1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 
22 /*
23  * Copyright (c) 2006, 2010, Oracle and/or its affiliates. All rights reserved.
24  * Copyright 2018 Nexenta Systems, Inc.  All rights reserved.
25  * Copyright (c) 2016 by Delphix. All rights reserved.
26  */
27 
28 /*
29  * Share control API
30  */
31 #include <stdio.h>
32 #include <string.h>
33 #include <ctype.h>
34 #include <sys/types.h>
35 #include <sys/stat.h>
36 #include <fcntl.h>
37 #include <unistd.h>
38 #include <libxml/parser.h>
39 #include <libxml/tree.h>
40 #include "libshare.h"
41 #include "libshare_impl.h"
42 #include <libscf.h>
43 #include "scfutil.h"
44 #include <ctype.h>
45 #include <libintl.h>
46 #include <thread.h>
47 #include <synch.h>
48 #include <errno.h>
49 
50 #define	DFS_LOCK_FILE	"/etc/dfs/fstypes"
51 #define	SA_STRSIZE	256	/* max string size for names */
52 
53 /*
54  * internal object type values returned by sa_get_object_type()
55  */
56 #define	SA_TYPE_UNKNOWN		0
57 #define	SA_TYPE_GROUP		1
58 #define	SA_TYPE_SHARE		2
59 #define	SA_TYPE_RESOURCE	3
60 #define	SA_TYPE_OPTIONSET	4
61 #define	SA_TYPE_ALTSPACE	5
62 
63 /*
64  * internal data structures
65  */
66 
67 extern struct sa_proto_plugin *sap_proto_list;
68 
69 /* current SMF/SVC repository handle */
70 extern void getlegacyconfig(sa_handle_t, char *, xmlNodePtr *);
71 extern int gettransients(sa_handle_impl_t, xmlNodePtr *);
72 extern int get_one_transient(sa_handle_impl_t, xmlNodePtr *, char **, size_t);
73 extern char *sa_fstype(char *);
74 extern int sa_is_share(void *);
75 extern int sa_is_resource(void *);
76 extern ssize_t scf_max_name_len; /* defined in scfutil during initialization */
77 extern int sa_group_is_zfs(sa_group_t);
78 extern int sa_path_is_zfs(char *);
79 extern int sa_zfs_set_sharenfs(sa_group_t, char *, int);
80 extern int sa_zfs_set_sharesmb(sa_group_t, char *, int);
81 extern void update_legacy_config(sa_handle_t);
82 extern int issubdir(char *, char *);
83 extern int sa_zfs_init(sa_handle_impl_t);
84 extern void sa_zfs_fini(sa_handle_impl_t);
85 extern void sablocksigs(sigset_t *);
86 extern void saunblocksigs(sigset_t *);
87 static sa_group_t sa_get_optionset_parent(sa_optionset_t);
88 static char *get_node_attr(void *, char *);
89 extern void sa_update_sharetab_ts(sa_handle_t);
90 
91 /*
92  * Data structures for finding/managing the document root to access
93  * handle mapping. The list isn't expected to grow very large so a
94  * simple list is acceptable. The purpose is to provide a way to start
95  * with a group or share and find the library handle needed for
96  * various operations.
97  */
98 mutex_t sa_global_lock;
99 struct doc2handle {
100 	struct doc2handle	*next;
101 	xmlNodePtr		root;
102 	sa_handle_impl_t	handle;
103 };
104 
105 mutex_t sa_dfstab_lock;
106 
107 /* definitions used in a couple of property functions */
108 #define	SA_PROP_OP_REMOVE	1
109 #define	SA_PROP_OP_ADD		2
110 #define	SA_PROP_OP_UPDATE	3
111 
112 static struct doc2handle *sa_global_handles = NULL;
113 
114 /* helper functions */
115 
116 /*
117  * sa_errorstr(err)
118  *
119  * convert an error value to an error string
120  */
121 
122 char *
sa_errorstr(int err)123 sa_errorstr(int err)
124 {
125 	static char errstr[32];
126 	char *ret = NULL;
127 
128 	switch (err) {
129 	case SA_OK:
130 		ret = dgettext(TEXT_DOMAIN, "ok");
131 		break;
132 	case SA_NO_SUCH_PATH:
133 		ret = dgettext(TEXT_DOMAIN, "path doesn't exist");
134 		break;
135 	case SA_NO_MEMORY:
136 		ret = dgettext(TEXT_DOMAIN, "no memory");
137 		break;
138 	case SA_DUPLICATE_NAME:
139 		ret = dgettext(TEXT_DOMAIN, "name in use");
140 		break;
141 	case SA_BAD_PATH:
142 		ret = dgettext(TEXT_DOMAIN, "bad path");
143 		break;
144 	case SA_NO_SUCH_GROUP:
145 		ret = dgettext(TEXT_DOMAIN, "no such group");
146 		break;
147 	case SA_CONFIG_ERR:
148 		ret = dgettext(TEXT_DOMAIN, "configuration error");
149 		break;
150 	case SA_SYSTEM_ERR:
151 		ret = dgettext(TEXT_DOMAIN, "system error");
152 		break;
153 	case SA_SYNTAX_ERR:
154 		ret = dgettext(TEXT_DOMAIN, "syntax error");
155 		break;
156 	case SA_NO_PERMISSION:
157 		ret = dgettext(TEXT_DOMAIN, "no permission");
158 		break;
159 	case SA_BUSY:
160 		ret = dgettext(TEXT_DOMAIN, "busy");
161 		break;
162 	case SA_NO_SUCH_PROP:
163 		ret = dgettext(TEXT_DOMAIN, "no such property");
164 		break;
165 	case SA_INVALID_NAME:
166 		ret = dgettext(TEXT_DOMAIN, "invalid name");
167 		break;
168 	case SA_INVALID_PROTOCOL:
169 		ret = dgettext(TEXT_DOMAIN, "invalid protocol");
170 		break;
171 	case SA_NOT_ALLOWED:
172 		ret = dgettext(TEXT_DOMAIN, "operation not allowed");
173 		break;
174 	case SA_BAD_VALUE:
175 		ret = dgettext(TEXT_DOMAIN, "bad property value");
176 		break;
177 	case SA_INVALID_SECURITY:
178 		ret = dgettext(TEXT_DOMAIN, "invalid security type");
179 		break;
180 	case SA_NO_SUCH_SECURITY:
181 		ret = dgettext(TEXT_DOMAIN, "security type not found");
182 		break;
183 	case SA_VALUE_CONFLICT:
184 		ret = dgettext(TEXT_DOMAIN, "property value conflict");
185 		break;
186 	case SA_NOT_IMPLEMENTED:
187 		ret = dgettext(TEXT_DOMAIN, "not implemented");
188 		break;
189 	case SA_INVALID_PATH:
190 		ret = dgettext(TEXT_DOMAIN, "invalid path");
191 		break;
192 	case SA_NOT_SUPPORTED:
193 		ret = dgettext(TEXT_DOMAIN, "operation not supported");
194 		break;
195 	case SA_PROP_SHARE_ONLY:
196 		ret = dgettext(TEXT_DOMAIN, "property not valid for group");
197 		break;
198 	case SA_NOT_SHARED:
199 		ret = dgettext(TEXT_DOMAIN, "not shared");
200 		break;
201 	case SA_NO_SUCH_RESOURCE:
202 		ret = dgettext(TEXT_DOMAIN, "no such resource");
203 		break;
204 	case SA_RESOURCE_REQUIRED:
205 		ret = dgettext(TEXT_DOMAIN, "resource name required");
206 		break;
207 	case SA_MULTIPLE_ERROR:
208 		ret = dgettext(TEXT_DOMAIN, "errors from multiple protocols");
209 		break;
210 	case SA_PATH_IS_SUBDIR:
211 		ret = dgettext(TEXT_DOMAIN, "path is a subpath of share");
212 		break;
213 	case SA_PATH_IS_PARENTDIR:
214 		ret = dgettext(TEXT_DOMAIN, "path is parent of a share");
215 		break;
216 	case SA_NO_SECTION:
217 		ret = dgettext(TEXT_DOMAIN, "protocol requires a section");
218 		break;
219 	case SA_NO_PROPERTIES:
220 		ret = dgettext(TEXT_DOMAIN, "properties not found");
221 		break;
222 	case SA_NO_SUCH_SECTION:
223 		ret = dgettext(TEXT_DOMAIN, "section not found");
224 		break;
225 	case SA_PASSWORD_ENC:
226 		ret = dgettext(TEXT_DOMAIN, "passwords must be encrypted");
227 		break;
228 	case SA_SHARE_EXISTS:
229 		ret = dgettext(TEXT_DOMAIN, "path or file is already shared");
230 		break;
231 	default:
232 		(void) snprintf(errstr, sizeof (errstr),
233 		    dgettext(TEXT_DOMAIN, "unknown %d"), err);
234 		ret = errstr;
235 	}
236 	return (ret);
237 }
238 
239 /*
240  * Document root to active handle mapping functions.  These are only
241  * used internally. A mutex is used to prevent access while the list
242  * is changing. In general, the list will be relatively short - one
243  * item per thread that has called sa_init().
244  */
245 
246 sa_handle_impl_t
get_handle_for_root(xmlNodePtr root)247 get_handle_for_root(xmlNodePtr root)
248 {
249 	struct doc2handle *item;
250 
251 	(void) mutex_lock(&sa_global_lock);
252 	for (item = sa_global_handles; item != NULL; item = item->next) {
253 		if (item->root == root)
254 			break;
255 	}
256 	(void) mutex_unlock(&sa_global_lock);
257 	if (item != NULL)
258 		return (item->handle);
259 	return (NULL);
260 }
261 
262 static int
add_handle_for_root(xmlNodePtr root,sa_handle_impl_t handle)263 add_handle_for_root(xmlNodePtr root, sa_handle_impl_t handle)
264 {
265 	struct doc2handle *item;
266 	int ret = SA_NO_MEMORY;
267 
268 	item = (struct doc2handle *)calloc(sizeof (struct doc2handle), 1);
269 	if (item != NULL) {
270 		item->root = root;
271 		item->handle = handle;
272 		(void) mutex_lock(&sa_global_lock);
273 		item->next = sa_global_handles;
274 		sa_global_handles = item;
275 		(void) mutex_unlock(&sa_global_lock);
276 		ret = SA_OK;
277 	}
278 	return (ret);
279 }
280 
281 /*
282  * remove_handle_for_root(root)
283  *
284  * Walks the list of handles and removes the one for this "root" from
285  * the list. It is up to the caller to free the data.
286  */
287 
288 static void
remove_handle_for_root(xmlNodePtr root)289 remove_handle_for_root(xmlNodePtr root)
290 {
291 	struct doc2handle *item, *prev;
292 
293 	(void) mutex_lock(&sa_global_lock);
294 	for (prev = NULL, item = sa_global_handles; item != NULL;
295 	    item = item->next) {
296 		if (item->root == root) {
297 			/* first in the list */
298 			if (prev == NULL)
299 				sa_global_handles = sa_global_handles->next;
300 			else
301 				prev->next = item->next;
302 			/* Item is out of the list so free the list structure */
303 			free(item);
304 			break;
305 		}
306 		prev = item;
307 	}
308 	(void) mutex_unlock(&sa_global_lock);
309 }
310 
311 /*
312  * sa_find_group_handle(sa_group_t group)
313  *
314  * Find the sa_handle_t for the configuration associated with this
315  * group.
316  */
317 sa_handle_t
sa_find_group_handle(sa_group_t group)318 sa_find_group_handle(sa_group_t group)
319 {
320 	xmlNodePtr node = (xmlNodePtr)group;
321 	sa_handle_t handle;
322 
323 	while (node != NULL) {
324 		if (strcmp((char *)(node->name), "sharecfg") == 0) {
325 			/* have the root so get the handle */
326 			handle = (sa_handle_t)get_handle_for_root(node);
327 			return (handle);
328 		}
329 		node = node->parent;
330 	}
331 	return (NULL);
332 }
333 
334 /*
335  * set_legacy_timestamp(root, path, timevalue)
336  *
337  * add the current timestamp value to the configuration for use in
338  * determining when to update the legacy files.  For SMF, this
339  * property is kept in default/operation/legacy_timestamp
340  */
341 
342 static void
set_legacy_timestamp(xmlNodePtr root,char * path,uint64_t tval)343 set_legacy_timestamp(xmlNodePtr root, char *path, uint64_t tval)
344 {
345 	xmlNodePtr node;
346 	xmlChar *lpath = NULL;
347 	sa_handle_impl_t handle;
348 
349 	/* Have to have a handle or else we weren't initialized. */
350 	handle = get_handle_for_root(root);
351 	if (handle == NULL)
352 		return;
353 
354 	for (node = root->xmlChildrenNode; node != NULL;
355 	    node = node->next) {
356 		if (xmlStrcmp(node->name, (xmlChar *)"legacy") == 0) {
357 			/* a possible legacy node for this path */
358 			lpath = xmlGetProp(node, (xmlChar *)"path");
359 			if (lpath != NULL &&
360 			    xmlStrcmp(lpath, (xmlChar *)path) == 0) {
361 				xmlFree(lpath);
362 				break;
363 			}
364 			if (lpath != NULL)
365 				xmlFree(lpath);
366 		}
367 	}
368 	if (node == NULL) {
369 		/* need to create the first legacy timestamp node */
370 		node = xmlNewChild(root, NULL, (xmlChar *)"legacy", NULL);
371 	}
372 	if (node != NULL) {
373 		char tstring[32];
374 		int ret;
375 
376 		(void) snprintf(tstring, sizeof (tstring), "%lld", tval);
377 		(void) xmlSetProp(node, (xmlChar *)"timestamp",
378 		    (xmlChar *)tstring);
379 		(void) xmlSetProp(node, (xmlChar *)"path", (xmlChar *)path);
380 		/* now commit to SMF */
381 		ret = sa_get_instance(handle->scfhandle, "default");
382 		if (ret == SA_OK) {
383 			ret = sa_start_transaction(handle->scfhandle,
384 			    "operation");
385 			if (ret == SA_OK) {
386 				ret = sa_set_property(handle->scfhandle,
387 				    "legacy-timestamp", tstring);
388 				if (ret == SA_OK) {
389 					(void) sa_end_transaction(
390 					    handle->scfhandle, handle);
391 				} else {
392 					sa_abort_transaction(handle->scfhandle);
393 				}
394 			}
395 		}
396 	}
397 }
398 
399 /*
400  * is_shared(share)
401  *
402  * determine if the specified share is currently shared or not.
403  */
404 static int
is_shared(sa_share_t share)405 is_shared(sa_share_t share)
406 {
407 	char *shared;
408 	int result = 0; /* assume not */
409 
410 	shared = sa_get_share_attr(share, "shared");
411 	if (shared != NULL) {
412 		if (strcmp(shared, "true") == 0)
413 			result = 1;
414 		sa_free_attr_string(shared);
415 	}
416 	return (result);
417 }
418 
419 /*
420  * excluded_protocol(share, proto)
421  *
422  * Returns B_TRUE if the specified protocol appears in the "exclude"
423  * property. This is used to prevent sharing special case shares
424  * (e.g. subdirs when SMB wants a subdir and NFS doesn't. B_FALSE is
425  * returned if the protocol isn't in the list.
426  */
427 static boolean_t
excluded_protocol(sa_share_t share,char * proto)428 excluded_protocol(sa_share_t share, char *proto)
429 {
430 	char *protolist;
431 	char *str;
432 	char *token;
433 
434 	protolist = sa_get_share_attr(share, "exclude");
435 	if (protolist != NULL) {
436 		str = protolist;
437 		while ((token = strtok(str, ",")) != NULL) {
438 			if (strcmp(token, proto) == 0) {
439 				sa_free_attr_string(protolist);
440 				return (B_TRUE);
441 			}
442 			str = NULL;
443 		}
444 		sa_free_attr_string(protolist);
445 	}
446 	return (B_FALSE);
447 }
448 
449 /*
450  * checksubdirgroup(group, newpath, strictness)
451  *
452  * check all the specified newpath against all the paths in the
453  * group. This is a helper function for checksubdir to make it easier
454  * to also check ZFS subgroups.
455  * The strictness values mean:
456  * SA_CHECK_NORMAL == only check newpath against shares that are active
457  * SA_CHECK_STRICT == check newpath against both active shares and those
458  *		      stored in the repository
459  */
460 static int
checksubdirgroup(sa_group_t group,char * newpath,int strictness)461 checksubdirgroup(sa_group_t group, char *newpath, int strictness)
462 {
463 	sa_share_t share;
464 	char *path;
465 	int issub = SA_OK;
466 	int subdir;
467 	int parent;
468 
469 	if (newpath == NULL)
470 		return (SA_INVALID_PATH);
471 
472 	for (share = sa_get_share(group, NULL); share != NULL;
473 	    share = sa_get_next_share(share)) {
474 		/*
475 		 * The original behavior of share never checked
476 		 * against the permanent configuration
477 		 * (/etc/dfs/dfstab).  PIT has a number of cases where
478 		 * it depends on this older behavior even though it
479 		 * could be considered incorrect.  We may tighten this
480 		 * up in the future.
481 		 */
482 		if (strictness == SA_CHECK_NORMAL && !is_shared(share))
483 			continue;
484 
485 		path = sa_get_share_attr(share, "path");
486 		/*
487 		 * If path is NULL, then a share is in the process of
488 		 * construction or someone has modified the property
489 		 * group inappropriately. It should be
490 		 * ignored. issubdir() comes from the original share
491 		 * implementation and does the difficult part of
492 		 * checking subdirectories.
493 		 */
494 		if (path == NULL)
495 			continue;
496 
497 		if (strcmp(path, newpath) == 0) {
498 			issub = SA_INVALID_PATH;
499 		} else {
500 			subdir = issubdir(newpath, path);
501 			parent = issubdir(path, newpath);
502 			if (subdir || parent) {
503 				sa_free_attr_string(path);
504 				path = NULL;
505 				return (subdir ?
506 				    SA_PATH_IS_SUBDIR : SA_PATH_IS_PARENTDIR);
507 			}
508 		}
509 		sa_free_attr_string(path);
510 		path = NULL;
511 	}
512 	return (issub);
513 }
514 
515 /*
516  * checksubdir(newpath, strictness)
517  *
518  * checksubdir determines if the specified path (newpath) is a
519  * subdirectory of another share. It calls checksubdirgroup() to do
520  * the complicated work. The strictness parameter determines how
521  * strict a check to make against the path. The strictness values
522  * mean: SA_CHECK_NORMAL == only check newpath against shares that are
523  * active SA_CHECK_STRICT == check newpath against both active shares
524  * and those * stored in the repository
525  */
526 static int
checksubdir(sa_handle_t handle,char * newpath,int strictness)527 checksubdir(sa_handle_t handle, char *newpath, int strictness)
528 {
529 	sa_group_t group;
530 	int issub = SA_OK;
531 	char *path = NULL;
532 
533 	for (group = sa_get_group(handle, NULL);
534 	    group != NULL && issub == SA_OK;
535 	    group = sa_get_next_group(group)) {
536 		if (sa_group_is_zfs(group)) {
537 			sa_group_t subgroup;
538 			for (subgroup = sa_get_sub_group(group);
539 			    subgroup != NULL && issub == SA_OK;
540 			    subgroup = sa_get_next_group(subgroup))
541 				issub = checksubdirgroup(subgroup, newpath,
542 				    strictness);
543 		} else {
544 			issub = checksubdirgroup(group, newpath, strictness);
545 		}
546 	}
547 	if (path != NULL)
548 		sa_free_attr_string(path);
549 	return (issub);
550 }
551 
552 /*
553  * validpath(path, strictness)
554  * determine if the provided path is valid for a share. It shouldn't
555  * be a sub-dir of an already shared path or the parent directory of a
556  * share path.
557  */
558 static int
validpath(sa_handle_t handle,char * path,int strictness)559 validpath(sa_handle_t handle, char *path, int strictness)
560 {
561 	int error = SA_OK;
562 	struct stat st;
563 	sa_share_t share;
564 	char *fstype;
565 
566 	if (*path != '/')
567 		return (SA_BAD_PATH);
568 
569 	if (stat(path, &st) < 0) {
570 		error = SA_NO_SUCH_PATH;
571 	} else {
572 		share = sa_find_share(handle, path);
573 		if (share != NULL)
574 			error = SA_DUPLICATE_NAME;
575 
576 		if (error == SA_OK) {
577 			/*
578 			 * check for special case with file system
579 			 * that might have restrictions.  For now, ZFS
580 			 * is the only case since it has its own idea
581 			 * of how to configure shares. We do this
582 			 * before subdir checking since things like
583 			 * ZFS will do that for us. This should also
584 			 * be done via plugin interface.
585 			 */
586 			fstype = sa_fstype(path);
587 			if (fstype != NULL && strcmp(fstype, "zfs") == 0) {
588 				if (sa_zfs_is_shared(handle, path))
589 					error = SA_INVALID_NAME;
590 			}
591 			if (fstype != NULL)
592 				sa_free_fstype(fstype);
593 		}
594 		if (error == SA_OK)
595 			error = checksubdir(handle, path, strictness);
596 	}
597 	return (error);
598 }
599 
600 /*
601  * check to see if group/share is persistent.
602  *
603  * "group" can be either an sa_group_t or an sa_share_t. (void *)
604  * works since both these types are also void *.
605  * If the share is a ZFS share, mark it as persistent.
606  */
607 int
sa_is_persistent(void * group)608 sa_is_persistent(void *group)
609 {
610 	char *type;
611 	int persist = 1;
612 	sa_group_t grp;
613 
614 	type = sa_get_group_attr((sa_group_t)group, "type");
615 	if (type != NULL) {
616 		if (strcmp(type, "transient") == 0)
617 			persist = 0;
618 		sa_free_attr_string(type);
619 	}
620 
621 	grp = (sa_is_share(group)) ? sa_get_parent_group(group) : group;
622 	if (sa_group_is_zfs(grp))
623 		persist = 1;
624 
625 	return (persist);
626 }
627 
628 /*
629  * sa_valid_group_name(name)
630  *
631  * check that the "name" contains only valid characters and otherwise
632  * fits the required naming conventions. Valid names must start with
633  * an alphabetic and the remainder may consist of only alphanumeric
634  * plus the '-' and '_' characters. This name limitation comes from
635  * inherent limitations in SMF.
636  */
637 
638 int
sa_valid_group_name(char * name)639 sa_valid_group_name(char *name)
640 {
641 	int ret = 1;
642 	ssize_t len;
643 
644 	if (name != NULL && isalpha(*name)) {
645 		char c;
646 		len = strlen(name);
647 		if (len < (scf_max_name_len - sizeof ("group:"))) {
648 			for (c = *name++; c != '\0' && ret != 0; c = *name++) {
649 				if (!isalnum(c) && c != '-' && c != '_')
650 					ret = 0;
651 			}
652 		} else {
653 			ret = 0;
654 		}
655 	} else {
656 		ret = 0;
657 	}
658 	return (ret);
659 }
660 
661 
662 /*
663  * is_zfs_group(group)
664  *	Determine if the specified group is a ZFS sharenfs group
665  */
666 static int
is_zfs_group(sa_group_t group)667 is_zfs_group(sa_group_t group)
668 {
669 	int ret = 0;
670 	xmlNodePtr parent;
671 	xmlChar *zfs;
672 
673 	if (strcmp((char *)((xmlNodePtr)group)->name, "share") == 0)
674 		parent = (xmlNodePtr)sa_get_parent_group(group);
675 	else
676 		parent = (xmlNodePtr)group;
677 	zfs = xmlGetProp(parent, (xmlChar *)"zfs");
678 	if (zfs != NULL) {
679 		xmlFree(zfs);
680 		ret = 1;
681 	}
682 	return (ret);
683 }
684 
685 /*
686  * sa_get_object_type(object)
687  *
688  * This function returns a numeric value representing the object
689  * type. This allows using simpler checks when doing type specific
690  * operations.
691  */
692 
693 static int
sa_get_object_type(void * object)694 sa_get_object_type(void *object)
695 {
696 	xmlNodePtr node = (xmlNodePtr)object;
697 	int type;
698 
699 	if (xmlStrcmp(node->name, (xmlChar *)"group") == 0)
700 		type = SA_TYPE_GROUP;
701 	else if (xmlStrcmp(node->name, (xmlChar *)"share") == 0)
702 		type = SA_TYPE_SHARE;
703 	else if (xmlStrcmp(node->name, (xmlChar *)"resource") == 0)
704 		type = SA_TYPE_RESOURCE;
705 	else if (xmlStrcmp(node->name, (xmlChar *)"optionset") == 0)
706 		type = SA_TYPE_OPTIONSET;
707 	else if (xmlStrcmp(node->name, (xmlChar *)"security") == 0)
708 		type = SA_TYPE_ALTSPACE;
709 	else
710 		assert(0);
711 	return (type);
712 }
713 
714 /*
715  * sa_optionset_name(optionset, oname, len, id)
716  *	return the SMF name for the optionset. If id is not NULL, it
717  *	will have the GUID value for a share and should be used
718  *	instead of the keyword "optionset" which is used for
719  *	groups. If the optionset doesn't have a protocol type
720  *	associated with it, "default" is used. This shouldn't happen
721  *	at this point but may be desirable in the future if there are
722  *	protocol independent properties added. The name is returned in
723  *	oname.
724  */
725 
726 static int
sa_optionset_name(sa_optionset_t optionset,char * oname,size_t len,char * id)727 sa_optionset_name(sa_optionset_t optionset, char *oname, size_t len, char *id)
728 {
729 	char *proto;
730 	void *parent;
731 	int ptype;
732 
733 	if (id == NULL)
734 		id = "optionset";
735 
736 	parent = sa_get_optionset_parent(optionset);
737 	if (parent != NULL) {
738 		ptype = sa_get_object_type(parent);
739 		proto = sa_get_optionset_attr(optionset, "type");
740 		if (ptype != SA_TYPE_RESOURCE) {
741 			len = snprintf(oname, len, "%s_%s", id,
742 			    proto ? proto : "default");
743 		} else {
744 			char *index;
745 			index = get_node_attr((void *)parent, "id");
746 			if (index != NULL) {
747 				len = snprintf(oname, len, "%s_%s_%s", id,
748 				    proto ? proto : "default", index);
749 				sa_free_attr_string(index);
750 			} else {
751 				len = 0;
752 			}
753 		}
754 
755 		if (proto != NULL)
756 			sa_free_attr_string(proto);
757 	} else {
758 		len = 0;
759 	}
760 	return (len);
761 }
762 
763 /*
764  * sa_security_name(optionset, oname, len, id)
765  *
766  * return the SMF name for the security. If id is not NULL, it will
767  * have the GUID value for a share and should be used instead of the
768  * keyword "optionset" which is used for groups. If the optionset
769  * doesn't have a protocol type associated with it, "default" is
770  * used. This shouldn't happen at this point but may be desirable in
771  * the future if there are protocol independent properties added. The
772  * name is returned in oname. The security type is also encoded into
773  * the name. In the future, this wil *be handled a bit differently.
774  */
775 
776 static int
sa_security_name(sa_security_t security,char * oname,size_t len,char * id)777 sa_security_name(sa_security_t security, char *oname, size_t len, char *id)
778 {
779 	char *proto;
780 	char *sectype;
781 
782 	if (id == NULL)
783 		id = "optionset";
784 
785 	proto = sa_get_security_attr(security, "type");
786 	sectype = sa_get_security_attr(security, "sectype");
787 	len = snprintf(oname, len, "%s_%s_%s", id, proto ? proto : "default",
788 	    sectype ? sectype : "default");
789 	if (proto != NULL)
790 		sa_free_attr_string(proto);
791 	if (sectype != NULL)
792 		sa_free_attr_string(sectype);
793 	return (len);
794 }
795 
796 /*
797  * verifydefgroupopts(handle)
798  *
799  * Make sure a "default" group exists and has default protocols enabled.
800  */
801 static void
verifydefgroupopts(sa_handle_t handle)802 verifydefgroupopts(sa_handle_t handle)
803 {
804 	sa_group_t defgrp;
805 	sa_optionset_t opt;
806 
807 	defgrp = sa_get_group(handle, "default");
808 	if (defgrp != NULL) {
809 		opt = sa_get_optionset(defgrp, NULL);
810 		/*
811 		 * NFS is the default for default group
812 		 */
813 		if (opt == NULL)
814 			opt = sa_create_optionset(defgrp, "nfs");
815 	}
816 }
817 
818 /*
819  * sa_init_impl(init_service, arg)
820  *	Initialize the API
821  *	find all the shared objects
822  *	init the tables with all objects
823  *	read in the current configuration
824  *
825  *	arg is a parameter passed in whose meaning is based on the init_service.
826  *	See libshare.h under API initialization.
827  */
828 #define	GETPROP(prop)	scf_simple_prop_next_astring(prop)
829 #define	CHECKTSTAMP(st, tval)	stat(SA_LEGACY_DFSTAB, &st) >= 0 && \
830 	tval != TSTAMP(st.st_ctim)
831 static sa_handle_t
sa_init_impl(int init_service,void * arg)832 sa_init_impl(int init_service, void *arg)
833 {
834 	struct stat st;
835 	/* legacy is used for debugging only as far as I can tell */
836 	int legacy = 0;
837 	uint64_t tval = 0;
838 	int lockfd;
839 	sigset_t old;
840 	int updatelegacy = B_FALSE;
841 	scf_simple_prop_t *prop;
842 	sa_handle_impl_t handle;
843 	int err;
844 
845 	handle = calloc(sizeof (struct sa_handle_impl), 1);
846 
847 	if (handle != NULL) {
848 		handle->sa_service = init_service;
849 		/*
850 		 * Get protocol specific structures, but only if this
851 		 * is the only handle.
852 		 */
853 		(void) mutex_lock(&sa_global_lock);
854 		if (sa_global_handles == NULL)
855 			(void) proto_plugin_init();
856 		(void) mutex_unlock(&sa_global_lock);
857 		if (init_service & (SA_INIT_SHARE_API |
858 		    SA_INIT_SHARE_API_SELECTIVE | SA_INIT_ONE_SHARE_FROM_NAME |
859 		    SA_INIT_ONE_SHARE_FROM_HANDLE)) {
860 			/*
861 			 * initialize access into libzfs. We use this
862 			 * when collecting info about ZFS datasets and
863 			 * shares.
864 			 */
865 			if (sa_zfs_init(handle) == B_FALSE) {
866 				free(handle);
867 				(void) mutex_lock(&sa_global_lock);
868 				(void) proto_plugin_fini();
869 				(void) mutex_unlock(&sa_global_lock);
870 				return (NULL);
871 			}
872 			/*
873 			 * since we want to use SMF, initialize an svc handle
874 			 * and find out what is there.
875 			 */
876 			handle->scfhandle = sa_scf_init(handle);
877 			if (handle->scfhandle != NULL) {
878 				/*
879 				 * Need to lock the extraction of the
880 				 * configuration if the dfstab file has
881 				 * changed. Lock everything now and release if
882 				 * not needed.  Use a file that isn't being
883 				 * manipulated by other parts of the system in
884 				 * order to not interfere with locking. Using
885 				 * dfstab doesn't work.
886 				 */
887 				sablocksigs(&old);
888 				lockfd = open(DFS_LOCK_FILE, O_RDWR);
889 				if (lockfd >= 0) {
890 					errno = 0;
891 					(void) lockf(lockfd, F_LOCK, 0);
892 					(void) mutex_lock(&sa_dfstab_lock);
893 					/*
894 					 * Check whether we are going to need
895 					 * to merge any dfstab changes. This
896 					 * is done by comparing the value of
897 					 * legacy-timestamp with the current
898 					 * st_ctim of the file. If they are
899 					 * different, an update is needed and
900 					 * the file must remain locked until
901 					 * the merge is done in order to
902 					 * prevent multiple startups from
903 					 * changing the SMF repository at the
904 					 * same time.  The first to get the
905 					 * lock will make any changes before
906 					 * the others can read the repository.
907 					 */
908 					prop = scf_simple_prop_get
909 					    (handle->scfhandle->handle,
910 					    (const char *)SA_SVC_FMRI_BASE
911 					    ":default", "operation",
912 					    "legacy-timestamp");
913 					if (prop != NULL) {
914 						char *i64;
915 						i64 = GETPROP(prop);
916 						if (i64 != NULL)
917 							tval = strtoull(i64,
918 							    NULL, 0);
919 						if (CHECKTSTAMP(st, tval))
920 							updatelegacy = B_TRUE;
921 						scf_simple_prop_free(prop);
922 					} else {
923 						/*
924 						 * We haven't set the
925 						 * timestamp before so do it.
926 						 */
927 						updatelegacy = B_TRUE;
928 					}
929 					if (updatelegacy == B_FALSE) {
930 						(void) mutex_unlock(
931 						    &sa_dfstab_lock);
932 						(void) lockf(lockfd, F_ULOCK,
933 						    0);
934 						(void) close(lockfd);
935 					}
936 
937 				}
938 				/*
939 				 * It is essential that the document tree and
940 				 * the internal list of roots to handles be
941 				 * setup before anything that might try to
942 				 * create a new object is called. The document
943 				 * tree is the combination of handle->doc and
944 				 * handle->tree. This allows searches,
945 				 * etc. when all you have is an object in the
946 				 * tree.
947 				 */
948 				handle->doc = xmlNewDoc((xmlChar *)"1.0");
949 				handle->tree = xmlNewNode(NULL,
950 				    (xmlChar *)"sharecfg");
951 				if (handle->doc != NULL &&
952 				    handle->tree != NULL) {
953 					(void) xmlDocSetRootElement(handle->doc,
954 					    handle->tree);
955 					err = add_handle_for_root(handle->tree,
956 					    handle);
957 					if (err == SA_OK)
958 						err = sa_get_config(
959 						    handle->scfhandle,
960 						    handle->tree, handle);
961 				} else {
962 					if (handle->doc != NULL)
963 						xmlFreeDoc(handle->doc);
964 					if (handle->tree != NULL)
965 						xmlFreeNode(handle->tree);
966 					err = SA_NO_MEMORY;
967 				}
968 
969 				saunblocksigs(&old);
970 
971 				if (err != SA_OK) {
972 					/*
973 					 * If we couldn't add the tree handle
974 					 * to the list, then things are going
975 					 * to fail badly. Might as well undo
976 					 * everything now and fail the
977 					 * sa_init().
978 					 */
979 					sa_fini(handle);
980 					if (updatelegacy == B_TRUE) {
981 						(void) mutex_unlock(
982 						    &sa_dfstab_lock);
983 						(void) lockf(lockfd,
984 						    F_ULOCK, 0);
985 						(void) close(lockfd);
986 					}
987 					return (NULL);
988 				}
989 
990 				if (tval == 0) {
991 					/*
992 					 * first time so make sure
993 					 * default is setup
994 					 */
995 					verifydefgroupopts(handle);
996 				}
997 
998 				if (updatelegacy == B_TRUE) {
999 					sablocksigs(&old);
1000 					getlegacyconfig((sa_handle_t)handle,
1001 					    SA_LEGACY_DFSTAB, &handle->tree);
1002 					if (stat(SA_LEGACY_DFSTAB, &st) >= 0)
1003 						set_legacy_timestamp(
1004 						    handle->tree,
1005 						    SA_LEGACY_DFSTAB,
1006 						    TSTAMP(st.st_ctim));
1007 					saunblocksigs(&old);
1008 					/*
1009 					 * Safe to unlock now to allow
1010 					 * others to run
1011 					 */
1012 					(void) mutex_unlock(&sa_dfstab_lock);
1013 					(void) lockf(lockfd, F_ULOCK, 0);
1014 					(void) close(lockfd);
1015 				}
1016 				/* Get sharetab timestamp */
1017 				sa_update_sharetab_ts((sa_handle_t)handle);
1018 
1019 				/* Get lastupdate (transaction) timestamp */
1020 				prop = scf_simple_prop_get(
1021 				    handle->scfhandle->handle,
1022 				    (const char *)SA_SVC_FMRI_BASE ":default",
1023 				    "state", "lastupdate");
1024 				if (prop != NULL) {
1025 					char *str;
1026 					str =
1027 					    scf_simple_prop_next_astring(prop);
1028 					if (str != NULL)
1029 						handle->tstrans =
1030 						    strtoull(str, NULL, 0);
1031 					else
1032 						handle->tstrans = 0;
1033 					scf_simple_prop_free(prop);
1034 				}
1035 				/*
1036 				 * In this conditional the library reads from
1037 				 * zfs and /etc/dfs/sharetab to find datasets
1038 				 * that must be shared. The result is a tree of
1039 				 * groups that are stored in the handle for
1040 				 * libshare to utilize later when asked to share
1041 				 * or unshare datasets.
1042 				 */
1043 				if (init_service &
1044 				    SA_INIT_SHARE_API_SELECTIVE) {
1045 					char **paths;
1046 					size_t paths_len, i;
1047 
1048 					legacy |= sa_get_one_zfs_share(handle,
1049 					    "zfs",
1050 					    (sa_init_selective_arg_t *)arg,
1051 					    &paths, &paths_len);
1052 					legacy |= get_one_transient(handle,
1053 					    &handle->tree, paths, paths_len);
1054 					for (i = 0; i < paths_len; ++i) {
1055 						free(paths[i]);
1056 					}
1057 					free(paths);
1058 				} else if (init_service &
1059 				    SA_INIT_ONE_SHARE_FROM_NAME) {
1060 					char path[ZFS_MAXPROPLEN];
1061 					char *ptr = path;
1062 					char **ptr_to_path = &ptr;
1063 
1064 					legacy |=
1065 					    sa_get_zfs_share_for_name(handle,
1066 					    "zfs", (char *)arg, path);
1067 					legacy |= get_one_transient(handle,
1068 					    &handle->tree, ptr_to_path, 1);
1069 				} else if (init_service &
1070 				    SA_INIT_ONE_SHARE_FROM_HANDLE) {
1071 					char path[ZFS_MAXPROPLEN];
1072 					char *ptr = path;
1073 					char **ptr_to_path = &ptr;
1074 
1075 					legacy |=
1076 					    sa_get_zfs_share_for_name(handle,
1077 					    "zfs",
1078 					    zfs_get_name(
1079 					    (zfs_handle_t *)arg),
1080 					    path);
1081 					legacy |= get_one_transient(handle,
1082 					    &handle->tree, ptr_to_path, 1);
1083 				} else {
1084 					legacy |= sa_get_zfs_shares(handle,
1085 					    "zfs");
1086 					legacy |= gettransients(handle,
1087 					    &handle->tree);
1088 				}
1089 			}
1090 		}
1091 	}
1092 	return ((sa_handle_t)handle);
1093 }
1094 
1095 /*
1096  * sa_init exists as a legacy interface, new consumers should use sa_init_arg.
1097  */
1098 sa_handle_t
sa_init(int init_service)1099 sa_init(int init_service)
1100 {
1101 	return (sa_init_impl(init_service, NULL));
1102 }
1103 
1104 /*
1105  * See libshare.h "API Initialization" section for valid values of init_service
1106  * as well as the appropriate argument type for a given init_service.
1107  */
1108 sa_handle_t
sa_init_arg(int init_service,void * arg)1109 sa_init_arg(int init_service, void *arg)
1110 {
1111 	return (sa_init_impl(init_service, arg));
1112 }
1113 
1114 /*
1115  * sa_fini(handle)
1116  *	Uninitialize the API structures including the configuration
1117  *	data structures and ZFS related data.
1118  */
1119 
1120 void
sa_fini(sa_handle_t handle)1121 sa_fini(sa_handle_t handle)
1122 {
1123 	sa_handle_impl_t impl_handle = (sa_handle_impl_t)handle;
1124 
1125 	if (impl_handle != NULL) {
1126 		/*
1127 		 * Free the config trees and any other data structures
1128 		 * used in the handle.
1129 		 */
1130 		if (impl_handle->doc != NULL)
1131 			xmlFreeDoc(impl_handle->doc);
1132 
1133 		/* Remove and free the entry in the global list. */
1134 		remove_handle_for_root(impl_handle->tree);
1135 
1136 		/*
1137 		 * If this was the last handle to release, unload the
1138 		 * plugins that were loaded. Use a mutex in case
1139 		 * another thread is reinitializing.
1140 		 */
1141 		(void) mutex_lock(&sa_global_lock);
1142 		if (sa_global_handles == NULL)
1143 			(void) proto_plugin_fini();
1144 		(void) mutex_unlock(&sa_global_lock);
1145 
1146 		sa_scf_fini(impl_handle->scfhandle);
1147 		sa_zfs_fini(impl_handle);
1148 
1149 		/* Make sure we free the handle */
1150 		free(impl_handle);
1151 
1152 	}
1153 }
1154 
1155 /*
1156  * sa_service(sa_handle_t handle)
1157  *
1158  * Returns the service for which the handle is currently initialized.
1159  */
1160 int
sa_service(sa_handle_t handle)1161 sa_service(sa_handle_t handle)
1162 {
1163 	if (handle == NULL)
1164 		return (0);
1165 
1166 	return (((sa_handle_impl_t)handle)->sa_service);
1167 }
1168 
1169 /*
1170  * sa_get_protocols(char **protocol)
1171  *	Get array of protocols that are supported
1172  *	Returns pointer to an allocated and NULL terminated
1173  *	array of strings.  Caller must free.
1174  *	This really should be determined dynamically.
1175  *	If there aren't any defined, return -1.
1176  *	Use free() to return memory.
1177  */
1178 
1179 int
sa_get_protocols(char *** protocols)1180 sa_get_protocols(char ***protocols)
1181 {
1182 	int numproto = -1;
1183 
1184 	if (protocols != NULL) {
1185 		struct sa_proto_plugin *plug;
1186 		for (numproto = 0, plug = sap_proto_list; plug != NULL;
1187 		    plug = plug->plugin_next) {
1188 			numproto++;
1189 		}
1190 
1191 		*protocols = calloc(numproto + 1,  sizeof (char *));
1192 		if (*protocols != NULL) {
1193 			int ret = 0;
1194 			for (plug = sap_proto_list; plug != NULL;
1195 			    plug = plug->plugin_next) {
1196 				/* faking for now */
1197 				(*protocols)[ret++] =
1198 				    plug->plugin_ops->sa_protocol;
1199 			}
1200 		} else {
1201 			numproto = -1;
1202 		}
1203 	}
1204 	return (numproto);
1205 }
1206 
1207 /*
1208  * find_group_by_name(node, group)
1209  *
1210  * search the XML document subtree specified by node to find the group
1211  * specified by group. Searching subtree allows subgroups to be
1212  * searched for.
1213  */
1214 
1215 static xmlNodePtr
find_group_by_name(xmlNodePtr node,xmlChar * group)1216 find_group_by_name(xmlNodePtr node, xmlChar *group)
1217 {
1218 	xmlChar *name = NULL;
1219 
1220 	for (node = node->xmlChildrenNode; node != NULL;
1221 	    node = node->next) {
1222 		if (xmlStrcmp(node->name, (xmlChar *)"group") == 0) {
1223 			/* if no groupname, return the first found */
1224 			if (group == NULL)
1225 				break;
1226 			name = xmlGetProp(node, (xmlChar *)"name");
1227 			if (name != NULL && xmlStrcmp(name, group) == 0)
1228 				break;
1229 			if (name != NULL) {
1230 				xmlFree(name);
1231 				name = NULL;
1232 			}
1233 		}
1234 	}
1235 	if (name != NULL)
1236 		xmlFree(name);
1237 	return (node);
1238 }
1239 
1240 /*
1241  * sa_get_group(groupname)
1242  *	Return the "group" specified.  If groupname is NULL,
1243  *	return the first group of the list of groups.
1244  */
1245 sa_group_t
sa_get_group(sa_handle_t handle,char * groupname)1246 sa_get_group(sa_handle_t handle, char *groupname)
1247 {
1248 	xmlNodePtr node = NULL;
1249 	char *subgroup = NULL;
1250 	char *group = NULL;
1251 	sa_handle_impl_t impl_handle = (sa_handle_impl_t)handle;
1252 
1253 	if (impl_handle != NULL && impl_handle->tree != NULL) {
1254 		if (groupname != NULL) {
1255 			group = strdup(groupname);
1256 			if (group != NULL) {
1257 				subgroup = strchr(group, '/');
1258 				if (subgroup != NULL)
1259 					*subgroup++ = '\0';
1260 			}
1261 		}
1262 		/*
1263 		 * We want to find the, possibly, named group. If
1264 		 * group is not NULL, then lookup the name. If it is
1265 		 * NULL, we only do the find if groupname is also
1266 		 * NULL. This allows lookup of the "first" group in
1267 		 * the internal list.
1268 		 */
1269 		if (group != NULL || groupname == NULL)
1270 			node = find_group_by_name(impl_handle->tree,
1271 			    (xmlChar *)group);
1272 
1273 		/* if a subgroup, find it before returning */
1274 		if (subgroup != NULL && node != NULL)
1275 			node = find_group_by_name(node, (xmlChar *)subgroup);
1276 	}
1277 	if (node != NULL && (char *)group != NULL)
1278 		(void) sa_get_instance(impl_handle->scfhandle, (char *)group);
1279 	if (group != NULL)
1280 		free(group);
1281 	return ((sa_group_t)(node));
1282 }
1283 
1284 /*
1285  * sa_get_next_group(group)
1286  *	Return the "next" group after the specified group from
1287  *	the internal group list.  NULL if there are no more.
1288  */
1289 sa_group_t
sa_get_next_group(sa_group_t group)1290 sa_get_next_group(sa_group_t group)
1291 {
1292 	xmlNodePtr ngroup = NULL;
1293 	if (group != NULL) {
1294 		for (ngroup = ((xmlNodePtr)group)->next; ngroup != NULL;
1295 		    ngroup = ngroup->next) {
1296 			if (xmlStrcmp(ngroup->name, (xmlChar *)"group") == 0)
1297 				break;
1298 		}
1299 	}
1300 	return ((sa_group_t)ngroup);
1301 }
1302 
1303 /*
1304  * sa_get_share(group, sharepath)
1305  *	Return the share object for the share specified. The share
1306  *	must be in the specified group.  Return NULL if not found.
1307  */
1308 sa_share_t
sa_get_share(sa_group_t group,char * sharepath)1309 sa_get_share(sa_group_t group, char *sharepath)
1310 {
1311 	xmlNodePtr node = NULL;
1312 	xmlChar *path;
1313 
1314 	/*
1315 	 * For future scalability, this should end up building a cache
1316 	 * since it will get called regularly by the mountd and info
1317 	 * services.
1318 	 */
1319 	if (group != NULL) {
1320 		for (node = ((xmlNodePtr)group)->children; node != NULL;
1321 		    node = node->next) {
1322 			if (xmlStrcmp(node->name, (xmlChar *)"share") == 0) {
1323 				if (sharepath == NULL) {
1324 					break;
1325 				} else {
1326 					/* is it the correct share? */
1327 					path = xmlGetProp(node,
1328 					    (xmlChar *)"path");
1329 					if (path != NULL &&
1330 					    xmlStrcmp(path,
1331 					    (xmlChar *)sharepath) == 0) {
1332 						xmlFree(path);
1333 						break;
1334 					}
1335 					xmlFree(path);
1336 				}
1337 			}
1338 		}
1339 	}
1340 	return ((sa_share_t)node);
1341 }
1342 
1343 /*
1344  * sa_get_next_share(share)
1345  *	Return the next share following the specified share
1346  *	from the internal list of shares. Returns NULL if there
1347  *	are no more shares.  The list is relative to the same
1348  *	group.
1349  */
1350 sa_share_t
sa_get_next_share(sa_share_t share)1351 sa_get_next_share(sa_share_t share)
1352 {
1353 	xmlNodePtr node = NULL;
1354 
1355 	if (share != NULL) {
1356 		for (node = ((xmlNodePtr)share)->next; node != NULL;
1357 		    node = node->next) {
1358 			if (xmlStrcmp(node->name, (xmlChar *)"share") == 0) {
1359 				break;
1360 			}
1361 		}
1362 	}
1363 	return ((sa_share_t)node);
1364 }
1365 
1366 /*
1367  * _sa_get_child_node(node, type)
1368  *
1369  * find the child node of the specified node that has "type". This is
1370  * used to implement several internal functions.
1371  */
1372 
1373 static xmlNodePtr
_sa_get_child_node(xmlNodePtr node,xmlChar * type)1374 _sa_get_child_node(xmlNodePtr node, xmlChar *type)
1375 {
1376 	xmlNodePtr child;
1377 	for (child = node->xmlChildrenNode; child != NULL;
1378 	    child = child->next)
1379 		if (xmlStrcmp(child->name, type) == 0)
1380 			return (child);
1381 	return ((xmlNodePtr)NULL);
1382 }
1383 
1384 /*
1385  *  find_share(group, path)
1386  *
1387  * Search all the shares in the specified group for one that has the
1388  * specified path.
1389  */
1390 
1391 static sa_share_t
find_share(sa_group_t group,char * sharepath)1392 find_share(sa_group_t group, char *sharepath)
1393 {
1394 	sa_share_t share;
1395 	char *path;
1396 
1397 	for (share = sa_get_share(group, NULL); share != NULL;
1398 	    share = sa_get_next_share(share)) {
1399 		path = sa_get_share_attr(share, "path");
1400 		if (path != NULL && strcmp(path, sharepath) == 0) {
1401 			sa_free_attr_string(path);
1402 			break;
1403 		}
1404 		if (path != NULL)
1405 			sa_free_attr_string(path);
1406 	}
1407 	return (share);
1408 }
1409 
1410 /*
1411  * sa_get_sub_group(group)
1412  *
1413  * Get the first sub-group of group. The sa_get_next_group() function
1414  * can be used to get the rest. This is currently only used for ZFS
1415  * sub-groups but could be used to implement a more general mechanism.
1416  */
1417 
1418 sa_group_t
sa_get_sub_group(sa_group_t group)1419 sa_get_sub_group(sa_group_t group)
1420 {
1421 	return ((sa_group_t)_sa_get_child_node((xmlNodePtr)group,
1422 	    (xmlChar *)"group"));
1423 }
1424 
1425 /*
1426  * sa_find_share(sharepath)
1427  *	Finds a share regardless of group.  In the future, this
1428  *	function should utilize a cache and hash table of some kind.
1429  *	The current assumption is that a path will only be shared
1430  *	once.  In the future, this may change as implementation of
1431  *	resource names comes into being.
1432  */
1433 sa_share_t
sa_find_share(sa_handle_t handle,char * sharepath)1434 sa_find_share(sa_handle_t handle, char *sharepath)
1435 {
1436 	sa_group_t group;
1437 	sa_group_t zgroup;
1438 	sa_share_t share = NULL;
1439 	int done = 0;
1440 
1441 	for (group = sa_get_group(handle, NULL); group != NULL && !done;
1442 	    group = sa_get_next_group(group)) {
1443 		if (is_zfs_group(group)) {
1444 			for (zgroup =
1445 			    (sa_group_t)_sa_get_child_node((xmlNodePtr)group,
1446 			    (xmlChar *)"group");
1447 			    zgroup != NULL;
1448 			    zgroup = sa_get_next_group(zgroup)) {
1449 				share = find_share(zgroup, sharepath);
1450 				if (share != NULL)
1451 					break;
1452 			}
1453 		} else {
1454 			share = find_share(group, sharepath);
1455 		}
1456 		if (share != NULL)
1457 			break;
1458 	}
1459 	return (share);
1460 }
1461 
1462 /*
1463  *  sa_check_path(group, path, strictness)
1464  *
1465  * Check that path is a valid path relative to the group.  Currently,
1466  * we are ignoring the group and checking only the NFS rules. Later,
1467  * we may want to use the group to then check against the protocols
1468  * enabled on the group. The strictness values mean:
1469  * SA_CHECK_NORMAL == only check newpath against shares that are active
1470  * SA_CHECK_STRICT == check newpath against both active shares and those
1471  *		      stored in the repository
1472  */
1473 
1474 int
sa_check_path(sa_group_t group,char * path,int strictness)1475 sa_check_path(sa_group_t group, char *path, int strictness)
1476 {
1477 	sa_handle_t handle;
1478 
1479 	handle = sa_find_group_handle(group);
1480 	if (handle == NULL)
1481 		return (SA_BAD_PATH);
1482 
1483 	return (validpath(handle, path, strictness));
1484 }
1485 
1486 /*
1487  * mark_excluded_protos(group, share, flags)
1488  *
1489  * Walk through all the protocols enabled for the group and check to
1490  * see if the share has any of them should be in the exclude list
1491  * based on the featureset of the protocol. If there are any, add the
1492  * "exclude" property to the share.
1493  */
1494 static void
mark_excluded_protos(sa_group_t group,xmlNodePtr share,uint64_t flags)1495 mark_excluded_protos(sa_group_t group, xmlNodePtr share, uint64_t flags)
1496 {
1497 	sa_optionset_t optionset;
1498 	char exclude_list[SA_STRSIZE];
1499 	char *sep = "";
1500 
1501 	exclude_list[0] = '\0';
1502 	for (optionset = sa_get_optionset(group, NULL);
1503 	    optionset != NULL;
1504 	    optionset = sa_get_next_optionset(optionset)) {
1505 		char *value;
1506 		uint64_t features;
1507 		value = sa_get_optionset_attr(optionset, "type");
1508 		if (value == NULL)
1509 			continue;
1510 		features = sa_proto_get_featureset(value);
1511 		if (!(features & flags)) {
1512 			(void) strlcat(exclude_list, sep,
1513 			    sizeof (exclude_list));
1514 			(void) strlcat(exclude_list, value,
1515 			    sizeof (exclude_list));
1516 			sep = ",";
1517 		}
1518 		sa_free_attr_string(value);
1519 	}
1520 	if (exclude_list[0] != '\0')
1521 		(void) xmlSetProp(share, (xmlChar *)"exclude",
1522 		    (xmlChar *)exclude_list);
1523 }
1524 
1525 /*
1526  * get_all_features(group)
1527  *
1528  * Walk through all the protocols on the group and collect all
1529  * possible enabled features. This is the OR of all the featuresets.
1530  */
1531 static uint64_t
get_all_features(sa_group_t group)1532 get_all_features(sa_group_t group)
1533 {
1534 	sa_optionset_t optionset;
1535 	uint64_t features = 0;
1536 
1537 	for (optionset = sa_get_optionset(group, NULL);
1538 	    optionset != NULL;
1539 	    optionset = sa_get_next_optionset(optionset)) {
1540 		char *value;
1541 		value = sa_get_optionset_attr(optionset, "type");
1542 		if (value == NULL)
1543 			continue;
1544 		features |= sa_proto_get_featureset(value);
1545 		sa_free_attr_string(value);
1546 	}
1547 	return (features);
1548 }
1549 
1550 
1551 /*
1552  * _sa_add_share(group, sharepath, persist, *error, flags)
1553  *
1554  * Common code for all types of add_share. sa_add_share() is the
1555  * public API, we also need to be able to do this when parsing legacy
1556  * files and construction of the internal configuration while
1557  * extracting config info from SMF. "flags" indicates if some
1558  * protocols need relaxed rules while other don't. These values are
1559  * the featureset values defined in libshare.h.
1560  */
1561 
1562 sa_share_t
_sa_add_share(sa_group_t group,char * sharepath,int persist,int * error,uint64_t flags)1563 _sa_add_share(sa_group_t group, char *sharepath, int persist, int *error,
1564     uint64_t flags)
1565 {
1566 	xmlNodePtr node = NULL;
1567 	int err;
1568 
1569 	err  = SA_OK; /* assume success */
1570 
1571 	node = xmlNewChild((xmlNodePtr)group, NULL, (xmlChar *)"share", NULL);
1572 	if (node == NULL) {
1573 		if (error != NULL)
1574 			*error = SA_NO_MEMORY;
1575 		return (node);
1576 	}
1577 
1578 	(void) xmlSetProp(node, (xmlChar *)"path", (xmlChar *)sharepath);
1579 	(void) xmlSetProp(node, (xmlChar *)"type",
1580 	    persist ? (xmlChar *)"persist" : (xmlChar *)"transient");
1581 	if (flags != 0)
1582 		mark_excluded_protos(group, node, flags);
1583 	if (persist != SA_SHARE_TRANSIENT) {
1584 		/*
1585 		 * persistent shares come in two flavors: SMF and
1586 		 * ZFS. Sort this one out based on target group and
1587 		 * path type. Both NFS and SMB are supported. First,
1588 		 * check to see if the protocol is enabled on the
1589 		 * subgroup and then setup the share appropriately.
1590 		 */
1591 		if (sa_group_is_zfs(group) &&
1592 		    sa_path_is_zfs(sharepath)) {
1593 			if (sa_get_optionset(group, "nfs") != NULL)
1594 				err = sa_zfs_set_sharenfs(group, sharepath, 1);
1595 			else if (sa_get_optionset(group, "smb") != NULL)
1596 				err = sa_zfs_set_sharesmb(group, sharepath, 1);
1597 		} else {
1598 			sa_handle_impl_t impl_handle;
1599 			impl_handle =
1600 			    (sa_handle_impl_t)sa_find_group_handle(group);
1601 			if (impl_handle != NULL) {
1602 				err = sa_commit_share(impl_handle->scfhandle,
1603 				    group, (sa_share_t)node);
1604 			} else {
1605 				err = SA_SYSTEM_ERR;
1606 			}
1607 		}
1608 	}
1609 	if (err == SA_NO_PERMISSION && persist & SA_SHARE_PARSER)
1610 		/* called by the dfstab parser so could be a show */
1611 		err = SA_OK;
1612 
1613 	if (err != SA_OK) {
1614 		/*
1615 		 * we couldn't commit to the repository so undo
1616 		 * our internal state to reflect reality.
1617 		 */
1618 		xmlUnlinkNode(node);
1619 		xmlFreeNode(node);
1620 		node = NULL;
1621 	}
1622 
1623 	if (error != NULL)
1624 		*error = err;
1625 
1626 	return (node);
1627 }
1628 
1629 /*
1630  * sa_add_share(group, sharepath, persist, *error)
1631  *
1632  *	Add a new share object to the specified group.  The share will
1633  *	have the specified sharepath and will only be constructed if
1634  *	it is a valid path to be shared.  NULL is returned on error
1635  *	and a detailed error value will be returned via the error
1636  *	pointer.
1637  */
1638 sa_share_t
sa_add_share(sa_group_t group,char * sharepath,int persist,int * error)1639 sa_add_share(sa_group_t group, char *sharepath, int persist, int *error)
1640 {
1641 	xmlNodePtr node = NULL;
1642 	int strictness = SA_CHECK_NORMAL;
1643 	sa_handle_t handle;
1644 	uint64_t special = 0;
1645 	uint64_t features;
1646 
1647 	/*
1648 	 * If the share is to be permanent, use strict checking so a
1649 	 * bad config doesn't get created. Transient shares only need
1650 	 * to check against the currently active
1651 	 * shares. SA_SHARE_PARSER is a modifier used internally to
1652 	 * indicate that we are being called by the dfstab parser and
1653 	 * that we need strict checking in all cases. Normally persist
1654 	 * is in integer value but SA_SHARE_PARSER may be or'd into
1655 	 * it as an override.
1656 	 */
1657 	if (persist & SA_SHARE_PARSER || persist == SA_SHARE_PERMANENT)
1658 		strictness = SA_CHECK_STRICT;
1659 
1660 	handle = sa_find_group_handle(group);
1661 
1662 	/*
1663 	 * need to determine if the share is valid. The rules are:
1664 	 *	- The path must not already exist
1665 	 *	- The path must not be a subdir or parent dir of an
1666 	 *	  existing path unless at least one protocol allows it.
1667 	 * The sub/parent check is done in sa_check_path().
1668 	 */
1669 
1670 	if (sa_find_share(handle, sharepath) == NULL) {
1671 		*error = sa_check_path(group, sharepath, strictness);
1672 		features = get_all_features(group);
1673 		switch (*error) {
1674 		case SA_PATH_IS_SUBDIR:
1675 			if (features & SA_FEATURE_ALLOWSUBDIRS)
1676 				special |= SA_FEATURE_ALLOWSUBDIRS;
1677 			break;
1678 		case SA_PATH_IS_PARENTDIR:
1679 			if (features & SA_FEATURE_ALLOWPARDIRS)
1680 				special |= SA_FEATURE_ALLOWPARDIRS;
1681 			break;
1682 		}
1683 		if (*error == SA_OK || special != SA_FEATURE_NONE)
1684 			node = _sa_add_share(group, sharepath, persist,
1685 			    error, special);
1686 	} else {
1687 		*error = SA_DUPLICATE_NAME;
1688 	}
1689 
1690 	return ((sa_share_t)node);
1691 }
1692 
1693 /*
1694  * sa_enable_share(share, protocol)
1695  *	Enable the specified share to the specified protocol.
1696  *	If protocol is NULL, then all protocols.
1697  */
1698 int
sa_enable_share(sa_share_t share,char * protocol)1699 sa_enable_share(sa_share_t share, char *protocol)
1700 {
1701 	char *sharepath;
1702 	struct stat st;
1703 	int err = SA_OK;
1704 	int ret;
1705 
1706 	sharepath = sa_get_share_attr(share, "path");
1707 	if (sharepath == NULL)
1708 		return (SA_NO_MEMORY);
1709 	if (stat(sharepath, &st) < 0) {
1710 		err = SA_NO_SUCH_PATH;
1711 	} else {
1712 		/* tell the server about the share */
1713 		if (protocol != NULL) {
1714 			if (excluded_protocol(share, protocol))
1715 				goto done;
1716 
1717 			/* lookup protocol specific handler */
1718 			err = sa_proto_share(protocol, share);
1719 			if (err == SA_OK)
1720 				(void) sa_set_share_attr(share,
1721 				    "shared", "true");
1722 		} else {
1723 			/* Tell all protocols about the share */
1724 			sa_group_t group;
1725 			sa_optionset_t optionset;
1726 
1727 			group = sa_get_parent_group(share);
1728 
1729 			for (optionset = sa_get_optionset(group, NULL);
1730 			    optionset != NULL;
1731 			    optionset = sa_get_next_optionset(optionset)) {
1732 				char *proto;
1733 				proto = sa_get_optionset_attr(optionset,
1734 				    "type");
1735 				if (proto != NULL) {
1736 					if (!excluded_protocol(share, proto)) {
1737 						ret = sa_proto_share(proto,
1738 						    share);
1739 						if (ret != SA_OK)
1740 							err = ret;
1741 					}
1742 					sa_free_attr_string(proto);
1743 				}
1744 			}
1745 			(void) sa_set_share_attr(share, "shared", "true");
1746 		}
1747 	}
1748 done:
1749 	if (sharepath != NULL)
1750 		sa_free_attr_string(sharepath);
1751 	return (err);
1752 }
1753 
1754 /*
1755  * sa_disable_share(share, protocol)
1756  *	Disable the specified share to the specified protocol.  If
1757  *	protocol is NULL, then all protocols that are enabled for the
1758  *	share should be disabled.
1759  */
1760 int
sa_disable_share(sa_share_t share,char * protocol)1761 sa_disable_share(sa_share_t share, char *protocol)
1762 {
1763 	char *path;
1764 	int err = SA_OK;
1765 	int ret = SA_OK;
1766 
1767 	path = sa_get_share_attr(share, "path");
1768 
1769 	if (protocol != NULL) {
1770 		ret = sa_proto_unshare(share, protocol, path);
1771 	} else {
1772 		/* need to do all protocols */
1773 		sa_group_t group;
1774 		sa_optionset_t optionset;
1775 
1776 		group = sa_get_parent_group(share);
1777 
1778 		/* Tell all protocols about the share */
1779 		for (optionset = sa_get_optionset(group, NULL);
1780 		    optionset != NULL;
1781 		    optionset = sa_get_next_optionset(optionset)) {
1782 			char *proto;
1783 
1784 			proto = sa_get_optionset_attr(optionset, "type");
1785 			if (proto != NULL) {
1786 				err = sa_proto_unshare(share, proto, path);
1787 				if (err != SA_OK)
1788 					ret = err;
1789 				sa_free_attr_string(proto);
1790 			}
1791 		}
1792 	}
1793 	if (ret == SA_OK)
1794 		(void) sa_set_share_attr(share, "shared", NULL);
1795 	if (path != NULL)
1796 		sa_free_attr_string(path);
1797 	return (ret);
1798 }
1799 
1800 /*
1801  * sa_remove_share(share)
1802  *
1803  * remove the specified share from its containing group.
1804  * Remove from the SMF or ZFS configuration space.
1805  */
1806 
1807 int
sa_remove_share(sa_share_t share)1808 sa_remove_share(sa_share_t share)
1809 {
1810 	sa_group_t group;
1811 	int ret = SA_OK;
1812 	char *type;
1813 	int transient = 0;
1814 	char *groupname;
1815 	char *zfs;
1816 
1817 	type = sa_get_share_attr(share, "type");
1818 	group = sa_get_parent_group(share);
1819 	zfs = sa_get_group_attr(group, "zfs");
1820 	groupname = sa_get_group_attr(group, "name");
1821 	if (type != NULL && strcmp(type, "persist") != 0)
1822 		transient = 1;
1823 	if (type != NULL)
1824 		sa_free_attr_string(type);
1825 
1826 	/* remove the node from its group then free the memory */
1827 
1828 	/*
1829 	 * need to test if "busy"
1830 	 */
1831 	/* only do SMF action if permanent */
1832 	if (!transient || zfs != NULL) {
1833 		/* remove from legacy dfstab as well as possible SMF */
1834 		ret = sa_delete_legacy(share, NULL);
1835 		if (ret == SA_OK) {
1836 			if (!sa_group_is_zfs(group)) {
1837 				sa_handle_impl_t impl_handle;
1838 				impl_handle = (sa_handle_impl_t)
1839 				    sa_find_group_handle(group);
1840 				if (impl_handle != NULL) {
1841 					ret = sa_delete_share(
1842 					    impl_handle->scfhandle, group,
1843 					    share);
1844 				} else {
1845 					ret = SA_SYSTEM_ERR;
1846 				}
1847 			} else {
1848 				char *sharepath = sa_get_share_attr(share,
1849 				    "path");
1850 				if (sharepath != NULL) {
1851 					ret = sa_zfs_set_sharenfs(group,
1852 					    sharepath, 0);
1853 					sa_free_attr_string(sharepath);
1854 				}
1855 			}
1856 		}
1857 	}
1858 	if (groupname != NULL)
1859 		sa_free_attr_string(groupname);
1860 	if (zfs != NULL)
1861 		sa_free_attr_string(zfs);
1862 
1863 	xmlUnlinkNode((xmlNodePtr)share);
1864 	xmlFreeNode((xmlNodePtr)share);
1865 	return (ret);
1866 }
1867 
1868 /*
1869  * sa_move_share(group, share)
1870  *
1871  * move the specified share to the specified group.  Update SMF
1872  * appropriately.
1873  */
1874 
1875 int
sa_move_share(sa_group_t group,sa_share_t share)1876 sa_move_share(sa_group_t group, sa_share_t share)
1877 {
1878 	sa_group_t oldgroup;
1879 	int ret = SA_OK;
1880 
1881 	/* remove the node from its group then free the memory */
1882 
1883 	oldgroup = sa_get_parent_group(share);
1884 	if (oldgroup != group) {
1885 		sa_handle_impl_t impl_handle;
1886 		xmlUnlinkNode((xmlNodePtr)share);
1887 		/*
1888 		 * now that the share isn't in its old group, add to
1889 		 * the new one
1890 		 */
1891 		(void) xmlAddChild((xmlNodePtr)group, (xmlNodePtr)share);
1892 		/* need to deal with SMF */
1893 		impl_handle = (sa_handle_impl_t)sa_find_group_handle(group);
1894 		if (impl_handle != NULL) {
1895 			/*
1896 			 * need to remove from old group first and then add to
1897 			 * new group. Ideally, we would do the other order but
1898 			 * need to avoid having the share in two groups at the
1899 			 * same time.
1900 			 */
1901 			ret = sa_delete_share(impl_handle->scfhandle, oldgroup,
1902 			    share);
1903 			if (ret == SA_OK)
1904 				ret = sa_commit_share(impl_handle->scfhandle,
1905 				    group, share);
1906 		} else {
1907 			ret = SA_SYSTEM_ERR;
1908 		}
1909 	}
1910 	return (ret);
1911 }
1912 
1913 /*
1914  * sa_get_parent_group(share)
1915  *
1916  * Return the containing group for the share. If a group was actually
1917  * passed in, we don't want a parent so return NULL.
1918  */
1919 
1920 sa_group_t
sa_get_parent_group(sa_share_t share)1921 sa_get_parent_group(sa_share_t share)
1922 {
1923 	xmlNodePtr node = NULL;
1924 	if (share != NULL) {
1925 		node = ((xmlNodePtr)share)->parent;
1926 		/*
1927 		 * make sure parent is a group and not sharecfg since
1928 		 * we may be cheating and passing in a group.
1929 		 * Eventually, groups of groups might come into being.
1930 		 */
1931 		if (node == NULL ||
1932 		    xmlStrcmp(node->name, (xmlChar *)"sharecfg") == 0)
1933 			node = NULL;
1934 	}
1935 	return ((sa_group_t)node);
1936 }
1937 
1938 /*
1939  * _sa_create_group(impl_handle, groupname)
1940  *
1941  * Create a group in the document. The caller will need to deal with
1942  * configuration store and activation.
1943  */
1944 
1945 sa_group_t
_sa_create_group(sa_handle_impl_t impl_handle,char * groupname)1946 _sa_create_group(sa_handle_impl_t impl_handle, char *groupname)
1947 {
1948 	xmlNodePtr node = NULL;
1949 
1950 	if (sa_valid_group_name(groupname)) {
1951 		node = xmlNewChild(impl_handle->tree, NULL, (xmlChar *)"group",
1952 		    NULL);
1953 		if (node != NULL) {
1954 			(void) xmlSetProp(node, (xmlChar *)"name",
1955 			    (xmlChar *)groupname);
1956 			(void) xmlSetProp(node, (xmlChar *)"state",
1957 			    (xmlChar *)"enabled");
1958 		}
1959 	}
1960 	return ((sa_group_t)node);
1961 }
1962 
1963 /*
1964  * _sa_create_zfs_group(group, groupname)
1965  *
1966  * Create a ZFS subgroup under the specified group. This may
1967  * eventually form the basis of general sub-groups, but is currently
1968  * restricted to ZFS.
1969  */
1970 sa_group_t
_sa_create_zfs_group(sa_group_t group,char * groupname)1971 _sa_create_zfs_group(sa_group_t group, char *groupname)
1972 {
1973 	xmlNodePtr node = NULL;
1974 
1975 	node = xmlNewChild((xmlNodePtr)group, NULL, (xmlChar *)"group", NULL);
1976 	if (node != NULL) {
1977 		(void) xmlSetProp(node, (xmlChar *)"name",
1978 		    (xmlChar *)groupname);
1979 		(void) xmlSetProp(node, (xmlChar *)"state",
1980 		    (xmlChar *)"enabled");
1981 	}
1982 
1983 	return ((sa_group_t)node);
1984 }
1985 
1986 /*
1987  * sa_create_group(groupname, *error)
1988  *
1989  * Create a new group with groupname.  Need to validate that it is a
1990  * legal name for SMF and the construct the SMF service instance of
1991  * svc:/network/shares/group to implement the group. All necessary
1992  * operational properties must be added to the group at this point
1993  * (via the SMF transaction model).
1994  */
1995 sa_group_t
sa_create_group(sa_handle_t handle,char * groupname,int * error)1996 sa_create_group(sa_handle_t handle, char *groupname, int *error)
1997 {
1998 	xmlNodePtr node = NULL;
1999 	sa_group_t group;
2000 	int ret;
2001 	char rbacstr[SA_STRSIZE];
2002 	sa_handle_impl_t impl_handle = (sa_handle_impl_t)handle;
2003 
2004 	ret = SA_OK;
2005 
2006 	if (impl_handle == NULL || impl_handle->scfhandle == NULL) {
2007 		ret = SA_SYSTEM_ERR;
2008 		goto err;
2009 	}
2010 
2011 	group = sa_get_group(handle, groupname);
2012 	if (group != NULL) {
2013 		ret = SA_DUPLICATE_NAME;
2014 	} else {
2015 		if (sa_valid_group_name(groupname)) {
2016 			node = xmlNewChild(impl_handle->tree, NULL,
2017 			    (xmlChar *)"group", NULL);
2018 			if (node != NULL) {
2019 				(void) xmlSetProp(node, (xmlChar *)"name",
2020 				    (xmlChar *)groupname);
2021 				/* default to the group being enabled */
2022 				(void) xmlSetProp(node, (xmlChar *)"state",
2023 				    (xmlChar *)"enabled");
2024 				ret = sa_create_instance(impl_handle->scfhandle,
2025 				    groupname);
2026 				if (ret == SA_OK) {
2027 					ret = sa_start_transaction(
2028 					    impl_handle->scfhandle,
2029 					    "operation");
2030 				}
2031 				if (ret == SA_OK) {
2032 					ret = sa_set_property(
2033 					    impl_handle->scfhandle,
2034 					    "state", "enabled");
2035 					if (ret == SA_OK) {
2036 						ret = sa_end_transaction(
2037 						    impl_handle->scfhandle,
2038 						    impl_handle);
2039 					} else {
2040 						sa_abort_transaction(
2041 						    impl_handle->scfhandle);
2042 					}
2043 				}
2044 				if (ret == SA_OK) {
2045 					/* initialize the RBAC strings */
2046 					ret = sa_start_transaction(
2047 					    impl_handle->scfhandle,
2048 					    "general");
2049 					if (ret == SA_OK) {
2050 						(void) snprintf(rbacstr,
2051 						    sizeof (rbacstr), "%s.%s",
2052 						    SA_RBAC_MANAGE, groupname);
2053 						ret = sa_set_property(
2054 						    impl_handle->scfhandle,
2055 						    "action_authorization",
2056 						    rbacstr);
2057 					}
2058 					if (ret == SA_OK) {
2059 						(void) snprintf(rbacstr,
2060 						    sizeof (rbacstr), "%s.%s",
2061 						    SA_RBAC_VALUE, groupname);
2062 						ret = sa_set_property(
2063 						    impl_handle->scfhandle,
2064 						    "value_authorization",
2065 						    rbacstr);
2066 					}
2067 					if (ret == SA_OK) {
2068 						ret = sa_end_transaction(
2069 						    impl_handle->scfhandle,
2070 						    impl_handle);
2071 					} else {
2072 						sa_abort_transaction(
2073 						    impl_handle->scfhandle);
2074 					}
2075 				}
2076 				if (ret != SA_OK) {
2077 					/*
2078 					 * Couldn't commit the group
2079 					 * so we need to undo
2080 					 * internally.
2081 					 */
2082 					xmlUnlinkNode(node);
2083 					xmlFreeNode(node);
2084 					node = NULL;
2085 				}
2086 			} else {
2087 				ret = SA_NO_MEMORY;
2088 			}
2089 		} else {
2090 			ret = SA_INVALID_NAME;
2091 		}
2092 	}
2093 err:
2094 	if (error != NULL)
2095 		*error = ret;
2096 	return ((sa_group_t)node);
2097 }
2098 
2099 /*
2100  * sa_remove_group(group)
2101  *
2102  * Remove the specified group. This deletes from the SMF repository.
2103  * All property groups and properties are removed.
2104  */
2105 
2106 int
sa_remove_group(sa_group_t group)2107 sa_remove_group(sa_group_t group)
2108 {
2109 	char *name;
2110 	int ret = SA_OK;
2111 	sa_handle_impl_t impl_handle;
2112 
2113 	impl_handle = (sa_handle_impl_t)sa_find_group_handle(group);
2114 	if (impl_handle != NULL) {
2115 		name = sa_get_group_attr(group, "name");
2116 		if (name != NULL) {
2117 			ret = sa_delete_instance(impl_handle->scfhandle, name);
2118 			sa_free_attr_string(name);
2119 		}
2120 		xmlUnlinkNode((xmlNodePtr)group); /* make sure unlinked */
2121 		xmlFreeNode((xmlNodePtr)group);   /* now it is gone */
2122 	} else {
2123 		ret = SA_SYSTEM_ERR;
2124 	}
2125 	return (ret);
2126 }
2127 
2128 /*
2129  * sa_update_config()
2130  *
2131  * Used to update legacy files that need to be updated in bulk
2132  * Currently, this is a placeholder and will go away in a future
2133  * release.
2134  */
2135 
2136 int
sa_update_config(sa_handle_t handle)2137 sa_update_config(sa_handle_t handle)
2138 {
2139 	/*
2140 	 * do legacy files first so we can tell when they change.
2141 	 * This will go away when we start updating individual records
2142 	 * rather than the whole file.
2143 	 */
2144 	update_legacy_config(handle);
2145 	return (SA_OK);
2146 }
2147 
2148 /*
2149  * get_node_attr(node, tag)
2150  *
2151  * Get the specified tag(attribute) if it exists on the node.  This is
2152  * used internally by a number of attribute oriented functions.
2153  */
2154 
2155 static char *
get_node_attr(void * nodehdl,char * tag)2156 get_node_attr(void *nodehdl, char *tag)
2157 {
2158 	xmlNodePtr node = (xmlNodePtr)nodehdl;
2159 	xmlChar *name = NULL;
2160 
2161 	if (node != NULL)
2162 		name = xmlGetProp(node, (xmlChar *)tag);
2163 	return ((char *)name);
2164 }
2165 
2166 /*
2167  * set_node_attr(node, tag)
2168  *
2169  * Set the specified tag(attribute) to the specified value This is
2170  * used internally by a number of attribute oriented functions. It
2171  * doesn't update the repository, only the internal document state.
2172  */
2173 
2174 void
set_node_attr(void * nodehdl,char * tag,char * value)2175 set_node_attr(void *nodehdl, char *tag, char *value)
2176 {
2177 	xmlNodePtr node = (xmlNodePtr)nodehdl;
2178 	if (node != NULL && tag != NULL) {
2179 		if (value != NULL)
2180 			(void) xmlSetProp(node, (xmlChar *)tag,
2181 			    (xmlChar *)value);
2182 		else
2183 			(void) xmlUnsetProp(node, (xmlChar *)tag);
2184 	}
2185 }
2186 
2187 /*
2188  * sa_get_group_attr(group, tag)
2189  *
2190  * Get the specied attribute, if defined, for the group.
2191  */
2192 
2193 char *
sa_get_group_attr(sa_group_t group,char * tag)2194 sa_get_group_attr(sa_group_t group, char *tag)
2195 {
2196 	return (get_node_attr((void *)group, tag));
2197 }
2198 
2199 /*
2200  * sa_set_group_attr(group, tag, value)
2201  *
2202  * set the specified tag/attribute on the group using value as its
2203  * value.
2204  *
2205  * This will result in setting the property in the SMF repository as
2206  * well as in the internal document.
2207  */
2208 
2209 int
sa_set_group_attr(sa_group_t group,char * tag,char * value)2210 sa_set_group_attr(sa_group_t group, char *tag, char *value)
2211 {
2212 	int ret;
2213 	char *groupname;
2214 	sa_handle_impl_t impl_handle;
2215 
2216 	/*
2217 	 * ZFS group/subgroup doesn't need the handle so shortcut.
2218 	 */
2219 	if (sa_group_is_zfs(group)) {
2220 		set_node_attr((void *)group, tag, value);
2221 		return (SA_OK);
2222 	}
2223 
2224 	impl_handle = (sa_handle_impl_t)sa_find_group_handle(group);
2225 	if (impl_handle != NULL) {
2226 		groupname = sa_get_group_attr(group, "name");
2227 		ret = sa_get_instance(impl_handle->scfhandle, groupname);
2228 		if (ret == SA_OK) {
2229 			set_node_attr((void *)group, tag, value);
2230 			ret = sa_start_transaction(impl_handle->scfhandle,
2231 			    "operation");
2232 			if (ret == SA_OK) {
2233 				ret = sa_set_property(impl_handle->scfhandle,
2234 				    tag, value);
2235 				if (ret == SA_OK)
2236 					ret = sa_end_transaction(
2237 					    impl_handle->scfhandle,
2238 					    impl_handle);
2239 				else
2240 					sa_abort_transaction(
2241 					    impl_handle->scfhandle);
2242 			}
2243 			if (ret == SA_SYSTEM_ERR)
2244 				ret = SA_NO_PERMISSION;
2245 		}
2246 		if (groupname != NULL)
2247 			sa_free_attr_string(groupname);
2248 	} else {
2249 		ret = SA_SYSTEM_ERR;
2250 	}
2251 	return (ret);
2252 }
2253 
2254 /*
2255  * sa_get_share_attr(share, tag)
2256  *
2257  * Return the value of the tag/attribute set on the specified
2258  * share. Returns NULL if the tag doesn't exist.
2259  */
2260 
2261 char *
sa_get_share_attr(sa_share_t share,char * tag)2262 sa_get_share_attr(sa_share_t share, char *tag)
2263 {
2264 	return (get_node_attr((void *)share, tag));
2265 }
2266 
2267 /*
2268  * _sa_set_share_description(share, description)
2269  *
2270  * Add a description tag with text contents to the specified share.  A
2271  * separate XML tag is used rather than a property. This can also be
2272  * used with resources.
2273  */
2274 
2275 xmlNodePtr
_sa_set_share_description(void * share,char * content)2276 _sa_set_share_description(void *share, char *content)
2277 {
2278 	xmlNodePtr node;
2279 	node = xmlNewChild((xmlNodePtr)share, NULL, (xmlChar *)"description",
2280 	    NULL);
2281 	xmlNodeSetContent(node, (xmlChar *)content);
2282 	return (node);
2283 }
2284 
2285 /*
2286  * sa_set_share_attr(share, tag, value)
2287  *
2288  * Set the share attribute specified by tag to the specified value. In
2289  * the case of "resource", enforce a no duplicates in a group rule. If
2290  * the share is not transient, commit the changes to the repository
2291  * else just update the share internally.
2292  */
2293 
2294 int
sa_set_share_attr(sa_share_t share,char * tag,char * value)2295 sa_set_share_attr(sa_share_t share, char *tag, char *value)
2296 {
2297 	sa_group_t group;
2298 	sa_share_t resource;
2299 	int ret = SA_OK;
2300 
2301 	group = sa_get_parent_group(share);
2302 
2303 	/*
2304 	 * There are some attributes that may have specific
2305 	 * restrictions on them. Initially, only "resource" has
2306 	 * special meaning that needs to be checked. Only one instance
2307 	 * of a resource name may exist within a group.
2308 	 */
2309 
2310 	if (strcmp(tag, "resource") == 0) {
2311 		resource = sa_get_resource(group, value);
2312 		if (resource != share && resource != NULL)
2313 			ret = SA_DUPLICATE_NAME;
2314 	}
2315 	if (ret == SA_OK) {
2316 		set_node_attr((void *)share, tag, value);
2317 		if (group != NULL) {
2318 			char *type;
2319 			/* we can probably optimize this some */
2320 			type = sa_get_share_attr(share, "type");
2321 			if (type == NULL || strcmp(type, "transient") != 0) {
2322 				sa_handle_impl_t impl_handle;
2323 				impl_handle =
2324 				    (sa_handle_impl_t)sa_find_group_handle(
2325 				    group);
2326 				if (impl_handle != NULL) {
2327 					ret = sa_commit_share(
2328 					    impl_handle->scfhandle, group,
2329 					    share);
2330 				} else {
2331 					ret = SA_SYSTEM_ERR;
2332 				}
2333 			}
2334 			if (type != NULL)
2335 				sa_free_attr_string(type);
2336 		}
2337 	}
2338 	return (ret);
2339 }
2340 
2341 /*
2342  * sa_get_property_attr(prop, tag)
2343  *
2344  * Get the value of the specified property attribute. Standard
2345  * attributes are "type" and "value".
2346  */
2347 
2348 char *
sa_get_property_attr(sa_property_t prop,char * tag)2349 sa_get_property_attr(sa_property_t prop, char *tag)
2350 {
2351 	return (get_node_attr((void *)prop, tag));
2352 }
2353 
2354 /*
2355  * sa_get_optionset_attr(prop, tag)
2356  *
2357  * Get the value of the specified property attribute. Standard
2358  * attribute is "type".
2359  */
2360 
2361 char *
sa_get_optionset_attr(sa_property_t optionset,char * tag)2362 sa_get_optionset_attr(sa_property_t optionset, char *tag)
2363 {
2364 	return (get_node_attr((void *)optionset, tag));
2365 
2366 }
2367 
2368 /*
2369  * sa_set_optionset_attr(optionset, tag, value)
2370  *
2371  * Set the specified attribute(tag) to the specified value on the
2372  * optionset.
2373  */
2374 
2375 void
sa_set_optionset_attr(sa_group_t optionset,char * tag,char * value)2376 sa_set_optionset_attr(sa_group_t optionset, char *tag, char *value)
2377 {
2378 	set_node_attr((void *)optionset, tag, value);
2379 }
2380 
2381 /*
2382  * sa_free_attr_string(string)
2383  *
2384  * Free the string that was returned in one of the sa_get_*_attr()
2385  * functions.
2386  */
2387 
2388 void
sa_free_attr_string(char * string)2389 sa_free_attr_string(char *string)
2390 {
2391 	xmlFree((xmlChar *)string);
2392 }
2393 
2394 /*
2395  * sa_get_optionset(group, proto)
2396  *
2397  * Return the optionset, if it exists, that is associated with the
2398  * specified protocol.
2399  */
2400 
2401 sa_optionset_t
sa_get_optionset(void * group,char * proto)2402 sa_get_optionset(void *group, char *proto)
2403 {
2404 	xmlNodePtr node;
2405 	xmlChar *value = NULL;
2406 
2407 	for (node = ((xmlNodePtr)group)->children; node != NULL;
2408 	    node = node->next) {
2409 		if (xmlStrcmp(node->name, (xmlChar *)"optionset") == 0) {
2410 			value = xmlGetProp(node, (xmlChar *)"type");
2411 			if (proto != NULL) {
2412 				if (value != NULL &&
2413 				    xmlStrcmp(value, (xmlChar *)proto) == 0) {
2414 					break;
2415 				}
2416 				if (value != NULL) {
2417 					xmlFree(value);
2418 					value = NULL;
2419 				}
2420 			} else {
2421 				break;
2422 			}
2423 		}
2424 	}
2425 	if (value != NULL)
2426 		xmlFree(value);
2427 	return ((sa_optionset_t)node);
2428 }
2429 
2430 /*
2431  * sa_get_next_optionset(optionset)
2432  *
2433  * Return the next optionset in the group. NULL if this was the last.
2434  */
2435 
2436 sa_optionset_t
sa_get_next_optionset(sa_optionset_t optionset)2437 sa_get_next_optionset(sa_optionset_t optionset)
2438 {
2439 	xmlNodePtr node;
2440 
2441 	for (node = ((xmlNodePtr)optionset)->next; node != NULL;
2442 	    node = node->next) {
2443 		if (xmlStrcmp(node->name, (xmlChar *)"optionset") == 0) {
2444 			break;
2445 		}
2446 	}
2447 	return ((sa_optionset_t)node);
2448 }
2449 
2450 /*
2451  * sa_get_security(group, sectype, proto)
2452  *
2453  * Return the security optionset. The internal name is a hold over
2454  * from the implementation and will be changed before the API is
2455  * finalized. This is really a named optionset that can be negotiated
2456  * as a group of properties (like NFS security options).
2457  */
2458 
2459 sa_security_t
sa_get_security(sa_group_t group,char * sectype,char * proto)2460 sa_get_security(sa_group_t group, char *sectype, char *proto)
2461 {
2462 	xmlNodePtr node;
2463 	xmlChar *value = NULL;
2464 
2465 	for (node = ((xmlNodePtr)group)->children; node != NULL;
2466 	    node = node->next) {
2467 		if (xmlStrcmp(node->name, (xmlChar *)"security") == 0) {
2468 			if (proto != NULL) {
2469 				value = xmlGetProp(node, (xmlChar *)"type");
2470 				if (value == NULL ||
2471 				    (value != NULL &&
2472 				    xmlStrcmp(value, (xmlChar *)proto) != 0)) {
2473 					/* it doesn't match so continue */
2474 					xmlFree(value);
2475 					value = NULL;
2476 					continue;
2477 				}
2478 			}
2479 			if (value != NULL) {
2480 				xmlFree(value);
2481 				value = NULL;
2482 			}
2483 			/* potential match */
2484 			if (sectype != NULL) {
2485 				value = xmlGetProp(node, (xmlChar *)"sectype");
2486 				if (value != NULL &&
2487 				    xmlStrcmp(value, (xmlChar *)sectype) == 0) {
2488 					break;
2489 				}
2490 			} else {
2491 				break;
2492 			}
2493 		}
2494 		if (value != NULL) {
2495 			xmlFree(value);
2496 			value = NULL;
2497 		}
2498 	}
2499 	if (value != NULL)
2500 		xmlFree(value);
2501 	return ((sa_security_t)node);
2502 }
2503 
2504 /*
2505  * sa_get_next_security(security)
2506  *
2507  * Get the next security optionset if one exists.
2508  */
2509 
2510 sa_security_t
sa_get_next_security(sa_security_t security)2511 sa_get_next_security(sa_security_t security)
2512 {
2513 	xmlNodePtr node;
2514 
2515 	for (node = ((xmlNodePtr)security)->next; node != NULL;
2516 	    node = node->next) {
2517 		if (xmlStrcmp(node->name, (xmlChar *)"security") == 0) {
2518 			break;
2519 		}
2520 	}
2521 	return ((sa_security_t)node);
2522 }
2523 
2524 /*
2525  * sa_get_property(optionset, prop)
2526  *
2527  * Get the property object with the name specified in prop from the
2528  * optionset.
2529  */
2530 
2531 sa_property_t
sa_get_property(sa_optionset_t optionset,char * prop)2532 sa_get_property(sa_optionset_t optionset, char *prop)
2533 {
2534 	xmlNodePtr node = (xmlNodePtr)optionset;
2535 	xmlChar *value = NULL;
2536 
2537 	if (optionset == NULL)
2538 		return (NULL);
2539 
2540 	for (node = node->children; node != NULL;
2541 	    node = node->next) {
2542 		if (xmlStrcmp(node->name, (xmlChar *)"option") == 0) {
2543 			if (prop == NULL)
2544 				break;
2545 			value = xmlGetProp(node, (xmlChar *)"type");
2546 			if (value != NULL &&
2547 			    xmlStrcmp(value, (xmlChar *)prop) == 0) {
2548 				break;
2549 			}
2550 			if (value != NULL) {
2551 				xmlFree(value);
2552 				value = NULL;
2553 			}
2554 		}
2555 	}
2556 	if (value != NULL)
2557 		xmlFree(value);
2558 	if (node != NULL && xmlStrcmp(node->name, (xmlChar *)"option") != 0) {
2559 		/*
2560 		 * avoid a non option node -- it is possible to be a
2561 		 * text node
2562 		 */
2563 		node = NULL;
2564 	}
2565 	return ((sa_property_t)node);
2566 }
2567 
2568 /*
2569  * sa_get_next_property(property)
2570  *
2571  * Get the next property following the specified property. NULL if
2572  * this was the last.
2573  */
2574 
2575 sa_property_t
sa_get_next_property(sa_property_t property)2576 sa_get_next_property(sa_property_t property)
2577 {
2578 	xmlNodePtr node;
2579 
2580 	for (node = ((xmlNodePtr)property)->next; node != NULL;
2581 	    node = node->next) {
2582 		if (xmlStrcmp(node->name, (xmlChar *)"option") == 0) {
2583 			break;
2584 		}
2585 	}
2586 	return ((sa_property_t)node);
2587 }
2588 
2589 /*
2590  * sa_set_share_description(share, content)
2591  *
2592  * Set the description of share to content.
2593  */
2594 
2595 int
sa_set_share_description(sa_share_t share,char * content)2596 sa_set_share_description(sa_share_t share, char *content)
2597 {
2598 	xmlNodePtr node;
2599 	sa_group_t group;
2600 	int ret = SA_OK;
2601 
2602 	for (node = ((xmlNodePtr)share)->children; node != NULL;
2603 	    node = node->next) {
2604 		if (xmlStrcmp(node->name, (xmlChar *)"description") == 0) {
2605 			break;
2606 		}
2607 	}
2608 	/* no existing description but want to add */
2609 	if (node == NULL && content != NULL) {
2610 		/* add a description */
2611 		node = _sa_set_share_description(share, content);
2612 	} else if (node != NULL && content != NULL) {
2613 		/* update a description */
2614 		xmlNodeSetContent(node, (xmlChar *)content);
2615 	} else if (node != NULL && content == NULL) {
2616 		/* remove an existing description */
2617 		xmlUnlinkNode(node);
2618 		xmlFreeNode(node);
2619 	}
2620 	group = sa_get_parent_group(share);
2621 	if (group != NULL &&
2622 	    sa_is_persistent(share) && (!sa_group_is_zfs(group))) {
2623 		sa_handle_impl_t impl_handle;
2624 		impl_handle = (sa_handle_impl_t)sa_find_group_handle(group);
2625 		if (impl_handle != NULL) {
2626 			ret = sa_commit_share(impl_handle->scfhandle, group,
2627 			    share);
2628 		} else {
2629 			ret = SA_SYSTEM_ERR;
2630 		}
2631 	}
2632 	return (ret);
2633 }
2634 
2635 /*
2636  * fixproblemchars(string)
2637  *
2638  * don't want any newline or tab characters in the text since these
2639  * could break display of data and legacy file formats.
2640  */
2641 static void
fixproblemchars(char * str)2642 fixproblemchars(char *str)
2643 {
2644 	int c;
2645 	for (c = *str; c != '\0'; c = *++str) {
2646 		if (c == '\t' || c == '\n')
2647 			*str = ' ';
2648 		else if (c == '"')
2649 			*str = '\'';
2650 	}
2651 }
2652 
2653 /*
2654  * sa_get_share_description(share)
2655  *
2656  * Return the description text for the specified share if it
2657  * exists. NULL if no description exists.
2658  */
2659 
2660 char *
sa_get_share_description(sa_share_t share)2661 sa_get_share_description(sa_share_t share)
2662 {
2663 	xmlChar *description = NULL;
2664 	xmlNodePtr node;
2665 
2666 	for (node = ((xmlNodePtr)share)->children; node != NULL;
2667 	    node = node->next) {
2668 		if (xmlStrcmp(node->name, (xmlChar *)"description") == 0) {
2669 			break;
2670 		}
2671 	}
2672 	if (node != NULL) {
2673 		description = xmlNodeGetContent(node);
2674 		fixproblemchars((char *)description);
2675 	}
2676 	return ((char *)description);
2677 }
2678 
2679 /*
2680  * sa_free(share_description(description)
2681  *
2682  * Free the description string.
2683  */
2684 
2685 void
sa_free_share_description(char * description)2686 sa_free_share_description(char *description)
2687 {
2688 	xmlFree((xmlChar *)description);
2689 }
2690 
2691 /*
2692  * sa_create_optionset(group, proto)
2693  *
2694  * Create an optionset for the specified protocol in the specied
2695  * group. This is manifested as a property group within SMF.
2696  */
2697 
2698 sa_optionset_t
sa_create_optionset(sa_group_t group,char * proto)2699 sa_create_optionset(sa_group_t group, char *proto)
2700 {
2701 	sa_optionset_t optionset;
2702 	sa_group_t parent = group;
2703 	sa_share_t share = NULL;
2704 	int err = SA_OK;
2705 	char *id = NULL;
2706 
2707 	optionset = sa_get_optionset(group, proto);
2708 	if (optionset != NULL) {
2709 		/* can't have a duplicate protocol */
2710 		optionset = NULL;
2711 	} else {
2712 		/*
2713 		 * Account for resource names being slightly
2714 		 * different.
2715 		 */
2716 		if (sa_is_share(group)) {
2717 			/*
2718 			 * Transient shares do not have an "id" so not an
2719 			 * error to not find one.
2720 			 */
2721 			id = sa_get_share_attr((sa_share_t)group, "id");
2722 		} else if (sa_is_resource(group)) {
2723 			share = sa_get_resource_parent(
2724 			    (sa_resource_t)group);
2725 			id = sa_get_resource_attr(share, "id");
2726 
2727 			/* id can be NULL if the group is transient (ZFS) */
2728 			if (id == NULL && sa_is_persistent(group))
2729 				err = SA_NO_MEMORY;
2730 		}
2731 		if (err == SA_NO_MEMORY) {
2732 			/*
2733 			 * Couldn't get the id for the share or
2734 			 * resource. While this could be a
2735 			 * configuration issue, it is most likely an
2736 			 * out of memory. In any case, fail the create.
2737 			 */
2738 			return (NULL);
2739 		}
2740 
2741 		optionset = (sa_optionset_t)xmlNewChild((xmlNodePtr)group,
2742 		    NULL, (xmlChar *)"optionset", NULL);
2743 		/*
2744 		 * only put to repository if on a group and we were
2745 		 * able to create an optionset.
2746 		 */
2747 		if (optionset != NULL) {
2748 			char oname[SA_STRSIZE];
2749 			char *groupname;
2750 
2751 			/*
2752 			 * Need to get parent group in all cases, but also get
2753 			 * the share if this is a resource.
2754 			 */
2755 			if (sa_is_share(group)) {
2756 				parent = sa_get_parent_group((sa_share_t)group);
2757 			} else if (sa_is_resource(group)) {
2758 				share = sa_get_resource_parent(
2759 				    (sa_resource_t)group);
2760 				parent = sa_get_parent_group(share);
2761 			}
2762 
2763 			sa_set_optionset_attr(optionset, "type", proto);
2764 
2765 			(void) sa_optionset_name(optionset, oname,
2766 			    sizeof (oname), id);
2767 			groupname = sa_get_group_attr(parent, "name");
2768 			if (groupname != NULL && sa_is_persistent(group)) {
2769 				sa_handle_impl_t impl_handle;
2770 				impl_handle =
2771 				    (sa_handle_impl_t)sa_find_group_handle(
2772 				    group);
2773 				assert(impl_handle != NULL);
2774 				if (impl_handle != NULL) {
2775 					(void) sa_get_instance(
2776 					    impl_handle->scfhandle, groupname);
2777 					(void) sa_create_pgroup(
2778 					    impl_handle->scfhandle, oname);
2779 				}
2780 			}
2781 			if (groupname != NULL)
2782 				sa_free_attr_string(groupname);
2783 		}
2784 	}
2785 
2786 	if (id != NULL)
2787 		sa_free_attr_string(id);
2788 	return (optionset);
2789 }
2790 
2791 /*
2792  * sa_get_property_parent(property)
2793  *
2794  * Given a property, return the object it is a property of. This will
2795  * be an optionset of some type.
2796  */
2797 
2798 static sa_optionset_t
sa_get_property_parent(sa_property_t property)2799 sa_get_property_parent(sa_property_t property)
2800 {
2801 	xmlNodePtr node = NULL;
2802 
2803 	if (property != NULL)
2804 		node = ((xmlNodePtr)property)->parent;
2805 	return ((sa_optionset_t)node);
2806 }
2807 
2808 /*
2809  * sa_get_optionset_parent(optionset)
2810  *
2811  * Return the parent of the specified optionset. This could be a group
2812  * or a share.
2813  */
2814 
2815 static sa_group_t
sa_get_optionset_parent(sa_optionset_t optionset)2816 sa_get_optionset_parent(sa_optionset_t optionset)
2817 {
2818 	xmlNodePtr node = NULL;
2819 
2820 	if (optionset != NULL)
2821 		node = ((xmlNodePtr)optionset)->parent;
2822 	return ((sa_group_t)node);
2823 }
2824 
2825 /*
2826  * zfs_needs_update(share)
2827  *
2828  * In order to avoid making multiple updates to a ZFS share when
2829  * setting properties, the share attribute "changed" will be set to
2830  * true when a property is added or modified.  When done adding
2831  * properties, we can then detect that an update is needed.  We then
2832  * clear the state here to detect additional changes.
2833  */
2834 
2835 static int
zfs_needs_update(sa_share_t share)2836 zfs_needs_update(sa_share_t share)
2837 {
2838 	char *attr;
2839 	int result = 0;
2840 
2841 	attr = sa_get_share_attr(share, "changed");
2842 	if (attr != NULL) {
2843 		sa_free_attr_string(attr);
2844 		result = 1;
2845 	}
2846 	set_node_attr((void *)share, "changed", NULL);
2847 	return (result);
2848 }
2849 
2850 /*
2851  * zfs_set_update(share)
2852  *
2853  * Set the changed attribute of the share to true.
2854  */
2855 
2856 static void
zfs_set_update(sa_share_t share)2857 zfs_set_update(sa_share_t share)
2858 {
2859 	set_node_attr((void *)share, "changed", "true");
2860 }
2861 
2862 /*
2863  * sa_commit_properties(optionset, clear)
2864  *
2865  * Check if SMF or ZFS config and either update or abort the pending
2866  * changes.
2867  */
2868 
2869 int
sa_commit_properties(sa_optionset_t optionset,int clear)2870 sa_commit_properties(sa_optionset_t optionset, int clear)
2871 {
2872 	sa_group_t group;
2873 	sa_group_t parent;
2874 	int zfs = 0;
2875 	int needsupdate = 0;
2876 	int ret = SA_OK;
2877 	sa_handle_impl_t impl_handle;
2878 
2879 	group = sa_get_optionset_parent(optionset);
2880 	if (group != NULL && (sa_is_share(group) || is_zfs_group(group))) {
2881 		/* only update ZFS if on a share */
2882 		parent = sa_get_parent_group(group);
2883 		zfs++;
2884 		if (parent != NULL && is_zfs_group(parent))
2885 			needsupdate = zfs_needs_update(group);
2886 		else
2887 			zfs = 0;
2888 	}
2889 	if (zfs) {
2890 		if (!clear && needsupdate)
2891 			ret = sa_zfs_update((sa_share_t)group);
2892 	} else {
2893 		impl_handle = (sa_handle_impl_t)sa_find_group_handle(group);
2894 		if (impl_handle != NULL) {
2895 			if (clear) {
2896 				(void) sa_abort_transaction(
2897 				    impl_handle->scfhandle);
2898 			} else {
2899 				ret = sa_end_transaction(
2900 				    impl_handle->scfhandle, impl_handle);
2901 			}
2902 		} else {
2903 			ret = SA_SYSTEM_ERR;
2904 		}
2905 	}
2906 	return (ret);
2907 }
2908 
2909 /*
2910  * sa_destroy_optionset(optionset)
2911  *
2912  * Remove the optionset from its group. Update the repository to
2913  * reflect this change.
2914  */
2915 
2916 int
sa_destroy_optionset(sa_optionset_t optionset)2917 sa_destroy_optionset(sa_optionset_t optionset)
2918 {
2919 	char name[SA_STRSIZE];
2920 	int len;
2921 	int ret;
2922 	char *id = NULL;
2923 	sa_group_t group;
2924 	int ispersist = 1;
2925 
2926 	/* now delete the prop group */
2927 	group = sa_get_optionset_parent(optionset);
2928 	if (group != NULL) {
2929 		if (sa_is_resource(group)) {
2930 			sa_resource_t resource = group;
2931 			sa_share_t share = sa_get_resource_parent(resource);
2932 			group = sa_get_parent_group(share);
2933 			id = sa_get_share_attr(share, "id");
2934 		} else if (sa_is_share(group)) {
2935 			id = sa_get_share_attr((sa_share_t)group, "id");
2936 		}
2937 		ispersist = sa_is_persistent(group);
2938 	}
2939 	if (ispersist) {
2940 		sa_handle_impl_t impl_handle;
2941 		len = sa_optionset_name(optionset, name, sizeof (name), id);
2942 		impl_handle = (sa_handle_impl_t)sa_find_group_handle(group);
2943 		if (impl_handle != NULL) {
2944 			if (len > 0) {
2945 				ret = sa_delete_pgroup(impl_handle->scfhandle,
2946 				    name);
2947 			}
2948 		} else {
2949 			ret = SA_SYSTEM_ERR;
2950 		}
2951 	}
2952 	xmlUnlinkNode((xmlNodePtr)optionset);
2953 	xmlFreeNode((xmlNodePtr)optionset);
2954 	if (id != NULL)
2955 		sa_free_attr_string(id);
2956 	return (ret);
2957 }
2958 
2959 /* private to the implementation */
2960 int
_sa_remove_optionset(sa_optionset_t optionset)2961 _sa_remove_optionset(sa_optionset_t optionset)
2962 {
2963 	int ret = SA_OK;
2964 
2965 	xmlUnlinkNode((xmlNodePtr)optionset);
2966 	xmlFreeNode((xmlNodePtr)optionset);
2967 	return (ret);
2968 }
2969 
2970 /*
2971  * sa_create_security(group, sectype, proto)
2972  *
2973  * Create a security optionset (one that has a type name and a
2974  * proto). Security is left over from a pure NFS implementation. The
2975  * naming will change in the future when the API is released.
2976  */
2977 sa_security_t
sa_create_security(sa_group_t group,char * sectype,char * proto)2978 sa_create_security(sa_group_t group, char *sectype, char *proto)
2979 {
2980 	sa_security_t security;
2981 	char *id = NULL;
2982 	sa_group_t parent;
2983 	char *groupname = NULL;
2984 
2985 	if (group != NULL && sa_is_share(group)) {
2986 		id = sa_get_share_attr((sa_share_t)group, "id");
2987 		parent = sa_get_parent_group(group);
2988 		if (parent != NULL)
2989 			groupname = sa_get_group_attr(parent, "name");
2990 	} else if (group != NULL) {
2991 		groupname = sa_get_group_attr(group, "name");
2992 	}
2993 
2994 	security = sa_get_security(group, sectype, proto);
2995 	if (security != NULL) {
2996 		/* can't have a duplicate security option */
2997 		security = NULL;
2998 	} else {
2999 		security = (sa_security_t)xmlNewChild((xmlNodePtr)group,
3000 		    NULL, (xmlChar *)"security", NULL);
3001 		if (security != NULL) {
3002 			char oname[SA_STRSIZE];
3003 			sa_set_security_attr(security, "type", proto);
3004 
3005 			sa_set_security_attr(security, "sectype", sectype);
3006 			(void) sa_security_name(security, oname,
3007 			    sizeof (oname), id);
3008 			if (groupname != NULL && sa_is_persistent(group)) {
3009 				sa_handle_impl_t impl_handle;
3010 				impl_handle =
3011 				    (sa_handle_impl_t)sa_find_group_handle(
3012 				    group);
3013 				if (impl_handle != NULL) {
3014 					(void) sa_get_instance(
3015 					    impl_handle->scfhandle, groupname);
3016 					(void) sa_create_pgroup(
3017 					    impl_handle->scfhandle, oname);
3018 				}
3019 			}
3020 		}
3021 	}
3022 	if (id != NULL)
3023 		sa_free_attr_string(id);
3024 	if (groupname != NULL)
3025 		sa_free_attr_string(groupname);
3026 	return (security);
3027 }
3028 
3029 /*
3030  * sa_destroy_security(security)
3031  *
3032  * Remove the specified optionset from the document and the
3033  * configuration.
3034  */
3035 
3036 int
sa_destroy_security(sa_security_t security)3037 sa_destroy_security(sa_security_t security)
3038 {
3039 	char name[SA_STRSIZE];
3040 	int len;
3041 	int ret = SA_OK;
3042 	char *id = NULL;
3043 	sa_group_t group;
3044 	int iszfs = 0;
3045 	int ispersist = 1;
3046 
3047 	group = sa_get_optionset_parent(security);
3048 
3049 	if (group != NULL)
3050 		iszfs = sa_group_is_zfs(group);
3051 
3052 	if (group != NULL && !iszfs) {
3053 		if (sa_is_share(group))
3054 			ispersist = sa_is_persistent(group);
3055 		id = sa_get_share_attr((sa_share_t)group, "id");
3056 	}
3057 	if (ispersist) {
3058 		len = sa_security_name(security, name, sizeof (name), id);
3059 		if (!iszfs && len > 0) {
3060 			sa_handle_impl_t impl_handle;
3061 			impl_handle =
3062 			    (sa_handle_impl_t)sa_find_group_handle(group);
3063 			if (impl_handle != NULL) {
3064 				ret = sa_delete_pgroup(impl_handle->scfhandle,
3065 				    name);
3066 			} else {
3067 				ret = SA_SYSTEM_ERR;
3068 			}
3069 		}
3070 	}
3071 	xmlUnlinkNode((xmlNodePtr)security);
3072 	xmlFreeNode((xmlNodePtr)security);
3073 	if (iszfs)
3074 		ret = sa_zfs_update(group);
3075 	if (id != NULL)
3076 		sa_free_attr_string(id);
3077 	return (ret);
3078 }
3079 
3080 /*
3081  * sa_get_security_attr(optionset, tag)
3082  *
3083  * Return the specified attribute value from the optionset.
3084  */
3085 
3086 char *
sa_get_security_attr(sa_property_t optionset,char * tag)3087 sa_get_security_attr(sa_property_t optionset, char *tag)
3088 {
3089 	return (get_node_attr((void *)optionset, tag));
3090 
3091 }
3092 
3093 /*
3094  * sa_set_security_attr(optionset, tag, value)
3095  *
3096  * Set the optioset attribute specied by tag to the specified value.
3097  */
3098 
3099 void
sa_set_security_attr(sa_group_t optionset,char * tag,char * value)3100 sa_set_security_attr(sa_group_t optionset, char *tag, char *value)
3101 {
3102 	set_node_attr((void *)optionset, tag, value);
3103 }
3104 
3105 /*
3106  * is_nodetype(node, type)
3107  *
3108  * Check to see if node is of the type specified.
3109  */
3110 
3111 static int
is_nodetype(void * node,char * type)3112 is_nodetype(void *node, char *type)
3113 {
3114 	return (strcmp((char *)((xmlNodePtr)node)->name, type) == 0);
3115 }
3116 
3117 /*
3118  * add_or_update()
3119  *
3120  * Add or update a property. Pulled out of sa_set_prop_by_prop for
3121  * readability.
3122  */
3123 static int
add_or_update(scfutilhandle_t * scf_handle,int type,scf_value_t * value,scf_transaction_entry_t * entry,char * name,char * valstr)3124 add_or_update(scfutilhandle_t *scf_handle, int type, scf_value_t *value,
3125     scf_transaction_entry_t *entry, char *name, char *valstr)
3126 {
3127 	int ret = SA_SYSTEM_ERR;
3128 
3129 	if (value != NULL) {
3130 		if (type == SA_PROP_OP_ADD)
3131 			ret = scf_transaction_property_new(scf_handle->trans,
3132 			    entry, name, SCF_TYPE_ASTRING);
3133 		else
3134 			ret = scf_transaction_property_change(scf_handle->trans,
3135 			    entry, name, SCF_TYPE_ASTRING);
3136 		if (ret == 0) {
3137 			ret = scf_value_set_astring(value, valstr);
3138 			if (ret == 0)
3139 				ret = scf_entry_add_value(entry, value);
3140 			if (ret == 0)
3141 				return (ret);
3142 			scf_value_destroy(value);
3143 		} else {
3144 			scf_entry_destroy(entry);
3145 		}
3146 	}
3147 	return (SA_SYSTEM_ERR);
3148 }
3149 
3150 /*
3151  * sa_set_prop_by_prop(optionset, group, prop, type)
3152  *
3153  * Add/remove/update the specified property prop into the optionset or
3154  * share. If a share, sort out which property group based on GUID. In
3155  * all cases, the appropriate transaction is set (or ZFS share is
3156  * marked as needing an update)
3157  */
3158 
3159 static int
sa_set_prop_by_prop(sa_optionset_t optionset,sa_group_t group,sa_property_t prop,int type)3160 sa_set_prop_by_prop(sa_optionset_t optionset, sa_group_t group,
3161     sa_property_t prop, int type)
3162 {
3163 	char *name;
3164 	char *valstr;
3165 	int ret = SA_OK;
3166 	scf_transaction_entry_t *entry;
3167 	scf_value_t *value;
3168 	int opttype; /* 1 == optionset, 0 == security */
3169 	char *id = NULL;
3170 	int iszfs = 0;
3171 	sa_group_t parent = NULL;
3172 	sa_share_t share = NULL;
3173 	sa_handle_impl_t impl_handle;
3174 	scfutilhandle_t  *scf_handle;
3175 
3176 	if (!sa_is_persistent(group)) {
3177 		/*
3178 		 * if the group/share is not persistent we don't need
3179 		 * to do anything here
3180 		 */
3181 		return (SA_OK);
3182 	}
3183 	impl_handle = (sa_handle_impl_t)sa_find_group_handle(group);
3184 	if (impl_handle == NULL || impl_handle->scfhandle == NULL)
3185 		return (SA_SYSTEM_ERR);
3186 	scf_handle = impl_handle->scfhandle;
3187 	name = sa_get_property_attr(prop, "type");
3188 	valstr = sa_get_property_attr(prop, "value");
3189 	entry = scf_entry_create(scf_handle->handle);
3190 	opttype = is_nodetype((void *)optionset, "optionset");
3191 
3192 	/*
3193 	 * Check for share vs. resource since they need slightly
3194 	 * different treatment given the hierarchy.
3195 	 */
3196 	if (valstr != NULL && entry != NULL) {
3197 		if (sa_is_share(group)) {
3198 			parent = sa_get_parent_group(group);
3199 			share = (sa_share_t)group;
3200 			if (parent != NULL)
3201 				iszfs = is_zfs_group(parent);
3202 		} else if (sa_is_resource(group)) {
3203 			share = sa_get_parent_group(group);
3204 			if (share != NULL)
3205 				parent = sa_get_parent_group(share);
3206 		} else {
3207 			iszfs = is_zfs_group(group);
3208 		}
3209 		if (!iszfs) {
3210 			if (scf_handle->trans == NULL) {
3211 				char oname[SA_STRSIZE];
3212 				char *groupname = NULL;
3213 				if (share != NULL) {
3214 					if (parent != NULL)
3215 						groupname =
3216 						    sa_get_group_attr(parent,
3217 						    "name");
3218 					id = sa_get_share_attr(
3219 					    (sa_share_t)share, "id");
3220 				} else {
3221 					groupname = sa_get_group_attr(group,
3222 					    "name");
3223 				}
3224 				if (groupname != NULL) {
3225 					ret = sa_get_instance(scf_handle,
3226 					    groupname);
3227 					sa_free_attr_string(groupname);
3228 				}
3229 				if (opttype)
3230 					(void) sa_optionset_name(optionset,
3231 					    oname, sizeof (oname), id);
3232 				else
3233 					(void) sa_security_name(optionset,
3234 					    oname, sizeof (oname), id);
3235 				ret = sa_start_transaction(scf_handle, oname);
3236 				if (id != NULL)
3237 					sa_free_attr_string(id);
3238 			}
3239 			if (ret == SA_OK) {
3240 				switch (type) {
3241 				case SA_PROP_OP_REMOVE:
3242 					ret = scf_transaction_property_delete(
3243 					    scf_handle->trans, entry, name);
3244 					break;
3245 				case SA_PROP_OP_ADD:
3246 				case SA_PROP_OP_UPDATE:
3247 					value = scf_value_create(
3248 					    scf_handle->handle);
3249 					ret = add_or_update(scf_handle, type,
3250 					    value, entry, name, valstr);
3251 					break;
3252 				}
3253 			}
3254 		} else {
3255 			/*
3256 			 * ZFS update. The calling function would have updated
3257 			 * the internal XML structure. Just need to flag it as
3258 			 * changed for ZFS.
3259 			 */
3260 			zfs_set_update((sa_share_t)group);
3261 		}
3262 	}
3263 
3264 	if (name != NULL)
3265 		sa_free_attr_string(name);
3266 	if (valstr != NULL)
3267 		sa_free_attr_string(valstr);
3268 	else if (entry != NULL)
3269 		scf_entry_destroy(entry);
3270 
3271 	if (ret == -1)
3272 		ret = SA_SYSTEM_ERR;
3273 
3274 	return (ret);
3275 }
3276 
3277 /*
3278  * sa_create_section(name, value)
3279  *
3280  * Create a new section with the specified name and extra data.
3281  */
3282 
3283 sa_property_t
sa_create_section(char * name,char * extra)3284 sa_create_section(char *name, char *extra)
3285 {
3286 	xmlNodePtr node;
3287 
3288 	node = xmlNewNode(NULL, (xmlChar *)"section");
3289 	if (node != NULL) {
3290 		if (name != NULL)
3291 			(void) xmlSetProp(node, (xmlChar *)"name",
3292 			    (xmlChar *)name);
3293 		if (extra != NULL)
3294 			(void) xmlSetProp(node, (xmlChar *)"extra",
3295 			    (xmlChar *)extra);
3296 	}
3297 	return ((sa_property_t)node);
3298 }
3299 
3300 void
sa_set_section_attr(sa_property_t sect,char * name,char * value)3301 sa_set_section_attr(sa_property_t sect, char *name, char *value)
3302 {
3303 	(void) xmlSetProp(sect, (xmlChar *)name, (xmlChar *)value);
3304 }
3305 
3306 /*
3307  * sa_create_property(section, name, value)
3308  *
3309  * Create a new property with the specified name and value.
3310  */
3311 
3312 sa_property_t
sa_create_property(char * name,char * value)3313 sa_create_property(char *name, char *value)
3314 {
3315 	xmlNodePtr node;
3316 
3317 	node = xmlNewNode(NULL, (xmlChar *)"option");
3318 	if (node != NULL) {
3319 		(void) xmlSetProp(node, (xmlChar *)"type", (xmlChar *)name);
3320 		(void) xmlSetProp(node, (xmlChar *)"value", (xmlChar *)value);
3321 	}
3322 	return ((sa_property_t)node);
3323 }
3324 
3325 /*
3326  * sa_add_property(object, property)
3327  *
3328  * Add the specified property to the object. Issue the appropriate
3329  * transaction or mark a ZFS object as needing an update.
3330  */
3331 
3332 int
sa_add_property(void * object,sa_property_t property)3333 sa_add_property(void *object, sa_property_t property)
3334 {
3335 	int ret = SA_OK;
3336 	sa_group_t parent;
3337 	sa_group_t group;
3338 	char *proto;
3339 
3340 	if (property != NULL) {
3341 		sa_handle_t handle;
3342 		handle = sa_find_group_handle((sa_group_t)object);
3343 		/* It is legitimate to not find a handle */
3344 		proto = sa_get_optionset_attr(object, "type");
3345 		if ((ret = sa_valid_property(handle, object, proto,
3346 		    property)) == SA_OK) {
3347 			property = (sa_property_t)xmlAddChild(
3348 			    (xmlNodePtr)object, (xmlNodePtr)property);
3349 		} else {
3350 			if (proto != NULL)
3351 				sa_free_attr_string(proto);
3352 			return (ret);
3353 		}
3354 		if (proto != NULL)
3355 			sa_free_attr_string(proto);
3356 	}
3357 
3358 
3359 	parent = sa_get_parent_group(object);
3360 	if (!sa_is_persistent(parent))
3361 		return (ret);
3362 
3363 	if (sa_is_resource(parent)) {
3364 		/*
3365 		 * Resources are children of share.  Need to go up two
3366 		 * levels to find the group but the parent needs to be
3367 		 * the share at this point in order to get the "id".
3368 		 */
3369 		parent = sa_get_parent_group(parent);
3370 		group = sa_get_parent_group(parent);
3371 	} else if (sa_is_share(parent)) {
3372 		group = sa_get_parent_group(parent);
3373 	} else {
3374 		group = parent;
3375 	}
3376 
3377 	if (property == NULL) {
3378 		ret = SA_NO_MEMORY;
3379 	} else {
3380 		char oname[SA_STRSIZE];
3381 
3382 		if (!is_zfs_group(group)) {
3383 			char *id = NULL;
3384 			sa_handle_impl_t impl_handle;
3385 			scfutilhandle_t  *scf_handle;
3386 
3387 			impl_handle = (sa_handle_impl_t)sa_find_group_handle(
3388 			    group);
3389 			if (impl_handle == NULL ||
3390 			    impl_handle->scfhandle == NULL)
3391 				ret = SA_SYSTEM_ERR;
3392 			if (ret == SA_OK) {
3393 				scf_handle = impl_handle->scfhandle;
3394 				if (sa_is_share((sa_group_t)parent)) {
3395 					id = sa_get_share_attr(
3396 					    (sa_share_t)parent, "id");
3397 				}
3398 				if (scf_handle->trans == NULL) {
3399 					if (is_nodetype(object, "optionset")) {
3400 						(void) sa_optionset_name(
3401 						    (sa_optionset_t)object,
3402 						    oname, sizeof (oname), id);
3403 					} else {
3404 						(void) sa_security_name(
3405 						    (sa_optionset_t)object,
3406 						    oname, sizeof (oname), id);
3407 					}
3408 					ret = sa_start_transaction(scf_handle,
3409 					    oname);
3410 				}
3411 				if (ret == SA_OK) {
3412 					char *name;
3413 					char *value;
3414 					name = sa_get_property_attr(property,
3415 					    "type");
3416 					value = sa_get_property_attr(property,
3417 					    "value");
3418 					if (name != NULL && value != NULL) {
3419 						if (scf_handle->scf_state ==
3420 						    SCH_STATE_INIT) {
3421 							ret = sa_set_property(
3422 							    scf_handle, name,
3423 							    value);
3424 						}
3425 					} else {
3426 						ret = SA_CONFIG_ERR;
3427 					}
3428 					if (name != NULL)
3429 						sa_free_attr_string(
3430 						    name);
3431 					if (value != NULL)
3432 						sa_free_attr_string(value);
3433 				}
3434 				if (id != NULL)
3435 					sa_free_attr_string(id);
3436 			}
3437 		} else {
3438 			/*
3439 			 * ZFS is a special case. We do want
3440 			 * to allow editing property/security
3441 			 * lists since we can have a better
3442 			 * syntax and we also want to keep
3443 			 * things consistent when possible.
3444 			 *
3445 			 * Right now, we defer until the
3446 			 * sa_commit_properties so we can get
3447 			 * them all at once. We do need to
3448 			 * mark the share as "changed"
3449 			 */
3450 			zfs_set_update((sa_share_t)parent);
3451 		}
3452 	}
3453 	return (ret);
3454 }
3455 
3456 /*
3457  * sa_remove_property(property)
3458  *
3459  * Remove the specied property from its containing object. Update the
3460  * repository as appropriate.
3461  */
3462 
3463 int
sa_remove_property(sa_property_t property)3464 sa_remove_property(sa_property_t property)
3465 {
3466 	int ret = SA_OK;
3467 
3468 	if (property != NULL) {
3469 		sa_optionset_t optionset;
3470 		sa_group_t group;
3471 		optionset = sa_get_property_parent(property);
3472 		if (optionset != NULL) {
3473 			group = sa_get_optionset_parent(optionset);
3474 			if (group != NULL) {
3475 				ret = sa_set_prop_by_prop(optionset, group,
3476 				    property, SA_PROP_OP_REMOVE);
3477 			}
3478 		}
3479 		xmlUnlinkNode((xmlNodePtr)property);
3480 		xmlFreeNode((xmlNodePtr)property);
3481 	} else {
3482 		ret = SA_NO_SUCH_PROP;
3483 	}
3484 	return (ret);
3485 }
3486 
3487 /*
3488  * sa_update_property(property, value)
3489  *
3490  * Update the specified property to the new value.  If value is NULL,
3491  * we currently treat this as a remove.
3492  */
3493 
3494 int
sa_update_property(sa_property_t property,char * value)3495 sa_update_property(sa_property_t property, char *value)
3496 {
3497 	int ret = SA_OK;
3498 	if (value == NULL) {
3499 		return (sa_remove_property(property));
3500 	} else {
3501 		sa_optionset_t optionset;
3502 		sa_group_t group;
3503 		set_node_attr((void *)property, "value", value);
3504 		optionset = sa_get_property_parent(property);
3505 		if (optionset != NULL) {
3506 			group = sa_get_optionset_parent(optionset);
3507 			if (group != NULL) {
3508 				ret = sa_set_prop_by_prop(optionset, group,
3509 				    property, SA_PROP_OP_UPDATE);
3510 			}
3511 		} else {
3512 			ret = SA_NO_SUCH_PROP;
3513 		}
3514 	}
3515 	return (ret);
3516 }
3517 
3518 /*
3519  * sa_get_protocol_section(propset, prop)
3520  *
3521  * Get the specified protocol specific section. These are global to
3522  * the protocol and not specific to a group or share.
3523  */
3524 
3525 sa_protocol_properties_t
sa_get_protocol_section(sa_protocol_properties_t propset,char * section)3526 sa_get_protocol_section(sa_protocol_properties_t propset, char *section)
3527 {
3528 	xmlNodePtr node = (xmlNodePtr)propset;
3529 	xmlChar *value = NULL;
3530 	char *proto;
3531 
3532 	proto = sa_get_optionset_attr(propset, "type");
3533 	if ((sa_proto_get_featureset(proto) & SA_FEATURE_HAS_SECTIONS) == 0) {
3534 		if (proto != NULL)
3535 			sa_free_attr_string(proto);
3536 		return (propset);
3537 	}
3538 
3539 	for (node = node->children; node != NULL;
3540 	    node = node->next) {
3541 		if (xmlStrcmp(node->name, (xmlChar *)"section") == 0) {
3542 			if (section == NULL)
3543 				break;
3544 			value = xmlGetProp(node, (xmlChar *)"name");
3545 			if (value != NULL &&
3546 			    xmlStrcasecmp(value, (xmlChar *)section) == 0) {
3547 				break;
3548 			}
3549 			if (value != NULL) {
3550 				xmlFree(value);
3551 				value = NULL;
3552 			}
3553 		}
3554 	}
3555 	if (value != NULL)
3556 		xmlFree(value);
3557 	if (proto != NULL)
3558 		sa_free_attr_string(proto);
3559 	if (node != NULL && xmlStrcmp(node->name, (xmlChar *)"section") != 0) {
3560 		/*
3561 		 * avoid a non option node -- it is possible to be a
3562 		 * text node
3563 		 */
3564 		node = NULL;
3565 	}
3566 	return ((sa_protocol_properties_t)node);
3567 }
3568 
3569 /*
3570  * sa_get_next_protocol_section(prop, find)
3571  *
3572  * Get the next protocol specific section in the list.
3573  */
3574 
3575 sa_property_t
sa_get_next_protocol_section(sa_property_t prop,char * find)3576 sa_get_next_protocol_section(sa_property_t prop, char *find)
3577 {
3578 	xmlNodePtr node;
3579 	xmlChar *value = NULL;
3580 	char *proto;
3581 
3582 	proto = sa_get_optionset_attr(prop, "type");
3583 	if ((sa_proto_get_featureset(proto) & SA_FEATURE_HAS_SECTIONS) == 0) {
3584 		if (proto != NULL)
3585 			sa_free_attr_string(proto);
3586 		return ((sa_property_t)NULL);
3587 	}
3588 
3589 	for (node = ((xmlNodePtr)prop)->next; node != NULL;
3590 	    node = node->next) {
3591 		if (xmlStrcmp(node->name, (xmlChar *)"section") == 0) {
3592 			if (find == NULL)
3593 				break;
3594 			value = xmlGetProp(node, (xmlChar *)"name");
3595 			if (value != NULL &&
3596 			    xmlStrcasecmp(value, (xmlChar *)find) == 0) {
3597 				break;
3598 			}
3599 			if (value != NULL) {
3600 				xmlFree(value);
3601 				value = NULL;
3602 			}
3603 
3604 		}
3605 	}
3606 	if (value != NULL)
3607 		xmlFree(value);
3608 	if (proto != NULL)
3609 		sa_free_attr_string(proto);
3610 	return ((sa_property_t)node);
3611 }
3612 
3613 /*
3614  * sa_get_protocol_property(propset, prop)
3615  *
3616  * Get the specified protocol specific property. These are global to
3617  * the protocol and not specific to a group or share.
3618  */
3619 
3620 sa_property_t
sa_get_protocol_property(sa_protocol_properties_t propset,char * prop)3621 sa_get_protocol_property(sa_protocol_properties_t propset, char *prop)
3622 {
3623 	xmlNodePtr node = (xmlNodePtr)propset;
3624 	xmlChar *value = NULL;
3625 
3626 	if (propset == NULL)
3627 		return (NULL);
3628 
3629 	for (node = node->children; node != NULL;
3630 	    node = node->next) {
3631 		if (xmlStrcmp(node->name, (xmlChar *)"option") == 0) {
3632 			if (prop == NULL)
3633 				break;
3634 			value = xmlGetProp(node, (xmlChar *)"type");
3635 			if (value != NULL &&
3636 			    xmlStrcasecmp(value, (xmlChar *)prop) == 0) {
3637 				break;
3638 			}
3639 			if (value != NULL) {
3640 				xmlFree(value);
3641 				value = NULL;
3642 			}
3643 		}
3644 	}
3645 	if (value != NULL)
3646 		xmlFree(value);
3647 	if (node != NULL && xmlStrcmp(node->name, (xmlChar *)"option") != 0) {
3648 		/*
3649 		 * avoid a non option node -- it is possible to be a
3650 		 * text node
3651 		 */
3652 		node = NULL;
3653 	}
3654 	return ((sa_property_t)node);
3655 }
3656 
3657 /*
3658  * sa_get_next_protocol_property(prop)
3659  *
3660  * Get the next protocol specific property in the list.
3661  */
3662 
3663 sa_property_t
sa_get_next_protocol_property(sa_property_t prop,char * find)3664 sa_get_next_protocol_property(sa_property_t prop, char *find)
3665 {
3666 	xmlNodePtr node;
3667 	xmlChar *value = NULL;
3668 
3669 	for (node = ((xmlNodePtr)prop)->next; node != NULL;
3670 	    node = node->next) {
3671 		if (xmlStrcmp(node->name, (xmlChar *)"option") == 0) {
3672 			if (find == NULL)
3673 				break;
3674 			value = xmlGetProp(node, (xmlChar *)"type");
3675 			if (value != NULL &&
3676 			    xmlStrcasecmp(value, (xmlChar *)find) == 0) {
3677 				break;
3678 			}
3679 			if (value != NULL) {
3680 				xmlFree(value);
3681 				value = NULL;
3682 			}
3683 
3684 		}
3685 	}
3686 	if (value != NULL)
3687 		xmlFree(value);
3688 	return ((sa_property_t)node);
3689 }
3690 
3691 /*
3692  * sa_set_protocol_property(prop, value)
3693  *
3694  * Set the specified property to have the new value.  The protocol
3695  * specific plugin will then be called to update the property.
3696  */
3697 
3698 int
sa_set_protocol_property(sa_property_t prop,char * section,char * value)3699 sa_set_protocol_property(sa_property_t prop, char *section, char *value)
3700 {
3701 	sa_protocol_properties_t propset;
3702 	char *proto;
3703 	int ret = SA_INVALID_PROTOCOL;
3704 
3705 	propset = ((xmlNodePtr)prop)->parent;
3706 	if (propset != NULL) {
3707 		proto = sa_get_optionset_attr(propset, "type");
3708 		if (proto != NULL) {
3709 			if (section != NULL)
3710 				set_node_attr((xmlNodePtr)prop, "section",
3711 				    section);
3712 			set_node_attr((xmlNodePtr)prop, "value", value);
3713 			ret = sa_proto_set_property(proto, prop);
3714 			sa_free_attr_string(proto);
3715 		}
3716 	}
3717 	return (ret);
3718 }
3719 
3720 /*
3721  * sa_add_protocol_property(propset, prop)
3722  *
3723  * Add a new property to the protocol specific property set.
3724  */
3725 
3726 int
sa_add_protocol_property(sa_protocol_properties_t propset,sa_property_t prop)3727 sa_add_protocol_property(sa_protocol_properties_t propset, sa_property_t prop)
3728 {
3729 	xmlNodePtr node;
3730 
3731 	/* should check for legitimacy */
3732 	node = xmlAddChild((xmlNodePtr)propset, (xmlNodePtr)prop);
3733 	if (node != NULL)