zonecfg_get_template_handle(zone_template, zone,
1781 		    tmphandle);
1782 
1783 	if (err != Z_OK) {
1784 		zonecfg_fini_handle(tmphandle);
1785 		if (attach && err == Z_NO_ZONE)
1786 			(void) fprintf(stderr, gettext("invalid path to "
1787 			    "detached zone\n"));
1788 		else if (attach && err == Z_INVALID_DOCUMENT)
1789 			(void) fprintf(stderr, gettext("Cannot attach to an "
1790 			    "earlier release of the operating system\n"));
1791 		else
1792 			zone_perror(zone_template, err, B_TRUE);
1793 		return;
1794 	}
1795 
1796 	need_to_commit = B_TRUE;
1797 	zonecfg_fini_handle(handle);
1798 	handle = tmphandle;
1799 	got_handle = B_TRUE;
1800 }
1801 
1802 /*
1803  * This malloc()'s memory, which must be freed by the caller.
1804  */
1805 static char *
quoteit(char * instr)1806 quoteit(char *instr)
1807 {
1808 	char *outstr;
1809 	size_t outstrsize = strlen(instr) + 3;	/* 2 quotes + '\0' */
1810 
1811 	if ((outstr = malloc(outstrsize)) == NULL) {
1812 		zone_perror(zone, Z_NOMEM, B_FALSE);
1813 		exit(Z_ERR);
1814 	}
1815 	if (strchr(instr, ' ') == NULL) {
1816 		(void) strlcpy(outstr, instr, outstrsize);
1817 		return (outstr);
1818 	}
1819 	(void) snprintf(outstr, outstrsize, "\"%s\"", instr);
1820 	return (outstr);
1821 }
1822 
1823 static void
export_prop(FILE * of,int prop_num,char * prop_id)1824 export_prop(FILE *of, int prop_num, char *prop_id)
1825 {
1826 	if (strlen(prop_id) == 0)
1827 		return;
1828 	/*
1829 	 * We're going to explicitly quote all strings on export.
1830 	 * This should be fine since it seems that no amount of escaping
1831 	 * will coerce zonecfg to properly parse a double quote as
1832 	 * part of the string value.
1833 	 */
1834 	(void) fprintf(of, "%s %s=\"%s\"\n", cmd_to_str(CMD_SET),
1835 	    pt_to_str(prop_num), prop_id);
1836 }
1837 
1838 void
export_func(cmd_t * cmd)1839 export_func(cmd_t *cmd)
1840 {
1841 	struct zone_nwiftab nwiftab;
1842 	struct zone_fstab fstab;
1843 	struct zone_devtab devtab;
1844 	struct zone_attrtab attrtab;
1845 	struct zone_rctltab rctltab;
1846 	struct zone_dstab dstab;
1847 	struct zone_psettab psettab;
1848 	struct zone_mcaptab mcaptab;
1849 	struct zone_rctlvaltab *valptr;
1850 	struct zone_admintab admintab;
1851 	struct zone_secflagstab secflagstab;
1852 	int err, arg;
1853 	char zonepath[MAXPATHLEN], outfile[MAXPATHLEN], pool[MAXNAMELEN];
1854 	char bootargs[BOOTARGS_MAX];
1855 	char sched[MAXNAMELEN];
1856 	char brand[MAXNAMELEN];
1857 	char hostidp[HW_HOSTID_LEN];
1858 	char fsallowedp[ZONE_FS_ALLOWED_MAX];
1859 	char *limitpriv;
1860 	FILE *of;
1861 	boolean_t autoboot;
1862 	zone_iptype_t iptype;
1863 	boolean_t need_to_close = B_FALSE;
1864 	boolean_t arg_err = B_FALSE;
1865 
1866 	assert(cmd != NULL);
1867 
1868 	outfile[0] = '\0';
1869 	optind = 0;
1870 	while ((arg = getopt(cmd->cmd_argc, cmd->cmd_argv, "?f:")) != EOF) {
1871 		switch (arg) {
1872 		case '?':
1873 			if (optopt == '?')
1874 				longer_usage(CMD_EXPORT);
1875 			else
1876 				short_usage(CMD_EXPORT);
1877 			arg_err = B_TRUE;
1878 			break;
1879 		case 'f':
1880 			(void) strlcpy(outfile, optarg, sizeof (outfile));
1881 			break;
1882 		default:
1883 			short_usage(CMD_EXPORT);
1884 			arg_err = B_TRUE;
1885 			break;
1886 		}
1887 	}
1888 	if (arg_err)
1889 		return;
1890 
1891 	if (optind != cmd->cmd_argc) {
1892 		short_usage(CMD_EXPORT);
1893 		return;
1894 	}
1895 	if (strlen(outfile) == 0) {
1896 		of = stdout;
1897 	} else {
1898 		if ((of = fopen(outfile, "w")) == NULL) {
1899 			zerr(gettext("opening file %s: %s"),
1900 			    outfile, strerror(errno));
1901 			goto done;
1902 		}
1903 		setbuf(of, NULL);
1904 		need_to_close = B_TRUE;
1905 	}
1906 
1907 	if ((err = initialize(B_TRUE)) != Z_OK)
1908 		goto done;
1909 
1910 	(void) fprintf(of, "%s -b\n", cmd_to_str(CMD_CREATE));
1911 
1912 	if (zonecfg_get_zonepath(handle, zonepath, sizeof (zonepath)) == Z_OK &&
1913 	    strlen(zonepath) > 0)
1914 		(void) fprintf(of, "%s %s=%s\n", cmd_to_str(CMD_SET),
1915 		    pt_to_str(PT_ZONEPATH), zonepath);
1916 
1917 	if ((zone_get_brand(zone, brand, sizeof (brand)) == Z_OK) &&
1918 	    (strcmp(brand, NATIVE_BRAND_NAME) != 0))
1919 		(void) fprintf(of, "%s %s=%s\n", cmd_to_str(CMD_SET),
1920 		    pt_to_str(PT_BRAND), brand);
1921 
1922 	if (zonecfg_get_autoboot(handle, &autoboot) == Z_OK)
1923 		(void) fprintf(of, "%s %s=%s\n", cmd_to_str(CMD_SET),
1924 		    pt_to_str(PT_AUTOBOOT), autoboot ? "true" : "false");
1925 
1926 	if (zonecfg_get_bootargs(handle, bootargs, sizeof (bootargs)) == Z_OK &&
1927 	    strlen(bootargs) > 0) {
1928 		(void) fprintf(of, "%s %s=%s\n", cmd_to_str(CMD_SET),
1929 		    pt_to_str(PT_BOOTARGS), bootargs);
1930 	}
1931 
1932 	if (zonecfg_get_pool(handle, pool, sizeof (pool)) == Z_OK &&
1933 	    strlen(pool) > 0)
1934 		(void) fprintf(of, "%s %s=%s\n", cmd_to_str(CMD_SET),
1935 		    pt_to_str(PT_POOL), pool);
1936 
1937 	if (zonecfg_get_limitpriv(handle, &limitpriv) == Z_OK &&
1938 	    strlen(limitpriv) > 0) {
1939 		(void) fprintf(of, "%s %s=%s\n", cmd_to_str(CMD_SET),
1940 		    pt_to_str(PT_LIMITPRIV), limitpriv);
1941 		free(limitpriv);
1942 	}
1943 
1944 	if (zonecfg_get_sched_class(handle, sched, sizeof (sched)) == Z_OK &&
1945 	    strlen(sched) > 0)
1946 		(void) fprintf(of, "%s %s=%s\n", cmd_to_str(CMD_SET),
1947 		    pt_to_str(PT_SCHED), sched);
1948 
1949 	if (zonecfg_get_iptype(handle, &iptype) == Z_OK) {
1950 		switch (iptype) {
1951 		case ZS_SHARED:
1952 			(void) fprintf(of, "%s %s=%s\n", cmd_to_str(CMD_SET),
1953 			    pt_to_str(PT_IPTYPE), "shared");
1954 			break;
1955 		case ZS_EXCLUSIVE:
1956 			(void) fprintf(of, "%s %s=%s\n", cmd_to_str(CMD_SET),
1957 			    pt_to_str(PT_IPTYPE), "exclusive");
1958 			break;
1959 		}
1960 	}
1961 
1962 	if (zonecfg_get_hostid(handle, hostidp, sizeof (hostidp)) == Z_OK) {
1963 		(void) fprintf(of, "%s %s=%s\n", cmd_to_str(CMD_SET),
1964 		    pt_to_str(PT_HOSTID), hostidp);
1965 	}
1966 
1967 	if (zonecfg_get_fs_allowed(handle, fsallowedp,
1968 	    sizeof (fsallowedp)) == Z_OK) {
1969 		(void) fprintf(of, "%s %s=%s\n", cmd_to_str(CMD_SET),
1970 		    pt_to_str(PT_FS_ALLOWED), fsallowedp);
1971 	}
1972 
1973 	if ((err = zonecfg_setfsent(handle)) != Z_OK) {
1974 		zone_perror(zone, err, B_FALSE);
1975 		goto done;
1976 	}
1977 	while (zonecfg_getfsent(handle, &fstab) == Z_OK) {
1978 		zone_fsopt_t *optptr;
1979 
1980 		(void) fprintf(of, "%s %s\n", cmd_to_str(CMD_ADD),
1981 		    rt_to_str(RT_FS));
1982 		export_prop(of, PT_DIR, fstab.zone_fs_dir);
1983 		export_prop(of, PT_SPECIAL, fstab.zone_fs_special);
1984 		export_prop(of, PT_RAW, fstab.zone_fs_raw);
1985 		export_prop(of, PT_TYPE, fstab.zone_fs_type);
1986 		for (optptr = fstab.zone_fs_options; optptr != NULL;
1987 		    optptr = optptr->zone_fsopt_next) {
1988 			/*
1989 			 * Simple property values with embedded equal signs
1990 			 * need to be quoted to prevent the lexer from
1991 			 * mis-parsing them as complex name=value pairs.
1992 			 */
1993 			if (strchr(optptr->zone_fsopt_opt, '='))
1994 				(void) fprintf(of, "%s %s \"%s\"\n",
1995 				    cmd_to_str(CMD_ADD),
1996 				    pt_to_str(PT_OPTIONS),
1997 				    optptr->zone_fsopt_opt);
1998 			else
1999 				(void) fprintf(of, "%s %s %s\n",
2000 				    cmd_to_str(CMD_ADD),
2001 				    pt_to_str(PT_OPTIONS),
2002 				    optptr->zone_fsopt_opt);
2003 		}
2004 		(void) fprintf(of, "%s\n", cmd_to_str(CMD_END));
2005 		zonecfg_free_fs_option_list(fstab.zone_fs_options);
2006 	}
2007 	(void) zonecfg_endfsent(handle);
2008 
2009 	if ((err = zonecfg_setnwifent(handle)) != Z_OK) {
2010 		zone_perror(zone, err, B_FALSE);
2011 		goto done;
2012 	}
2013 	while (zonecfg_getnwifent(handle, &nwiftab) == Z_OK) {
2014 		(void) fprintf(of, "%s %s\n", cmd_to_str(CMD_ADD),
2015 		    rt_to_str(RT_NET));
2016 		export_prop(of, PT_ADDRESS, nwiftab.zone_nwif_address);
2017 		export_prop(of, PT_ALLOWED_ADDRESS,
2018 		    nwiftab.zone_nwif_allowed_address);
2019 		export_prop(of, PT_PHYSICAL, nwiftab.zone_nwif_physical);
2020 		export_prop(of, PT_DEFROUTER, nwiftab.zone_nwif_defrouter);
2021 		(void) fprintf(of, "%s\n", cmd_to_str(CMD_END));
2022 	}
2023 	(void) zonecfg_endnwifent(handle);
2024 
2025 	if ((err = zonecfg_setdevent(handle)) != Z_OK) {
2026 		zone_perror(zone, err, B_FALSE);
2027 		goto done;
2028 	}
2029 	while (zonecfg_getdevent(handle, &devtab) == Z_OK) {
2030 		(void) fprintf(of, "%s %s\n", cmd_to_str(CMD_ADD),
2031 		    rt_to_str(RT_DEVICE));
2032 		export_prop(of, PT_MATCH, devtab.zone_dev_match);
2033 		(void) fprintf(of, "%s\n", cmd_to_str(CMD_END));
2034 	}
2035 	(void) zonecfg_enddevent(handle);
2036 
2037 	if (zonecfg_getmcapent(handle, &mcaptab) == Z_OK) {
2038 		char buf[128];
2039 
2040 		(void) fprintf(of, "%s %s\n", cmd_to_str(CMD_ADD),
2041 		    rt_to_str(RT_MCAP));
2042 		bytes_to_units(mcaptab.zone_physmem_cap, buf, sizeof (buf));
2043 		(void) fprintf(of, "%s %s=%s\n", cmd_to_str(CMD_SET),
2044 		    pt_to_str(PT_PHYSICAL), buf);
2045 		(void) fprintf(of, "%s\n", cmd_to_str(CMD_END));
2046 	}
2047 
2048 	if ((err = zonecfg_setrctlent(handle)) != Z_OK) {
2049 		zone_perror(zone, err, B_FALSE);
2050 		goto done;
2051 	}
2052 	while (zonecfg_getrctlent(handle, &rctltab) == Z_OK) {
2053 		(void) fprintf(of, "%s rctl\n", cmd_to_str(CMD_ADD));
2054 		export_prop(of, PT_NAME, rctltab.zone_rctl_name);
2055 		for (valptr = rctltab.zone_rctl_valptr; valptr != NULL;
2056 		    valptr = valptr->zone_rctlval_next) {
2057 			fprintf(of, "%s %s (%s=%s,%s=%s,%s=%s)\n",
2058 			    cmd_to_str(CMD_ADD), pt_to_str(PT_VALUE),
2059 			    pt_to_str(PT_PRIV), valptr->zone_rctlval_priv,
2060 			    pt_to_str(PT_LIMIT), valptr->zone_rctlval_limit,
2061 			    pt_to_str(PT_ACTION), valptr->zone_rctlval_action);
2062 		}
2063 		(void) fprintf(of, "%s\n", cmd_to_str(CMD_END));
2064 		zonecfg_free_rctl_value_list(rctltab.zone_rctl_valptr);
2065 	}
2066 	(void) zonecfg_endrctlent(handle);
2067 
2068 	if ((err = zonecfg_setattrent(handle)) != Z_OK) {
2069 		zone_perror(zone, err, B_FALSE);
2070 		goto done;
2071 	}
2072 	while (zonecfg_getattrent(handle, &attrtab) == Z_OK) {
2073 		(void) fprintf(of, "%s %s\n", cmd_to_str(CMD_ADD),
2074 		    rt_to_str(RT_ATTR));
2075 		export_prop(of, PT_NAME, attrtab.zone_attr_name);
2076 		export_prop(of, PT_TYPE, attrtab.zone_attr_type);
2077 		export_prop(of, PT_VALUE, attrtab.zone_attr_value);
2078 		(void) fprintf(of, "%s\n", cmd_to_str(CMD_END));
2079 	}
2080 	(void) zonecfg_endattrent(handle);
2081 
2082 	if ((err = zonecfg_setdsent(handle)) != Z_OK) {
2083 		zone_perror(zone, err, B_FALSE);
2084 		goto done;
2085 	}
2086 	while (zonecfg_getdsent(handle, &dstab) == Z_OK) {
2087 		(void) fprintf(of, "%s %s\n", cmd_to_str(CMD_ADD),
2088 		    rt_to_str(RT_DATASET));
2089 		export_prop(of, PT_NAME, dstab.zone_dataset_name);
2090 		(void) fprintf(of, "%s\n", cmd_to_str(CMD_END));
2091 	}
2092 	(void) zonecfg_enddsent(handle);
2093 
2094 	if (zonecfg_getpsetent(handle, &psettab) == Z_OK) {
2095 		(void) fprintf(of, "%s %s\n", cmd_to_str(CMD_ADD),
2096 		    rt_to_str(RT_DCPU));
2097 		if (strcmp(psettab.zone_ncpu_min, psettab.zone_ncpu_max) == 0)
2098 			(void) fprintf(of, "%s %s=%s\n", cmd_to_str(CMD_SET),
2099 			    pt_to_str(PT_NCPUS), psettab.zone_ncpu_max);
2100 		else
2101 			(void) fprintf(of, "%s %s=%s-%s\n", cmd_to_str(CMD_SET),
2102 			    pt_to_str(PT_NCPUS), psettab.zone_ncpu_min,
2103 			    psettab.zone_ncpu_max);
2104 		if (psettab.zone_importance[0] != '\0')
2105 			(void) fprintf(of, "%s %s=%s\n", cmd_to_str(CMD_SET),
2106 			    pt_to_str(PT_IMPORTANCE), psettab.zone_importance);
2107 		(void) fprintf(of, "%s\n", cmd_to_str(CMD_END));
2108 	}
2109 
2110 	if ((err = zonecfg_setadminent(handle)) != Z_OK) {
2111 		zone_perror(zone, err, B_FALSE);
2112 		goto done;
2113 	}
2114 	while (zonecfg_getadminent(handle, &admintab) == Z_OK) {
2115 		(void) fprintf(of, "%s %s\n", cmd_to_str(CMD_ADD),
2116 		    rt_to_str(RT_ADMIN));
2117 		export_prop(of, PT_USER, admintab.zone_admin_user);
2118 		export_prop(of, PT_AUTHS, admintab.zone_admin_auths);
2119 		(void) fprintf(of, "%s\n", cmd_to_str(CMD_END));
2120 	}
2121 
2122 	(void) zonecfg_endadminent(handle);
2123 
2124 	if (zonecfg_getsecflagsent(handle, &secflagstab) == Z_OK) {
2125 		(void) fprintf(of, "%s %s\n", cmd_to_str(CMD_ADD),
2126 		    rt_to_str(RT_SECFLAGS));
2127 		export_prop(of, PT_DEFAULT, secflagstab.zone_secflags_default);
2128 		export_prop(of, PT_LOWER, secflagstab.zone_secflags_lower);
2129 		export_prop(of, PT_UPPER, secflagstab.zone_secflags_upper);
2130 		(void) fprintf(of, "%s\n", cmd_to_str(CMD_END));
2131 	}
2132 
2133 	/*
2134 	 * There is nothing to export for pcap since this resource is just
2135 	 * a container for an rctl alias.
2136 	 */
2137 
2138 done:
2139 	if (need_to_close)
2140 		(void) fclose(of);
2141 }
2142 
2143 void
exit_func(cmd_t * cmd)2144 exit_func(cmd_t *cmd)
2145 {
2146 	int arg, answer;
2147 	boolean_t arg_err = B_FALSE;
2148 
2149 	optind = 0;
2150 	while ((arg = getopt(cmd->cmd_argc, cmd->cmd_argv, "?F")) != EOF) {
2151 		switch (arg) {
2152 		case '?':
2153 			longer_usage(CMD_EXIT);
2154 			arg_err = B_TRUE;
2155 			break;
2156 		case 'F':
2157 			force_exit = B_TRUE;
2158 			break;
2159 		default:
2160 			short_usage(CMD_EXIT);
2161 			arg_err = B_TRUE;
2162 			break;
2163 		}
2164 	}
2165 	if (arg_err)
2166 		return;
2167 
2168 	if (optind < cmd->cmd_argc) {
2169 		short_usage(CMD_EXIT);
2170 		return;
2171 	}
2172 
2173 	if (global_scope || force_exit) {
2174 		time_to_exit = B_TRUE;
2175 		return;
2176 	}
2177 
2178 	answer = ask_yesno(B_FALSE, "Resource incomplete; really quit");
2179 	if (answer == -1) {
2180 		zerr(gettext("Resource incomplete, input "
2181 		    "not from terminal and -F not specified:\n%s command "
2182 		    "ignored, but exiting anyway."), cmd_to_str(CMD_EXIT));
2183 		exit(Z_ERR);
2184 	} else if (answer == 1) {
2185 		time_to_exit = B_TRUE;
2186 	}
2187 	/* (answer == 0) => just return */
2188 }
2189 
2190 static int
validate_zonepath_syntax(char * path)2191 validate_zonepath_syntax(char *path)
2192 {
2193 	if (path[0] != '/') {
2194 		zerr(gettext("%s is not an absolute path."), path);
2195 		return (Z_ERR);
2196 	}
2197 	/* If path is all slashes, then fail */
2198 	if (strspn(path, "/") == strlen(path)) {
2199 		zerr(gettext("/ is not allowed as a %s."),
2200 		    pt_to_str(PT_ZONEPATH));
2201 		return (Z_ERR);
2202 	}
2203 	return (Z_OK);
2204 }
2205 
2206 static void
add_resource(cmd_t * cmd)2207 add_resource(cmd_t *cmd)
2208 {
2209 	int type;
2210 	struct zone_psettab tmp_psettab;
2211 	struct zone_mcaptab tmp_mcaptab;
2212 	struct zone_secflagstab tmp_secflagstab;
2213 	uint64_t tmp;
2214 	uint64_t tmp_mcap;
2215 	char pool[MAXNAMELEN];
2216 
2217 	if ((type = cmd->cmd_res_type) == RT_UNKNOWN) {
2218 		long_usage(CMD_ADD, B_TRUE);
2219 		goto bad;
2220 	}
2221 
2222 	switch (type) {
2223 	case RT_FS:
2224 		bzero(&in_progress_fstab, sizeof (in_progress_fstab));
2225 		return;
2226 	case RT_NET:
2227 		bzero(&in_progress_nwiftab, sizeof (in_progress_nwiftab));
2228 		return;
2229 	case RT_DEVICE:
2230 		bzero(&in_progress_devtab, sizeof (in_progress_devtab));
2231 		return;
2232 	case RT_RCTL:
2233 		if (global_zone)
2234 			zerr(gettext("WARNING: Setting a global zone resource "
2235 			    "control too low could deny\nservice "
2236 			    "to even the root user; "
2237 			    "this could render the system impossible\n"
2238 			    "to administer.  Please use caution."));
2239 		bzero(&in_progress_rctltab, sizeof (in_progress_rctltab));
2240 		return;
2241 	case RT_ATTR:
2242 		bzero(&in_progress_attrtab, sizeof (in_progress_attrtab));
2243 		return;
2244 	case RT_DATASET:
2245 		bzero(&in_progress_dstab, sizeof (in_progress_dstab));
2246 		return;
2247 	case RT_DCPU:
2248 		/* Make sure there isn't already a cpu-set or cpu-cap entry. */
2249 		if (zonecfg_lookup_pset(handle, &tmp_psettab) == Z_OK) {
2250 			zerr(gettext("The %s resource already exists."),
2251 			    rt_to_str(RT_DCPU));
2252 			goto bad;
2253 		}
2254 		if (zonecfg_get_aliased_rctl(handle, ALIAS_CPUCAP, &tmp) !=
2255 		    Z_NO_ENTRY) {
2256 			zerr(gettext("The %s resource already exists."),
2257 			    rt_to_str(RT_PCAP));
2258 			goto bad;
2259 		}
2260 
2261 		/* Make sure the pool property isn't set. */
2262 		if (zonecfg_get_pool(handle, pool, sizeof (pool)) == Z_OK &&
2263 		    strlen(pool) > 0) {
2264 			zerr(gettext("The %s property is already set.  "
2265 			    "A persistent pool is incompatible with\nthe %s "
2266 			    "resource."),
2267 			    pt_to_str(PT_POOL), rt_to_str(RT_DCPU));
2268 			goto bad;
2269 		}
2270 
2271 		bzero(&in_progress_psettab, sizeof (in_progress_psettab));
2272 		return;
2273 	case RT_PCAP:
2274 		/*
2275 		 * Make sure there isn't already a cpu-set or incompatible
2276 		 * cpu-cap rctls.
2277 		 */
2278 		if (zonecfg_lookup_pset(handle, &tmp_psettab) == Z_OK) {
2279 			zerr(gettext("The %s resource already exists."),
2280 			    rt_to_str(RT_DCPU));
2281 			goto bad;
2282 		}
2283 
2284 		switch (zonecfg_get_aliased_rctl(handle, ALIAS_CPUCAP, &tmp)) {
2285 		case Z_ALIAS_DISALLOW:
2286 			zone_perror(rt_to_str(RT_PCAP), Z_ALIAS_DISALLOW,
2287 			    B_FALSE);
2288 			goto bad;
2289 
2290 		case Z_OK:
2291 			zerr(gettext("The %s resource already exists."),
2292 			    rt_to_str(RT_PCAP));
2293 			goto bad;
2294 
2295 		default:
2296 			break;
2297 		}
2298 		return;
2299 	case RT_MCAP:
2300 		/*
2301 		 * Make sure there isn't already a mem-cap entry or max-swap
2302 		 * or max-locked rctl.
2303 		 */
2304 		if (zonecfg_lookup_mcap(handle, &tmp_mcaptab) == Z_OK ||
2305 		    zonecfg_get_aliased_rctl(handle, ALIAS_MAXSWAP, &tmp_mcap)
2306 		    == Z_OK ||
2307 		    zonecfg_get_aliased_rctl(handle, ALIAS_MAXLOCKEDMEM,
2308 		    &tmp_mcap) == Z_OK) {
2309 			zerr(gettext("The %s resource or a related resource "
2310 			    "control already exists."), rt_to_str(RT_MCAP));
2311 			goto bad;
2312 		}
2313 		if (global_zone)
2314 			zerr(gettext("WARNING: Setting a global zone memory "
2315 			    "cap too low could deny\nservice "
2316 			    "to even the root user; "
2317 			    "this could render the system impossible\n"
2318 			    "to administer.  Please use caution."));
2319 		bzero(&in_progress_mcaptab, sizeof (in_progress_mcaptab));
2320 		return;
2321 	case RT_ADMIN:
2322 		bzero(&in_progress_admintab, sizeof (in_progress_admintab));
2323 		return;
2324 	case RT_SECFLAGS:
2325 		/* Make sure we haven't already set this */
2326 		if (zonecfg_lookup_secflags(handle, &tmp_secflagstab) == Z_OK)
2327 			zerr(gettext("The %s resource already exists."),
2328 			    rt_to_str(RT_SECFLAGS));
2329 		bzero(&in_progress_secflagstab,
2330 		    sizeof (in_progress_secflagstab));
2331 		return;
2332 	default:
2333 		zone_perror(rt_to_str(type), Z_NO_RESOURCE_TYPE, B_TRUE);
2334 		long_usage(CMD_ADD, B_TRUE);
2335 		usage(B_FALSE, HELP_RESOURCES);
2336 	}
2337 bad:
2338 	global_scope = B_TRUE;
2339 	end_op = -1;
2340 }
2341 
2342 static void
do_complex_rctl_val(complex_property_ptr_t cp)2343 do_complex_rctl_val(complex_property_ptr_t cp)
2344 {
2345 	struct zone_rctlvaltab *rctlvaltab;
2346 	complex_property_ptr_t cx;
2347 	boolean_t seen_priv = B_FALSE, seen_limit = B_FALSE,
2348 	    seen_action = B_FALSE;
2349 	rctlblk_t *rctlblk;
2350 	int err;
2351 
2352 	if ((rctlvaltab = alloc_rctlvaltab()) == NULL) {
2353 		zone_perror(zone, Z_NOMEM, B_TRUE);
2354 		exit(Z_ERR);
2355 	}
2356 	for (cx = cp; cx != NULL; cx = cx->cp_next) {
2357 		switch (cx->cp_type) {
2358 		case PT_PRIV:
2359 			if (seen_priv) {
2360 				zerr(gettext("%s already specified"),
2361 				    pt_to_str(PT_PRIV));
2362 				goto bad;
2363 			}
2364 			(void) strlcpy(rctlvaltab->zone_rctlval_priv,
2365 			    cx->cp_value,
2366 			    sizeof (rctlvaltab->zone_rctlval_priv));
2367 			seen_priv = B_TRUE;
2368 			break;
2369 		case PT_LIMIT:
2370 			if (seen_limit) {
2371 				zerr(gettext("%s already specified"),
2372 				    pt_to_str(PT_LIMIT));
2373 				goto bad;
2374 			}
2375 			(void) strlcpy(rctlvaltab->zone_rctlval_limit,
2376 			    cx->cp_value,
2377 			    sizeof (rctlvaltab->zone_rctlval_limit));
2378 			seen_limit = B_TRUE;
2379 			break;
2380 		case PT_ACTION:
2381 			if (seen_action) {
2382 				zerr(gettext("%s already specified"),
2383 				    pt_to_str(PT_ACTION));
2384 				goto bad;
2385 			}
2386 			(void) strlcpy(rctlvaltab->zone_rctlval_action,
2387 			    cx->cp_value,
2388 			    sizeof (rctlvaltab->zone_rctlval_action));
2389 			seen_action = B_TRUE;
2390 			break;
2391 		default:
2392 			zone_perror(pt_to_str(PT_VALUE),
2393 			    Z_NO_PROPERTY_TYPE, B_TRUE);
2394 			long_usage(CMD_ADD, B_TRUE);
2395 			usage(B_FALSE, HELP_PROPS);
2396 			zonecfg_free_rctl_value_list(rctlvaltab);
2397 			return;
2398 		}
2399 	}
2400 	if (!seen_priv)
2401 		zerr(gettext("%s not specified"), pt_to_str(PT_PRIV));
2402 	if (!seen_limit)
2403 		zerr(gettext("%s not specified"), pt_to_str(PT_LIMIT));
2404 	if (!seen_action)
2405 		zerr(gettext("%s not specified"), pt_to_str(PT_ACTION));
2406 	if (!seen_priv || !seen_limit || !seen_action)
2407 		goto bad;
2408 	rctlvaltab->zone_rctlval_next = NULL;
2409 	rctlblk = alloca(rctlblk_size());
2410 	/*
2411 	 * Make sure the rctl value looks roughly correct; we won't know if
2412 	 * it's truly OK until we verify the configuration on the target
2413 	 * system.
2414 	 */
2415 	if (zonecfg_construct_rctlblk(rctlvaltab, rctlblk) != Z_OK ||
2416 	    !zonecfg_valid_rctlblk(rctlblk)) {
2417 		zerr(gettext("Invalid %s %s specification"), rt_to_str(RT_RCTL),
2418 		    pt_to_str(PT_VALUE));
2419 		goto bad;
2420 	}
2421 	err = zonecfg_add_rctl_value(&in_progress_rctltab, rctlvaltab);
2422 	if (err != Z_OK)
2423 		zone_perror(pt_to_str(PT_VALUE), err, B_TRUE);
2424 	return;
2425 
2426 bad:
2427 	zonecfg_free_rctl_value_list(rctlvaltab);
2428 }
2429 
2430 static void
add_property(cmd_t * cmd)2431 add_property(cmd_t *cmd)
2432 {
2433 	char *prop_id;
2434 	int err, res_type, prop_type;
2435 	property_value_ptr_t pp;
2436 	list_property_ptr_t l;
2437 
2438 	res_type = resource_scope;
2439 	prop_type = cmd->cmd_prop_name[0];
2440 	if (res_type == RT_UNKNOWN || prop_type == PT_UNKNOWN) {
2441 		long_usage(CMD_ADD, B_TRUE);
2442 		return;
2443 	}
2444 
2445 	if (cmd->cmd_prop_nv_pairs != 1) {
2446 		long_usage(CMD_ADD, B_TRUE);
2447 		return;
2448 	}
2449 
2450 	if (initialize(B_TRUE) != Z_OK)
2451 		return;
2452 
2453 	switch (res_type) {
2454 	case RT_FS:
2455 		if (prop_type != PT_OPTIONS) {
2456 			zone_perror(pt_to_str(prop_type), Z_NO_PROPERTY_TYPE,
2457 			    B_TRUE);
2458 			long_usage(CMD_ADD, B_TRUE);
2459 			usage(B_FALSE, HELP_PROPS);
2460 			return;
2461 		}
2462 		pp = cmd->cmd_property_ptr[0];
2463 		if (pp->pv_type != PROP_VAL_SIMPLE &&
2464 		    pp->pv_type != PROP_VAL_LIST) {
2465 			zerr(gettext("A %s or %s value was expected here."),
2466 			    pvt_to_str(PROP_VAL_SIMPLE),
2467 			    pvt_to_str(PROP_VAL_LIST));
2468 			saw_error = B_TRUE;
2469 			return;
2470 		}
2471 		if (pp->pv_type == PROP_VAL_SIMPLE) {
2472 			if (pp->pv_simple == NULL) {
2473 				long_usage(CMD_ADD, B_TRUE);
2474 				return;
2475 			}
2476 			prop_id = pp->pv_simple;
2477 			err = zonecfg_add_fs_option(&in_progress_fstab,
2478 			    prop_id);
2479 			if (err != Z_OK)
2480 				zone_perror(pt_to_str(prop_type), err, B_TRUE);
2481 		} else {
2482 			list_property_ptr_t list;
2483 
2484 			for (list = pp->pv_list; list != NULL;
2485 			    list = list->lp_next) {
2486 				prop_id = list->lp_simple;
2487 				if (prop_id == NULL)
2488 					break;
2489 				err = zonecfg_add_fs_option(
2490 				    &in_progress_fstab, prop_id);
2491 				if (err != Z_OK)
2492 					zone_perror(pt_to_str(prop_type), err,
2493 					    B_TRUE);
2494 			}
2495 		}
2496 		return;
2497 	case RT_RCTL:
2498 		if (prop_type != PT_VALUE) {
2499 			zone_perror(pt_to_str(prop_type), Z_NO_PROPERTY_TYPE,
2500 			    B_TRUE);
2501 			long_usage(CMD_ADD, B_TRUE);
2502 			usage(B_FALSE, HELP_PROPS);
2503 			return;
2504 		}
2505 		pp = cmd->cmd_property_ptr[0];
2506 		if (pp->pv_type != PROP_VAL_COMPLEX &&
2507 		    pp->pv_type != PROP_VAL_LIST) {
2508 			zerr(gettext("A %s or %s value was expected here."),
2509 			    pvt_to_str(PROP_VAL_COMPLEX),
2510 			    pvt_to_str(PROP_VAL_LIST));
2511 			saw_error = B_TRUE;
2512 			return;
2513 		}
2514 		if (pp->pv_type == PROP_VAL_COMPLEX) {
2515 			do_complex_rctl_val(pp->pv_complex);
2516 			return;
2517 		}
2518 		for (l = pp->pv_list; l != NULL; l = l->lp_next)
2519 			do_complex_rctl_val(l->lp_complex);
2520 		return;
2521 	default:
2522 		zone_perror(rt_to_str(res_type), Z_NO_RESOURCE_TYPE, B_TRUE);
2523 		long_usage(CMD_ADD, B_TRUE);
2524 		usage(B_FALSE, HELP_RESOURCES);
2525 		return;
2526 	}
2527 }
2528 
2529 static boolean_t
gz_invalid_resource(int type)2530 gz_invalid_resource(int type)
2531 {
2532 	return (global_zone && (type == RT_FS ||
2533 	    type == RT_NET || type == RT_DEVICE || type == RT_ATTR ||
2534 	    type == RT_DATASET));
2535 }
2536 
2537 static boolean_t
gz_invalid_rt_property(int type)2538 gz_invalid_rt_property(int type)
2539 {
2540 	return (global_zone && (type == RT_ZONENAME || type == RT_ZONEPATH ||
2541 	    type == RT_AUTOBOOT || type == RT_LIMITPRIV ||
2542 	    type == RT_BOOTARGS || type == RT_BRAND || type == RT_SCHED ||
2543 	    type == RT_IPTYPE || type == RT_HOSTID || type == RT_FS_ALLOWED));
2544 }
2545 
2546 static boolean_t
gz_invalid_property(int type)2547 gz_invalid_property(int type)
2548 {
2549 	return (global_zone && (type == PT_ZONENAME || type == PT_ZONEPATH ||
2550 	    type == PT_AUTOBOOT || type == PT_LIMITPRIV ||
2551 	    type == PT_BOOTARGS || type == PT_BRAND || type == PT_SCHED ||
2552 	    type == PT_IPTYPE || type == PT_HOSTID || type == PT_FS_ALLOWED));
2553 }
2554 
2555 void
add_func(cmd_t * cmd)2556 add_func(cmd_t *cmd)
2557 {
2558 	int arg;
2559 	boolean_t arg_err = B_FALSE;
2560 
2561 	assert(cmd != NULL);
2562 
2563 	optind = 0;
2564 	while ((arg = getopt(cmd->cmd_argc, cmd->cmd_argv, "?")) != EOF) {
2565 		switch (arg) {
2566 		case '?':
2567 			longer_usage(CMD_ADD);
2568 			arg_err = B_TRUE;
2569 			break;
2570 		default:
2571 			short_usage(CMD_ADD);
2572 			arg_err = B_TRUE;
2573 			break;
2574 		}
2575 	}
2576 	if (arg_err)
2577 		return;
2578 
2579 	if (optind != cmd->cmd_argc) {
2580 		short_usage(CMD_ADD);
2581 		return;
2582 	}
2583 
2584 	if (zone_is_read_only(CMD_ADD))
2585 		return;
2586 
2587 	if (initialize(B_TRUE) != Z_OK)
2588 		return;
2589 	if (global_scope) {
2590 		if (gz_invalid_resource(cmd->cmd_res_type)) {
2591 			zerr(gettext("Cannot add a %s resource to the "
2592 			    "global zone."), rt_to_str(cmd->cmd_res_type));
2593 			saw_error = B_TRUE;
2594 			return;
2595 		}
2596 
2597 		global_scope = B_FALSE;
2598 		resource_scope = cmd->cmd_res_type;
2599 		end_op = CMD_ADD;
2600 		add_resource(cmd);
2601 	} else
2602 		add_property(cmd);
2603 }
2604 
2605 /*
2606  * This routine has an unusual implementation, because it tries very
2607  * hard to succeed in the face of a variety of failure modes.
2608  * The most common and most vexing occurs when the index file and
2609  * the /etc/zones/<zonename.xml> file are not both present.  In
2610  * this case, delete must eradicate as much of the zone state as is left
2611  * so that the user can later create a new zone with the same name.
2612  */
2613 void
delete_func(cmd_t * cmd)2614 delete_func(cmd_t *cmd)
2615 {
2616 	int err, arg, answer;
2617 	char line[ZONENAME_MAX + 128];	/* enough to ask a question */
2618 	boolean_t force = B_FALSE;
2619 	boolean_t arg_err = B_FALSE;
2620 
2621 	optind = 0;
2622 	while ((arg = getopt(cmd->cmd_argc, cmd->cmd_argv, "?F")) != EOF) {
2623 		switch (arg) {
2624 		case '?':
2625 			longer_usage(CMD_DELETE);
2626 			arg_err = B_TRUE;
2627 			break;
2628 		case 'F':
2629 			force = B_TRUE;
2630 			break;
2631 		default:
2632 			short_usage(CMD_DELETE);
2633 			arg_err = B_TRUE;
2634 			break;
2635 		}
2636 	}
2637 	if (arg_err)
2638 		return;
2639 
2640 	if (optind != cmd->cmd_argc) {
2641 		short_usage(CMD_DELETE);
2642 		return;
2643 	}
2644 
2645 	if (zone_is_read_only(CMD_DELETE))
2646 		return;
2647 
2648 	if (!force) {
2649 		/*
2650 		 * Initialize sets up the global called "handle" and warns the
2651 		 * user if the zone is not configured.  In force mode, we don't
2652 		 * trust that evaluation, and hence skip it.  (We don't need the
2653 		 * handle to be loaded anyway, since zonecfg_destroy is done by
2654 		 * zonename). However, we also have to take care to emulate the
2655 		 * messages spit out by initialize; see below.
2656 		 */
2657 		if (initialize(B_TRUE) != Z_OK)
2658 			return;
2659 
2660 		(void) snprintf(line, sizeof (line),
2661 		    gettext("Are you sure you want to delete zone %s"), zone);
2662 		if ((answer = ask_yesno(B_FALSE, line)) == -1) {
2663 			zerr(gettext("Input not from terminal and -F not "
2664 			    "specified:\n%s command ignored, exiting."),
2665 			    cmd_to_str(CMD_DELETE));
2666 			exit(Z_ERR);
2667 		}
2668 		if (answer != 1)
2669 			return;
2670 	}
2671 
2672 	/*
2673 	 * This function removes the authorizations from user_attr
2674 	 * that correspond to those specified in the configuration
2675 	 */
2676 	if (initialize(B_TRUE) == Z_OK) {
2677 		(void) zonecfg_deauthorize_users(handle, zone);
2678 	}
2679 	if ((err = zonecfg_destroy(zone, force)) != Z_OK) {
2680 		if ((err == Z_BAD_ZONE_STATE) && !force) {
2681 			zerr(gettext("Zone %s not in %s state; %s not "
2682 			    "allowed.  Use -F to force %s."),
2683 			    zone, zone_state_str(ZONE_STATE_CONFIGURED),
2684 			    cmd_to_str(CMD_DELETE), cmd_to_str(CMD_DELETE));
2685 		} else {
2686 			zone_perror(zone, err, B_TRUE);
2687 		}
2688 	}
2689 	need_to_commit = B_FALSE;
2690 
2691 	/*
2692 	 * Emulate initialize's messaging; if there wasn't a valid handle to
2693 	 * begin with, then user had typed delete (or delete -F) multiple
2694 	 * times.  So we emit a message.
2695 	 *
2696 	 * We only do this in the 'force' case because normally, initialize()
2697 	 * takes care of this for us.
2698 	 */
2699 	if (force && zonecfg_check_handle(handle) != Z_OK && interactive_mode)
2700 		(void) printf(gettext("Use '%s' to begin "
2701 		    "configuring a new zone.\n"), cmd_to_str(CMD_CREATE));
2702 
2703 	/*
2704 	 * Time for a new handle: finish the old one off first
2705 	 * then get a new one properly to avoid leaks.
2706 	 */
2707 	if (got_handle) {
2708 		zonecfg_fini_handle(handle);
2709 		if ((handle = zonecfg_init_handle()) == NULL) {
2710 			zone_perror(execname, Z_NOMEM, B_TRUE);
2711 			exit(Z_ERR);
2712 		}
2713 		if ((err = zonecfg_get_handle(zone, handle)) != Z_OK) {
2714 			/* If there was no zone before, that's OK */
2715 			if (err != Z_NO_ZONE)
2716 				zone_perror(zone, err, B_TRUE);
2717 			got_handle = B_FALSE;
2718 		}
2719 	}
2720 }
2721 
2722 static int
fill_in_fstab(cmd_t * cmd,struct zone_fstab * fstab,boolean_t fill_in_only)2723 fill_in_fstab(cmd_t *cmd, struct zone_fstab *fstab, boolean_t fill_in_only)
2724 {
2725 	int err, i;
2726 	property_value_ptr_t pp;
2727 
2728 	if ((err = initialize(B_TRUE)) != Z_OK)
2729 		return (err);
2730 
2731 	bzero(fstab, sizeof (*fstab));
2732 	for (i = 0; i < cmd->cmd_prop_nv_pairs; i++) {
2733 		pp = cmd->cmd_property_ptr[i];
2734 		if (pp->pv_type != PROP_VAL_SIMPLE || pp->pv_simple == NULL) {
2735 			zerr(gettext("A simple value was expected here."));
2736 			saw_error = B_TRUE;
2737 			return (Z_INSUFFICIENT_SPEC);
2738 		}
2739 		switch (cmd->cmd_prop_name[i]) {
2740 		case PT_DIR:
2741 			(void) strlcpy(fstab->zone_fs_dir, pp->pv_simple,
2742 			    sizeof (fstab->zone_fs_dir));
2743 			break;
2744 		case PT_SPECIAL:
2745 			(void) strlcpy(fstab->zone_fs_special, pp->pv_simple,
2746 			    sizeof (fstab->zone_fs_special));
2747 			break;
2748 		case PT_RAW:
2749 			(void) strlcpy(fstab->zone_fs_raw, pp->pv_simple,
2750 			    sizeof (fstab->zone_fs_raw));
2751 			break;
2752 		case PT_TYPE:
2753 			(void) strlcpy(fstab->zone_fs_type, pp->pv_simple,
2754 			    sizeof (fstab->zone_fs_type));
2755 			break;
2756 		default:
2757 			zone_perror(pt_to_str(cmd->cmd_prop_name[i]),
2758 			    Z_NO_PROPERTY_TYPE, B_TRUE);
2759 			return (Z_INSUFFICIENT_SPEC);
2760 		}
2761 	}
2762 	if (fill_in_only)
2763 		return (Z_OK);
2764 	return (zonecfg_lookup_filesystem(handle, fstab));
2765 }
2766 
2767 static int
fill_in_nwiftab(cmd_t * cmd,struct zone_nwiftab * nwiftab,boolean_t fill_in_only)2768 fill_in_nwiftab(cmd_t *cmd, struct zone_nwiftab *nwiftab,
2769     boolean_t fill_in_only)
2770 {
2771 	int err, i;
2772 	property_value_ptr_t pp;
2773 
2774 	if ((err = initialize(B_TRUE)) != Z_OK)
2775 		return (err);
2776 
2777 	bzero(nwiftab, sizeof (*nwiftab));
2778 	for (i = 0; i < cmd->cmd_prop_nv_pairs; i++) {
2779 		pp = cmd->cmd_property_ptr[i];
2780 		if (pp->pv_type != PROP_VAL_SIMPLE || pp->pv_simple == NULL) {
2781 			zerr(gettext("A simple value was expected here."));
2782 			saw_error = B_TRUE;
2783 			return (Z_INSUFFICIENT_SPEC);
2784 		}
2785 		switch (cmd->cmd_prop_name[i]) {
2786 		case PT_ADDRESS:
2787 			(void) strlcpy(nwiftab->zone_nwif_address,
2788 			    pp->pv_simple, sizeof (nwiftab->zone_nwif_address));
2789 			break;
2790 		case PT_ALLOWED_ADDRESS:
2791 			(void) strlcpy(nwiftab->zone_nwif_allowed_address,
2792 			    pp->pv_simple,
2793 			    sizeof (nwiftab->zone_nwif_allowed_address));
2794 			break;
2795 		case PT_PHYSICAL:
2796 			(void) strlcpy(nwiftab->zone_nwif_physical,
2797 			    pp->pv_simple,
2798 			    sizeof (nwiftab->zone_nwif_physical));
2799 			break;
2800 		case PT_DEFROUTER:
2801 			(void) strlcpy(nwiftab->zone_nwif_defrouter,
2802 			    pp->pv_simple,
2803 			    sizeof (nwiftab->zone_nwif_defrouter));
2804 			break;
2805 		default:
2806 			zone_perror(pt_to_str(cmd->cmd_prop_name[i]),
2807 			    Z_NO_PROPERTY_TYPE, B_TRUE);
2808 			return (Z_INSUFFICIENT_SPEC);
2809 		}
2810 	}
2811 	if (fill_in_only)
2812 		return (Z_OK);
2813 	err = zonecfg_lookup_nwif(handle, nwiftab);
2814 	return (err);
2815 }
2816 
2817 static int
fill_in_devtab(cmd_t * cmd,struct zone_devtab * devtab,boolean_t fill_in_only)2818 fill_in_devtab(cmd_t *cmd, struct zone_devtab *devtab, boolean_t fill_in_only)
2819 {
2820 	int err, i;
2821 	property_value_ptr_t pp;
2822 
2823 	if ((err = initialize(B_TRUE)) != Z_OK)
2824 		return (err);
2825 
2826 	bzero(devtab, sizeof (*devtab));
2827 	for (i = 0; i < cmd->cmd_prop_nv_pairs; i++) {
2828 		pp = cmd->cmd_property_ptr[i];
2829 		if (pp->pv_type != PROP_VAL_SIMPLE || pp->pv_simple == NULL) {
2830 			zerr(gettext("A simple value was expected here."));
2831 			saw_error = B_TRUE;
2832 			return (Z_INSUFFICIENT_SPEC);
2833 		}
2834 		switch (cmd->cmd_prop_name[i]) {
2835 		case PT_MATCH:
2836 			(void) strlcpy(devtab->zone_dev_match, pp->pv_simple,
2837 			    sizeof (devtab->zone_dev_match));
2838 			break;
2839 		default:
2840 			zone_perror(pt_to_str(cmd->cmd_prop_name[i]),
2841 			    Z_NO_PROPERTY_TYPE, B_TRUE);
2842 			return (Z_INSUFFICIENT_SPEC);
2843 		}
2844 	}
2845 	if (fill_in_only)
2846 		return (Z_OK);
2847 	err = zonecfg_lookup_dev(handle, devtab);
2848 	return (err);
2849 }
2850 
2851 static int
fill_in_rctltab(cmd_t * cmd,struct zone_rctltab * rctltab,boolean_t fill_in_only)2852 fill_in_rctltab(cmd_t *cmd, struct zone_rctltab *rctltab,
2853     boolean_t fill_in_only)
2854 {
2855 	int err, i;
2856 	property_value_ptr_t pp;
2857 
2858 	if ((err = initialize(B_TRUE)) != Z_OK)
2859 		return (err);
2860 
2861 	bzero(rctltab, sizeof (*rctltab));
2862 	for (i = 0; i < cmd->cmd_prop_nv_pairs; i++) {
2863 		pp = cmd->cmd_property_ptr[i];
2864 		if (pp->pv_type != PROP_VAL_SIMPLE || pp->pv_simple == NULL) {
2865 			zerr(gettext("A simple value was expected here."));
2866 			saw_error = B_TRUE;
2867 			return (Z_INSUFFICIENT_SPEC);
2868 		}
2869 		switch (cmd->cmd_prop_name[i]) {
2870 		case PT_NAME:
2871 			(void) strlcpy(rctltab->zone_rctl_name, pp->pv_simple,
2872 			    sizeof (rctltab->zone_rctl_name));
2873 			break;
2874 		default:
2875 			zone_perror(pt_to_str(cmd->cmd_prop_name[i]),
2876 			    Z_NO_PROPERTY_TYPE, B_TRUE);
2877 			return (Z_INSUFFICIENT_SPEC);
2878 		}
2879 	}
2880 	if (fill_in_only)
2881 		return (Z_OK);
2882 	err = zonecfg_lookup_rctl(handle, rctltab);
2883 	return (err);
2884 }
2885 
2886 static int
fill_in_attrtab(cmd_t * cmd,struct zone_attrtab * attrtab,boolean_t fill_in_only)2887 fill_in_attrtab(cmd_t *cmd, struct zone_attrtab *attrtab,
2888     boolean_t fill_in_only)
2889 {
2890 	int err, i;
2891 	property_value_ptr_t pp;
2892 
2893 	if ((err = initialize(B_TRUE)) != Z_OK)
2894 		return (err);
2895 
2896 	bzero(attrtab, sizeof (*attrtab));
2897 	for (i = 0; i < cmd->cmd_prop_nv_pairs; i++) {
2898 		pp = cmd->cmd_property_ptr[i];
2899 		if (pp->pv_type != PROP_VAL_SIMPLE || pp->pv_simple == NULL) {
2900 			zerr(gettext("A simple value was expected here."));
2901 			saw_error = B_TRUE;
2902 			return (Z_INSUFFICIENT_SPEC);
2903 		}
2904 		switch (cmd->cmd_prop_name[i]) {
2905 		case PT_NAME:
2906 			(void) strlcpy(attrtab->zone_attr_name, pp->pv_simple,
2907 			    sizeof (attrtab->zone_attr_name));
2908 			break;
2909 		case PT_TYPE:
2910 			(void) strlcpy(attrtab->zone_attr_type, pp->pv_simple,
2911 			    sizeof (attrtab->zone_attr_type));
2912 			break;
2913 		case PT_VALUE:
2914 			(void) strlcpy(attrtab->zone_attr_value, pp->pv_simple,
2915 			    sizeof (attrtab->zone_attr_value));
2916 			break;
2917 		default:
2918 			zone_perror(pt_to_str(cmd->cmd_prop_name[i]),
2919 			    Z_NO_PROPERTY_TYPE, B_TRUE);
2920 			return (Z_INSUFFICIENT_SPEC);
2921 		}
2922 	}
2923 	if (fill_in_only)
2924 		return (Z_OK);
2925 	err = zonecfg_lookup_attr(handle, attrtab);
2926 	return (err);
2927 }
2928 
2929 static int
fill_in_dstab(cmd_t * cmd,struct zone_dstab * dstab,boolean_t fill_in_only)2930 fill_in_dstab(cmd_t *cmd, struct zone_dstab *dstab, boolean_t fill_in_only)
2931 {
2932 	int err, i;
2933 	property_value_ptr_t pp;
2934 
2935 	if ((err = initialize(B_TRUE)) != Z_OK)
2936 		return (err);
2937 
2938 	dstab->zone_dataset_name[0] = '\0';
2939 	for (i = 0; i < cmd->cmd_prop_nv_pairs; i++) {
2940 		pp = cmd->cmd_property_ptr[i];
2941 		if (pp->pv_type != PROP_VAL_SIMPLE || pp->pv_simple == NULL) {
2942 			zerr(gettext("A simple value was expected here."));
2943 			saw_error = B_TRUE;
2944 			return (Z_INSUFFICIENT_SPEC);
2945 		}
2946 		switch (cmd->cmd_prop_name[i]) {
2947 		case PT_NAME:
2948 			(void) strlcpy(dstab->zone_dataset_name, pp->pv_simple,
2949 			    sizeof (dstab->zone_dataset_name));
2950 			break;
2951 		default:
2952 			zone_perror(pt_to_str(cmd->cmd_prop_name[i]),
2953 			    Z_NO_PROPERTY_TYPE, B_TRUE);
2954 			return (Z_INSUFFICIENT_SPEC);
2955 		}
2956 	}
2957 	if (fill_in_only)
2958 		return (Z_OK);
2959 	return (zonecfg_lookup_ds(handle, dstab));
2960 }
2961 
2962 static int
fill_in_admintab(cmd_t * cmd,struct zone_admintab * admintab,boolean_t fill_in_only)2963 fill_in_admintab(cmd_t *cmd, struct zone_admintab *admintab,
2964     boolean_t fill_in_only)
2965 {
2966 	int err, i;
2967 	property_value_ptr_t pp;
2968 
2969 	if ((err = initialize(B_TRUE)) != Z_OK)
2970 		return (err);
2971 
2972 	bzero(admintab, sizeof (*admintab));
2973 	for (i = 0; i < cmd->cmd_prop_nv_pairs; i++) {
2974 		pp = cmd->cmd_property_ptr[i];
2975 		if (pp->pv_type != PROP_VAL_SIMPLE || pp->pv_simple == NULL) {
2976 			zerr(gettext("A simple value was expected here."));
2977 			saw_error = B_TRUE;
2978 			return (Z_INSUFFICIENT_SPEC);
2979 		}
2980 		switch (cmd->cmd_prop_name[i]) {
2981 		case PT_USER:
2982 			(void) strlcpy(admintab->zone_admin_user, pp->pv_simple,
2983 			    sizeof (admintab->zone_admin_user));
2984 			break;
2985 		case PT_AUTHS:
2986 			(void) strlcpy(admintab->zone_admin_auths,
2987 			    pp->pv_simple, sizeof (admintab->zone_admin_auths));
2988 			break;
2989 		default:
2990 			zone_perror(pt_to_str(cmd->cmd_prop_name[i]),
2991 			    Z_NO_PROPERTY_TYPE, B_TRUE);
2992 			return (Z_INSUFFICIENT_SPEC);
2993 		}
2994 	}
2995 	if (fill_in_only)
2996 		return (Z_OK);
2997 	err = zonecfg_lookup_admin(handle, admintab);
2998 	return (err);
2999 }
3000 
3001 static int
fill_in_secflagstab(cmd_t * cmd,struct zone_secflagstab * secflagstab,boolean_t fill_in_only)3002 fill_in_secflagstab(cmd_t *cmd, struct zone_secflagstab *secflagstab,
3003     boolean_t fill_in_only)
3004 {
3005 	int err, i;
3006 	property_value_ptr_t pp;
3007 
3008 	if ((err = initialize(B_TRUE)) != Z_OK)
3009 		return (err);
3010 
3011 	bzero(secflagstab, sizeof (*secflagstab));
3012 	for (i = 0; i < cmd->cmd_prop_nv_pairs; i++) {
3013 		pp = cmd->cmd_property_ptr[i];
3014 		if (pp->pv_type != PROP_VAL_SIMPLE || pp->pv_simple == NULL) {
3015 			zerr(gettext("A simple value was expected here."));
3016 			saw_error = B_TRUE;
3017 			return (Z_INSUFFICIENT_SPEC);
3018 		}
3019 		switch (cmd->cmd_prop_name[i]) {
3020 		case PT_DEFAULT:
3021 			(void) strlcpy(secflagstab->zone_secflags_default,
3022 			    pp->pv_simple,
3023 			    sizeof (secflagstab->zone_secflags_default));
3024 			break;
3025 		case PT_LOWER:
3026 			(void) strlcpy(secflagstab->zone_secflags_lower,
3027 			    pp->pv_simple,
3028 			    sizeof (secflagstab->zone_secflags_lower));
3029 			break;
3030 		case PT_UPPER:
3031 			(void) strlcpy(secflagstab->zone_secflags_upper,
3032 			    pp->pv_simple,
3033 			    sizeof (secflagstab->zone_secflags_upper));
3034 			break;
3035 		default:
3036 			zone_perror(pt_to_str(cmd->cmd_prop_name[i]),
3037 			    Z_NO_PROPERTY_TYPE, B_TRUE);
3038 			return (Z_INSUFFICIENT_SPEC);
3039 		}
3040 	}
3041 	if (fill_in_only)
3042 		return (Z_OK);
3043 
3044 	err = zonecfg_lookup_secflags(handle, secflagstab);
3045 
3046 	return (err);
3047 }
3048 
3049 static void
remove_aliased_rctl(int type,char * name)3050 remove_aliased_rctl(int type, char *name)
3051 {
3052 	int err;
3053 	uint64_t tmp;
3054 
3055 	if ((err = zonecfg_get_aliased_rctl(handle, name, &tmp)) != Z_OK) {
3056 		zerr("%s %s: %s", cmd_to_str(CMD_CLEAR), pt_to_str(type),
3057 		    zonecfg_strerror(err));
3058 		saw_error = B_TRUE;
3059 		return;
3060 	}
3061 	if ((err = zonecfg_rm_aliased_rctl(handle, name)) != Z_OK) {
3062 		zerr("%s %s: %s", cmd_to_str(CMD_CLEAR), pt_to_str(type),
3063 		    zonecfg_strerror(err));
3064 		saw_error = B_TRUE;
3065 	} else {
3066 		need_to_commit = B_TRUE;
3067 	}
3068 }
3069 
3070 static boolean_t
prompt_remove_resource(cmd_t * cmd,char * rsrc)3071 prompt_remove_resource(cmd_t *cmd, char *rsrc)
3072 {
3073 	int num;
3074 	int answer;
3075 	int arg;
3076 	boolean_t force = B_FALSE;
3077 	char prompt[128];
3078 	boolean_t arg_err = B_FALSE;
3079 
3080 	optind = 0;
3081 	while ((arg = getopt(cmd->cmd_argc, cmd->cmd_argv, "F")) != EOF) {
3082 		switch (arg) {
3083 		case 'F':
3084 			force = B_TRUE;
3085 			break;
3086 		default:
3087 			arg_err = B_TRUE;
3088 			break;
3089 		}
3090 	}
3091 	if (arg_err)
3092 		return (B_FALSE);
3093 
3094 
3095 	num = zonecfg_num_resources(handle, rsrc);
3096 
3097 	if (num == 0) {
3098 		z_cmd_rt_perror(CMD_REMOVE, cmd->cmd_res_type, Z_NO_ENTRY,
3099 		    B_TRUE);
3100 		return (B_FALSE);
3101 	}
3102 	if (num > 1 && !force) {
3103 		if (!interactive_mode) {
3104 			zerr(gettext("There are multiple instances of this "
3105 			    "resource.  Either qualify the resource to\n"
3106 			    "remove a single instance or use the -F option to "
3107 			    "remove all instances."));
3108 			saw_error = B_TRUE;
3109 			return (B_FALSE);
3110 		}
3111 		(void) snprintf(prompt, sizeof (prompt), gettext(
3112 		    "Are you sure you want to remove ALL '%s' resources"),
3113 		    rsrc);
3114 		answer = ask_yesno(B_FALSE, prompt);
3115 		if (answer == -1) {
3116 			zerr(gettext("Resource incomplete."));
3117 			return (B_FALSE);
3118 		}
3119 		if (answer != 1)
3120 			return (B_FALSE);
3121 	}
3122 	return (B_TRUE);
3123 }
3124 
3125 static void
remove_fs(cmd_t * cmd)3126 remove_fs(cmd_t *cmd)
3127 {
3128 	int err;
3129 
3130 	/* traditional, qualified fs removal */
3131 	if (cmd->cmd_prop_nv_pairs > 0) {
3132 		struct zone_fstab fstab;
3133 
3134 		if ((err = fill_in_fstab(cmd, &fstab, B_FALSE)) != Z_OK) {
3135 			z_cmd_rt_perror(CMD_REMOVE, RT_FS, err, B_TRUE);
3136 			return;
3137 		}
3138 		if ((err = zonecfg_delete_filesystem(handle, &fstab)) != Z_OK)
3139 			z_cmd_rt_perror(CMD_REMOVE, RT_FS, err, B_TRUE);
3140 		else
3141 			need_to_commit = B_TRUE;
3142 		zonecfg_free_fs_option_list(fstab.zone_fs_options);
3143 		return;
3144 	}
3145 
3146 	/*
3147 	 * unqualified fs removal.  remove all fs's but prompt if more
3148 	 * than one.
3149 	 */
3150 	if (!prompt_remove_resource(cmd, "fs"))
3151 		return;
3152 
3153 	if ((err = zonecfg_del_all_resources(handle, "fs")) != Z_OK)
3154 		z_cmd_rt_perror(CMD_REMOVE, RT_FS, err, B_TRUE);
3155 	else
3156 		need_to_commit = B_TRUE;
3157 }
3158 
3159 static void
remove_net(cmd_t * cmd)3160 remove_net(cmd_t *cmd)
3161 {
3162 	int err;
3163 
3164 	/* traditional, qualified net removal */
3165 	if (cmd->cmd_prop_nv_pairs > 0) {
3166 		struct zone_nwiftab nwiftab;
3167 
3168 		if ((err = fill_in_nwiftab(cmd, &nwiftab, B_FALSE)) != Z_OK) {
3169 			z_cmd_rt_perror(CMD_REMOVE, RT_NET, err, B_TRUE);
3170 			return;
3171 		}
3172 		if ((err = zonecfg_delete_nwif(handle, &nwiftab)) != Z_OK)
3173 			z_cmd_rt_perror(CMD_REMOVE, RT_NET, err, B_TRUE);
3174 		else
3175 			need_to_commit = B_TRUE;
3176 		return;
3177 	}
3178 
3179 	/*
3180 	 * unqualified net removal.  remove all nets but prompt if more
3181 	 * than one.
3182 	 */
3183 	if (!prompt_remove_resource(cmd, "net"))
3184 		return;
3185 
3186 	if ((err = zonecfg_del_all_resources(handle, "net")) != Z_OK)
3187 		z_cmd_rt_perror(CMD_REMOVE, RT_NET, err, B_TRUE);
3188 	else
3189 		need_to_commit = B_TRUE;
3190 }
3191 
3192 static void
remove_device(cmd_t * cmd)3193 remove_device(cmd_t *cmd)
3194 {
3195 	int err;
3196 
3197 	/* traditional, qualified device removal */
3198 	if (cmd->cmd_prop_nv_pairs > 0) {
3199 		struct zone_devtab devtab;
3200 
3201 		if ((err = fill_in_devtab(cmd, &devtab, B_FALSE)) != Z_OK) {
3202 			z_cmd_rt_perror(CMD_REMOVE, RT_DEVICE, err, B_TRUE);
3203 			return;
3204 		}
3205 		if ((err = zonecfg_delete_dev(handle, &devtab)) != Z_OK)
3206 			z_cmd_rt_perror(CMD_REMOVE, RT_DEVICE, err, B_TRUE);
3207 		else
3208 			need_to_commit = B_TRUE;
3209 		return;
3210 	}
3211 
3212 	/*
3213 	 * unqualified device removal.  remove all devices but prompt if more
3214 	 * than one.
3215 	 */
3216 	if (!prompt_remove_resource(cmd, "device"))
3217 		return;
3218 
3219 	if ((err = zonecfg_del_all_resources(handle, "device")) != Z_OK)
3220 		z_cmd_rt_perror(CMD_REMOVE, RT_DEVICE, err, B_TRUE);
3221 	else
3222 		need_to_commit = B_TRUE;
3223 }
3224 
3225 static void
remove_attr(cmd_t * cmd)3226 remove_attr(cmd_t *cmd)
3227 {
3228 	int err;
3229 
3230 	/* traditional, qualified attr removal */
3231 	if (cmd->cmd_prop_nv_pairs > 0) {
3232 		struct zone_attrtab attrtab;
3233 
3234 		if ((err = fill_in_attrtab(cmd, &attrtab, B_FALSE)) != Z_OK) {
3235 			z_cmd_rt_perror(CMD_REMOVE, RT_ATTR, err, B_TRUE);
3236 			return;
3237 		}
3238 		if ((err = zonecfg_delete_attr(handle, &attrtab)) != Z_OK)
3239 			z_cmd_rt_perror(CMD_REMOVE, RT_ATTR, err, B_TRUE);
3240 		else
3241 			need_to_commit = B_TRUE;
3242 		return;
3243 	}
3244 
3245 	/*
3246 	 * unqualified attr removal.  remove all attrs but prompt if more
3247 	 * than one.
3248 	 */
3249 	if (!prompt_remove_resource(cmd, "attr"))
3250 		return;
3251 
3252 	if ((err = zonecfg_del_all_resources(handle, "attr")) != Z_OK)
3253 		z_cmd_rt_perror(CMD_REMOVE, RT_ATTR, err, B_TRUE);
3254 	else
3255 		need_to_commit = B_TRUE;
3256 }
3257 
3258 static void
remove_dataset(cmd_t * cmd)3259 remove_dataset(cmd_t *cmd)
3260 {
3261 	int err;
3262 
3263 	/* traditional, qualified dataset removal */
3264 	if (cmd->cmd_prop_nv_pairs > 0) {
3265 		struct zone_dstab dstab;
3266 
3267 		if ((err = fill_in_dstab(cmd, &dstab, B_FALSE)) != Z_OK) {
3268 			z_cmd_rt_perror(CMD_REMOVE, RT_DATASET, err, B_TRUE);
3269 			return;
3270 		}
3271 		if ((err = zonecfg_delete_ds(handle, &dstab)) != Z_OK)
3272 			z_cmd_rt_perror(CMD_REMOVE, RT_DATASET, err, B_TRUE);
3273 		else
3274 			need_to_commit = B_TRUE;
3275 		return;
3276 	}
3277 
3278 	/*
3279 	 * unqualified dataset removal.  remove all datasets but prompt if more
3280 	 * than one.
3281 	 */
3282 	if (!prompt_remove_resource(cmd, "dataset"))
3283 		return;
3284 
3285 	if ((err = zonecfg_del_all_resources(handle, "dataset")) != Z_OK)
3286 		z_cmd_rt_perror(CMD_REMOVE, RT_DATASET, err, B_TRUE);
3287 	else
3288 		need_to_commit = B_TRUE;
3289 }
3290 
3291 static void
remove_rctl(cmd_t * cmd)3292 remove_rctl(cmd_t *cmd)
3293 {
3294 	int err;
3295 
3296 	/* traditional, qualified rctl removal */
3297 	if (cmd->cmd_prop_nv_pairs > 0) {
3298 		struct zone_rctltab rctltab;
3299 
3300 		if ((err = fill_in_rctltab(cmd, &rctltab, B_FALSE)) != Z_OK) {
3301 			z_cmd_rt_perror(CMD_REMOVE, RT_RCTL, err, B_TRUE);
3302 			return;
3303 		}
3304 		if ((err = zonecfg_delete_rctl(handle, &rctltab)) != Z_OK)
3305 			z_cmd_rt_perror(CMD_REMOVE, RT_RCTL, err, B_TRUE);
3306 		else
3307 			need_to_commit = B_TRUE;
3308 		zonecfg_free_rctl_value_list(rctltab.zone_rctl_valptr);
3309 		return;
3310 	}
3311 
3312 	/*
3313 	 * unqualified rctl removal.  remove all rctls but prompt if more
3314 	 * than one.
3315 	 */
3316 	if (!prompt_remove_resource(cmd, "rctl"))
3317 		return;
3318 
3319 	if ((err = zonecfg_del_all_resources(handle, "rctl")) != Z_OK)
3320 		z_cmd_rt_perror(CMD_REMOVE, RT_RCTL, err, B_TRUE);
3321 	else
3322 		need_to_commit = B_TRUE;
3323 }
3324 
3325 static void
remove_pset()3326 remove_pset()
3327 {
3328 	int err;
3329 	struct zone_psettab psettab;
3330 
3331 	if ((err = zonecfg_lookup_pset(handle, &psettab)) != Z_OK) {
3332 		z_cmd_rt_perror(CMD_REMOVE, RT_DCPU, err, B_TRUE);
3333 		return;
3334 	}
3335 	if ((err = zonecfg_delete_pset(handle)) != Z_OK)
3336 		z_cmd_rt_perror(CMD_REMOVE, RT_DCPU, err, B_TRUE);
3337 	else
3338 		need_to_commit = B_TRUE;
3339 }
3340 
3341 static void
remove_pcap()3342 remove_pcap()
3343 {
3344 	int err;
3345 	uint64_t tmp;
3346 
3347 	if (zonecfg_get_aliased_rctl(handle, ALIAS_CPUCAP, &tmp) != Z_OK) {
3348 		zerr("%s %s: %s", cmd_to_str(CMD_REMOVE), rt_to_str(RT_PCAP),
3349 		    zonecfg_strerror(Z_NO_RESOURCE_TYPE));
3350 		saw_error = B_TRUE;
3351 		return;
3352 	}
3353 
3354 	if ((err = zonecfg_rm_aliased_rctl(handle, ALIAS_CPUCAP)) != Z_OK)
3355 		z_cmd_rt_perror(CMD_REMOVE, RT_PCAP, err, B_TRUE);
3356 	else
3357 		need_to_commit = B_TRUE;
3358 }
3359 
3360 static void
remove_mcap()3361 remove_mcap()
3362 {
3363 	int err, res1, res2, res3;
3364 	uint64_t tmp;
3365 	struct zone_mcaptab mcaptab;
3366 	boolean_t revert = B_FALSE;
3367 
3368 	res1 = zonecfg_lookup_mcap(handle, &mcaptab);
3369 	res2 = zonecfg_get_aliased_rctl(handle, ALIAS_MAXSWAP, &tmp);
3370 	res3 = zonecfg_get_aliased_rctl(handle, ALIAS_MAXLOCKEDMEM, &tmp);
3371 
3372 	/* if none of these exist, there is no resource to remove */
3373 	if (res1 != Z_OK && res2 != Z_OK && res3 != Z_OK) {
3374 		zerr("%s %s: %s", cmd_to_str(CMD_REMOVE), rt_to_str(RT_MCAP),
3375 		    zonecfg_strerror(Z_NO_RESOURCE_TYPE));
3376 		saw_error = B_TRUE;
3377 		return;
3378 	}
3379 	if (res1 == Z_OK) {
3380 		if ((err = zonecfg_delete_mcap(handle)) != Z_OK) {
3381 			z_cmd_rt_perror(CMD_REMOVE, RT_MCAP, err, B_TRUE);
3382 			revert = B_TRUE;
3383 		} else {
3384 			need_to_commit = B_TRUE;
3385 		}
3386 	}
3387 	if (res2 == Z_OK) {
3388 		if ((err = zonecfg_rm_aliased_rctl(handle, ALIAS_MAXSWAP))
3389 		    != Z_OK) {
3390 			z_cmd_rt_perror(CMD_REMOVE, RT_MCAP, err, B_TRUE);
3391 			revert = B_TRUE;
3392 		} else {
3393 			need_to_commit = B_TRUE;
3394 		}
3395 	}
3396 	if (res3 == Z_OK) {
3397 		if ((err = zonecfg_rm_aliased_rctl(handle, ALIAS_MAXLOCKEDMEM))
3398 		    != Z_OK) {
3399 			z_cmd_rt_perror(CMD_REMOVE, RT_MCAP, err, B_TRUE);
3400 			revert = B_TRUE;
3401 		} else {
3402 			need_to_commit = B_TRUE;
3403 		}
3404 	}
3405 
3406 	if (revert)
3407 		need_to_commit = B_FALSE;
3408 }
3409 
3410 static void
remove_admin(cmd_t * cmd)3411 remove_admin(cmd_t *cmd)
3412 {
3413 	int err;
3414 
3415 	/* traditional, qualified attr removal */
3416 	if (cmd->cmd_prop_nv_pairs > 0) {
3417 		struct zone_admintab admintab;
3418 
3419 		if ((err = fill_in_admintab(cmd, &admintab, B_FALSE)) != Z_OK) {
3420 			z_cmd_rt_perror(CMD_REMOVE, RT_ADMIN,
3421 			    err, B_TRUE);
3422 			return;
3423 		}
3424 		if ((err = zonecfg_delete_admin(handle, &admintab,
3425 		    zone))
3426 		    != Z_OK)
3427 			z_cmd_rt_perror(CMD_REMOVE, RT_ADMIN,
3428 			    err, B_TRUE);
3429 		else
3430 			need_to_commit = B_TRUE;
3431 		return;
3432 	} else {
3433 		/*
3434 		 * unqualified admin removal.
3435 		 * remove all admins but prompt if more
3436 		 * than one.
3437 		 */
3438 		if (!prompt_remove_resource(cmd, "admin"))
3439 			return;
3440 
3441 		if ((err = zonecfg_delete_admins(handle, zone))
3442 		    != Z_OK)
3443 			z_cmd_rt_perror(CMD_REMOVE, RT_ADMIN,
3444 			    err, B_TRUE);
3445 		else
3446 			need_to_commit = B_TRUE;
3447 	}
3448 }
3449 
3450 static void
remove_secflags()3451 remove_secflags()
3452 {
3453 	int err;
3454 	struct zone_secflagstab sectab = { 0 };
3455 
3456 	if (zonecfg_lookup_secflags(handle, &sectab) != Z_OK) {
3457 		zerr("%s %s: %s", cmd_to_str(CMD_REMOVE),
3458 		    rt_to_str(RT_SECFLAGS),
3459 		    zonecfg_strerror(Z_NO_RESOURCE_TYPE));
3460 		return;
3461 	}
3462 
3463 	if ((err = zonecfg_delete_secflags(handle, &sectab)) != Z_OK) {
3464 		z_cmd_rt_perror(CMD_REMOVE, RT_SECFLAGS, err, B_TRUE);
3465 		return;
3466 	}
3467 
3468 	need_to_commit = B_TRUE;
3469 }
3470 
3471 static void
remove_resource(cmd_t * cmd)3472 remove_resource(cmd_t *cmd)
3473 {
3474 	int type;
3475 	int arg;
3476 	boolean_t arg_err = B_FALSE;
3477 
3478 	if ((type = cmd->cmd_res_type) == RT_UNKNOWN) {
3479 		long_usage(CMD_REMOVE, B_TRUE);
3480 		return;
3481 	}
3482 
3483 	optind = 0;
3484 	while ((arg = getopt(cmd->cmd_argc, cmd->cmd_argv, "?F")) != EOF) {
3485 		switch (arg) {
3486 		case '?':
3487 			longer_usage(CMD_REMOVE);
3488 			arg_err = B_TRUE;
3489 			break;
3490 		case 'F':
3491 			break;
3492 		default:
3493 			short_usage(CMD_REMOVE);
3494 			arg_err = B_TRUE;
3495 			break;
3496 		}
3497 	}
3498 	if (arg_err)
3499 		return;
3500 
3501 	if (initialize(B_TRUE) != Z_OK)
3502 		return;
3503 
3504 	switch (type) {
3505 	case RT_FS:
3506 		remove_fs(cmd);
3507 		return;
3508 	case RT_NET:
3509 		remove_net(cmd);
3510 		return;
3511 	case RT_DEVICE:
3512 		remove_device(cmd);
3513 		return;
3514 	case RT_RCTL:
3515 		remove_rctl(cmd);
3516 		return;
3517 	case RT_ATTR:
3518 		remove_attr(cmd);
3519 		return;
3520 	case RT_DATASET:
3521 		remove_dataset(cmd);
3522 		return;
3523 	case RT_DCPU:
3524 		remove_pset();
3525 		return;
3526 	case RT_PCAP:
3527 		remove_pcap();
3528 		return;
3529 	case RT_MCAP:
3530 		remove_mcap();
3531 		return;
3532 	case RT_ADMIN:
3533 		remove_admin(cmd);
3534 		return;
3535 	case RT_SECFLAGS:
3536 		remove_secflags();
3537 		return;
3538 	default:
3539 		zone_perror(rt_to_str(type), Z_NO_RESOURCE_TYPE, B_TRUE);
3540 		long_usage(CMD_REMOVE, B_TRUE);
3541 		usage(B_FALSE, HELP_RESOURCES);
3542 		return;
3543 	}
3544 }
3545 
3546 static void
remove_property(cmd_t * cmd)3547 remove_property(cmd_t *cmd)
3548 {
3549 	char *prop_id;
3550 	int err, res_type, prop_type;
3551 	property_value_ptr_t pp;
3552 	struct zone_rctlvaltab *rctlvaltab;
3553 	complex_property_ptr_t cx;
3554 
3555 	res_type = resource_scope;
3556 	prop_type = cmd->cmd_prop_name[0];
3557 	if (res_type == RT_UNKNOWN || prop_type == PT_UNKNOWN) {
3558 		long_usage(CMD_REMOVE, B_TRUE);
3559 		return;
3560 	}
3561 
3562 	if (cmd->cmd_prop_nv_pairs != 1) {
3563 		long_usage(CMD_ADD, B_TRUE);
3564 		return;
3565 	}
3566 
3567 	if (initialize(B_TRUE) != Z_OK)
3568 		return;
3569 
3570 	switch (res_type) {
3571 	case RT_FS:
3572 		if (prop_type != PT_OPTIONS) {
3573 			zone_perror(pt_to_str(prop_type), Z_NO_PROPERTY_TYPE,
3574 			    B_TRUE);
3575 			long_usage(CMD_REMOVE, B_TRUE);
3576 			usage(B_FALSE, HELP_PROPS);
3577 			return;
3578 		}
3579 		pp = cmd->cmd_property_ptr[0];
3580 		if (pp->pv_type == PROP_VAL_COMPLEX) {
3581 			zerr(gettext("A %s or %s value was expected here."),
3582 			    pvt_to_str(PROP_VAL_SIMPLE),
3583 			    pvt_to_str(PROP_VAL_LIST));
3584 			saw_error = B_TRUE;
3585 			return;
3586 		}
3587 		if (pp->pv_type == PROP_VAL_SIMPLE) {
3588 			if (pp->pv_simple == NULL) {
3589 				long_usage(CMD_ADD, B_TRUE);
3590 				return;
3591 			}
3592 			prop_id = pp->pv_simple;
3593 			err = zonecfg_remove_fs_option(&in_progress_fstab,
3594 			    prop_id);
3595 			if (err != Z_OK)
3596 				zone_perror(pt_to_str(prop_type), err, B_TRUE);
3597 		} else {
3598 			list_property_ptr_t list;
3599 
3600 			for (list = pp->pv_list; list != NULL;
3601 			    list = list->lp_next) {
3602 				prop_id = list->lp_simple;
3603 				if (prop_id == NULL)
3604 					break;
3605 				err = zonecfg_remove_fs_option(
3606 				    &in_progress_fstab, prop_id);
3607 				if (err != Z_OK)
3608 					zone_perror(pt_to_str(prop_type), err,
3609 					    B_TRUE);
3610 			}
3611 		}
3612 		return;
3613 	case RT_RCTL:
3614 		if (prop_type != PT_VALUE) {
3615 			zone_perror(pt_to_str(prop_type), Z_NO_PROPERTY_TYPE,
3616 			    B_TRUE);
3617 			long_usage(CMD_REMOVE, B_TRUE);
3618 			usage(B_FALSE, HELP_PROPS);
3619 			return;
3620 		}
3621 		pp = cmd->cmd_property_ptr[0];
3622 		if (pp->pv_type != PROP_VAL_COMPLEX) {
3623 			zerr(gettext("A %s value was expected here."),
3624 			    pvt_to_str(PROP_VAL_COMPLEX));
3625 			saw_error = B_TRUE;
3626 			return;
3627 		}
3628 		if ((rctlvaltab = alloc_rctlvaltab()) == NULL) {
3629 			zone_perror(zone, Z_NOMEM, B_TRUE);
3630 			exit(Z_ERR);
3631 		}
3632 		for (cx = pp->pv_complex; cx != NULL; cx = cx->cp_next) {
3633 			switch (cx->cp_type) {
3634 			case PT_PRIV:
3635 				(void) strlcpy(rctlvaltab->zone_rctlval_priv,
3636 				    cx->cp_value,
3637 				    sizeof (rctlvaltab->zone_rctlval_priv));
3638 				break;
3639 			case PT_LIMIT:
3640 				(void) strlcpy(rctlvaltab->zone_rctlval_limit,
3641 				    cx->cp_value,
3642 				    sizeof (rctlvaltab->zone_rctlval_limit));
3643 				break;
3644 			case PT_ACTION:
3645 				(void) strlcpy(rctlvaltab->zone_rctlval_action,
3646 				    cx->cp_value,
3647 				    sizeof (rctlvaltab->zone_rctlval_action));
3648 				break;
3649 			default:
3650 				zone_perror(pt_to_str(prop_type),
3651 				    Z_NO_PROPERTY_TYPE, B_TRUE);
3652 				long_usage(CMD_ADD, B_TRUE);
3653 				usage(B_FALSE, HELP_PROPS);
3654 				zonecfg_free_rctl_value_list(rctlvaltab);
3655 				return;
3656 			}
3657 		}
3658 		rctlvaltab->zone_rctlval_next = NULL;
3659 		err = zonecfg_remove_rctl_value(&in_progress_rctltab,
3660 		    rctlvaltab);
3661 		if (err != Z_OK)
3662 			zone_perror(pt_to_str(prop_type), err, B_TRUE);
3663 		zonecfg_free_rctl_value_list(rctlvaltab);
3664 		return;
3665 	case RT_NET:
3666 		if (prop_type != PT_DEFROUTER) {
3667 			zone_perror(pt_to_str(prop_type), Z_NO_PROPERTY_TYPE,
3668 			    B_TRUE);
3669 			long_usage(CMD_REMOVE, B_TRUE);
3670 			usage(B_FALSE, HELP_PROPS);
3671 			return;
3672 		} else {
3673 			bzero(&in_progress_nwiftab.zone_nwif_defrouter,
3674 			    sizeof (in_progress_nwiftab.zone_nwif_defrouter));
3675 			return;
3676 		}
3677 	default:
3678 		zone_perror(rt_to_str(res_type), Z_NO_RESOURCE_TYPE, B_TRUE);
3679 		long_usage(CMD_REMOVE, B_TRUE);
3680 		usage(B_FALSE, HELP_RESOURCES);
3681 		return;
3682 	}
3683 }
3684 
3685 void
remove_func(cmd_t * cmd)3686 remove_func(cmd_t *cmd)
3687 {
3688 	if (zone_is_read_only(CMD_REMOVE))
3689 		return;
3690 
3691 	assert(cmd != NULL);
3692 
3693 	if (global_scope) {
3694 		if (gz_invalid_resource(cmd->cmd_res_type)) {
3695 			zerr(gettext("%s is not a valid resource for the "
3696 			    "global zone."), rt_to_str(cmd->cmd_res_type));
3697 			saw_error = B_TRUE;
3698 			return;
3699 		}
3700 		remove_resource(cmd);
3701 	} else {
3702 		remove_property(cmd);
3703 	}
3704 }
3705 
3706 static void
clear_property(cmd_t * cmd)3707 clear_property(cmd_t *cmd)
3708 {
3709 	int res_type, prop_type;
3710 
3711 	res_type = resource_scope;
3712 	prop_type = cmd->cmd_res_type;
3713 	if (res_type == RT_UNKNOWN || prop_type == PT_UNKNOWN) {
3714 		long_usage(CMD_CLEAR, B_TRUE);
3715 		return;
3716 	}
3717 
3718 	if (initialize(B_TRUE) != Z_OK)
3719 		return;
3720 
3721 	switch (res_type) {
3722 	case RT_FS:
3723 		if (prop_type == PT_RAW) {
3724 			in_progress_fstab.zone_fs_raw[0] = '\0';
3725 			need_to_commit = B_TRUE;
3726 			return;
3727 		}
3728 		break;
3729 	case RT_DCPU:
3730 		if (prop_type == PT_IMPORTANCE) {
3731 			in_progress_psettab.zone_importance[0] = '\0';
3732 			need_to_commit = B_TRUE;
3733 			return;
3734 		}
3735 		break;
3736 	case RT_MCAP:
3737 		switch (prop_type) {
3738 		case PT_PHYSICAL:
3739 			in_progress_mcaptab.zone_physmem_cap[0] = '\0';
3740 			need_to_commit = B_TRUE;
3741 			return;
3742 		case PT_SWAP:
3743 			remove_aliased_rctl(PT_SWAP, ALIAS_MAXSWAP);
3744 			return;
3745 		case PT_LOCKED:
3746 			remove_aliased_rctl(PT_LOCKED, ALIAS_MAXLOCKEDMEM);
3747 			return;
3748 		}
3749 		break;
3750 	case RT_SECFLAGS:
3751 		switch (prop_type) {
3752 		case PT_LOWER:
3753 			in_progress_secflagstab.zone_secflags_lower[0] = '\0';
3754 			need_to_commit = B_TRUE;
3755 			return;
3756 		case PT_DEFAULT:
3757 			in_progress_secflagstab.zone_secflags_default[0] = '\0';
3758 			need_to_commit = B_TRUE;
3759 			return;
3760 		case PT_UPPER:
3761 			in_progress_secflagstab.zone_secflags_upper[0] = '\0';
3762 			need_to_commit = B_TRUE;
3763 			return;
3764 		}
3765 		break;
3766 	default:
3767 		break;
3768 	}
3769 
3770 	zone_perror(pt_to_str(prop_type), Z_CLEAR_DISALLOW, B_TRUE);
3771 }
3772 
3773 static void
clear_global(cmd_t * cmd)3774 clear_global(cmd_t *cmd)
3775 {
3776 	int err, type;
3777 
3778 	if ((type = cmd->cmd_res_type) == RT_UNKNOWN) {
3779 		long_usage(CMD_CLEAR, B_TRUE);
3780 		return;
3781 	}
3782 
3783 	if (initialize(B_TRUE) != Z_OK)
3784 		return;
3785 
3786 	switch (type) {
3787 	case PT_ZONENAME:
3788 		/* FALLTHRU */
3789 	case PT_ZONEPATH:
3790 		/* FALLTHRU */
3791 	case PT_BRAND:
3792 		zone_perror(pt_to_str(type), Z_CLEAR_DISALLOW, B_TRUE);
3793 		return;
3794 	case PT_AUTOBOOT:
3795 		/* false is default; we'll treat as equivalent to clearing */
3796 		if ((err = zonecfg_set_autoboot(handle, B_FALSE)) != Z_OK)
3797 			z_cmd_rt_perror(CMD_CLEAR, RT_AUTOBOOT, err, B_TRUE);
3798 		else
3799 			need_to_commit = B_TRUE;
3800 		return;
3801 	case PT_POOL:
3802 		if ((err = zonecfg_set_pool(handle, NULL)) != Z_OK)
3803 			z_cmd_rt_perror(CMD_CLEAR, RT_POOL, err, B_TRUE);
3804 		else
3805 			need_to_commit = B_TRUE;
3806 		return;
3807 	case PT_LIMITPRIV:
3808 		if ((err = zonecfg_set_limitpriv(handle, NULL)) != Z_OK)
3809 			z_cmd_rt_perror(CMD_CLEAR, RT_LIMITPRIV, err, B_TRUE);
3810 		else
3811 			need_to_commit = B_TRUE;
3812 		return;
3813 	case PT_BOOTARGS:
3814 		if ((err = zonecfg_set_bootargs(handle, NULL)) != Z_OK)
3815 			z_cmd_rt_perror(CMD_CLEAR, RT_BOOTARGS, err, B_TRUE);
3816 		else
3817 			need_to_commit = B_TRUE;
3818 		return;
3819 	case PT_SCHED:
3820 		if ((err = zonecfg_set_sched(handle, NULL)) != Z_OK)
3821 			z_cmd_rt_perror(CMD_CLEAR, RT_SCHED, err, B_TRUE);
3822 		else
3823 			need_to_commit = B_TRUE;
3824 		return;
3825 	case PT_IPTYPE:
3826 		/* shared is default; we'll treat as equivalent to clearing */
3827 		if ((err = zonecfg_set_iptype(handle, ZS_SHARED)) != Z_OK)
3828 			z_cmd_rt_perror(CMD_CLEAR, RT_IPTYPE, err, B_TRUE);
3829 		else
3830 			need_to_commit = B_TRUE;
3831 		return;
3832 	case PT_MAXLWPS:
3833 		remove_aliased_rctl(PT_MAXLWPS, ALIAS_MAXLWPS);
3834 		return;
3835 	case PT_MAXPROCS:
3836 		remove_aliased_rctl(PT_MAXPROCS, ALIAS_MAXPROCS);
3837 		return;
3838 	case PT_MAXSHMMEM:
3839 		remove_aliased_rctl(PT_MAXSHMMEM, ALIAS_MAXSHMMEM);
3840 		return;
3841 	case PT_MAXSHMIDS:
3842 		remove_aliased_rctl(PT_MAXSHMIDS, ALIAS_MAXSHMIDS);
3843 		return;
3844 	case PT_MAXMSGIDS:
3845 		remove_aliased_rctl(PT_MAXMSGIDS, ALIAS_MAXMSGIDS);
3846 		return;
3847 	case PT_MAXSEMIDS:
3848 		remove_aliased_rctl(PT_MAXSEMIDS, ALIAS_MAXSEMIDS);
3849 		return;
3850 	case PT_SHARES:
3851 		remove_aliased_rctl(PT_SHARES, ALIAS_SHARES);
3852 		return;
3853 	case PT_HOSTID:
3854 		if ((err = zonecfg_set_hostid(handle, NULL)) != Z_OK)
3855 			z_cmd_rt_perror(CMD_CLEAR, RT_HOSTID, err, B_TRUE);
3856 		else
3857 			need_to_commit = B_TRUE;
3858 		return;
3859 	case PT_FS_ALLOWED:
3860 		if ((err = zonecfg_set_fs_allowed(handle, NULL)) != Z_OK)
3861 			z_cmd_rt_perror(CMD_CLEAR, RT_FS_ALLOWED, err, B_TRUE);
3862 		else
3863 			need_to_commit = B_TRUE;
3864 		return;
3865 	default:
3866 		zone_perror(pt_to_str(type), Z_NO_PROPERTY_TYPE, B_TRUE);
3867 		long_usage(CMD_CLEAR, B_TRUE);
3868 		usage(B_FALSE, HELP_PROPS);
3869 		return;
3870 	}
3871 }
3872 
3873 void
clear_func(cmd_t * cmd)3874 clear_func(cmd_t *cmd)
3875 {
3876 	if (zone_is_read_only(CMD_CLEAR))
3877 		return;
3878 
3879 	assert(cmd != NULL);
3880 
3881 	if (global_scope) {
3882 		if (gz_invalid_property(cmd->cmd_res_type)) {
3883 			zerr(gettext("%s is not a valid property for the "
3884 			    "global zone."), pt_to_str(cmd->cmd_res_type));
3885 			saw_error = B_TRUE;
3886 			return;
3887 		}
3888 
3889 		clear_global(cmd);
3890 	} else {
3891 		clear_property(cmd);
3892 	}
3893 }
3894 
3895 void
select_func(cmd_t * cmd)3896 select_func(cmd_t *cmd)
3897 {
3898 	int type, err, res;
3899 	uint64_t limit;
3900 	uint64_t tmp;
3901 
3902 	if (zone_is_read_only(CMD_SELECT))
3903 		return;
3904 
3905 	assert(cmd != NULL);
3906 
3907 	if (global_scope) {
3908 		global_scope = B_FALSE;
3909 		resource_scope = cmd->cmd_res_type;
3910 		end_op = CMD_SELECT;
3911 	} else {
3912 		scope_usage(CMD_SELECT);
3913 		return;
3914 	}
3915 
3916 	if ((type = cmd->cmd_res_type) == RT_UNKNOWN) {
3917 		long_usage(CMD_SELECT, B_TRUE);
3918 		return;
3919 	}
3920 
3921 	if (initialize(B_TRUE) != Z_OK)
3922 		return;
3923 
3924 	switch (type) {
3925 	case RT_FS:
3926 		if ((err = fill_in_fstab(cmd, &old_fstab, B_FALSE)) != Z_OK) {
3927 			z_cmd_rt_perror(CMD_SELECT, RT_FS, err, B_TRUE);
3928 			global_scope = B_TRUE;
3929 		}
3930 		bcopy(&old_fstab, &in_progress_fstab,
3931 		    sizeof (struct zone_fstab));
3932 		return;
3933 	case RT_NET:
3934 		if ((err = fill_in_nwiftab(cmd, &old_nwiftab, B_FALSE))
3935 		    != Z_OK) {
3936 			z_cmd_rt_perror(CMD_SELECT, RT_NET, err, B_TRUE);
3937 			global_scope = B_TRUE;
3938 		}
3939 		bcopy(&old_nwiftab, &in_progress_nwiftab,
3940 		    sizeof (struct zone_nwiftab));
3941 		return;
3942 	case RT_DEVICE:
3943 		if ((err = fill_in_devtab(cmd, &old_devtab, B_FALSE)) != Z_OK) {
3944 			z_cmd_rt_perror(CMD_SELECT, RT_DEVICE, err, B_TRUE);
3945 			global_scope = B_TRUE;
3946 		}
3947 		bcopy(&old_devtab, &in_progress_devtab,
3948 		    sizeof (struct zone_devtab));
3949 		return;
3950 	case RT_RCTL:
3951 		if ((err = fill_in_rctltab(cmd, &old_rctltab, B_FALSE))
3952 		    != Z_OK) {
3953 			z_cmd_rt_perror(CMD_SELECT, RT_RCTL, err, B_TRUE);
3954 			global_scope = B_TRUE;
3955 		}
3956 		bcopy(&old_rctltab, &in_progress_rctltab,
3957 		    sizeof (struct zone_rctltab));
3958 		return;
3959 	case RT_ATTR:
3960 		if ((err = fill_in_attrtab(cmd, &old_attrtab, B_FALSE))
3961 		    != Z_OK) {
3962 			z_cmd_rt_perror(CMD_SELECT, RT_ATTR, err, B_TRUE);
3963 			global_scope = B_TRUE;
3964 		}
3965 		bcopy(&old_attrtab, &in_progress_attrtab,
3966 		    sizeof (struct zone_attrtab));
3967 		return;
3968 	case RT_DATASET:
3969 		if ((err = fill_in_dstab(cmd, &old_dstab, B_FALSE)) != Z_OK) {
3970 			z_cmd_rt_perror(CMD_SELECT, RT_DATASET, err, B_TRUE);
3971 			global_scope = B_TRUE;
3972 		}
3973 		bcopy(&old_dstab, &in_progress_dstab,
3974 		    sizeof (struct zone_dstab));
3975 		return;
3976 	case RT_DCPU:
3977 		if ((err = zonecfg_lookup_pset(handle, &old_psettab)) != Z_OK) {
3978 			z_cmd_rt_perror(CMD_SELECT, RT_DCPU, err, B_TRUE);
3979 			global_scope = B_TRUE;
3980 		}
3981 		bcopy(&old_psettab, &in_progress_psettab,
3982 		    sizeof (struct zone_psettab));
3983 		return;
3984 	case RT_PCAP:
3985 		if ((err = zonecfg_get_aliased_rctl(handle, ALIAS_CPUCAP, &tmp))
3986 		    != Z_OK) {
3987 			z_cmd_rt_perror(CMD_SELECT, RT_PCAP, err, B_TRUE);
3988 			global_scope = B_TRUE;
3989 		}
3990 		return;
3991 	case RT_MCAP:
3992 		/* if none of these exist, there is no resource to select */
3993 		if ((res = zonecfg_lookup_mcap(handle, &old_mcaptab)) != Z_OK &&
3994 		    zonecfg_get_aliased_rctl(handle, ALIAS_MAXSWAP, &limit)
3995 		    != Z_OK &&
3996 		    zonecfg_get_aliased_rctl(handle, ALIAS_MAXLOCKEDMEM, &limit)
3997 		    != Z_OK) {
3998 			z_cmd_rt_perror(CMD_SELECT, RT_MCAP, Z_NO_RESOURCE_TYPE,
3999 			    B_TRUE);
4000 			global_scope = B_TRUE;
4001 		}
4002 		if (res == Z_OK)
4003 			bcopy(&old_mcaptab, &in_progress_mcaptab,
4004 			    sizeof (struct zone_mcaptab));
4005 		else
4006 			bzero(&in_progress_mcaptab,
4007 			    sizeof (in_progress_mcaptab));
4008 		return;
4009 	case RT_ADMIN:
4010 		if ((err = fill_in_admintab(cmd, &old_admintab, B_FALSE))
4011 		    != Z_OK) {
4012 			z_cmd_rt_perror(CMD_SELECT, RT_ADMIN, err,
4013 			    B_TRUE);
4014 			global_scope = B_TRUE;
4015 		}
4016 		bcopy(&old_admintab, &in_progress_admintab,
4017 		    sizeof (struct zone_admintab));
4018 		return;
4019 	case RT_SECFLAGS:
4020 		if ((err = fill_in_secflagstab(cmd, &old_secflagstab, B_FALSE))
4021 		    != Z_OK) {
4022 			z_cmd_rt_perror(CMD_SELECT, RT_SECFLAGS, err,
4023 			    B_TRUE);
4024 			global_scope = B_TRUE;
4025 		}
4026 		bcopy(&old_secflagstab, &in_progress_secflagstab,
4027 		    sizeof (struct zone_secflagstab));
4028 		return;
4029 	default:
4030 		zone_perror(rt_to_str(type), Z_NO_RESOURCE_TYPE, B_TRUE);
4031 		long_usage(CMD_SELECT, B_TRUE);
4032 		usage(B_FALSE, HELP_RESOURCES);
4033 		return;
4034 	}
4035 }
4036 
4037 /*
4038  * Network "addresses" can be one of the following forms:
4039  *	<IPv4 address>
4040  *	<IPv4 address>/<prefix length>
4041  *	<IPv6 address>/<prefix length>
4042  *	<host name>
4043  *	<host name>/<prefix length>
4044  * In other words, the "/" followed by a prefix length is allowed but not
4045  * required for IPv4 addresses and host names, and required for IPv6 addresses.
4046  * If a prefix length is given, it must be in the allowable range: 0 to 32 for
4047  * IPv4 addresses and host names, 0 to 128 for IPv6 addresses.
4048  * Host names must start with an alpha-numeric character, and all subsequent
4049  * characters must be either alpha-numeric or "-".
4050  *
4051  * In some cases, e.g., the nexthop for the defrouter, the context indicates
4052  * that this is the IPV4_ABITS or IPV6_ABITS netmask, in which case we don't
4053  * require the /<prefix length> (and should ignore it if provided).
4054  */
4055 
4056 static int
validate_net_address_syntax(char * address,boolean_t ishost)4057 validate_net_address_syntax(char *address, boolean_t ishost)
4058 {
4059 	char *slashp, part1[MAXHOSTNAMELEN];
4060 	struct in6_addr in6;
4061 	struct in_addr in4;
4062 	int prefixlen, i;
4063 
4064 	/*
4065 	 * Copy the part before any '/' into part1 or copy the whole
4066 	 * thing if there is no '/'.
4067 	 */
4068 	if ((slashp = strchr(address, '/')) != NULL) {
4069 		*slashp = '\0';
4070 		(void) strlcpy(part1, address, sizeof (part1));
4071 		*slashp = '/';
4072 		prefixlen = atoi(++slashp);
4073 	} else {
4074 		(void) strlcpy(part1, address, sizeof (part1));
4075 	}
4076 
4077 	if (ishost && slashp != NULL) {
4078 		zerr(gettext("Warning: prefix length in %s is not required and "
4079 		    "will be ignored. The default host-prefix length "
4080 		    "will be used"), address);
4081 	}
4082 
4083 
4084 	if (inet_pton(AF_INET6, part1, &in6) == 1) {
4085 		if (ishost) {
4086 			prefixlen = IPV6_ABITS;
4087 		} else if (slashp == NULL) {
4088 			zerr(gettext("%s: IPv6 addresses "
4089 			    "require /prefix-length suffix."), address);
4090 			return (Z_ERR);
4091 		}
4092 		if (prefixlen < 0 || prefixlen > 128) {
4093 			zerr(gettext("%s: IPv6 address "
4094 			    "prefix lengths must be 0 - 128."), address);
4095 			return (Z_ERR);
4096 		}
4097 		return (Z_OK);
4098 	}
4099 
4100 	/* At this point, any /prefix must be for IPv4. */
4101 	if (ishost)
4102 		prefixlen = IPV4_ABITS;
4103 	else if (slashp != NULL) {
4104 		if (prefixlen < 0 || prefixlen > 32) {
4105 			zerr(gettext("%s: IPv4 address "
4106 			    "prefix lengths must be 0 - 32."), address);
4107 			return (Z_ERR);
4108 		}
4109 	}
4110 
4111 	if (inet_pton(AF_INET, part1, &in4) == 1)
4112 		return (Z_OK);
4113 
4114 	/* address may also be a host name */
4115 	if (!isalnum(part1[0])) {
4116 		zerr(gettext("%s: bogus host name or network address syntax"),
4117 		    part1);
4118 		saw_error = B_TRUE;
4119 		usage(B_FALSE, HELP_NETADDR);
4120 		return (Z_ERR);
4121 	}
4122 	for (i = 1; part1[i]; i++)
4123 		if (!isalnum(part1[i]) && part1[i] != '-' && part1[i] != '.') {
4124 			zerr(gettext("%s: bogus host name or "
4125 			    "network address syntax"), part1);
4126 			saw_error = B_TRUE;
4127 			usage(B_FALSE, HELP_NETADDR);
4128 			return (Z_ERR);
4129 		}
4130 	return (Z_OK);
4131 }
4132 
4133 static int
validate_net_physical_syntax(const char * ifname)4134 validate_net_physical_syntax(const char *ifname)
4135 {
4136 	ifspec_t ifnameprop;
4137 	zone_iptype_t iptype;
4138 
4139 	if (zonecfg_get_iptype(handle, &iptype) != Z_OK) {
4140 		zerr(gettext("zone configuration has an invalid or nonexistent "
4141 		    "ip-type property"));
4142 		return (Z_ERR);
4143 	}
4144 	switch (iptype) {
4145 	case ZS_SHARED:
4146 		if (ifparse_ifspec(ifname, &ifnameprop) == B_FALSE) {
4147 			zerr(gettext("%s: invalid physical interface name"),
4148 			    ifname);
4149 			return (Z_ERR);
4150 		}
4151 		if (ifnameprop.ifsp_lunvalid) {
4152 			zerr(gettext("%s: LUNs not allowed in physical "
4153 			    "interface names"), ifname);
4154 			return (Z_ERR);
4155 		}
4156 		break;
4157 	case ZS_EXCLUSIVE:
4158 		if (dladm_valid_linkname(ifname) == B_FALSE) {
4159 			if (strchr(ifname, ':') != NULL)
4160 				zerr(gettext("%s: physical interface name "
4161 				    "required; logical interface name not "
4162 				    "allowed"), ifname);
4163 			else
4164 				zerr(gettext("%s: invalid physical interface "
4165 				    "name"), ifname);
4166 			return (Z_ERR);
4167 		}
4168 		break;
4169 	}
4170 	return (Z_OK);
4171 }
4172 
4173 static boolean_t
valid_fs_type(const char * type)4174 valid_fs_type(const char *type)
4175 {
4176 	/*
4177 	 * Is this a valid path component?
4178 	 */
4179 	if (strlen(type) + 1 > MAXNAMELEN)
4180 		return (B_FALSE);
4181 	/*
4182 	 * Make sure a bad value for "type" doesn't make
4183 	 * /usr/lib/fs/<type>/mount turn into something else.
4184 	 */
4185 	if (strchr(type, '/') != NULL || type[0] == '\0' ||
4186 	    strcmp(type, ".") == 0 || strcmp(type, "..") == 0)
4187 		return (B_FALSE);
4188 	/*
4189 	 * More detailed verification happens later by zoneadm(8).
4190 	 */
4191 	return (B_TRUE);
4192 }
4193 
4194 static boolean_t
allow_exclusive()4195 allow_exclusive()
4196 {
4197 	brand_handle_t	bh;
4198 	char		brand[MAXNAMELEN];
4199 	boolean_t	ret;
4200 
4201 	if (zonecfg_get_brand(handle, brand, sizeof (brand)) != Z_OK) {
4202 		zerr("%s: %s\n", zone, gettext("could not get zone brand"));
4203 		return (B_FALSE);
4204 	}
4205 	if ((bh = brand_open(brand)) == NULL) {
4206 		zerr("%s: %s\n", zone, gettext("unknown brand."));
4207 		return (B_FALSE);
4208 	}
4209 	ret = brand_allow_exclusive_ip(bh);
4210 	brand_close(bh);
4211 	if (!ret)
4212 		zerr(gettext("%s cannot be '%s' when %s is '%s'."),
4213 		    pt_to_str(PT_IPTYPE), "exclusive",
4214 		    pt_to_str(PT_BRAND), brand);
4215 	return (ret);
4216 }
4217 
4218 static void
set_aliased_rctl(char * alias,int prop_type,char * s)4219 set_aliased_rctl(char *alias, int prop_type, char *s)
4220 {
4221 	uint64_t limit;
4222 	int err;
4223 	char tmp[128];
4224 
4225 	if (global_zone && strcmp(alias, ALIAS_SHARES) != 0)
4226 		zerr(gettext("WARNING: Setting a global zone resource "
4227 		    "control too low could deny\nservice "
4228 		    "to even the root user; "
4229 		    "this could render the system impossible\n"
4230 		    "to administer.  Please use caution."));
4231 
4232 	/* convert memory based properties */
4233 	if (prop_type == PT_MAXSHMMEM) {
4234 		if (!zonecfg_valid_memlimit(s, &limit)) {
4235 			zerr(gettext("A non-negative number with a required "
4236 			    "scale suffix (K, M, G or T) was expected\nhere."));
4237 			saw_error = B_TRUE;
4238 			return;
4239 		}
4240 
4241 		(void) snprintf(tmp, sizeof (tmp), "%llu", limit);
4242 		s = tmp;
4243 	}
4244 
4245 	if (!zonecfg_aliased_rctl_ok(handle, alias)) {
4246 		zone_perror(pt_to_str(prop_type), Z_ALIAS_DISALLOW, B_FALSE);
4247 		saw_error = B_TRUE;
4248 	} else if (!zonecfg_valid_alias_limit(alias, s, &limit)) {
4249 		zerr(gettext("%s property is out of range."),
4250 		    pt_to_str(prop_type));
4251 		saw_error = B_TRUE;
4252 	} else if ((err = zonecfg_set_aliased_rctl(handle, alias, limit))
4253 	    != Z_OK) {
4254 		zone_perror(zone, err, B_TRUE);
4255 		saw_error = B_TRUE;
4256 	} else {
4257 		need_to_commit = B_TRUE;
4258 	}
4259 }
4260 
4261 static void
set_in_progress_nwiftab_address(char * prop_id,int prop_type)4262 set_in_progress_nwiftab_address(char *prop_id, int prop_type)
4263 {
4264 	if (prop_type == PT_ADDRESS) {
4265 		(void) strlcpy(in_progress_nwiftab.zone_nwif_address, prop_id,
4266 		    sizeof (in_progress_nwiftab.zone_nwif_address));
4267 	} else {
4268 		assert(prop_type == PT_ALLOWED_ADDRESS);
4269 		(void) strlcpy(in_progress_nwiftab.zone_nwif_allowed_address,
4270 		    prop_id,
4271 		    sizeof (in_progress_nwiftab.zone_nwif_allowed_address));
4272 	}
4273 }
4274 
4275 void
set_func(cmd_t * cmd)4276 set_func(cmd_t *cmd)
4277 {
4278 	char *prop_id;
4279 	int arg, err, res_type, prop_type;
4280 	property_value_ptr_t pp;
4281 	boolean_t autoboot;
4282 	zone_iptype_t iptype;
4283 	boolean_t force_set = B_FALSE;
4284 	size_t physmem_size = sizeof (in_progress_mcaptab.zone_physmem_cap);
4285 	uint64_t mem_cap, mem_limit;
4286 	float cap;
4287 	char *unitp;
4288 	struct zone_psettab tmp_psettab;
4289 	boolean_t arg_err = B_FALSE;
4290 
4291 	if (zone_is_read_only(CMD_SET))
4292 		return;
4293 
4294 	assert(cmd != NULL);
4295 
4296 	optind = opterr = 0;
4297 	while ((arg = getopt(cmd->cmd_argc, cmd->cmd_argv, "F")) != EOF) {
4298 		switch (arg) {
4299 		case 'F':
4300 			force_set = B_TRUE;
4301 			break;
4302 		default:
4303 			if (optopt == '?')
4304 				longer_usage(CMD_SET);
4305 			else
4306 				short_usage(CMD_SET);
4307 			arg_err = B_TRUE;
4308 			break;
4309 		}
4310 	}
4311 	if (arg_err)
4312 		return;
4313 
4314 	prop_type = cmd->cmd_prop_name[0];
4315 	if (global_scope) {
4316 		if (gz_invalid_property(prop_type)) {
4317 			zerr(gettext("%s is not a valid property for the "
4318 			    "global zone."), pt_to_str(prop_type));
4319 			saw_error = B_TRUE;
4320 			return;
4321 		}
4322 
4323 		if (prop_type == PT_ZONENAME) {
4324 			res_type = RT_ZONENAME;
4325 		} else if (prop_type == PT_ZONEPATH) {
4326 			res_type = RT_ZONEPATH;
4327 		} else if (prop_type == PT_AUTOBOOT) {
4328 			res_type = RT_AUTOBOOT;
4329 		} else if (prop_type == PT_BRAND) {
4330 			res_type = RT_BRAND;
4331 		} else if (prop_type == PT_POOL) {
4332 			res_type = RT_POOL;
4333 		} else if (prop_type == PT_LIMITPRIV) {
4334 			res_type = RT_LIMITPRIV;
4335 		} else if (prop_type == PT_BOOTARGS) {
4336 			res_type = RT_BOOTARGS;
4337 		} else if (prop_type == PT_SCHED) {
4338 			res_type = RT_SCHED;
4339 		} else if (prop_type == PT_IPTYPE) {
4340 			res_type = RT_IPTYPE;
4341 		} else if (prop_type == PT_MAXLWPS) {
4342 			res_type = RT_MAXLWPS;
4343 		} else if (prop_type == PT_MAXPROCS) {
4344 			res_type = RT_MAXPROCS;
4345 		} else if (prop_type == PT_MAXSHMMEM) {
4346 			res_type = RT_MAXSHMMEM;
4347 		} else if (prop_type == PT_MAXSHMIDS) {
4348 			res_type = RT_MAXSHMIDS;
4349 		} else if (prop_type == PT_MAXMSGIDS) {
4350 			res_type = RT_MAXMSGIDS;
4351 		} else if (prop_type == PT_MAXSEMIDS) {
4352 			res_type = RT_MAXSEMIDS;
4353 		} else if (prop_type == PT_SHARES) {
4354 			res_type = RT_SHARES;
4355 		} else if (prop_type == PT_HOSTID) {
4356 			res_type = RT_HOSTID;
4357 		} else if (prop_type == PT_FS_ALLOWED) {
4358 			res_type = RT_FS_ALLOWED;
4359 		} else {
4360 			zerr(gettext("Cannot set a resource-specific property "
4361 			    "from the global scope."));
4362 			saw_error = B_TRUE;
4363 			return;
4364 		}
4365 	} else {
4366 		res_type = resource_scope;
4367 	}
4368 
4369 	if (force_set) {
4370 		if (res_type != RT_ZONEPATH) {
4371 			zerr(gettext("Only zonepath setting can be forced."));
4372 			saw_error = B_TRUE;
4373 			return;
4374 		}
4375 		if (!zonecfg_in_alt_root()) {
4376 			zerr(gettext("Zonepath is changeable only in an "
4377 			    "alternate root."));
4378 			saw_error = B_TRUE;
4379 			return;
4380 		}
4381 	}
4382 
4383 	pp = cmd->cmd_property_ptr[0];
4384 	/*
4385 	 * A nasty expression but not that complicated:
4386 	 * 1. fs options are simple or list (tested below)
4387 	 * 2. rctl value's are complex or list (tested below)
4388 	 * Anything else should be simple.
4389 	 */
4390 	if (!(res_type == RT_FS && prop_type == PT_OPTIONS) &&
4391 	    !(res_type == RT_RCTL && prop_type == PT_VALUE) &&
4392 	    (pp->pv_type != PROP_VAL_SIMPLE ||
4393 	    (prop_id = pp->pv_simple) == NULL)) {
4394 		zerr(gettext("A %s value was expected here."),
4395 		    pvt_to_str(PROP_VAL_SIMPLE));
4396 		saw_error = B_TRUE;
4397 		return;
4398 	}
4399 	if (prop_type == PT_UNKNOWN) {
4400 		long_usage(CMD_SET, B_TRUE);
4401 		return;
4402 	}
4403 
4404 	/*
4405 	 * Special case: the user can change the zone name prior to 'create';
4406 	 * if the zone already exists, we fall through letting initialize()
4407 	 * and the rest of the logic run.
4408 	 */
4409 	if (res_type == RT_ZONENAME && got_handle == B_FALSE &&
4410 	    !state_atleast(ZONE_STATE_CONFIGURED)) {
4411 		if ((err = zonecfg_validate_zonename(prop_id)) != Z_OK) {
4412 			zone_perror(prop_id, err, B_TRUE);
4413 			usage(B_FALSE, HELP_SYNTAX);
4414 			return;
4415 		}
4416 		(void) strlcpy(zone, prop_id, sizeof (zone));
4417 		return;
4418 	}
4419 
4420 	if (initialize(B_TRUE) != Z_OK)
4421 		return;
4422 
4423 	switch (res_type) {
4424 	case RT_ZONENAME:
4425 		if ((err = zonecfg_set_name(handle, prop_id)) != Z_OK) {
4426 			/*
4427 			 * Use prop_id instead of 'zone' here, since we're
4428 			 * reporting a problem about the *new* zonename.
4429 			 */
4430 			zone_perror(prop_id, err, B_TRUE);
4431 			usage(B_FALSE, HELP_SYNTAX);
4432 		} else {
4433 			need_to_commit = B_TRUE;
4434 			(void) strlcpy(zone, prop_id, sizeof (zone));
4435 		}
4436 		return;
4437 	case RT_ZONEPATH:
4438 		if (!force_set && state_atleast(ZONE_STATE_INSTALLED)) {
4439 			zerr(gettext("Zone %s already installed; %s %s not "
4440 			    "allowed."), zone, cmd_to_str(CMD_SET),
4441 			    rt_to_str(RT_ZONEPATH));
4442 			return;
4443 		}
4444 		if (validate_zonepath_syntax(prop_id) != Z_OK) {
4445 			saw_error = B_TRUE;
4446 			return;
4447 		}
4448 		if ((err = zonecfg_set_zonepath(handle, prop_id)) != Z_OK)
4449 			zone_perror(zone, err, B_TRUE);
4450 		else
4451 			need_to_commit = B_TRUE;
4452 		return;
4453 	case RT_BRAND:
4454 		if (state_atleast(ZONE_STATE_INSTALLED)) {
4455 			zerr(gettext("Zone %s already installed; %s %s not "
4456 			    "allowed."), zone, cmd_to_str(CMD_SET),
4457 			    rt_to_str(RT_BRAND));
4458 			return;
4459 		}
4460 		if ((err = zonecfg_set_brand(handle, prop_id)) != Z_OK)
4461 			zone_perror(zone, err, B_TRUE);
4462 		else
4463 			need_to_commit = B_TRUE;
4464 		return;
4465 	case RT_AUTOBOOT:
4466 		if (strcmp(prop_id, "true") == 0) {
4467 			autoboot = B_TRUE;
4468 		} else if (strcmp(prop_id, "false") == 0) {
4469 			autoboot = B_FALSE;
4470 		} else {
4471 			zerr(gettext("%s value must be '%s' or '%s'."),
4472 			    pt_to_str(PT_AUTOBOOT), "true", "false");
4473 			saw_error = B_TRUE;
4474 			return;
4475 		}
4476 		if ((err = zonecfg_set_autoboot(handle, autoboot)) != Z_OK)
4477 			zone_perror(zone, err, B_TRUE);
4478 		else
4479 			need_to_commit = B_TRUE;
4480 		return;
4481 	case RT_POOL:
4482 		/* don't allow use of the reserved temporary pool names */
4483 		if (strncmp("SUNW", prop_id, 4) == 0) {
4484 			zerr(gettext("pool names starting with SUNW are "
4485 			    "reserved."));
4486 			saw_error = B_TRUE;
4487 			return;
4488 		}
4489 
4490 		/* can't set pool if dedicated-cpu exists */
4491 		if (zonecfg_lookup_pset(handle, &tmp_psettab) == Z_OK) {
4492 			zerr(gettext("The %s resource already exists.  "
4493 			    "A persistent pool is incompatible\nwith the %s "
4494 			    "resource."), rt_to_str(RT_DCPU),
4495 			    rt_to_str(RT_DCPU));
4496 			saw_error = B_TRUE;
4497 			return;
4498 		}
4499 
4500 		if ((err = zonecfg_set_pool(handle, prop_id)) != Z_OK)
4501 			zone_perror(zone, err, B_TRUE);
4502 		else
4503 			need_to_commit = B_TRUE;
4504 		return;
4505 	case RT_LIMITPRIV:
4506 		if ((err = zonecfg_set_limitpriv(handle, prop_id)) != Z_OK)
4507 			zone_perror(zone, err, B_TRUE);
4508 		else
4509 			need_to_commit = B_TRUE;
4510 		return;
4511 	case RT_BOOTARGS:
4512 		if ((err = zonecfg_set_bootargs(handle, prop_id)) != Z_OK)
4513 			zone_perror(zone, err, B_TRUE);
4514 		else
4515 			need_to_commit = B_TRUE;
4516 		return;
4517 	case RT_SCHED:
4518 		if ((err = zonecfg_set_sched(handle, prop_id)) != Z_OK)
4519 			zone_perror(zone, err, B_TRUE);
4520 		else
4521 			need_to_commit = B_TRUE;
4522 		return;
4523 	case RT_IPTYPE:
4524 		if (strcmp(prop_id, "shared") == 0) {
4525 			iptype = ZS_SHARED;
4526 		} else if (strcmp(prop_id, "exclusive") == 0) {
4527 			iptype = ZS_EXCLUSIVE;
4528 		} else {
4529 			zerr(gettext("%s value must be '%s' or '%s'."),
4530 			    pt_to_str(PT_IPTYPE), "shared", "exclusive");
4531 			saw_error = B_TRUE;
4532 			return;
4533 		}
4534 		if (iptype == ZS_EXCLUSIVE && !allow_exclusive()) {
4535 			saw_error = B_TRUE;
4536 			return;
4537 		}
4538 		if ((err = zonecfg_set_iptype(handle, iptype)) != Z_OK)
4539 			zone_perror(zone, err, B_TRUE);
4540 		else
4541 			need_to_commit = B_TRUE;
4542 		return;
4543 	case RT_MAXLWPS:
4544 		set_aliased_rctl(ALIAS_MAXLWPS, prop_type, prop_id);
4545 		return;
4546 	case RT_MAXPROCS:
4547 		set_aliased_rctl(ALIAS_MAXPROCS, prop_type, prop_id);
4548 		return;
4549 	case RT_MAXSHMMEM:
4550 		set_aliased_rctl(ALIAS_MAXSHMMEM, prop_type, prop_id);
4551 		return;
4552 	case RT_MAXSHMIDS:
4553 		set_aliased_rctl(ALIAS_MAXSHMIDS, prop_type, prop_id);
4554 		return;
4555 	case RT_MAXMSGIDS:
4556 		set_aliased_rctl(ALIAS_MAXMSGIDS, prop_type, prop_id);
4557 		return;
4558 	case RT_MAXSEMIDS:
4559 		set_aliased_rctl(ALIAS_MAXSEMIDS, prop_type, prop_id);
4560 		return;
4561 	case RT_SHARES:
4562 		set_aliased_rctl(ALIAS_SHARES, prop_type, prop_id);
4563 		return;
4564 	case RT_HOSTID:
4565 		if ((err = zonecfg_set_hostid(handle, prop_id)) != Z_OK) {
4566 			if (err == Z_TOO_BIG) {
4567 				zerr(gettext("hostid string is too large: %s"),
4568 				    prop_id);
4569 				saw_error = B_TRUE;
4570 			} else {
4571 				zone_perror(pt_to_str(prop_type), err, B_TRUE);
4572 			}
4573 			return;
4574 		}
4575 		need_to_commit = B_TRUE;
4576 		return;
4577 	case RT_FS_ALLOWED:
4578 		if ((err = zonecfg_set_fs_allowed(handle, prop_id)) != Z_OK)
4579 			zone_perror(zone, err, B_TRUE);
4580 		else
4581 			need_to_commit = B_TRUE;
4582 		return;
4583 	case RT_FS:
4584 		switch (prop_type) {
4585 		case PT_DIR:
4586 			(void) strlcpy(in_progress_fstab.zone_fs_dir, prop_id,
4587 			    sizeof (in_progress_fstab.zone_fs_dir));
4588 			return;
4589 		case PT_SPECIAL:
4590 			(void) strlcpy(in_progress_fstab.zone_fs_special,
4591 			    prop_id,
4592 			    sizeof (in_progress_fstab.zone_fs_special));
4593 			return;
4594 		case PT_RAW:
4595 			(void) strlcpy(in_progress_fstab.zone_fs_raw,
4596 			    prop_id, sizeof (in_progress_fstab.zone_fs_raw));
4597 			return;
4598 		case PT_TYPE:
4599 			if (!valid_fs_type(prop_id)) {
4600 				zerr(gettext("\"%s\" is not a valid %s."),
4601 				    prop_id, pt_to_str(PT_TYPE));
4602 				saw_error = B_TRUE;
4603 				return;
4604 			}
4605 			(void) strlcpy(in_progress_fstab.zone_fs_type, prop_id,
4606 			    sizeof (in_progress_fstab.zone_fs_type));
4607 			return;
4608 		case PT_OPTIONS:
4609 			if (pp->pv_type != PROP_VAL_SIMPLE &&
4610 			    pp->pv_type != PROP_VAL_LIST) {
4611 				zerr(gettext("A %s or %s value was expected "
4612 				    "here."), pvt_to_str(PROP_VAL_SIMPLE),
4613 				    pvt_to_str(PROP_VAL_LIST));
4614 				saw_error = B_TRUE;
4615 				return;
4616 			}
4617 			zonecfg_free_fs_option_list(
4618 			    in_progress_fstab.zone_fs_options);
4619 			in_progress_fstab.zone_fs_options = NULL;
4620 			if (!(pp->pv_type == PROP_VAL_LIST &&
4621 			    pp->pv_list == NULL))
4622 				add_property(cmd);
4623 			return;
4624 		default:
4625 			break;
4626 		}
4627 		zone_perror(pt_to_str(prop_type), Z_NO_PROPERTY_TYPE, B_TRUE);
4628 		long_usage(CMD_SET, B_TRUE);
4629 		usage(B_FALSE, HELP_PROPS);
4630 		return;
4631 	case RT_NET:
4632 		switch (prop_type) {
4633 		case PT_ADDRESS:
4634 		case PT_ALLOWED_ADDRESS:
4635 			if (validate_net_address_syntax(prop_id, B_FALSE)
4636 			    != Z_OK) {
4637 				saw_error = B_TRUE;
4638 				return;
4639 			}
4640 			set_in_progress_nwiftab_address(prop_id, prop_type);
4641 			break;
4642 		case PT_PHYSICAL:
4643 			if (validate_net_physical_syntax(prop_id) != Z_OK) {
4644 				saw_error = B_TRUE;
4645 				return;
4646 			}
4647 			(void) strlcpy(in_progress_nwiftab.zone_nwif_physical,
4648 			    prop_id,
4649 			    sizeof (in_progress_nwiftab.zone_nwif_physical));
4650 			break;
4651 		case PT_DEFROUTER:
4652 			if (validate_net_address_syntax(prop_id, B_TRUE)
4653 			    != Z_OK) {
4654 				saw_error = B_TRUE;
4655 				return;
4656 			}
4657 			(void) strlcpy(in_progress_nwiftab.zone_nwif_defrouter,
4658 			    prop_id,
4659 			    sizeof (in_progress_nwiftab.zone_nwif_defrouter));
4660 			break;
4661 		default:
4662 			zone_perror(pt_to_str(prop_type), Z_NO_PROPERTY_TYPE,
4663 			    B_TRUE);
4664 			long_usage(CMD_SET, B_TRUE);
4665 			usage(B_FALSE, HELP_PROPS);
4666 			return;
4667 		}
4668 		return;
4669 	case RT_DEVICE:
4670 		switch (prop_type) {
4671 		case PT_MATCH:
4672 			(void) strlcpy(in_progress_devtab.zone_dev_match,
4673 			    prop_id,
4674 			    sizeof (in_progress_devtab.zone_dev_match));
4675 			break;
4676 		default:
4677 			zone_perror(pt_to_str(prop_type), Z_NO_PROPERTY_TYPE,
4678 			    B_TRUE);
4679 			long_usage(CMD_SET, B_TRUE);
4680 			usage(B_FALSE, HELP_PROPS);
4681 			return;
4682 		}
4683 		return;
4684 	case RT_RCTL:
4685 		switch (prop_type) {
4686 		case PT_NAME:
4687 			if (!zonecfg_valid_rctlname(prop_id)) {
4688 				zerr(gettext("'%s' is not a valid zone %s "
4689 				    "name."), prop_id, rt_to_str(RT_RCTL));
4690 				return;
4691 			}
4692 			(void) strlcpy(in_progress_rctltab.zone_rctl_name,
4693 			    prop_id,
4694 			    sizeof (in_progress_rctltab.zone_rctl_name));
4695 			break;
4696 		case PT_VALUE:
4697 			if (pp->pv_type != PROP_VAL_COMPLEX &&
4698 			    pp->pv_type != PROP_VAL_LIST) {
4699 				zerr(gettext("A %s or %s value was expected "
4700 				    "here."), pvt_to_str(PROP_VAL_COMPLEX),
4701 				    pvt_to_str(PROP_VAL_LIST));
4702 				saw_error = B_TRUE;
4703 				return;
4704 			}
4705 			zonecfg_free_rctl_value_list(
4706 			    in_progress_rctltab.zone_rctl_valptr);
4707 			in_progress_rctltab.zone_rctl_valptr = NULL;
4708 			if (!(pp->pv_type == PROP_VAL_LIST &&
4709 			    pp->pv_list == NULL))
4710 				add_property(cmd);
4711 			break;
4712 		default:
4713 			zone_perror(pt_to_str(prop_type), Z_NO_PROPERTY_TYPE,
4714 			    B_TRUE);
4715 			long_usage(CMD_SET, B_TRUE);
4716 			usage(B_FALSE, HELP_PROPS);
4717 			return;
4718 		}
4719 		return;
4720 	case RT_ATTR:
4721 		switch (prop_type) {
4722 		case PT_NAME:
4723 			(void) strlcpy(in_progress_attrtab.zone_attr_name,
4724 			    prop_id,
4725 			    sizeof (in_progress_attrtab.zone_attr_name));
4726 			break;
4727 		case PT_TYPE:
4728 			(void) strlcpy(in_progress_attrtab.zone_attr_type,
4729 			    prop_id,
4730 			    sizeof (in_progress_attrtab.zone_attr_type));
4731 			break;
4732 		case PT_VALUE:
4733 			(void) strlcpy(in_progress_attrtab.zone_attr_value,
4734 			    prop_id,
4735 			    sizeof (in_progress_attrtab.zone_attr_value));
4736 			break;
4737 		default:
4738 			zone_perror(pt_to_str(prop_type), Z_NO_PROPERTY_TYPE,
4739 			    B_TRUE);
4740 			long_usage(CMD_SET, B_TRUE);
4741 			usage(B_FALSE, HELP_PROPS);
4742 			return;
4743 		}
4744 		return;
4745 	case RT_DATASET:
4746 		switch (prop_type) {
4747 		case PT_NAME:
4748 			(void) strlcpy(in_progress_dstab.zone_dataset_name,
4749 			    prop_id,
4750 			    sizeof (in_progress_dstab.zone_dataset_name));
4751 			return;
4752 		default:
4753 			break;
4754 		}
4755 		zone_perror(pt_to_str(prop_type), Z_NO_PROPERTY_TYPE, B_TRUE);
4756 		long_usage(CMD_SET, B_TRUE);
4757 		usage(B_FALSE, HELP_PROPS);
4758 		return;
4759 	case RT_DCPU:
4760 		switch (prop_type) {
4761 		char *lowp, *highp;
4762 
4763 		case PT_NCPUS:
4764 			lowp = prop_id;
4765 			if ((highp = strchr(prop_id, '-')) != NULL)
4766 				*highp++ = '\0';
4767 			else
4768 				highp = lowp;
4769 
4770 			/* Make sure the input makes sense. */
4771 			if (!zonecfg_valid_ncpus(lowp, highp)) {
4772 				zerr(gettext("%s property is out of range."),
4773 				    pt_to_str(PT_NCPUS));
4774 				saw_error = B_TRUE;
4775 				return;
4776 			}
4777 
4778 			(void) strlcpy(
4779 			    in_progress_psettab.zone_ncpu_min, lowp,
4780 			    sizeof (in_progress_psettab.zone_ncpu_min));
4781 			(void) strlcpy(
4782 			    in_progress_psettab.zone_ncpu_max, highp,
4783 			    sizeof (in_progress_psettab.zone_ncpu_max));
4784 			return;
4785 		case PT_IMPORTANCE:
4786 			/* Make sure the value makes sense. */
4787 			if (!zonecfg_valid_importance(prop_id)) {
4788 				zerr(gettext("%s property is out of range."),
4789 				    pt_to_str(PT_IMPORTANCE));
4790 				saw_error = B_TRUE;
4791 				return;
4792 			}
4793 
4794 			(void) strlcpy(in_progress_psettab.zone_importance,
4795 			    prop_id,
4796 			    sizeof (in_progress_psettab.zone_importance));
4797 			return;
4798 		default:
4799 			break;
4800 		}
4801 		zone_perror(pt_to_str(prop_type), Z_NO_PROPERTY_TYPE, B_TRUE);
4802 		long_usage(CMD_SET, B_TRUE);
4803 		usage(B_FALSE, HELP_PROPS);
4804 		return;
4805 	case RT_PCAP:
4806 		if (prop_type != PT_NCPUS) {
4807 			zone_perror(pt_to_str(prop_type), Z_NO_PROPERTY_TYPE,
4808 			    B_TRUE);
4809 			long_usage(CMD_SET, B_TRUE);
4810 			usage(B_FALSE, HELP_PROPS);
4811 			return;
4812 		}
4813 
4814 		/*
4815 		 * We already checked that an rctl alias is allowed in
4816 		 * the add_resource() function.
4817 		 */
4818 
4819 		if ((cap = strtof(prop_id, &unitp)) <= 0 || *unitp != '\0' ||
4820 		    (int)(cap * 100) < 1) {
4821 			zerr(gettext("%s property is out of range."),
4822 			    pt_to_str(PT_NCPUS));
4823 			saw_error = B_TRUE;
4824 			return;
4825 		}
4826 
4827 		if ((err = zonecfg_set_aliased_rctl(handle, ALIAS_CPUCAP,
4828 		    (int)(cap * 100))) != Z_OK)
4829 			zone_perror(zone, err, B_TRUE);
4830 		else
4831 			need_to_commit = B_TRUE;
4832 		return;
4833 	case RT_MCAP:
4834 		switch (prop_type) {
4835 		case PT_PHYSICAL:
4836 			if (!zonecfg_valid_memlimit(prop_id, &mem_cap)) {
4837 				zerr(gettext("A positive number with a "
4838 				    "required scale suffix (K, M, G or T) was "
4839 				    "expected here."));
4840 				saw_error = B_TRUE;
4841 			} else if (mem_cap < ONE_MB) {
4842 				zerr(gettext("%s value is too small.  It must "
4843 				    "be at least 1M."), pt_to_str(PT_PHYSICAL));
4844 				saw_error = B_TRUE;
4845 			} else {
4846 				snprintf(in_progress_mcaptab.zone_physmem_cap,
4847 				    physmem_size, "%llu", mem_cap);
4848 			}
4849 			break;
4850 		case PT_SWAP:
4851 			/*
4852 			 * We have to check if an rctl is allowed here since
4853 			 * there might already be a rctl defined that blocks
4854 			 * the alias.
4855 			 */
4856 			if (!zonecfg_aliased_rctl_ok(handle, ALIAS_MAXSWAP)) {
4857 				zone_perror(pt_to_str(PT_MAXSWAP),
4858 				    Z_ALIAS_DISALLOW, B_FALSE);
4859 				saw_error = B_TRUE;
4860 				return;
4861 			}
4862 
4863 			if (global_zone)
4864 				mem_limit = ONE_MB * 100;
4865 			else
4866 				mem_limit = ONE_MB * 50;
4867 
4868 			if (!zonecfg_valid_memlimit(prop_id, &mem_cap)) {
4869 				zerr(gettext("A positive number with a "
4870 				    "required scale suffix (K, M, G or T) was "
4871 				    "expected here."));
4872 				saw_error = B_TRUE;
4873 			} else if (mem_cap < mem_limit) {
4874 				char buf[128];
4875 
4876 				(void) snprintf(buf, sizeof (buf), "%llu",
4877 				    mem_limit);
4878 				bytes_to_units(buf, buf, sizeof (buf));
4879 				zerr(gettext("%s value is too small.  It must "
4880 				    "be at least %s."), pt_to_str(PT_SWAP),
4881 				    buf);
4882 				saw_error = B_TRUE;
4883 			} else {
4884 				if ((err = zonecfg_set_aliased_rctl(handle,
4885 				    ALIAS_MAXSWAP, mem_cap)) != Z_OK)
4886 					zone_perror(zone, err, B_TRUE);
4887 				else
4888 					need_to_commit = B_TRUE;
4889 			}
4890 			break;
4891 		case PT_LOCKED:
4892 			/*
4893 			 * We have to check if an rctl is allowed here since
4894 			 * there might already be a rctl defined that blocks
4895 			 * the alias.
4896 			 */
4897 			if (!zonecfg_aliased_rctl_ok(handle,
4898 			    ALIAS_MAXLOCKEDMEM)) {
4899 				zone_perror(pt_to_str(PT_LOCKED),
4900 				    Z_ALIAS_DISALLOW, B_FALSE);
4901 				saw_error = B_TRUE;
4902 				return;
4903 			}
4904 
4905 			if (!zonecfg_valid_memlimit(prop_id, &mem_cap)) {
4906 				zerr(gettext("A non-negative number with a "
4907 				    "required scale suffix (K, M, G or T) was "
4908 				    "expected\nhere."));
4909 				saw_error = B_TRUE;
4910 			} else {
4911 				if ((err = zonecfg_set_aliased_rctl(handle,
4912 				    ALIAS_MAXLOCKEDMEM, mem_cap)) != Z_OK)
4913 					zone_perror(zone, err, B_TRUE);
4914 				else
4915 					need_to_commit = B_TRUE;
4916 			}
4917 			break;
4918 		default:
4919 			zone_perror(pt_to_str(prop_type), Z_NO_PROPERTY_TYPE,
4920 			    B_TRUE);
4921 			long_usage(CMD_SET, B_TRUE);
4922 			usage(B_FALSE, HELP_PROPS);
4923 			return;
4924 		}
4925 		return;
4926 	case RT_ADMIN:
4927 		switch (prop_type) {
4928 		case PT_USER:
4929 			(void) strlcpy(in_progress_admintab.zone_admin_user,
4930 			    prop_id,
4931 			    sizeof (in_progress_admintab.zone_admin_user));
4932 			return;
4933 		case PT_AUTHS:
4934 			(void) strlcpy(in_progress_admintab.zone_admin_auths,
4935 			    prop_id,
4936 			    sizeof (in_progress_admintab.zone_admin_auths));
4937 			return;
4938 		default:
4939 			zone_perror(pt_to_str(prop_type), Z_NO_PROPERTY_TYPE,
4940 			    B_TRUE);
4941 			long_usage(CMD_SET, B_TRUE);
4942 			usage(B_FALSE, HELP_PROPS);
4943 			return;
4944 		}
4945 	case RT_SECFLAGS: {
4946 		char *propstr;
4947 
4948 		switch (prop_type) {
4949 		case PT_DEFAULT:
4950 			propstr = in_progress_secflagstab.zone_secflags_default;
4951 			break;
4952 		case PT_UPPER:
4953 			propstr = in_progress_secflagstab.zone_secflags_upper;
4954 			break;
4955 		case PT_LOWER:
4956 			propstr = in_progress_secflagstab.zone_secflags_lower;
4957 			break;
4958 		default:
4959 			zone_perror(pt_to_str(prop_type), Z_NO_PROPERTY_TYPE,
4960 			    B_TRUE);
4961 			long_usage(CMD_SET, B_TRUE);
4962 			usage(B_FALSE, HELP_PROPS);
4963 			return;
4964 		}
4965 		(void) strlcpy(propstr, prop_id, ZONECFG_SECFLAGS_MAX);
4966 		return;
4967 	}
4968 	default:
4969 		zone_perror(rt_to_str(res_type), Z_NO_RESOURCE_TYPE, B_TRUE);
4970 		long_usage(CMD_SET, B_TRUE);
4971 		usage(B_FALSE, HELP_RESOURCES);
4972 		return;
4973 	}
4974 }
4975 
4976 static void
output_prop(FILE * fp,int pnum,char * pval,boolean_t print_notspec)4977 output_prop(FILE *fp, int pnum, char *pval, boolean_t print_notspec)
4978 {
4979 	char *qstr;
4980 
4981 	if (*pval != '\0') {
4982 		qstr = quoteit(pval);
4983 		if (pnum == PT_SWAP || pnum == PT_LOCKED)
4984 			(void) fprintf(fp, "\t[%s: %s]\n", pt_to_str(pnum),
4985 			    qstr);
4986 		else
4987 			(void) fprintf(fp, "\t%s: %s\n", pt_to_str(pnum), qstr);
4988 		free(qstr);
4989 	} else if (print_notspec)
4990 		(void) fprintf(fp, gettext("\t%s not specified\n"),
4991 		    pt_to_str(pnum));
4992 }
4993 
4994 static void
info_zonename(zone_dochandle_t handle,FILE * fp)4995 info_zonename(zone_dochandle_t handle, FILE *fp)
4996 {
4997 	char zonename[ZONENAME_MAX];
4998 
4999 	if (zonecfg_get_name(handle, zonename, sizeof (zonename)) == Z_OK)
5000 		(void) fprintf(fp, "%s: %s\n", pt_to_str(PT_ZONENAME),
5001 		    zonename);
5002 	else
5003 		(void) fprintf(fp, gettext("%s not specified\n"),
5004 		    pt_to_str(PT_ZONENAME));
5005 }
5006 
5007 static void
info_zonepath(zone_dochandle_t handle,FILE * fp)5008 info_zonepath(zone_dochandle_t handle, FILE *fp)
5009 {
5010 	char zonepath[MAXPATHLEN];
5011 
5012 	if (zonecfg_get_zonepath(handle, zonepath, sizeof (zonepath)) == Z_OK)
5013 		(void) fprintf(fp, "%s: %s\n", pt_to_str(PT_ZONEPATH),
5014 		    zonepath);
5015 	else {
5016 		(void) fprintf(fp, gettext("%s not specified\n"),
5017 		    pt_to_str(PT_ZONEPATH));
5018 	}
5019 }
5020 
5021 static void
info_brand(zone_dochandle_t handle,FILE * fp)5022 info_brand(zone_dochandle_t handle, FILE *fp)
5023 {
5024 	char brand[MAXNAMELEN];
5025 
5026 	if (zonecfg_get_brand(handle, brand, sizeof (brand)) == Z_OK)
5027 		(void) fprintf(fp, "%s: %s\n", pt_to_str(PT_BRAND),
5028 		    brand);
5029 	else
5030 		(void) fprintf(fp, "%s %s\n", pt_to_str(PT_BRAND),
5031 		    gettext("not specified"));
5032 }
5033 
5034 static void
info_autoboot(zone_dochandle_t handle,FILE * fp)5035 info_autoboot(zone_dochandle_t handle, FILE *fp)
5036 {
5037 	boolean_t autoboot;
5038 	int err;
5039 
5040 	if ((err = zonecfg_get_autoboot(handle, &autoboot)) == Z_OK)
5041 		(void) fprintf(fp, "%s: %s\n", pt_to_str(PT_AUTOBOOT),
5042 		    autoboot ? "true" : "false");
5043 	else
5044 		zone_perror(zone, err, B_TRUE);
5045 }
5046 
5047 static void
info_pool(zone_dochandle_t handle,FILE * fp)5048 info_pool(zone_dochandle_t handle, FILE *fp)
5049 {
5050 	char pool[MAXNAMELEN];
5051 	int err;
5052 
5053 	if ((err = zonecfg_get_pool(handle, pool, sizeof (pool))) == Z_OK)
5054 		(void) fprintf(fp, "%s: %s\n", pt_to_str(PT_POOL), pool);
5055 	else
5056 		zone_perror(zone, err, B_TRUE);
5057 }
5058 
5059 static void
info_limitpriv(zone_dochandle_t handle,FILE * fp)5060 info_limitpriv(zone_dochandle_t handle, FILE *fp)
5061 {
5062 	char *limitpriv;
5063 	int err;
5064 
5065 	if ((err = zonecfg_get_limitpriv(handle, &limitpriv)) == Z_OK) {
5066 		(void) fprintf(fp, "%s: %s\n", pt_to_str(PT_LIMITPRIV),
5067 		    limitpriv);
5068 		free(limitpriv);
5069 	} else {
5070 		zone_perror(zone, err, B_TRUE);
5071 	}
5072 }
5073 
5074 static void
info_bootargs(zone_dochandle_t handle,FILE * fp)5075 info_bootargs(zone_dochandle_t handle, FILE *fp)
5076 {
5077 	char bootargs[BOOTARGS_MAX];
5078 	int err;
5079 
5080 	if ((err = zonecfg_get_bootargs(handle, bootargs,
5081 	    sizeof (bootargs))) == Z_OK) {
5082 		(void) fprintf(fp, "%s: %s\n", pt_to_str(PT_BOOTARGS),
5083 		    bootargs);
5084 	} else {
5085 		zone_perror(zone, err, B_TRUE);
5086 	}
5087 }
5088 
5089 static void
info_sched(zone_dochandle_t handle,FILE * fp)5090 info_sched(zone_dochandle_t handle, FILE *fp)
5091 {
5092 	char sched[MAXNAMELEN];
5093 	int err;
5094 
5095 	if ((err = zonecfg_get_sched_class(handle, sched, sizeof (sched)))
5096 	    == Z_OK) {
5097 		(void) fprintf(fp, "%s: %s\n", pt_to_str(PT_SCHED), sched);
5098 	} else {
5099 		zone_perror(zone, err, B_TRUE);
5100 	}
5101 }
5102 
5103 static void
info_iptype(zone_dochandle_t handle,FILE * fp)5104 info_iptype(zone_dochandle_t handle, FILE *fp)
5105 {
5106 	zone_iptype_t iptype;
5107 	int err;
5108 
5109 	if ((err = zonecfg_get_iptype(handle, &iptype)) == Z_OK) {
5110 		switch (iptype) {
5111 		case ZS_SHARED:
5112 			(void) fprintf(fp, "%s: %s\n", pt_to_str(PT_IPTYPE),
5113 			    "shared");
5114 			break;
5115 		case ZS_EXCLUSIVE:
5116 			(void) fprintf(fp, "%s: %s\n", pt_to_str(PT_IPTYPE),
5117 			    "exclusive");
5118 			break;
5119 		}
5120 	} else {
5121 		zone_perror(zone, err, B_TRUE);
5122 	}
5123 }
5124 
5125 static void
info_hostid(zone_dochandle_t handle,FILE * fp)5126 info_hostid(zone_dochandle_t handle, FILE *fp)
5127 {
5128 	char hostidp[HW_HOSTID_LEN];
5129 	int err;
5130 
5131 	if ((err = zonecfg_get_hostid(handle, hostidp,
5132 	    sizeof (hostidp))) == Z_OK) {
5133 		(void) fprintf(fp, "%s: %s\n", pt_to_str(PT_HOSTID), hostidp);
5134 	} else if (err == Z_BAD_PROPERTY) {
5135 		(void) fprintf(fp, "%s: \n", pt_to_str(PT_HOSTID));
5136 	} else {
5137 		zone_perror(zone, err, B_TRUE);
5138 	}
5139 }
5140 
5141 static void
info_fs_allowed(zone_dochandle_t handle,FILE * fp)5142 info_fs_allowed(zone_dochandle_t handle, FILE *fp)
5143 {
5144 	char fsallowedp[ZONE_FS_ALLOWED_MAX];
5145 	int err;
5146 
5147 	if ((err = zonecfg_get_fs_allowed(handle, fsallowedp,
5148 	    sizeof (fsallowedp))) == Z_OK) {
5149 		(void) fprintf(fp, "%s: %s\n", pt_to_str(PT_FS_ALLOWED),
5150 		    fsallowedp);
5151 	} else if (err == Z_BAD_PROPERTY) {
5152 		(void) fprintf(fp, "%s: \n", pt_to_str(PT_FS_ALLOWED));
5153 	} else {
5154 		zone_perror(zone, err, B_TRUE);
5155 	}
5156 }
5157 
5158 static void
output_fs(FILE * fp,struct zone_fstab * fstab)5159 output_fs(FILE *fp, struct zone_fstab *fstab)
5160 {
5161 	zone_fsopt_t *this;
5162 
5163 	(void) fprintf(fp, "%s:\n", rt_to_str(RT_FS));
5164 	output_prop(fp, PT_DIR, fstab->zone_fs_dir, B_TRUE);
5165 	output_prop(fp, PT_SPECIAL, fstab->zone_fs_special, B_TRUE);
5166 	output_prop(fp, PT_RAW, fstab->zone_fs_raw, B_TRUE);
5167 	output_prop(fp, PT_TYPE, fstab->zone_fs_type, B_TRUE);
5168 	(void) fprintf(fp, "\t%s: [", pt_to_str(PT_OPTIONS));
5169 	for (this = fstab->zone_fs_options; this != NULL;
5170 	    this = this->zone_fsopt_next) {
5171 		if (strchr(this->zone_fsopt_opt, '='))
5172 			(void) fprintf(fp, "\"%s\"", this->zone_fsopt_opt);
5173 		else
5174 			(void) fprintf(fp, "%s", this->zone_fsopt_opt);
5175 		if (this->zone_fsopt_next != NULL)
5176 			(void) fprintf(fp, ",");
5177 	}
5178 	(void) fprintf(fp, "]\n");
5179 }
5180 
5181 static void
info_fs(zone_dochandle_t handle,FILE * fp,cmd_t * cmd)5182 info_fs(zone_dochandle_t handle, FILE *fp, cmd_t *cmd)
5183 {
5184 	struct zone_fstab lookup, user;
5185 	boolean_t output = B_FALSE;
5186 
5187 	if (zonecfg_setfsent(handle) != Z_OK)
5188 		return;
5189 	while (zonecfg_getfsent(handle, &lookup) == Z_OK) {
5190 		if (cmd->cmd_prop_nv_pairs == 0) {
5191 			output_fs(fp, &lookup);
5192 			goto loopend;
5193 		}
5194 		if (fill_in_fstab(cmd, &user, B_TRUE) != Z_OK)
5195 			goto loopend;
5196 		if (strlen(user.zone_fs_dir) > 0 &&
5197 		    strcmp(user.zone_fs_dir, lookup.zone_fs_dir) != 0)
5198 			goto loopend;	/* no match */
5199 		if (strlen(user.zone_fs_special) > 0 &&
5200 		    strcmp(user.zone_fs_special, lookup.zone_fs_special) != 0)
5201 			goto loopend;	/* no match */
5202 		if (strlen(user.zone_fs_type) > 0 &&
5203 		    strcmp(user.zone_fs_type, lookup.zone_fs_type) != 0)
5204 			goto loopend;	/* no match */
5205 		output_fs(fp, &lookup);
5206 		output = B_TRUE;
5207 loopend:
5208 		zonecfg_free_fs_option_list(lookup.zone_fs_options);
5209 	}
5210 	(void) zonecfg_endfsent(handle);
5211 	/*
5212 	 * If a property n/v pair was specified, warn the user if there was
5213 	 * nothing to output.
5214 	 */
5215 	if (!output && cmd->cmd_prop_nv_pairs > 0)
5216 		(void) printf(gettext("No such %s resource.\n"),
5217 		    rt_to_str(RT_FS));
5218 }
5219 
5220 static void
output_net(FILE * fp,struct zone_nwiftab * nwiftab)5221 output_net(FILE *fp, struct zone_nwiftab *nwiftab)
5222 {
5223 	(void) fprintf(fp, "%s:\n", rt_to_str(RT_NET));
5224 	output_prop(fp, PT_ADDRESS, nwiftab->zone_nwif_address, B_TRUE);
5225 	output_prop(fp, PT_ALLOWED_ADDRESS,
5226 	    nwiftab->zone_nwif_allowed_address, B_TRUE);
5227 	output_prop(fp, PT_PHYSICAL, nwiftab->zone_nwif_physical, B_TRUE);
5228 	output_prop(fp, PT_DEFROUTER, nwiftab->zone_nwif_defrouter, B_TRUE);
5229 }
5230 
5231 static void
info_net(zone_dochandle_t handle,FILE * fp,cmd_t * cmd)5232 info_net(zone_dochandle_t handle, FILE *fp, cmd_t *cmd)
5233 {
5234 	struct zone_nwiftab lookup, user;
5235 	boolean_t output = B_FALSE;
5236 
5237 	if (zonecfg_setnwifent(handle) != Z_OK)
5238 		return;
5239 	while (zonecfg_getnwifent(handle, &lookup) == Z_OK) {
5240 		if (cmd->cmd_prop_nv_pairs == 0) {
5241 			output_net(fp, &lookup);
5242 			continue;
5243 		}
5244 		if (fill_in_nwiftab(cmd, &user, B_TRUE) != Z_OK)
5245 			continue;
5246 		if (strlen(user.zone_nwif_physical) > 0 &&
5247 		    strcmp(user.zone_nwif_physical,
5248 		    lookup.zone_nwif_physical) != 0)
5249 			continue;	/* no match */
5250 		/* If present make sure it matches */
5251 		if (strlen(user.zone_nwif_address) > 0 &&
5252 		    !zonecfg_same_net_address(user.zone_nwif_address,
5253 		    lookup.zone_nwif_address))
5254 			continue;	/* no match */
5255 		output_net(fp, &lookup);
5256 		output = B_TRUE;
5257 	}
5258 	(void) zonecfg_endnwifent(handle);
5259 	/*
5260 	 * If a property n/v pair was specified, warn the user if there was
5261 	 * nothing to output.
5262 	 */
5263 	if (!output && cmd->cmd_prop_nv_pairs > 0)
5264 		(void) printf(gettext("No such %s resource.\n"),
5265 		    rt_to_str(RT_NET));
5266 }
5267 
5268 static void
output_dev(FILE * fp,struct zone_devtab * devtab)5269 output_dev(FILE *fp, struct zone_devtab *devtab)
5270 {
5271 	(void) fprintf(fp, "%s:\n", rt_to_str(RT_DEVICE));
5272 	output_prop(fp, PT_MATCH, devtab->zone_dev_match, B_TRUE);
5273 }
5274 
5275 static void
info_dev(zone_dochandle_t handle,FILE * fp,cmd_t * cmd)5276 info_dev(zone_dochandle_t handle, FILE *fp, cmd_t *cmd)
5277 {
5278 	struct zone_devtab lookup, user;
5279 	boolean_t output = B_FALSE;
5280 
5281 	if (zonecfg_setdevent(handle) != Z_OK)
5282 		return;
5283 	while (zonecfg_getdevent(handle, &lookup) == Z_OK) {
5284 		if (cmd->cmd_prop_nv_pairs == 0) {
5285 			output_dev(fp, &lookup);
5286 			continue;
5287 		}
5288 		if (fill_in_devtab(cmd, &user, B_TRUE) != Z_OK)
5289 			continue;
5290 		if (strlen(user.zone_dev_match) > 0 &&
5291 		    strcmp(user.zone_dev_match, lookup.zone_dev_match) != 0)
5292 			continue;	/* no match */
5293 		output_dev(fp, &lookup);
5294 		output = B_TRUE;
5295 	}
5296 	(void) zonecfg_enddevent(handle);
5297 	/*
5298 	 * If a property n/v pair was specified, warn the user if there was
5299 	 * nothing to output.
5300 	 */
5301 	if (!output && cmd->cmd_prop_nv_pairs > 0)
5302 		(void) printf(gettext("No such %s resource.\n"),
5303 		    rt_to_str(RT_DEVICE));
5304 }
5305 
5306 static void
output_rctl(FILE * fp,struct zone_rctltab * rctltab)5307 output_rctl(FILE *fp, struct zone_rctltab *rctltab)
5308 {
5309 	struct zone_rctlvaltab *valptr;
5310 
5311 	(void) fprintf(fp, "%s:\n", rt_to_str(RT_RCTL));
5312 	output_prop(fp, PT_NAME, rctltab->zone_rctl_name, B_TRUE);
5313 	for (valptr = rctltab->zone_rctl_valptr; valptr != NULL;
5314 	    valptr = valptr->zone_rctlval_next) {
5315 		fprintf(fp, "\t%s: (%s=%s,%s=%s,%s=%s)\n",
5316 		    pt_to_str(PT_VALUE),
5317 		    pt_to_str(PT_PRIV), valptr->zone_rctlval_priv,
5318 		    pt_to_str(PT_LIMIT), valptr->zone_rctlval_limit,
5319 		    pt_to_str(PT_ACTION), valptr->zone_rctlval_action);
5320 	}
5321 }
5322 
5323 static void
info_rctl(zone_dochandle_t handle,FILE * fp,cmd_t * cmd)5324 info_rctl(zone_dochandle_t handle, FILE *fp, cmd_t *cmd)
5325 {
5326 	struct zone_rctltab lookup, user;
5327 	boolean_t output = B_FALSE;
5328 
5329 	if (zonecfg_setrctlent(handle) != Z_OK)
5330 		return;
5331 	while (zonecfg_getrctlent(handle, &lookup) == Z_OK) {
5332 		if (cmd->cmd_prop_nv_pairs == 0) {
5333 			output_rctl(fp, &lookup);
5334 		} else if (fill_in_rctltab(cmd, &user, B_TRUE) == Z_OK &&
5335 		    (strlen(user.zone_rctl_name) == 0 ||
5336 		    strcmp(user.zone_rctl_name, lookup.zone_rctl_name) == 0)) {
5337 			output_rctl(fp, &lookup);
5338 			output = B_TRUE;
5339 		}
5340 		zonecfg_free_rctl_value_list(lookup.zone_rctl_valptr);
5341 	}
5342 	(void) zonecfg_endrctlent(handle);
5343 	/*
5344 	 * If a property n/v pair was specified, warn the user if there was
5345 	 * nothing to output.
5346 	 */
5347 	if (!output && cmd->cmd_prop_nv_pairs > 0)
5348 		(void) printf(gettext("No such %s resource.\n"),
5349 		    rt_to_str(RT_RCTL));
5350 }
5351 
5352 static void
output_attr(FILE * fp,struct zone_attrtab * attrtab)5353 output_attr(FILE *fp, struct zone_attrtab *attrtab)
5354 {
5355 	(void) fprintf(fp, "%s:\n", rt_to_str(RT_ATTR));
5356 	output_prop(fp, PT_NAME, attrtab->zone_attr_name, B_TRUE);
5357 	output_prop(fp, PT_TYPE, attrtab->zone_attr_type, B_TRUE);
5358 	output_prop(fp, PT_VALUE, attrtab->zone_attr_value, B_TRUE);
5359 }
5360 
5361 static void
info_attr(zone_dochandle_t handle,FILE * fp,cmd_t * cmd)5362 info_attr(zone_dochandle_t handle, FILE *fp, cmd_t *cmd)
5363 {
5364 	struct zone_attrtab lookup, user;
5365 	boolean_t output = B_FALSE;
5366 
5367 	if (zonecfg_setattrent(handle) != Z_OK)
5368 		return;
5369 	while (zonecfg_getattrent(handle, &lookup) == Z_OK) {
5370 		if (cmd->cmd_prop_nv_pairs == 0) {
5371 			output_attr(fp, &lookup);
5372 			continue;
5373 		}
5374 		if (fill_in_attrtab(cmd, &user, B_TRUE) != Z_OK)
5375 			continue;
5376 		if (strlen(user.zone_attr_name) > 0 &&
5377 		    strcmp(user.zone_attr_name, lookup.zone_attr_name) != 0)
5378 			continue;	/* no match */
5379 		if (strlen(user.zone_attr_type) > 0 &&
5380 		    strcmp(user.zone_attr_type, lookup.zone_attr_type) != 0)
5381 			continue;	/* no match */
5382 		if (strlen(user.zone_attr_value) > 0 &&
5383 		    strcmp(user.zone_attr_value, lookup.zone_attr_value) != 0)
5384 			continue;	/* no match */
5385 		output_attr(fp, &lookup);
5386 		output = B_TRUE;
5387 	}
5388 	(void) zonecfg_endattrent(handle);
5389 	/*
5390 	 * If a property n/v pair was specified, warn the user if there was
5391 	 * nothing to output.
5392 	 */
5393 	if (!output && cmd->cmd_prop_nv_pairs > 0)
5394 		(void) printf(gettext("No such %s resource.\n"),
5395 		    rt_to_str(RT_ATTR));
5396 }
5397 
5398 static void
output_ds(FILE * fp,struct zone_dstab * dstab)5399 output_ds(FILE *fp, struct zone_dstab *dstab)
5400 {
5401 	(void) fprintf(fp, "%s:\n", rt_to_str(RT_DATASET));
5402 	output_prop(fp, PT_NAME, dstab->zone_dataset_name, B_TRUE);
5403 }
5404 
5405 static void
info_ds(zone_dochandle_t handle,FILE * fp,cmd_t * cmd)5406 info_ds(zone_dochandle_t handle, FILE *fp, cmd_t *cmd)
5407 {
5408 	struct zone_dstab lookup, user;
5409 	boolean_t output = B_FALSE;
5410 
5411 	if (zonecfg_setdsent(handle) != Z_OK)
5412 		return;
5413 	while (zonecfg_getdsent(handle, &lookup) == Z_OK) {
5414 		if (cmd->cmd_prop_nv_pairs == 0) {
5415 			output_ds(fp, &lookup);
5416 			continue;
5417 		}
5418 		if (fill_in_dstab(cmd, &user, B_TRUE) != Z_OK)
5419 			continue;
5420 		if (strlen(user.zone_dataset_name) > 0 &&
5421 		    strcmp(user.zone_dataset_name,
5422 		    lookup.zone_dataset_name) != 0)
5423 			continue;	/* no match */
5424 		output_ds(fp, &lookup);
5425 		output = B_TRUE;
5426 	}
5427 	(void) zonecfg_enddsent(handle);
5428 	/*
5429 	 * If a property n/v pair was specified, warn the user if there was
5430 	 * nothing to output.
5431 	 */
5432 	if (!output && cmd->cmd_prop_nv_pairs > 0)
5433 		(void) printf(gettext("No such %s resource.\n"),
5434 		    rt_to_str(RT_DATASET));
5435 }
5436 
5437 static void
output_pset(FILE * fp,struct zone_psettab * psettab)5438 output_pset(FILE *fp, struct zone_psettab *psettab)
5439 {
5440 	(void) fprintf(fp, "%s:\n", rt_to_str(RT_DCPU));
5441 	if (strcmp(psettab->zone_ncpu_min, psettab->zone_ncpu_max) == 0)
5442 		(void) fprintf(fp, "\t%s: %s\n", pt_to_str(PT_NCPUS),
5443 		    psettab->zone_ncpu_max);
5444 	else
5445 		(void) fprintf(fp, "\t%s: %s-%s\n", pt_to_str(PT_NCPUS),
5446 		    psettab->zone_ncpu_min, psettab->zone_ncpu_max);
5447 	if (psettab->zone_importance[0] != '\0')
5448 		(void) fprintf(fp, "\t%s: %s\n", pt_to_str(PT_IMPORTANCE),
5449 		    psettab->zone_importance);
5450 }
5451 
5452 static void
info_pset(zone_dochandle_t handle,FILE * fp)5453 info_pset(zone_dochandle_t handle, FILE *fp)
5454 {
5455 	struct zone_psettab lookup;
5456 
5457 	if (zonecfg_getpsetent(handle, &lookup) == Z_OK)
5458 		output_pset(fp, &lookup);
5459 }
5460 
5461 static void
output_pcap(FILE * fp)5462 output_pcap(FILE *fp)
5463 {
5464 	uint64_t cap;
5465 
5466 	if (zonecfg_get_aliased_rctl(handle, ALIAS_CPUCAP, &cap) == Z_OK) {
5467 		float scaled = (float)cap / 100;
5468 		(void) fprintf(fp, "%s:\n", rt_to_str(RT_PCAP));
5469 		(void) fprintf(fp, "\t[%s: %.2f]\n", pt_to_str(PT_NCPUS),
5470 		    scaled);
5471 	}
5472 }
5473 
5474 static void
info_pcap(FILE * fp)5475 info_pcap(FILE *fp)
5476 {
5477 	output_pcap(fp);
5478 }
5479 
5480 
5481 static void
info_aliased_rctl(zone_dochandle_t handle,FILE * fp,char * alias)5482 info_aliased_rctl(zone_dochandle_t handle, FILE *fp, char *alias)
5483 {
5484 	uint64_t limit;
5485 
5486 	if (zonecfg_get_aliased_rctl(handle, alias, &limit) == Z_OK) {
5487 		/* convert memory based properties */
5488 		if (strcmp(alias, ALIAS_MAXSHMMEM) == 0) {
5489 			char buf[128];
5490 
5491 			(void) snprintf(buf, sizeof (buf), "%llu", limit);
5492 			bytes_to_units(buf, buf, sizeof (buf));
5493 			(void) fprintf(fp, "[%s: %s]\n", alias, buf);
5494 			return;
5495 		}
5496 
5497 		(void) fprintf(fp, "[%s: %llu]\n", alias, limit);
5498 	}
5499 }
5500 
5501 static void
bytes_to_units(char * str,char * buf,int bufsize)5502 bytes_to_units(char *str, char *buf, int bufsize)
5503 {
5504 	unsigned long long num;
5505 	unsigned long long save = 0;
5506 	char *units = "BKMGT";
5507 	char *up = units;
5508 
5509 	num = strtoll(str, NULL, 10);
5510 
5511 	if (num < 1024) {
5512 		(void) snprintf(buf, bufsize, "%llu", num);
5513 		return;
5514 	}
5515 
5516 	while ((num >= 1024) && (*up != 'T')) {
5517 		up++; /* next unit of measurement */
5518 		save = num;
5519 		num = (num + 512) >> 10;
5520 	}
5521 
5522 	/* check if we should output a fraction.  snprintf will round for us */
5523 	if (save % 1024 != 0 && ((save >> 10) < 10))
5524 		(void) snprintf(buf, bufsize, "%2.1f%c", ((float)save / 1024),
5525 		    *up);
5526 	else
5527 		(void) snprintf(buf, bufsize, "%llu%c", num, *up);
5528 }
5529 
5530 static void
output_mcap(FILE * fp,struct zone_mcaptab * mcaptab,int showswap,uint64_t maxswap,int showlocked,uint64_t maxlocked)5531 output_mcap(FILE *fp, struct zone_mcaptab *mcaptab, int showswap,
5532     uint64_t maxswap, int showlocked, uint64_t maxlocked)
5533 {
5534 	char buf[128];
5535 
5536 	(void) fprintf(fp, "%s:\n", rt_to_str(RT_MCAP));
5537 	if (mcaptab->zone_physmem_cap[0] != '\0') {
5538 		bytes_to_units(mcaptab->zone_physmem_cap, buf, sizeof (buf));
5539 		output_prop(fp, PT_PHYSICAL, buf, B_TRUE);
5540 	}
5541 
5542 	if (showswap == Z_OK) {
5543 		(void) snprintf(buf, sizeof (buf), "%llu", maxswap);
5544 		bytes_to_units(buf, buf, sizeof (buf));
5545 		output_prop(fp, PT_SWAP, buf, B_TRUE);
5546 	}
5547 
5548 	if (showlocked == Z_OK) {
5549 		(void) snprintf(buf, sizeof (buf), "%llu", maxlocked);
5550 		bytes_to_units(buf, buf, sizeof (buf));
5551 		output_prop(fp, PT_LOCKED, buf, B_TRUE);
5552 	}
5553 }
5554 
5555 static void
info_mcap(zone_dochandle_t handle,FILE * fp)5556 info_mcap(zone_dochandle_t handle, FILE *fp)
5557 {
5558 	int res1, res2, res3;
5559 	uint64_t swap_limit;
5560 	uint64_t locked_limit;
5561 	struct zone_mcaptab lookup;
5562 
5563 	bzero(&lookup, sizeof (lookup));
5564 	res1 = zonecfg_getmcapent(handle, &lookup);
5565 	res2 = zonecfg_get_aliased_rctl(handle, ALIAS_MAXSWAP, &swap_limit);
5566 	res3 = zonecfg_get_aliased_rctl(handle, ALIAS_MAXLOCKEDMEM,
5567 	    &locked_limit);
5568 
5569 	if (res1 == Z_OK || res2 == Z_OK || res3 == Z_OK)
5570 		output_mcap(fp, &lookup, res2, swap_limit, res3, locked_limit);
5571 }
5572 
5573 static void
output_auth(FILE * fp,struct zone_admintab * admintab)5574 output_auth(FILE *fp, struct zone_admintab *admintab)
5575 {
5576 	(void) fprintf(fp, "%s:\n", rt_to_str(RT_ADMIN));
5577 	output_prop(fp, PT_USER, admintab->zone_admin_user, B_TRUE);
5578 	output_prop(fp, PT_AUTHS, admintab->zone_admin_auths, B_TRUE);
5579 }
5580 
5581 static void
output_secflags(FILE * fp,struct zone_secflagstab * sftab)5582 output_secflags(FILE *fp, struct zone_secflagstab *sftab)
5583 {
5584 	(void) fprintf(fp, "%s:\n", rt_to_str(RT_SECFLAGS));
5585 	output_prop(fp, PT_DEFAULT, sftab->zone_secflags_default, B_TRUE);
5586 	output_prop(fp, PT_LOWER, sftab->zone_secflags_lower, B_TRUE);
5587 	output_prop(fp, PT_UPPER, sftab->zone_secflags_upper, B_TRUE);
5588 }
5589 
5590 static void
info_auth(zone_dochandle_t handle,FILE * fp,cmd_t * cmd)5591 info_auth(zone_dochandle_t handle, FILE *fp, cmd_t *cmd)
5592 {
5593 	struct zone_admintab lookup, user;
5594 	boolean_t output = B_FALSE;
5595 	int err;
5596 
5597 	if ((err = zonecfg_setadminent(handle)) != Z_OK) {
5598 		zone_perror(zone, err, B_TRUE);
5599 		return;
5600 	}
5601 	while (zonecfg_getadminent(handle, &lookup) == Z_OK) {
5602 		if (cmd->cmd_prop_nv_pairs == 0) {
5603 			output_auth(fp, &lookup);
5604 			continue;
5605 		}
5606 		if (fill_in_admintab(cmd, &user, B_TRUE) != Z_OK)
5607 			continue;
5608 		if (strlen(user.zone_admin_user) > 0 &&
5609 		    strcmp(user.zone_admin_user, lookup.zone_admin_user) != 0)
5610 			continue;	/* no match */
5611 		output_auth(fp, &lookup);
5612 		output = B_TRUE;
5613 	}
5614 	(void) zonecfg_endadminent(handle);
5615 	/*
5616 	 * If a property n/v pair was specified, warn the user if there was
5617 	 * nothing to output.
5618 	 */
5619 	if (!output && cmd->cmd_prop_nv_pairs > 0)
5620 		(void) printf(gettext("No such %s resource.\n"),
5621 		    rt_to_str(RT_ADMIN));
5622 }
5623 
5624 static void
info_secflags(zone_dochandle_t handle,FILE * fp)5625 info_secflags(zone_dochandle_t handle, FILE *fp)
5626 {
5627 	struct zone_secflagstab sftab;
5628 
5629 	if (zonecfg_lookup_secflags(handle, &sftab) == Z_OK) {
5630 		output_secflags(fp, &sftab);
5631 	}
5632 }
5633 
5634 void
info_func(cmd_t * cmd)5635 info_func(cmd_t *cmd)
5636 {
5637 	FILE *fp = stdout;
5638 	boolean_t need_to_close = B_FALSE;
5639 	int type;
5640 	int res1, res2;
5641 	uint64_t swap_limit;
5642 	uint64_t locked_limit;
5643 
5644 	assert(cmd != NULL);
5645 
5646 	if (initialize(B_TRUE) != Z_OK)
5647 		return;
5648 
5649 	/* don't page error output */
5650 	if (interactive_mode) {
5651 		if ((fp = pager_open()) != NULL)
5652 			need_to_close = B_TRUE;
5653 		else
5654 			fp = stdout;
5655 
5656 		setbuf(fp, NULL);
5657 	}
5658 
5659 	if (!global_scope) {
5660 		switch (resource_scope) {
5661 		case RT_FS:
5662 			output_fs(fp, &in_progress_fstab);
5663 			break;
5664 		case RT_NET:
5665 			output_net(fp, &in_progress_nwiftab);
5666 			break;
5667 		case RT_DEVICE:
5668 			output_dev(fp, &in_progress_devtab);
5669 			break;
5670 		case RT_RCTL:
5671 			output_rctl(fp, &in_progress_rctltab);
5672 			break;
5673 		case RT_ATTR:
5674 			output_attr(fp, &in_progress_attrtab);
5675 			break;
5676 		case RT_DATASET:
5677 			output_ds(fp, &in_progress_dstab);
5678 			break;
5679 		case RT_DCPU:
5680 			output_pset(fp, &in_progress_psettab);
5681 			break;
5682 		case RT_PCAP:
5683 			output_pcap(fp);
5684 			break;
5685 		case RT_MCAP:
5686 			res1 = zonecfg_get_aliased_rctl(handle, ALIAS_MAXSWAP,
5687 			    &swap_limit);
5688 			res2 = zonecfg_get_aliased_rctl(handle,
5689 			    ALIAS_MAXLOCKEDMEM, &locked_limit);
5690 			output_mcap(fp, &in_progress_mcaptab, res1, swap_limit,
5691 			    res2, locked_limit);
5692 			break;
5693 		case RT_ADMIN:
5694 			output_auth(fp, &in_progress_admintab);
5695 			break;
5696 		case RT_SECFLAGS:
5697 			output_secflags(fp, &in_progress_secflagstab);
5698 			break;
5699 		}
5700 		goto cleanup;
5701 	}
5702 
5703 	type = cmd->cmd_res_type;
5704 
5705 	if (gz_invalid_rt_property(type)) {
5706 		zerr(gettext("%s is not a valid property for the global zone."),
5707 		    rt_to_str(type));
5708 		goto cleanup;
5709 	}
5710 
5711 	if (gz_invalid_resource(type)) {
5712 		zerr(gettext("%s is not a valid resource for the global zone."),
5713 		    rt_to_str(type));
5714 		goto cleanup;
5715 	}
5716 
5717 	switch (cmd->cmd_res_type) {
5718 	case RT_UNKNOWN:
5719 		info_zonename(handle, fp);
5720 		if (!global_zone) {
5721 			info_zonepath(handle, fp);
5722 			info_brand(handle, fp);
5723 			info_autoboot(handle, fp);
5724 			info_bootargs(handle, fp);
5725 		}
5726 		info_pool(handle, fp);
5727 		if (!global_zone) {
5728 			info_limitpriv(handle, fp);
5729 			info_sched(handle, fp);
5730 			info_iptype(handle, fp);
5731 			info_hostid(handle, fp);
5732 			info_fs_allowed(handle, fp);
5733 		}
5734 		info_aliased_rctl(handle, fp, ALIAS_MAXLWPS);
5735 		info_aliased_rctl(handle, fp, ALIAS_MAXPROCS);
5736 		info_aliased_rctl(handle, fp, ALIAS_MAXSHMMEM);
5737 		info_aliased_rctl(handle, fp, ALIAS_MAXSHMIDS);
5738 		info_aliased_rctl(handle, fp, ALIAS_MAXMSGIDS);
5739 		info_aliased_rctl(handle, fp, ALIAS_MAXSEMIDS);
5740 		info_aliased_rctl(handle, fp, ALIAS_SHARES);
5741 		if (!global_zone) {
5742 			info_fs(handle, fp, cmd);
5743 			info_net(handle, fp, cmd);
5744 			info_dev(handle, fp, cmd);
5745 		}
5746 		info_pset(handle, fp);
5747 		info_pcap(fp);
5748 		info_mcap(handle, fp);
5749 		if (!global_zone) {
5750 			info_attr(handle, fp, cmd);
5751 			info_ds(handle, fp, cmd);
5752 			info_auth(handle, fp, cmd);
5753 		}
5754 		info_rctl(handle, fp, cmd);
5755 		info_secflags(handle, fp);
5756 		break;
5757 	case RT_ZONENAME:
5758 		info_zonename(handle, fp);
5759 		break;
5760 	case RT_ZONEPATH:
5761 		info_zonepath(handle, fp);
5762 		break;
5763 	case RT_BRAND:
5764 		info_brand(handle, fp);
5765 		break;
5766 	case RT_AUTOBOOT:
5767 		info_autoboot(handle, fp);
5768 		break;
5769 	case RT_POOL:
5770 		info_pool(handle, fp);
5771 		break;
5772 	case RT_LIMITPRIV:
5773 		info_limitpriv(handle, fp);
5774 		break;
5775 	case RT_BOOTARGS:
5776 		info_bootargs(handle, fp);
5777 		break;
5778 	case RT_SCHED:
5779 		info_sched(handle, fp);
5780 		break;
5781 	case RT_IPTYPE:
5782 		info_iptype(handle, fp);
5783 		break;
5784 	case RT_MAXLWPS:
5785 		info_aliased_rctl(handle, fp, ALIAS_MAXLWPS);
5786 		break;
5787 	case RT_MAXPROCS:
5788 		info_aliased_rctl(handle, fp, ALIAS_MAXPROCS);
5789 		break;
5790 	case RT_MAXSHMMEM:
5791 		info_aliased_rctl(handle, fp, ALIAS_MAXSHMMEM);
5792 		break;
5793 	case RT_MAXSHMIDS:
5794 		info_aliased_rctl(handle, fp, ALIAS_MAXSHMIDS);
5795 		break;
5796 	case RT_MAXMSGIDS:
5797 		info_aliased_rctl(handle, fp, ALIAS_MAXMSGIDS);
5798 		break;
5799 	case RT_MAXSEMIDS:
5800 		info_aliased_rctl(handle, fp, ALIAS_MAXSEMIDS);
5801 		break;
5802 	case RT_SHARES:
5803 		info_aliased_rctl(handle, fp, ALIAS_SHARES);
5804 		break;
5805 	case RT_FS:
5806 		info_fs(handle, fp, cmd);
5807 		break;
5808 	case RT_NET:
5809 		info_net(handle, fp, cmd);
5810 		break;
5811 	case RT_DEVICE:
5812 		info_dev(handle, fp, cmd);
5813 		break;
5814 	case RT_RCTL:
5815 		info_rctl(handle, fp, cmd);
5816 		break;
5817 	case RT_ATTR:
5818 		info_attr(handle, fp, cmd);
5819 		break;
5820 	case RT_DATASET:
5821 		info_ds(handle, fp, cmd);
5822 		break;
5823 	case RT_DCPU:
5824 		info_pset(handle, fp);
5825 		break;
5826 	case RT_PCAP:
5827 		info_pcap(fp);
5828 		break;
5829 	case RT_MCAP:
5830 		info_mcap(handle, fp);
5831 		break;
5832 	case RT_HOSTID:
5833 		info_hostid(handle, fp);
5834 		break;
5835 	case RT_ADMIN:
5836 		info_auth(handle, fp, cmd);
5837 		break;
5838 	case RT_FS_ALLOWED:
5839 		info_fs_allowed(handle, fp);
5840 		break;
5841 	case RT_SECFLAGS:
5842 		info_secflags(handle, fp);
5843 		break;
5844 	default:
5845 		zone_perror(rt_to_str(cmd->cmd_res_type), Z_NO_RESOURCE_TYPE,
5846 		    B_TRUE);
5847 	}
5848 
5849 cleanup:
5850 	if (need_to_close)
5851 		(void) pager_close(fp);
5852 }
5853 
5854 /*
5855  * Helper function for verify-- checks that a required string property
5856  * exists.
5857  */
5858 static void
check_reqd_prop(char * attr,int rt,int pt,int * ret_val)5859 check_reqd_prop(char *attr, int rt, int pt, int *ret_val)
5860 {
5861 	if (strlen(attr) == 0) {
5862 		zerr(gettext("%s: %s not specified"), rt_to_str(rt),
5863 		    pt_to_str(pt));
5864 		saw_error = B_TRUE;
5865 		if (*ret_val == Z_OK)
5866 			*ret_val = Z_REQD_PROPERTY_MISSING;
5867 	}
5868 }
5869 
5870 static int
do_subproc(char * cmdbuf)5871 do_subproc(char *cmdbuf)
5872 {
5873 	char inbuf[MAX_CMD_LEN];
5874 	FILE *file;
5875 	int status;
5876 
5877 	file = popen(cmdbuf, "r");
5878 	if (file == NULL) {
5879 		zerr(gettext("Could not launch: %s"), cmdbuf);
5880 		return (-1);
5881 	}
5882 
5883 	while (fgets(inbuf, sizeof (inbuf), file) != NULL)
5884 		fprintf(stderr, "%s", inbuf);
5885 	status = pclose(file);
5886 
5887 	if (WIFSIGNALED(status)) {
5888 		zerr(gettext("%s unexpectedly terminated due to signal %d"),
5889 		    cmdbuf, WTERMSIG(status));
5890 		return (-1);
5891 	}
5892 	assert(WIFEXITED(status));
5893 	return (WEXITSTATUS(status));
5894 }
5895 
5896 static int
brand_verify(zone_dochandle_t handle)5897 brand_verify(zone_dochandle_t handle)
5898 {
5899 	char xml_file[32];
5900 	char cmdbuf[MAX_CMD_LEN];
5901 	brand_handle_t bh;
5902 	char brand[MAXNAMELEN];
5903 	int err;
5904 
5905 	if (zonecfg_get_brand(handle, brand, sizeof (brand)) != Z_OK) {
5906 		zerr("%s: %s\n", zone, gettext("could not get zone brand"));
5907 		return (Z_INVALID_DOCUMENT);
5908 	}
5909 	if ((bh = brand_open(brand)) == NULL) {
5910 		zerr("%s: %s\n", zone, gettext("unknown brand."));
5911 		return (Z_INVALID_DOCUMENT);
5912 	}
5913 
5914 	/*
5915 	 * Fetch the verify command, if any, from the brand configuration
5916 	 * and build the command line to execute it.
5917 	 */
5918 	strcpy(cmdbuf, EXEC_PREFIX);
5919 	err = brand_get_verify_cfg(bh, cmdbuf + EXEC_LEN,
5920 	    sizeof (cmdbuf) - (EXEC_LEN + (strlen(xml_file) + 1)));
5921 	brand_close(bh);
5922 	if (err != Z_OK) {
5923 		zerr("%s: %s\n", zone,
5924 		    gettext("could not get brand verification command"));
5925 		return (Z_INVALID_DOCUMENT);
5926 	}
5927 
5928 	/*
5929 	 * If the brand doesn't provide a verification routine, we just
5930 	 * return success.
5931 	 */
5932 	if (strlen(cmdbuf) == EXEC_LEN)
5933 		return (Z_OK);
5934 
5935 	/*
5936 	 * Dump the current config information for this zone to a file.
5937 	 */
5938 	strcpy(xml_file, "/tmp/zonecfg_verify.XXXXXX");
5939 	if (mkstemp(xml_file) == -1)
5940 		return (Z_TEMP_FILE);
5941 	if ((err = zonecfg_verify_save(handle, xml_file)) != Z_OK) {
5942 		(void) unlink(xml_file);
5943 		return (err);
5944 	}
5945 
5946 	/*
5947 	 * Execute the verification command.
5948 	 */
5949 	if ((strlcat(cmdbuf, " ", MAX_CMD_LEN) >= MAX_CMD_LEN) ||
5950 	    (strlcat(cmdbuf, xml_file, MAX_CMD_LEN) >= MAX_CMD_LEN)) {
5951 		err = Z_BRAND_ERROR;
5952 	} else {
5953 		err = do_subproc(cmdbuf);
5954 	}
5955 
5956 	(void) unlink(xml_file);
5957 	return ((err == Z_OK) ? Z_OK : Z_BRAND_ERROR);
5958 }
5959 
5960 /*
5961  * Track the network interfaces listed in zonecfg(8) in a linked list
5962  * so that we can later check that defrouter is specified for an exclusive IP
5963  * zone if and only if at least one allowed-address has been specified.
5964  */
5965 static boolean_t
add_nwif(struct zone_nwiftab * nwif)5966 add_nwif(struct zone_nwiftab *nwif)
5967 {
5968 	struct xif *tmp;
5969 
5970 	for (tmp = xif; tmp != NULL; tmp = tmp->xif_next) {
5971 		if (strcmp(tmp->xif_name, nwif->zone_nwif_physical) == 0) {
5972 			if (strlen(nwif->zone_nwif_allowed_address) > 0)
5973 				tmp->xif_has_address = B_TRUE;
5974 			if (strlen(nwif->zone_nwif_defrouter) > 0)
5975 				tmp->xif_has_defrouter = B_TRUE;
5976 			return (B_TRUE);
5977 		}
5978 	}
5979 
5980 	tmp = malloc(sizeof (*tmp));
5981 	if (tmp == NULL) {
5982 		zerr(gettext("memory allocation failed for %s"),
5983 		    nwif->zone_nwif_physical);
5984 		return (B_FALSE);
5985 	}
5986 	strlcpy(tmp->xif_name, nwif->zone_nwif_physical,
5987 	    sizeof (tmp->xif_name));
5988 	tmp->xif_has_defrouter = (strlen(nwif->zone_nwif_defrouter) > 0);
5989 	tmp->xif_has_address = (strlen(nwif->zone_nwif_allowed_address) > 0);
5990 	tmp->xif_next = xif;
5991 	xif = tmp;
5992 	return (B_TRUE);
5993 }
5994 
5995 boolean_t
verify_secflags(struct zone_secflagstab * tab)5996 verify_secflags(struct zone_secflagstab *tab)
5997 {
5998 	secflagdelta_t def = {0};
5999 	secflagdelta_t upper = {0};
6000 	secflagdelta_t lower = {0};
6001 	boolean_t def_set = B_FALSE;
6002 	boolean_t upper_set = B_FALSE;
6003 	boolean_t lower_set = B_FALSE;
6004 	boolean_t ret = B_TRUE;
6005 
6006 	if (strlen(tab->zone_secflags_default) > 0) {
6007 		def_set = B_TRUE;
6008 		if (secflags_parse(NULL, tab->zone_secflags_default,
6009 		    &def) == -1) {
6010 			zerr(gettext("default security flags '%s' are invalid"),
6011 			    tab->zone_secflags_default);
6012 			ret = B_FALSE;
6013 		}
6014 	} else {
6015 		secflags_zero(&def.psd_assign);
6016 		def.psd_ass_active = B_TRUE;
6017 	}
6018 
6019 	if (strlen(tab->zone_secflags_upper) > 0) {
6020 		upper_set = B_TRUE;
6021 		if (secflags_parse(NULL, tab->zone_secflags_upper,
6022 		    &upper) == -1) {
6023 			zerr(gettext("upper security flags '%s' are invalid"),
6024 			    tab->zone_secflags_upper);
6025 			ret = B_FALSE;
6026 		}
6027 	} else {
6028 		secflags_fullset(&upper.psd_assign);
6029 		upper.psd_ass_active = B_TRUE;
6030 	}
6031 
6032 	if (strlen(tab->zone_secflags_lower) > 0) {
6033 		lower_set = B_TRUE;
6034 		if (secflags_parse(NULL, tab->zone_secflags_lower,
6035 		    &lower) == -1) {
6036 			zerr(gettext("lower security flags '%s' are invalid"),
6037 			    tab->zone_secflags_lower);
6038 			ret = B_FALSE;
6039 		}
6040 	} else {
6041 		secflags_zero(&lower.psd_assign);
6042 		lower.psd_ass_active = B_TRUE;
6043 	}
6044 
6045 	if (def_set && !def.psd_ass_active) {
6046 		zerr(gettext("only assignment of security flags is "
6047 		    "allowed (default: %s)"), tab->zone_secflags_default);
6048 	}
6049 
6050 	if (lower_set && !lower.psd_ass_active) {
6051 		zerr(gettext("only assignment of security flags is "
6052 		    "allowed (lower: %s)"), tab->zone_secflags_lower);
6053 	}
6054 
6055 	if (upper_set && !upper.psd_ass_active) {
6056 		zerr(gettext("only assignment of security flags is "
6057 		    "allowed (upper: %s)"), tab->zone_secflags_upper);
6058 	}
6059 
6060 	if (def.psd_assign & ~upper.psd_assign)	{ /* In default but not upper */
6061 		zerr(gettext("default secflags must be within the "
6062 		    "upper limit"));
6063 		ret = B_FALSE;
6064 	}
6065 	if (lower.psd_assign & ~def.psd_assign) { /* In lower but not default */
6066 		zerr(gettext("default secflags must be above the lower limit"));
6067 		ret = B_FALSE;
6068 	}
6069 	if (lower.psd_assign & ~upper.psd_assign) { /* In lower but not upper */
6070 		zerr(gettext("lower secflags must be within the upper limit"));
6071 		ret = B_FALSE;
6072 	}
6073 
6074 	return (ret);
6075 }
6076 
6077 /*
6078  * See the DTD for which attributes are required for which resources.
6079  *
6080  * This function can be called by commit_func(), which needs to save things,
6081  * in addition to the general call from parse_and_run(), which doesn't need
6082  * things saved.  Since the parameters are standardized, we distinguish by
6083  * having commit_func() call here with cmd->cmd_arg set to "save" to indicate
6084  * that a save is needed.
6085  */
6086 void
verify_func(cmd_t * cmd)6087 verify_func(cmd_t *cmd)
6088 {
6089 	struct zone_nwiftab nwiftab;
6090 	struct zone_fstab fstab;
6091 	struct zone_attrtab attrtab;
6092 	struct zone_rctltab rctltab;
6093 	struct zone_dstab dstab;
6094 	struct zone_psettab psettab;
6095 	struct zone_admintab admintab;
6096 	struct zone_secflagstab secflagstab;
6097 	char zonepath[MAXPATHLEN];
6098 	char sched[MAXNAMELEN];
6099 	char brand[MAXNAMELEN];
6100 	char hostidp[HW_HOSTID_LEN];
6101 	char fsallowedp[ZONE_FS_ALLOWED_MAX];
6102 	priv_set_t *privs;
6103 	char *privname = NULL;
6104 	int err, ret_val = Z_OK, arg;
6105 	int pset_res;
6106 	boolean_t save = B_FALSE;
6107 	boolean_t arg_err = B_FALSE;
6108 	zone_iptype_t iptype;
6109 	boolean_t has_cpu_shares = B_FALSE;
6110 	boolean_t has_cpu_cap = B_FALSE;
6111 	struct xif *tmp;
6112 
6113 	optind = 0;
6114 	while ((arg = getopt(cmd->cmd_argc, cmd->cmd_argv, "?")) != EOF) {
6115 		switch (arg) {
6116 		case '?':
6117 			longer_usage(CMD_VERIFY);
6118 			arg_err = B_TRUE;
6119 			break;
6120 		default:
6121 			short_usage(CMD_VERIFY);
6122 			arg_err = B_TRUE;
6123 			break;
6124 		}
6125 	}
6126 	if (arg_err)
6127 		return;
6128 
6129 	if (optind > cmd->cmd_argc) {
6130 		short_usage(CMD_VERIFY);
6131 		return;
6132 	}
6133 
6134 	if (zone_is_read_only(CMD_VERIFY))
6135 		return;
6136 
6137 	assert(cmd != NULL);
6138 
6139 	if (cmd->cmd_argc > 0 && (strcmp(cmd->cmd_argv[0], "save") == 0))
6140 		save = B_TRUE;
6141 	if (initialize(B_TRUE) != Z_OK)
6142 		return;
6143 
6144 	if (zonecfg_get_zonepath(handle, zonepath, sizeof (zonepath)) != Z_OK &&
6145 	    !global_zone) {
6146 		zerr(gettext("%s not specified"), pt_to_str(PT_ZONEPATH));
6147 		ret_val = Z_REQD_RESOURCE_MISSING;
6148 		saw_error = B_TRUE;
6149 	}
6150 	if (strlen(zonepath) == 0 && !global_zone) {
6151 		zerr(gettext("%s cannot be empty."), pt_to_str(PT_ZONEPATH));
6152 		ret_val = Z_REQD_RESOURCE_MISSING;
6153 		saw_error = B_TRUE;
6154 	}
6155 
6156 	if ((err = zonecfg_get_brand(handle, brand, sizeof (brand))) != Z_OK) {
6157 		zone_perror(zone, err, B_TRUE);
6158 		return;
6159 	}
6160 	if ((err = brand_verify(handle)) != Z_OK) {
6161 		zone_perror(zone, err, B_TRUE);
6162 		return;
6163 	}
6164 
6165 	if (zonecfg_get_iptype(handle, &iptype) != Z_OK) {
6166 		zerr("%s %s", gettext("cannot get"), pt_to_str(PT_IPTYPE));
6167 		ret_val = Z_REQD_RESOURCE_MISSING;
6168 		saw_error = B_TRUE;
6169 	}
6170 
6171 	if ((privs = priv_allocset()) == NULL) {
6172 		zerr(gettext("%s: priv_allocset failed"), zone);
6173 		return;
6174 	}
6175 	if (zonecfg_get_privset(handle, privs, &privname) != Z_OK) {
6176 		zerr(gettext("%s: invalid privilege: %s"), zone, privname);
6177 		priv_freeset(privs);
6178 		free(privname);
6179 		return;
6180 	}
6181 	priv_freeset(privs);
6182 
6183 	if (zonecfg_get_hostid(handle, hostidp,
6184 	    sizeof (hostidp)) == Z_INVALID_PROPERTY) {
6185 		zerr(gettext("%s: invalid hostid: %s"),
6186 		    zone, hostidp);
6187 		return;
6188 	}
6189 
6190 	if (zonecfg_get_fs_allowed(handle, fsallowedp,
6191 	    sizeof (fsallowedp)) == Z_INVALID_PROPERTY) {
6192 		zerr(gettext("%s: invalid fs-allowed: %s"),
6193 		    zone, fsallowedp);
6194 		return;
6195 	}
6196 
6197 	if ((err = zonecfg_setfsent(handle)) != Z_OK) {
6198 		zone_perror(zone, err, B_TRUE);
6199 		return;
6200 	}
6201 	while (zonecfg_getfsent(handle, &fstab) == Z_OK) {
6202 		check_reqd_prop(fstab.zone_fs_dir, RT_FS, PT_DIR, &ret_val);
6203 		check_reqd_prop(fstab.zone_fs_special, RT_FS, PT_SPECIAL,
6204 		    &ret_val);
6205 		check_reqd_prop(fstab.zone_fs_type, RT_FS, PT_TYPE, &ret_val);
6206 
6207 		zonecfg_free_fs_option_list(fstab.zone_fs_options);
6208 	}
6209 	(void) zonecfg_endfsent(handle);
6210 
6211 	if ((err = zonecfg_setnwifent(handle)) != Z_OK) {
6212 		zone_perror(zone, err, B_TRUE);
6213 		return;
6214 	}
6215 	while (zonecfg_getnwifent(handle, &nwiftab) == Z_OK) {
6216 		/*
6217 		 * physical is required in all cases.
6218 		 * A shared IP requires an address,
6219 		 * and may include a default router, while
6220 		 * an exclusive IP must have neither an address
6221 		 * nor a default router.
6222 		 * The physical interface name must be valid in all cases.
6223 		 */
6224 		check_reqd_prop(nwiftab.zone_nwif_physical, RT_NET,
6225 		    PT_PHYSICAL, &ret_val);
6226 		if (validate_net_physical_syntax(nwiftab.zone_nwif_physical) !=
6227 		    Z_OK) {
6228 			saw_error = B_TRUE;
6229 			if (ret_val == Z_OK)
6230 				ret_val = Z_INVAL;
6231 		}
6232 
6233 		switch (iptype) {
6234 		case ZS_SHARED:
6235 			check_reqd_prop(nwiftab.zone_nwif_address, RT_NET,
6236 			    PT_ADDRESS, &ret_val);
6237 			if (strlen(nwiftab.zone_nwif_allowed_address) > 0) {
6238 				zerr(gettext("%s: %s cannot be specified "
6239 				    "for a shared IP type"),
6240 				    rt_to_str(RT_NET),
6241 				    pt_to_str(PT_ALLOWED_ADDRESS));
6242 				saw_error = B_TRUE;
6243 				if (ret_val == Z_OK)
6244 					ret_val = Z_INVAL;
6245 			}
6246 			break;
6247 		case ZS_EXCLUSIVE:
6248 			if (strlen(nwiftab.zone_nwif_address) > 0) {
6249 				zerr(gettext("%s: %s cannot be specified "
6250 				    "for an exclusive IP type"),
6251 				    rt_to_str(RT_NET), pt_to_str(PT_ADDRESS));
6252 				saw_error = B_TRUE;
6253 				if (ret_val == Z_OK)
6254 					ret_val = Z_INVAL;
6255 			} else {
6256 				if (!add_nwif(&nwiftab)) {
6257 					saw_error = B_TRUE;
6258 					if (ret_val == Z_OK)
6259 						ret_val = Z_INVAL;
6260 				}
6261 			}
6262 			break;
6263 		}
6264 	}
6265 	for (tmp = xif; tmp != NULL; tmp = tmp->xif_next) {
6266 		if (!tmp->xif_has_address && tmp->xif_has_defrouter) {
6267 			zerr(gettext("%s: %s for %s cannot be specified "
6268 			    "without %s for an exclusive IP type"),
6269 			    rt_to_str(RT_NET), pt_to_str(PT_DEFROUTER),
6270 			    tmp->xif_name, pt_to_str(PT_ALLOWED_ADDRESS));
6271 			saw_error = B_TRUE;
6272 			ret_val = Z_INVAL;
6273 		}
6274 	}
6275 	free(xif);
6276 	xif = NULL;
6277 	(void) zonecfg_endnwifent(handle);
6278 
6279 	if ((err = zonecfg_setrctlent(handle)) != Z_OK) {
6280 		zone_perror(zone, err, B_TRUE);
6281 		return;
6282 	}
6283 	while (zonecfg_getrctlent(handle, &rctltab) == Z_OK) {
6284 		check_reqd_prop(rctltab.zone_rctl_name, RT_RCTL, PT_NAME,
6285 		    &ret_val);
6286 
6287 		if (strcmp(rctltab.zone_rctl_name, "zone.cpu-shares") == 0)
6288 			has_cpu_shares = B_TRUE;
6289 
6290 		if (strcmp(rctltab.zone_rctl_name, "zone.cpu-cap") == 0)
6291 			has_cpu_cap = B_TRUE;
6292 
6293 		if (rctltab.zone_rctl_valptr == NULL) {
6294 			zerr(gettext("%s: no %s specified"),
6295 			    rt_to_str(RT_RCTL), pt_to_str(PT_VALUE));
6296 			saw_error = B_TRUE;
6297 			if (ret_val == Z_OK)
6298 				ret_val = Z_REQD_PROPERTY_MISSING;
6299 		} else {
6300 			zonecfg_free_rctl_value_list(rctltab.zone_rctl_valptr);
6301 		}
6302 	}
6303 	(void) zonecfg_endrctlent(handle);
6304 
6305 	if ((pset_res = zonecfg_lookup_pset(handle, &psettab)) == Z_OK &&
6306 	    has_cpu_shares) {
6307 		zerr(gettext("%s zone.cpu-shares and %s are incompatible."),
6308 		    rt_to_str(RT_RCTL), rt_to_str(RT_DCPU));
6309 		saw_error = B_TRUE;
6310 		if (ret_val == Z_OK)
6311 			ret_val = Z_INCOMPATIBLE;
6312 	}
6313 
6314 	if (has_cpu_shares && zonecfg_get_sched_class(handle, sched,
6315 	    sizeof (sched)) == Z_OK && strlen(sched) > 0 &&
6316 	    strcmp(sched, "FSS") != 0) {
6317 		zerr(gettext("WARNING: %s zone.cpu-shares and %s=%s are "
6318 		    "incompatible"),
6319 		    rt_to_str(RT_RCTL), rt_to_str(RT_SCHED), sched);
6320 		saw_error = B_TRUE;
6321 		if (ret_val == Z_OK)
6322 			ret_val = Z_INCOMPATIBLE;
6323 	}
6324 
6325 	if (pset_res == Z_OK && has_cpu_cap) {
6326 		zerr(gettext("%s zone.cpu-cap and the %s are incompatible."),
6327 		    rt_to_str(RT_RCTL), rt_to_str(RT_DCPU));
6328 		saw_error = B_TRUE;
6329 		if (ret_val == Z_OK)
6330 			ret_val = Z_INCOMPATIBLE;
6331 	}
6332 
6333 	if ((err = zonecfg_setattrent(handle)) != Z_OK) {
6334 		zone_perror(zone, err, B_TRUE);
6335 		return;
6336 	}
6337 	while (zonecfg_getattrent(handle, &attrtab) == Z_OK) {
6338 		check_reqd_prop(attrtab.zone_attr_name, RT_ATTR, PT_NAME,
6339 		    &ret_val);
6340 		check_reqd_prop(attrtab.zone_attr_type, RT_ATTR, PT_TYPE,
6341 		    &ret_val);
6342 		check_reqd_prop(attrtab.zone_attr_value, RT_ATTR, PT_VALUE,
6343 		    &ret_val);
6344 	}
6345 	(void) zonecfg_endattrent(handle);
6346 
6347 	if ((err = zonecfg_setdsent(handle)) != Z_OK) {
6348 		zone_perror(zone, err, B_TRUE);
6349 		return;
6350 	}
6351 	while (zonecfg_getdsent(handle, &dstab) == Z_OK) {
6352 		if (strlen(dstab.zone_dataset_name) == 0) {
6353 			zerr("%s: %s %s", rt_to_str(RT_DATASET),
6354 			    pt_to_str(PT_NAME), gettext("not specified"));
6355 			saw_error = B_TRUE;
6356 			if (ret_val == Z_OK)
6357 				ret_val = Z_REQD_PROPERTY_MISSING;
6358 		} else if (!zfs_name_valid(dstab.zone_dataset_name,
6359 		    ZFS_TYPE_FILESYSTEM)) {
6360 			zerr("%s: %s %s", rt_to_str(RT_DATASET),
6361 			    pt_to_str(PT_NAME), gettext("invalid"));
6362 			saw_error = B_TRUE;
6363 			if (ret_val == Z_OK)
6364 				ret_val = Z_BAD_PROPERTY;
6365 		}
6366 
6367 	}
6368 	(void) zonecfg_enddsent(handle);
6369 
6370 	if ((err = zonecfg_setadminent(handle)) != Z_OK) {
6371 		zone_perror(zone, err, B_TRUE);
6372 		return;
6373 	}
6374 	while (zonecfg_getadminent(handle, &admintab) == Z_OK) {
6375 		check_reqd_prop(admintab.zone_admin_user, RT_ADMIN,
6376 		    PT_USER, &ret_val);
6377 		check_reqd_prop(admintab.zone_admin_auths, RT_ADMIN,
6378 		    PT_AUTHS, &ret_val);
6379 		if ((ret_val == Z_OK) && (getpwnam(admintab.zone_admin_user)
6380 		    == NULL)) {
6381 			zerr(gettext("%s %s is not a valid username"),
6382 			    pt_to_str(PT_USER),
6383 			    admintab.zone_admin_user);
6384 			ret_val = Z_BAD_PROPERTY;
6385 		}
6386 		if ((ret_val == Z_OK) && (!zonecfg_valid_auths(
6387 		    admintab.zone_admin_auths, zone))) {
6388 			ret_val = Z_BAD_PROPERTY;
6389 		}
6390 	}
6391 	(void) zonecfg_endadminent(handle);
6392 
6393 	if (zonecfg_getsecflagsent(handle, &secflagstab) == Z_OK) {
6394 		/*
6395 		 * No properties are required, but any specified should be
6396 		 * valid
6397 		 */
6398 		if (verify_secflags(&secflagstab) != B_TRUE) {
6399 			/* Error is reported from verify_secflags */
6400 			ret_val = Z_BAD_PROPERTY;
6401 		}
6402 	}
6403 
6404 	if (!global_scope) {
6405 		zerr(gettext("resource specification incomplete"));
6406 		saw_error = B_TRUE;
6407 		if (ret_val == Z_OK)
6408 			ret_val = Z_INSUFFICIENT_SPEC;
6409 	}
6410 
6411 	if (save) {
6412 		if (ret_val == Z_OK) {
6413 			if ((ret_val = zonecfg_save(handle)) == Z_OK) {
6414 				need_to_commit = B_FALSE;
6415 				(void) strlcpy(revert_zone, zone,
6416 				    sizeof (revert_zone));
6417 			}
6418 		} else {
6419 			zerr(gettext("Zone %s failed to verify"), zone);
6420 		}
6421 	}
6422 	if (ret_val != Z_OK)
6423 		zone_perror(zone, ret_val, B_TRUE);
6424 }
6425 
6426 void
cancel_func(cmd_t * cmd)6427 cancel_func(cmd_t *cmd)
6428 {
6429 	int arg;
6430 	boolean_t arg_err = B_FALSE;
6431 
6432 	assert(cmd != NULL);
6433 
6434 	optind = 0;
6435 	while ((arg = getopt(cmd->cmd_argc, cmd->cmd_argv, "?")) != EOF) {
6436 		switch (arg) {
6437 		case '?':
6438 			longer_usage(CMD_CANCEL);
6439 			arg_err = B_TRUE;
6440 			break;
6441 		default:
6442 			short_usage(CMD_CANCEL);
6443 			arg_err = B_TRUE;
6444 			break;
6445 		}
6446 	}
6447 	if (arg_err)
6448 		return;
6449 
6450 	if (optind != cmd->cmd_argc) {
6451 		short_usage(CMD_CANCEL);
6452 		return;
6453 	}
6454 
6455 	if (global_scope)
6456 		scope_usage(CMD_CANCEL);
6457 	global_scope = B_TRUE;
6458 	zonecfg_free_fs_option_list(in_progress_fstab.zone_fs_options);
6459 	bzero(&in_progress_fstab, sizeof (in_progress_fstab));
6460 	bzero(&in_progress_nwiftab, sizeof (in_progress_nwiftab));
6461 	bzero(&in_progress_devtab, sizeof (in_progress_devtab));
6462 	zonecfg_free_rctl_value_list(in_progress_rctltab.zone_rctl_valptr);
6463 	bzero(&in_progress_rctltab, sizeof (in_progress_rctltab));
6464 	bzero(&in_progress_attrtab, sizeof (in_progress_attrtab));
6465 	bzero(&in_progress_dstab, sizeof (in_progress_dstab));
6466 }
6467 
6468 static int
validate_attr_name(char * name)6469 validate_attr_name(char *name)
6470 {
6471 	int i;
6472 
6473 	if (!isalnum(name[0])) {
6474 		zerr(gettext("Invalid %s %s %s: must start with an alpha-"
6475 		    "numeric character."), rt_to_str(RT_ATTR),
6476 		    pt_to_str(PT_NAME), name);
6477 		return (Z_INVAL);
6478 	}
6479 	for (i = 1; name[i]; i++)
6480 		if (!isalnum(name[i]) && name[i] != '-' && name[i] != '.') {
6481 			zerr(gettext("Invalid %s %s %s: can only contain "
6482 			    "alpha-numeric characters, plus '-' and '.'."),
6483 			    rt_to_str(RT_ATTR), pt_to_str(PT_NAME), name);
6484 			return (Z_INVAL);
6485 		}
6486 	return (Z_OK);
6487 }
6488 
6489 static int
validate_attr_type_val(struct zone_attrtab * attrtab)6490 validate_attr_type_val(struct zone_attrtab *attrtab)
6491 {
6492 	boolean_t boolval;
6493 	int64_t intval;
6494 	char strval[MAXNAMELEN];
6495 	uint64_t uintval;
6496 
6497 	if (strcmp(attrtab->zone_attr_type, "boolean") == 0) {
6498 		if (zonecfg_get_attr_boolean(attrtab, &boolval) == Z_OK)
6499 			return (Z_OK);
6500 		zerr(gettext("invalid %s value for %s=%s"),
6501 		    rt_to_str(RT_ATTR), pt_to_str(PT_TYPE), "boolean");
6502 		return (Z_ERR);
6503 	}
6504 
6505 	if (strcmp(attrtab->zone_attr_type, "int") == 0) {
6506 		if (zonecfg_get_attr_int(attrtab, &intval) == Z_OK)
6507 			return (Z_OK);
6508 		zerr(gettext("invalid %s value for %s=%s"),
6509 		    rt_to_str(RT_ATTR), pt_to_str(PT_TYPE), "int");
6510 		return (Z_ERR);
6511 	}
6512 
6513 	if (strcmp(attrtab->zone_attr_type, "string") == 0) {
6514 		if (zonecfg_get_attr_string(attrtab, strval,
6515 		    sizeof (strval)) == Z_OK)
6516 			return (Z_OK);
6517 		zerr(gettext("invalid %s value for %s=%s"),
6518 		    rt_to_str(RT_ATTR), pt_to_str(PT_TYPE), "string");
6519 		return (Z_ERR);
6520 	}
6521 
6522 	if (strcmp(attrtab->zone_attr_type, "uint") == 0) {
6523 		if (zonecfg_get_attr_uint(attrtab, &uintval) == Z_OK)
6524 			return (Z_OK);
6525 		zerr(gettext("invalid %s value for %s=%s"),
6526 		    rt_to_str(RT_ATTR), pt_to_str(PT_TYPE), "uint");
6527 		return (Z_ERR);
6528 	}
6529 
6530 	zerr(gettext("invalid %s %s '%s'"), rt_to_str(RT_ATTR),
6531 	    pt_to_str(PT_TYPE), attrtab->zone_attr_type);
6532 	return (Z_ERR);
6533 }
6534 
6535 /*
6536  * Helper function for end_func-- checks the existence of a given property
6537  * and emits a message if not specified.
6538  */
6539 static int
end_check_reqd(char * attr,int pt,boolean_t * validation_failed)6540 end_check_reqd(char *attr, int pt, boolean_t *validation_failed)
6541 {
6542 	if (strlen(attr) == 0) {
6543 		*validation_failed = B_TRUE;
6544 		zerr(gettext("%s not specified"), pt_to_str(pt));
6545 		return (Z_ERR);
6546 	}
6547 	return (Z_OK);
6548 }
6549 
6550 static void
net_exists_error(struct zone_nwiftab nwif)6551 net_exists_error(struct zone_nwiftab nwif)
6552 {
6553 	if (strlen(nwif.zone_nwif_address) > 0) {
6554 		zerr(gettext("A %s resource with the %s '%s', "
6555 		    "and %s '%s' already exists."),
6556 		    rt_to_str(RT_NET),
6557 		    pt_to_str(PT_PHYSICAL),
6558 		    nwif.zone_nwif_physical,
6559 		    pt_to_str(PT_ADDRESS),
6560 		    in_progress_nwiftab.zone_nwif_address);
6561 	} else {
6562 		zerr(gettext("A %s resource with the %s '%s', "
6563 		    "and %s '%s' already exists."),
6564 		    rt_to_str(RT_NET),
6565 		    pt_to_str(PT_PHYSICAL),
6566 		    nwif.zone_nwif_physical,
6567 		    pt_to_str(PT_ALLOWED_ADDRESS),
6568 		    nwif.zone_nwif_allowed_address);
6569 	}
6570 }
6571 
6572 void
end_func(cmd_t * cmd)6573 end_func(cmd_t *cmd)
6574 {
6575 	boolean_t validation_failed = B_FALSE;
6576 	boolean_t arg_err = B_FALSE;
6577 	struct zone_fstab tmp_fstab;
6578 	struct zone_nwiftab tmp_nwiftab;
6579 	struct zone_devtab tmp_devtab;
6580 	struct zone_rctltab tmp_rctltab;
6581 	struct zone_attrtab tmp_attrtab;
6582 	struct zone_dstab tmp_dstab;
6583 	struct zone_admintab tmp_admintab;
6584 	int err, arg, res1, res2, res3;
6585 	uint64_t swap_limit;
6586 	uint64_t locked_limit;
6587 	uint64_t proc_cap;
6588 
6589 	assert(cmd != NULL);
6590 
6591 	optind = 0;
6592 	while ((arg = getopt(cmd->cmd_argc, cmd->cmd_argv, "?")) != EOF) {
6593 		switch (arg) {
6594 		case '?':
6595 			longer_usage(CMD_END);
6596 			arg_err = B_TRUE;
6597 			break;
6598 		default:
6599 			short_usage(CMD_END);
6600 			arg_err = B_TRUE;
6601 			break;
6602 		}
6603 	}
6604 	if (arg_err)
6605 		return;
6606 
6607 	if (optind != cmd->cmd_argc) {
6608 		short_usage(CMD_END);
6609 		return;
6610 	}
6611 
6612 	if (global_scope) {
6613 		scope_usage(CMD_END);
6614 		return;
6615 	}
6616 
6617 	assert(end_op == CMD_ADD || end_op == CMD_SELECT);
6618 
6619 	switch (resource_scope) {
6620 	case RT_FS:
6621 		/* First make sure everything was filled in. */
6622 		if (end_check_reqd(in_progress_fstab.zone_fs_dir,
6623 		    PT_DIR, &validation_failed) == Z_OK) {
6624 			if (in_progress_fstab.zone_fs_dir[0] != '/') {
6625 				zerr(gettext("%s %s is not an absolute path."),
6626 				    pt_to_str(PT_DIR),
6627 				    in_progress_fstab.zone_fs_dir);
6628 				validation_failed = B_TRUE;
6629 			}
6630 		}
6631 
6632 		(void) end_check_reqd(in_progress_fstab.zone_fs_special,
6633 		    PT_SPECIAL, &validation_failed);
6634 
6635 		if (in_progress_fstab.zone_fs_raw[0] != '\0' &&
6636 		    in_progress_fstab.zone_fs_raw[0] != '/') {
6637 			zerr(gettext("%s %s is not an absolute path."),
6638 			    pt_to_str(PT_RAW),
6639 			    in_progress_fstab.zone_fs_raw);
6640 			validation_failed = B_TRUE;
6641 		}
6642 
6643 		(void) end_check_reqd(in_progress_fstab.zone_fs_type, PT_TYPE,
6644 		    &validation_failed);
6645 
6646 		if (validation_failed) {
6647 			saw_error = B_TRUE;
6648 			return;
6649 		}
6650 
6651 		if (end_op == CMD_ADD) {
6652 			/* Make sure there isn't already one like this. */
6653 			bzero(&tmp_fstab, sizeof (tmp_fstab));
6654 			(void) strlcpy(tmp_fstab.zone_fs_dir,
6655 			    in_progress_fstab.zone_fs_dir,
6656 			    sizeof (tmp_fstab.zone_fs_dir));
6657 			err = zonecfg_lookup_filesystem(handle, &tmp_fstab);
6658 			zonecfg_free_fs_option_list(tmp_fstab.zone_fs_options);
6659 			if (err == Z_OK) {
6660 				zerr(gettext("A %s resource "
6661 				    "with the %s '%s' already exists."),
6662 				    rt_to_str(RT_FS), pt_to_str(PT_DIR),
6663 				    in_progress_fstab.zone_fs_dir);
6664 				saw_error = B_TRUE;
6665 				return;
6666 			}
6667 			err = zonecfg_add_filesystem(handle,
6668 			    &in_progress_fstab);
6669 		} else {
6670 			err = zonecfg_modify_filesystem(handle, &old_fstab,
6671 			    &in_progress_fstab);
6672 		}
6673 		zonecfg_free_fs_option_list(in_progress_fstab.zone_fs_options);
6674 		in_progress_fstab.zone_fs_options = NULL;
6675 		break;
6676 
6677 	case RT_NET:
6678 		/*
6679 		 * First make sure everything was filled in.
6680 		 * Since we don't know whether IP will be shared
6681 		 * or exclusive here, some checks are deferred until
6682 		 * the verify command.
6683 		 */
6684 		(void) end_check_reqd(in_progress_nwiftab.zone_nwif_physical,
6685 		    PT_PHYSICAL, &validation_failed);
6686 
6687 		if (validation_failed) {
6688 			saw_error = B_TRUE;
6689 			return;
6690 		}
6691 		if (end_op == CMD_ADD) {
6692 			/* Make sure there isn't already one like this. */
6693 			bzero(&tmp_nwiftab, sizeof (tmp_nwiftab));
6694 			(void) strlcpy(tmp_nwiftab.zone_nwif_physical,
6695 			    in_progress_nwiftab.zone_nwif_physical,
6696 			    sizeof (tmp_nwiftab.zone_nwif_physical));
6697 			(void) strlcpy(tmp_nwiftab.zone_nwif_address,
6698 			    in_progress_nwiftab.zone_nwif_address,
6699 			    sizeof (tmp_nwiftab.zone_nwif_address));
6700 			(void) strlcpy(tmp_nwiftab.zone_nwif_allowed_address,
6701 			    in_progress_nwiftab.zone_nwif_allowed_address,
6702 			    sizeof (tmp_nwiftab.zone_nwif_allowed_address));
6703 			(void) strlcpy(tmp_nwiftab.zone_nwif_defrouter,
6704 			    in_progress_nwiftab.zone_nwif_defrouter,
6705 			    sizeof (tmp_nwiftab.zone_nwif_defrouter));
6706 			if (zonecfg_lookup_nwif(handle, &tmp_nwiftab) == Z_OK) {
6707 				net_exists_error(in_progress_nwiftab);
6708 				saw_error = B_TRUE;
6709 				return;
6710 			}
6711 			err = zonecfg_add_nwif(handle, &in_progress_nwiftab);
6712 		} else {
6713 			err = zonecfg_modify_nwif(handle, &old_nwiftab,
6714 			    &in_progress_nwiftab);
6715 		}
6716 		break;
6717 
6718 	case RT_DEVICE:
6719 		/* First make sure everything was filled in. */
6720 		(void) end_check_reqd(in_progress_devtab.zone_dev_match,
6721 		    PT_MATCH, &validation_failed);
6722 
6723 		if (validation_failed) {
6724 			saw_error = B_TRUE;
6725 			return;
6726 		}
6727 
6728 		if (end_op == CMD_ADD) {
6729 			/* Make sure there isn't already one like this. */
6730 			(void) strlcpy(tmp_devtab.zone_dev_match,
6731 			    in_progress_devtab.zone_dev_match,
6732 			    sizeof (tmp_devtab.zone_dev_match));
6733 			if (zonecfg_lookup_dev(handle, &tmp_devtab) == Z_OK) {
6734 				zerr(gettext("A %s resource with the %s '%s' "
6735 				    "already exists."), rt_to_str(RT_DEVICE),
6736 				    pt_to_str(PT_MATCH),
6737 				    in_progress_devtab.zone_dev_match);
6738 				saw_error = B_TRUE;
6739 				return;
6740 			}
6741 			err = zonecfg_add_dev(handle, &in_progress_devtab);
6742 		} else {
6743 			err = zonecfg_modify_dev(handle, &old_devtab,
6744 			    &in_progress_devtab);
6745 		}
6746 		break;
6747 
6748 	case RT_RCTL:
6749 		/* First make sure everything was filled in. */
6750 		(void) end_check_reqd(in_progress_rctltab.zone_rctl_name,
6751 		    PT_NAME, &validation_failed);
6752 
6753 		if (in_progress_rctltab.zone_rctl_valptr == NULL) {
6754 			zerr(gettext("no %s specified"), pt_to_str(PT_VALUE));
6755 			validation_failed = B_TRUE;
6756 		}
6757 
6758 		if (validation_failed) {
6759 			saw_error = B_TRUE;
6760 			return;
6761 		}
6762 
6763 		if (end_op == CMD_ADD) {
6764 			/* Make sure there isn't already one like this. */
6765 			(void) strlcpy(tmp_rctltab.zone_rctl_name,
6766 			    in_progress_rctltab.zone_rctl_name,
6767 			    sizeof (tmp_rctltab.zone_rctl_name));
6768 			tmp_rctltab.zone_rctl_valptr = NULL;
6769 			err = zonecfg_lookup_rctl(handle, &tmp_rctltab);
6770 			zonecfg_free_rctl_value_list(
6771 			    tmp_rctltab.zone_rctl_valptr);
6772 			if (err == Z_OK) {
6773 				zerr(gettext("A %s resource "
6774 				    "with the %s '%s' already exists."),
6775 				    rt_to_str(RT_RCTL), pt_to_str(PT_NAME),
6776 				    in_progress_rctltab.zone_rctl_name);
6777 				saw_error = B_TRUE;
6778 				return;
6779 			}
6780 			err = zonecfg_add_rctl(handle, &in_progress_rctltab);
6781 		} else {
6782 			err = zonecfg_modify_rctl(handle, &old_rctltab,
6783 			    &in_progress_rctltab);
6784 		}
6785 		if (err == Z_OK) {
6786 			zonecfg_free_rctl_value_list(
6787 			    in_progress_rctltab.zone_rctl_valptr);
6788 			in_progress_rctltab.zone_rctl_valptr = NULL;
6789 		}
6790 		break;
6791 
6792 	case RT_ATTR:
6793 		/* First make sure everything was filled in. */
6794 		(void) end_check_reqd(in_progress_attrtab.zone_attr_name,
6795 		    PT_NAME, &validation_failed);
6796 		(void) end_check_reqd(in_progress_attrtab.zone_attr_type,
6797 		    PT_TYPE, &validation_failed);
6798 		(void) end_check_reqd(in_progress_attrtab.zone_attr_value,
6799 		    PT_VALUE, &validation_failed);
6800 
6801 		if (validate_attr_name(in_progress_attrtab.zone_attr_name) !=
6802 		    Z_OK)
6803 			validation_failed = B_TRUE;
6804 
6805 		if (validate_attr_type_val(&in_progress_attrtab) != Z_OK)
6806 			validation_failed = B_TRUE;
6807 
6808 		if (validation_failed) {
6809 			saw_error = B_TRUE;
6810 			return;
6811 		}
6812 		if (end_op == CMD_ADD) {
6813 			/* Make sure there isn't already one like this. */
6814 			bzero(&tmp_attrtab, sizeof (tmp_attrtab));
6815 			(void) strlcpy(tmp_attrtab.zone_attr_name,
6816 			    in_progress_attrtab.zone_attr_name,
6817 			    sizeof (tmp_attrtab.zone_attr_name));
6818 			if (zonecfg_lookup_attr(handle, &tmp_attrtab) == Z_OK) {
6819 				zerr(gettext("An %s resource "
6820 				    "with the %s '%s' already exists."),
6821 				    rt_to_str(RT_ATTR), pt_to_str(PT_NAME),
6822 				    in_progress_attrtab.zone_attr_name);
6823 				saw_error = B_TRUE;
6824 				return;
6825 			}
6826 			err = zonecfg_add_attr(handle, &in_progress_attrtab);
6827 		} else {
6828 			err = zonecfg_modify_attr(handle, &old_attrtab,
6829 			    &in_progress_attrtab);
6830 		}
6831 		break;
6832 	case RT_DATASET:
6833 		/* First make sure everything was filled in. */
6834 		if (strlen(in_progress_dstab.zone_dataset_name) == 0) {
6835 			zerr("%s %s", pt_to_str(PT_NAME),
6836 			    gettext("not specified"));
6837 			saw_error = B_TRUE;
6838 			validation_failed = B_TRUE;
6839 		}
6840 		if (validation_failed)
6841 			return;
6842 		if (end_op == CMD_ADD) {
6843 			/* Make sure there isn't already one like this. */
6844 			bzero(&tmp_dstab, sizeof (tmp_dstab));
6845 			(void) strlcpy(tmp_dstab.zone_dataset_name,
6846 			    in_progress_dstab.zone_dataset_name,
6847 			    sizeof (tmp_dstab.zone_dataset_name));
6848 			err = zonecfg_lookup_ds(handle, &tmp_dstab);
6849 			if (err == Z_OK) {
6850 				zerr(gettext("A %s resource "
6851 				    "with the %s '%s' already exists."),
6852 				    rt_to_str(RT_DATASET), pt_to_str(PT_NAME),
6853 				    in_progress_dstab.zone_dataset_name);
6854 				saw_error = B_TRUE;
6855 				return;
6856 			}
6857 			err = zonecfg_add_ds(handle, &in_progress_dstab);
6858 		} else {
6859 			err = zonecfg_modify_ds(handle, &old_dstab,
6860 			    &in_progress_dstab);
6861 		}
6862 		break;
6863 	case RT_DCPU:
6864 		/* Make sure everything was filled in. */
6865 		if (end_check_reqd(in_progress_psettab.zone_ncpu_min,
6866 		    PT_NCPUS, &validation_failed) != Z_OK) {
6867 			saw_error = B_TRUE;
6868 			return;
6869 		}
6870 
6871 		if (end_op == CMD_ADD) {
6872 			err = zonecfg_add_pset(handle, &in_progress_psettab);
6873 		} else {
6874 			err = zonecfg_modify_pset(handle, &in_progress_psettab);
6875 		}
6876 		break;
6877 	case RT_PCAP:
6878 		/* Make sure everything was filled in. */
6879 		if (zonecfg_get_aliased_rctl(handle, ALIAS_CPUCAP, &proc_cap)
6880 		    != Z_OK) {
6881 			zerr(gettext("%s not specified"), pt_to_str(PT_NCPUS));
6882 			saw_error = B_TRUE;
6883 			validation_failed = B_TRUE;
6884 			return;
6885 		}
6886 		err = Z_OK;
6887 		break;
6888 	case RT_MCAP:
6889 		/* Make sure everything was filled in. */
6890 		res1 = strlen(in_progress_mcaptab.zone_physmem_cap) == 0 ?
6891 		    Z_ERR : Z_OK;
6892 		res2 = zonecfg_get_aliased_rctl(handle, ALIAS_MAXSWAP,
6893 		    &swap_limit);
6894 		res3 = zonecfg_get_aliased_rctl(handle, ALIAS_MAXLOCKEDMEM,
6895 		    &locked_limit);
6896 
6897 		if (res1 != Z_OK && res2 != Z_OK && res3 != Z_OK) {
6898 			zerr(gettext("No property was specified.  One of %s, "
6899 			    "%s or %s is required."), pt_to_str(PT_PHYSICAL),
6900 			    pt_to_str(PT_SWAP), pt_to_str(PT_LOCKED));
6901 			saw_error = B_TRUE;
6902 			return;
6903 		}
6904 
6905 		/* if phys & locked are both set, verify locked <= phys */
6906 		if (res1 == Z_OK && res3 == Z_OK) {
6907 			uint64_t phys_limit;
6908 			char *endp;
6909 
6910 			phys_limit = strtoull(
6911 			    in_progress_mcaptab.zone_physmem_cap, &endp, 10);
6912 			if (phys_limit < locked_limit) {
6913 				zerr(gettext("The %s cap must be less than or "
6914 				    "equal to the %s cap."),
6915 				    pt_to_str(PT_LOCKED),
6916 				    pt_to_str(PT_PHYSICAL));
6917 				saw_error = B_TRUE;
6918 				return;
6919 			}
6920 		}
6921 
6922 		err = Z_OK;
6923 		if (res1 == Z_OK) {
6924 			/*
6925 			 * We could be ending from either an add operation
6926 			 * or a select operation.  Since all of the properties
6927 			 * within this resource are optional, we always use
6928 			 * modify on the mcap entry.  zonecfg_modify_mcap()
6929 			 * will handle both adding and modifying a memory cap.
6930 			 */
6931 			err = zonecfg_modify_mcap(handle, &in_progress_mcaptab);
6932 		} else if (end_op == CMD_SELECT) {
6933 			/*
6934 			 * If we're ending from a select and the physical
6935 			 * memory cap is empty then the user could have cleared
6936 			 * the physical cap value, so try to delete the entry.
6937 			 */
6938 			(void) zonecfg_delete_mcap(handle);
6939 		}
6940 		break;
6941 	case RT_ADMIN:
6942 		/* First make sure everything was filled in. */
6943 		if (end_check_reqd(in_progress_admintab.zone_admin_user,
6944 		    PT_USER, &validation_failed) == Z_OK) {
6945 			if (getpwnam(in_progress_admintab.zone_admin_user)
6946 			    == NULL) {
6947 				zerr(gettext("%s %s is not a valid username"),
6948 				    pt_to_str(PT_USER),
6949 				    in_progress_admintab.zone_admin_user);
6950 				validation_failed = B_TRUE;
6951 			}
6952 		}
6953 
6954 		if (end_check_reqd(in_progress_admintab.zone_admin_auths,
6955 		    PT_AUTHS, &validation_failed) == Z_OK) {
6956 			if (!zonecfg_valid_auths(
6957 			    in_progress_admintab.zone_admin_auths,
6958 			    zone)) {
6959 				validation_failed = B_TRUE;
6960 			}
6961 		}
6962 
6963 		if (validation_failed) {
6964 			saw_error = B_TRUE;
6965 			return;
6966 		}
6967 
6968 		if (end_op == CMD_ADD) {
6969 			/* Make sure there isn't already one like this. */
6970 			bzero(&tmp_admintab, sizeof (tmp_admintab));
6971 			(void) strlcpy(tmp_admintab.zone_admin_user,
6972 			    in_progress_admintab.zone_admin_user,
6973 			    sizeof (tmp_admintab.zone_admin_user));
6974 			err = zonecfg_lookup_admin(
6975 			    handle, &tmp_admintab);
6976 			if (err == Z_OK) {
6977 				zerr(gettext("A %s resource "
6978 				    "with the %s '%s' already exists."),
6979 				    rt_to_str(RT_ADMIN),
6980 				    pt_to_str(PT_USER),
6981 				    in_progress_admintab.zone_admin_user);
6982 				saw_error = B_TRUE;
6983 				return;
6984 			}
6985 			err = zonecfg_add_admin(handle,
6986 			    &in_progress_admintab, zone);
6987 		} else {
6988 			err = zonecfg_modify_admin(handle,
6989 			    &old_admintab, &in_progress_admintab,
6990 			    zone);
6991 		}
6992 		break;
6993 	case RT_SECFLAGS:
6994 		if (verify_secflags(&in_progress_secflagstab) != B_TRUE) {
6995 			saw_error = B_TRUE;
6996 			return;
6997 		}
6998 
6999 		if (end_op == CMD_ADD) {
7000 			err = zonecfg_add_secflags(handle,
7001 			    &in_progress_secflagstab);
7002 		} else {
7003 			err = zonecfg_modify_secflags(handle,
7004 			    &old_secflagstab, &in_progress_secflagstab);
7005 		}
7006 		break;
7007 	default:
7008 		zone_perror(rt_to_str(resource_scope), Z_NO_RESOURCE_TYPE,
7009 		    B_TRUE);
7010 		saw_error = B_TRUE;
7011 		return;
7012 	}
7013 
7014 	if (err != Z_OK) {
7015 		zone_perror(zone, err, B_TRUE);
7016 	} else {
7017 		need_to_commit = B_TRUE;
7018 		global_scope = B_TRUE;
7019 		end_op = -1;
7020 	}
7021 }
7022 
7023 void
commit_func(cmd_t * cmd)7024 commit_func(cmd_t *cmd)
7025 {
7026 	int arg;
7027 	boolean_t arg_err = B_FALSE;
7028 
7029 	optind = 0;
7030 	while ((arg = getopt(cmd->cmd_argc, cmd->cmd_argv, "?")) != EOF) {
7031 		switch (arg) {
7032 		case '?':
7033 			longer_usage(CMD_COMMIT);
7034 			arg_err = B_TRUE;
7035 			break;
7036 		default:
7037 			short_usage(CMD_COMMIT);
7038 			arg_err = B_TRUE;
7039 			break;
7040 		}
7041 	}
7042 	if (arg_err)
7043 		return;
7044 
7045 	if (optind != cmd->cmd_argc) {
7046 		short_usage(CMD_COMMIT);
7047 		return;
7048 	}
7049 
7050 	if (zone_is_read_only(CMD_COMMIT))
7051 		return;
7052 
7053 	assert(cmd != NULL);
7054 
7055 	cmd->cmd_argc = 1;
7056 	/*
7057 	 * cmd_arg normally comes from a strdup() in the lexer, and the
7058 	 * whole cmd structure and its (char *) attributes are freed at
7059 	 * the completion of each command, so the strdup() below is needed
7060 	 * to match this and prevent a core dump from trying to free()
7061 	 * something that can't be.
7062 	 */
7063 	if ((cmd->cmd_argv[0] = strdup("save")) == NULL) {
7064 		zone_perror(zone, Z_NOMEM, B_TRUE);
7065 		exit(Z_ERR);
7066 	}
7067 	cmd->cmd_argv[1] = NULL;
7068 	verify_func(cmd);
7069 }
7070 
7071 void
revert_func(cmd_t * cmd)7072 revert_func(cmd_t *cmd)
7073 {
7074 	char line[128];	/* enough to ask a question */
7075 	boolean_t force = B_FALSE;
7076 	boolean_t arg_err = B_FALSE;
7077 	int err, arg, answer;
7078 
7079 	optind = 0;
7080 	while ((arg = getopt(cmd->cmd_argc, cmd->cmd_argv, "?F")) != EOF) {
7081 		switch (arg) {
7082 		case '?':
7083 			longer_usage(CMD_REVERT);
7084 			arg_err = B_TRUE;
7085 			break;
7086 		case 'F':
7087 			force = B_TRUE;
7088 			break;
7089 		default:
7090 			short_usage(CMD_REVERT);
7091 			arg_err = B_TRUE;
7092 			break;
7093 		}
7094 	}
7095 	if (arg_err)
7096 		return;
7097 
7098 	if (optind != cmd->cmd_argc) {
7099 		short_usage(CMD_REVERT);
7100 		return;
7101 	}
7102 
7103 	if (zone_is_read_only(CMD_REVERT))
7104 		return;
7105 
7106 	if (!global_scope) {
7107 		zerr(gettext("You can only use %s in the global scope.\nUse"
7108 		    " '%s' to cancel changes to a resource specification."),
7109 		    cmd_to_str(CMD_REVERT), cmd_to_str(CMD_CANCEL));
7110 		saw_error = B_TRUE;
7111 		return;
7112 	}
7113 
7114 	if (zonecfg_check_handle(handle) != Z_OK) {
7115 		zerr(gettext("No changes to revert."));
7116 		saw_error = B_TRUE;
7117 		return;
7118 	}
7119 
7120 	if (!force) {
7121 		(void) snprintf(line, sizeof (line),
7122 		    gettext("Are you sure you want to revert"));
7123 		if ((answer = ask_yesno(B_FALSE, line)) == -1) {
7124 			zerr(gettext("Input not from terminal and -F not "
7125 			    "specified:\n%s command ignored, exiting."),
7126 			    cmd_to_str(CMD_REVERT));
7127 			exit(Z_ERR);
7128 		}
7129 		if (answer != 1)
7130 			return;
7131 	}
7132 
7133 	/*
7134 	 * Reset any pending admins that were
7135 	 * removed from the previous zone
7136 	 */
7137 	zonecfg_remove_userauths(handle, "", zone, B_FALSE);
7138 
7139 	/*
7140 	 * Time for a new handle: finish the old one off first
7141 	 * then get a new one properly to avoid leaks.
7142 	 */
7143 	zonecfg_fini_handle(handle);
7144 	if ((handle = zonecfg_init_handle()) == NULL) {
7145 		zone_perror(execname, Z_NOMEM, B_TRUE);
7146 		exit(Z_ERR);
7147 	}
7148 
7149 	if ((err = zonecfg_get_handle(revert_zone, handle)) != Z_OK) {
7150 		saw_error = B_TRUE;
7151 		got_handle = B_FALSE;
7152 		if (err == Z_NO_ZONE)
7153 			zerr(gettext("%s: no such saved zone to revert to."),
7154 			    revert_zone);
7155 		else
7156 			zone_perror(zone, err, B_TRUE);
7157 	}
7158 	(void) strlcpy(zone, revert_zone, sizeof (zone));
7159 }
7160 
7161 void
help_func(cmd_t * cmd)7162 help_func(cmd_t *cmd)
7163 {
7164 	int i;
7165 
7166 	assert(cmd != NULL);
7167 
7168 	if (cmd->cmd_argc == 0) {
7169 		usage(B_TRUE, global_scope ? HELP_SUBCMDS : HELP_RES_SCOPE);
7170 		return;
7171 	}
7172 	if (strcmp(cmd->cmd_argv[0], "usage") == 0) {
7173 		usage(B_TRUE, HELP_USAGE);
7174 		return;
7175 	}
7176 	if (strcmp(cmd->cmd_argv[0], "commands") == 0) {
7177 		usage(B_TRUE, HELP_SUBCMDS);
7178 		return;
7179 	}
7180 	if (strcmp(cmd->cmd_argv[0], "syntax") == 0) {
7181 		usage(B_TRUE, HELP_SYNTAX | HELP_RES_PROPS);
7182 		return;
7183 	}
7184 	if (strcmp(cmd->cmd_argv[0], "-?") == 0) {
7185 		longer_usage(CMD_HELP);
7186 		return;
7187 	}
7188 
7189 	for (i = 0; i <= CMD_MAX; i++) {
7190 		if (strcmp(cmd->cmd_argv[0], cmd_to_str(i)) == 0) {
7191 			longer_usage(i);
7192 			return;
7193 		}
7194 	}
7195 	/* We do not use zerr() here because we do not want its extra \n. */
7196 	(void) fprintf(stderr, gettext("Unknown help subject %s.  "),
7197 	    cmd->cmd_argv[0]);
7198 	usage(B_FALSE, HELP_META);
7199 }
7200 
7201 static int
string_to_yyin(char * string)7202 string_to_yyin(char *string)
7203 {
7204 	if ((yyin = tmpfile()) == NULL) {
7205 		zone_perror(execname, Z_TEMP_FILE, B_TRUE);
7206 		return (Z_ERR);
7207 	}
7208 	if (fwrite(string, strlen(string), 1, yyin) != 1) {
7209 		zone_perror(execname, Z_TEMP_FILE, B_TRUE);
7210 		return (Z_ERR);
7211 	}
7212 	if (fseek(yyin, 0, SEEK_SET) != 0) {
7213 		zone_perror(execname, Z_TEMP_FILE, B_TRUE);
7214 		return (Z_ERR);
7215 	}
7216 	return (Z_OK);
7217 }
7218 
7219 /* This is the back-end helper function for read_input() below. */
7220 
7221 static int
cleanup()7222 cleanup()
7223 {
7224 	int answer;
7225 	cmd_t *cmd;
7226 
7227 	if (!interactive_mode && !cmd_file_mode) {
7228 		/*
7229 		 * If we're not in interactive mode, and we're not in command
7230 		 * file mode, then we must be in commands-from-the-command-line
7231 		 * mode.  As such, we can't loop back and ask for more input.
7232 		 * It was OK to prompt for such things as whether or not to
7233 		 * really delete a zone in the command handler called from
7234 		 * yyparse() above, but "really quit?" makes no sense in this
7235 		 * context.  So disable prompting.
7236 		 */
7237 		ok_to_prompt = B_FALSE;
7238 	}
7239 	if (!global_scope) {
7240 		if (!time_to_exit) {
7241 			/*
7242 			 * Just print a simple error message in the -1 case,
7243 			 * since exit_func() already handles that case, and
7244 			 * EOF means we are finished anyway.
7245 			 */
7246 			answer = ask_yesno(B_FALSE,
7247 			    gettext("Resource incomplete; really quit"));
7248 			if (answer == -1) {
7249 				zerr(gettext("Resource incomplete."));
7250 				return (Z_ERR);
7251 			}
7252 			if (answer != 1) {
7253 				yyin = stdin;
7254 				return (Z_REPEAT);
7255 			}
7256 		} else {
7257 			saw_error = B_TRUE;
7258 		}
7259 	}
7260 	/*
7261 	 * Make sure we tried something and that the handle checks
7262 	 * out, or we would get a false error trying to commit.
7263 	 */
7264 	if (need_to_commit && zonecfg_check_handle(handle) == Z_OK) {
7265 		if ((cmd = alloc_cmd()) == NULL) {
7266 			zone_perror(zone, Z_NOMEM, B_TRUE);
7267 			return (Z_ERR);
7268 		}
7269 		cmd->cmd_argc = 0;
7270 		cmd->cmd_argv[0] = NULL;
7271 		commit_func(cmd);
7272 		free_cmd(cmd);
7273 		/*
7274 		 * need_to_commit will get set back to FALSE if the
7275 		 * configuration is saved successfully.
7276 		 */
7277 		if (need_to_commit) {
7278 			if (force_exit) {
7279 				zerr(gettext("Configuration not saved."));
7280 				return (Z_ERR);
7281 			}
7282 			answer = ask_yesno(B_FALSE,
7283 			    gettext("Configuration not saved; really quit"));
7284 			if (answer == -1) {
7285 				zerr(gettext("Configuration not saved."));
7286 				return (Z_ERR);
7287 			}
7288 			if (answer != 1) {
7289 				time_to_exit = B_FALSE;
7290 				yyin = stdin;
7291 				return (Z_REPEAT);
7292 			}
7293 		}
7294 	}
7295 	return ((need_to_commit || saw_error) ? Z_ERR : Z_OK);
7296 }
7297 
7298 /*
7299  * read_input() is the driver of this program.  It is a wrapper around
7300  * yyparse(), printing appropriate prompts when needed, checking for
7301  * exit conditions and reacting appropriately [the latter in its cleanup()
7302  * helper function].
7303  *
7304  * Like most zonecfg functions, it returns Z_OK or Z_ERR, *or* Z_REPEAT
7305  * so do_interactive() knows that we are not really done (i.e, we asked
7306  * the user if we should really quit and the user said no).
7307  */
7308 static int
read_input()7309 read_input()
7310 {
7311 	boolean_t yyin_is_a_tty = isatty(fileno(yyin));
7312 	/*
7313 	 * The prompt is "e:z> " or "e:z:r> " where e is execname, z is zone
7314 	 * and r is resource_scope: 5 is for the two ":"s + "> " + terminator.
7315 	 */
7316 	char prompt[MAXPATHLEN + ZONENAME_MAX + MAX_RT_STRLEN + 5], *line;
7317 
7318 	/* yyin should have been set to the appropriate (FILE *) if not stdin */
7319 	newline_terminated = B_TRUE;
7320 	for (;;) {
7321 		if (yyin_is_a_tty) {
7322 			if (newline_terminated) {
7323 				if (global_scope)
7324 					(void) snprintf(prompt, sizeof (prompt),
7325 					    "%s:%s> ", execname, zone);
7326 				else
7327 					(void) snprintf(prompt, sizeof (prompt),
7328 					    "%s:%s:%s> ", execname, zone,
7329 					    rt_to_str(resource_scope));
7330 			}
7331 			/*
7332 			 * If the user hits ^C then we want to catch it and
7333 			 * start over.  If the user hits EOF then we want to
7334 			 * bail out.
7335 			 */
7336 			line = gl_get_line(gl, prompt, NULL, -1);
7337 			if (gl_return_status(gl) == GLR_SIGNAL) {
7338 				gl_abandon_line(gl);
7339 				continue;
7340 			}
7341 			if (line == NULL)
7342 				break;
7343 			(void) string_to_yyin(line);
7344 			while (!feof(yyin))
7345 				yyparse();
7346 		} else {
7347 			yyparse();
7348 		}
7349 		/* Bail out on an error in command file mode. */
7350 		if (saw_error && cmd_file_mode && !interactive_mode)
7351 			time_to_exit = B_TRUE;
7352 		if (time_to_exit || (!yyin_is_a_tty && feof(yyin)))
7353 			break;
7354 	}
7355 	return (cleanup());
7356 }
7357 
7358 /*
7359  * This function is used in the zonecfg-interactive-mode scenario: it just
7360  * calls read_input() until we are done.
7361  */
7362 
7363 static int
do_interactive(void)7364 do_interactive(void)
7365 {
7366 	int err;
7367 
7368 	interactive_mode = B_TRUE;
7369 	if (!read_only_mode) {
7370 		/*
7371 		 * Try to set things up proactively in interactive mode, so
7372 		 * that if the zone in question does not exist yet, we can
7373 		 * provide the user with a clue.
7374 		 */
7375 		(void) initialize(B_FALSE);
7376 	}
7377 	do {
7378 		err = read_input();
7379 	} while (err == Z_REPEAT);
7380 	return (err);
7381 }
7382 
7383 /*
7384  * cmd_file is slightly more complicated, as it has to open the command file
7385  * and set yyin appropriately.  Once that is done, though, it just calls
7386  * read_input(), and only once, since prompting is not possible.
7387  */
7388 
7389 static int
cmd_file(char * file)7390 cmd_file(char *file)
7391 {
7392 	FILE *infile;
7393 	int err;
7394 	struct stat statbuf;
7395 	boolean_t using_real_file = (strcmp(file, "-") != 0);
7396 
7397 	if (using_real_file) {
7398 		/*
7399 		 * zerr() prints a line number in cmd_file_mode, which we do
7400 		 * not want here, so temporarily unset it.
7401 		 */
7402 		cmd_file_mode = B_FALSE;
7403 		if ((infile = fopen(file, "r")) == NULL) {
7404 			zerr(gettext("could not open file %s: %s"),
7405 			    file, strerror(errno));
7406 			return (Z_ERR);
7407 		}
7408 		if ((err = fstat(fileno(infile), &statbuf)) != 0) {
7409 			zerr(gettext("could not stat file %s: %s"),
7410 			    file, strerror(errno));
7411 			err = Z_ERR;
7412 			goto done;
7413 		}
7414 		if (!S_ISREG(statbuf.st_mode)) {
7415 			zerr(gettext("%s is not a regular file."), file);
7416 			err = Z_ERR;
7417 			goto done;
7418 		}
7419 		yyin = infile;
7420 		cmd_file_mode = B_TRUE;
7421 		ok_to_prompt = B_FALSE;
7422 	} else {
7423 		/*
7424 		 * "-f -" is essentially the same as interactive mode,
7425 		 * so treat it that way.
7426 		 */
7427 		interactive_mode = B_TRUE;
7428 	}
7429 	/* Z_REPEAT is for interactive mode; treat it like Z_ERR here. */
7430 	if ((err = read_input()) == Z_REPEAT)
7431 		err = Z_ERR;
7432 done:
7433 	if (using_real_file)
7434 		(void) fclose(infile);
7435 	return (err);
7436 }
7437 
7438 /*
7439  * Since yacc is based on reading from a (FILE *) whereas what we get from
7440  * the command line is in argv format, we need to convert when the user
7441  * gives us commands directly from the command line.  That is done here by
7442  * concatenating the argv list into a space-separated string, writing it
7443  * to a temp file, and rewinding the file so yyin can be set to it.  Then
7444  * we call read_input(), and only once, since prompting about whether to
7445  * continue or quit would make no sense in this context.
7446  */
7447 
7448 static int
one_command_at_a_time(int argc,char * argv[])7449 one_command_at_a_time(int argc, char *argv[])
7450 {
7451 	char *command;
7452 	size_t len = 2; /* terminal \n\0 */
7453 	int i, err;
7454 
7455 	for (i = 0; i < argc; i++)
7456 		len += strlen(argv[i]) + 1;
7457 	if ((command = malloc(len)) == NULL) {
7458 		zone_perror(execname, Z_NOMEM, B_TRUE);
7459 		return (Z_ERR);
7460 	}
7461 	(void) strlcpy(command, argv[0], len);
7462 	for (i = 1; i < argc; i++) {
7463 		(void) strlcat(command, " ", len);
7464 		(void) strlcat(command, argv[i], len);
7465 	}
7466 	(void) strlcat(command, "\n", len);
7467 	err = string_to_yyin(command);
7468 	free(command);
7469 	if (err != Z_OK)
7470 		return (err);
7471 	while (!feof(yyin))
7472 		yyparse();
7473 	return (cleanup());
7474 }
7475 
7476 static char *
get_execbasename(char * execfullname)7477 get_execbasename(char *execfullname)
7478 {
7479 	char *last_slash, *execbasename;
7480 
7481 	/* guard against '/' at end of command invocation */
7482 	for (;;) {
7483 		last_slash = strrchr(execfullname, '/');
7484 		if (last_slash == NULL) {
7485 			execbasename = execfullname;
7486 			break;
7487 		} else {
7488 			execbasename = last_slash + 1;
7489 			if (*execbasename == '\0') {
7490 				*last_slash = '\0';
7491 				continue;
7492 			}
7493 			break;
7494 		}
7495 	}
7496 	return (execbasename);
7497 }
7498 
7499 int
main(int argc,char * argv[])7500 main(int argc, char *argv[])
7501 {
7502 	int err, arg;
7503 	struct stat st;
7504 
7505 	/* This must be before anything goes to stdout. */
7506 	setbuf(stdout, NULL);
7507 
7508 	saw_error = B_FALSE;
7509 	cmd_file_mode = B_FALSE;
7510 	execname = get_execbasename(argv[0]);
7511 
7512 	(void) setlocale(LC_ALL, "");
7513 	(void) textdomain(TEXT_DOMAIN);
7514 
7515 	if (getzoneid() != GLOBAL_ZONEID) {
7516 		zerr(gettext("%s can only be run from the global zone."),
7517 		    execname);
7518 		exit(Z_ERR);
7519 	}
7520 
7521 	if (argc < 2) {
7522 		usage(B_FALSE, HELP_USAGE | HELP_SUBCMDS);
7523 		exit(Z_USAGE);
7524 	}
7525 	if (strcmp(argv[1], cmd_to_str(CMD_HELP)) == 0) {
7526 		(void) one_command_at_a_time(argc - 1, &(argv[1]));
7527 		exit(Z_OK);
7528 	}
7529 
7530 	while ((arg = getopt(argc, argv, "?f:R:z:")) != EOF) {
7531 		switch (arg) {
7532 		case '?':
7533 			if (optopt == '?')
7534 				usage(B_TRUE, HELP_USAGE | HELP_SUBCMDS);
7535 			else
7536 				usage(B_FALSE, HELP_USAGE);
7537 			exit(Z_USAGE);
7538 			/* NOTREACHED */
7539 		case 'f':
7540 			cmd_file_name = optarg;
7541 			cmd_file_mode = B_TRUE;
7542 			break;
7543 		case 'R':
7544 			if (*optarg != '/') {
7545 				zerr(gettext("root path must be absolute: %s"),
7546 				    optarg);
7547 				exit(Z_USAGE);
7548 			}
7549 			if (stat(optarg, &st) == -1 || !S_ISDIR(st.st_mode)) {
7550 				zerr(gettext(
7551 				    "root path must be a directory: %s"),
7552 				    optarg);
7553 				exit(Z_USAGE);
7554 			}
7555 			zonecfg_set_root(optarg);
7556 			break;
7557 		case 'z':
7558 			if (strcmp(optarg, GLOBAL_ZONENAME) == 0) {
7559 				global_zone = B_TRUE;
7560 			} else if (zonecfg_validate_zonename(optarg) != Z_OK) {
7561 				zone_perror(optarg, Z_BOGUS_ZONE_NAME, B_TRUE);
7562 				usage(B_FALSE, HELP_SYNTAX);
7563 				exit(Z_USAGE);
7564 			}
7565 			(void) strlcpy(zone, optarg, sizeof (zone));
7566 			(void) strlcpy(revert_zone, optarg, sizeof (zone));
7567 			break;
7568 		default:
7569 			usage(B_FALSE, HELP_USAGE);
7570 			exit(Z_USAGE);
7571 		}
7572 	}
7573 
7574 	if (optind > argc || strcmp(zone, "") == 0) {
7575 		usage(B_FALSE, HELP_USAGE);
7576 		exit(Z_USAGE);
7577 	}
7578 
7579 	if ((err = zonecfg_access(zone, W_OK)) == Z_OK) {
7580 		read_only_mode = B_FALSE;
7581 	} else if (err == Z_ACCES) {
7582 		read_only_mode = B_TRUE;
7583 		/* skip this message in one-off from command line mode */
7584 		if (optind == argc)
7585 			(void) fprintf(stderr, gettext("WARNING: you do not "
7586 			    "have write access to this zone's configuration "
7587 			    "file;\ngoing into read-only mode.\n"));
7588 	} else {
7589 		fprintf(stderr, "%s: Could not access zone configuration "
7590 		    "store: %s\n", execname, zonecfg_strerror(err));
7591 		exit(Z_ERR);
7592 	}
7593 
7594 	if ((handle = zonecfg_init_handle()) == NULL) {
7595 		zone_perror(execname, Z_NOMEM, B_TRUE);
7596 		exit(Z_ERR);
7597 	}
7598 
7599 	/*
7600 	 * This may get set back to FALSE again in cmd_file() if cmd_file_name
7601 	 * is a "real" file as opposed to "-" (i.e. meaning use stdin).
7602 	 */
7603 	if (isatty(STDIN_FILENO))
7604 		ok_to_prompt = B_TRUE;
7605 	if ((gl = new_GetLine(MAX_LINE_LEN, MAX_CMD_HIST)) == NULL)
7606 		exit(Z_ERR);
7607 	if (gl_customize_completion(gl, NULL, cmd_cpl_fn) != 0)
7608 		exit(Z_ERR);
7609 	(void) sigset(SIGINT, SIG_IGN);
7610 	if (optind == argc) {
7611 		if (!cmd_file_mode)
7612 			err = do_interactive();
7613 		else
7614 			err = cmd_file(cmd_file_name);
7615 	} else {
7616 		err = one_command_at_a_time(argc - optind, &(argv[optind]));
7617 	}
7618 	zonecfg_fini_handle(handle);
7619 	if (brand != NULL)
7620 		brand_close(brand);
7621 	(void) del_GetLine(gl);
7622 	return (err);
7623 }
7624