1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 
22 /*
23  * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
24  */
25 
26 /*
27  * Copyright (c) 2013, Joyent, Inc. All rights reserved.
28  * Copyright (c) 2011, 2016 by Delphix. All rights reserved.
29  * Copyright (c) 2012 DEY Storage Systems, Inc.  All rights reserved.
30  * Copyright (c) 2011-2012 Pawel Jakub Dawidek. All rights reserved.
31  * Copyright (c) 2013 Martin Matuska. All rights reserved.
32  * Copyright (c) 2013 Steven Hartland. All rights reserved.
33  * Copyright (c) 2014 Integros [integros.com]
34  * Copyright 2018 Nexenta Systems, Inc.
35  * Copyright 2016 Igor Kozhukhov <ikozhukhov@gmail.com>
36  * Copyright 2017-2018 RackTop Systems.
37  * Copyright (c) 2021 Matt Fiddaman
38  */
39 
40 #include <ctype.h>
41 #include <errno.h>
42 #include <libintl.h>
43 #include <stdio.h>
44 #include <stdlib.h>
45 #include <strings.h>
46 #include <unistd.h>
47 #include <stddef.h>
48 #include <zone.h>
49 #include <fcntl.h>
50 #include <sys/mntent.h>
51 #include <sys/mount.h>
52 #include <priv.h>
53 #include <pwd.h>
54 #include <grp.h>
55 #include <stddef.h>
56 #include <ucred.h>
57 #include <idmap.h>
58 #include <aclutils.h>
59 #include <directory.h>
60 #include <time.h>
61 
62 #include <sys/dnode.h>
63 #include <sys/spa.h>
64 #include <sys/zap.h>
65 #include <sys/dsl_crypt.h>
66 #include <libzfs.h>
67 #include <libzutil.h>
68 
69 #include "zfs_namecheck.h"
70 #include "zfs_prop.h"
71 #include "libzfs_impl.h"
72 #include "zfs_deleg.h"
73 
74 static int userquota_propname_decode(const char *propname, boolean_t zoned,
75     zfs_userquota_prop_t *typep, char *domain, int domainlen, uint64_t *ridp);
76 
77 /*
78  * Given a single type (not a mask of types), return the type in a human
79  * readable form.
80  */
81 const char *
82 zfs_type_to_name(zfs_type_t type)
83 {
84 	switch (type) {
85 	case ZFS_TYPE_FILESYSTEM:
86 		return (dgettext(TEXT_DOMAIN, "filesystem"));
87 	case ZFS_TYPE_SNAPSHOT:
88 		return (dgettext(TEXT_DOMAIN, "snapshot"));
89 	case ZFS_TYPE_VOLUME:
90 		return (dgettext(TEXT_DOMAIN, "volume"));
91 	case ZFS_TYPE_POOL:
92 		return (dgettext(TEXT_DOMAIN, "pool"));
93 	case ZFS_TYPE_BOOKMARK:
94 		return (dgettext(TEXT_DOMAIN, "bookmark"));
95 	default:
96 		assert(!"unhandled zfs_type_t");
97 	}
98 
99 	return (NULL);
100 }
101 
102 /*
103  * Validate a ZFS path.  This is used even before trying to open the dataset, to
104  * provide a more meaningful error message.  We call zfs_error_aux() to
105  * explain exactly why the name was not valid.
106  */
107 int
108 zfs_validate_name(libzfs_handle_t *hdl, const char *path, int type,
109     boolean_t modifying)
110 {
111 	namecheck_err_t why;
112 	char what;
113 
114 	if (entity_namecheck(path, &why, &what) != 0) {
115 		if (hdl != NULL) {
116 			switch (why) {
117 			case NAME_ERR_TOOLONG:
118 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
119 				    "name is too long"));
120 				break;
121 
122 			case NAME_ERR_LEADING_SLASH:
123 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
124 				    "leading slash in name"));
125 				break;
126 
127 			case NAME_ERR_EMPTY_COMPONENT:
128 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
129 				    "empty component in name"));
130 				break;
131 
132 			case NAME_ERR_TRAILING_SLASH:
133 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
134 				    "trailing slash in name"));
135 				break;
136 
137 			case NAME_ERR_INVALCHAR:
138 				zfs_error_aux(hdl,
139 				    dgettext(TEXT_DOMAIN, "invalid character "
140 				    "'%c' in name"), what);
141 				break;
142 
143 			case NAME_ERR_MULTIPLE_DELIMITERS:
144 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
145 				    "multiple '@' and/or '#' delimiters in "
146 				    "name"));
147 				break;
148 
149 			case NAME_ERR_NOLETTER:
150 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
151 				    "pool doesn't begin with a letter"));
152 				break;
153 
154 			case NAME_ERR_RESERVED:
155 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
156 				    "name is reserved"));
157 				break;
158 
159 			case NAME_ERR_DISKLIKE:
160 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
161 				    "reserved disk name"));
162 				break;
163 
164 			default:
165 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
166 				    "(%d) not defined"), why);
167 				break;
168 			}
169 		}
170 
171 		return (0);
172 	}
173 
174 	if (!(type & ZFS_TYPE_SNAPSHOT) && strchr(path, '@') != NULL) {
175 		if (hdl != NULL)
176 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
177 			    "snapshot delimiter '@' is not expected here"));
178 		return (0);
179 	}
180 
181 	if (type == ZFS_TYPE_SNAPSHOT && strchr(path, '@') == NULL) {
182 		if (hdl != NULL)
183 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
184 			    "missing '@' delimiter in snapshot name"));
185 		return (0);
186 	}
187 
188 	if (!(type & ZFS_TYPE_BOOKMARK) && strchr(path, '#') != NULL) {
189 		if (hdl != NULL)
190 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
191 			    "bookmark delimiter '#' is not expected here"));
192 		return (0);
193 	}
194 
195 	if (type == ZFS_TYPE_BOOKMARK && strchr(path, '#') == NULL) {
196 		if (hdl != NULL)
197 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
198 			    "missing '#' delimiter in bookmark name"));
199 		return (0);
200 	}
201 
202 	if (modifying && strchr(path, '%') != NULL) {
203 		if (hdl != NULL)
204 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
205 			    "invalid character %c in name"), '%');
206 		return (0);
207 	}
208 
209 	return (-1);
210 }
211 
212 int
213 zfs_name_valid(const char *name, zfs_type_t type)
214 {
215 	if (type == ZFS_TYPE_POOL)
216 		return (zpool_name_valid(NULL, B_FALSE, name));
217 	return (zfs_validate_name(NULL, name, type, B_FALSE));
218 }
219 
220 /*
221  * This function takes the raw DSL properties, and filters out the user-defined
222  * properties into a separate nvlist.
223  */
224 static nvlist_t *
225 process_user_props(zfs_handle_t *zhp, nvlist_t *props)
226 {
227 	libzfs_handle_t *hdl = zhp->zfs_hdl;
228 	nvpair_t *elem;
229 	nvlist_t *propval;
230 	nvlist_t *nvl;
231 
232 	if (nvlist_alloc(&nvl, NV_UNIQUE_NAME, 0) != 0) {
233 		(void) no_memory(hdl);
234 		return (NULL);
235 	}
236 
237 	elem = NULL;
238 	while ((elem = nvlist_next_nvpair(props, elem)) != NULL) {
239 		if (!zfs_prop_user(nvpair_name(elem)))
240 			continue;
241 
242 		verify(nvpair_value_nvlist(elem, &propval) == 0);
243 		if (nvlist_add_nvlist(nvl, nvpair_name(elem), propval) != 0) {
244 			nvlist_free(nvl);
245 			(void) no_memory(hdl);
246 			return (NULL);
247 		}
248 	}
249 
250 	return (nvl);
251 }
252 
253 static zpool_handle_t *
254 zpool_add_handle(zfs_handle_t *zhp, const char *pool_name)
255 {
256 	libzfs_handle_t *hdl = zhp->zfs_hdl;
257 	zpool_handle_t *zph;
258 
259 	if ((zph = zpool_open_canfail(hdl, pool_name)) != NULL) {
260 		if (hdl->libzfs_pool_handles != NULL)
261 			zph->zpool_next = hdl->libzfs_pool_handles;
262 		hdl->libzfs_pool_handles = zph;
263 	}
264 	return (zph);
265 }
266 
267 static zpool_handle_t *
268 zpool_find_handle(zfs_handle_t *zhp, const char *pool_name, int len)
269 {
270 	libzfs_handle_t *hdl = zhp->zfs_hdl;
271 	zpool_handle_t *zph = hdl->libzfs_pool_handles;
272 
273 	while ((zph != NULL) &&
274 	    (strncmp(pool_name, zpool_get_name(zph), len) != 0))
275 		zph = zph->zpool_next;
276 	return (zph);
277 }
278 
279 /*
280  * Returns a handle to the pool that contains the provided dataset.
281  * If a handle to that pool already exists then that handle is returned.
282  * Otherwise, a new handle is created and added to the list of handles.
283  */
284 static zpool_handle_t *
285 zpool_handle(zfs_handle_t *zhp)
286 {
287 	char *pool_name;
288 	int len;
289 	zpool_handle_t *zph;
290 
291 	len = strcspn(zhp->zfs_name, "/@#") + 1;
292 	pool_name = zfs_alloc(zhp->zfs_hdl, len);
293 	(void) strlcpy(pool_name, zhp->zfs_name, len);
294 
295 	zph = zpool_find_handle(zhp, pool_name, len);
296 	if (zph == NULL)
297 		zph = zpool_add_handle(zhp, pool_name);
298 
299 	free(pool_name);
300 	return (zph);
301 }
302 
303 void
304 zpool_free_handles(libzfs_handle_t *hdl)
305 {
306 	zpool_handle_t *next, *zph = hdl->libzfs_pool_handles;
307 
308 	while (zph != NULL) {
309 		next = zph->zpool_next;
310 		zpool_close(zph);
311 		zph = next;
312 	}
313 	hdl->libzfs_pool_handles = NULL;
314 }
315 
316 /*
317  * Utility function to gather stats (objset and zpl) for the given object.
318  */
319 static int
320 get_stats_ioctl(zfs_handle_t *zhp, zfs_cmd_t *zc)
321 {
322 	libzfs_handle_t *hdl = zhp->zfs_hdl;
323 
324 	(void) strlcpy(zc->zc_name, zhp->zfs_name, sizeof (zc->zc_name));
325 
326 	while (ioctl(hdl->libzfs_fd, ZFS_IOC_OBJSET_STATS, zc) != 0) {
327 		if (errno == ENOMEM) {
328 			if (zcmd_expand_dst_nvlist(hdl, zc) != 0) {
329 				return (-1);
330 			}
331 		} else {
332 			return (-1);
333 		}
334 	}
335 	return (0);
336 }
337 
338 /*
339  * Utility function to get the received properties of the given object.
340  */
341 static int
342 get_recvd_props_ioctl(zfs_handle_t *zhp)
343 {
344 	libzfs_handle_t *hdl = zhp->zfs_hdl;
345 	nvlist_t *recvdprops;
346 	zfs_cmd_t zc = { 0 };
347 	int err;
348 
349 	if (zcmd_alloc_dst_nvlist(hdl, &zc, 0) != 0)
350 		return (-1);
351 
352 	(void) strlcpy(zc.zc_name, zhp->zfs_name, sizeof (zc.zc_name));
353 
354 	while (ioctl(hdl->libzfs_fd, ZFS_IOC_OBJSET_RECVD_PROPS, &zc) != 0) {
355 		if (errno == ENOMEM) {
356 			if (zcmd_expand_dst_nvlist(hdl, &zc) != 0) {
357 				return (-1);
358 			}
359 		} else {
360 			zcmd_free_nvlists(&zc);
361 			return (-1);
362 		}
363 	}
364 
365 	err = zcmd_read_dst_nvlist(zhp->zfs_hdl, &zc, &recvdprops);
366 	zcmd_free_nvlists(&zc);
367 	if (err != 0)
368 		return (-1);
369 
370 	nvlist_free(zhp->zfs_recvd_props);
371 	zhp->zfs_recvd_props = recvdprops;
372 
373 	return (0);
374 }
375 
376 static int
377 put_stats_zhdl(zfs_handle_t *zhp, zfs_cmd_t *zc)
378 {
379 	nvlist_t *allprops, *userprops;
380 
381 	zhp->zfs_dmustats = zc->zc_objset_stats; /* structure assignment */
382 
383 	if (zcmd_read_dst_nvlist(zhp->zfs_hdl, zc, &allprops) != 0) {
384 		return (-1);
385 	}
386 
387 	/*
388 	 * XXX Why do we store the user props separately, in addition to
389 	 * storing them in zfs_props?
390 	 */
391 	if ((userprops = process_user_props(zhp, allprops)) == NULL) {
392 		nvlist_free(allprops);
393 		return (-1);
394 	}
395 
396 	nvlist_free(zhp->zfs_props);
397 	nvlist_free(zhp->zfs_user_props);
398 
399 	zhp->zfs_props = allprops;
400 	zhp->zfs_user_props = userprops;
401 
402 	return (0);
403 }
404 
405 static int
406 get_stats(zfs_handle_t *zhp)
407 {
408 	int rc = 0;
409 	zfs_cmd_t zc = { 0 };
410 
411 	if (zcmd_alloc_dst_nvlist(zhp->zfs_hdl, &zc, 0) != 0)
412 		return (-1);
413 	if (get_stats_ioctl(zhp, &zc) != 0)
414 		rc = -1;
415 	else if (put_stats_zhdl(zhp, &zc) != 0)
416 		rc = -1;
417 	zcmd_free_nvlists(&zc);
418 	return (rc);
419 }
420 
421 /*
422  * Refresh the properties currently stored in the handle.
423  */
424 void
425 zfs_refresh_properties(zfs_handle_t *zhp)
426 {
427 	(void) get_stats(zhp);
428 }
429 
430 /*
431  * Makes a handle from the given dataset name.  Used by zfs_open() and
432  * zfs_iter_* to create child handles on the fly.
433  */
434 static int
435 make_dataset_handle_common(zfs_handle_t *zhp, zfs_cmd_t *zc)
436 {
437 	if (put_stats_zhdl(zhp, zc) != 0)
438 		return (-1);
439 
440 	/*
441 	 * We've managed to open the dataset and gather statistics.  Determine
442 	 * the high-level type.
443 	 */
444 	if (zhp->zfs_dmustats.dds_type == DMU_OST_ZVOL)
445 		zhp->zfs_head_type = ZFS_TYPE_VOLUME;
446 	else if (zhp->zfs_dmustats.dds_type == DMU_OST_ZFS)
447 		zhp->zfs_head_type = ZFS_TYPE_FILESYSTEM;
448 	else if (zhp->zfs_dmustats.dds_type == DMU_OST_OTHER)
449 		return (-1);
450 	else
451 		abort();
452 
453 	if (zhp->zfs_dmustats.dds_is_snapshot)
454 		zhp->zfs_type = ZFS_TYPE_SNAPSHOT;
455 	else if (zhp->zfs_dmustats.dds_type == DMU_OST_ZVOL)
456 		zhp->zfs_type = ZFS_TYPE_VOLUME;
457 	else if (zhp->zfs_dmustats.dds_type == DMU_OST_ZFS)
458 		zhp->zfs_type = ZFS_TYPE_FILESYSTEM;
459 	else
460 		abort();	/* we should never see any other types */
461 
462 	if ((zhp->zpool_hdl = zpool_handle(zhp)) == NULL)
463 		return (-1);
464 
465 	return (0);
466 }
467 
468 zfs_handle_t *
469 make_dataset_handle(libzfs_handle_t *hdl, const char *path)
470 {
471 	zfs_cmd_t zc = { 0 };
472 
473 	zfs_handle_t *zhp = calloc(sizeof (zfs_handle_t), 1);
474 
475 	if (zhp == NULL)
476 		return (NULL);
477 
478 	zhp->zfs_hdl = hdl;
479 	(void) strlcpy(zhp->zfs_name, path, sizeof (zhp->zfs_name));
480 	if (zcmd_alloc_dst_nvlist(hdl, &zc, 0) != 0) {
481 		free(zhp);
482 		return (NULL);
483 	}
484 	if (get_stats_ioctl(zhp, &zc) == -1) {
485 		zcmd_free_nvlists(&zc);
486 		free(zhp);
487 		return (NULL);
488 	}
489 	if (make_dataset_handle_common(zhp, &zc) == -1) {
490 		free(zhp);
491 		zhp = NULL;
492 	}
493 	zcmd_free_nvlists(&zc);
494 	return (zhp);
495 }
496 
497 zfs_handle_t *
498 make_dataset_handle_zc(libzfs_handle_t *hdl, zfs_cmd_t *zc)
499 {
500 	zfs_handle_t *zhp = calloc(sizeof (zfs_handle_t), 1);
501 
502 	if (zhp == NULL)
503 		return (NULL);
504 
505 	zhp->zfs_hdl = hdl;
506 	(void) strlcpy(zhp->zfs_name, zc->zc_name, sizeof (zhp->zfs_name));
507 	if (make_dataset_handle_common(zhp, zc) == -1) {
508 		free(zhp);
509 		return (NULL);
510 	}
511 	return (zhp);
512 }
513 
514 zfs_handle_t *
515 make_dataset_simple_handle_zc(zfs_handle_t *pzhp, zfs_cmd_t *zc)
516 {
517 	zfs_handle_t *zhp = calloc(sizeof (zfs_handle_t), 1);
518 
519 	if (zhp == NULL)
520 		return (NULL);
521 
522 	zhp->zfs_hdl = pzhp->zfs_hdl;
523 	(void) strlcpy(zhp->zfs_name, zc->zc_name, sizeof (zhp->zfs_name));
524 	zhp->zfs_head_type = pzhp->zfs_type;
525 	zhp->zfs_type = ZFS_TYPE_SNAPSHOT;
526 	zhp->zpool_hdl = zpool_handle(zhp);
527 	return (zhp);
528 }
529 
530 zfs_handle_t *
531 zfs_handle_dup(zfs_handle_t *zhp_orig)
532 {
533 	zfs_handle_t *zhp = calloc(sizeof (zfs_handle_t), 1);
534 
535 	if (zhp == NULL)
536 		return (NULL);
537 
538 	zhp->zfs_hdl = zhp_orig->zfs_hdl;
539 	zhp->zpool_hdl = zhp_orig->zpool_hdl;
540 	(void) strlcpy(zhp->zfs_name, zhp_orig->zfs_name,
541 	    sizeof (zhp->zfs_name));
542 	zhp->zfs_type = zhp_orig->zfs_type;
543 	zhp->zfs_head_type = zhp_orig->zfs_head_type;
544 	zhp->zfs_dmustats = zhp_orig->zfs_dmustats;
545 	if (zhp_orig->zfs_props != NULL) {
546 		if (nvlist_dup(zhp_orig->zfs_props, &zhp->zfs_props, 0) != 0) {
547 			(void) no_memory(zhp->zfs_hdl);
548 			zfs_close(zhp);
549 			return (NULL);
550 		}
551 	}
552 	if (zhp_orig->zfs_user_props != NULL) {
553 		if (nvlist_dup(zhp_orig->zfs_user_props,
554 		    &zhp->zfs_user_props, 0) != 0) {
555 			(void) no_memory(zhp->zfs_hdl);
556 			zfs_close(zhp);
557 			return (NULL);
558 		}
559 	}
560 	if (zhp_orig->zfs_recvd_props != NULL) {
561 		if (nvlist_dup(zhp_orig->zfs_recvd_props,
562 		    &zhp->zfs_recvd_props, 0)) {
563 			(void) no_memory(zhp->zfs_hdl);
564 			zfs_close(zhp);
565 			return (NULL);
566 		}
567 	}
568 	zhp->zfs_mntcheck = zhp_orig->zfs_mntcheck;
569 	if (zhp_orig->zfs_mntopts != NULL) {
570 		zhp->zfs_mntopts = zfs_strdup(zhp_orig->zfs_hdl,
571 		    zhp_orig->zfs_mntopts);
572 	}
573 	zhp->zfs_props_table = zhp_orig->zfs_props_table;
574 	return (zhp);
575 }
576 
577 boolean_t
578 zfs_bookmark_exists(const char *path)
579 {
580 	nvlist_t *bmarks;
581 	nvlist_t *props;
582 	char fsname[ZFS_MAX_DATASET_NAME_LEN];
583 	char *bmark_name;
584 	char *pound;
585 	int err;
586 	boolean_t rv;
587 
588 
589 	(void) strlcpy(fsname, path, sizeof (fsname));
590 	pound = strchr(fsname, '#');
591 	if (pound == NULL)
592 		return (B_FALSE);
593 
594 	*pound = '\0';
595 	bmark_name = pound + 1;
596 	props = fnvlist_alloc();
597 	err = lzc_get_bookmarks(fsname, props, &bmarks);
598 	nvlist_free(props);
599 	if (err != 0) {
600 		nvlist_free(bmarks);
601 		return (B_FALSE);
602 	}
603 
604 	rv = nvlist_exists(bmarks, bmark_name);
605 	nvlist_free(bmarks);
606 	return (rv);
607 }
608 
609 zfs_handle_t *
610 make_bookmark_handle(zfs_handle_t *parent, const char *path,
611     nvlist_t *bmark_props)
612 {
613 	zfs_handle_t *zhp = calloc(sizeof (zfs_handle_t), 1);
614 
615 	if (zhp == NULL)
616 		return (NULL);
617 
618 	/* Fill in the name. */
619 	zhp->zfs_hdl = parent->zfs_hdl;
620 	(void) strlcpy(zhp->zfs_name, path, sizeof (zhp->zfs_name));
621 
622 	/* Set the property lists. */
623 	if (nvlist_dup(bmark_props, &zhp->zfs_props, 0) != 0) {
624 		free(zhp);
625 		return (NULL);
626 	}
627 
628 	/* Set the types. */
629 	zhp->zfs_head_type = parent->zfs_head_type;
630 	zhp->zfs_type = ZFS_TYPE_BOOKMARK;
631 
632 	if ((zhp->zpool_hdl = zpool_handle(zhp)) == NULL) {
633 		nvlist_free(zhp->zfs_props);
634 		free(zhp);
635 		return (NULL);
636 	}
637 
638 	return (zhp);
639 }
640 
641 struct zfs_open_bookmarks_cb_data {
642 	const char *path;
643 	zfs_handle_t *zhp;
644 };
645 
646 static int
647 zfs_open_bookmarks_cb(zfs_handle_t *zhp, void *data)
648 {
649 	struct zfs_open_bookmarks_cb_data *dp = data;
650 
651 	/*
652 	 * Is it the one we are looking for?
653 	 */
654 	if (strcmp(dp->path, zfs_get_name(zhp)) == 0) {
655 		/*
656 		 * We found it.  Save it and let the caller know we are done.
657 		 */
658 		dp->zhp = zhp;
659 		return (EEXIST);
660 	}
661 
662 	/*
663 	 * Not found.  Close the handle and ask for another one.
664 	 */
665 	zfs_close(zhp);
666 	return (0);
667 }
668 
669 /*
670  * Opens the given snapshot, bookmark, filesystem, or volume.   The 'types'
671  * argument is a mask of acceptable types.  The function will print an
672  * appropriate error message and return NULL if it can't be opened.
673  */
674 zfs_handle_t *
675 zfs_open(libzfs_handle_t *hdl, const char *path, int types)
676 {
677 	zfs_handle_t *zhp;
678 	char errbuf[1024];
679 	char *bookp;
680 
681 	(void) snprintf(errbuf, sizeof (errbuf),
682 	    dgettext(TEXT_DOMAIN, "cannot open '%s'"), path);
683 
684 	/*
685 	 * Validate the name before we even try to open it.
686 	 */
687 	if (!zfs_validate_name(hdl, path, types, B_FALSE)) {
688 		(void) zfs_error(hdl, EZFS_INVALIDNAME, errbuf);
689 		return (NULL);
690 	}
691 
692 	/*
693 	 * Bookmarks needs to be handled separately.
694 	 */
695 	bookp = strchr(path, '#');
696 	if (bookp == NULL) {
697 		/*
698 		 * Try to get stats for the dataset, which will tell us if it
699 		 * exists.
700 		 */
701 		errno = 0;
702 		if ((zhp = make_dataset_handle(hdl, path)) == NULL) {
703 			(void) zfs_standard_error(hdl, errno, errbuf);
704 			return (NULL);
705 		}
706 	} else {
707 		char dsname[ZFS_MAX_DATASET_NAME_LEN];
708 		zfs_handle_t *pzhp;
709 		struct zfs_open_bookmarks_cb_data cb_data = {path, NULL};
710 
711 		/*
712 		 * We need to cut out '#' and everything after '#'
713 		 * to get the parent dataset name only.
714 		 */
715 		assert(bookp - path < sizeof (dsname));
716 		(void) strncpy(dsname, path, bookp - path);
717 		dsname[bookp - path] = '\0';
718 
719 		/*
720 		 * Create handle for the parent dataset.
721 		 */
722 		errno = 0;
723 		if ((pzhp = make_dataset_handle(hdl, dsname)) == NULL) {
724 			(void) zfs_standard_error(hdl, errno, errbuf);
725 			return (NULL);
726 		}
727 
728 		/*
729 		 * Iterate bookmarks to find the right one.
730 		 */
731 		errno = 0;
732 		if ((zfs_iter_bookmarks(pzhp, zfs_open_bookmarks_cb,
733 		    &cb_data) == 0) && (cb_data.zhp == NULL)) {
734 			(void) zfs_error(hdl, EZFS_NOENT, errbuf);
735 			zfs_close(pzhp);
736 			return (NULL);
737 		}
738 		if (cb_data.zhp == NULL) {
739 			(void) zfs_standard_error(hdl, errno, errbuf);
740 			zfs_close(pzhp);
741 			return (NULL);
742 		}
743 		zhp = cb_data.zhp;
744 
745 		/*
746 		 * Cleanup.
747 		 */
748 		zfs_close(pzhp);
749 	}
750 
751 	if (!(types & zhp->zfs_type)) {
752 		(void) zfs_error(hdl, EZFS_BADTYPE, errbuf);
753 		zfs_close(zhp);
754 		return (NULL);
755 	}
756 
757 	return (zhp);
758 }
759 
760 /*
761  * Release a ZFS handle.  Nothing to do but free the associated memory.
762  */
763 void
764 zfs_close(zfs_handle_t *zhp)
765 {
766 	if (zhp->zfs_mntopts)
767 		free(zhp->zfs_mntopts);
768 	nvlist_free(zhp->zfs_props);
769 	nvlist_free(zhp->zfs_user_props);
770 	nvlist_free(zhp->zfs_recvd_props);
771 	free(zhp);
772 }
773 
774 typedef struct mnttab_node {
775 	struct mnttab mtn_mt;
776 	avl_node_t mtn_node;
777 } mnttab_node_t;
778 
779 static int
780 libzfs_mnttab_cache_compare(const void *arg1, const void *arg2)
781 {
782 	const mnttab_node_t *mtn1 = (const mnttab_node_t *)arg1;
783 	const mnttab_node_t *mtn2 = (const mnttab_node_t *)arg2;
784 	int rv;
785 
786 	rv = strcmp(mtn1->mtn_mt.mnt_special, mtn2->mtn_mt.mnt_special);
787 
788 	if (rv == 0)
789 		return (0);
790 	return (rv > 0 ? 1 : -1);
791 }
792 
793 void
794 libzfs_mnttab_init(libzfs_handle_t *hdl)
795 {
796 	(void) mutex_init(&hdl->libzfs_mnttab_cache_lock,
797 	    LOCK_NORMAL | LOCK_ERRORCHECK, NULL);
798 	assert(avl_numnodes(&hdl->libzfs_mnttab_cache) == 0);
799 	avl_create(&hdl->libzfs_mnttab_cache, libzfs_mnttab_cache_compare,
800 	    sizeof (mnttab_node_t), offsetof(mnttab_node_t, mtn_node));
801 }
802 
803 void
804 libzfs_mnttab_update(libzfs_handle_t *hdl)
805 {
806 	struct mnttab entry;
807 
808 	rewind(hdl->libzfs_mnttab);
809 	while (getmntent(hdl->libzfs_mnttab, &entry) == 0) {
810 		mnttab_node_t *mtn;
811 
812 		if (strcmp(entry.mnt_fstype, MNTTYPE_ZFS) != 0)
813 			continue;
814 		mtn = zfs_alloc(hdl, sizeof (mnttab_node_t));
815 		mtn->mtn_mt.mnt_special = zfs_strdup(hdl, entry.mnt_special);
816 		mtn->mtn_mt.mnt_mountp = zfs_strdup(hdl, entry.mnt_mountp);
817 		mtn->mtn_mt.mnt_fstype = zfs_strdup(hdl, entry.mnt_fstype);
818 		mtn->mtn_mt.mnt_mntopts = zfs_strdup(hdl, entry.mnt_mntopts);
819 		avl_add(&hdl->libzfs_mnttab_cache, mtn);
820 	}
821 }
822 
823 void
824 libzfs_mnttab_fini(libzfs_handle_t *hdl)
825 {
826 	void *cookie = NULL;
827 	mnttab_node_t *mtn;
828 
829 	while ((mtn = avl_destroy_nodes(&hdl->libzfs_mnttab_cache, &cookie))
830 	    != NULL) {
831 		free(mtn->mtn_mt.mnt_special);
832 		free(mtn->mtn_mt.mnt_mountp);
833 		free(mtn->mtn_mt.mnt_fstype);
834 		free(mtn->mtn_mt.mnt_mntopts);
835 		free(mtn);
836 	}
837 	avl_destroy(&hdl->libzfs_mnttab_cache);
838 	(void) mutex_destroy(&hdl->libzfs_mnttab_cache_lock);
839 }
840 
841 void
842 libzfs_mnttab_cache(libzfs_handle_t *hdl, boolean_t enable)
843 {
844 	hdl->libzfs_mnttab_enable = enable;
845 }
846 
847 int
848 libzfs_mnttab_find(libzfs_handle_t *hdl, const char *fsname,
849     struct mnttab *entry)
850 {
851 	mnttab_node_t find;
852 	mnttab_node_t *mtn;
853 	int ret = ENOENT;
854 
855 	if (!hdl->libzfs_mnttab_enable) {
856 		struct mnttab srch = { 0 };
857 
858 		if (avl_numnodes(&hdl->libzfs_mnttab_cache))
859 			libzfs_mnttab_fini(hdl);
860 		rewind(hdl->libzfs_mnttab);
861 		srch.mnt_special = (char *)fsname;
862 		srch.mnt_fstype = MNTTYPE_ZFS;
863 		if (getmntany(hdl->libzfs_mnttab, entry, &srch) == 0)
864 			return (0);
865 		else
866 			return (ENOENT);
867 	}
868 
869 	mutex_enter(&hdl->libzfs_mnttab_cache_lock);
870 	if (avl_numnodes(&hdl->libzfs_mnttab_cache) == 0)
871 		libzfs_mnttab_update(hdl);
872 
873 	find.mtn_mt.mnt_special = (char *)fsname;
874 	mtn = avl_find(&hdl->libzfs_mnttab_cache, &find, NULL);
875 	if (mtn) {
876 		*entry = mtn->mtn_mt;
877 		ret = 0;
878 	}
879 	mutex_exit(&hdl->libzfs_mnttab_cache_lock);
880 	return (ret);
881 }
882 
883 void
884 libzfs_mnttab_add(libzfs_handle_t *hdl, const char *special,
885     const char *mountp, const char *mntopts)
886 {
887 	mnttab_node_t *mtn;
888 
889 	mutex_enter(&hdl->libzfs_mnttab_cache_lock);
890 	if (avl_numnodes(&hdl->libzfs_mnttab_cache) != 0) {
891 		mtn = zfs_alloc(hdl, sizeof (mnttab_node_t));
892 		mtn->mtn_mt.mnt_special = zfs_strdup(hdl, special);
893 		mtn->mtn_mt.mnt_mountp = zfs_strdup(hdl, mountp);
894 		mtn->mtn_mt.mnt_fstype = zfs_strdup(hdl, MNTTYPE_ZFS);
895 		mtn->mtn_mt.mnt_mntopts = zfs_strdup(hdl, mntopts);
896 		avl_add(&hdl->libzfs_mnttab_cache, mtn);
897 	}
898 	mutex_exit(&hdl->libzfs_mnttab_cache_lock);
899 }
900 
901 void
902 libzfs_mnttab_remove(libzfs_handle_t *hdl, const char *fsname)
903 {
904 	mnttab_node_t find;
905 	mnttab_node_t *ret;
906 
907 	mutex_enter(&hdl->libzfs_mnttab_cache_lock);
908 	find.mtn_mt.mnt_special = (char *)fsname;
909 	if ((ret = avl_find(&hdl->libzfs_mnttab_cache, (void *)&find, NULL))
910 	    != NULL) {
911 		avl_remove(&hdl->libzfs_mnttab_cache, ret);
912 		free(ret->mtn_mt.mnt_special);
913 		free(ret->mtn_mt.mnt_mountp);
914 		free(ret->mtn_mt.mnt_fstype);
915 		free(ret->mtn_mt.mnt_mntopts);
916 		free(ret);
917 	}
918 	mutex_exit(&hdl->libzfs_mnttab_cache_lock);
919 }
920 
921 int
922 zfs_spa_version(zfs_handle_t *zhp, int *spa_version)
923 {
924 	zpool_handle_t *zpool_handle = zhp->zpool_hdl;
925 
926 	if (zpool_handle == NULL)
927 		return (-1);
928 
929 	*spa_version = zpool_get_prop_int(zpool_handle,
930 	    ZPOOL_PROP_VERSION, NULL);
931 	return (0);
932 }
933 
934 /*
935  * The choice of reservation property depends on the SPA version.
936  */
937 static int
938 zfs_which_resv_prop(zfs_handle_t *zhp, zfs_prop_t *resv_prop)
939 {
940 	int spa_version;
941 
942 	if (zfs_spa_version(zhp, &spa_version) < 0)
943 		return (-1);
944 
945 	if (spa_version >= SPA_VERSION_REFRESERVATION)
946 		*resv_prop = ZFS_PROP_REFRESERVATION;
947 	else
948 		*resv_prop = ZFS_PROP_RESERVATION;
949 
950 	return (0);
951 }
952 
953 /*
954  * Given an nvlist of properties to set, validates that they are correct, and
955  * parses any numeric properties (index, boolean, etc) if they are specified as
956  * strings.
957  */
958 nvlist_t *
959 zfs_valid_proplist(libzfs_handle_t *hdl, zfs_type_t type, nvlist_t *nvl,
960     uint64_t zoned, zfs_handle_t *zhp, zpool_handle_t *zpool_hdl,
961     boolean_t key_params_ok, const char *errbuf)
962 {
963 	nvpair_t *elem;
964 	uint64_t intval;
965 	char *strval;
966 	zfs_prop_t prop;
967 	nvlist_t *ret;
968 	int chosen_normal = -1;
969 	int chosen_utf = -1;
970 
971 	if (nvlist_alloc(&ret, NV_UNIQUE_NAME, 0) != 0) {
972 		(void) no_memory(hdl);
973 		return (NULL);
974 	}
975 
976 	/*
977 	 * Make sure this property is valid and applies to this type.
978 	 */
979 
980 	elem = NULL;
981 	while ((elem = nvlist_next_nvpair(nvl, elem)) != NULL) {
982 		const char *propname = nvpair_name(elem);
983 
984 		prop = zfs_name_to_prop(propname);
985 		if (prop == ZPROP_INVAL && zfs_prop_user(propname)) {
986 			/*
987 			 * This is a user property: make sure it's a
988 			 * string, and that it's less than ZAP_MAXNAMELEN.
989 			 */
990 			if (nvpair_type(elem) != DATA_TYPE_STRING) {
991 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
992 				    "'%s' must be a string"), propname);
993 				(void) zfs_error(hdl, EZFS_BADPROP, errbuf);
994 				goto error;
995 			}
996 
997 			if (strlen(nvpair_name(elem)) >= ZAP_MAXNAMELEN) {
998 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
999 				    "property name '%s' is too long"),
1000 				    propname);
1001 				(void) zfs_error(hdl, EZFS_BADPROP, errbuf);
1002 				goto error;
1003 			}
1004 
1005 			(void) nvpair_value_string(elem, &strval);
1006 			if (nvlist_add_string(ret, propname, strval) != 0) {
1007 				(void) no_memory(hdl);
1008 				goto error;
1009 			}
1010 			continue;
1011 		}
1012 
1013 		/*
1014 		 * Currently, only user properties can be modified on
1015 		 * snapshots.
1016 		 */
1017 		if (type == ZFS_TYPE_SNAPSHOT) {
1018 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1019 			    "this property can not be modified for snapshots"));
1020 			(void) zfs_error(hdl, EZFS_PROPTYPE, errbuf);
1021 			goto error;
1022 		}
1023 
1024 		if (prop == ZPROP_INVAL && zfs_prop_userquota(propname)) {
1025 			zfs_userquota_prop_t uqtype;
1026 			char newpropname[128];
1027 			char domain[128];
1028 			uint64_t rid;
1029 			uint64_t valary[3];
1030 
1031 			if (userquota_propname_decode(propname, zoned,
1032 			    &uqtype, domain, sizeof (domain), &rid) != 0) {
1033 				zfs_error_aux(hdl,
1034 				    dgettext(TEXT_DOMAIN,
1035 				    "'%s' has an invalid user/group name"),
1036 				    propname);
1037 				(void) zfs_error(hdl, EZFS_BADPROP, errbuf);
1038 				goto error;
1039 			}
1040 
1041 			if (uqtype != ZFS_PROP_USERQUOTA &&
1042 			    uqtype != ZFS_PROP_GROUPQUOTA &&
1043 			    uqtype != ZFS_PROP_USEROBJQUOTA &&
1044 			    uqtype != ZFS_PROP_GROUPOBJQUOTA &&
1045 			    uqtype != ZFS_PROP_PROJECTQUOTA &&
1046 			    uqtype != ZFS_PROP_PROJECTOBJQUOTA) {
1047 				zfs_error_aux(hdl,
1048 				    dgettext(TEXT_DOMAIN, "'%s' is readonly"),
1049 				    propname);
1050 				(void) zfs_error(hdl, EZFS_PROPREADONLY,
1051 				    errbuf);
1052 				goto error;
1053 			}
1054 
1055 			if (nvpair_type(elem) == DATA_TYPE_STRING) {
1056 				(void) nvpair_value_string(elem, &strval);
1057 				if (strcmp(strval, "none") == 0) {
1058 					intval = 0;
1059 				} else if (zfs_nicestrtonum(hdl,
1060 				    strval, &intval) != 0) {
1061 					(void) zfs_error(hdl,
1062 					    EZFS_BADPROP, errbuf);
1063 					goto error;
1064 				}
1065 			} else if (nvpair_type(elem) ==
1066 			    DATA_TYPE_UINT64) {
1067 				(void) nvpair_value_uint64(elem, &intval);
1068 				if (intval == 0) {
1069 					zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1070 					    "use 'none' to disable "
1071 					    "{user|group|project}quota"));
1072 					goto error;
1073 				}
1074 			} else {
1075 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1076 				    "'%s' must be a number"), propname);
1077 				(void) zfs_error(hdl, EZFS_BADPROP, errbuf);
1078 				goto error;
1079 			}
1080 
1081 			/*
1082 			 * Encode the prop name as
1083 			 * userquota@<hex-rid>-domain, to make it easy
1084 			 * for the kernel to decode.
1085 			 */
1086 			(void) snprintf(newpropname, sizeof (newpropname),
1087 			    "%s%llx-%s", zfs_userquota_prop_prefixes[uqtype],
1088 			    (longlong_t)rid, domain);
1089 			valary[0] = uqtype;
1090 			valary[1] = rid;
1091 			valary[2] = intval;
1092 			if (nvlist_add_uint64_array(ret, newpropname,
1093 			    valary, 3) != 0) {
1094 				(void) no_memory(hdl);
1095 				goto error;
1096 			}
1097 			continue;
1098 		} else if (prop == ZPROP_INVAL && zfs_prop_written(propname)) {
1099 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1100 			    "'%s' is readonly"),
1101 			    propname);
1102 			(void) zfs_error(hdl, EZFS_PROPREADONLY, errbuf);
1103 			goto error;
1104 		}
1105 
1106 		if (prop == ZPROP_INVAL) {
1107 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1108 			    "invalid property '%s'"), propname);
1109 			(void) zfs_error(hdl, EZFS_BADPROP, errbuf);
1110 			goto error;
1111 		}
1112 
1113 		if (!zfs_prop_valid_for_type(prop, type)) {
1114 			zfs_error_aux(hdl,
1115 			    dgettext(TEXT_DOMAIN, "'%s' does not "
1116 			    "apply to datasets of this type"), propname);
1117 			(void) zfs_error(hdl, EZFS_PROPTYPE, errbuf);
1118 			goto error;
1119 		}
1120 
1121 		if (zfs_prop_readonly(prop) &&
1122 		    !(zfs_prop_setonce(prop) && zhp == NULL) &&
1123 		    !(zfs_prop_encryption_key_param(prop) && key_params_ok)) {
1124 			zfs_error_aux(hdl,
1125 			    dgettext(TEXT_DOMAIN, "'%s' is readonly"),
1126 			    propname);
1127 			(void) zfs_error(hdl, EZFS_PROPREADONLY, errbuf);
1128 			goto error;
1129 		}
1130 
1131 		if (zprop_parse_value(hdl, elem, prop, type, ret,
1132 		    &strval, &intval, errbuf) != 0)
1133 			goto error;
1134 
1135 		/*
1136 		 * Perform some additional checks for specific properties.
1137 		 */
1138 		switch (prop) {
1139 		case ZFS_PROP_VERSION:
1140 		{
1141 			int version;
1142 
1143 			if (zhp == NULL)
1144 				break;
1145 			version = zfs_prop_get_int(zhp, ZFS_PROP_VERSION);
1146 			if (intval < version) {
1147 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1148 				    "Can not downgrade; already at version %u"),
1149 				    version);
1150 				(void) zfs_error(hdl, EZFS_BADPROP, errbuf);
1151 				goto error;
1152 			}
1153 			break;
1154 		}
1155 
1156 		case ZFS_PROP_VOLBLOCKSIZE:
1157 		case ZFS_PROP_RECORDSIZE:
1158 		{
1159 			int maxbs = SPA_MAXBLOCKSIZE;
1160 			if (zpool_hdl != NULL) {
1161 				maxbs = zpool_get_prop_int(zpool_hdl,
1162 				    ZPOOL_PROP_MAXBLOCKSIZE, NULL);
1163 			}
1164 			/*
1165 			 * Volumes are limited to a volblocksize of 128KB,
1166 			 * because they typically service workloads with
1167 			 * small random writes, which incur a large performance
1168 			 * penalty with large blocks.
1169 			 */
1170 			if (prop == ZFS_PROP_VOLBLOCKSIZE)
1171 				maxbs = SPA_OLD_MAXBLOCKSIZE;
1172 			/*
1173 			 * The value must be a power of two between
1174 			 * SPA_MINBLOCKSIZE and maxbs.
1175 			 */
1176 			if (intval < SPA_MINBLOCKSIZE ||
1177 			    intval > maxbs || !ISP2(intval)) {
1178 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1179 				    "'%s' must be power of 2 from 512B "
1180 				    "to %uKB"), propname, maxbs >> 10);
1181 				(void) zfs_error(hdl, EZFS_BADPROP, errbuf);
1182 				goto error;
1183 			}
1184 			break;
1185 		}
1186 
1187 		case ZFS_PROP_SPECIAL_SMALL_BLOCKS:
1188 			if (zpool_hdl != NULL) {
1189 				char state[64] = "";
1190 
1191 				/*
1192 				 * Issue a warning but do not fail so that
1193 				 * tests for setable properties succeed.
1194 				 */
1195 				if (zpool_prop_get_feature(zpool_hdl,
1196 				    "feature@allocation_classes", state,
1197 				    sizeof (state)) != 0 ||
1198 				    strcmp(state, ZFS_FEATURE_ACTIVE) != 0) {
1199 					(void) fprintf(stderr, gettext(
1200 					    "%s: property requires a special "
1201 					    "device in the pool\n"), propname);
1202 				}
1203 			}
1204 			if (intval != 0 &&
1205 			    (intval < SPA_MINBLOCKSIZE ||
1206 			    intval > SPA_OLD_MAXBLOCKSIZE || !ISP2(intval))) {
1207 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1208 				    "invalid '%s=%d' property: must be zero or "
1209 				    "a power of 2 from 512B to 128K"), propname,
1210 				    intval);
1211 				(void) zfs_error(hdl, EZFS_BADPROP, errbuf);
1212 				goto error;
1213 			}
1214 			break;
1215 
1216 		case ZFS_PROP_MLSLABEL:
1217 		{
1218 			/*
1219 			 * Verify the mlslabel string and convert to
1220 			 * internal hex label string.
1221 			 */
1222 
1223 			m_label_t *new_sl;
1224 			char *hex = NULL;	/* internal label string */
1225 
1226 			/* Default value is already OK. */
1227 			if (strcasecmp(strval, ZFS_MLSLABEL_DEFAULT) == 0)
1228 				break;
1229 
1230 			/* Verify the label can be converted to binary form */
1231 			if (((new_sl = m_label_alloc(MAC_LABEL)) == NULL) ||
1232 			    (str_to_label(strval, &new_sl, MAC_LABEL,
1233 			    L_NO_CORRECTION, NULL) == -1)) {
1234 				goto badlabel;
1235 			}
1236 
1237 			/* Now translate to hex internal label string */
1238 			if (label_to_str(new_sl, &hex, M_INTERNAL,
1239 			    DEF_NAMES) != 0) {
1240 				if (hex)
1241 					free(hex);
1242 				goto badlabel;
1243 			}
1244 			m_label_free(new_sl);
1245 
1246 			/* If string is already in internal form, we're done. */
1247 			if (strcmp(strval, hex) == 0) {
1248 				free(hex);
1249 				break;
1250 			}
1251 
1252 			/* Replace the label string with the internal form. */
1253 			(void) nvlist_remove(ret, zfs_prop_to_name(prop),
1254 			    DATA_TYPE_STRING);
1255 			verify(nvlist_add_string(ret, zfs_prop_to_name(prop),
1256 			    hex) == 0);
1257 			free(hex);
1258 
1259 			break;
1260 
1261 badlabel:
1262 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1263 			    "invalid mlslabel '%s'"), strval);
1264 			(void) zfs_error(hdl, EZFS_BADPROP, errbuf);
1265 			m_label_free(new_sl);	/* OK if null */
1266 			goto error;
1267 
1268 		}
1269 
1270 		case ZFS_PROP_MOUNTPOINT:
1271 		{
1272 			namecheck_err_t why;
1273 
1274 			if (strcmp(strval, ZFS_MOUNTPOINT_NONE) == 0 ||
1275 			    strcmp(strval, ZFS_MOUNTPOINT_LEGACY) == 0)
1276 				break;
1277 
1278 			if (mountpoint_namecheck(strval, &why)) {
1279 				switch (why) {
1280 				case NAME_ERR_LEADING_SLASH:
1281 					zfs_error_aux(hdl,
1282 					    dgettext(TEXT_DOMAIN,
1283 					    "'%s' must be an absolute path, "
1284 					    "'none', or 'legacy'"), propname);
1285 					break;
1286 				case NAME_ERR_TOOLONG:
1287 					zfs_error_aux(hdl,
1288 					    dgettext(TEXT_DOMAIN,
1289 					    "component of '%s' is too long"),
1290 					    propname);
1291 					break;
1292 
1293 				default:
1294 					zfs_error_aux(hdl,
1295 					    dgettext(TEXT_DOMAIN,
1296 					    "(%d) not defined"),
1297 					    why);
1298 					break;
1299 				}
1300 				(void) zfs_error(hdl, EZFS_BADPROP, errbuf);
1301 				goto error;
1302 			}
1303 		}
1304 
1305 			/*FALLTHRU*/
1306 
1307 		case ZFS_PROP_SHARESMB:
1308 		case ZFS_PROP_SHARENFS:
1309 			/*
1310 			 * For the mountpoint and sharenfs or sharesmb
1311 			 * properties, check if it can be set in a
1312 			 * global/non-global zone based on
1313 			 * the zoned property value:
1314 			 *
1315 			 *		global zone	    non-global zone
1316 			 * --------------------------------------------------
1317 			 * zoned=on	mountpoint (no)	    mountpoint (yes)
1318 			 *		sharenfs (no)	    sharenfs (yes)
1319 			 *		sharesmb (no)	    sharesmb (yes)
1320 			 *
1321 			 * zoned=off	mountpoint (yes)	N/A
1322 			 *		sharenfs (yes)
1323 			 *		sharesmb (yes)
1324 			 */
1325 			if (zoned) {
1326 				if (getzoneid() == GLOBAL_ZONEID) {
1327 					zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1328 					    "'%s' cannot be set on "
1329 					    "dataset in a non-global zone"),
1330 					    propname);
1331 					(void) zfs_error(hdl, EZFS_ZONED,
1332 					    errbuf);
1333 					goto error;
1334 				}
1335 			} else if (getzoneid() != GLOBAL_ZONEID) {
1336 				/*
1337 				 * If zoned property is 'off', this must be in
1338 				 * a global zone. If not, something is wrong.
1339 				 */
1340 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1341 				    "'%s' cannot be set while dataset "
1342 				    "'zoned' property is set"), propname);
1343 				(void) zfs_error(hdl, EZFS_ZONED, errbuf);
1344 				goto error;
1345 			}
1346 
1347 			/*
1348 			 * At this point, it is legitimate to set the
1349 			 * property. Now we want to make sure that the
1350 			 * property value is valid if it is sharenfs.
1351 			 */
1352 			if ((prop == ZFS_PROP_SHARENFS ||
1353 			    prop == ZFS_PROP_SHARESMB) &&
1354 			    strcmp(strval, "on") != 0 &&
1355 			    strcmp(strval, "off") != 0) {
1356 				zfs_share_proto_t proto;
1357 
1358 				if (prop == ZFS_PROP_SHARESMB)
1359 					proto = PROTO_SMB;
1360 				else
1361 					proto = PROTO_NFS;
1362 
1363 				/*
1364 				 * Must be an valid sharing protocol
1365 				 * option string so init the libshare
1366 				 * in order to enable the parser and
1367 				 * then parse the options. We use the
1368 				 * control API since we don't care about
1369 				 * the current configuration and don't
1370 				 * want the overhead of loading it
1371 				 * until we actually do something.
1372 				 */
1373 
1374 				if (zfs_init_libshare(hdl,
1375 				    SA_INIT_CONTROL_API) != SA_OK) {
1376 					/*
1377 					 * An error occurred so we can't do
1378 					 * anything
1379 					 */
1380 					zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1381 					    "'%s' cannot be set: problem "
1382 					    "in share initialization"),
1383 					    propname);
1384 					(void) zfs_error(hdl, EZFS_BADPROP,
1385 					    errbuf);
1386 					goto error;
1387 				}
1388 
1389 				if (zfs_parse_options(strval, proto) != SA_OK) {
1390 					/*
1391 					 * There was an error in parsing so
1392 					 * deal with it by issuing an error
1393 					 * message and leaving after
1394 					 * uninitializing the the libshare
1395 					 * interface.
1396 					 */
1397 					zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1398 					    "'%s' cannot be set to invalid "
1399 					    "options"), propname);
1400 					(void) zfs_error(hdl, EZFS_BADPROP,
1401 					    errbuf);
1402 					zfs_uninit_libshare(hdl);
1403 					goto error;
1404 				}
1405 				zfs_uninit_libshare(hdl);
1406 			}
1407 
1408 			break;
1409 
1410 		case ZFS_PROP_KEYLOCATION:
1411 			if (!zfs_prop_valid_keylocation(strval, B_FALSE)) {
1412 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1413 				    "invalid keylocation"));
1414 				(void) zfs_error(hdl, EZFS_BADPROP, errbuf);
1415 				goto error;
1416 			}
1417 
1418 			if (zhp != NULL) {
1419 				uint64_t crypt =
1420 				    zfs_prop_get_int(zhp, ZFS_PROP_ENCRYPTION);
1421 
1422 				if (crypt == ZIO_CRYPT_OFF &&
1423 				    strcmp(strval, "none") != 0) {
1424 					zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1425 					    "keylocation must be 'none' "
1426 					    "for unencrypted datasets"));
1427 					(void) zfs_error(hdl, EZFS_BADPROP,
1428 					    errbuf);
1429 					goto error;
1430 				} else if (crypt != ZIO_CRYPT_OFF &&
1431 				    strcmp(strval, "none") == 0) {
1432 					zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1433 					    "keylocation must not be 'none' "
1434 					    "for encrypted datasets"));
1435 					(void) zfs_error(hdl, EZFS_BADPROP,
1436 					    errbuf);
1437 					goto error;
1438 				}
1439 			}
1440 			break;
1441 
1442 		case ZFS_PROP_PBKDF2_ITERS:
1443 			if (intval < MIN_PBKDF2_ITERATIONS) {
1444 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1445 				    "minimum pbkdf2 iterations is %u"),
1446 				    MIN_PBKDF2_ITERATIONS);
1447 				(void) zfs_error(hdl, EZFS_BADPROP, errbuf);
1448 				goto error;
1449 			}
1450 			break;
1451 
1452 		case ZFS_PROP_UTF8ONLY:
1453 			chosen_utf = (int)intval;
1454 			break;
1455 
1456 		case ZFS_PROP_NORMALIZE:
1457 			chosen_normal = (int)intval;
1458 			break;
1459 
1460 		default:
1461 			break;
1462 		}
1463 
1464 		/*
1465 		 * For changes to existing volumes, we have some additional
1466 		 * checks to enforce.
1467 		 */
1468 		if (type == ZFS_TYPE_VOLUME && zhp != NULL) {
1469 			uint64_t volsize = zfs_prop_get_int(zhp,
1470 			    ZFS_PROP_VOLSIZE);
1471 			uint64_t blocksize = zfs_prop_get_int(zhp,
1472 			    ZFS_PROP_VOLBLOCKSIZE);
1473 			char buf[64];
1474 
1475 			switch (prop) {
1476 			case ZFS_PROP_RESERVATION:
1477 				if (intval > volsize) {
1478 					zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1479 					    "'%s' is greater than current "
1480 					    "volume size"), propname);
1481 					(void) zfs_error(hdl, EZFS_BADPROP,
1482 					    errbuf);
1483 					goto error;
1484 				}
1485 				break;
1486 
1487 			case ZFS_PROP_REFRESERVATION:
1488 				if (intval > volsize && intval != UINT64_MAX) {
1489 					zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1490 					    "'%s' is greater than current "
1491 					    "volume size"), propname);
1492 					(void) zfs_error(hdl, EZFS_BADPROP,
1493 					    errbuf);
1494 					goto error;
1495 				}
1496 				break;
1497 
1498 			case ZFS_PROP_VOLSIZE:
1499 				if (intval % blocksize != 0) {
1500 					zfs_nicenum(blocksize, buf,
1501 					    sizeof (buf));
1502 					zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1503 					    "'%s' must be a multiple of "
1504 					    "volume block size (%s)"),
1505 					    propname, buf);
1506 					(void) zfs_error(hdl, EZFS_BADPROP,
1507 					    errbuf);
1508 					goto error;
1509 				}
1510 
1511 				if (intval == 0) {
1512 					zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1513 					    "'%s' cannot be zero"),
1514 					    propname);
1515 					(void) zfs_error(hdl, EZFS_BADPROP,
1516 					    errbuf);
1517 					goto error;
1518 				}
1519 				break;
1520 
1521 			default:
1522 				break;
1523 			}
1524 		}
1525 
1526 		/* check encryption properties */
1527 		if (zhp != NULL) {
1528 			int64_t crypt = zfs_prop_get_int(zhp,
1529 			    ZFS_PROP_ENCRYPTION);
1530 
1531 			switch (prop) {
1532 			case ZFS_PROP_COPIES:
1533 				if (crypt != ZIO_CRYPT_OFF && intval > 2) {
1534 					zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1535 					    "encrypted datasets cannot have "
1536 					    "3 copies"));
1537 					(void) zfs_error(hdl, EZFS_BADPROP,
1538 					    errbuf);
1539 					goto error;
1540 				}
1541 				break;
1542 			default:
1543 				break;
1544 			}
1545 		}
1546 	}
1547 
1548 	/*
1549 	 * If normalization was chosen, but no UTF8 choice was made,
1550 	 * enforce rejection of non-UTF8 names.
1551 	 *
1552 	 * If normalization was chosen, but rejecting non-UTF8 names
1553 	 * was explicitly not chosen, it is an error.
1554 	 */
1555 	if (chosen_normal > 0 && chosen_utf < 0) {
1556 		if (nvlist_add_uint64(ret,
1557 		    zfs_prop_to_name(ZFS_PROP_UTF8ONLY), 1) != 0) {
1558 			(void) no_memory(hdl);
1559 			goto error;
1560 		}
1561 	} else if (chosen_normal > 0 && chosen_utf == 0) {
1562 		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1563 		    "'%s' must be set 'on' if normalization chosen"),
1564 		    zfs_prop_to_name(ZFS_PROP_UTF8ONLY));
1565 		(void) zfs_error(hdl, EZFS_BADPROP, errbuf);
1566 		goto error;
1567 	}
1568 	return (ret);
1569 
1570 error:
1571 	nvlist_free(ret);
1572 	return (NULL);
1573 }
1574 
1575 int
1576 zfs_add_synthetic_resv(zfs_handle_t *zhp, nvlist_t *nvl)
1577 {
1578 	uint64_t old_volsize;
1579 	uint64_t new_volsize;
1580 	uint64_t old_reservation;
1581 	uint64_t new_reservation;
1582 	zfs_prop_t resv_prop;
1583 	nvlist_t *props;
1584 	zpool_handle_t *zph = zpool_handle(zhp);
1585 
1586 	/*
1587 	 * If this is an existing volume, and someone is setting the volsize,
1588 	 * make sure that it matches the reservation, or add it if necessary.
1589 	 */
1590 	old_volsize = zfs_prop_get_int(zhp, ZFS_PROP_VOLSIZE);
1591 	if (zfs_which_resv_prop(zhp, &resv_prop) < 0)
1592 		return (-1);
1593 	old_reservation = zfs_prop_get_int(zhp, resv_prop);
1594 
1595 	props = fnvlist_alloc();
1596 	fnvlist_add_uint64(props, zfs_prop_to_name(ZFS_PROP_VOLBLOCKSIZE),
1597 	    zfs_prop_get_int(zhp, ZFS_PROP_VOLBLOCKSIZE));
1598 
1599 	if ((zvol_volsize_to_reservation(zph, old_volsize, props) !=
1600 	    old_reservation) || nvlist_exists(nvl,
1601 	    zfs_prop_to_name(resv_prop))) {
1602 		fnvlist_free(props);
1603 		return (0);
1604 	}
1605 	if (nvlist_lookup_uint64(nvl, zfs_prop_to_name(ZFS_PROP_VOLSIZE),
1606 	    &new_volsize) != 0) {
1607 		fnvlist_free(props);
1608 		return (-1);
1609 	}
1610 	new_reservation = zvol_volsize_to_reservation(zph, new_volsize, props);
1611 	fnvlist_free(props);
1612 
1613 	if (nvlist_add_uint64(nvl, zfs_prop_to_name(resv_prop),
1614 	    new_reservation) != 0) {
1615 		(void) no_memory(zhp->zfs_hdl);
1616 		return (-1);
1617 	}
1618 	return (1);
1619 }
1620 
1621 /*
1622  * Helper for 'zfs {set|clone} refreservation=auto'.  Must be called after
1623  * zfs_valid_proplist(), as it is what sets the UINT64_MAX sentinal value.
1624  * Return codes must match zfs_add_synthetic_resv().
1625  */
1626 static int
1627 zfs_fix_auto_resv(zfs_handle_t *zhp, nvlist_t *nvl)
1628 {
1629 	uint64_t volsize;
1630 	uint64_t resvsize;
1631 	zfs_prop_t prop;
1632 	nvlist_t *props;
1633 
1634 	if (!ZFS_IS_VOLUME(zhp)) {
1635 		return (0);
1636 	}
1637 
1638 	if (zfs_which_resv_prop(zhp, &prop) != 0) {
1639 		return (-1);
1640 	}
1641 
1642 	if (prop != ZFS_PROP_REFRESERVATION) {
1643 		return (0);
1644 	}
1645 
1646 	if (nvlist_lookup_uint64(nvl, zfs_prop_to_name(prop), &resvsize) != 0) {
1647 		/* No value being set, so it can't be "auto" */
1648 		return (0);
1649 	}
1650 	if (resvsize != UINT64_MAX) {
1651 		/* Being set to a value other than "auto" */
1652 		return (0);
1653 	}
1654 
1655 	props = fnvlist_alloc();
1656 
1657 	fnvlist_add_uint64(props, zfs_prop_to_name(ZFS_PROP_VOLBLOCKSIZE),
1658 	    zfs_prop_get_int(zhp, ZFS_PROP_VOLBLOCKSIZE));
1659 
1660 	if (nvlist_lookup_uint64(nvl, zfs_prop_to_name(ZFS_PROP_VOLSIZE),
1661 	    &volsize) != 0) {
1662 		volsize = zfs_prop_get_int(zhp, ZFS_PROP_VOLSIZE);
1663 	}
1664 
1665 	resvsize = zvol_volsize_to_reservation(zpool_handle(zhp), volsize,
1666 	    props);
1667 	fnvlist_free(props);
1668 
1669 	(void) nvlist_remove_all(nvl, zfs_prop_to_name(prop));
1670 	if (nvlist_add_uint64(nvl, zfs_prop_to_name(prop), resvsize) != 0) {
1671 		(void) no_memory(zhp->zfs_hdl);
1672 		return (-1);
1673 	}
1674 	return (1);
1675 }
1676 
1677 void
1678 zfs_setprop_error(libzfs_handle_t *hdl, zfs_prop_t prop, int err,
1679     char *errbuf)
1680 {
1681 	switch (err) {
1682 
1683 	case ENOSPC:
1684 		/*
1685 		 * For quotas and reservations, ENOSPC indicates
1686 		 * something different; setting a quota or reservation
1687 		 * doesn't use any disk space.
1688 		 */
1689 		switch (prop) {
1690 		case ZFS_PROP_QUOTA:
1691 		case ZFS_PROP_REFQUOTA:
1692 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1693 			    "size is less than current used or "
1694 			    "reserved space"));
1695 			(void) zfs_error(hdl, EZFS_PROPSPACE, errbuf);
1696 			break;
1697 
1698 		case ZFS_PROP_RESERVATION:
1699 		case ZFS_PROP_REFRESERVATION:
1700 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1701 			    "size is greater than available space"));
1702 			(void) zfs_error(hdl, EZFS_PROPSPACE, errbuf);
1703 			break;
1704 
1705 		default:
1706 			(void) zfs_standard_error(hdl, err, errbuf);
1707 			break;
1708 		}
1709 		break;
1710 
1711 	case EBUSY:
1712 		(void) zfs_standard_error(hdl, EBUSY, errbuf);
1713 		break;
1714 
1715 	case EROFS:
1716 		(void) zfs_error(hdl, EZFS_DSREADONLY, errbuf);
1717 		break;
1718 
1719 	case E2BIG:
1720 		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1721 		    "property value too long"));
1722 		(void) zfs_error(hdl, EZFS_BADPROP, errbuf);
1723 		break;
1724 
1725 	case ENOTSUP:
1726 		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1727 		    "pool and or dataset must be upgraded to set this "
1728 		    "property or value"));
1729 		(void) zfs_error(hdl, EZFS_BADVERSION, errbuf);
1730 		break;
1731 
1732 	case ERANGE:
1733 		if (prop == ZFS_PROP_COMPRESSION ||
1734 		    prop == ZFS_PROP_RECORDSIZE) {
1735 			(void) zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1736 			    "property setting is not allowed on "
1737 			    "bootable datasets"));
1738 			(void) zfs_error(hdl, EZFS_NOTSUP, errbuf);
1739 		} else if (prop == ZFS_PROP_CHECKSUM ||
1740 		    prop == ZFS_PROP_DEDUP) {
1741 			(void) zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1742 			    "property setting is not allowed on "
1743 			    "root pools"));
1744 			(void) zfs_error(hdl, EZFS_NOTSUP, errbuf);
1745 		} else {
1746 			(void) zfs_standard_error(hdl, err, errbuf);
1747 		}
1748 		break;
1749 
1750 	case EINVAL:
1751 		if (prop == ZPROP_INVAL) {
1752 			(void) zfs_error(hdl, EZFS_BADPROP, errbuf);
1753 		} else {
1754 			(void) zfs_standard_error(hdl, err, errbuf);
1755 		}
1756 		break;
1757 
1758 	case EACCES:
1759 		if (prop == ZFS_PROP_KEYLOCATION) {
1760 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1761 			    "keylocation may only be set on encryption roots"));
1762 			(void) zfs_error(hdl, EZFS_BADPROP, errbuf);
1763 		} else {
1764 			(void) zfs_standard_error(hdl, err, errbuf);
1765 		}
1766 		break;
1767 
1768 	case EOVERFLOW:
1769 		/*
1770 		 * This platform can't address a volume this big.
1771 		 */
1772 #ifdef _ILP32
1773 		if (prop == ZFS_PROP_VOLSIZE) {
1774 			(void) zfs_error(hdl, EZFS_VOLTOOBIG, errbuf);
1775 			break;
1776 		}
1777 #endif
1778 		/* FALLTHROUGH */
1779 	default:
1780 		(void) zfs_standard_error(hdl, err, errbuf);
1781 	}
1782 }
1783 
1784 /*
1785  * Given a property name and value, set the property for the given dataset.
1786  */
1787 int
1788 zfs_prop_set(zfs_handle_t *zhp, const char *propname, const char *propval)
1789 {
1790 	int ret = -1;
1791 	char errbuf[1024];
1792 	libzfs_handle_t *hdl = zhp->zfs_hdl;
1793 	nvlist_t *nvl = NULL;
1794 
1795 	(void) snprintf(errbuf, sizeof (errbuf),
1796 	    dgettext(TEXT_DOMAIN, "cannot set property for '%s'"),
1797 	    zhp->zfs_name);
1798 
1799 	if (nvlist_alloc(&nvl, NV_UNIQUE_NAME, 0) != 0 ||
1800 	    nvlist_add_string(nvl, propname, propval) != 0) {
1801 		(void) no_memory(hdl);
1802 		goto error;
1803 	}
1804 
1805 	ret = zfs_prop_set_list(zhp, nvl);
1806 
1807 error:
1808 	nvlist_free(nvl);
1809 	return (ret);
1810 }
1811 
1812 
1813 
1814 /*
1815  * Given an nvlist of property names and values, set the properties for the
1816  * given dataset.
1817  */
1818 int
1819 zfs_prop_set_list(zfs_handle_t *zhp, nvlist_t *props)
1820 {
1821 	zfs_cmd_t zc = { 0 };
1822 	int ret = -1;
1823 	prop_changelist_t **cls = NULL;
1824 	int cl_idx;
1825 	char errbuf[1024];
1826 	libzfs_handle_t *hdl = zhp->zfs_hdl;
1827 	nvlist_t *nvl;
1828 	int nvl_len;
1829 	int added_resv = 0;
1830 
1831 	(void) snprintf(errbuf, sizeof (errbuf),
1832 	    dgettext(TEXT_DOMAIN, "cannot set property for '%s'"),
1833 	    zhp->zfs_name);
1834 
1835 	if ((nvl = zfs_valid_proplist(hdl, zhp->zfs_type, props,
1836 	    zfs_prop_get_int(zhp, ZFS_PROP_ZONED), zhp, zhp->zpool_hdl,
1837 	    B_FALSE, errbuf)) == NULL)
1838 		goto error;
1839 
1840 	/*
1841 	 * We have to check for any extra properties which need to be added
1842 	 * before computing the length of the nvlist.
1843 	 */
1844 	for (nvpair_t *elem = nvlist_next_nvpair(nvl, NULL);
1845 	    elem != NULL;
1846 	    elem = nvlist_next_nvpair(nvl, elem)) {
1847 		if (zfs_name_to_prop(nvpair_name(elem)) == ZFS_PROP_VOLSIZE &&
1848 		    (added_resv = zfs_add_synthetic_resv(zhp, nvl)) == -1) {
1849 			goto error;
1850 		}
1851 	}
1852 
1853 	if (added_resv != 1 &&
1854 	    (added_resv = zfs_fix_auto_resv(zhp, nvl)) == -1) {
1855 		goto error;
1856 	}
1857 
1858 	/*
1859 	 * Check how many properties we're setting and allocate an array to
1860 	 * store changelist pointers for postfix().
1861 	 */
1862 	nvl_len = 0;
1863 	for (nvpair_t *elem = nvlist_next_nvpair(nvl, NULL);
1864 	    elem != NULL;
1865 	    elem = nvlist_next_nvpair(nvl, elem))
1866 		nvl_len++;
1867 	if ((cls = calloc(nvl_len, sizeof (prop_changelist_t *))) == NULL)
1868 		goto error;
1869 
1870 	cl_idx = 0;
1871 	for (nvpair_t *elem = nvlist_next_nvpair(nvl, NULL);
1872 	    elem != NULL;
1873 	    elem = nvlist_next_nvpair(nvl, elem)) {
1874 
1875 		zfs_prop_t prop = zfs_name_to_prop(nvpair_name(elem));
1876 
1877 		assert(cl_idx < nvl_len);
1878 		/*
1879 		 * We don't want to unmount & remount the dataset when changing
1880 		 * its canmount property to 'on' or 'noauto'.  We only use
1881 		 * the changelist logic to unmount when setting canmount=off.
1882 		 */
1883 		if (prop != ZFS_PROP_CANMOUNT ||
1884 		    (fnvpair_value_uint64(elem) == ZFS_CANMOUNT_OFF &&
1885 		    zfs_is_mounted(zhp, NULL))) {
1886 			cls[cl_idx] = changelist_gather(zhp, prop, 0, 0);
1887 			if (cls[cl_idx] == NULL)
1888 				goto error;
1889 		}
1890 
1891 		if (prop == ZFS_PROP_MOUNTPOINT &&
1892 		    changelist_haszonedchild(cls[cl_idx])) {
1893 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1894 			    "child dataset with inherited mountpoint is used "
1895 			    "in a non-global zone"));
1896 			ret = zfs_error(hdl, EZFS_ZONED, errbuf);
1897 			goto error;
1898 		}
1899 
1900 		if (cls[cl_idx] != NULL &&
1901 		    (ret = changelist_prefix(cls[cl_idx])) != 0)
1902 			goto error;
1903 
1904 		cl_idx++;
1905 	}
1906 	assert(cl_idx == nvl_len);
1907 
1908 	/*
1909 	 * Execute the corresponding ioctl() to set this list of properties.
1910 	 */
1911 	(void) strlcpy(zc.zc_name, zhp->zfs_name, sizeof (zc.zc_name));
1912 
1913 	if ((ret = zcmd_write_src_nvlist(hdl, &zc, nvl)) != 0 ||
1914 	    (ret = zcmd_alloc_dst_nvlist(hdl, &zc, 0)) != 0)
1915 		goto error;
1916 
1917 	ret = zfs_ioctl(hdl, ZFS_IOC_SET_PROP, &zc);
1918 
1919 	if (ret != 0) {
1920 		if (zc.zc_nvlist_dst_filled == B_FALSE) {
1921 			(void) zfs_standard_error(hdl, errno, errbuf);
1922 			goto error;
1923 		}
1924 
1925 		/* Get the list of unset properties back and report them. */
1926 		nvlist_t *errorprops = NULL;
1927 		if (zcmd_read_dst_nvlist(hdl, &zc, &errorprops) != 0)
1928 			goto error;
1929 		for (nvpair_t *elem = nvlist_next_nvpair(errorprops, NULL);
1930 		    elem != NULL;
1931 		    elem = nvlist_next_nvpair(errorprops, elem)) {
1932 			zfs_prop_t prop = zfs_name_to_prop(nvpair_name(elem));
1933 			zfs_setprop_error(hdl, prop, errno, errbuf);
1934 		}
1935 		nvlist_free(errorprops);
1936 
1937 		if (added_resv && errno == ENOSPC) {
1938 			/* clean up the volsize property we tried to set */
1939 			uint64_t old_volsize = zfs_prop_get_int(zhp,
1940 			    ZFS_PROP_VOLSIZE);
1941 			nvlist_free(nvl);
1942 			nvl = NULL;
1943 			zcmd_free_nvlists(&zc);
1944 
1945 			if (nvlist_alloc(&nvl, NV_UNIQUE_NAME, 0) != 0)
1946 				goto error;
1947 			if (nvlist_add_uint64(nvl,
1948 			    zfs_prop_to_name(ZFS_PROP_VOLSIZE),
1949 			    old_volsize) != 0)
1950 				goto error;
1951 			if (zcmd_write_src_nvlist(hdl, &zc, nvl) != 0)
1952 				goto error;
1953 			(void) zfs_ioctl(hdl, ZFS_IOC_SET_PROP, &zc);
1954 		}
1955 	} else {
1956 		for (cl_idx = 0; cl_idx < nvl_len; cl_idx++) {
1957 			if (cls[cl_idx] != NULL) {
1958 				int clp_err = changelist_postfix(cls[cl_idx]);
1959 				if (clp_err != 0)
1960 					ret = clp_err;
1961 			}
1962 		}
1963 
1964 		/*
1965 		 * Refresh the statistics so the new property value
1966 		 * is reflected.
1967 		 */
1968 		if (ret == 0)
1969 			(void) get_stats(zhp);
1970 	}
1971 
1972 error:
1973 	nvlist_free(nvl);
1974 	zcmd_free_nvlists(&zc);
1975 	if (cls != NULL) {
1976 		for (cl_idx = 0; cl_idx < nvl_len; cl_idx++) {
1977 			if (cls[cl_idx] != NULL)
1978 				changelist_free(cls[cl_idx]);
1979 		}
1980 		free(cls);
1981 	}
1982 	return (ret);
1983 }
1984 
1985 /*
1986  * Given a property, inherit the value from the parent dataset, or if received
1987  * is TRUE, revert to the received value, if any.
1988  */
1989 int
1990 zfs_prop_inherit(zfs_handle_t *zhp, const char *propname, boolean_t received)
1991 {
1992 	zfs_cmd_t zc = { 0 };
1993 	int ret;
1994 	prop_changelist_t *cl;
1995 	libzfs_handle_t *hdl = zhp->zfs_hdl;
1996 	char errbuf[1024];
1997 	zfs_prop_t prop;
1998 
1999 	(void) snprintf(errbuf, sizeof (errbuf), dgettext(TEXT_DOMAIN,
2000 	    "cannot inherit %s for '%s'"), propname, zhp->zfs_name);
2001 
2002 	zc.zc_cookie = received;
2003 	if ((prop = zfs_name_to_prop(propname)) == ZPROP_INVAL) {
2004 		/*
2005 		 * For user properties, the amount of work we have to do is very
2006 		 * small, so just do it here.
2007 		 */
2008 		if (!zfs_prop_user(propname)) {
2009 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
2010 			    "invalid property"));
2011 			return (zfs_error(hdl, EZFS_BADPROP, errbuf));
2012 		}
2013 
2014 		(void) strlcpy(zc.zc_name, zhp->zfs_name, sizeof (zc.zc_name));
2015 		(void) strlcpy(zc.zc_value, propname, sizeof (zc.zc_value));
2016 
2017 		if (zfs_ioctl(zhp->zfs_hdl, ZFS_IOC_INHERIT_PROP, &zc) != 0)
2018 			return (zfs_standard_error(hdl, errno, errbuf));
2019 
2020 		return (0);
2021 	}
2022 
2023 	/*
2024 	 * Verify that this property is inheritable.
2025 	 */
2026 	if (zfs_prop_readonly(prop))
2027 		return (zfs_error(hdl, EZFS_PROPREADONLY, errbuf));
2028 
2029 	if (!zfs_prop_inheritable(prop) && !received)
2030 		return (zfs_error(hdl, EZFS_PROPNONINHERIT, errbuf));
2031 
2032 	/*
2033 	 * Check to see if the value applies to this type
2034 	 */
2035 	if (!zfs_prop_valid_for_type(prop, zhp->zfs_type))
2036 		return (zfs_error(hdl, EZFS_PROPTYPE, errbuf));
2037 
2038 	/*
2039 	 * Normalize the name, to get rid of shorthand abbreviations.
2040 	 */
2041 	propname = zfs_prop_to_name(prop);
2042 	(void) strlcpy(zc.zc_name, zhp->zfs_name, sizeof (zc.zc_name));
2043 	(void) strlcpy(zc.zc_value, propname, sizeof (zc.zc_value));
2044 
2045 	if (prop == ZFS_PROP_MOUNTPOINT && getzoneid() == GLOBAL_ZONEID &&
2046 	    zfs_prop_get_int(zhp, ZFS_PROP_ZONED)) {
2047 		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
2048 		    "dataset is used in a non-global zone"));
2049 		return (zfs_error(hdl, EZFS_ZONED, errbuf));
2050 	}
2051 
2052 	/*
2053 	 * Determine datasets which will be affected by this change, if any.
2054 	 */
2055 	if ((cl = changelist_gather(zhp, prop, 0, 0)) == NULL)
2056 		return (-1);
2057 
2058 	if (prop == ZFS_PROP_MOUNTPOINT && changelist_haszonedchild(cl)) {
2059 		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
2060 		    "child dataset with inherited mountpoint is used "
2061 		    "in a non-global zone"));
2062 		ret = zfs_error(hdl, EZFS_ZONED, errbuf);
2063 		goto error;
2064 	}
2065 
2066 	if ((ret = changelist_prefix(cl)) != 0)
2067 		goto error;
2068 
2069 	if ((ret = zfs_ioctl(zhp->zfs_hdl, ZFS_IOC_INHERIT_PROP, &zc)) != 0) {
2070 		return (zfs_standard_error(hdl, errno, errbuf));
2071 	} else {
2072 
2073 		if ((ret = changelist_postfix(cl)) != 0)
2074 			goto error;
2075 
2076 		/*
2077 		 * Refresh the statistics so the new property is reflected.
2078 		 */
2079 		(void) get_stats(zhp);
2080 	}
2081 
2082 error:
2083 	changelist_free(cl);
2084 	return (ret);
2085 }
2086 
2087 /*
2088  * True DSL properties are stored in an nvlist.  The following two functions
2089  * extract them appropriately.
2090  */
2091 static uint64_t
2092 getprop_uint64(zfs_handle_t *zhp, zfs_prop_t prop, char **source)
2093 {
2094 	nvlist_t *nv;
2095 	uint64_t value;
2096 
2097 	*source = NULL;
2098 	if (nvlist_lookup_nvlist(zhp->zfs_props,
2099 	    zfs_prop_to_name(prop), &nv) == 0) {
2100 		verify(nvlist_lookup_uint64(nv, ZPROP_VALUE, &value) == 0);
2101 		(void) nvlist_lookup_string(nv, ZPROP_SOURCE, source);
2102 	} else {
2103 		verify(!zhp->zfs_props_table ||
2104 		    zhp->zfs_props_table[prop] == B_TRUE);
2105 		value = zfs_prop_default_numeric(prop);
2106 		*source = "";
2107 	}
2108 
2109 	return (value);
2110 }
2111 
2112 static const char *
2113 getprop_string(zfs_handle_t *zhp, zfs_prop_t prop, char **source)
2114 {
2115 	nvlist_t *nv;
2116 	const char *value;
2117 
2118 	*source = NULL;
2119 	if (nvlist_lookup_nvlist(zhp->zfs_props,
2120 	    zfs_prop_to_name(prop), &nv) == 0) {
2121 		value = fnvlist_lookup_string(nv, ZPROP_VALUE);
2122 		(void) nvlist_lookup_string(nv, ZPROP_SOURCE, source);
2123 	} else {
2124 		verify(!zhp->zfs_props_table ||
2125 		    zhp->zfs_props_table[prop] == B_TRUE);
2126 		value = zfs_prop_default_string(prop);
2127 		*source = "";
2128 	}
2129 
2130 	return (value);
2131 }
2132 
2133 static boolean_t
2134 zfs_is_recvd_props_mode(zfs_handle_t *zhp)
2135 {
2136 	return (zhp->zfs_props == zhp->zfs_recvd_props);
2137 }
2138 
2139 static void
2140 zfs_set_recvd_props_mode(zfs_handle_t *zhp, uint64_t *cookie)
2141 {
2142 	*cookie = (uint64_t)(uintptr_t)zhp->zfs_props;
2143 	zhp->zfs_props = zhp->zfs_recvd_props;
2144 }
2145 
2146 static void
2147 zfs_unset_recvd_props_mode(zfs_handle_t *zhp, uint64_t *cookie)
2148 {
2149 	zhp->zfs_props = (nvlist_t *)(uintptr_t)*cookie;
2150 	*cookie = 0;
2151 }
2152 
2153 /*
2154  * Internal function for getting a numeric property.  Both zfs_prop_get() and
2155  * zfs_prop_get_int() are built using this interface.
2156  *
2157  * Certain properties can be overridden using 'mount -o'.  In this case, scan
2158  * the contents of the /etc/mnttab entry, searching for the appropriate options.
2159  * If they differ from the on-disk values, report the current values and mark
2160  * the source "temporary".
2161  */
2162 static int
2163 get_numeric_property(zfs_handle_t *zhp, zfs_prop_t prop, zprop_source_t *src,
2164     char **source, uint64_t *val)
2165 {
2166 	zfs_cmd_t zc = { 0 };
2167 	nvlist_t *zplprops = NULL;
2168 	struct mnttab mnt;
2169 	char *mntopt_on = NULL;
2170 	char *mntopt_off = NULL;
2171 	boolean_t received = zfs_is_recvd_props_mode(zhp);
2172 
2173 	*source = NULL;
2174 
2175 	switch (prop) {
2176 	case ZFS_PROP_ATIME:
2177 		mntopt_on = MNTOPT_ATIME;
2178 		mntopt_off = MNTOPT_NOATIME;
2179 		break;
2180 
2181 	case ZFS_PROP_DEVICES:
2182 		mntopt_on = MNTOPT_DEVICES;
2183 		mntopt_off = MNTOPT_NODEVICES;
2184 		break;
2185 
2186 	case ZFS_PROP_EXEC:
2187 		mntopt_on = MNTOPT_EXEC;
2188 		mntopt_off = MNTOPT_NOEXEC;
2189 		break;
2190 
2191 	case ZFS_PROP_READONLY:
2192 		mntopt_on = MNTOPT_RO;
2193 		mntopt_off = MNTOPT_RW;
2194 		break;
2195 
2196 	case ZFS_PROP_SETUID:
2197 		mntopt_on = MNTOPT_SETUID;
2198 		mntopt_off = MNTOPT_NOSETUID;
2199 		break;
2200 
2201 	case ZFS_PROP_XATTR:
2202 		mntopt_on = MNTOPT_XATTR;
2203 		mntopt_off = MNTOPT_NOXATTR;
2204 		break;
2205 
2206 	case ZFS_PROP_NBMAND:
2207 		mntopt_on = MNTOPT_NBMAND;
2208 		mntopt_off = MNTOPT_NONBMAND;
2209 		break;
2210 
2211 	default:
2212 		break;
2213 	}
2214 
2215 	/*
2216 	 * Because looking up the mount options is potentially expensive
2217 	 * (iterating over all of /etc/mnttab), we defer its calculation until
2218 	 * we're looking up a property which requires its presence.
2219 	 */
2220 	if (!zhp->zfs_mntcheck &&
2221 	    (mntopt_on != NULL || prop == ZFS_PROP_MOUNTED)) {
2222 		libzfs_handle_t *hdl = zhp->zfs_hdl;
2223 		struct mnttab entry;
2224 
2225 		if (libzfs_mnttab_find(hdl, zhp->zfs_name, &entry) == 0) {
2226 			zhp->zfs_mntopts = zfs_strdup(hdl,
2227 			    entry.mnt_mntopts);
2228 			if (zhp->zfs_mntopts == NULL)
2229 				return (-1);
2230 		}
2231 
2232 		zhp->zfs_mntcheck = B_TRUE;
2233 	}
2234 
2235 	if (zhp->zfs_mntopts == NULL)
2236 		mnt.mnt_mntopts = "";
2237 	else
2238 		mnt.mnt_mntopts = zhp->zfs_mntopts;
2239 
2240 	switch (prop) {
2241 	case ZFS_PROP_ATIME:
2242 	case ZFS_PROP_DEVICES:
2243 	case ZFS_PROP_EXEC:
2244 	case ZFS_PROP_READONLY:
2245 	case ZFS_PROP_SETUID:
2246 	case ZFS_PROP_XATTR:
2247 	case ZFS_PROP_NBMAND:
2248 		*val = getprop_uint64(zhp, prop, source);
2249 
2250 		if (received)
2251 			break;
2252 
2253 		if (hasmntopt(&mnt, mntopt_on) && !*val) {
2254 			*val = B_TRUE;
2255 			if (src)
2256 				*src = ZPROP_SRC_TEMPORARY;
2257 		} else if (hasmntopt(&mnt, mntopt_off) && *val) {
2258 			*val = B_FALSE;
2259 			if (src)
2260 				*src = ZPROP_SRC_TEMPORARY;
2261 		}
2262 		break;
2263 
2264 	case ZFS_PROP_CANMOUNT:
2265 	case ZFS_PROP_VOLSIZE:
2266 	case ZFS_PROP_QUOTA:
2267 	case ZFS_PROP_REFQUOTA:
2268 	case ZFS_PROP_RESERVATION:
2269 	case ZFS_PROP_REFRESERVATION:
2270 	case ZFS_PROP_FILESYSTEM_LIMIT:
2271 	case ZFS_PROP_SNAPSHOT_LIMIT:
2272 	case ZFS_PROP_FILESYSTEM_COUNT:
2273 	case ZFS_PROP_SNAPSHOT_COUNT:
2274 		*val = getprop_uint64(zhp, prop, source);
2275 
2276 		if (*source == NULL) {
2277 			/* not default, must be local */
2278 			*source = zhp->zfs_name;
2279 		}
2280 		break;
2281 
2282 	case ZFS_PROP_MOUNTED:
2283 		*val = (zhp->zfs_mntopts != NULL);
2284 		break;
2285 
2286 	case ZFS_PROP_NUMCLONES:
2287 		*val = zhp->zfs_dmustats.dds_num_clones;
2288 		break;
2289 
2290 	case ZFS_PROP_VERSION:
2291 	case ZFS_PROP_NORMALIZE:
2292 	case ZFS_PROP_UTF8ONLY:
2293 	case ZFS_PROP_CASE:
2294 		if (!zfs_prop_valid_for_type(prop, zhp->zfs_head_type) ||
2295 		    zcmd_alloc_dst_nvlist(zhp->zfs_hdl, &zc, 0) != 0)
2296 			return (-1);
2297 		(void) strlcpy(zc.zc_name, zhp->zfs_name, sizeof (zc.zc_name));
2298 		if (zfs_ioctl(zhp->zfs_hdl, ZFS_IOC_OBJSET_ZPLPROPS, &zc)) {
2299 			zcmd_free_nvlists(&zc);
2300 			return (-1);
2301 		}
2302 		if (zcmd_read_dst_nvlist(zhp->zfs_hdl, &zc, &zplprops) != 0 ||
2303 		    nvlist_lookup_uint64(zplprops, zfs_prop_to_name(prop),
2304 		    val) != 0) {
2305 			zcmd_free_nvlists(&zc);
2306 			return (-1);
2307 		}
2308 		nvlist_free(zplprops);
2309 		zcmd_free_nvlists(&zc);
2310 		break;
2311 
2312 	case ZFS_PROP_INCONSISTENT:
2313 		*val = zhp->zfs_dmustats.dds_inconsistent;
2314 		break;
2315 
2316 	default:
2317 		switch (zfs_prop_get_type(prop)) {
2318 		case PROP_TYPE_NUMBER:
2319 		case PROP_TYPE_INDEX:
2320 			*val = getprop_uint64(zhp, prop, source);
2321 			/*
2322 			 * If we tried to use a default value for a
2323 			 * readonly property, it means that it was not
2324 			 * present.  Note this only applies to "truly"
2325 			 * readonly properties, not set-once properties
2326 			 * like volblocksize.
2327 			 */
2328 			if (zfs_prop_readonly(prop) &&
2329 			    !zfs_prop_setonce(prop) &&
2330 			    *source != NULL && (*source)[0] == '\0') {
2331 				*source = NULL;
2332 				return (-1);
2333 			}
2334 			break;
2335 
2336 		case PROP_TYPE_STRING:
2337 		default:
2338 			zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
2339 			    "cannot get non-numeric property"));
2340 			return (zfs_error(zhp->zfs_hdl, EZFS_BADPROP,
2341 			    dgettext(TEXT_DOMAIN, "internal error")));
2342 		}
2343 	}
2344 
2345 	return (0);
2346 }
2347 
2348 /*
2349  * Calculate the source type, given the raw source string.
2350  */
2351 static void
2352 get_source(zfs_handle_t *zhp, zprop_source_t *srctype, char *source,
2353     char *statbuf, size_t statlen)
2354 {
2355 	if (statbuf == NULL || *srctype == ZPROP_SRC_TEMPORARY)
2356 		return;
2357 
2358 	if (source == NULL) {
2359 		*srctype = ZPROP_SRC_NONE;
2360 	} else if (source[0] == '\0') {
2361 		*srctype = ZPROP_SRC_DEFAULT;
2362 	} else if (strstr(source, ZPROP_SOURCE_VAL_RECVD) != NULL) {
2363 		*srctype = ZPROP_SRC_RECEIVED;
2364 	} else {
2365 		if (strcmp(source, zhp->zfs_name) == 0) {
2366 			*srctype = ZPROP_SRC_LOCAL;
2367 		} else {
2368 			(void) strlcpy(statbuf, source, statlen);
2369 			*srctype = ZPROP_SRC_INHERITED;
2370 		}
2371 	}
2372 
2373 }
2374 
2375 int
2376 zfs_prop_get_recvd(zfs_handle_t *zhp, const char *propname, char *propbuf,
2377     size_t proplen, boolean_t literal)
2378 {
2379 	zfs_prop_t prop;
2380 	int err = 0;
2381 
2382 	if (zhp->zfs_recvd_props == NULL)
2383 		if (get_recvd_props_ioctl(zhp) != 0)
2384 			return (-1);
2385 
2386 	prop = zfs_name_to_prop(propname);
2387 
2388 	if (prop != ZPROP_INVAL) {
2389 		uint64_t cookie;
2390 		if (!nvlist_exists(zhp->zfs_recvd_props, propname))
2391 			return (-1);
2392 		zfs_set_recvd_props_mode(zhp, &cookie);
2393 		err = zfs_prop_get(zhp, prop, propbuf, proplen,
2394 		    NULL, NULL, 0, literal);
2395 		zfs_unset_recvd_props_mode(zhp, &cookie);
2396 	} else {
2397 		nvlist_t *propval;
2398 		char *recvdval;
2399 		if (nvlist_lookup_nvlist(zhp->zfs_recvd_props,
2400 		    propname, &propval) != 0)
2401 			return (-1);
2402 		verify(nvlist_lookup_string(propval, ZPROP_VALUE,
2403 		    &recvdval) == 0);
2404 		(void) strlcpy(propbuf, recvdval, proplen);
2405 	}
2406 
2407 	return (err == 0 ? 0 : -1);
2408 }
2409 
2410 static int
2411 get_clones_string(zfs_handle_t *zhp, char *propbuf, size_t proplen)
2412 {
2413 	nvlist_t *value;
2414 	nvpair_t *pair;
2415 
2416 	value = zfs_get_clones_nvl(zhp);
2417 	if (value == NULL || nvlist_empty(value))
2418 		return (-1);
2419 
2420 	propbuf[0] = '\0';
2421 	for (pair = nvlist_next_nvpair(value, NULL); pair != NULL;
2422 	    pair = nvlist_next_nvpair(value, pair)) {
2423 		if (propbuf[0] != '\0')
2424 			(void) strlcat(propbuf, ",", proplen);
2425 		(void) strlcat(propbuf, nvpair_name(pair), proplen);
2426 	}
2427 
2428 	return (0);
2429 }
2430 
2431 struct get_clones_arg {
2432 	uint64_t numclones;
2433 	nvlist_t *value;
2434 	const char *origin;
2435 	char buf[ZFS_MAX_DATASET_NAME_LEN];
2436 };
2437 
2438 int
2439 get_clones_cb(zfs_handle_t *zhp, void *arg)
2440 {
2441 	struct get_clones_arg *gca = arg;
2442 
2443 	if (gca->numclones == 0) {
2444 		zfs_close(zhp);
2445 		return (0);
2446 	}
2447 
2448 	if (zfs_prop_get(zhp, ZFS_PROP_ORIGIN, gca->buf, sizeof (gca->buf),
2449 	    NULL, NULL, 0, B_TRUE) != 0)
2450 		goto out;
2451 	if (strcmp(gca->buf, gca->origin) == 0) {
2452 		fnvlist_add_boolean(gca->value, zfs_get_name(zhp));
2453 		gca->numclones--;
2454 	}
2455 
2456 out:
2457 	(void) zfs_iter_children(zhp, get_clones_cb, gca);
2458 	zfs_close(zhp);
2459 	return (0);
2460 }
2461 
2462 nvlist_t *
2463 zfs_get_clones_nvl(zfs_handle_t *zhp)
2464 {
2465 	nvlist_t *nv, *value;
2466 
2467 	if (nvlist_lookup_nvlist(zhp->zfs_props,
2468 	    zfs_prop_to_name(ZFS_PROP_CLONES), &nv) != 0) {
2469 		struct get_clones_arg gca;
2470 
2471 		/*
2472 		 * if this is a snapshot, then the kernel wasn't able
2473 		 * to get the clones.  Do it by slowly iterating.
2474 		 */
2475 		if (zhp->zfs_type != ZFS_TYPE_SNAPSHOT)
2476 			return (NULL);
2477 		if (nvlist_alloc(&nv, NV_UNIQUE_NAME, 0) != 0)
2478 			return (NULL);
2479 		if (nvlist_alloc(&value, NV_UNIQUE_NAME, 0) != 0) {
2480 			nvlist_free(nv);
2481 			return (NULL);
2482 		}
2483 
2484 		gca.numclones = zfs_prop_get_int(zhp, ZFS_PROP_NUMCLONES);
2485 		gca.value = value;
2486 		gca.origin = zhp->zfs_name;
2487 
2488 		if (gca.numclones != 0) {
2489 			zfs_handle_t *root;
2490 			char pool[ZFS_MAX_DATASET_NAME_LEN];
2491 			char *cp = pool;
2492 
2493 			/* get the pool name */
2494 			(void) strlcpy(pool, zhp->zfs_name, sizeof (pool));
2495 			(void) strsep(&cp, "/@");
2496 			root = zfs_open(zhp->zfs_hdl, pool,
2497 			    ZFS_TYPE_FILESYSTEM);
2498 
2499 			(void) get_clones_cb(root, &gca);
2500 		}
2501 
2502 		if (gca.numclones != 0 ||
2503 		    nvlist_add_nvlist(nv, ZPROP_VALUE, value) != 0 ||
2504 		    nvlist_add_nvlist(zhp->zfs_props,
2505 		    zfs_prop_to_name(ZFS_PROP_CLONES), nv) != 0) {
2506 			nvlist_free(nv);
2507 			nvlist_free(value);
2508 			return (NULL);
2509 		}
2510 		nvlist_free(nv);
2511 		nvlist_free(value);
2512 		verify(0 == nvlist_lookup_nvlist(zhp->zfs_props,
2513 		    zfs_prop_to_name(ZFS_PROP_CLONES), &nv));
2514 	}
2515 
2516 	verify(nvlist_lookup_nvlist(nv, ZPROP_VALUE, &value) == 0);
2517 
2518 	return (value);
2519 }
2520 
2521 /*
2522  * Accepts a property and value and checks that the value
2523  * matches the one found by the channel program. If they are
2524  * not equal, print both of them.
2525  */
2526 void
2527 zcp_check(zfs_handle_t *zhp, zfs_prop_t prop, uint64_t intval,
2528     const char *strval)
2529 {
2530 	if (!zhp->zfs_hdl->libzfs_prop_debug)
2531 		return;
2532 	int error;
2533 	char *poolname = zhp->zpool_hdl->zpool_name;
2534 	const char *program =
2535 	    "args = ...\n"
2536 	    "ds = args['dataset']\n"
2537 	    "prop = args['property']\n"
2538 	    "value, setpoint = zfs.get_prop(ds, prop)\n"
2539 	    "return {value=value, setpoint=setpoint}\n";
2540 	nvlist_t *outnvl;
2541 	nvlist_t *retnvl;
2542 	nvlist_t *argnvl = fnvlist_alloc();
2543 
2544 	fnvlist_add_string(argnvl, "dataset", zhp->zfs_name);
2545 	fnvlist_add_string(argnvl, "property", zfs_prop_to_name(prop));
2546 
2547 	error = lzc_channel_program_nosync(poolname, program,
2548 	    10 * 1000 * 1000, 10 * 1024 * 1024, argnvl, &outnvl);
2549 
2550 	if (error == 0) {
2551 		retnvl = fnvlist_lookup_nvlist(outnvl, "return");
2552 		if (zfs_prop_get_type(prop) == PROP_TYPE_NUMBER) {
2553 			int64_t ans;
2554 			error = nvlist_lookup_int64(retnvl, "value", &ans);
2555 			if (error != 0) {
2556 				(void) fprintf(stderr, "zcp check error: %u\n",
2557 				    error);
2558 				return;
2559 			}
2560 			if (ans != intval) {
2561 				(void) fprintf(stderr,
2562 				    "%s: zfs found %lld, but zcp found %lld\n",
2563 				    zfs_prop_to_name(prop),
2564 				    (longlong_t)intval, (longlong_t)ans);
2565 			}
2566 		} else {
2567 			char *str_ans;
2568 			error = nvlist_lookup_string(retnvl, "value", &str_ans);
2569 			if (error != 0) {
2570 				(void) fprintf(stderr, "zcp check error: %u\n",
2571 				    error);
2572 				return;
2573 			}
2574 			if (strcmp(strval, str_ans) != 0) {
2575 				(void) fprintf(stderr,
2576 				    "%s: zfs found %s, but zcp found %s\n",
2577 				    zfs_prop_to_name(prop),
2578 				    strval, str_ans);
2579 			}
2580 		}
2581 	} else {
2582 		(void) fprintf(stderr,
2583 		    "zcp check failed, channel program error: %u\n", error);
2584 	}
2585 	nvlist_free(argnvl);
2586 	nvlist_free(outnvl);
2587 }
2588 
2589 /*
2590  * Retrieve a property from the given object.  If 'literal' is specified, then
2591  * numbers are left as exact values.  Otherwise, numbers are converted to a
2592  * human-readable form.
2593  *
2594  * Returns 0 on success, or -1 on error.
2595  */
2596 int
2597 zfs_prop_get(zfs_handle_t *zhp, zfs_prop_t prop, char *propbuf, size_t proplen,
2598     zprop_source_t *src, char *statbuf, size_t statlen, boolean_t literal)
2599 {
2600 	char *source = NULL;
2601 	uint64_t val;
2602 	const char *str;
2603 	const char *strval;
2604 	boolean_t received = zfs_is_recvd_props_mode(zhp);
2605 
2606 	/*
2607 	 * Check to see if this property applies to our object
2608 	 */
2609 	if (!zfs_prop_valid_for_type(prop, zhp->zfs_type))
2610 		return (-1);
2611 
2612 	if (received && zfs_prop_readonly(prop))
2613 		return (-1);
2614 
2615 	if (src)
2616 		*src = ZPROP_SRC_NONE;
2617 
2618 	switch (prop) {
2619 	case ZFS_PROP_CREATION:
2620 		/*
2621 		 * 'creation' is a time_t stored in the statistics.  We convert
2622 		 * this into a string unless 'literal' is specified.
2623 		 */
2624 		{
2625 			val = getprop_uint64(zhp, prop, &source);
2626 			time_t time = (time_t)val;
2627 			struct tm t;
2628 
2629 			if (literal ||
2630 			    localtime_r(&time, &t) == NULL ||
2631 			    strftime(propbuf, proplen, "%a %b %e %k:%M %Y",
2632 			    &t) == 0)
2633 				(void) snprintf(propbuf, proplen, "%llu", val);
2634 		}
2635 		zcp_check(zhp, prop, val, NULL);
2636 		break;
2637 
2638 	case ZFS_PROP_MOUNTPOINT:
2639 		/*
2640 		 * Getting the precise mountpoint can be tricky.
2641 		 *
2642 		 *  - for 'none' or 'legacy', return those values.
2643 		 *  - for inherited mountpoints, we want to take everything
2644 		 *    after our ancestor and append it to the inherited value.
2645 		 *
2646 		 * If the pool has an alternate root, we want to prepend that
2647 		 * root to any values we return.
2648 		 */
2649 
2650 		str = getprop_string(zhp, prop, &source);
2651 
2652 		if (str[0] == '/') {
2653 			char buf[MAXPATHLEN];
2654 			char *root = buf;
2655 			const char *relpath;
2656 
2657 			/*
2658 			 * If we inherit the mountpoint, even from a dataset
2659 			 * with a received value, the source will be the path of
2660 			 * the dataset we inherit from. If source is
2661 			 * ZPROP_SOURCE_VAL_RECVD, the received value is not
2662 			 * inherited.
2663 			 */
2664 			if (strcmp(source, ZPROP_SOURCE_VAL_RECVD) == 0) {
2665 				relpath = "";
2666 			} else {
2667 				relpath = zhp->zfs_name + strlen(source);
2668 				if (relpath[0] == '/')
2669 					relpath++;
2670 			}
2671 
2672 			if ((zpool_get_prop(zhp->zpool_hdl,
2673 			    ZPOOL_PROP_ALTROOT, buf, MAXPATHLEN, NULL,
2674 			    B_FALSE)) || (strcmp(root, "-") == 0))
2675 				root[0] = '\0';
2676 			/*
2677 			 * Special case an alternate root of '/'. This will
2678 			 * avoid having multiple leading slashes in the
2679 			 * mountpoint path.
2680 			 */
2681 			if (strcmp(root, "/") == 0)
2682 				root++;
2683 
2684 			/*
2685 			 * If the mountpoint is '/' then skip over this
2686 			 * if we are obtaining either an alternate root or
2687 			 * an inherited mountpoint.
2688 			 */
2689 			if (str[1] == '\0' && (root[0] != '\0' ||
2690 			    relpath[0] != '\0'))
2691 				str++;
2692 
2693 			if (relpath[0] == '\0')
2694 				(void) snprintf(propbuf, proplen, "%s%s",
2695 				    root, str);
2696 			else
2697 				(void) snprintf(propbuf, proplen, "%s%s%s%s",
2698 				    root, str, relpath[0] == '@' ? "" : "/",
2699 				    relpath);
2700 		} else {
2701 			/* 'legacy' or 'none' */
2702 			(void) strlcpy(propbuf, str, proplen);
2703 		}
2704 		zcp_check(zhp, prop, 0, propbuf);
2705 		break;
2706 
2707 	case ZFS_PROP_ORIGIN:
2708 		str = getprop_string(zhp, prop, &source);
2709 		if (str == NULL)
2710 			return (-1);
2711 		(void) strlcpy(propbuf, str, proplen);
2712 		zcp_check(zhp, prop, 0, str);
2713 		break;
2714 
2715 	case ZFS_PROP_CLONES:
2716 		if (get_clones_string(zhp, propbuf, proplen) != 0)
2717 			return (-1);
2718 		break;
2719 
2720 	case ZFS_PROP_QUOTA:
2721 	case ZFS_PROP_REFQUOTA:
2722 	case ZFS_PROP_RESERVATION:
2723 	case ZFS_PROP_REFRESERVATION:
2724 
2725 		if (get_numeric_property(zhp, prop, src, &source, &val) != 0)
2726 			return (-1);
2727 		/*
2728 		 * If quota or reservation is 0, we translate this into 'none'
2729 		 * (unless literal is set), and indicate that it's the default
2730 		 * value.  Otherwise, we print the number nicely and indicate
2731 		 * that its set locally.
2732 		 */
2733 		if (val == 0) {
2734 			if (literal)
2735 				(void) strlcpy(propbuf, "0", proplen);
2736 			else
2737 				(void) strlcpy(propbuf, "none", proplen);
2738 		} else {
2739 			if (literal)
2740 				(void) snprintf(propbuf, proplen, "%llu",
2741 				    (u_longlong_t)val);
2742 			else
2743 				zfs_nicenum(val, propbuf, proplen);
2744 		}
2745 		zcp_check(zhp, prop, val, NULL);
2746 		break;
2747 
2748 	case ZFS_PROP_FILESYSTEM_LIMIT:
2749 	case ZFS_PROP_SNAPSHOT_LIMIT:
2750 	case ZFS_PROP_FILESYSTEM_COUNT:
2751 	case ZFS_PROP_SNAPSHOT_COUNT:
2752 
2753 		if (get_numeric_property(zhp, prop, src, &source, &val) != 0)
2754 			return (-1);
2755 
2756 		/*
2757 		 * If limit is UINT64_MAX, we translate this into 'none' (unless
2758 		 * literal is set), and indicate that it's the default value.
2759 		 * Otherwise, we print the number nicely and indicate that it's
2760 		 * set locally.
2761 		 */
2762 		if (literal) {
2763 			(void) snprintf(propbuf, proplen, "%llu",
2764 			    (u_longlong_t)val);
2765 		} else if (val == UINT64_MAX) {
2766 			(void) strlcpy(propbuf, "none", proplen);
2767 		} else {
2768 			zfs_nicenum(val, propbuf, proplen);
2769 		}
2770 
2771 		zcp_check(zhp, prop, val, NULL);
2772 		break;
2773 
2774 	case ZFS_PROP_REFRATIO:
2775 	case ZFS_PROP_COMPRESSRATIO:
2776 		if (get_numeric_property(zhp, prop, src, &source, &val) != 0)
2777 			return (-1);
2778 		(void) snprintf(propbuf, proplen, "%llu.%02llux",
2779 		    (u_longlong_t)(val / 100),
2780 		    (u_longlong_t)(val % 100));
2781 		zcp_check(zhp, prop, val, NULL);
2782 		break;
2783 
2784 	case ZFS_PROP_TYPE:
2785 		switch (zhp->zfs_type) {
2786 		case ZFS_TYPE_FILESYSTEM:
2787 			str = "filesystem";
2788 			break;
2789 		case ZFS_TYPE_VOLUME:
2790 			str = "volume";
2791 			break;
2792 		case ZFS_TYPE_SNAPSHOT:
2793 			str = "snapshot";
2794 			break;
2795 		case ZFS_TYPE_BOOKMARK:
2796 			str = "bookmark";
2797 			break;
2798 		default:
2799 			abort();
2800 		}
2801 		(void) snprintf(propbuf, proplen, "%s", str);
2802 		zcp_check(zhp, prop, 0, propbuf);
2803 		break;
2804 
2805 	case ZFS_PROP_MOUNTED:
2806 		/*
2807 		 * The 'mounted' property is a pseudo-property that described
2808 		 * whether the filesystem is currently mounted.  Even though
2809 		 * it's a boolean value, the typical values of "on" and "off"
2810 		 * don't make sense, so we translate to "yes" and "no".
2811 		 */
2812 		if (get_numeric_property(zhp, ZFS_PROP_MOUNTED,
2813 		    src, &source, &val) != 0)
2814 			return (-1);
2815 		if (val)
2816 			(void) strlcpy(propbuf, "yes", proplen);
2817 		else
2818 			(void) strlcpy(propbuf, "no", proplen);
2819 		break;
2820 
2821 	case ZFS_PROP_NAME:
2822 		/*
2823 		 * The 'name' property is a pseudo-property derived from the
2824 		 * dataset name.  It is presented as a real property to simplify
2825 		 * consumers.
2826 		 */
2827 		(void) strlcpy(propbuf, zhp->zfs_name, proplen);
2828 		zcp_check(zhp, prop, 0, propbuf);
2829 		break;
2830 
2831 	case ZFS_PROP_MLSLABEL:
2832 		{
2833 			m_label_t *new_sl = NULL;
2834 			char *ascii = NULL;	/* human readable label */
2835 
2836 			(void) strlcpy(propbuf,
2837 			    getprop_string(zhp, prop, &source), proplen);
2838 
2839 			if (literal || (strcasecmp(propbuf,
2840 			    ZFS_MLSLABEL_DEFAULT) == 0))
2841 				break;
2842 
2843 			/*
2844 			 * Try to translate the internal hex string to
2845 			 * human-readable output.  If there are any
2846 			 * problems just use the hex string.
2847 			 */
2848 
2849 			if (str_to_label(propbuf, &new_sl, MAC_LABEL,
2850 			    L_NO_CORRECTION, NULL) == -1) {
2851 				m_label_free(new_sl);
2852 				break;
2853 			}
2854 
2855 			if (label_to_str(new_sl, &ascii, M_LABEL,
2856 			    DEF_NAMES) != 0) {
2857 				if (ascii)
2858 					free(ascii);
2859 				m_label_free(new_sl);
2860 				break;
2861 			}
2862 			m_label_free(new_sl);
2863 
2864 			(void) strlcpy(propbuf, ascii, proplen);
2865 			free(ascii);
2866 		}
2867 		break;
2868 
2869 	case ZFS_PROP_GUID:
2870 	case ZFS_PROP_CREATETXG:
2871 		/*
2872 		 * GUIDs are stored as numbers, but they are identifiers.
2873 		 * We don't want them to be pretty printed, because pretty
2874 		 * printing mangles the ID into a truncated and useless value.
2875 		 */
2876 		if (get_numeric_property(zhp, prop, src, &source, &val) != 0)
2877 			return (-1);
2878 		(void) snprintf(propbuf, proplen, "%llu", (u_longlong_t)val);
2879 		zcp_check(zhp, prop, val, NULL);
2880 		break;
2881 
2882 	default:
2883 		switch (zfs_prop_get_type(prop)) {
2884 		case PROP_TYPE_NUMBER:
2885 			if (get_numeric_property(zhp, prop, src,
2886 			    &source, &val) != 0) {
2887 				return (-1);
2888 			}
2889 
2890 			if (literal) {
2891 				(void) snprintf(propbuf, proplen, "%llu",
2892 				    (u_longlong_t)val);
2893 			} else {
2894 				zfs_nicenum(val, propbuf, proplen);
2895 			}
2896 			zcp_check(zhp, prop, val, NULL);
2897 			break;
2898 
2899 		case PROP_TYPE_STRING:
2900 			str = getprop_string(zhp, prop, &source);
2901 			if (str == NULL)
2902 				return (-1);
2903 
2904 			(void) strlcpy(propbuf, str, proplen);
2905 			zcp_check(zhp, prop, 0, str);
2906 			break;
2907 
2908 		case PROP_TYPE_INDEX:
2909 			if (get_numeric_property(zhp, prop, src,
2910 			    &source, &val) != 0)
2911 				return (-1);
2912 			if (zfs_prop_index_to_string(prop, val, &strval) != 0)
2913 				return (-1);
2914 
2915 			(void) strlcpy(propbuf, strval, proplen);
2916 			zcp_check(zhp, prop, 0, strval);
2917 			break;
2918 
2919 		default:
2920 			abort();
2921 		}
2922 	}
2923 
2924 	get_source(zhp, src, source, statbuf, statlen);
2925 
2926 	return (0);
2927 }
2928 
2929 /*
2930  * Utility function to get the given numeric property.  Does no validation that
2931  * the given property is the appropriate type; should only be used with
2932  * hard-coded property types.
2933  */
2934 uint64_t
2935 zfs_prop_get_int(zfs_handle_t *zhp, zfs_prop_t prop)
2936 {
2937 	char *source;
2938 	uint64_t val;
2939 
2940 	(void) get_numeric_property(zhp, prop, NULL, &source, &val);
2941 
2942 	return (val);
2943 }
2944 
2945 int
2946 zfs_prop_set_int(zfs_handle_t *zhp, zfs_prop_t prop, uint64_t val)
2947 {
2948 	char buf[64];
2949 
2950 	(void) snprintf(buf, sizeof (buf), "%llu", (longlong_t)val);
2951 	return (zfs_prop_set(zhp, zfs_prop_to_name(prop), buf));
2952 }
2953 
2954 /*
2955  * Similar to zfs_prop_get(), but returns the value as an integer.
2956  */
2957 int
2958 zfs_prop_get_numeric(zfs_handle_t *zhp, zfs_prop_t prop, uint64_t *value,
2959     zprop_source_t *src, char *statbuf, size_t statlen)
2960 {
2961 	char *source;
2962 
2963 	/*
2964 	 * Check to see if this property applies to our object
2965 	 */
2966 	if (!zfs_prop_valid_for_type(prop, zhp->zfs_type)) {
2967 		return (zfs_error_fmt(zhp->zfs_hdl, EZFS_PROPTYPE,
2968 		    dgettext(TEXT_DOMAIN, "cannot get property '%s'"),
2969 		    zfs_prop_to_name(prop)));
2970 	}
2971 
2972 	if (src)
2973 		*src = ZPROP_SRC_NONE;
2974 
2975 	if (get_numeric_property(zhp, prop, src, &source, value) != 0)
2976 		return (-1);
2977 
2978 	get_source(zhp, src, source, statbuf, statlen);
2979 
2980 	return (0);
2981 }
2982 
2983 static int
2984 idmap_id_to_numeric_domain_rid(uid_t id, boolean_t isuser,
2985     char **domainp, idmap_rid_t *ridp)
2986 {
2987 	idmap_get_handle_t *get_hdl = NULL;
2988 	idmap_stat status;
2989 	int err = EINVAL;
2990 
2991 	if (idmap_get_create(&get_hdl) != IDMAP_SUCCESS)
2992 		goto out;
2993 
2994 	if (isuser) {
2995 		err = idmap_get_sidbyuid(get_hdl, id,
2996 		    IDMAP_REQ_FLG_USE_CACHE, domainp, ridp, &status);
2997 	} else {
2998 		err = idmap_get_sidbygid(get_hdl, id,
2999 		    IDMAP_REQ_FLG_USE_CACHE, domainp, ridp, &status);
3000 	}
3001 	if (err == IDMAP_SUCCESS &&
3002 	    idmap_get_mappings(get_hdl) == IDMAP_SUCCESS &&
3003 	    status == IDMAP_SUCCESS)
3004 		err = 0;
3005 	else
3006 		err = EINVAL;
3007 out:
3008 	if (get_hdl)
3009 		idmap_get_destroy(get_hdl);
3010 	return (err);
3011 }
3012 
3013 /*
3014  * convert the propname into parameters needed by kernel
3015  * Eg: userquota@ahrens -> ZFS_PROP_USERQUOTA, "", 126829
3016  * Eg: userused@matt@domain -> ZFS_PROP_USERUSED, "S-1-123-456", 789
3017  * Eg: groupquota@staff -> ZFS_PROP_GROUPQUOTA, "", 1234
3018  * Eg: groupused@staff -> ZFS_PROP_GROUPUSED, "", 1234
3019  * Eg: projectquota@123 -> ZFS_PROP_PROJECTQUOTA, "", 123
3020  * Eg: projectused@789 -> ZFS_PROP_PROJECTUSED, "", 789
3021  */
3022 static int
3023 userquota_propname_decode(const char *propname, boolean_t zoned,
3024     zfs_userquota_prop_t *typep, char *domain, int domainlen, uint64_t *ridp)
3025 {
3026 	zfs_userquota_prop_t type;
3027 	char *cp;
3028 	boolean_t isuser;
3029 	boolean_t isgroup;
3030 	boolean_t isproject;
3031 	struct passwd *pw;
3032 	struct group *gr;
3033 
3034 	domain[0] = '\0';
3035 
3036 	/* Figure out the property type ({user|group|project}{quota|space}) */
3037 	for (type = 0; type < ZFS_NUM_USERQUOTA_PROPS; type++) {
3038 		if (strncmp(propname, zfs_userquota_prop_prefixes[type],
3039 		    strlen(zfs_userquota_prop_prefixes[type])) == 0)
3040 			break;
3041 	}
3042 	if (type == ZFS_NUM_USERQUOTA_PROPS)
3043 		return (EINVAL);
3044 	*typep = type;
3045 
3046 	isuser = (type == ZFS_PROP_USERQUOTA || type == ZFS_PROP_USERUSED ||
3047 	    type == ZFS_PROP_USEROBJQUOTA ||
3048 	    type == ZFS_PROP_USEROBJUSED);
3049 	isgroup = (type == ZFS_PROP_GROUPQUOTA || type == ZFS_PROP_GROUPUSED ||
3050 	    type == ZFS_PROP_GROUPOBJQUOTA ||
3051 	    type == ZFS_PROP_GROUPOBJUSED);
3052 	isproject = (type == ZFS_PROP_PROJECTQUOTA ||
3053 	    type == ZFS_PROP_PROJECTUSED || type == ZFS_PROP_PROJECTOBJQUOTA ||
3054 	    type == ZFS_PROP_PROJECTOBJUSED);
3055 
3056 	cp = strchr(propname, '@') + 1;
3057 
3058 	if (isuser && (pw = getpwnam(cp)) != NULL) {
3059 		if (zoned && getzoneid() == GLOBAL_ZONEID)
3060 			return (ENOENT);
3061 		*ridp = pw->pw_uid;
3062 	} else if (isgroup && (gr = getgrnam(cp)) != NULL) {
3063 		if (zoned && getzoneid() == GLOBAL_ZONEID)
3064 			return (ENOENT);
3065 		*ridp = gr->gr_gid;
3066 	} else if (!isproject && strchr(cp, '@')) {
3067 		/*
3068 		 * It's a SID name (eg "user@domain") that needs to be
3069 		 * turned into S-1-domainID-RID.
3070 		 */
3071 		directory_error_t e;
3072 		char *numericsid = NULL;
3073 		char *end;
3074 
3075 		if (zoned && getzoneid() == GLOBAL_ZONEID)
3076 			return (ENOENT);
3077 		if (isuser) {
3078 			e = directory_sid_from_user_name(NULL,
3079 			    cp, &numericsid);
3080 		} else {
3081 			e = directory_sid_from_group_name(NULL,
3082 			    cp, &numericsid);
3083 		}
3084 		if (e != NULL) {
3085 			directory_error_free(e);
3086 			return (ENOENT);
3087 		}
3088 		if (numericsid == NULL)
3089 			return (ENOENT);
3090 		cp = numericsid;
3091 		(void) strlcpy(domain, cp, domainlen);
3092 		cp = strrchr(domain, '-');
3093 		*cp = '\0';
3094 		cp++;
3095 
3096 		errno = 0;
3097 		*ridp = strtoull(cp, &end, 10);
3098 		free(numericsid);
3099 
3100 		if (errno != 0 || *end != '\0')
3101 			return (EINVAL);
3102 	} else {
3103 		/* It's a user/group/project ID (eg "12345"). */
3104 		char *end;
3105 		uid_t id = strtoul(cp, &end, 10);
3106 		if (*end != '\0')
3107 			return (EINVAL);
3108 		if (id > MAXUID && !isproject) {
3109 			/* It's an ephemeral ID. */
3110 			idmap_rid_t rid;
3111 			char *mapdomain;
3112 
3113 			if (idmap_id_to_numeric_domain_rid(id, isuser,
3114 			    &mapdomain, &rid) != 0)
3115 				return (ENOENT);
3116 			(void) strlcpy(domain, mapdomain, domainlen);
3117 			*ridp = rid;
3118 		} else {
3119 			*ridp = id;
3120 		}
3121 	}
3122 
3123 	return (0);
3124 }
3125 
3126 static int
3127 zfs_prop_get_userquota_common(zfs_handle_t *zhp, const char *propname,
3128     uint64_t *propvalue, zfs_userquota_prop_t *typep)
3129 {
3130 	int err;
3131 	zfs_cmd_t zc = { 0 };
3132 
3133 	(void) strlcpy(zc.zc_name, zhp->zfs_name, sizeof (zc.zc_name));
3134 
3135 	err = userquota_propname_decode(propname,
3136 	    zfs_prop_get_int(zhp, ZFS_PROP_ZONED),
3137 	    typep, zc.zc_value, sizeof (zc.zc_value), &zc.zc_guid);
3138 	zc.zc_objset_type = *typep;
3139 	if (err)
3140 		return (err);
3141 
3142 	err = ioctl(zhp->zfs_hdl->libzfs_fd, ZFS_IOC_USERSPACE_ONE, &zc);
3143 	if (err)
3144 		return (err);
3145 
3146 	*propvalue = zc.zc_cookie;
3147 	return (0);
3148 }
3149 
3150 int
3151 zfs_prop_get_userquota_int(zfs_handle_t *zhp, const char *propname,
3152     uint64_t *propvalue)
3153 {
3154 	zfs_userquota_prop_t type;
3155 
3156 	return (zfs_prop_get_userquota_common(zhp, propname, propvalue,
3157 	    &type));
3158 }
3159 
3160 int
3161 zfs_prop_get_userquota(zfs_handle_t *zhp, const char *propname,
3162     char *propbuf, int proplen, boolean_t literal)
3163 {
3164 	int err;
3165 	uint64_t propvalue;
3166 	zfs_userquota_prop_t type;
3167 
3168 	err = zfs_prop_get_userquota_common(zhp, propname, &propvalue,
3169 	    &type);
3170 
3171 	if (err)
3172 		return (err);
3173 
3174 	if (literal) {
3175 		(void) snprintf(propbuf, proplen, "%llu", propvalue);
3176 	} else if (propvalue == 0 &&
3177 	    (type == ZFS_PROP_USERQUOTA || type == ZFS_PROP_GROUPQUOTA ||
3178 	    type == ZFS_PROP_USEROBJQUOTA || type == ZFS_PROP_GROUPOBJQUOTA ||
3179 	    type == ZFS_PROP_PROJECTQUOTA || ZFS_PROP_PROJECTOBJQUOTA)) {
3180 		(void) strlcpy(propbuf, "none", proplen);
3181 	} else if (type == ZFS_PROP_USERQUOTA || type == ZFS_PROP_GROUPQUOTA ||
3182 	    type == ZFS_PROP_USERUSED || type == ZFS_PROP_GROUPUSED ||
3183 	    type == ZFS_PROP_PROJECTUSED || type == ZFS_PROP_PROJECTQUOTA) {
3184 		zfs_nicenum(propvalue, propbuf, proplen);
3185 	} else {
3186 		zfs_nicenum(propvalue, propbuf, proplen);
3187 	}
3188 	return (0);
3189 }
3190 
3191 int
3192 zfs_prop_get_written_int(zfs_handle_t *zhp, const char *propname,
3193     uint64_t *propvalue)
3194 {
3195 	int err;
3196 	zfs_cmd_t zc = { 0 };
3197 	const char *snapname;
3198 
3199 	(void) strlcpy(zc.zc_name, zhp->zfs_name, sizeof (zc.zc_name));
3200 
3201 	snapname = strchr(propname, '@') + 1;
3202 	if (strchr(snapname, '@')) {
3203 		(void) strlcpy(zc.zc_value, snapname, sizeof (zc.zc_value));
3204 	} else {
3205 		/* snapname is the short name, append it to zhp's fsname */
3206 		char *cp;
3207 
3208 		(void) strlcpy(zc.zc_value, zhp->zfs_name,
3209 		    sizeof (zc.zc_value));
3210 		cp = strchr(zc.zc_value, '@');
3211 		if (cp != NULL)
3212 			*cp = '\0';
3213 		(void) strlcat(zc.zc_value, "@", sizeof (zc.zc_value));
3214 		(void) strlcat(zc.zc_value, snapname, sizeof (zc.zc_value));
3215 	}
3216 
3217 	err = ioctl(zhp->zfs_hdl->libzfs_fd, ZFS_IOC_SPACE_WRITTEN, &zc);
3218 	if (err)
3219 		return (err);
3220 
3221 	*propvalue = zc.zc_cookie;
3222 	return (0);
3223 }
3224 
3225 int
3226 zfs_prop_get_written(zfs_handle_t *zhp, const char *propname,
3227     char *propbuf, int proplen, boolean_t literal)
3228 {
3229 	int err;
3230 	uint64_t propvalue;
3231 
3232 	err = zfs_prop_get_written_int(zhp, propname, &propvalue);
3233 
3234 	if (err)
3235 		return (err);
3236 
3237 	if (literal) {
3238 		(void) snprintf(propbuf, proplen, "%llu", propvalue);
3239 	} else {
3240 		zfs_nicenum(propvalue, propbuf, proplen);
3241 	}
3242 	return (0);
3243 }
3244 
3245 /*
3246  * Returns the name of the given zfs handle.
3247  */
3248 const char *
3249 zfs_get_name(const zfs_handle_t *zhp)
3250 {
3251 	return (zhp->zfs_name);
3252 }
3253 
3254 /*
3255  * Returns the name of the parent pool for the given zfs handle.
3256  */
3257 const char *
3258 zfs_get_pool_name(const zfs_handle_t *zhp)
3259 {
3260 	return (zhp->zpool_hdl->zpool_name);
3261 }
3262 
3263 /*
3264  * Returns the type of the given zfs handle.
3265  */
3266 zfs_type_t
3267 zfs_get_type(const zfs_handle_t *zhp)
3268 {
3269 	return (zhp->zfs_type);
3270 }
3271 
3272 /*
3273  * Is one dataset name a child dataset of another?
3274  *
3275  * Needs to handle these cases:
3276  * Dataset 1	"a/foo"		"a/foo"		"a/foo"		"a/foo"
3277  * Dataset 2	"a/fo"		"a/foobar"	"a/bar/baz"	"a/foo/bar"
3278  * Descendant?	No.		No.		No.		Yes.
3279  */
3280 static boolean_t
3281 is_descendant(const char *ds1, const char *ds2)
3282 {
3283 	size_t d1len = strlen(ds1);
3284 
3285 	/* ds2 can't be a descendant if it's smaller */
3286 	if (strlen(ds2) < d1len)
3287 		return (B_FALSE);
3288 
3289 	/* otherwise, compare strings and verify that there's a '/' char */
3290 	return (ds2[d1len] == '/' && (strncmp(ds1, ds2, d1len) == 0));
3291 }
3292 
3293 /*
3294  * Given a complete name, return just the portion that refers to the parent.
3295  * Will return -1 if there is no parent (path is just the name of the
3296  * pool).
3297  */
3298 static int
3299 parent_name(const char *path, char *buf, size_t buflen)
3300 {
3301 	char *slashp;
3302 
3303 	(void) strlcpy(buf, path, buflen);
3304 
3305 	if ((slashp = strrchr(buf, '/')) == NULL)
3306 		return (-1);
3307 	*slashp = '\0';
3308 
3309 	return (0);
3310 }
3311 
3312 int
3313 zfs_parent_name(zfs_handle_t *zhp, char *buf, size_t buflen)
3314 {
3315 	return (parent_name(zfs_get_name(zhp), buf, buflen));
3316 }
3317 
3318 /*
3319  * If accept_ancestor is false, then check to make sure that the given path has
3320  * a parent, and that it exists.  If accept_ancestor is true, then find the
3321  * closest existing ancestor for the given path.  In prefixlen return the
3322  * length of already existing prefix of the given path.  We also fetch the
3323  * 'zoned' property, which is used to validate property settings when creating
3324  * new datasets.
3325  */
3326 static int
3327 check_parents(libzfs_handle_t *hdl, const char *path, uint64_t *zoned,
3328     boolean_t accept_ancestor, int *prefixlen)
3329 {
3330 	zfs_cmd_t zc = { 0 };
3331 	char parent[ZFS_MAX_DATASET_NAME_LEN];
3332 	char *slash;
3333 	zfs_handle_t *zhp;
3334 	char errbuf[1024];
3335 	uint64_t is_zoned;
3336 
3337 	(void) snprintf(errbuf, sizeof (errbuf),
3338 	    dgettext(TEXT_DOMAIN, "cannot create '%s'"), path);
3339 
3340 	/* get parent, and check to see if this is just a pool */
3341 	if (parent_name(path, parent, sizeof (parent)) != 0) {
3342 		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
3343 		    "missing dataset name"));
3344 		return (zfs_error(hdl, EZFS_INVALIDNAME, errbuf));
3345 	}
3346 
3347 	/* check to see if the pool exists */
3348 	if ((slash = strchr(parent, '/')) == NULL)
3349 		slash = parent + strlen(parent);
3350 	(void) strncpy(zc.zc_name, parent, slash - parent);
3351 	zc.zc_name[slash - parent] = '\0';
3352 	if (ioctl(hdl->libzfs_fd, ZFS_IOC_OBJSET_STATS, &zc) != 0 &&
3353 	    errno == ENOENT) {
3354 		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
3355 		    "no such pool '%s'"), zc.zc_name);
3356 		return (zfs_error(hdl, EZFS_NOENT, errbuf));
3357 	}
3358 
3359 	/* check to see if the parent dataset exists */
3360 	while ((zhp = make_dataset_handle(hdl, parent)) == NULL) {
3361 		if (errno == ENOENT && accept_ancestor) {
3362 			/*
3363 			 * Go deeper to find an ancestor, give up on top level.
3364 			 */
3365 			if (parent_name(parent, parent, sizeof (parent)) != 0) {
3366 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
3367 				    "no such pool '%s'"), zc.zc_name);
3368 				return (zfs_error(hdl, EZFS_NOENT, errbuf));
3369 			}
3370 		} else if (errno == ENOENT) {
3371 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
3372 			    "parent does not exist"));
3373 			return (zfs_error(hdl, EZFS_NOENT, errbuf));
3374 		} else
3375 			return (zfs_standard_error(hdl, errno, errbuf));
3376 	}
3377 
3378 	is_zoned = zfs_prop_get_int(zhp, ZFS_PROP_ZONED);
3379 	if (zoned != NULL)
3380 		*zoned = is_zoned;
3381 
3382 	/* we are in a non-global zone, but parent is in the global zone */
3383 	if (getzoneid() != GLOBAL_ZONEID && !is_zoned) {
3384 		(void) zfs_standard_error(hdl, EPERM, errbuf);
3385 		zfs_close(zhp);
3386 		return (-1);
3387 	}
3388 
3389 	/* make sure parent is a filesystem */
3390 	if (zfs_get_type(zhp) != ZFS_TYPE_FILESYSTEM) {
3391 		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
3392 		    "parent is not a filesystem"));
3393 		(void) zfs_error(hdl, EZFS_BADTYPE, errbuf);
3394 		zfs_close(zhp);
3395 		return (-1);
3396 	}
3397 
3398 	zfs_close(zhp);
3399 	if (prefixlen != NULL)
3400 		*prefixlen = strlen(parent);
3401 	return (0);
3402 }
3403 
3404 /*
3405  * Finds whether the dataset of the given type(s) exists.
3406  */
3407 boolean_t
3408 zfs_dataset_exists(libzfs_handle_t *hdl, const char *path, zfs_type_t types)
3409 {
3410 	zfs_handle_t *zhp;
3411 
3412 	if (!zfs_validate_name(hdl, path, types, B_FALSE))
3413 		return (B_FALSE);
3414 
3415 	/*
3416 	 * Try to get stats for the dataset, which will tell us if it exists.
3417 	 */
3418 	if ((zhp = make_dataset_handle(hdl, path)) != NULL) {
3419 		int ds_type = zhp->zfs_type;
3420 
3421 		zfs_close(zhp);
3422 		if (types & ds_type)
3423 			return (B_TRUE);
3424 	}
3425 	return (B_FALSE);
3426 }
3427 
3428 /*
3429  * Given a path to 'target', create all the ancestors between
3430  * the prefixlen portion of the path, and the target itself.
3431  * Fail if the initial prefixlen-ancestor does not already exist.
3432  */
3433 int
3434 create_parents(libzfs_handle_t *hdl, char *target, int prefixlen)
3435 {
3436 	zfs_handle_t *h;
3437 	char *cp;
3438 	const char *opname;
3439 
3440 	/* make sure prefix exists */
3441 	cp = target + prefixlen;
3442 	if (*cp != '/') {
3443 		assert(strchr(cp, '/') == NULL);
3444 		h = zfs_open(hdl, target, ZFS_TYPE_FILESYSTEM);
3445 	} else {
3446 		*cp = '\0';
3447 		h = zfs_open(hdl, target, ZFS_TYPE_FILESYSTEM);
3448 		*cp = '/';
3449 	}
3450 	if (h == NULL)
3451 		return (-1);
3452 	zfs_close(h);
3453 
3454 	/*
3455 	 * Attempt to create, mount, and share any ancestor filesystems,
3456 	 * up to the prefixlen-long one.
3457 	 */
3458 	for (cp = target + prefixlen + 1;
3459 	    (cp = strchr(cp, '/')) != NULL; *cp = '/', cp++) {
3460 
3461 		*cp = '\0';
3462 
3463 		h = make_dataset_handle(hdl, target);
3464 		if (h) {
3465 			/* it already exists, nothing to do here */
3466 			zfs_close(h);
3467 			continue;
3468 		}
3469 
3470 		if (zfs_create(hdl, target, ZFS_TYPE_FILESYSTEM,
3471 		    NULL) != 0) {
3472 			opname = dgettext(TEXT_DOMAIN, "create");
3473 			goto ancestorerr;
3474 		}
3475 
3476 		h = zfs_open(hdl, target, ZFS_TYPE_FILESYSTEM);
3477 		if (h == NULL) {
3478 			opname = dgettext(TEXT_DOMAIN, "open");
3479 			goto ancestorerr;
3480 		}
3481 
3482 		if (zfs_mount(h, NULL, 0) != 0) {
3483 			opname = dgettext(TEXT_DOMAIN, "mount");
3484 			goto ancestorerr;
3485 		}
3486 
3487 		if (zfs_share(h) != 0) {
3488 			opname = dgettext(TEXT_DOMAIN, "share");
3489 			goto ancestorerr;
3490 		}
3491 
3492 		zfs_close(h);
3493 	}
3494 
3495 	return (0);
3496 
3497 ancestorerr:
3498 	zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
3499 	    "failed to %s ancestor '%s'"), opname, target);
3500 	return (-1);
3501 }
3502 
3503 /*
3504  * Creates non-existing ancestors of the given path.
3505  */
3506 int
3507 zfs_create_ancestors(libzfs_handle_t *hdl, const char *path)
3508 {
3509 	int prefix;
3510 	char *path_copy;
3511 	char errbuf[1024];
3512 	int rc = 0;
3513 
3514 	(void) snprintf(errbuf, sizeof (errbuf), dgettext(TEXT_DOMAIN,
3515 	    "cannot create '%s'"), path);
3516 
3517 	/*
3518 	 * Check that we are not passing the nesting limit
3519 	 * before we start creating any ancestors.
3520 	 */
3521 	if (dataset_nestcheck(path) != 0) {
3522 		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
3523 		    "maximum name nesting depth exceeded"));
3524 		return (zfs_error(hdl, EZFS_INVALIDNAME, errbuf));
3525 	}
3526 
3527 	if (check_parents(hdl, path, NULL, B_TRUE, &prefix) != 0)
3528 		return (-1);
3529 
3530 	if ((path_copy = strdup(path)) != NULL) {
3531 		rc = create_parents(hdl, path_copy, prefix);
3532 		free(path_copy);
3533 	}
3534 	if (path_copy == NULL || rc != 0)
3535 		return (-1);
3536 
3537 	return (0);
3538 }
3539 
3540 /*
3541  * Create a new filesystem or volume.
3542  */
3543 int
3544 zfs_create(libzfs_handle_t *hdl, const char *path, zfs_type_t type,
3545     nvlist_t *props)
3546 {
3547 	int ret;
3548 	uint64_t size = 0;
3549 	uint64_t blocksize = zfs_prop_default_numeric(ZFS_PROP_VOLBLOCKSIZE);
3550 	uint8_t *wkeydata = NULL;
3551 	uint_t wkeylen = 0;
3552 	char errbuf[1024];
3553 	char parent[MAXNAMELEN];
3554 	uint64_t zoned;
3555 	enum lzc_dataset_type ost;
3556 	zpool_handle_t *zpool_handle;
3557 
3558 	(void) snprintf(errbuf, sizeof (errbuf), dgettext(TEXT_DOMAIN,
3559 	    "cannot create '%s'"), path);
3560 
3561 	/* validate the path, taking care to note the extended error message */
3562 	if (!zfs_validate_name(hdl, path, type, B_TRUE))
3563 		return (zfs_error(hdl, EZFS_INVALIDNAME, errbuf));
3564 
3565 	if (dataset_nestcheck(path) != 0) {
3566 		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
3567 		    "maximum name nesting depth exceeded"));
3568 		return (zfs_error(hdl, EZFS_INVALIDNAME, errbuf));
3569 	}
3570 
3571 	/* validate parents exist */
3572 	if (check_parents(hdl, path, &zoned, B_FALSE, NULL) != 0)
3573 		return (-1);
3574 
3575 	/*
3576 	 * The failure modes when creating a dataset of a different type over
3577 	 * one that already exists is a little strange.  In particular, if you
3578 	 * try to create a dataset on top of an existing dataset, the ioctl()
3579 	 * will return ENOENT, not EEXIST.  To prevent this from happening, we
3580 	 * first try to see if the dataset exists.
3581 	 */
3582 	if (zfs_dataset_exists(hdl, path, ZFS_TYPE_DATASET)) {
3583 		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
3584 		    "dataset already exists"));
3585 		return (zfs_error(hdl, EZFS_EXISTS, errbuf));
3586 	}
3587 
3588 	if (type == ZFS_TYPE_VOLUME)
3589 		ost = LZC_DATSET_TYPE_ZVOL;
3590 	else
3591 		ost = LZC_DATSET_TYPE_ZFS;
3592 
3593 	/* open zpool handle for prop validation */
3594 	char pool_path[ZFS_MAX_DATASET_NAME_LEN];
3595 	(void) strlcpy(pool_path, path, sizeof (pool_path));
3596 
3597 	/* truncate pool_path at first slash */
3598 	char *p = strchr(pool_path, '/');
3599 	if (p != NULL)
3600 		*p = '\0';
3601 
3602 	if ((zpool_handle = zpool_open(hdl, pool_path)) == NULL)
3603 		return (-1);
3604 
3605 	if (props && (props = zfs_valid_proplist(hdl, type, props,
3606 	    zoned, NULL, zpool_handle, B_TRUE, errbuf)) == 0) {
3607 		zpool_close(zpool_handle);
3608 		return (-1);
3609 	}
3610 	zpool_close(zpool_handle);
3611 
3612 	if (type == ZFS_TYPE_VOLUME) {
3613 		/*
3614 		 * If we are creating a volume, the size and block size must
3615 		 * satisfy a few restraints.  First, the blocksize must be a
3616 		 * valid block size between SPA_{MIN,MAX}BLOCKSIZE.  Second, the
3617 		 * volsize must be a multiple of the block size, and cannot be
3618 		 * zero.
3619 		 */
3620 		if (props == NULL || nvlist_lookup_uint64(props,
3621 		    zfs_prop_to_name(ZFS_PROP_VOLSIZE), &size) != 0) {
3622 			nvlist_free(props);
3623 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
3624 			    "missing volume size"));
3625 			return (zfs_error(hdl, EZFS_BADPROP, errbuf));
3626 		}
3627 
3628 		if ((ret = nvlist_lookup_uint64(props,
3629 		    zfs_prop_to_name(ZFS_PROP_VOLBLOCKSIZE),
3630 		    &blocksize)) != 0) {
3631 			if (ret == ENOENT) {
3632 				blocksize = zfs_prop_default_numeric(
3633 				    ZFS_PROP_VOLBLOCKSIZE);
3634 			} else {
3635 				nvlist_free(props);
3636 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
3637 				    "missing volume block size"));
3638 				return (zfs_error(hdl, EZFS_BADPROP, errbuf));
3639 			}
3640 		}
3641 
3642 		if (size == 0) {
3643 			nvlist_free(props);
3644 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
3645 			    "volume size cannot be zero"));
3646 			return (zfs_error(hdl, EZFS_BADPROP, errbuf));
3647 		}
3648 
3649 		if (size % blocksize != 0) {
3650 			nvlist_free(props);
3651 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
3652 			    "volume size must be a multiple of volume block "
3653 			    "size"));
3654 			return (zfs_error(hdl, EZFS_BADPROP, errbuf));
3655 		}
3656 	}
3657 
3658 	(void) parent_name(path, parent, sizeof (parent));
3659 	if (zfs_crypto_create(hdl, parent, props, NULL, B_TRUE,
3660 	    &wkeydata, &wkeylen) != 0) {
3661 		nvlist_free(props);
3662 		return (zfs_error(hdl, EZFS_CRYPTOFAILED, errbuf));
3663 	}
3664 
3665 	/* create the dataset */
3666 	ret = lzc_create(path, ost, props, wkeydata, wkeylen);
3667 	nvlist_free(props);
3668 	if (wkeydata != NULL)
3669 		free(wkeydata);
3670 
3671 	/* check for failure */
3672 	if (ret != 0) {
3673 		switch (errno) {
3674 		case ENOENT:
3675 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
3676 			    "no such parent '%s'"), parent);
3677 			return (zfs_error(hdl, EZFS_NOENT, errbuf));
3678 
3679 		case EINVAL:
3680 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
3681 			    "parent '%s' is not a filesystem"), parent);
3682 			return (zfs_error(hdl, EZFS_BADTYPE, errbuf));
3683 
3684 		case ENOTSUP:
3685 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
3686 			    "pool must be upgraded to set this "
3687 			    "property or value"));
3688 			return (zfs_error(hdl, EZFS_BADVERSION, errbuf));
3689 		case ERANGE:
3690 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
3691 			    "invalid property value(s) specified"));
3692 			return (zfs_error(hdl, EZFS_BADPROP, errbuf));
3693 		case EACCES:
3694 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
3695 			    "encryption root's key is not loaded "
3696 			    "or provided"));
3697 			return (zfs_error(hdl, EZFS_CRYPTOFAILED, errbuf));
3698 
3699 #ifdef _ILP32
3700 		case EOVERFLOW:
3701 			/*
3702 			 * This platform can't address a volume this big.
3703 			 */
3704 			if (type == ZFS_TYPE_VOLUME)
3705 				return (zfs_error(hdl, EZFS_VOLTOOBIG,
3706 				    errbuf));
3707 #endif
3708 			/* FALLTHROUGH */
3709 		default:
3710 			return (zfs_standard_error(hdl, errno, errbuf));
3711 		}
3712 	}
3713 
3714 	return (0);
3715 }
3716 
3717 /*
3718  * Destroys the given dataset.  The caller must make sure that the filesystem
3719  * isn't mounted, and that there are no active dependents. If the file system
3720  * does not exist this function does nothing.
3721  */
3722 int
3723 zfs_destroy(zfs_handle_t *zhp, boolean_t defer)
3724 {
3725 	int error;
3726 
3727 	if (zhp->zfs_type != ZFS_TYPE_SNAPSHOT && defer)
3728 		return (EINVAL);
3729 
3730 	if (zhp->zfs_type == ZFS_TYPE_BOOKMARK) {
3731 		nvlist_t *nv = fnvlist_alloc();
3732 		fnvlist_add_boolean(nv, zhp->zfs_name);
3733 		error = lzc_destroy_bookmarks(nv, NULL);
3734 		fnvlist_free(nv);
3735 		if (error != 0) {
3736 			return (zfs_standard_error_fmt(zhp->zfs_hdl, error,
3737 			    dgettext(TEXT_DOMAIN, "cannot destroy '%s'"),
3738 			    zhp->zfs_name));
3739 		}
3740 		return (0);
3741 	}
3742 
3743 	if (zhp->zfs_type == ZFS_TYPE_SNAPSHOT) {
3744 		nvlist_t *nv = fnvlist_alloc();
3745 		fnvlist_add_boolean(nv, zhp->zfs_name);
3746 		error = lzc_destroy_snaps(nv, defer, NULL);
3747 		fnvlist_free(nv);
3748 	} else {
3749 		error = lzc_destroy(zhp->zfs_name);
3750 	}
3751 
3752 	if (error != 0 && error != ENOENT) {
3753 		return (zfs_standard_error_fmt(zhp->zfs_hdl, errno,
3754 		    dgettext(TEXT_DOMAIN, "cannot destroy '%s'"),
3755 		    zhp->zfs_name));
3756 	}
3757 
3758 	remove_mountpoint(zhp);
3759 
3760 	return (0);
3761 }
3762 
3763 struct destroydata {
3764 	nvlist_t *nvl;
3765 	const char *snapname;
3766 };
3767 
3768 static int
3769 zfs_check_snap_cb(zfs_handle_t *zhp, void *arg)
3770 {
3771 	struct destroydata *dd = arg;
3772 	char name[ZFS_MAX_DATASET_NAME_LEN];
3773 	int rv = 0;
3774 
3775 	(void) snprintf(name, sizeof (name),
3776 	    "%s@%s", zhp->zfs_name, dd->snapname);
3777 
3778 	if (lzc_exists(name))
3779 		verify(nvlist_add_boolean(dd->nvl, name) == 0);
3780 
3781 	rv = zfs_iter_filesystems(zhp, zfs_check_snap_cb, dd);
3782 	zfs_close(zhp);
3783 	return (rv);
3784 }
3785 
3786 /*
3787  * Destroys all snapshots with the given name in zhp & descendants.
3788  */
3789 int
3790 zfs_destroy_snaps(zfs_handle_t *zhp, char *snapname, boolean_t defer)
3791 {
3792 	int ret;
3793 	struct destroydata dd = { 0 };
3794 
3795 	dd.snapname = snapname;
3796 	verify(nvlist_alloc(&dd.nvl, NV_UNIQUE_NAME, 0) == 0);
3797 	(void) zfs_check_snap_cb(zfs_handle_dup(zhp), &dd);
3798 
3799 	if (nvlist_empty(dd.nvl)) {
3800 		ret = zfs_standard_error_fmt(zhp->zfs_hdl, ENOENT,
3801 		    dgettext(TEXT_DOMAIN, "cannot destroy '%s@%s'"),
3802 		    zhp->zfs_name, snapname);
3803 	} else {
3804 		ret = zfs_destroy_snaps_nvl(zhp->zfs_hdl, dd.nvl, defer);
3805 	}
3806 	nvlist_free(dd.nvl);
3807 	return (ret);
3808 }
3809 
3810 /*
3811  * Destroys all the snapshots named in the nvlist.
3812  */
3813 int
3814 zfs_destroy_snaps_nvl(libzfs_handle_t *hdl, nvlist_t *snaps, boolean_t defer)
3815 {
3816 	int ret;
3817 	nvlist_t *errlist = NULL;
3818 
3819 	ret = lzc_destroy_snaps(snaps, defer, &errlist);
3820 
3821 	if (ret == 0) {
3822 		nvlist_free(errlist);
3823 		return (0);
3824 	}
3825 
3826 	if (nvlist_empty(errlist)) {
3827 		char errbuf[1024];
3828 		(void) snprintf(errbuf, sizeof (errbuf),
3829 		    dgettext(TEXT_DOMAIN, "cannot destroy snapshots"));
3830 
3831 		ret = zfs_standard_error(hdl, ret, errbuf);
3832 	}
3833 	for (nvpair_t *pair = nvlist_next_nvpair(errlist, NULL);
3834 	    pair != NULL; pair = nvlist_next_nvpair(errlist, pair)) {
3835 		char errbuf[1024];
3836 		(void) snprintf(errbuf, sizeof (errbuf),
3837 		    dgettext(TEXT_DOMAIN, "cannot destroy snapshot %s"),
3838 		    nvpair_name(pair));
3839 
3840 		switch (fnvpair_value_int32(pair)) {
3841 		case EEXIST:
3842 			zfs_error_aux(hdl,
3843 			    dgettext(TEXT_DOMAIN, "snapshot is cloned"));
3844 			ret = zfs_error(hdl, EZFS_EXISTS, errbuf);
3845 			break;
3846 		default:
3847 			ret = zfs_standard_error(hdl, errno, errbuf);
3848 			break;
3849 		}
3850 	}
3851 
3852 	nvlist_free(errlist);
3853 	return (ret);
3854 }
3855 
3856 /*
3857  * Clones the given dataset.  The target must be of the same type as the source.
3858  */
3859 int
3860 zfs_clone(zfs_handle_t *zhp, const char *target, nvlist_t *props)
3861 {
3862 	char parent[ZFS_MAX_DATASET_NAME_LEN];
3863 	int ret;
3864 	char errbuf[1024];
3865 	libzfs_handle_t *hdl = zhp->zfs_hdl;
3866 	uint64_t zoned;
3867 
3868 	assert(zhp->zfs_type == ZFS_TYPE_SNAPSHOT);
3869 
3870 	(void) snprintf(errbuf, sizeof (errbuf), dgettext(TEXT_DOMAIN,
3871 	    "cannot create '%s'"), target);
3872 
3873 	/* validate the target/clone name */
3874 	if (!zfs_validate_name(hdl, target, ZFS_TYPE_FILESYSTEM, B_TRUE))
3875 		return (zfs_error(hdl, EZFS_INVALIDNAME, errbuf));
3876 
3877 	/* validate parents exist */
3878 	if (check_parents(hdl, target, &zoned, B_FALSE, NULL) != 0)
3879 		return (-1);
3880 
3881 	(void) parent_name(target, parent, sizeof (parent));
3882 
3883 	/* do the clone */
3884 
3885 	if (props) {
3886 		zfs_type_t type;
3887 
3888 		if (ZFS_IS_VOLUME(zhp)) {
3889 			type = ZFS_TYPE_VOLUME;
3890 		} else {
3891 			type = ZFS_TYPE_FILESYSTEM;
3892 		}
3893 		if ((props = zfs_valid_proplist(hdl, type, props, zoned,
3894 		    zhp, zhp->zpool_hdl, B_TRUE, errbuf)) == NULL)
3895 			return (-1);
3896 		if (zfs_fix_auto_resv(zhp, props) == -1) {
3897 			nvlist_free(props);
3898 			return (-1);
3899 		}
3900 	}
3901 
3902 	if (zfs_crypto_clone_check(hdl, zhp, parent, props) != 0) {
3903 		nvlist_free(props);
3904 		return (zfs_error(hdl, EZFS_CRYPTOFAILED, errbuf));
3905 	}
3906 
3907 	ret = lzc_clone(target, zhp->zfs_name, props);
3908 	nvlist_free(props);
3909 
3910 	if (ret != 0) {
3911 		switch (errno) {
3912 
3913 		case ENOENT:
3914 			/*
3915 			 * The parent doesn't exist.  We should have caught this
3916 			 * above, but there may a race condition that has since
3917 			 * destroyed the parent.
3918 			 *
3919 			 * At this point, we don't know whether it's the source
3920 			 * that doesn't exist anymore, or whether the target
3921 			 * dataset doesn't exist.
3922 			 */
3923 			zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
3924 			    "no such parent '%s'"), parent);
3925 			return (zfs_error(zhp->zfs_hdl, EZFS_NOENT, errbuf));
3926 
3927 		case EXDEV:
3928 			zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
3929 			    "source and target pools differ"));
3930 			return (zfs_error(zhp->zfs_hdl, EZFS_CROSSTARGET,
3931 			    errbuf));
3932 
3933 		default:
3934 			return (zfs_standard_error(zhp->zfs_hdl, errno,
3935 			    errbuf));
3936 		}
3937 	}
3938 
3939 	return (ret);
3940 }
3941 
3942 /*
3943  * Promotes the given clone fs to be the clone parent.
3944  */
3945 int
3946 zfs_promote(zfs_handle_t *zhp)
3947 {
3948 	libzfs_handle_t *hdl = zhp->zfs_hdl;
3949 	char snapname[ZFS_MAX_DATASET_NAME_LEN];
3950 	int ret;
3951 	char errbuf[1024];
3952 
3953 	(void) snprintf(errbuf, sizeof (errbuf), dgettext(TEXT_DOMAIN,
3954 	    "cannot promote '%s'"), zhp->zfs_name);
3955 
3956 	if (zhp->zfs_type == ZFS_TYPE_SNAPSHOT) {
3957 		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
3958 		    "snapshots can not be promoted"));
3959 		return (zfs_error(hdl, EZFS_BADTYPE, errbuf));
3960 	}
3961 
3962 	if (zhp->zfs_dmustats.dds_origin[0] == '\0') {
3963 		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
3964 		    "not a cloned filesystem"));
3965 		return (zfs_error(hdl, EZFS_BADTYPE, errbuf));
3966 	}
3967 
3968 	if (!zfs_validate_name(hdl, zhp->zfs_name, zhp->zfs_type, B_TRUE))
3969 		return (zfs_error(hdl, EZFS_INVALIDNAME, errbuf));
3970 
3971 	ret = lzc_promote(zhp->zfs_name, snapname, sizeof (snapname));
3972 
3973 	if (ret != 0) {
3974 		switch (ret) {
3975 		case EEXIST:
3976 			/* There is a conflicting snapshot name. */
3977 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
3978 			    "conflicting snapshot '%s' from parent '%s'"),
3979 			    snapname, zhp->zfs_dmustats.dds_origin);
3980 			return (zfs_error(hdl, EZFS_EXISTS, errbuf));
3981 
3982 		default:
3983 			return (zfs_standard_error(hdl, ret, errbuf));
3984 		}
3985 	}
3986 	return (ret);
3987 }
3988 
3989 typedef struct snapdata {
3990 	nvlist_t *sd_nvl;
3991 	const char *sd_snapname;
3992 } snapdata_t;
3993 
3994 static int
3995 zfs_snapshot_cb(zfs_handle_t *zhp, void *arg)
3996 {
3997 	snapdata_t *sd = arg;
3998 	char name[ZFS_MAX_DATASET_NAME_LEN];
3999 	int rv = 0;
4000 
4001 	if (zfs_prop_get_int(zhp, ZFS_PROP_INCONSISTENT) == 0) {
4002 		(void) snprintf(name, sizeof (name),
4003 		    "%s@%s", zfs_get_name(zhp), sd->sd_snapname);
4004 
4005 		fnvlist_add_boolean(sd->sd_nvl, name);
4006 
4007 		rv = zfs_iter_filesystems(zhp, zfs_snapshot_cb, sd);
4008 	}
4009 	zfs_close(zhp);
4010 
4011 	return (rv);
4012 }
4013 
4014 int
4015 zfs_remap_indirects(libzfs_handle_t *hdl, const char *fs)
4016 {
4017 	int err;
4018 	char errbuf[1024];
4019 
4020 	(void) snprintf(errbuf, sizeof (errbuf), dgettext(TEXT_DOMAIN,
4021 	    "cannot remap dataset '%s'"), fs);
4022 
4023 	err = lzc_remap(fs);
4024 
4025 	if (err != 0) {
4026 		switch (err) {
4027 		case ENOTSUP:
4028 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
4029 			    "pool must be upgraded"));
4030 			(void) zfs_error(hdl, EZFS_BADVERSION, errbuf);
4031 			break;
4032 		case EINVAL:
4033 			(void) zfs_error(hdl, EZFS_BADTYPE, errbuf);
4034 			break;
4035 		default:
4036 			(void) zfs_standard_error(hdl, err, errbuf);
4037 			break;
4038 		}
4039 	}
4040 
4041 	return (err);
4042 }
4043 
4044 /*
4045  * Creates snapshots.  The keys in the snaps nvlist are the snapshots to be
4046  * created.
4047  */
4048 int
4049 zfs_snapshot_nvl(libzfs_handle_t *hdl, nvlist_t *snaps, nvlist_t *props)
4050 {
4051 	int ret;
4052 	char errbuf[1024];
4053 	nvpair_t *elem;
4054 	nvlist_t *errors;
4055 
4056 	(void) snprintf(errbuf, sizeof (errbuf), dgettext(TEXT_DOMAIN,
4057 	    "cannot create snapshots "));
4058 
4059 	elem = NULL;
4060 	while ((elem = nvlist_next_nvpair(snaps, elem)) != NULL) {
4061 		const char *snapname = nvpair_name(elem);
4062 
4063 		/* validate the target name */
4064 		if (!zfs_validate_name(hdl, snapname, ZFS_TYPE_SNAPSHOT,
4065 		    B_TRUE)) {
4066 			(void) snprintf(errbuf, sizeof (errbuf),
4067 			    dgettext(TEXT_DOMAIN,
4068 			    "cannot create snapshot '%s'"), snapname);
4069 			return (zfs_error(hdl, EZFS_INVALIDNAME, errbuf));
4070 		}
4071 	}
4072 
4073 	/*
4074 	 * get pool handle for prop validation. assumes all snaps are in the
4075 	 * same pool, as does lzc_snapshot (below).
4076 	 */
4077 	char pool[ZFS_MAX_DATASET_NAME_LEN];
4078 	elem = nvlist_next_nvpair(snaps, NULL);
4079 	(void) strlcpy(pool, nvpair_name(elem), sizeof (pool));
4080 	pool[strcspn(pool, "/@")] = '\0';
4081 	zpool_handle_t *zpool_hdl = zpool_open(hdl, pool);
4082 
4083 	if (props != NULL &&
4084 	    (props = zfs_valid_proplist(hdl, ZFS_TYPE_SNAPSHOT,
4085 	    props, B_FALSE, NULL, zpool_hdl, B_FALSE, errbuf)) == NULL) {
4086 		zpool_close(zpool_hdl);
4087 		return (-1);
4088 	}
4089 	zpool_close(zpool_hdl);
4090 
4091 	ret = lzc_snapshot(snaps, props, &errors);
4092 
4093 	if (ret != 0) {
4094 		boolean_t printed = B_FALSE;
4095 		for (elem = nvlist_next_nvpair(errors, NULL);
4096 		    elem != NULL;
4097 		    elem = nvlist_next_nvpair(errors, elem)) {
4098 			(void) snprintf(errbuf, sizeof (errbuf),
4099 			    dgettext(TEXT_DOMAIN,
4100 			    "cannot create snapshot '%s'"), nvpair_name(elem));
4101 			(void) zfs_standard_error(hdl,
4102 			    fnvpair_value_int32(elem), errbuf);
4103 			printed = B_TRUE;
4104 		}
4105 		if (!printed) {
4106 			switch (ret) {
4107 			case EXDEV:
4108 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
4109 				    "multiple snapshots of same "
4110 				    "fs not allowed"));
4111 				(void) zfs_error(hdl, EZFS_EXISTS, errbuf);
4112 
4113 				break;
4114 			default:
4115 				(void) zfs_standard_error(hdl, ret, errbuf);
4116 			}
4117 		}
4118 	}
4119 
4120 	nvlist_free(props);
4121 	nvlist_free(errors);
4122 	return (ret);
4123 }
4124 
4125 int
4126 zfs_snapshot(libzfs_handle_t *hdl, const char *path, boolean_t recursive,
4127     nvlist_t *props)
4128 {
4129 	int ret;
4130 	snapdata_t sd = { 0 };
4131 	char fsname[ZFS_MAX_DATASET_NAME_LEN];
4132 	char *cp;
4133 	zfs_handle_t *zhp;
4134 	char errbuf[1024];
4135 
4136 	(void) snprintf(errbuf, sizeof (errbuf), dgettext(TEXT_DOMAIN,
4137 	    "cannot snapshot %s"), path);
4138 
4139 	if (!zfs_validate_name(hdl, path, ZFS_TYPE_SNAPSHOT, B_TRUE))
4140 		return (zfs_error(hdl, EZFS_INVALIDNAME, errbuf));
4141 
4142 	(void) strlcpy(fsname, path, sizeof (fsname));
4143 	cp = strchr(fsname, '@');
4144 	*cp = '\0';
4145 	sd.sd_snapname = cp + 1;
4146 
4147 	if ((zhp = zfs_open(hdl, fsname, ZFS_TYPE_FILESYSTEM |
4148 	    ZFS_TYPE_VOLUME)) == NULL) {
4149 		return (-1);
4150 	}
4151 
4152 	verify(nvlist_alloc(&sd.sd_nvl, NV_UNIQUE_NAME, 0) == 0);
4153 	if (recursive) {
4154 		(void) zfs_snapshot_cb(zfs_handle_dup(zhp), &sd);
4155 	} else {
4156 		fnvlist_add_boolean(sd.sd_nvl, path);
4157 	}
4158 
4159 	ret = zfs_snapshot_nvl(hdl, sd.sd_nvl, props);
4160 	nvlist_free(sd.sd_nvl);
4161 	zfs_close(zhp);
4162 	return (ret);
4163 }
4164 
4165 /*
4166  * Destroy any more recent snapshots.  We invoke this callback on any dependents
4167  * of the snapshot first.  If the 'cb_dependent' member is non-zero, then this
4168  * is a dependent and we should just destroy it without checking the transaction
4169  * group.
4170  */
4171 typedef struct rollback_data {
4172 	const char	*cb_target;		/* the snapshot */
4173 	uint64_t	cb_create;		/* creation time reference */
4174 	boolean_t	cb_error;
4175 	boolean_t	cb_force;
4176 } rollback_data_t;
4177 
4178 static int
4179 rollback_destroy_dependent(zfs_handle_t *zhp, void *data)
4180 {
4181 	rollback_data_t *cbp = data;
4182 	prop_changelist_t *clp;
4183 
4184 	/* We must destroy this clone; first unmount it */
4185 	clp = changelist_gather(zhp, ZFS_PROP_NAME, 0,
4186 	    cbp->cb_force ? MS_FORCE: 0);
4187 	if (clp == NULL || changelist_prefix(clp) != 0) {
4188 		cbp->cb_error = B_TRUE;
4189 		zfs_close(zhp);
4190 		return (0);
4191 	}
4192 	if (zfs_destroy(zhp, B_FALSE) != 0)
4193 		cbp->cb_error = B_TRUE;
4194 	else
4195 		changelist_remove(clp, zhp->zfs_name);
4196 	(void) changelist_postfix(clp);
4197 	changelist_free(clp);
4198 
4199 	zfs_close(zhp);
4200 	return (0);
4201 }
4202 
4203 static int
4204 rollback_destroy(zfs_handle_t *zhp, void *data)
4205 {
4206 	rollback_data_t *cbp = data;
4207 
4208 	if (zfs_prop_get_int(zhp, ZFS_PROP_CREATETXG) > cbp->cb_create) {
4209 		cbp->cb_error |= zfs_iter_dependents(zhp, B_FALSE,
4210 		    rollback_destroy_dependent, cbp);
4211 
4212 		cbp->cb_error |= zfs_destroy(zhp, B_FALSE);
4213 	}
4214 
4215 	zfs_close(zhp);
4216 	return (0);
4217 }
4218 
4219 /*
4220  * Given a dataset, rollback to a specific snapshot, discarding any
4221  * data changes since then and making it the active dataset.
4222  *
4223  * Any snapshots and bookmarks more recent than the target are
4224  * destroyed, along with their dependents (i.e. clones).
4225  */
4226 int
4227 zfs_rollback(zfs_handle_t *zhp, zfs_handle_t *snap, boolean_t force)
4228 {
4229 	rollback_data_t cb = { 0 };
4230 	int err;
4231 	boolean_t restore_resv = 0;
4232 	uint64_t old_volsize = 0, new_volsize;
4233 	zfs_prop_t resv_prop;
4234 
4235 	assert(zhp->zfs_type == ZFS_TYPE_FILESYSTEM ||
4236 	    zhp->zfs_type == ZFS_TYPE_VOLUME);
4237 
4238 	/*
4239 	 * Destroy all recent snapshots and their dependents.
4240 	 */
4241 	cb.cb_force = force;
4242 	cb.cb_target = snap->zfs_name;
4243 	cb.cb_create = zfs_prop_get_int(snap, ZFS_PROP_CREATETXG);
4244 	(void) zfs_iter_snapshots(zhp, B_FALSE, rollback_destroy, &cb);
4245 	(void) zfs_iter_bookmarks(zhp, rollback_destroy, &cb);
4246 
4247 	if (cb.cb_error)
4248 		return (-1);
4249 
4250 	/*
4251 	 * Now that we have verified that the snapshot is the latest,
4252 	 * rollback to the given snapshot.
4253 	 */
4254 
4255 	if (zhp->zfs_type == ZFS_TYPE_VOLUME) {
4256 		if (zfs_which_resv_prop(zhp, &resv_prop) < 0)
4257 			return (-1);
4258 		old_volsize = zfs_prop_get_int(zhp, ZFS_PROP_VOLSIZE);
4259 		restore_resv =
4260 		    (old_volsize == zfs_prop_get_int(zhp, resv_prop));
4261 	}
4262 
4263 	/*
4264 	 * Pass both the filesystem and the wanted snapshot names,
4265 	 * we would get an error back if the snapshot is destroyed or
4266 	 * a new snapshot is created before this request is processed.
4267 	 */
4268 	err = lzc_rollback_to(zhp->zfs_name, snap->zfs_name);
4269 	if (err != 0) {
4270 		char errbuf[1024];
4271 
4272 		(void) snprintf(errbuf, sizeof (errbuf),
4273 		    dgettext(TEXT_DOMAIN, "cannot rollback '%s'"),
4274 		    zhp->zfs_name);
4275 		switch (err) {
4276 		case EEXIST:
4277 			zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
4278 			    "there is a snapshot or bookmark more recent "
4279 			    "than '%s'"), snap->zfs_name);
4280 			(void) zfs_error(zhp->zfs_hdl, EZFS_EXISTS, errbuf);
4281 			break;
4282 		case ESRCH:
4283 			zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
4284 			    "'%s' is not found among snapshots of '%s'"),
4285 			    snap->zfs_name, zhp->zfs_name);
4286 			(void) zfs_error(zhp->zfs_hdl, EZFS_NOENT, errbuf);
4287 			break;
4288 		case EINVAL:
4289 			(void) zfs_error(zhp->zfs_hdl, EZFS_BADTYPE, errbuf);
4290 			break;
4291 		default:
4292 			(void) zfs_standard_error(zhp->zfs_hdl, err, errbuf);
4293 		}
4294 		return (err);
4295 	}
4296 
4297 	/*
4298 	 * For volumes, if the pre-rollback volsize matched the pre-
4299 	 * rollback reservation and the volsize has changed then set
4300 	 * the reservation property to the post-rollback volsize.
4301 	 * Make a new handle since the rollback closed the dataset.
4302 	 */
4303 	if ((zhp->zfs_type == ZFS_TYPE_VOLUME) &&
4304 	    (zhp = make_dataset_handle(zhp->zfs_hdl, zhp->zfs_name))) {
4305 		if (restore_resv) {
4306 			new_volsize = zfs_prop_get_int(zhp, ZFS_PROP_VOLSIZE);
4307 			if (old_volsize != new_volsize)
4308 				err = zfs_prop_set_int(zhp, resv_prop,
4309 				    new_volsize);
4310 		}
4311 		zfs_close(zhp);
4312 	}
4313 	return (err);
4314 }
4315 
4316 /*
4317  * Renames the given dataset.
4318  */
4319 int
4320 zfs_rename(zfs_handle_t *zhp, const char *target, boolean_t recursive,
4321     boolean_t force_unmount)
4322 {
4323 	int ret = 0;
4324 	zfs_cmd_t zc = { 0 };
4325 	char *delim;
4326 	prop_changelist_t *cl = NULL;
4327 	zfs_handle_t *zhrp = NULL;
4328 	char *parentname = NULL;
4329 	char parent[ZFS_MAX_DATASET_NAME_LEN];
4330 	libzfs_handle_t *hdl = zhp->zfs_hdl;
4331 	char errbuf[1024];
4332 
4333 	/* if we have the same exact name, just return success */
4334 	if (strcmp(zhp->zfs_name, target) == 0)
4335 		return (0);
4336 
4337 	(void) snprintf(errbuf, sizeof (errbuf), dgettext(TEXT_DOMAIN,
4338 	    "cannot rename to '%s'"), target);
4339 
4340 	/* make sure source name is valid */
4341 	if (!zfs_validate_name(hdl, zhp->zfs_name, zhp->zfs_type, B_TRUE))
4342 		return (zfs_error(hdl, EZFS_INVALIDNAME, errbuf));
4343 
4344 	/*
4345 	 * Make sure the target name is valid
4346 	 */
4347 	if (zhp->zfs_type == ZFS_TYPE_SNAPSHOT) {
4348 		if ((strchr(target, '@') == NULL) ||
4349 		    *target == '@') {
4350 			/*
4351 			 * Snapshot target name is abbreviated,
4352 			 * reconstruct full dataset name
4353 			 */
4354 			(void) strlcpy(parent, zhp->zfs_name,
4355 			    sizeof (parent));
4356 			delim = strchr(parent, '@');
4357 			if (strchr(target, '@') == NULL)
4358 				*(++delim) = '\0';
4359 			else
4360 				*delim = '\0';
4361 			(void) strlcat(parent, target, sizeof (parent));
4362 			target = parent;
4363 		} else {
4364 			/*
4365 			 * Make sure we're renaming within the same dataset.
4366 			 */
4367 			delim = strchr(target, '@');
4368 			if (strncmp(zhp->zfs_name, target, delim - target)
4369 			    != 0 || zhp->zfs_name[delim - target] != '@') {
4370 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
4371 				    "snapshots must be part of same "
4372 				    "dataset"));
4373 				return (zfs_error(hdl, EZFS_CROSSTARGET,
4374 				    errbuf));
4375 			}
4376 		}
4377 
4378 		if (!zfs_validate_name(hdl, target, zhp->zfs_type, B_TRUE))
4379 			return (zfs_error(hdl, EZFS_INVALIDNAME, errbuf));
4380 	} else {
4381 		if (recursive) {
4382 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
4383 			    "recursive rename must be a snapshot"));
4384 			return (zfs_error(hdl, EZFS_BADTYPE, errbuf));
4385 		}
4386 
4387 		if (!zfs_validate_name(hdl, target, zhp->zfs_type, B_TRUE))
4388 			return (zfs_error(hdl, EZFS_INVALIDNAME, errbuf));
4389 
4390 		/* validate parents */
4391 		if (check_parents(hdl, target, NULL, B_FALSE, NULL) != 0)
4392 			return (-1);
4393 
4394 		/* make sure we're in the same pool */
4395 		verify((delim = strchr(target, '/')) != NULL);
4396 		if (strncmp(zhp->zfs_name, target, delim - target) != 0 ||
4397 		    zhp->zfs_name[delim - target] != '/') {
4398 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
4399 			    "datasets must be within same pool"));
4400 			return (zfs_error(hdl, EZFS_CROSSTARGET, errbuf));
4401 		}
4402 
4403 		/* new name cannot be a child of the current dataset name */
4404 		if (is_descendant(zhp->zfs_name, target)) {
4405 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
4406 			    "New dataset name cannot be a descendant of "
4407 			    "current dataset name"));
4408 			return (zfs_error(hdl, EZFS_INVALIDNAME, errbuf));
4409 		}
4410 	}
4411 
4412 	(void) snprintf(errbuf, sizeof (errbuf),
4413 	    dgettext(TEXT_DOMAIN, "cannot rename '%s'"), zhp->zfs_name);
4414 
4415 	if (getzoneid() == GLOBAL_ZONEID &&
4416 	    zfs_prop_get_int(zhp, ZFS_PROP_ZONED)) {
4417 		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
4418 		    "dataset is used in a non-global zone"));
4419 		return (zfs_error(hdl, EZFS_ZONED, errbuf));
4420 	}
4421 
4422 	if (recursive) {
4423 		parentname = zfs_strdup(zhp->zfs_hdl, zhp->zfs_name);
4424 		if (parentname == NULL) {
4425 			ret = -1;
4426 			goto error;
4427 		}
4428 		delim = strchr(parentname, '@');
4429 		*delim = '\0';
4430 		zhrp = zfs_open(zhp->zfs_hdl, parentname, ZFS_TYPE_DATASET);
4431 		if (zhrp == NULL) {
4432 			ret = -1;
4433 			goto error;
4434 		}
4435 	} else if (zhp->zfs_type != ZFS_TYPE_SNAPSHOT) {
4436 		if ((cl = changelist_gather(zhp, ZFS_PROP_NAME, 0,
4437 		    force_unmount ? MS_FORCE : 0)) == NULL)
4438 			return (-1);
4439 
4440 		if (changelist_haszonedchild(cl)) {
4441 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
4442 			    "child dataset with inherited mountpoint is used "
4443 			    "in a non-global zone"));
4444 			(void) zfs_error(hdl, EZFS_ZONED, errbuf);
4445 			ret = -1;
4446 			goto error;
4447 		}
4448 
4449 		if ((ret = changelist_prefix(cl)) != 0)
4450 			goto error;
4451 	}
4452 
4453 	if (ZFS_IS_VOLUME(zhp))
4454 		zc.zc_objset_type = DMU_OST_ZVOL;
4455 	else
4456 		zc.zc_objset_type = DMU_OST_ZFS;
4457 
4458 	(void) strlcpy(zc.zc_name, zhp->zfs_name, sizeof (zc.zc_name));
4459 	(void) strlcpy(zc.zc_value, target, sizeof (zc.zc_value));
4460 
4461 	zc.zc_cookie = recursive;
4462 
4463 	if ((ret = zfs_ioctl(zhp->zfs_hdl, ZFS_IOC_RENAME, &zc)) != 0) {
4464 		/*
4465 		 * if it was recursive, the one that actually failed will
4466 		 * be in zc.zc_name
4467 		 */
4468 		(void) snprintf(errbuf, sizeof (errbuf), dgettext(TEXT_DOMAIN,
4469 		    "cannot rename '%s'"), zc.zc_name);
4470 
4471 		if (recursive && errno == EEXIST) {
4472 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
4473 			    "a child dataset already has a snapshot "
4474 			    "with the new name"));
4475 			(void) zfs_error(hdl, EZFS_EXISTS, errbuf);
4476 		} else if (errno == EACCES) {
4477 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
4478 			    "cannot move encrypted child outside of "
4479 			    "its encryption root"));
4480 			(void) zfs_error(hdl, EZFS_CRYPTOFAILED, errbuf);
4481 		} else {
4482 			(void) zfs_standard_error(zhp->zfs_hdl, errno, errbuf);
4483 		}
4484 
4485 		/*
4486 		 * On failure, we still want to remount any filesystems that
4487 		 * were previously mounted, so we don't alter the system state.
4488 		 */
4489 		if (cl != NULL)
4490 			(void) changelist_postfix(cl);
4491 	} else {
4492 		if (cl != NULL) {
4493 			changelist_rename(cl, zfs_get_name(zhp), target);
4494 			ret = changelist_postfix(cl);
4495 		}
4496 	}
4497 
4498 error:
4499 	if (parentname != NULL) {
4500 		free(parentname);
4501 	}
4502 	if (zhrp != NULL) {
4503 		zfs_close(zhrp);
4504 	}
4505 	if (cl != NULL) {
4506 		changelist_free(cl);
4507 	}
4508 	return (ret);
4509 }
4510 
4511 nvlist_t *
4512 zfs_get_user_props(zfs_handle_t *zhp)
4513 {
4514 	return (zhp->zfs_user_props);
4515 }
4516 
4517 nvlist_t *
4518 zfs_get_recvd_props(zfs_handle_t *zhp)
4519 {
4520 	if (zhp->zfs_recvd_props == NULL)
4521 		if (get_recvd_props_ioctl(zhp) != 0)
4522 			return (NULL);
4523 	return (zhp->zfs_recvd_props);
4524 }
4525 
4526 /*
4527  * This function is used by 'zfs list' to determine the exact set of columns to
4528  * display, and their maximum widths.  This does two main things:
4529  *
4530  *      - If this is a list of all properties, then expand the list to include
4531  *        all native properties, and set a flag so that for each dataset we look
4532  *        for new unique user properties and add them to the list.
4533  *
4534  *      - For non fixed-width properties, keep track of the maximum width seen
4535  *        so that we can size the column appropriately. If the user has
4536  *        requested received property values, we also need to compute the width
4537  *        of the RECEIVED column.
4538  */
4539 int
4540 zfs_expand_proplist(zfs_handle_t *zhp, zprop_list_t **plp, boolean_t received,
4541     boolean_t literal)
4542 {
4543 	libzfs_handle_t *hdl = zhp->zfs_hdl;
4544 	zprop_list_t *entry;
4545 	zprop_list_t **last, **start;
4546 	nvlist_t *userprops, *propval;
4547 	nvpair_t *elem;
4548 	char *strval;
4549 	char buf[ZFS_MAXPROPLEN];
4550 
4551 	if (zprop_expand_list(hdl, plp, ZFS_TYPE_DATASET) != 0)
4552 		return (-1);
4553 
4554 	userprops = zfs_get_user_props(zhp);
4555 
4556 	entry = *plp;
4557 	if (entry->pl_all && nvlist_next_nvpair(userprops, NULL) != NULL) {
4558 		/*
4559 		 * Go through and add any user properties as necessary.  We
4560 		 * start by incrementing our list pointer to the first
4561 		 * non-native property.
4562 		 */
4563 		start = plp;
4564 		while (*start != NULL) {
4565 			if ((*start)->pl_prop == ZPROP_INVAL)
4566 				break;
4567 			start = &(*start)->pl_next;
4568 		}
4569 
4570 		elem = NULL;
4571 		while ((elem = nvlist_next_nvpair(userprops, elem)) != NULL) {
4572 			/*
4573 			 * See if we've already found this property in our list.
4574 			 */
4575 			for (last = start; *last != NULL;
4576 			    last = &(*last)->pl_next) {
4577 				if (strcmp((*last)->pl_user_prop,
4578 				    nvpair_name(elem)) == 0)
4579 					break;
4580 			}
4581 
4582 			if (*last == NULL) {
4583 				if ((entry = zfs_alloc(hdl,
4584 				    sizeof (zprop_list_t))) == NULL ||
4585 				    ((entry->pl_user_prop = zfs_strdup(hdl,
4586 				    nvpair_name(elem)))) == NULL) {
4587 					free(entry);
4588 					return (-1);
4589 				}
4590 
4591 				entry->pl_prop = ZPROP_INVAL;
4592 				entry->pl_width = strlen(nvpair_name(elem));
4593 				entry->pl_all = B_TRUE;
4594 				*last = entry;
4595 			}
4596 		}
4597 	}
4598 
4599 	/*
4600 	 * Now go through and check the width of any non-fixed columns
4601 	 */
4602 	for (entry = *plp; entry != NULL; entry = entry->pl_next) {
4603 		if (entry->pl_fixed && !literal)
4604 			continue;
4605 
4606 		if (entry->pl_prop != ZPROP_INVAL) {
4607 			if (zfs_prop_get(zhp, entry->pl_prop,
4608 			    buf, sizeof (buf), NULL, NULL, 0, literal) == 0) {
4609 				if (strlen(buf) > entry->pl_width)
4610 					entry->pl_width = strlen(buf);
4611 			}
4612 			if (received && zfs_prop_get_recvd(zhp,
4613 			    zfs_prop_to_name(entry->pl_prop),
4614 			    buf, sizeof (buf), literal) == 0)
4615 				if (strlen(buf) > entry->pl_recvd_width)
4616 					entry->pl_recvd_width = strlen(buf);
4617 		} else {
4618 			if (nvlist_lookup_nvlist(userprops, entry->pl_user_prop,
4619 			    &propval) == 0) {
4620 				verify(nvlist_lookup_string(propval,
4621 				    ZPROP_VALUE, &strval) == 0);
4622 				if (strlen(strval) > entry->pl_width)
4623 					entry->pl_width = strlen(strval);
4624 			}
4625 			if (received && zfs_prop_get_recvd(zhp,
4626 			    entry->pl_user_prop,
4627 			    buf, sizeof (buf), literal) == 0)
4628 				if (strlen(buf) > entry->pl_recvd_width)
4629 					entry->pl_recvd_width = strlen(buf);
4630 		}
4631 	}
4632 
4633 	return (0);
4634 }
4635 
4636 int
4637 zfs_deleg_share_nfs(libzfs_handle_t *hdl, char *dataset, char *path,
4638     char *resource, void *export, void *sharetab,
4639     int sharemax, zfs_share_op_t operation)
4640 {
4641 	zfs_cmd_t zc = { 0 };
4642 	int error;
4643 
4644 	(void) strlcpy(zc.zc_name, dataset, sizeof (zc.zc_name));
4645 	(void) strlcpy(zc.zc_value, path, sizeof (zc.zc_value));
4646 	if (resource)
4647 		(void) strlcpy(zc.zc_string, resource, sizeof (zc.zc_string));
4648 	zc.zc_share.z_sharedata = (uint64_t)(uintptr_t)sharetab;
4649 	zc.zc_share.z_exportdata = (uint64_t)(uintptr_t)export;
4650 	zc.zc_share.z_sharetype = operation;
4651 	zc.zc_share.z_sharemax = sharemax;
4652 	error = ioctl(hdl->libzfs_fd, ZFS_IOC_SHARE, &zc);
4653 	return (error);
4654 }
4655 
4656 void
4657 zfs_prune_proplist(zfs_handle_t *zhp, uint8_t *props)
4658 {
4659 	nvpair_t *curr;
4660 
4661 	/*
4662 	 * Keep a reference to the props-table against which we prune the
4663 	 * properties.
4664 	 */
4665 	zhp->zfs_props_table = props;
4666 
4667 	curr = nvlist_next_nvpair(zhp->zfs_props, NULL);
4668 
4669 	while (curr) {
4670 		zfs_prop_t zfs_prop = zfs_name_to_prop(nvpair_name(curr));
4671 		nvpair_t *next = nvlist_next_nvpair(zhp->zfs_props, curr);
4672 
4673 		/*
4674 		 * User properties will result in ZPROP_INVAL, and since we
4675 		 * only know how to prune standard ZFS properties, we always
4676 		 * leave these in the list.  This can also happen if we
4677 		 * encounter an unknown DSL property (when running older
4678 		 * software, for example).
4679 		 */
4680 		if (zfs_prop != ZPROP_INVAL && props[zfs_prop] == B_FALSE)
4681 			(void) nvlist_remove(zhp->zfs_props,
4682 			    nvpair_name(curr), nvpair_type(curr));
4683 		curr = next;
4684 	}
4685 }
4686 
4687 static int
4688 zfs_smb_acl_mgmt(libzfs_handle_t *hdl, char *dataset, char *path,
4689     zfs_smb_acl_op_t cmd, char *resource1, char *resource2)
4690 {
4691 	zfs_cmd_t zc = { 0 };
4692 	nvlist_t *nvlist = NULL;
4693 	int error;
4694 
4695 	(void) strlcpy(zc.zc_name, dataset, sizeof (zc.zc_name));
4696 	(void) strlcpy(zc.zc_value, path, sizeof (zc.zc_value));
4697 	zc.zc_cookie = (uint64_t)cmd;
4698 
4699 	if (cmd == ZFS_SMB_ACL_RENAME) {
4700 		if (nvlist_alloc(&nvlist, NV_UNIQUE_NAME, 0) != 0) {
4701 			(void) no_memory(hdl);
4702 			return (0);
4703 		}
4704 	}
4705 
4706 	switch (cmd) {
4707 	case ZFS_SMB_ACL_ADD:
4708 	case ZFS_SMB_ACL_REMOVE:
4709 		(void) strlcpy(zc.zc_string, resource1, sizeof (zc.zc_string));
4710 		break;
4711 	case ZFS_SMB_ACL_RENAME:
4712 		if (nvlist_add_string(nvlist, ZFS_SMB_ACL_SRC,
4713 		    resource1) != 0) {
4714 				(void) no_memory(hdl);
4715 				return (-1);
4716 		}
4717 		if (nvlist_add_string(nvlist, ZFS_SMB_ACL_TARGET,
4718 		    resource2) != 0) {
4719 				(void) no_memory(hdl);
4720 				return (-1);
4721 		}
4722 		if (zcmd_write_src_nvlist(hdl, &zc, nvlist) != 0) {
4723 			nvlist_free(nvlist);
4724 			return (-1);
4725 		}
4726 		break;
4727 	case ZFS_SMB_ACL_PURGE:
4728 		break;
4729 	default:
4730 		return (-1);
4731 	}
4732 	error = ioctl(hdl->libzfs_fd, ZFS_IOC_SMB_ACL, &zc);
4733 	nvlist_free(nvlist);
4734 	return (error);
4735 }
4736 
4737 int
4738 zfs_smb_acl_add(libzfs_handle_t *hdl, char *dataset,
4739     char *path, char *resource)
4740 {
4741 	return (zfs_smb_acl_mgmt(hdl, dataset, path, ZFS_SMB_ACL_ADD,
4742 	    resource, NULL));
4743 }
4744 
4745 int
4746 zfs_smb_acl_remove(libzfs_handle_t *hdl, char *dataset,
4747     char *path, char *resource)
4748 {
4749 	return (zfs_smb_acl_mgmt(hdl, dataset, path, ZFS_SMB_ACL_REMOVE,
4750 	    resource, NULL));
4751 }
4752 
4753 int
4754 zfs_smb_acl_purge(libzfs_handle_t *hdl, char *dataset, char *path)
4755 {
4756 	return (zfs_smb_acl_mgmt(hdl, dataset, path, ZFS_SMB_ACL_PURGE,
4757 	    NULL, NULL));
4758 }
4759 
4760 int
4761 zfs_smb_acl_rename(libzfs_handle_t *hdl, char *dataset, char *path,
4762     char *oldname, char *newname)
4763 {
4764 	return (zfs_smb_acl_mgmt(hdl, dataset, path, ZFS_SMB_ACL_RENAME,
4765 	    oldname, newname));
4766 }
4767 
4768 int
4769 zfs_userspace(zfs_handle_t *zhp, zfs_userquota_prop_t type,
4770     zfs_userspace_cb_t func, void *arg)
4771 {
4772 	zfs_cmd_t zc = { 0 };
4773 	zfs_useracct_t buf[100];
4774 	libzfs_handle_t *hdl = zhp->zfs_hdl;
4775 	int ret;
4776 
4777 	(void) strlcpy(zc.zc_name, zhp->zfs_name, sizeof (zc.zc_name));
4778 
4779 	zc.zc_objset_type = type;
4780 	zc.zc_nvlist_dst = (uintptr_t)buf;
4781 
4782 	for (;;) {
4783 		zfs_useracct_t *zua = buf;
4784 
4785 		zc.zc_nvlist_dst_size = sizeof (buf);
4786 		if (zfs_ioctl(hdl, ZFS_IOC_USERSPACE_MANY, &zc) != 0) {
4787 			char errbuf[1024];
4788 
4789 			if ((errno == ENOTSUP &&
4790 			    (type == ZFS_PROP_USEROBJUSED ||
4791 			    type == ZFS_PROP_GROUPOBJUSED ||
4792 			    type == ZFS_PROP_USEROBJQUOTA ||
4793 			    type == ZFS_PROP_GROUPOBJQUOTA ||
4794 			    type == ZFS_PROP_PROJECTOBJUSED ||
4795 			    type == ZFS_PROP_PROJECTOBJQUOTA ||
4796 			    type == ZFS_PROP_PROJECTUSED ||
4797 			    type == ZFS_PROP_PROJECTQUOTA)))
4798 				break;
4799 
4800 			(void) snprintf(errbuf, sizeof (errbuf),
4801 			    dgettext(TEXT_DOMAIN,
4802 			    "cannot get used/quota for %s"), zc.zc_name);
4803 			return (zfs_standard_error_fmt(hdl, errno, errbuf));
4804 		}
4805 		if (zc.zc_nvlist_dst_size == 0)
4806 			break;
4807 
4808 		while (zc.zc_nvlist_dst_size > 0) {
4809 			if ((ret = func(arg, zua->zu_domain, zua->zu_rid,
4810 			    zua->zu_space)) != 0)
4811 				return (ret);
4812 			zua++;
4813 			zc.zc_nvlist_dst_size -= sizeof (zfs_useracct_t);
4814 		}
4815 	}
4816 
4817 	return (0);
4818 }
4819 
4820 struct holdarg {
4821 	nvlist_t *nvl;
4822 	const char *snapname;
4823 	const char *tag;
4824 	boolean_t recursive;
4825 	int error;
4826 };
4827 
4828 static int
4829 zfs_hold_one(zfs_handle_t *zhp, void *arg)
4830 {
4831 	struct holdarg *ha = arg;
4832 	char name[ZFS_MAX_DATASET_NAME_LEN];
4833 	int rv = 0;
4834 
4835 	(void) snprintf(name, sizeof (name),
4836 	    "%s@%s", zhp->zfs_name, ha->snapname);
4837 
4838 	if (lzc_exists(name))
4839 		fnvlist_add_string(ha->nvl, name, ha->tag);
4840 
4841 	if (ha->recursive)
4842 		rv = zfs_iter_filesystems(zhp, zfs_hold_one, ha);
4843 	zfs_close(zhp);
4844 	return (rv);
4845 }
4846 
4847 int
4848 zfs_hold(zfs_handle_t *zhp, const char *snapname, const char *tag,
4849     boolean_t recursive, int cleanup_fd)
4850 {
4851 	int ret;
4852 	struct holdarg ha;
4853 
4854 	ha.nvl = fnvlist_alloc();
4855 	ha.snapname = snapname;
4856 	ha.tag = tag;
4857 	ha.recursive = recursive;
4858 	(void) zfs_hold_one(zfs_handle_dup(zhp), &ha);
4859 
4860 	if (nvlist_empty(ha.nvl)) {
4861 		char errbuf[1024];
4862 
4863 		fnvlist_free(ha.nvl);
4864 		ret = ENOENT;
4865 		(void) snprintf(errbuf, sizeof (errbuf),
4866 		    dgettext(TEXT_DOMAIN,
4867 		    "cannot hold snapshot '%s@%s'"),
4868 		    zhp->zfs_name, snapname);
4869 		(void) zfs_standard_error(zhp->zfs_hdl, ret, errbuf);
4870 		return (ret);
4871 	}
4872 
4873 	ret = zfs_hold_nvl(zhp, cleanup_fd, ha.nvl);
4874 	fnvlist_free(ha.nvl);
4875 
4876 	return (ret);
4877 }
4878 
4879 int
4880 zfs_hold_nvl(zfs_handle_t *zhp, int cleanup_fd, nvlist_t *holds)
4881 {
4882 	int ret;
4883 	nvlist_t *errors;
4884 	libzfs_handle_t *hdl = zhp->zfs_hdl;
4885 	char errbuf[1024];
4886 	nvpair_t *elem;
4887 
4888 	errors = NULL;
4889 	ret = lzc_hold(holds, cleanup_fd, &errors);
4890 
4891 	if (ret == 0) {
4892 		/* There may be errors even in the success case. */
4893 		fnvlist_free(errors);
4894 		return (0);
4895 	}
4896 
4897 	if (nvlist_empty(errors)) {
4898 		/* no hold-specific errors */
4899 		(void) snprintf(errbuf, sizeof (errbuf),
4900 		    dgettext(TEXT_DOMAIN, "cannot hold"));
4901 		switch (ret) {
4902 		case ENOTSUP:
4903 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
4904 			    "pool must be upgraded"));
4905 			(void) zfs_error(hdl, EZFS_BADVERSION, errbuf);
4906 			break;
4907 		case EINVAL:
4908 			(void) zfs_error(hdl, EZFS_BADTYPE, errbuf);
4909 			break;
4910 		default:
4911 			(void) zfs_standard_error(hdl, ret, errbuf);
4912 		}
4913 	}
4914 
4915 	for (elem = nvlist_next_nvpair(errors, NULL);
4916 	    elem != NULL;
4917 	    elem = nvlist_next_nvpair(errors, elem)) {
4918 		(void) snprintf(errbuf, sizeof (errbuf),
4919 		    dgettext(TEXT_DOMAIN,
4920 		    "cannot hold snapshot '%s'"), nvpair_name(elem));
4921 		switch (fnvpair_value_int32(elem)) {
4922 		case E2BIG:
4923 			/*
4924 			 * Temporary tags wind up having the ds object id
4925 			 * prepended. So even if we passed the length check
4926 			 * above, it's still possible for the tag to wind
4927 			 * up being slightly too long.
4928 			 */
4929 			(void) zfs_error(hdl, EZFS_TAGTOOLONG, errbuf);
4930 			break;
4931 		case EINVAL:
4932 			(void) zfs_error(hdl, EZFS_BADTYPE, errbuf);
4933 			break;
4934 		case EEXIST:
4935 			(void) zfs_error(hdl, EZFS_REFTAG_HOLD, errbuf);
4936 			break;
4937 		default:
4938 			(void) zfs_standard_error(hdl,
4939 			    fnvpair_value_int32(elem), errbuf);
4940 		}
4941 	}
4942 
4943 	fnvlist_free(errors);
4944 	return (ret);
4945 }
4946 
4947 static int
4948 zfs_release_one(zfs_handle_t *zhp, void *arg)
4949 {
4950 	struct holdarg *ha = arg;
4951 	char name[ZFS_MAX_DATASET_NAME_LEN];
4952 	int rv = 0;
4953 	nvlist_t *existing_holds;
4954 
4955 	(void) snprintf(name, sizeof (name),
4956 	    "%s@%s", zhp->zfs_name, ha->snapname);
4957 
4958 	if (lzc_get_holds(name, &existing_holds) != 0) {
4959 		ha->error = ENOENT;
4960 	} else if (!nvlist_exists(existing_holds, ha->tag)) {
4961 		ha->error = ESRCH;
4962 	} else {
4963 		nvlist_t *torelease = fnvlist_alloc();
4964 		fnvlist_add_boolean(torelease, ha->tag);
4965 		fnvlist_add_nvlist(ha->nvl, name, torelease);
4966 		fnvlist_free(torelease);
4967 	}
4968 
4969 	if (ha->recursive)
4970 		rv = zfs_iter_filesystems(zhp, zfs_release_one, ha);
4971 	zfs_close(zhp);
4972 	return (rv);
4973 }
4974 
4975 int
4976 zfs_release(zfs_handle_t *zhp, const char *snapname, const char *tag,
4977     boolean_t recursive)
4978 {
4979 	int ret;
4980 	struct holdarg ha;
4981 	nvlist_t *errors = NULL;
4982 	nvpair_t *elem;
4983 	libzfs_handle_t *hdl = zhp->zfs_hdl;
4984 	char errbuf[1024];
4985 
4986 	ha.nvl = fnvlist_alloc();
4987 	ha.snapname = snapname;
4988 	ha.tag = tag;
4989 	ha.recursive = recursive;
4990 	ha.error = 0;
4991 	(void) zfs_release_one(zfs_handle_dup(zhp), &ha);
4992 
4993 	if (nvlist_empty(ha.nvl)) {
4994 		fnvlist_free(ha.nvl);
4995 		ret = ha.error;
4996 		(void) snprintf(errbuf, sizeof (errbuf),
4997 		    dgettext(TEXT_DOMAIN,
4998 		    "cannot release hold from snapshot '%s@%s'"),
4999 		    zhp->zfs_name, snapname);
5000 		if (ret == ESRCH) {
5001 			(void) zfs_error(hdl, EZFS_REFTAG_RELE, errbuf);
5002 		} else {
5003 			(void) zfs_standard_error(hdl, ret, errbuf);
5004 		}
5005 		return (ret);
5006 	}
5007 
5008 	ret = lzc_release(ha.nvl, &errors);
5009 	fnvlist_free(ha.nvl);
5010 
5011 	if (ret == 0) {
5012 		/* There may be errors even in the success case. */
5013 		fnvlist_free(errors);
5014 		return (0);
5015 	}
5016 
5017 	if (nvlist_empty(errors)) {
5018 		/* no hold-specific errors */
5019 		(void) snprintf(errbuf, sizeof (errbuf), dgettext(TEXT_DOMAIN,
5020 		    "cannot release"));
5021 		switch (errno) {
5022 		case ENOTSUP:
5023 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
5024 			    "pool must be upgraded"));
5025 			(void) zfs_error(hdl, EZFS_BADVERSION, errbuf);
5026 			break;
5027 		default:
5028 			(void) zfs_standard_error_fmt(hdl, errno, errbuf);
5029 		}
5030 	}
5031 
5032 	for (elem = nvlist_next_nvpair(errors, NULL);
5033 	    elem != NULL;
5034 	    elem = nvlist_next_nvpair(errors, elem)) {
5035 		(void) snprintf(errbuf, sizeof (errbuf),
5036 		    dgettext(TEXT_DOMAIN,
5037 		    "cannot release hold from snapshot '%s'"),
5038 		    nvpair_name(elem));
5039 		switch (fnvpair_value_int32(elem)) {
5040 		case ESRCH:
5041 			(void) zfs_error(hdl, EZFS_REFTAG_RELE, errbuf);
5042 			break;
5043 		case EINVAL:
5044 			(void) zfs_error(hdl, EZFS_BADTYPE, errbuf);
5045 			break;
5046 		default:
5047 			(void) zfs_standard_error_fmt(hdl,
5048 			    fnvpair_value_int32(elem), errbuf);
5049 		}
5050 	}
5051 
5052 	fnvlist_free(errors);
5053 	return (ret);
5054 }
5055 
5056 int
5057 zfs_get_fsacl(zfs_handle_t *zhp, nvlist_t **nvl)
5058 {
5059 	zfs_cmd_t zc = { 0 };
5060 	libzfs_handle_t *hdl = zhp->zfs_hdl;
5061 	int nvsz = 2048;
5062 	void *nvbuf;
5063 	int err = 0;
5064 	char errbuf[1024];
5065 
5066 	assert(zhp->zfs_type == ZFS_TYPE_VOLUME ||
5067 	    zhp->zfs_type == ZFS_TYPE_FILESYSTEM);
5068 
5069 tryagain:
5070 
5071 	nvbuf = malloc(nvsz);
5072 	if (nvbuf == NULL) {
5073 		err = (zfs_error(hdl, EZFS_NOMEM, strerror(errno)));
5074 		goto out;
5075 	}
5076 
5077 	zc.zc_nvlist_dst_size = nvsz;
5078 	zc.zc_nvlist_dst = (uintptr_t)nvbuf;
5079 
5080 	(void) strlcpy(zc.zc_name, zhp->zfs_name, sizeof (zc.zc_name));
5081 
5082 	if (ioctl(hdl->libzfs_fd, ZFS_IOC_GET_FSACL, &zc) != 0) {
5083 		(void) snprintf(errbuf, sizeof (errbuf),
5084 		    dgettext(TEXT_DOMAIN, "cannot get permissions on '%s'"),
5085 		    zc.zc_name);
5086 		switch (errno) {
5087 		case ENOMEM:
5088 			free(nvbuf);
5089 			nvsz = zc.zc_nvlist_dst_size;
5090 			goto tryagain;
5091 
5092 		case ENOTSUP:
5093 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
5094 			    "pool must be upgraded"));
5095 			err = zfs_error(hdl, EZFS_BADVERSION, errbuf);
5096 			break;
5097 		case EINVAL:
5098 			err = zfs_error(hdl, EZFS_BADTYPE, errbuf);
5099 			break;
5100 		case ENOENT:
5101 			err = zfs_error(hdl, EZFS_NOENT, errbuf);
5102 			break;
5103 		default:
5104 			err = zfs_standard_error_fmt(hdl, errno, errbuf);
5105 			break;
5106 		}
5107 	} else {
5108 		/* success */
5109 		int rc = nvlist_unpack(nvbuf, zc.zc_nvlist_dst_size, nvl, 0);
5110 		if (rc) {
5111 			(void) snprintf(errbuf, sizeof (errbuf), dgettext(
5112 			    TEXT_DOMAIN, "cannot get permissions on '%s'"),
5113 			    zc.zc_name);
5114 			err = zfs_standard_error_fmt(hdl, rc, errbuf);
5115 		}
5116 	}
5117 
5118 	free(nvbuf);
5119 out:
5120 	return (err);
5121 }
5122 
5123 int
5124 zfs_set_fsacl(zfs_handle_t *zhp, boolean_t un, nvlist_t *nvl)
5125 {
5126 	zfs_cmd_t zc = { 0 };
5127 	libzfs_handle_t *hdl = zhp->zfs_hdl;
5128 	char *nvbuf;
5129 	char errbuf[1024];
5130 	size_t nvsz;
5131 	int err;
5132 
5133 	assert(zhp->zfs_type == ZFS_TYPE_VOLUME ||
5134 	    zhp->zfs_type == ZFS_TYPE_FILESYSTEM);
5135 
5136 	err = nvlist_size(nvl, &nvsz, NV_ENCODE_NATIVE);
5137 	assert(err == 0);
5138 
5139 	nvbuf = malloc(nvsz);
5140 
5141 	err = nvlist_pack(nvl, &nvbuf, &nvsz, NV_ENCODE_NATIVE, 0);
5142 	assert(err == 0);
5143 
5144 	zc.zc_nvlist_src_size = nvsz;
5145 	zc.zc_nvlist_src = (uintptr_t)nvbuf;
5146 	zc.zc_perm_action = un;
5147 
5148 	(void) strlcpy(zc.zc_name, zhp->zfs_name, sizeof (zc.zc_name));
5149 
5150 	if (zfs_ioctl(hdl, ZFS_IOC_SET_FSACL, &zc) != 0) {
5151 		(void) snprintf(errbuf, sizeof (errbuf),
5152 		    dgettext(TEXT_DOMAIN, "cannot set permissions on '%s'"),
5153 		    zc.zc_name);
5154 		switch (errno) {
5155 		case ENOTSUP:
5156 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
5157 			    "pool must be upgraded"));
5158 			err = zfs_error(hdl, EZFS_BADVERSION, errbuf);
5159 			break;
5160 		case EINVAL:
5161 			err = zfs_error(hdl, EZFS_BADTYPE, errbuf);
5162 			break;
5163 		case ENOENT:
5164 			err = zfs_error(hdl, EZFS_NOENT, errbuf);
5165 			break;
5166 		default:
5167 			err = zfs_standard_error_fmt(hdl, errno, errbuf);
5168 			break;
5169 		}
5170 	}
5171 
5172 	free(nvbuf);
5173 
5174 	return (err);
5175 }
5176 
5177 int
5178 zfs_get_holds(zfs_handle_t *zhp, nvlist_t **nvl)
5179 {
5180 	int err;
5181 	char errbuf[1024];
5182 
5183 	err = lzc_get_holds(zhp->zfs_name, nvl);
5184 
5185 	if (err != 0) {
5186 		libzfs_handle_t *hdl = zhp->zfs_hdl;
5187 
5188 		(void) snprintf(errbuf, sizeof (errbuf),
5189 		    dgettext(TEXT_DOMAIN, "cannot get holds for '%s'"),
5190 		    zhp->zfs_name);
5191 		switch (err) {
5192 		case ENOTSUP:
5193 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
5194 			    "pool must be upgraded"));
5195 			err = zfs_error(hdl, EZFS_BADVERSION, errbuf);
5196 			break;
5197 		case EINVAL:
5198 			err = zfs_error(hdl, EZFS_BADTYPE, errbuf);
5199 			break;
5200 		case ENOENT:
5201 			err = zfs_error(hdl, EZFS_NOENT, errbuf);
5202 			break;
5203 		default:
5204 			err = zfs_standard_error_fmt(hdl, errno, errbuf);
5205 			break;
5206 		}
5207 	}
5208 
5209 	return (err);
5210 }
5211 
5212 /*
5213  * The theory of raidz space accounting
5214  *
5215  * The "referenced" property of RAIDZ vdevs is scaled such that a 128KB block
5216  * will "reference" 128KB, even though it allocates more than that, to store the
5217  * parity information (and perhaps skip sectors). This concept of the
5218  * "referenced" (and other DMU space accounting) being lower than the allocated
5219  * space by a constant factor is called "raidz deflation."
5220  *
5221  * As mentioned above, the constant factor for raidz deflation assumes a 128KB
5222  * block size. However, zvols typically have a much smaller block size (default
5223  * 8KB). These smaller blocks may require proportionally much more parity
5224  * information (and perhaps skip sectors). In this case, the change to the
5225  * "referenced" property may be much more than the logical block size.
5226  *
5227  * Suppose a raidz vdev has 5 disks with ashift=12.  A 128k block may be written
5228  * as follows.
5229  *
5230  * +-------+-------+-------+-------+-------+
5231  * | disk1 | disk2 | disk3 | disk4 | disk5 |
5232  * +-------+-------+-------+-------+-------+
5233  * |  P0   |  D0   |  D8   |  D16  |  D24  |
5234  * |  P1   |  D1   |  D9   |  D17  |  D25  |
5235  * |  P2   |  D2   |  D10  |  D18  |  D26  |
5236  * |  P3   |  D3   |  D11  |  D19  |  D27  |
5237  * |  P4   |  D4   |  D12  |  D20  |  D28  |
5238  * |  P5   |  D5   |  D13  |  D21  |  D29  |
5239  * |  P6   |  D6   |  D14  |  D22  |  D30  |
5240  * |  P7   |  D7   |  D15  |  D23  |  D31  |
5241  * +-------+-------+-------+-------+-------+
5242  *
5243  * Above, notice that 160k was allocated: 8 x 4k parity sectors + 32 x 4k data
5244  * sectors.  The dataset's referenced will increase by 128k and the pool's
5245  * allocated and free properties will be adjusted by 160k.
5246  *
5247  * A 4k block written to the same raidz vdev will require two 4k sectors.  The
5248  * blank cells represent unallocated space.
5249  *
5250  * +-------+-------+-------+-------+-------+
5251  * | disk1 | disk2 | disk3 | disk4 | disk5 |
5252  * +-------+-------+-------+-------+-------+
5253  * |  P0   |  D0   |       |       |       |
5254  * +-------+-------+-------+-------+-------+
5255  *
5256  * Above, notice that the 4k block required one sector for parity and another
5257  * for data.  vdev_raidz_asize() will return 8k and as such the pool's allocated
5258  * and free properties will be adjusted by 8k.  The dataset will not be charged
5259  * 8k.  Rather, it will be charged a value that is scaled according to the
5260  * overhead of the 128k block on the same vdev.  This 8k allocation will be
5261  * charged 8k * 128k / 160k.  128k is from SPA_OLD_MAXBLOCKSIZE and 160k is as
5262  * calculated in the 128k block example above.
5263  *
5264  * Every raidz allocation is sized to be a multiple of nparity+1 sectors.  That
5265  * is, every raidz1 allocation will be a multiple of 2 sectors, raidz2
5266  * allocations are a multiple of 3 sectors, and raidz3 allocations are a
5267  * multiple of of 4 sectors.  When a block does not fill the required number of
5268  * sectors, skip blocks (sectors) are used.
5269  *
5270  * An 8k block being written to a raidz vdev may be written as follows:
5271  *
5272  * +-------+-------+-------+-------+-------+
5273  * | disk1 | disk2 | disk3 | disk4 | disk5 |
5274  * +-------+-------+-------+-------+-------+
5275  * |  P0   |  D0   |  D1   |  S0   |       |
5276  * +-------+-------+-------+-------+-------+
5277  *
5278  * In order to maintain the nparity+1 allocation size, a skip block (S0) was
5279  * added.  For this 8k block, the pool's allocated and free properties are
5280  * adjusted by 16k and the dataset's referenced is increased by 16k * 128k /
5281  * 160k.  Again, 128k is from SPA_OLD_MAXBLOCKSIZE and 160k is as calculated in
5282  * the 128k block example above.
5283  *
5284  * Compression may lead to a variety of block sizes being written for the same
5285  * volume or file.  There is no clear way to reserve just the amount of space
5286  * that will be required, so the worst case (no compression) is assumed.
5287  * Note that metadata blocks will typically be compressed, so the reservation
5288  * size returned by zvol_volsize_to_reservation() will generally be slightly
5289  * larger than the maximum that the volume can reference.
5290  */
5291 
5292 /*
5293  * Derived from function of same name in uts/common/fs/zfs/vdev_raidz.c.
5294  * Returns the amount of space (in bytes) that will be allocated for the
5295  * specified block size. Note that the "referenced" space accounted will be less
5296  * than this, but not necessarily equal to "blksize", due to RAIDZ deflation.
5297  */
5298 static uint64_t
5299 vdev_raidz_asize(uint64_t ndisks, uint64_t nparity, uint64_t ashift,
5300     uint64_t blksize)
5301 {
5302 	uint64_t asize, ndata;
5303 
5304 	ASSERT3U(ndisks, >, nparity);
5305 	ndata = ndisks - nparity;
5306 	asize = ((blksize - 1) >> ashift) + 1;
5307 	asize += nparity * ((asize + ndata - 1) / ndata);
5308 	asize = roundup(asize, nparity + 1) << ashift;
5309 
5310 	return (asize);
5311 }
5312 
5313 /*
5314  * Determine how much space will be allocated if it lands on the most space-
5315  * inefficient top-level vdev.  Returns the size in bytes required to store one
5316  * copy of the volume data.  See theory comment above.
5317  */
5318 static uint64_t
5319 volsize_from_vdevs(zpool_handle_t *zhp, uint64_t nblocks, uint64_t blksize)
5320 {
5321 	nvlist_t *config, *tree, **vdevs;
5322 	uint_t nvdevs, v;
5323 	uint64_t ret = 0;
5324 
5325 	config = zpool_get_config(zhp, NULL);
5326 	if (nvlist_lookup_nvlist(config, ZPOOL_CONFIG_VDEV_TREE, &tree) != 0 ||
5327 	    nvlist_lookup_nvlist_array(tree, ZPOOL_CONFIG_CHILDREN,
5328 	    &vdevs, &nvdevs) != 0) {
5329 		return (nblocks * blksize);
5330 	}
5331 
5332 	for (v = 0; v < nvdevs; v++) {
5333 		char *type;
5334 		uint64_t nparity, ashift, asize, tsize;
5335 		nvlist_t **disks;
5336 		uint_t ndisks;
5337 		uint64_t volsize;
5338 
5339 		if (nvlist_lookup_string(vdevs[v], ZPOOL_CONFIG_TYPE,
5340 		    &type) != 0 || strcmp(type, VDEV_TYPE_RAIDZ) != 0 ||
5341 		    nvlist_lookup_uint64(vdevs[v], ZPOOL_CONFIG_NPARITY,
5342 		    &nparity) != 0 ||
5343 		    nvlist_lookup_uint64(vdevs[v], ZPOOL_CONFIG_ASHIFT,
5344 		    &ashift) != 0 ||
5345 		    nvlist_lookup_nvlist_array(vdevs[v], ZPOOL_CONFIG_CHILDREN,
5346 		    &disks, &ndisks) != 0) {
5347 			continue;
5348 		}
5349 
5350 		/* allocation size for the "typical" 128k block */
5351 		tsize = vdev_raidz_asize(ndisks, nparity, ashift,
5352 		    SPA_OLD_MAXBLOCKSIZE);
5353 		/* allocation size for the blksize block */
5354 		asize = vdev_raidz_asize(ndisks, nparity, ashift, blksize);
5355 
5356 		/*
5357 		 * Scale this size down as a ratio of 128k / tsize.  See theory
5358 		 * statement above.
5359 		 */
5360 		volsize = nblocks * asize * SPA_OLD_MAXBLOCKSIZE / tsize;
5361 		if (volsize > ret) {
5362 			ret = volsize;
5363 		}
5364 	}
5365 
5366 	if (ret == 0) {
5367 		ret = nblocks * blksize;
5368 	}
5369 
5370 	return (ret);
5371 }
5372 
5373 /*
5374  * Convert the zvol's volume size to an appropriate reservation.  See theory
5375  * comment above.
5376  *
5377  * Note: If this routine is updated, it is necessary to update the ZFS test
5378  * suite's shell version in reservation.shlib.
5379  */
5380 uint64_t
5381 zvol_volsize_to_reservation(zpool_handle_t *zph, uint64_t volsize,
5382     nvlist_t *props)
5383 {
5384 	uint64_t numdb;
5385 	uint64_t nblocks, volblocksize;
5386 	int ncopies;
5387 	char *strval;
5388 
5389 	if (nvlist_lookup_string(props,
5390 	    zfs_prop_to_name(ZFS_PROP_COPIES), &strval) == 0)
5391 		ncopies = atoi(strval);
5392 	else
5393 		ncopies = 1;
5394 	if (nvlist_lookup_uint64(props,
5395 	    zfs_prop_to_name(ZFS_PROP_VOLBLOCKSIZE),
5396 	    &volblocksize) != 0)
5397 		volblocksize = ZVOL_DEFAULT_BLOCKSIZE;
5398 
5399 	nblocks = volsize / volblocksize;
5400 	/*
5401 	 * Metadata defaults to using 128k blocks, not volblocksize blocks.  For
5402 	 * this reason, only the data blocks are scaled based on vdev config.
5403 	 */
5404 	volsize = volsize_from_vdevs(zph, nblocks, volblocksize);
5405 
5406 	/* start with metadnode L0-L6 */
5407 	numdb = 7;
5408 	/* calculate number of indirects */
5409 	while (nblocks > 1) {
5410 		nblocks += DNODES_PER_LEVEL - 1;
5411 		nblocks /= DNODES_PER_LEVEL;
5412 		numdb += nblocks;
5413 	}
5414 	numdb *= MIN(SPA_DVAS_PER_BP, ncopies + 1);
5415 	volsize *= ncopies;
5416 	/*
5417 	 * this is exactly DN_MAX_INDBLKSHIFT when metadata isn't
5418 	 * compressed, but in practice they compress down to about
5419 	 * 1100 bytes
5420 	 */
5421 	numdb *= 1ULL << DN_MAX_INDBLKSHIFT;
5422 	volsize += numdb;
5423 	return (volsize);
5424 }
5425