1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21
22 /*
23 * Copyright 2014 Gary Mills
24 * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
25 */
26
27 #include <libsysevent.h>
28 #include <pthread.h>
29 #include <stdlib.h>
30 #include <errno.h>
31 #include <fnmatch.h>
32 #include <strings.h>
33 #include <unistd.h>
34 #include <assert.h>
35 #include <libgen.h>
36 #include <libintl.h>
37 #include <alloca.h>
38 #include <ctype.h>
39 #include <sys/acl.h>
40 #include <sys/stat.h>
41 #include <sys/brand.h>
42 #include <sys/mntio.h>
43 #include <sys/mnttab.h>
44 #include <sys/nvpair.h>
45 #include <sys/types.h>
46 #include <sys/sockio.h>
47 #include <sys/systeminfo.h>
48 #include <ftw.h>
49 #include <pool.h>
50 #include <libscf.h>
51 #include <libproc.h>
52 #include <sys/priocntl.h>
53 #include <libuutil.h>
54 #include <wait.h>
55 #include <bsm/adt.h>
56 #include <auth_attr.h>
57 #include <auth_list.h>
58 #include <secdb.h>
59 #include <user_attr.h>
60 #include <prof_attr.h>
61
62 #include <arpa/inet.h>
63 #include <netdb.h>
64
65 #include <libxml/xmlmemory.h>
66 #include <libxml/parser.h>
67
68 #include <libdevinfo.h>
69 #include <uuid/uuid.h>
70 #include <dirent.h>
71 #include <libbrand.h>
72
73 #include <libzonecfg.h>
74 #include "zonecfg_impl.h"
75
76 #define _PATH_TMPFILE "/zonecfg.XXXXXX"
77 #define ZONE_CB_RETRY_COUNT 10
78 #define ZONE_EVENT_PING_SUBCLASS "ping"
79 #define ZONE_EVENT_PING_PUBLISHER "solaris"
80
81 /* Hard-code the DTD element/attribute/entity names just once, here. */
82 #define DTD_ELEM_ATTR (const xmlChar *) "attr"
83 #define DTD_ELEM_COMMENT (const xmlChar *) "comment"
84 #define DTD_ELEM_DEVICE (const xmlChar *) "device"
85 #define DTD_ELEM_FS (const xmlChar *) "filesystem"
86 #define DTD_ELEM_FSOPTION (const xmlChar *) "fsoption"
87 #define DTD_ELEM_NET (const xmlChar *) "network"
88 #define DTD_ELEM_RCTL (const xmlChar *) "rctl"
89 #define DTD_ELEM_RCTLVALUE (const xmlChar *) "rctl-value"
90 #define DTD_ELEM_ZONE (const xmlChar *) "zone"
91 #define DTD_ELEM_DATASET (const xmlChar *) "dataset"
92 #define DTD_ELEM_TMPPOOL (const xmlChar *) "tmp_pool"
93 #define DTD_ELEM_PSET (const xmlChar *) "pset"
94 #define DTD_ELEM_MCAP (const xmlChar *) "mcap"
95 #define DTD_ELEM_PACKAGE (const xmlChar *) "package"
96 #define DTD_ELEM_OBSOLETES (const xmlChar *) "obsoletes"
97 #define DTD_ELEM_DEV_PERM (const xmlChar *) "dev-perm"
98 #define DTD_ELEM_ADMIN (const xmlChar *) "admin"
99
100 #define DTD_ATTR_ACTION (const xmlChar *) "action"
101 #define DTD_ATTR_ADDRESS (const xmlChar *) "address"
102 #define DTD_ATTR_ALLOWED_ADDRESS (const xmlChar *) "allowed-address"
103 #define DTD_ATTR_AUTOBOOT (const xmlChar *) "autoboot"
104 #define DTD_ATTR_IPTYPE (const xmlChar *) "ip-type"
105 #define DTD_ATTR_DEFROUTER (const xmlChar *) "defrouter"
106 #define DTD_ATTR_DIR (const xmlChar *) "directory"
107 #define DTD_ATTR_LIMIT (const xmlChar *) "limit"
108 #define DTD_ATTR_LIMITPRIV (const xmlChar *) "limitpriv"
109 #define DTD_ATTR_BOOTARGS (const xmlChar *) "bootargs"
110 #define DTD_ATTR_SCHED (const xmlChar *) "scheduling-class"
111 #define DTD_ATTR_MATCH (const xmlChar *) "match"
112 #define DTD_ATTR_NAME (const xmlChar *) "name"
113 #define DTD_ATTR_PHYSICAL (const xmlChar *) "physical"
114 #define DTD_ATTR_POOL (const xmlChar *) "pool"
115 #define DTD_ATTR_PRIV (const xmlChar *) "priv"
116 #define DTD_ATTR_RAW (const xmlChar *) "raw"
117 #define DTD_ATTR_SPECIAL (const xmlChar *) "special"
118 #define DTD_ATTR_TYPE (const xmlChar *) "type"
119 #define DTD_ATTR_VALUE (const xmlChar *) "value"
120 #define DTD_ATTR_ZONEPATH (const xmlChar *) "zonepath"
121 #define DTD_ATTR_NCPU_MIN (const xmlChar *) "ncpu_min"
122 #define DTD_ATTR_NCPU_MAX (const xmlChar *) "ncpu_max"
123 #define DTD_ATTR_IMPORTANCE (const xmlChar *) "importance"
124 #define DTD_ATTR_PHYSCAP (const xmlChar *) "physcap"
125 #define DTD_ATTR_VERSION (const xmlChar *) "version"
126 #define DTD_ATTR_ID (const xmlChar *) "id"
127 #define DTD_ATTR_UID (const xmlChar *) "uid"
128 #define DTD_ATTR_GID (const xmlChar *) "gid"
129 #define DTD_ATTR_MODE (const xmlChar *) "mode"
130 #define DTD_ATTR_ACL (const xmlChar *) "acl"
131 #define DTD_ATTR_BRAND (const xmlChar *) "brand"
132 #define DTD_ATTR_HOSTID (const xmlChar *) "hostid"
133 #define DTD_ATTR_USER (const xmlChar *) "user"
134 #define DTD_ATTR_AUTHS (const xmlChar *) "auths"
135 #define DTD_ATTR_FS_ALLOWED (const xmlChar *) "fs-allowed"
136
137 #define DTD_ENTITY_BOOLEAN "boolean"
138 #define DTD_ENTITY_DEVPATH "devpath"
139 #define DTD_ENTITY_DRIVER "driver"
140 #define DTD_ENTITY_DRVMIN "drv_min"
141 #define DTD_ENTITY_FALSE "false"
142 #define DTD_ENTITY_INT "int"
143 #define DTD_ENTITY_STRING "string"
144 #define DTD_ENTITY_TRUE "true"
145 #define DTD_ENTITY_UINT "uint"
146
147 #define DTD_ENTITY_BOOL_LEN 6 /* "false" */
148
149 #define ATTACH_FORCED "SUNWattached.xml"
150
151 #define TMP_POOL_NAME "SUNWtmp_%s"
152 #define MAX_TMP_POOL_NAME (ZONENAME_MAX + 9)
153 #define RCAP_SERVICE "system/rcap:default"
154 #define POOLD_SERVICE "system/pools/dynamic:default"
155
156 /*
157 * rctl alias definitions
158 *
159 * This holds the alias, the full rctl name, the default priv value, action
160 * and lower limit. The functions that handle rctl aliases step through
161 * this table, matching on the alias, and using the full values for setting
162 * the rctl entry as well the limit for validation.
163 */
164 static struct alias {
165 char *shortname;
166 char *realname;
167 char *priv;
168 char *action;
169 uint64_t low_limit;
170 } aliases[] = {
171 {ALIAS_MAXLWPS, "zone.max-lwps", "privileged", "deny", 100},
172 {ALIAS_MAXSHMMEM, "zone.max-shm-memory", "privileged", "deny", 0},
173 {ALIAS_MAXSHMIDS, "zone.max-shm-ids", "privileged", "deny", 0},
174 {ALIAS_MAXMSGIDS, "zone.max-msg-ids", "privileged", "deny", 0},
175 {ALIAS_MAXSEMIDS, "zone.max-sem-ids", "privileged", "deny", 0},
176 {ALIAS_MAXLOCKEDMEM, "zone.max-locked-memory", "privileged", "deny", 0},
177 {ALIAS_MAXSWAP, "zone.max-swap", "privileged", "deny", 0},
178 {ALIAS_SHARES, "zone.cpu-shares", "privileged", "none", 0},
179 {ALIAS_CPUCAP, "zone.cpu-cap", "privileged", "deny", 0},
180 {ALIAS_MAXPROCS, "zone.max-processes", "privileged", "deny", 100},
181 {NULL, NULL, NULL, NULL, 0}
182 };
183
184 /*
185 * Structure for applying rctls to a running zone. It allows important
186 * process values to be passed together easily.
187 */
188 typedef struct pr_info_handle {
189 struct ps_prochandle *pr;
190 pid_t pid;
191 } pr_info_handle_t;
192
193 struct zone_dochandle {
194 char *zone_dh_rootdir;
195 xmlDocPtr zone_dh_doc;
196 xmlNodePtr zone_dh_cur;
197 xmlNodePtr zone_dh_top;
198 boolean_t zone_dh_newzone;
199 boolean_t zone_dh_snapshot;
200 boolean_t zone_dh_sw_inv;
201 zone_userauths_t *zone_dh_userauths;
202 char zone_dh_delete_name[ZONENAME_MAX];
203 };
204
205 struct znotify {
206 void * zn_private;
207 evchan_t *zn_eventchan;
208 int (*zn_callback)(const char *zonename, zoneid_t zid,
209 const char *newstate, const char *oldstate, hrtime_t when, void *p);
210 pthread_mutex_t zn_mutex;
211 pthread_cond_t zn_cond;
212 pthread_mutex_t zn_bigmutex;
213 volatile enum {ZN_UNLOCKED, ZN_LOCKED, ZN_PING_INFLIGHT,
214 ZN_PING_RECEIVED} zn_state;
215 char zn_subscriber_id[MAX_SUBID_LEN];
216 volatile boolean_t zn_failed;
217 int zn_failure_count;
218 };
219
220 /* used to track nested zone-lock operations */
221 static int zone_lock_cnt = 0;
222
223 /* used to communicate lock status to children */
224 #define LOCK_ENV_VAR "_ZONEADM_LOCK_HELD"
225 static char zoneadm_lock_held[] = LOCK_ENV_VAR"=1";
226 static char zoneadm_lock_not_held[] = LOCK_ENV_VAR"=0";
227
228 char *zonecfg_root = "";
229
230 /*
231 * For functions which return int, which is most of the functions herein,
232 * the return values should be from the Z_foo set defined in <libzonecfg.h>.
233 * In some instances, we take pains mapping some libc errno values to Z_foo
234 * values from this set.
235 */
236
237 /*
238 * Set the root (/) path for all zonecfg configuration files. This is a
239 * private interface used by Live Upgrade extensions to access zone
240 * configuration inside mounted alternate boot environments.
241 * This interface is also used by zoneadm mount and unmount subcommands.
242 */
243 void
244 zonecfg_set_root(const char *rootpath)
245 {
246 if (*zonecfg_root != '\0')
247 free(zonecfg_root);
248 if (rootpath == NULL || rootpath[0] == '\0' || rootpath[1] == '\0' ||
249 (zonecfg_root = strdup(rootpath)) == NULL)
250 zonecfg_root = "";
251 }
252
253 const char *
254 zonecfg_get_root(void)
255 {
256 return (zonecfg_root);
257 }
258
259 boolean_t
260 zonecfg_in_alt_root(void)
261 {
262 return (*zonecfg_root != '\0');
263 }
264
265 /*
266 * Callers of the _file_path() functions are expected to have the second
267 * parameter be a (char foo[MAXPATHLEN]).
268 */
269
270 static boolean_t
271 config_file_path(const char *zonename, char *answer)
272 {
273 return (snprintf(answer, MAXPATHLEN, "%s%s/%s.xml", zonecfg_root,
274 ZONE_CONFIG_ROOT, zonename) < MAXPATHLEN);
275 }
276
277 static boolean_t
278 snap_file_path(const char *zonename, char *answer)
279 {
280 return (snprintf(answer, MAXPATHLEN, "%s%s/%s.snapshot.xml",
281 zonecfg_root, ZONE_SNAPSHOT_ROOT, zonename) < MAXPATHLEN);
282 }
283
284 /*ARGSUSED*/
285 static void
286 zonecfg_error_func(void *ctx, const char *msg, ...)
287 {
288 /*
289 * This function does nothing by design. Its purpose is to prevent
290 * libxml from dumping unwanted messages to stdout/stderr.
291 */
292 }
293
294 zone_dochandle_t
295 zonecfg_init_handle(void)
296 {
297 zone_dochandle_t handle = calloc(1, sizeof (struct zone_dochandle));
298 if (handle == NULL) {
299 errno = Z_NOMEM;
300 return (NULL);
301 }
302
303 /* generic libxml initialization */
304 (void) xmlLineNumbersDefault(1);
305 xmlLoadExtDtdDefaultValue |= XML_DETECT_IDS;
306 xmlDoValidityCheckingDefaultValue = 1;
307 (void) xmlKeepBlanksDefault(0);
308 xmlGetWarningsDefaultValue = 0;
309 xmlSetGenericErrorFunc(NULL, zonecfg_error_func);
310
311 return (handle);
312 }
313
314 int
315 zonecfg_check_handle(zone_dochandle_t handle)
316 {
317 if (handle == NULL || handle->zone_dh_doc == NULL)
318 return (Z_BAD_HANDLE);
319 return (Z_OK);
320 }
321
322 void
323 zonecfg_fini_handle(zone_dochandle_t handle)
324 {
325 if (zonecfg_check_handle(handle) == Z_OK)
326 xmlFreeDoc(handle->zone_dh_doc);
327 if (handle != NULL)
328 free(handle);
329 }
330
331 static int
332 zonecfg_destroy_impl(char *filename)
333 {
334 if (unlink(filename) == -1) {
335 if (errno == EACCES)
336 return (Z_ACCES);
337 if (errno == ENOENT)
338 return (Z_NO_ZONE);
339 return (Z_MISC_FS);
340 }
341 return (Z_OK);
342 }
343
344 int
345 zonecfg_destroy(const char *zonename, boolean_t force)
346 {
347 char path[MAXPATHLEN];
348 struct zoneent ze;
349 int err, state_err;
350 zone_state_t state;
351
352 if (!config_file_path(zonename, path))
353 return (Z_MISC_FS);
354
355 state_err = zone_get_state((char *)zonename, &state);
356 err = access(path, W_OK);
357
358 /*
359 * If there is no file, and no index entry, reliably indicate that no
360 * such zone exists.
361 */
362 if ((state_err == Z_NO_ZONE) && (err == -1) && (errno == ENOENT))
363 return (Z_NO_ZONE);
364
365 /*
366 * Handle any other filesystem related errors (except if the XML
367 * file is missing, which we treat silently), unless we're forcing,
368 * in which case we plow on.
369 */
370 if (err == -1 && errno != ENOENT) {
371 if (errno == EACCES)
372 return (Z_ACCES);
373 else if (!force)
374 return (Z_MISC_FS);
375 }
376
377 if (state > ZONE_STATE_INSTALLED)
378 return (Z_BAD_ZONE_STATE);
379
380 if (!force && state > ZONE_STATE_CONFIGURED)
381 return (Z_BAD_ZONE_STATE);
382
383 /*
384 * Index deletion succeeds even if the entry doesn't exist. So this
385 * will fail only if we've had some more severe problem.
386 */
387 bzero(&ze, sizeof (ze));
388 (void) strlcpy(ze.zone_name, zonename, sizeof (ze.zone_name));
389 if ((err = putzoneent(&ze, PZE_REMOVE)) != Z_OK)
390 if (!force)
391 return (err);
392
393 err = zonecfg_destroy_impl(path);
394
395 /*
396 * Treat failure to find the XML file silently, since, well, it's
397 * gone, and with the index file cleaned up, we're done.
398 */
399 if (err == Z_OK || err == Z_NO_ZONE)
400 return (Z_OK);
401 return (err);
402 }
403
404 int
405 zonecfg_destroy_snapshot(const char *zonename)
406 {
407 char path[MAXPATHLEN];
408
409 if (!snap_file_path(zonename, path))
410 return (Z_MISC_FS);
411 return (zonecfg_destroy_impl(path));
412 }
413
414 static int
415 getroot(zone_dochandle_t handle, xmlNodePtr *root)
416 {
417 if (zonecfg_check_handle(handle) == Z_BAD_HANDLE)
418 return (Z_BAD_HANDLE);
419
420 *root = xmlDocGetRootElement(handle->zone_dh_doc);
421
422 if (*root == NULL)
423 return (Z_EMPTY_DOCUMENT);
424
425 if (xmlStrcmp((*root)->name, DTD_ELEM_ZONE))
426 return (Z_WRONG_DOC_TYPE);
427
428 return (Z_OK);
429 }
430
431 static int
432 operation_prep(zone_dochandle_t handle)
433 {
434 xmlNodePtr root;
435 int err;
436
437 if ((err = getroot(handle, &root)) != 0)
438 return (err);
439
440 handle->zone_dh_cur = root;
441 handle->zone_dh_top = root;
442 return (Z_OK);
443 }
444
445 static int
446 fetchprop(xmlNodePtr cur, const xmlChar *propname, char *dst, size_t dstsize)
447 {
448 xmlChar *property;
449 size_t srcsize;
450
451 if ((property = xmlGetProp(cur, propname)) == NULL)
452 return (Z_BAD_PROPERTY);
453 srcsize = strlcpy(dst, (char *)property, dstsize);
454 xmlFree(property);
455 if (srcsize >= dstsize)
456 return (Z_TOO_BIG);
457 return (Z_OK);
458 }
459
460 static int
461 fetch_alloc_prop(xmlNodePtr cur, const xmlChar *propname, char **dst)
462 {
463 xmlChar *property;
464
465 if ((property = xmlGetProp(cur, propname)) == NULL)
466 return (Z_BAD_PROPERTY);
467 if ((*dst = strdup((char *)property)) == NULL) {
468 xmlFree(property);
469 return (Z_NOMEM);
470 }
471 xmlFree(property);
472 return (Z_OK);
473 }
474
475 static int
476 getrootattr(zone_dochandle_t handle, const xmlChar *propname,
477 char *propval, size_t propsize)
478 {
479 xmlNodePtr root;
480 int err;
481
482 if ((err = getroot(handle, &root)) != 0)
483 return (err);
484
485 return (fetchprop(root, propname, propval, propsize));
486 }
487
488 static int
489 get_alloc_rootattr(zone_dochandle_t handle, const xmlChar *propname,
490 char **propval)
491 {
492 xmlNodePtr root;
493 int err;
494
495 if ((err = getroot(handle, &root)) != 0)
496 return (err);
497
498 return (fetch_alloc_prop(root, propname, propval));
499 }
500
501 static int
502 setrootattr(zone_dochandle_t handle, const xmlChar *propname,
503 const char *propval)
504 {
505 int err;
506 xmlNodePtr root;
507
508 if ((err = getroot(handle, &root)) != Z_OK)
509 return (err);
510
511 /*
512 * If we get a null propval remove the property (ignore return since it
513 * may not be set to begin with).
514 */
515 if (propval == NULL) {
516 (void) xmlUnsetProp(root, propname);
517 } else {
518 if (xmlSetProp(root, propname, (const xmlChar *) propval)
519 == NULL)
520 return (Z_INVAL);
521 }
522 return (Z_OK);
523 }
524
525 static void
526 addcomment(zone_dochandle_t handle, const char *comment)
527 {
528 xmlNodePtr node;
529 node = xmlNewComment((xmlChar *) comment);
530
531 if (node != NULL)
532 (void) xmlAddPrevSibling(handle->zone_dh_top, node);
533 }
534
535 static void
536 stripcomments(zone_dochandle_t handle)
537 {
538 xmlDocPtr top;
539 xmlNodePtr child, next;
540
541 top = handle->zone_dh_doc;
542 for (child = top->xmlChildrenNode; child != NULL; child = next) {
543 next = child->next;
544 if (child->name == NULL)
545 continue;
546 if (xmlStrcmp(child->name, DTD_ELEM_COMMENT) == 0) {
547 next = child->next;
548 xmlUnlinkNode(child);
549 xmlFreeNode(child);
550 }
551 }
552 }
553
554 static void
555 strip_sw_inv(zone_dochandle_t handle)
556 {
557 xmlNodePtr root, child, next;
558
559 root = xmlDocGetRootElement(handle->zone_dh_doc);
560 for (child = root->xmlChildrenNode; child != NULL; child = next) {
561 next = child->next;
562 if (child->name == NULL)
563 continue;
564 if (xmlStrcmp(child->name, DTD_ELEM_PACKAGE) == 0) {
565 next = child->next;
566 xmlUnlinkNode(child);
567 xmlFreeNode(child);
568 }
569 }
570 }
571
572 static int
573 zonecfg_get_handle_impl(const char *zonename, const char *filename,
574 zone_dochandle_t handle)
575 {
576 xmlValidCtxtPtr cvp;
577 struct stat statbuf;
578 int valid;
579
580 if (zonename == NULL)
581 return (Z_NO_ZONE);
582
583 if ((handle->zone_dh_doc = xmlParseFile(filename)) == NULL) {
584 /* distinguish file not found vs. found but not parsed */
585 if (stat(filename, &statbuf) == 0)
586 return (Z_INVALID_DOCUMENT);
587 return (Z_NO_ZONE);
588 }
589 if ((cvp = xmlNewValidCtxt()) == NULL)
590 return (Z_NOMEM);
591 cvp->error = zonecfg_error_func;
592 cvp->warning = zonecfg_error_func;
593 valid = xmlValidateDocument(cvp, handle->zone_dh_doc);
594 xmlFreeValidCtxt(cvp);
595 if (valid == 0)
596 return (Z_INVALID_DOCUMENT);
597
598 /* delete any comments such as inherited Sun copyright / ident str */
599 stripcomments(handle);
600 return (Z_OK);
601 }
602
603 int
604 zonecfg_get_handle(const char *zonename, zone_dochandle_t handle)
605 {
606 char path[MAXPATHLEN];
607
608 if (!config_file_path(zonename, path))
609 return (Z_MISC_FS);
610 handle->zone_dh_newzone = B_FALSE;
611
612 return (zonecfg_get_handle_impl(zonename, path, handle));
613 }
614
615 int
616 zonecfg_get_attach_handle(const char *path, const char *fname,
617 const char *zonename, boolean_t preserve_sw, zone_dochandle_t handle)
618 {
619 char migpath[MAXPATHLEN];
620 int err;
621 struct stat buf;
622
623 if (snprintf(migpath, sizeof (migpath), "%s/root", path) >=
624 sizeof (migpath))
625 return (Z_NOMEM);
626
627 if (stat(migpath, &buf) == -1 || !S_ISDIR(buf.st_mode))
628 return (Z_NO_ZONE);
629
630 if (snprintf(migpath, sizeof (migpath), "%s/%s", path, fname) >=
631 sizeof (migpath))
632 return (Z_NOMEM);
633
634 if ((err = zonecfg_get_handle_impl(zonename, migpath, handle)) != Z_OK)
635 return (err);
636
637 if (!preserve_sw)
638 strip_sw_inv(handle);
639
640 handle->zone_dh_newzone = B_TRUE;
641 if ((err = setrootattr(handle, DTD_ATTR_ZONEPATH, path)) != Z_OK)
642 return (err);
643
644 return (setrootattr(handle, DTD_ATTR_NAME, zonename));
645 }
646
647 int
648 zonecfg_get_snapshot_handle(const char *zonename, zone_dochandle_t handle)
649 {
650 char path[MAXPATHLEN];
651
652 if (!snap_file_path(zonename, path))
653 return (Z_MISC_FS);
654 handle->zone_dh_newzone = B_FALSE;
655 return (zonecfg_get_handle_impl(zonename, path, handle));
656 }
657
658 int
659 zonecfg_get_template_handle(const char *template, const char *zonename,
660 zone_dochandle_t handle)
661 {
662 char path[MAXPATHLEN];
663 int err;
664
665 if (!config_file_path(template, path))
666 return (Z_MISC_FS);
667
668 if ((err = zonecfg_get_handle_impl(template, path, handle)) != Z_OK)
669 return (err);
670 handle->zone_dh_newzone = B_TRUE;
671 return (setrootattr(handle, DTD_ATTR_NAME, zonename));
672 }
673
674 int
675 zonecfg_get_xml_handle(const char *path, zone_dochandle_t handle)
676 {
677 struct stat buf;
678 int err;
679
680 if (stat(path, &buf) == -1)
681 return (Z_MISC_FS);
682
683 if ((err = zonecfg_get_handle_impl("xml", path, handle)) != Z_OK)
684 return (err);
685 handle->zone_dh_newzone = B_TRUE;
686 return (Z_OK);
687 }
688
689 /*
690 * Initialize two handles from the manifest read on fd. The rem_handle
691 * is initialized from the input file, including the sw inventory. The
692 * local_handle is initialized with the same zone configuration but with
693 * no sw inventory.
694 */
695 int
696 zonecfg_attach_manifest(int fd, zone_dochandle_t local_handle,
697 zone_dochandle_t rem_handle)
698 {
699 xmlValidCtxtPtr cvp;
700 int valid;
701
702 /* load the manifest into the handle for the remote system */
703 if ((rem_handle->zone_dh_doc = xmlReadFd(fd, NULL, NULL, 0)) == NULL) {
704 return (Z_INVALID_DOCUMENT);
705 }
706 if ((cvp = xmlNewValidCtxt()) == NULL)
707 return (Z_NOMEM);
708 cvp->error = zonecfg_error_func;
709 cvp->warning = zonecfg_error_func;
710 valid = xmlValidateDocument(cvp, rem_handle->zone_dh_doc);
711 xmlFreeValidCtxt(cvp);
712 if (valid == 0)
713 return (Z_INVALID_DOCUMENT);
714
715 /* delete any comments such as inherited Sun copyright / ident str */
716 stripcomments(rem_handle);
717
718 rem_handle->zone_dh_newzone = B_TRUE;
719 rem_handle->zone_dh_sw_inv = B_TRUE;
720
721 /*
722 * Now use the remote system handle to generate a local system handle
723 * with an identical zones configuration but no sw inventory.
724 */
725 if ((local_handle->zone_dh_doc = xmlCopyDoc(rem_handle->zone_dh_doc,
726 1)) == NULL) {
727 return (Z_INVALID_DOCUMENT);
728 }
729
730 /*
731 * We need to re-run xmlValidateDocument on local_handle to properly
732 * update the in-core representation of the configuration.
733 */
734 if ((cvp = xmlNewValidCtxt()) == NULL)
735 return (Z_NOMEM);
736 cvp->error = zonecfg_error_func;
737 cvp->warning = zonecfg_error_func;
738 valid = xmlValidateDocument(cvp, local_handle->zone_dh_doc);
739 xmlFreeValidCtxt(cvp);
740 if (valid == 0)
741 return (Z_INVALID_DOCUMENT);
742
743 strip_sw_inv(local_handle);
744
745 local_handle->zone_dh_newzone = B_TRUE;
746 local_handle->zone_dh_sw_inv = B_FALSE;
747
748 return (Z_OK);
749 }
750
751 static boolean_t
752 is_renaming(zone_dochandle_t handle)
753 {
754 if (handle->zone_dh_newzone)
755 return (B_FALSE);
756 if (strlen(handle->zone_dh_delete_name) > 0)
757 return (B_TRUE);
758 return (B_FALSE);
759 }
760
761 static boolean_t
762 is_new(zone_dochandle_t handle)
763 {
764 return (handle->zone_dh_newzone || handle->zone_dh_snapshot);
765 }
766
767 static boolean_t
768 is_snapshot(zone_dochandle_t handle)
769 {
770 return (handle->zone_dh_snapshot);
771 }
772
773 /*
774 * It would be great to be able to use libc's ctype(3c) macros, but we
775 * can't, as they are locale sensitive, and it would break our limited thread
776 * safety if this routine had to change the app locale on the fly.
777 */
778 int
779 zonecfg_validate_zonename(const char *zone)
780 {
781 int i;
782
783 if (strcmp(zone, GLOBAL_ZONENAME) == 0)
784 return (Z_BOGUS_ZONE_NAME);
785
786 if (strlen(zone) >= ZONENAME_MAX)
787 return (Z_BOGUS_ZONE_NAME);
788
789 if (!((zone[0] >= 'a' && zone[0] <= 'z') ||
790 (zone[0] >= 'A' && zone[0] <= 'Z') ||
791 (zone[0] >= '0' && zone[0] <= '9')))
792 return (Z_BOGUS_ZONE_NAME);
793
794 for (i = 1; zone[i] != '\0'; i++) {
795 if (!((zone[i] >= 'a' && zone[i] <= 'z') ||
796 (zone[i] >= 'A' && zone[i] <= 'Z') ||
797 (zone[i] >= '0' && zone[i] <= '9') ||
798 (zone[i] == '-') || (zone[i] == '_') || (zone[i] == '.')))
799 return (Z_BOGUS_ZONE_NAME);
800 }
801
802 return (Z_OK);
803 }
804
805 /*
806 * Changing the zone name requires us to track both the old and new
807 * name of the zone until commit time.
808 */
809 int
810 zonecfg_get_name(zone_dochandle_t handle, char *name, size_t namesize)
811 {
812 return (getrootattr(handle, DTD_ATTR_NAME, name, namesize));
813 }
814
815 static int
816 insert_admins(zone_dochandle_t handle, char *zonename)
817 {
818 int err;
819 struct zone_admintab admintab;
820
821 if ((err = zonecfg_setadminent(handle)) != Z_OK) {
822 return (err);
823 }
824 while (zonecfg_getadminent(handle, &admintab) == Z_OK) {
825 err = zonecfg_insert_userauths(handle,
826 admintab.zone_admin_user, zonename);
827 if (err != Z_OK) {
828 (void) zonecfg_endadminent(handle);
829 return (err);
830 }
831 }
832 (void) zonecfg_endadminent(handle);
833 return (Z_OK);
834 }
835
836 int
837 zonecfg_set_name(zone_dochandle_t handle, char *name)
838 {
839 zone_state_t state;
840 char curname[ZONENAME_MAX], old_delname[ZONENAME_MAX];
841 int err;
842
843 if ((err = getrootattr(handle, DTD_ATTR_NAME, curname,
844 sizeof (curname))) != Z_OK)
845 return (err);
846
847 if (strcmp(name, curname) == 0)
848 return (Z_OK);
849
850 /*
851 * Switching zone names to one beginning with SUNW is not permitted.
852 */
853 if (strncmp(name, "SUNW", 4) == 0)
854 return (Z_BOGUS_ZONE_NAME);
855
856 if ((err = zonecfg_validate_zonename(name)) != Z_OK)
857 return (err);
858
859 /*
860 * Setting the name back to the original name (effectively a revert of
861 * the name) is fine. But if we carry on, we'll falsely identify the
862 * name as "in use," so special case here.
863 */
864 if (strcmp(name, handle->zone_dh_delete_name) == 0) {
865 err = setrootattr(handle, DTD_ATTR_NAME, name);
866 handle->zone_dh_delete_name[0] = '\0';
867 return (err);
868 }
869
870 /* Check to see if new name chosen is already in use */
871 if (zone_get_state(name, &state) != Z_NO_ZONE)
872 return (Z_NAME_IN_USE);
873
874 /*
875 * If this isn't already "new" or in a renaming transition, then
876 * we're initiating a rename here; so stash the "delete name"
877 * (i.e. the name of the zone we'll be removing) for the rename.
878 */
879 (void) strlcpy(old_delname, handle->zone_dh_delete_name,
880 sizeof (old_delname));
881 if (!is_new(handle) && !is_renaming(handle)) {
882 /*
883 * Name change is allowed only when the zone we're altering
884 * is not ready or running.
885 */
886 err = zone_get_state(curname, &state);
887 if (err == Z_OK) {
888 if (state > ZONE_STATE_INSTALLED)
889 return (Z_BAD_ZONE_STATE);
890 } else if (err != Z_NO_ZONE) {
891 return (err);
892 }
893
894 (void) strlcpy(handle->zone_dh_delete_name, curname,
895 sizeof (handle->zone_dh_delete_name));
896 assert(is_renaming(handle));
897 } else if (is_renaming(handle)) {
898 err = zone_get_state(handle->zone_dh_delete_name, &state);
899 if (err == Z_OK) {
900 if (state > ZONE_STATE_INSTALLED)
901 return (Z_BAD_ZONE_STATE);
902 } else if (err != Z_NO_ZONE) {
903 return (err);
904 }
905 }
906
907 if ((err = setrootattr(handle, DTD_ATTR_NAME, name)) != Z_OK) {
908 /*
909 * Restore the deletename to whatever it was at the
910 * top of the routine, since we've had a failure.
911 */
912 (void) strlcpy(handle->zone_dh_delete_name, old_delname,
913 sizeof (handle->zone_dh_delete_name));
914 return (err);
915 }
916
917 /*
918 * Record the old admins from the old zonename
919 * so that they can be deleted when the operation is committed.
920 */
921 if ((err = insert_admins(handle, curname)) != Z_OK)
922 return (err);
923 else
924 return (Z_OK);
925 }
926
927 int
928 zonecfg_get_zonepath(zone_dochandle_t handle, char *path, size_t pathsize)
929 {
930 size_t len;
931
932 if ((len = strlcpy(path, zonecfg_root, pathsize)) >= pathsize)
933 return (Z_TOO_BIG);
934 return (getrootattr(handle, DTD_ATTR_ZONEPATH, path + len,
935 pathsize - len));
936 }
937
938 int
939 zonecfg_set_zonepath(zone_dochandle_t handle, char *zonepath)
940 {
941 size_t len;
942 char *modpath, *copy_mp, *curr_mp; /* modified path ptrs */
943 char last_copied;
944 int ret;
945
946 /*
947 * Collapse multiple contiguous slashes and remove trailing slash.
948 */
949 modpath = strdup(zonepath);
950 if (modpath == NULL)
951 return (Z_NOMEM);
952 last_copied = '\0';
953 for (copy_mp = curr_mp = modpath; *curr_mp != '\0'; curr_mp++) {
954 if (*curr_mp != '/' || last_copied != '/') {
955 last_copied = *copy_mp = *curr_mp;
956 copy_mp++;
957 }
958 }
959 if (last_copied == '/')
960 copy_mp--;
961 *copy_mp = '\0';
962
963 /*
964 * The user deals in absolute paths in the running global zone, but the
965 * internal configuration files deal with boot environment relative
966 * paths. Strip out the alternate root when specified.
967 */
968 len = strlen(zonecfg_root);
969 if (strncmp(modpath, zonecfg_root, len) != 0 || modpath[len] != '/') {
970 free(modpath);
971 return (Z_BAD_PROPERTY);
972 }
973 curr_mp = modpath + len;
974 ret = setrootattr(handle, DTD_ATTR_ZONEPATH, curr_mp);
975 free(modpath);
976 return (ret);
977 }
978
979 static int
980 i_zonecfg_get_brand(zone_dochandle_t handle, char *brand, size_t brandsize,
981 boolean_t default_query)
982 {
983 int ret, sz;
984
985 ret = getrootattr(handle, DTD_ATTR_BRAND, brand, brandsize);
986
987 /*
988 * If the lookup failed, or succeeded in finding a non-null brand
989 * string then return.
990 */
991 if (ret != Z_OK || brand[0] != '\0')
992 return (ret);
993
994 if (!default_query) {
995 /* If the zone has no brand, it is the default brand. */
996 return (zonecfg_default_brand(brand, brandsize));
997 }
998
999 /* if SUNWdefault didn't specify a brand, fallback to "native" */
1000 sz = strlcpy(brand, NATIVE_BRAND_NAME, brandsize);
1001 if (sz >= brandsize)
1002 return (Z_TOO_BIG);
1003 return (Z_OK);
1004 }
1005
1006 int
1007 zonecfg_get_brand(zone_dochandle_t handle, char *brand, size_t brandsize)
1008 {
1009 return (i_zonecfg_get_brand(handle, brand, brandsize, B_FALSE));
1010 }
1011
1012 int
1013 zonecfg_set_brand(zone_dochandle_t handle, char *brand)
1014 {
1015 return (setrootattr(handle, DTD_ATTR_BRAND, brand));
1016 }
1017
1018 int
1019 zonecfg_get_autoboot(zone_dochandle_t handle, boolean_t *autoboot)
1020 {
1021 char autobootstr[DTD_ENTITY_BOOL_LEN];
1022 int ret;
1023
1024 if ((ret = getrootattr(handle, DTD_ATTR_AUTOBOOT, autobootstr,
1025 sizeof (autobootstr))) != Z_OK)
1026 return (ret);
1027
1028 if (strcmp(autobootstr, DTD_ENTITY_TRUE) == 0)
1029 *autoboot = B_TRUE;
1030 else if (strcmp(autobootstr, DTD_ENTITY_FALSE) == 0)
1031 *autoboot = B_FALSE;
1032 else
1033 ret = Z_BAD_PROPERTY;
1034 return (ret);
1035 }
1036
1037 int
1038 zonecfg_set_autoboot(zone_dochandle_t handle, boolean_t autoboot)
1039 {
1040 return (setrootattr(handle, DTD_ATTR_AUTOBOOT,
1041 autoboot ? DTD_ENTITY_TRUE : DTD_ENTITY_FALSE));
1042 }
1043
1044 int
1045 zonecfg_get_pool(zone_dochandle_t handle, char *pool, size_t poolsize)
1046 {
1047 return (getrootattr(handle, DTD_ATTR_POOL, pool, poolsize));
1048 }
1049
1050 int
1051 zonecfg_set_pool(zone_dochandle_t handle, char *pool)
1052 {
1053 return (setrootattr(handle, DTD_ATTR_POOL, pool));
1054 }
1055
1056 int
1057 zonecfg_get_limitpriv(zone_dochandle_t handle, char **limitpriv)
1058 {
1059 return (get_alloc_rootattr(handle, DTD_ATTR_LIMITPRIV, limitpriv));
1060 }
1061
1062 int
1063 zonecfg_set_limitpriv(zone_dochandle_t handle, char *limitpriv)
1064 {
1065 return (setrootattr(handle, DTD_ATTR_LIMITPRIV, limitpriv));
1066 }
1067
1068 int
1069 zonecfg_get_bootargs(zone_dochandle_t handle, char *bargs, size_t bargssize)
1070 {
1071 return (getrootattr(handle, DTD_ATTR_BOOTARGS, bargs, bargssize));
1072 }
1073
1074 int
1075 zonecfg_set_bootargs(zone_dochandle_t handle, char *bargs)
1076 {
1077 return (setrootattr(handle, DTD_ATTR_BOOTARGS, bargs));
1078 }
1079
1080 int
1081 zonecfg_get_sched_class(zone_dochandle_t handle, char *sched, size_t schedsize)
1082 {
1083 return (getrootattr(handle, DTD_ATTR_SCHED, sched, schedsize));
1084 }
1085
1086 int
1087 zonecfg_set_sched(zone_dochandle_t handle, char *sched)
1088 {
1089 return (setrootattr(handle, DTD_ATTR_SCHED, sched));
1090 }
1091
1092 /*
1093 * /etc/zones/index caches a vital piece of information which is also
1094 * in the <zonename>.xml file: the path to the zone. This is for performance,
1095 * since we need to walk all zonepath's in order to be able to detect conflicts
1096 * (see crosscheck_zonepaths() in the zoneadm command).
1097 *
1098 * An additional complexity is that when doing a rename, we'd like the entire
1099 * index update operation (rename, and potential state changes) to be atomic.
1100 * In general, the operation of this function should succeed or fail as
1101 * a unit.
1102 */
1103 int
1104 zonecfg_refresh_index_file(zone_dochandle_t handle)
1105 {
1106 char name[ZONENAME_MAX], zonepath[MAXPATHLEN];
1107 struct zoneent ze;
1108 int err;
1109 int opcode;
1110 char *zn;
1111
1112 bzero(&ze, sizeof (ze));
1113 ze.zone_state = -1; /* Preserve existing state in index */
1114
1115 if ((err = zonecfg_get_name(handle, name, sizeof (name))) != Z_OK)
1116 return (err);
1117 (void) strlcpy(ze.zone_name, name, sizeof (ze.zone_name));
1118
1119 if ((err = zonecfg_get_zonepath(handle, zonepath,
1120 sizeof (zonepath))) != Z_OK)
1121 return (err);
1122 (void) strlcpy(ze.zone_path, zonepath + strlen(zonecfg_root),
1123 sizeof (ze.zone_path));
1124
1125 if (is_renaming(handle)) {
1126 opcode = PZE_MODIFY;
1127 (void) strlcpy(ze.zone_name, handle->zone_dh_delete_name,
1128 sizeof (ze.zone_name));
1129 (void) strlcpy(ze.zone_newname, name, sizeof (ze.zone_newname));
1130 } else if (is_new(handle)) {
1131 FILE *cookie;
1132 /*
1133 * Be tolerant of the zone already existing in the index file,
1134 * since we might be forcibly overwriting an existing
1135 * configuration with a new one (for example 'create -F'
1136 * in zonecfg).
1137 */
1138 opcode = PZE_ADD;
1139 cookie = setzoneent();
1140 while ((zn = getzoneent(cookie)) != NULL) {
1141 if (strcmp(zn, name) == 0) {
1142 opcode = PZE_MODIFY;
1143 free(zn);
1144 break;
1145 }
1146 free(zn);
1147 }
1148 endzoneent(cookie);
1149 ze.zone_state = ZONE_STATE_CONFIGURED;
1150 } else {
1151 opcode = PZE_MODIFY;
1152 }
1153
1154 if ((err = putzoneent(&ze, opcode)) != Z_OK)
1155 return (err);
1156
1157 return (Z_OK);
1158 }
1159
1160 /*
1161 * The goal of this routine is to cause the index file update and the
1162 * document save to happen as an atomic operation. We do the document
1163 * first, saving a backup copy using a hard link; if that succeeds, we go
1164 * on to the index. If that fails, we roll the document back into place.
1165 *
1166 * Strategy:
1167 *
1168 * New zone 'foo' configuration:
1169 * Create tmpfile (zonecfg.xxxxxx)
1170 * Write XML to tmpfile
1171 * Rename tmpfile to xmlfile (zonecfg.xxxxxx -> foo.xml)
1172 * Add entry to index file
1173 * If it fails, delete foo.xml, leaving nothing behind.
1174 *
1175 * Save existing zone 'foo':
1176 * Make backup of foo.xml -> .backup
1177 * Create tmpfile (zonecfg.xxxxxx)
1178 * Write XML to tmpfile
1179 * Rename tmpfile to xmlfile (zonecfg.xxxxxx -> foo.xml)
1180 * Modify index file as needed
1181 * If it fails, recover from .backup -> foo.xml
1182 *
1183 * Rename 'foo' to 'bar':
1184 * Create tmpfile (zonecfg.xxxxxx)
1185 * Write XML to tmpfile
1186 * Rename tmpfile to xmlfile (zonecfg.xxxxxx -> bar.xml)
1187 * Add entry for 'bar' to index file, Remove entry for 'foo' (refresh)
1188 * If it fails, delete bar.xml; foo.xml is left behind.
1189 */
1190 static int
1191 zonecfg_save_impl(zone_dochandle_t handle, char *filename)
1192 {
1193 char tmpfile[MAXPATHLEN];
1194 char bakdir[MAXPATHLEN], bakbase[MAXPATHLEN], bakfile[MAXPATHLEN];
1195 int tmpfd, err, valid;
1196 xmlValidCtxt cvp = { NULL };
1197 boolean_t backup;
1198
1199 (void) strlcpy(tmpfile, filename, sizeof (tmpfile));
1200 (void) dirname(tmpfile);
1201 (void) strlcat(tmpfile, _PATH_TMPFILE, sizeof (tmpfile));
1202
1203 tmpfd = mkstemp(tmpfile);
1204 if (tmpfd == -1) {
1205 (void) unlink(tmpfile);
1206 return (Z_TEMP_FILE);
1207 }
1208 (void) close(tmpfd);
1209
1210 cvp.error = zonecfg_error_func;
1211 cvp.warning = zonecfg_error_func;
1212
1213 /*
1214 * We do a final validation of the document. Since the library has
1215 * malfunctioned if it fails to validate, we follow-up with an
1216 * assert() that the doc is valid.
1217 */
1218 valid = xmlValidateDocument(&cvp, handle->zone_dh_doc);
1219 assert(valid != 0);
1220
1221 if (xmlSaveFormatFile(tmpfile, handle->zone_dh_doc, 1) <= 0)
1222 goto err;
1223
1224 (void) chmod(tmpfile, 0644);
1225
1226 /*
1227 * In the event we are doing a standard save, hard link a copy of the
1228 * original file in .backup.<pid>.filename so we can restore it if
1229 * something goes wrong.
1230 */
1231 if (!is_new(handle) && !is_renaming(handle)) {
1232 backup = B_TRUE;
1233
1234 (void) strlcpy(bakdir, filename, sizeof (bakdir));
1235 (void) strlcpy(bakbase, filename, sizeof (bakbase));
1236 (void) snprintf(bakfile, sizeof (bakfile), "%s/.backup.%d.%s",
1237 dirname(bakdir), getpid(), basename(bakbase));
1238
1239 if (link(filename, bakfile) == -1) {
1240 err = errno;
1241 (void) unlink(tmpfile);
1242 if (errno == EACCES)
1243 return (Z_ACCES);
1244 return (Z_MISC_FS);
1245 }
1246 }
1247
1248 /*
1249 * Move the new document over top of the old.
1250 * i.e.: zonecfg.XXXXXX -> myzone.xml
1251 */
1252 if (rename(tmpfile, filename) == -1) {
1253 err = errno;
1254 (void) unlink(tmpfile);
1255 if (backup)
1256 (void) unlink(bakfile);
1257 if (err == EACCES)
1258 return (Z_ACCES);
1259 return (Z_MISC_FS);
1260 }
1261
1262 /*
1263 * If this is a snapshot, we're done-- don't add an index entry.
1264 */
1265 if (is_snapshot(handle))
1266 return (Z_OK);
1267
1268 /* now update the index file to reflect whatever we just did */
1269 if ((err = zonecfg_refresh_index_file(handle)) != Z_OK) {
1270 if (backup) {
1271 /*
1272 * Try to restore from our backup.
1273 */
1274 (void) unlink(filename);
1275 (void) rename(bakfile, filename);
1276 } else {
1277 /*
1278 * Either the zone is new, in which case we can delete
1279 * new.xml, or we're doing a rename, so ditto.
1280 */
1281 assert(is_new(handle) || is_renaming(handle));
1282 (void) unlink(filename);
1283 }
1284 return (Z_UPDATING_INDEX);
1285 }
1286
1287 if (backup)
1288 (void) unlink(bakfile);
1289
1290 return (Z_OK);
1291
1292 err:
1293 (void) unlink(tmpfile);
1294 return (Z_SAVING_FILE);
1295 }
1296
1297 int
1298 zonecfg_save(zone_dochandle_t handle)
1299 {
1300 char zname[ZONENAME_MAX], path[MAXPATHLEN];
1301 char delpath[MAXPATHLEN];
1302 int err = Z_SAVING_FILE;
1303
1304 if (zonecfg_check_handle(handle) != Z_OK)
1305 return (Z_BAD_HANDLE);
1306
1307 /*
1308 * We don't support saving snapshots or a tree containing a sw
1309 * inventory at this time.
1310 */
1311 if (handle->zone_dh_snapshot || handle->zone_dh_sw_inv)
1312 return (Z_INVAL);
1313
1314 if ((err = zonecfg_get_name(handle, zname, sizeof (zname))) != Z_OK)
1315 return (err);
1316
1317 if (!config_file_path(zname, path))
1318 return (Z_MISC_FS);
1319
1320 addcomment(handle, "\n DO NOT EDIT THIS "
1321 "FILE. Use zonecfg(1M) instead.\n");
1322
1323 /*
1324 * Update user_attr first so that it will be older
1325 * than the config file.
1326 */
1327 (void) zonecfg_authorize_users(handle, zname);
1328 err = zonecfg_save_impl(handle, path);
1329
1330 stripcomments(handle);
1331
1332 if (err != Z_OK)
1333 return (err);
1334
1335 handle->zone_dh_newzone = B_FALSE;
1336
1337 if (is_renaming(handle)) {
1338 if (config_file_path(handle->zone_dh_delete_name, delpath))
1339 (void) unlink(delpath);
1340 handle->zone_dh_delete_name[0] = '\0';
1341 }
1342
1343 return (Z_OK);
1344 }
1345
1346 int
1347 zonecfg_verify_save(zone_dochandle_t handle, char *filename)
1348 {
1349 int valid;
1350
1351 xmlValidCtxt cvp = { NULL };
1352
1353 if (zonecfg_check_handle(handle) != Z_OK)
1354 return (Z_BAD_HANDLE);
1355
1356 cvp.error = zonecfg_error_func;
1357 cvp.warning = zonecfg_error_func;
1358
1359 /*
1360 * We do a final validation of the document. Since the library has
1361 * malfunctioned if it fails to validate, we follow-up with an
1362 * assert() that the doc is valid.
1363 */
1364 valid = xmlValidateDocument(&cvp, handle->zone_dh_doc);
1365 assert(valid != 0);
1366
1367 if (xmlSaveFormatFile(filename, handle->zone_dh_doc, 1) <= 0)
1368 return (Z_SAVING_FILE);
1369
1370 return (Z_OK);
1371 }
1372
1373 int
1374 zonecfg_detach_save(zone_dochandle_t handle, uint_t flags)
1375 {
1376 char zname[ZONENAME_MAX];
1377 char path[MAXPATHLEN];
1378 char migpath[MAXPATHLEN];
1379 xmlValidCtxt cvp = { NULL };
1380 int err = Z_SAVING_FILE;
1381 int valid;
1382
1383 if (zonecfg_check_handle(handle) != Z_OK)
1384 return (Z_BAD_HANDLE);
1385
1386 if (flags & ZONE_DRY_RUN) {
1387 (void) strlcpy(migpath, "-", sizeof (migpath));
1388 } else {
1389 if ((err = zonecfg_get_name(handle, zname, sizeof (zname)))
1390 != Z_OK)
1391 return (err);
1392
1393 if ((err = zone_get_zonepath(zname, path, sizeof (path)))
1394 != Z_OK)
1395 return (err);
1396
1397 if (snprintf(migpath, sizeof (migpath), "%s/%s", path,
1398 ZONE_DETACHED) >= sizeof (migpath))
1399 return (Z_NOMEM);
1400 }
1401
1402 if ((err = operation_prep(handle)) != Z_OK)
1403 return (err);
1404
1405 addcomment(handle, "\n DO NOT EDIT THIS FILE. "
1406 "Use zonecfg(1M) and zoneadm(1M) attach.\n");
1407
1408 cvp.error = zonecfg_error_func;
1409 cvp.warning = zonecfg_error_func;
1410
1411 /*
1412 * We do a final validation of the document. Since the library has
1413 * malfunctioned if it fails to validate, we follow-up with an
1414 * assert() that the doc is valid.
1415 */
1416 valid = xmlValidateDocument(&cvp, handle->zone_dh_doc);
1417 assert(valid != 0);
1418
1419 if (xmlSaveFormatFile(migpath, handle->zone_dh_doc, 1) <= 0)
1420 return (Z_SAVING_FILE);
1421
1422 if (!(flags & ZONE_DRY_RUN))
1423 (void) chmod(migpath, 0644);
1424
1425 stripcomments(handle);
1426
1427 handle->zone_dh_newzone = B_FALSE;
1428
1429 return (Z_OK);
1430 }
1431
1432 boolean_t
1433 zonecfg_detached(const char *path)
1434 {
1435 char migpath[MAXPATHLEN];
1436 struct stat buf;
1437
1438 if (snprintf(migpath, sizeof (migpath), "%s/%s", path, ZONE_DETACHED) >=
1439 sizeof (migpath))
1440 return (B_FALSE);
1441
1442 if (stat(migpath, &buf) != -1)
1443 return (B_TRUE);
1444
1445 return (B_FALSE);
1446 }
1447
1448 void
1449 zonecfg_rm_detached(zone_dochandle_t handle, boolean_t forced)
1450 {
1451 char zname[ZONENAME_MAX];
1452 char path[MAXPATHLEN];
1453 char detached[MAXPATHLEN];
1454 char attached[MAXPATHLEN];
1455
1456 if (zonecfg_check_handle(handle) != Z_OK)
1457 return;
1458
1459 if (zonecfg_get_name(handle, zname, sizeof (zname)) != Z_OK)
1460 return;
1461
1462 if (zone_get_zonepath(zname, path, sizeof (path)) != Z_OK)
1463 return;
1464
1465 (void) snprintf(detached, sizeof (detached), "%s/%s", path,
1466 ZONE_DETACHED);
1467 (void) snprintf(attached, sizeof (attached), "%s/%s", path,
1468 ATTACH_FORCED);
1469
1470 if (forced) {
1471 (void) rename(detached, attached);
1472 } else {
1473 (void) unlink(attached);
1474 (void) unlink(detached);
1475 }
1476 }
1477
1478 /*
1479 * Special case: if access(2) fails with ENOENT, then try again using
1480 * ZONE_CONFIG_ROOT instead of config_file_path(zonename). This is how we
1481 * work around the case of a config file which has not been created yet:
1482 * the user will need access to the directory so use that as a heuristic.
1483 */
1484
1485 int
1486 zonecfg_access(const char *zonename, int amode)
1487 {
1488 char path[MAXPATHLEN];
1489
1490 if (!config_file_path(zonename, path))
1491 return (Z_INVAL);
1492 if (access(path, amode) == 0)
1493 return (Z_OK);
1494 if (errno == ENOENT) {
1495 if (snprintf(path, sizeof (path), "%s%s", zonecfg_root,
1496 ZONE_CONFIG_ROOT) >= sizeof (path))
1497 return (Z_INVAL);
1498 if (access(path, amode) == 0)
1499 return (Z_OK);
1500 }
1501 if (errno == EACCES)
1502 return (Z_ACCES);
1503 if (errno == EINVAL)
1504 return (Z_INVAL);
1505 return (Z_MISC_FS);
1506 }
1507
1508 int
1509 zonecfg_create_snapshot(const char *zonename)
1510 {
1511 zone_dochandle_t handle;
1512 char path[MAXPATHLEN], zonepath[MAXPATHLEN], rpath[MAXPATHLEN];
1513 int error = Z_OK, res;
1514
1515 if ((handle = zonecfg_init_handle()) == NULL) {
1516 return (Z_NOMEM);
1517 }
1518
1519 handle->zone_dh_newzone = B_TRUE;
1520 handle->zone_dh_snapshot = B_TRUE;
1521
1522 if ((error = zonecfg_get_handle(zonename, handle)) != Z_OK)
1523 goto out;
1524 if ((error = operation_prep(handle)) != Z_OK)
1525 goto out;
1526 error = zonecfg_get_zonepath(handle, zonepath, sizeof (zonepath));
1527 if (error != Z_OK)
1528 goto out;
1529 if ((res = resolvepath(zonepath, rpath, sizeof (rpath))) == -1) {
1530 error = Z_RESOLVED_PATH;
1531 goto out;
1532 }
1533 /*
1534 * If the resolved path is not the same as the original path, then
1535 * save the resolved path in the snapshot, thus preventing any
1536 * potential problems down the line when zoneadmd goes to unmount
1537 * file systems and depends on initial string matches with resolved
1538 * paths.
1539 */
1540 rpath[res] = '\0';
1541 if (strcmp(zonepath, rpath) != 0) {
1542 if ((error = zonecfg_set_zonepath(handle, rpath)) != Z_OK)
1543 goto out;
1544 }
1545 if (snprintf(path, sizeof (path), "%s%s", zonecfg_root,
1546 ZONE_SNAPSHOT_ROOT) >= sizeof (path)) {
1547 error = Z_MISC_FS;
1548 goto out;
1549 }
1550 if ((mkdir(path, S_IRWXU) == -1) && (errno != EEXIST)) {
1551 error = Z_MISC_FS;
1552 goto out;
1553 }
1554
1555 if (!snap_file_path(zonename, path)) {
1556 error = Z_MISC_FS;
1557 goto out;
1558 }
1559
1560 addcomment(handle, "\n DO NOT EDIT THIS FILE. "
1561 "It is a snapshot of running zone state.\n");
1562
1563 error = zonecfg_save_impl(handle, path);
1564
1565 stripcomments(handle);
1566
1567 out:
1568 zonecfg_fini_handle(handle);
1569 return (error);
1570 }
1571
1572 int
1573 zonecfg_get_iptype(zone_dochandle_t handle, zone_iptype_t *iptypep)
1574 {
1575 char property[10]; /* 10 is big enough for "shared"/"exclusive" */
1576 int err;
1577
1578 err = getrootattr(handle, DTD_ATTR_IPTYPE, property, sizeof (property));
1579 if (err == Z_BAD_PROPERTY) {
1580 /* Return default value */
1581 *iptypep = ZS_SHARED;
1582 return (Z_OK);
1583 } else if (err != Z_OK) {
1584 return (err);
1585 }
1586
1587 if (strlen(property) == 0 ||
1588 strcmp(property, "shared") == 0)
1589 *iptypep = ZS_SHARED;
1590 else if (strcmp(property, "exclusive") == 0)
1591 *iptypep = ZS_EXCLUSIVE;
1592 else
1593 return (Z_INVAL);
1594
1595 return (Z_OK);
1596 }
1597
1598 int
1599 zonecfg_set_iptype(zone_dochandle_t handle, zone_iptype_t iptype)
1600 {
1601 xmlNodePtr cur;
1602
1603 if (handle == NULL)
1604 return (Z_INVAL);
1605
1606 cur = xmlDocGetRootElement(handle->zone_dh_doc);
1607 if (cur == NULL) {
1608 return (Z_EMPTY_DOCUMENT);
1609 }
1610
1611 if (xmlStrcmp(cur->name, DTD_ELEM_ZONE) != 0) {
1612 return (Z_WRONG_DOC_TYPE);
1613 }
1614 switch (iptype) {
1615 case ZS_SHARED:
1616 /*
1617 * Since "shared" is the default, we don't write it to the
1618 * configuration file, so that it's easier to migrate those
1619 * zones elsewhere, eg., to systems which are not IP-Instances
1620 * aware.
1621 * xmlUnsetProp only fails when the attribute doesn't exist,
1622 * which we don't care.
1623 */
1624 (void) xmlUnsetProp(cur, DTD_ATTR_IPTYPE);
1625 break;
1626 case ZS_EXCLUSIVE:
1627 if (xmlSetProp(cur, DTD_ATTR_IPTYPE,
1628 (const xmlChar *) "exclusive") == NULL)
1629 return (Z_INVAL);
1630 break;
1631 }
1632 return (Z_OK);
1633 }
1634
1635 static int
1636 newprop(xmlNodePtr node, const xmlChar *attrname, char *src)
1637 {
1638 xmlAttrPtr newattr;
1639
1640 newattr = xmlNewProp(node, attrname, (xmlChar *)src);
1641 if (newattr == NULL) {
1642 xmlUnlinkNode(node);
1643 xmlFreeNode(node);
1644 return (Z_BAD_PROPERTY);
1645 }
1646 return (Z_OK);
1647 }
1648
1649 static int
1650 zonecfg_add_filesystem_core(zone_dochandle_t handle, struct zone_fstab *tabptr)
1651 {
1652 xmlNodePtr newnode, cur = handle->zone_dh_cur, options_node;
1653 zone_fsopt_t *ptr;
1654 int err;
1655
1656 newnode = xmlNewTextChild(cur, NULL, DTD_ELEM_FS, NULL);
1657 if ((err = newprop(newnode, DTD_ATTR_SPECIAL,
1658 tabptr->zone_fs_special)) != Z_OK)
1659 return (err);
1660 if (tabptr->zone_fs_raw[0] != '\0' &&
1661 (err = newprop(newnode, DTD_ATTR_RAW, tabptr->zone_fs_raw)) != Z_OK)
1662 return (err);
1663 if ((err = newprop(newnode, DTD_ATTR_DIR, tabptr->zone_fs_dir)) != Z_OK)
1664 return (err);
1665 if ((err = newprop(newnode, DTD_ATTR_TYPE,
1666 tabptr->zone_fs_type)) != Z_OK)
1667 return (err);
1668 if (tabptr->zone_fs_options != NULL) {
1669 for (ptr = tabptr->zone_fs_options; ptr != NULL;
1670 ptr = ptr->zone_fsopt_next) {
1671 options_node = xmlNewTextChild(newnode, NULL,
1672 DTD_ELEM_FSOPTION, NULL);
1673 if ((err = newprop(options_node, DTD_ATTR_NAME,
1674 ptr->zone_fsopt_opt)) != Z_OK)
1675 return (err);
1676 }
1677 }
1678 return (Z_OK);
1679 }
1680
1681 int
1682 zonecfg_add_filesystem(zone_dochandle_t handle, struct zone_fstab *tabptr)
1683 {
1684 int err;
1685
1686 if (tabptr == NULL)
1687 return (Z_INVAL);
1688
1689 if ((err = operation_prep(handle)) != Z_OK)
1690 return (err);
1691
1692 if ((err = zonecfg_add_filesystem_core(handle, tabptr)) != Z_OK)
1693 return (err);
1694
1695 return (Z_OK);
1696 }
1697
1698 int
1699 zonecfg_add_fs_option(struct zone_fstab *tabptr, char *option)
1700 {
1701 zone_fsopt_t *last, *old, *new;
1702
1703 last = tabptr->zone_fs_options;
1704 for (old = last; old != NULL; old = old->zone_fsopt_next)
1705 last = old; /* walk to the end of the list */
1706 new = (zone_fsopt_t *)malloc(sizeof (zone_fsopt_t));
1707 if (new == NULL)
1708 return (Z_NOMEM);
1709 (void) strlcpy(new->zone_fsopt_opt, option,
1710 sizeof (new->zone_fsopt_opt));
1711 new->zone_fsopt_next = NULL;
1712 if (last == NULL)
1713 tabptr->zone_fs_options = new;
1714 else
1715 last->zone_fsopt_next = new;
1716 return (Z_OK);
1717 }
1718
1719 int
1720 zonecfg_remove_fs_option(struct zone_fstab *tabptr, char *option)
1721 {
1722 zone_fsopt_t *last, *this, *next;
1723
1724 last = tabptr->zone_fs_options;
1725 for (this = last; this != NULL; this = this->zone_fsopt_next) {
1726 if (strcmp(this->zone_fsopt_opt, option) == 0) {
1727 next = this->zone_fsopt_next;
1728 if (this == tabptr->zone_fs_options)
1729 tabptr->zone_fs_options = next;
1730 else
1731 last->zone_fsopt_next = next;
1732 free(this);
1733 return (Z_OK);
1734 } else
1735 last = this;
1736 }
1737 return (Z_NO_PROPERTY_ID);
1738 }
1739
1740 void
1741 zonecfg_free_fs_option_list(zone_fsopt_t *list)
1742 {
1743 zone_fsopt_t *this, *next;
1744
1745 for (this = list; this != NULL; this = next) {
1746 next = this->zone_fsopt_next;
1747 free(this);
1748 }
1749 }
1750
1751 void
1752 zonecfg_free_rctl_value_list(struct zone_rctlvaltab *valtab)
1753 {
1754 if (valtab == NULL)
1755 return;
1756 zonecfg_free_rctl_value_list(valtab->zone_rctlval_next);
1757 free(valtab);
1758 }
1759
1760 static boolean_t
1761 match_prop(xmlNodePtr cur, const xmlChar *attr, char *user_prop)
1762 {
1763 xmlChar *gotten_prop;
1764 int prop_result;
1765
1766 gotten_prop = xmlGetProp(cur, attr);
1767 if (gotten_prop == NULL) /* shouldn't happen */
1768 return (B_FALSE);
1769 prop_result = xmlStrcmp(gotten_prop, (const xmlChar *) user_prop);
1770 xmlFree(gotten_prop);
1771 return ((prop_result == 0)); /* empty strings will match */
1772 }
1773
1774 static int
1775 zonecfg_delete_filesystem_core(zone_dochandle_t handle,
1776 struct zone_fstab *tabptr)
1777 {
1778 xmlNodePtr cur = handle->zone_dh_cur;
1779 boolean_t dir_match, spec_match, raw_match, type_match;
1780
1781 for (cur = cur->xmlChildrenNode; cur != NULL; cur = cur->next) {
1782 if (xmlStrcmp(cur->name, DTD_ELEM_FS))
1783 continue;
1784 dir_match = match_prop(cur, DTD_ATTR_DIR, tabptr->zone_fs_dir);
1785 spec_match = match_prop(cur, DTD_ATTR_SPECIAL,
1786 tabptr->zone_fs_special);
1787 raw_match = match_prop(cur, DTD_ATTR_RAW,
1788 tabptr->zone_fs_raw);
1789 type_match = match_prop(cur, DTD_ATTR_TYPE,
1790 tabptr->zone_fs_type);
1791 if (dir_match && spec_match && raw_match && type_match) {
1792 xmlUnlinkNode(cur);
1793 xmlFreeNode(cur);
1794 return (Z_OK);
1795 }
1796 }
1797 return (Z_NO_RESOURCE_ID);
1798 }
1799
1800 int
1801 zonecfg_delete_filesystem(zone_dochandle_t handle, struct zone_fstab *tabptr)
1802 {
1803 int err;
1804
1805 if (tabptr == NULL)
1806 return (Z_INVAL);
1807
1808 if ((err = operation_prep(handle)) != Z_OK)
1809 return (err);
1810
1811 if ((err = zonecfg_delete_filesystem_core(handle, tabptr)) != Z_OK)
1812 return (err);
1813
1814 return (Z_OK);
1815 }
1816
1817 int
1818 zonecfg_modify_filesystem(
1819 zone_dochandle_t handle,
1820 struct zone_fstab *oldtabptr,
1821 struct zone_fstab *newtabptr)
1822 {
1823 int err;
1824
1825 if (oldtabptr == NULL || newtabptr == NULL)
1826 return (Z_INVAL);
1827
1828 if ((err = operation_prep(handle)) != Z_OK)
1829 return (err);
1830
1831 if ((err = zonecfg_delete_filesystem_core(handle, oldtabptr)) != Z_OK)
1832 return (err);
1833
1834 if ((err = zonecfg_add_filesystem_core(handle, newtabptr)) != Z_OK)
1835 return (err);
1836
1837 return (Z_OK);
1838 }
1839
1840 int
1841 zonecfg_lookup_filesystem(
1842 zone_dochandle_t handle,
1843 struct zone_fstab *tabptr)
1844 {
1845 xmlNodePtr cur, options, firstmatch;
1846 int err;
1847 char dirname[MAXPATHLEN], special[MAXPATHLEN], raw[MAXPATHLEN];
1848 char type[FSTYPSZ];
1849 char options_str[MAX_MNTOPT_STR];
1850
1851 if (tabptr == NULL)
1852 return (Z_INVAL);
1853
1854 if ((err = operation_prep(handle)) != Z_OK)
1855 return (err);
1856
1857 /*
1858 * Walk the list of children looking for matches on any properties
1859 * specified in the fstab parameter. If more than one resource
1860 * matches, we return Z_INSUFFICIENT_SPEC; if none match, we return
1861 * Z_NO_RESOURCE_ID.
1862 */
1863 cur = handle->zone_dh_cur;
1864 firstmatch = NULL;
1865 for (cur = cur->xmlChildrenNode; cur != NULL; cur = cur->next) {
1866 if (xmlStrcmp(cur->name, DTD_ELEM_FS))
1867 continue;
1868 if (strlen(tabptr->zone_fs_dir) > 0) {
1869 if ((fetchprop(cur, DTD_ATTR_DIR, dirname,
1870 sizeof (dirname)) == Z_OK) &&
1871 (strcmp(tabptr->zone_fs_dir, dirname) == 0)) {
1872 if (firstmatch == NULL)
1873 firstmatch = cur;
1874 else
1875 return (Z_INSUFFICIENT_SPEC);
1876 }
1877 }
1878 if (strlen(tabptr->zone_fs_special) > 0) {
1879 if ((fetchprop(cur, DTD_ATTR_SPECIAL, special,
1880 sizeof (special)) == Z_OK)) {
1881 if (strcmp(tabptr->zone_fs_special,
1882 special) == 0) {
1883 if (firstmatch == NULL)
1884 firstmatch = cur;
1885 else if (firstmatch != cur)
1886 return (Z_INSUFFICIENT_SPEC);
1887 } else {
1888 /*
1889 * If another property matched but this
1890 * one doesn't then reset firstmatch.
1891 */
1892 if (firstmatch == cur)
1893 firstmatch = NULL;
1894 }
1895 }
1896 }
1897 if (strlen(tabptr->zone_fs_raw) > 0) {
1898 if ((fetchprop(cur, DTD_ATTR_RAW, raw,
1899 sizeof (raw)) == Z_OK)) {
1900 if (strcmp(tabptr->zone_fs_raw, raw) == 0) {
1901 if (firstmatch == NULL)
1902 firstmatch = cur;
1903 else if (firstmatch != cur)
1904 return (Z_INSUFFICIENT_SPEC);
1905 } else {
1906 /*
1907 * If another property matched but this
1908 * one doesn't then reset firstmatch.
1909 */
1910 if (firstmatch == cur)
1911 firstmatch = NULL;
1912 }
1913 }
1914 }
1915 if (strlen(tabptr->zone_fs_type) > 0) {
1916 if ((fetchprop(cur, DTD_ATTR_TYPE, type,
1917 sizeof (type)) == Z_OK)) {
1918 if (strcmp(tabptr->zone_fs_type, type) == 0) {
1919 if (firstmatch == NULL)
1920 firstmatch = cur;
1921 else if (firstmatch != cur)
1922 return (Z_INSUFFICIENT_SPEC);
1923 } else {
1924 /*
1925 * If another property matched but this
1926 * one doesn't then reset firstmatch.
1927 */
1928 if (firstmatch == cur)
1929 firstmatch = NULL;
1930 }
1931 }
1932 }
1933 }
1934
1935 if (firstmatch == NULL)
1936 return (Z_NO_RESOURCE_ID);
1937
1938 cur = firstmatch;
1939
1940 if ((err = fetchprop(cur, DTD_ATTR_DIR, tabptr->zone_fs_dir,
1941 sizeof (tabptr->zone_fs_dir))) != Z_OK)
1942 return (err);
1943
1944 if ((err = fetchprop(cur, DTD_ATTR_SPECIAL, tabptr->zone_fs_special,
1945 sizeof (tabptr->zone_fs_special))) != Z_OK)
1946 return (err);
1947
1948 if ((err = fetchprop(cur, DTD_ATTR_RAW, tabptr->zone_fs_raw,
1949 sizeof (tabptr->zone_fs_raw))) != Z_OK)
1950 return (err);
1951
1952 if ((err = fetchprop(cur, DTD_ATTR_TYPE, tabptr->zone_fs_type,
1953 sizeof (tabptr->zone_fs_type))) != Z_OK)
1954 return (err);
1955
1956 /* options are optional */
1957 tabptr->zone_fs_options = NULL;
1958 for (options = cur->xmlChildrenNode; options != NULL;
1959 options = options->next) {
1960 if ((fetchprop(options, DTD_ATTR_NAME, options_str,
1961 sizeof (options_str)) != Z_OK))
1962 break;
1963 if (zonecfg_add_fs_option(tabptr, options_str) != Z_OK)
1964 break;
1965 }
1966 return (Z_OK);
1967 }
1968
1969 /*
1970 * Compare two IP addresses in string form. Allow for the possibility that
1971 * one might have "/<prefix-length>" at the end: allow a match on just the
1972 * IP address (or host name) part.
1973 */
1974
1975 boolean_t
1976 zonecfg_same_net_address(char *a1, char *a2)
1977 {
1978 char *slashp, *slashp1, *slashp2;
1979 int result;
1980
1981 if (strcmp(a1, a2) == 0)
1982 return (B_TRUE);
1983
1984 /*
1985 * If neither has a slash or both do, they need to match to be
1986 * considered the same, but they did not match above, so fail.
1987 */
1988 slashp1 = strchr(a1, '/');
1989 slashp2 = strchr(a2, '/');
1990 if ((slashp1 == NULL && slashp2 == NULL) ||
1991 (slashp1 != NULL && slashp2 != NULL))
1992 return (B_FALSE);
1993
1994 /*
1995 * Only one had a slash: pick that one, zero out the slash, compare
1996 * the "address only" strings, restore the slash, and return the
1997 * result of the comparison.
1998 */
1999 slashp = (slashp1 == NULL) ? slashp2 : slashp1;
2000 *slashp = '\0';
2001 result = strcmp(a1, a2);
2002 *slashp = '/';
2003 return ((result == 0));
2004 }
2005
2006 int
2007 zonecfg_valid_net_address(char *address, struct lifreq *lifr)
2008 {
2009 struct sockaddr_in *sin4;
2010 struct sockaddr_in6 *sin6;
2011 struct addrinfo hints, *result;
2012 char *slashp = strchr(address, '/');
2013
2014 bzero(lifr, sizeof (struct lifreq));
2015 sin4 = (struct sockaddr_in *)&lifr->lifr_addr;
2016 sin6 = (struct sockaddr_in6 *)&lifr->lifr_addr;
2017 if (slashp != NULL)
2018 *slashp = '\0';
2019 if (inet_pton(AF_INET, address, &sin4->sin_addr) == 1) {
2020 sin4->sin_family = AF_INET;
2021 } else if (inet_pton(AF_INET6, address, &sin6->sin6_addr) == 1) {
2022 if (slashp == NULL)
2023 return (Z_IPV6_ADDR_PREFIX_LEN);
2024 sin6->sin6_family = AF_INET6;
2025 } else {
2026 /* "address" may be a host name */
2027 (void) memset(&hints, 0, sizeof (hints));
2028 hints.ai_family = PF_INET;
2029 if (getaddrinfo(address, NULL, &hints, &result) != 0)
2030 return (Z_BOGUS_ADDRESS);
2031 sin4->sin_family = result->ai_family;
2032
2033 (void) memcpy(&sin4->sin_addr,
2034 /* LINTED E_BAD_PTR_CAST_ALIGN */
2035 &((struct sockaddr_in *)result->ai_addr)->sin_addr,
2036 sizeof (struct in_addr));
2037
2038 freeaddrinfo(result);
2039 }
2040 return (Z_OK);
2041 }
2042
2043 boolean_t
2044 zonecfg_ifname_exists(sa_family_t af, char *ifname)
2045 {
2046 struct lifreq lifr;
2047 int so;
2048 int save_errno;
2049
2050 (void) memset(&lifr, 0, sizeof (lifr));
2051 (void) strlcpy(lifr.lifr_name, ifname, sizeof (lifr.lifr_name));
2052 lifr.lifr_addr.ss_family = af;
2053 if ((so = socket(af, SOCK_DGRAM, 0)) < 0) {
2054 /* Odd - can't tell if the ifname exists */
2055 return (B_FALSE);
2056 }
2057 if (ioctl(so, SIOCGLIFFLAGS, (caddr_t)&lifr) < 0) {
2058 save_errno = errno;
2059 (void) close(so);
2060 errno = save_errno;
2061 return (B_FALSE);
2062 }
2063 (void) close(so);
2064 return (B_TRUE);
2065 }
2066
2067 /*
2068 * Determines whether there is a net resource with the physical interface, IP
2069 * address, and default router specified by 'tabptr' in the zone configuration
2070 * to which 'handle' refers. 'tabptr' must have an interface, an address, a
2071 * default router, or a combination of the three. This function returns Z_OK
2072 * iff there is exactly one net resource matching the query specified by
2073 * 'tabptr'. The function returns Z_INSUFFICIENT_SPEC if there are multiple
2074 * matches or 'tabptr' does not specify a physical interface, address, or
2075 * default router. The function returns Z_NO_RESOURCE_ID if are no matches.
2076 *
2077 * Errors might also be returned if the entry that exactly matches the
2078 * query lacks critical network resource information.
2079 *
2080 * If there is a single match, then the matching entry's physical interface, IP
2081 * address, and default router information are stored in 'tabptr'.
2082 */
2083 int
2084 zonecfg_lookup_nwif(zone_dochandle_t handle, struct zone_nwiftab *tabptr)
2085 {
2086 xmlNodePtr cur;
2087 xmlNodePtr firstmatch;
2088 int err;
2089 char address[INET6_ADDRSTRLEN];
2090 char physical[LIFNAMSIZ];
2091 size_t addrspec; /* nonzero if tabptr has IP addr */
2092 size_t physspec; /* nonzero if tabptr has interface */
2093 size_t defrouterspec; /* nonzero if tabptr has def. router */
2094 size_t allowed_addrspec;
2095 zone_iptype_t iptype;
2096
2097 if (tabptr == NULL)
2098 return (Z_INVAL);
2099
2100 /*
2101 * Determine the fields that will be searched. There must be at least
2102 * one.
2103 *
2104 * zone_nwif_address, zone_nwif_physical, and zone_nwif_defrouter are
2105 * arrays, so no NULL checks are necessary.
2106 */
2107 addrspec = strlen(tabptr->zone_nwif_address);
2108 physspec = strlen(tabptr->zone_nwif_physical);
2109 defrouterspec = strlen(tabptr->zone_nwif_defrouter);
2110 allowed_addrspec = strlen(tabptr->zone_nwif_allowed_address);
2111 if (addrspec != 0 && allowed_addrspec != 0)
2112 return (Z_INVAL); /* can't specify both */
2113 if (addrspec == 0 && physspec == 0 && defrouterspec == 0 &&
2114 allowed_addrspec == 0)
2115 return (Z_INSUFFICIENT_SPEC);
2116
2117 if ((err = operation_prep(handle)) != Z_OK)
2118 return (err);
2119
2120 if ((err = zonecfg_get_iptype(handle, &iptype)) != Z_OK)
2121 return (err);
2122 /*
2123 * Iterate over the configuration's elements and look for net elements
2124 * that match the query.
2125 */
2126 firstmatch = NULL;
2127 cur = handle->zone_dh_cur;
2128 for (cur = cur->xmlChildrenNode; cur != NULL; cur = cur->next) {
2129 /* Skip non-net elements */
2130 if (xmlStrcmp(cur->name, DTD_ELEM_NET))
2131 continue;
2132
2133 /*
2134 * If any relevant fields don't match the query, then skip
2135 * the current net element.
2136 */
2137 if (physspec != 0 && (fetchprop(cur, DTD_ATTR_PHYSICAL,
2138 physical, sizeof (physical)) != Z_OK ||
2139 strcmp(tabptr->zone_nwif_physical, physical) != 0))
2140 continue;
2141 if (iptype == ZS_SHARED && addrspec != 0 &&
2142 (fetchprop(cur, DTD_ATTR_ADDRESS, address,
2143 sizeof (address)) != Z_OK ||
2144 !zonecfg_same_net_address(tabptr->zone_nwif_address,
2145 address)))
2146 continue;
2147 if (iptype == ZS_EXCLUSIVE && allowed_addrspec != 0 &&
2148 (fetchprop(cur, DTD_ATTR_ALLOWED_ADDRESS, address,
2149 sizeof (address)) != Z_OK ||
2150 !zonecfg_same_net_address(tabptr->zone_nwif_allowed_address,
2151 address)))
2152 continue;
2153 if (defrouterspec != 0 && (fetchprop(cur, DTD_ATTR_DEFROUTER,
2154 address, sizeof (address)) != Z_OK ||
2155 !zonecfg_same_net_address(tabptr->zone_nwif_defrouter,
2156 address)))
2157 continue;
2158
2159 /*
2160 * The current net element matches the query. Select it if
2161 * it's the first match; otherwise, abort the search.
2162 */
2163 if (firstmatch == NULL)
2164 firstmatch = cur;
2165 else
2166 return (Z_INSUFFICIENT_SPEC);
2167 }
2168 if (firstmatch == NULL)
2169 return (Z_NO_RESOURCE_ID);
2170
2171 cur = firstmatch;
2172
2173 if ((err = fetchprop(cur, DTD_ATTR_PHYSICAL, tabptr->zone_nwif_physical,
2174 sizeof (tabptr->zone_nwif_physical))) != Z_OK)
2175 return (err);
2176
2177 if (iptype == ZS_SHARED &&
2178 (err = fetchprop(cur, DTD_ATTR_ADDRESS, tabptr->zone_nwif_address,
2179 sizeof (tabptr->zone_nwif_address))) != Z_OK)
2180 return (err);
2181
2182 if (iptype == ZS_EXCLUSIVE &&
2183 (err = fetchprop(cur, DTD_ATTR_ALLOWED_ADDRESS,
2184 tabptr->zone_nwif_allowed_address,
2185 sizeof (tabptr->zone_nwif_allowed_address))) != Z_OK)
2186 return (err);
2187
2188 if ((err = fetchprop(cur, DTD_ATTR_DEFROUTER,
2189 tabptr->zone_nwif_defrouter,
2190 sizeof (tabptr->zone_nwif_defrouter))) != Z_OK)
2191 return (err);
2192
2193 return (Z_OK);
2194 }
2195
2196 static int
2197 zonecfg_add_nwif_core(zone_dochandle_t handle, struct zone_nwiftab *tabptr)
2198 {
2199 xmlNodePtr newnode, cur = handle->zone_dh_cur;
2200 int err;
2201
2202 newnode = xmlNewTextChild(cur, NULL, DTD_ELEM_NET, NULL);
2203 if (strlen(tabptr->zone_nwif_address) > 0 &&
2204 (err = newprop(newnode, DTD_ATTR_ADDRESS,
2205 tabptr->zone_nwif_address)) != Z_OK)
2206 return (err);
2207 if (strlen(tabptr->zone_nwif_allowed_address) > 0 &&
2208 (err = newprop(newnode, DTD_ATTR_ALLOWED_ADDRESS,
2209 tabptr->zone_nwif_allowed_address)) != Z_OK)
2210 return (err);
2211 if ((err = newprop(newnode, DTD_ATTR_PHYSICAL,
2212 tabptr->zone_nwif_physical)) != Z_OK)
2213 return (err);
2214 /*
2215 * Do not add this property when it is not set, for backwards
2216 * compatibility and because it is optional.
2217 */
2218 if ((strlen(tabptr->zone_nwif_defrouter) > 0) &&
2219 ((err = newprop(newnode, DTD_ATTR_DEFROUTER,
2220 tabptr->zone_nwif_defrouter)) != Z_OK))
2221 return (err);
2222 return (Z_OK);
2223 }
2224
2225 int
2226 zonecfg_add_nwif(zone_dochandle_t handle, struct zone_nwiftab *tabptr)
2227 {
2228 int err;
2229
2230 if (tabptr == NULL)
2231 return (Z_INVAL);
2232
2233 if ((err = operation_prep(handle)) != Z_OK)
2234 return (err);
2235
2236 if ((err = zonecfg_add_nwif_core(handle, tabptr)) != Z_OK)
2237 return (err);
2238
2239 return (Z_OK);
2240 }
2241
2242 static int
2243 zonecfg_delete_nwif_core(zone_dochandle_t handle, struct zone_nwiftab *tabptr)
2244 {
2245 xmlNodePtr cur = handle->zone_dh_cur;
2246 boolean_t addr_match, phys_match, allowed_addr_match;
2247
2248 for (cur = cur->xmlChildrenNode; cur != NULL; cur = cur->next) {
2249 if (xmlStrcmp(cur->name, DTD_ELEM_NET))
2250 continue;
2251
2252 addr_match = match_prop(cur, DTD_ATTR_ADDRESS,
2253 tabptr->zone_nwif_address);
2254 allowed_addr_match = match_prop(cur, DTD_ATTR_ALLOWED_ADDRESS,
2255 tabptr->zone_nwif_allowed_address);
2256 phys_match = match_prop(cur, DTD_ATTR_PHYSICAL,
2257 tabptr->zone_nwif_physical);
2258
2259 if (addr_match && allowed_addr_match && phys_match) {
2260 xmlUnlinkNode(cur);
2261 xmlFreeNode(cur);
2262 return (Z_OK);
2263 }
2264 }
2265 return (Z_NO_RESOURCE_ID);
2266 }
2267
2268 int
2269 zonecfg_delete_nwif(zone_dochandle_t handle, struct zone_nwiftab *tabptr)
2270 {
2271 int err;
2272
2273 if (tabptr == NULL)
2274 return (Z_INVAL);
2275
2276 if ((err = operation_prep(handle)) != Z_OK)
2277 return (err);
2278
2279 if ((err = zonecfg_delete_nwif_core(handle, tabptr)) != Z_OK)
2280 return (err);
2281
2282 return (Z_OK);
2283 }
2284
2285 int
2286 zonecfg_modify_nwif(
2287 zone_dochandle_t handle,
2288 struct zone_nwiftab *oldtabptr,
2289 struct zone_nwiftab *newtabptr)
2290 {
2291 int err;
2292
2293 if (oldtabptr == NULL || newtabptr == NULL)
2294 return (Z_INVAL);
2295
2296 if ((err = operation_prep(handle)) != Z_OK)
2297 return (err);
2298
2299 if ((err = zonecfg_delete_nwif_core(handle, oldtabptr)) != Z_OK)
2300 return (err);
2301
2302 if ((err = zonecfg_add_nwif_core(handle, newtabptr)) != Z_OK)
2303 return (err);
2304
2305 return (Z_OK);
2306 }
2307
2308 /*
2309 * Must be a comma-separated list of alpha-numeric file system names.
2310 */
2311 static int
2312 zonecfg_valid_fs_allowed(const char *fsallowedp)
2313 {
2314 char tmp[ZONE_FS_ALLOWED_MAX];
2315 char *cp = tmp;
2316 char *p;
2317
2318 if (strlen(fsallowedp) > ZONE_FS_ALLOWED_MAX)
2319 return (Z_TOO_BIG);
2320
2321 (void) strlcpy(tmp, fsallowedp, sizeof (tmp));
2322
2323 while (*cp != '\0') {
2324 p = cp;
2325 while (*p != '\0' && *p != ',') {
2326 if (!isalnum(*p) && *p != '-')
2327 return (Z_INVALID_PROPERTY);
2328 p++;
2329 }
2330
2331 if (*p == ',') {
2332 if (p == cp)
2333 return (Z_INVALID_PROPERTY);
2334
2335 p++;
2336
2337 if (*p == '\0')
2338 return (Z_INVALID_PROPERTY);
2339 }
2340
2341 cp = p;
2342 }
2343
2344 return (Z_OK);
2345 }
2346
2347 int
2348 zonecfg_get_fs_allowed(zone_dochandle_t handle, char *bufp, size_t buflen)
2349 {
2350 int err;
2351
2352 if ((err = getrootattr(handle, DTD_ATTR_FS_ALLOWED,
2353 bufp, buflen)) != Z_OK)
2354 return (err);
2355 if (bufp[0] == '\0')
2356 return (Z_BAD_PROPERTY);
2357 return (zonecfg_valid_fs_allowed(bufp));
2358 }
2359
2360 int
2361 zonecfg_set_fs_allowed(zone_dochandle_t handle, const char *bufp)
2362 {
2363 int err;
2364
2365 if (bufp == NULL || (err = zonecfg_valid_fs_allowed(bufp)) == Z_OK)
2366 return (setrootattr(handle, DTD_ATTR_FS_ALLOWED, bufp));
2367 return (err);
2368 }
2369
2370 /*
2371 * Determines if the specified string is a valid hostid string. This function
2372 * returns Z_OK if the string is a valid hostid string. It returns Z_INVAL if
2373 * 'hostidp' is NULL, Z_TOO_BIG if 'hostidp' refers to a string buffer
2374 * containing a hex string with more than 8 digits, and Z_INVALID_PROPERTY if
2375 * the string has an invalid format.
2376 */
2377 static int
2378 zonecfg_valid_hostid(const char *hostidp)
2379 {
2380 char *currentp;
2381 u_longlong_t hostidval;
2382 size_t len;
2383
2384 if (hostidp == NULL)
2385 return (Z_INVAL);
2386
2387 /* Empty strings and strings with whitespace are invalid. */
2388 if (*hostidp == '\0')
2389 return (Z_INVALID_PROPERTY);
2390 for (currentp = (char *)hostidp; *currentp != '\0'; ++currentp) {
2391 if (isspace(*currentp))
2392 return (Z_INVALID_PROPERTY);
2393 }
2394 len = (size_t)(currentp - hostidp);
2395
2396 /*
2397 * The caller might pass a hostid that is larger than the maximum
2398 * unsigned 32-bit integral value. Check for this! Also, make sure
2399 * that the whole string is converted (this helps us find illegal
2400 * characters) and that the whole string fits within a buffer of size
2401 * HW_HOSTID_LEN.
2402 */
2403 currentp = (char *)hostidp;
2404 if (strncmp(hostidp, "0x", 2) == 0 || strncmp(hostidp, "0X", 2) == 0)
2405 currentp += 2;
2406 hostidval = strtoull(currentp, ¤tp, 16);
2407 if ((size_t)(currentp - hostidp) >= HW_HOSTID_LEN)
2408 return (Z_TOO_BIG);
2409 if (hostidval > UINT_MAX || hostidval == HW_INVALID_HOSTID ||
2410 currentp != hostidp + len)
2411 return (Z_INVALID_PROPERTY);
2412 return (Z_OK);
2413 }
2414
2415 /*
2416 * Gets the zone hostid string stored in the specified zone configuration
2417 * document. This function returns Z_OK on success. Z_BAD_PROPERTY is returned
2418 * if the config file doesn't specify a hostid or if the hostid is blank.
2419 *
2420 * Note that buflen should be at least HW_HOSTID_LEN.
2421 */
2422 int
2423 zonecfg_get_hostid(zone_dochandle_t handle, char *bufp, size_t buflen)
2424 {
2425 int err;
2426
2427 if ((err = getrootattr(handle, DTD_ATTR_HOSTID, bufp, buflen)) != Z_OK)
2428 return (err);
2429 if (bufp[0] == '\0')
2430 return (Z_BAD_PROPERTY);
2431 return (zonecfg_valid_hostid(bufp));
2432 }
2433
2434 /*
2435 * Sets the hostid string in the specified zone config document to the given
2436 * string value. If 'hostidp' is NULL, then the config document's hostid
2437 * attribute is cleared. Non-NULL hostids are validated. This function returns
2438 * Z_OK on success. Any other return value indicates failure.
2439 */
2440 int
2441 zonecfg_set_hostid(zone_dochandle_t handle, const char *hostidp)
2442 {
2443 int err;
2444
2445 /*
2446 * A NULL hostid string is interpreted as a request to clear the
2447 * hostid.
2448 */
2449 if (hostidp == NULL || (err = zonecfg_valid_hostid(hostidp)) == Z_OK)
2450 return (setrootattr(handle, DTD_ATTR_HOSTID, hostidp));
2451 return (err);
2452 }
2453
2454 int
2455 zonecfg_lookup_dev(zone_dochandle_t handle, struct zone_devtab *tabptr)
2456 {
2457 xmlNodePtr cur, firstmatch;
2458 int err;
2459 char match[MAXPATHLEN];
2460
2461 if (tabptr == NULL)
2462 return (Z_INVAL);
2463
2464 if ((err = operation_prep(handle)) != Z_OK)
2465 return (err);
2466
2467 cur = handle->zone_dh_cur;
2468 firstmatch = NULL;
2469 for (cur = cur->xmlChildrenNode; cur != NULL; cur = cur->next) {
2470 if (xmlStrcmp(cur->name, DTD_ELEM_DEVICE))
2471 continue;
2472 if (strlen(tabptr->zone_dev_match) == 0)
2473 continue;
2474
2475 if ((fetchprop(cur, DTD_ATTR_MATCH, match,
2476 sizeof (match)) == Z_OK)) {
2477 if (strcmp(tabptr->zone_dev_match,
2478 match) == 0) {
2479 if (firstmatch == NULL)
2480 firstmatch = cur;
2481 else if (firstmatch != cur)
2482 return (Z_INSUFFICIENT_SPEC);
2483 } else {
2484 /*
2485 * If another property matched but this
2486 * one doesn't then reset firstmatch.
2487 */
2488 if (firstmatch == cur)
2489 firstmatch = NULL;
2490 }
2491 }
2492 }
2493 if (firstmatch == NULL)
2494 return (Z_NO_RESOURCE_ID);
2495
2496 cur = firstmatch;
2497
2498 if ((err = fetchprop(cur, DTD_ATTR_MATCH, tabptr->zone_dev_match,
2499 sizeof (tabptr->zone_dev_match))) != Z_OK)
2500 return (err);
2501
2502 return (Z_OK);
2503 }
2504
2505 static int
2506 zonecfg_add_dev_core(zone_dochandle_t handle, struct zone_devtab *tabptr)
2507 {
2508 xmlNodePtr newnode, cur = handle->zone_dh_cur;
2509 int err;
2510
2511 newnode = xmlNewTextChild(cur, NULL, DTD_ELEM_DEVICE, NULL);
2512
2513 if ((err = newprop(newnode, DTD_ATTR_MATCH,
2514 tabptr->zone_dev_match)) != Z_OK)
2515 return (err);
2516
2517 return (Z_OK);
2518 }
2519
2520 int
2521 zonecfg_add_dev(zone_dochandle_t handle, struct zone_devtab *tabptr)
2522 {
2523 int err;
2524
2525 if (tabptr == NULL)
2526 return (Z_INVAL);
2527
2528 if ((err = operation_prep(handle)) != Z_OK)
2529 return (err);
2530
2531 if ((err = zonecfg_add_dev_core(handle, tabptr)) != Z_OK)
2532 return (err);
2533
2534 return (Z_OK);
2535 }
2536
2537 static int
2538 zonecfg_delete_dev_core(zone_dochandle_t handle, struct zone_devtab *tabptr)
2539 {
2540 xmlNodePtr cur = handle->zone_dh_cur;
2541 int match_match;
2542
2543 for (cur = cur->xmlChildrenNode; cur != NULL; cur = cur->next) {
2544 if (xmlStrcmp(cur->name, DTD_ELEM_DEVICE))
2545 continue;
2546
2547 match_match = match_prop(cur, DTD_ATTR_MATCH,
2548 tabptr->zone_dev_match);
2549
2550 if (match_match) {
2551 xmlUnlinkNode(cur);
2552 xmlFreeNode(cur);
2553 return (Z_OK);
2554 }
2555 }
2556 return (Z_NO_RESOURCE_ID);
2557 }
2558
2559 int
2560 zonecfg_delete_dev(zone_dochandle_t handle, struct zone_devtab *tabptr)
2561 {
2562 int err;
2563
2564 if (tabptr == NULL)
2565 return (Z_INVAL);
2566
2567 if ((err = operation_prep(handle)) != Z_OK)
2568 return (err);
2569
2570 if ((err = zonecfg_delete_dev_core(handle, tabptr)) != Z_OK)
2571 return (err);
2572
2573 return (Z_OK);
2574 }
2575
2576 int
2577 zonecfg_modify_dev(
2578 zone_dochandle_t handle,
2579 struct zone_devtab *oldtabptr,
2580 struct zone_devtab *newtabptr)
2581 {
2582 int err;
2583
2584 if (oldtabptr == NULL || newtabptr == NULL)
2585 return (Z_INVAL);
2586
2587 if ((err = operation_prep(handle)) != Z_OK)
2588 return (err);
2589
2590 if ((err = zonecfg_delete_dev_core(handle, oldtabptr)) != Z_OK)
2591 return (err);
2592
2593 if ((err = zonecfg_add_dev_core(handle, newtabptr)) != Z_OK)
2594 return (err);
2595
2596 return (Z_OK);
2597 }
2598
2599 static int
2600 zonecfg_add_auth_core(zone_dochandle_t handle, struct zone_admintab *tabptr,
2601 char *zonename)
2602 {
2603 xmlNodePtr newnode, cur = handle->zone_dh_cur;
2604 int err;
2605
2606 newnode = xmlNewTextChild(cur, NULL, DTD_ELEM_ADMIN, NULL);
2607 err = newprop(newnode, DTD_ATTR_USER, tabptr->zone_admin_user);
2608 if (err != Z_OK)
2609 return (err);
2610 err = newprop(newnode, DTD_ATTR_AUTHS, tabptr->zone_admin_auths);
2611 if (err != Z_OK)
2612 return (err);
2613 if ((err = zonecfg_remove_userauths(
2614 handle, tabptr->zone_admin_user, zonename, B_FALSE)) != Z_OK)
2615 return (err);
2616 return (Z_OK);
2617 }
2618
2619 int
2620 zonecfg_add_admin(zone_dochandle_t handle, struct zone_admintab *tabptr,
2621 char *zonename)
2622 {
2623 int err;
2624
2625 if (tabptr == NULL)
2626 return (Z_INVAL);
2627
2628 if ((err = operation_prep(handle)) != Z_OK)
2629 return (err);
2630
2631 if ((err = zonecfg_add_auth_core(handle, tabptr,
2632 zonename)) != Z_OK)
2633 return (err);
2634
2635 return (Z_OK);
2636 }
2637 static int
2638 zonecfg_delete_auth_core(zone_dochandle_t handle, struct zone_admintab *tabptr,
2639 char *zonename)
2640 {
2641 xmlNodePtr cur = handle->zone_dh_cur;
2642 boolean_t auth_match;
2643 int err;
2644
2645 for (cur = cur->xmlChildrenNode; cur != NULL; cur = cur->next) {
2646 if (xmlStrcmp(cur->name, DTD_ELEM_ADMIN))
2647 continue;
2648 auth_match = match_prop(cur, DTD_ATTR_USER,
2649 tabptr->zone_admin_user);
2650 if (auth_match) {
2651 if ((err = zonecfg_insert_userauths(
2652 handle, tabptr->zone_admin_user,
2653 zonename)) != Z_OK)
2654 return (err);
2655 xmlUnlinkNode(cur);
2656 xmlFreeNode(cur);
2657 return (Z_OK);
2658 }
2659 }
2660 return (Z_NO_RESOURCE_ID);
2661 }
2662
2663 int
2664 zonecfg_delete_admin(zone_dochandle_t handle, struct zone_admintab *tabptr,
2665 char *zonename)
2666 {
2667 int err;
2668
2669 if (tabptr == NULL)
2670 return (Z_INVAL);
2671
2672 if ((err = operation_prep(handle)) != Z_OK)
2673 return (err);
2674
2675 if ((err = zonecfg_delete_auth_core(handle, tabptr, zonename)) != Z_OK)
2676 return (err);
2677
2678 return (Z_OK);
2679 }
2680
2681 int
2682 zonecfg_modify_admin(zone_dochandle_t handle, struct zone_admintab *oldtabptr,
2683 struct zone_admintab *newtabptr, char *zonename)
2684 {
2685 int err;
2686
2687 if (oldtabptr == NULL || newtabptr == NULL)
2688 return (Z_INVAL);
2689
2690 if ((err = operation_prep(handle)) != Z_OK)
2691 return (err);
2692
2693 if ((err = zonecfg_delete_auth_core(handle, oldtabptr, zonename))
2694 != Z_OK)
2695 return (err);
2696
2697 if ((err = zonecfg_add_auth_core(handle, newtabptr,
2698 zonename)) != Z_OK)
2699 return (err);
2700
2701 return (Z_OK);
2702 }
2703
2704 int
2705 zonecfg_lookup_admin(zone_dochandle_t handle, struct zone_admintab *tabptr)
2706 {
2707 xmlNodePtr cur, firstmatch;
2708 int err;
2709 char user[MAXUSERNAME];
2710
2711 if (tabptr == NULL)
2712 return (Z_INVAL);
2713
2714 if ((err = operation_prep(handle)) != Z_OK)
2715 return (err);
2716
2717 cur = handle->zone_dh_cur;
2718 firstmatch = NULL;
2719 for (cur = cur->xmlChildrenNode; cur != NULL; cur = cur->next) {
2720 if (xmlStrcmp(cur->name, DTD_ELEM_ADMIN))
2721 continue;
2722 if (strlen(tabptr->zone_admin_user) > 0) {
2723 if ((fetchprop(cur, DTD_ATTR_USER, user,
2724 sizeof (user)) == Z_OK) &&
2725 (strcmp(tabptr->zone_admin_user, user) == 0)) {
2726 if (firstmatch == NULL)
2727 firstmatch = cur;
2728 else
2729 return (Z_INSUFFICIENT_SPEC);
2730 }
2731 }
2732 }
2733 if (firstmatch == NULL)
2734 return (Z_NO_RESOURCE_ID);
2735
2736 cur = firstmatch;
2737
2738 if ((err = fetchprop(cur, DTD_ATTR_USER, tabptr->zone_admin_user,
2739 sizeof (tabptr->zone_admin_user))) != Z_OK)
2740 return (err);
2741
2742 if ((err = fetchprop(cur, DTD_ATTR_AUTHS, tabptr->zone_admin_auths,
2743 sizeof (tabptr->zone_admin_auths))) != Z_OK)
2744 return (err);
2745
2746 return (Z_OK);
2747 }
2748
2749
2750 /* Lock to serialize all devwalks */
2751 static pthread_mutex_t zonecfg_devwalk_lock = PTHREAD_MUTEX_INITIALIZER;
2752 /*
2753 * Global variables used to pass data from zonecfg_dev_manifest to the nftw
2754 * call-back (zonecfg_devwalk_cb). g_devwalk_data is really the void*
2755 * parameter and g_devwalk_cb is really the *cb parameter from
2756 * zonecfg_dev_manifest.
2757 */
2758 typedef struct __g_devwalk_data *g_devwalk_data_t;
2759 static g_devwalk_data_t g_devwalk_data;
2760 static int (*g_devwalk_cb)(const char *, uid_t, gid_t, mode_t, const char *,
2761 void *);
2762 static size_t g_devwalk_skip_prefix;
2763
2764 /*
2765 * zonecfg_dev_manifest call-back function used during detach to generate the
2766 * dev info in the manifest.
2767 */
2768 static int
2769 get_detach_dev_entry(const char *name, uid_t uid, gid_t gid, mode_t mode,
2770 const char *acl, void *hdl)
2771 {
2772 zone_dochandle_t handle = (zone_dochandle_t)hdl;
2773 xmlNodePtr newnode;
2774 xmlNodePtr cur;
2775 int err;
2776 char buf[128];
2777
2778 if ((err = operation_prep(handle)) != Z_OK)
2779 return (err);
2780
2781 cur = handle->zone_dh_cur;
2782 newnode = xmlNewTextChild(cur, NULL, DTD_ELEM_DEV_PERM, NULL);
2783 if ((err = newprop(newnode, DTD_ATTR_NAME, (char *)name)) != Z_OK)
2784 return (err);
2785 (void) snprintf(buf, sizeof (buf), "%lu", uid);
2786 if ((err = newprop(newnode, DTD_ATTR_UID, buf)) != Z_OK)
2787 return (err);
2788 (void) snprintf(buf, sizeof (buf), "%lu", gid);
2789 if ((err = newprop(newnode, DTD_ATTR_GID, buf)) != Z_OK)
2790 return (err);
2791 (void) snprintf(buf, sizeof (buf), "%o", mode);
2792 if ((err = newprop(newnode, DTD_ATTR_MODE, buf)) != Z_OK)
2793 return (err);
2794 if ((err = newprop(newnode, DTD_ATTR_ACL, (char *)acl)) != Z_OK)
2795 return (err);
2796 return (Z_OK);
2797 }
2798
2799 /*
2800 * This is the nftw call-back function used by zonecfg_dev_manifest. It is
2801 * responsible for calling the actual call-back.
2802 */
2803 /* ARGSUSED2 */
2804 static int
2805 zonecfg_devwalk_cb(const char *path, const struct stat *st, int f,
2806 struct FTW *ftw)
2807 {
2808 acl_t *acl;
2809 char *acl_txt = NULL;
2810
2811 /* skip all but character and block devices */
2812 if (!S_ISBLK(st->st_mode) && !S_ISCHR(st->st_mode))
2813 return (0);
2814
2815 if ((acl_get(path, ACL_NO_TRIVIAL, &acl) == 0) &&
2816 acl != NULL) {
2817 acl_txt = acl_totext(acl, ACL_NORESOLVE);
2818 acl_free(acl);
2819 }
2820
2821 if (strlen(path) <= g_devwalk_skip_prefix)
2822 return (0);
2823
2824 g_devwalk_cb(path + g_devwalk_skip_prefix, st->st_uid, st->st_gid,
2825 st->st_mode & S_IAMB, acl_txt != NULL ? acl_txt : "",
2826 g_devwalk_data);
2827 free(acl_txt);
2828 return (0);
2829 }
2830
2831 /*
2832 * Walk the dev tree for the zone specified by hdl and call the
2833 * get_detach_dev_entry call-back function for each entry in the tree. The
2834 * call-back will be passed the name, uid, gid, mode, acl string and the
2835 * handle input parameter for each dev entry.
2836 *
2837 * Data is passed to get_detach_dev_entry through the global variables
2838 * g_devwalk_data, *g_devwalk_cb, and g_devwalk_skip_prefix. The
2839 * zonecfg_devwalk_cb function will actually call get_detach_dev_entry.
2840 */
2841 int
2842 zonecfg_dev_manifest(zone_dochandle_t hdl)
2843 {
2844 char path[MAXPATHLEN];
2845 int ret;
2846
2847 if ((ret = zonecfg_get_zonepath(hdl, path, sizeof (path))) != Z_OK)
2848 return (ret);
2849
2850 if (strlcat(path, "/dev", sizeof (path)) >= sizeof (path))
2851 return (Z_TOO_BIG);
2852
2853 /*
2854 * We have to serialize all devwalks in the same process
2855 * (which should be fine), since nftw() is so badly designed.
2856 */
2857 (void) pthread_mutex_lock(&zonecfg_devwalk_lock);
2858
2859 g_devwalk_skip_prefix = strlen(path) + 1;
2860 g_devwalk_data = (g_devwalk_data_t)hdl;
2861 g_devwalk_cb = get_detach_dev_entry;
2862 (void) nftw(path, zonecfg_devwalk_cb, 0, FTW_PHYS);
2863
2864 (void) pthread_mutex_unlock(&zonecfg_devwalk_lock);
2865 return (Z_OK);
2866 }
2867
2868 /*
2869 * Update the owner, group, mode and acl on the specified dev (inpath) for
2870 * the zone (hdl). This function can be used to fix up the dev tree after
2871 * attaching a migrated zone.
2872 */
2873 int
2874 zonecfg_devperms_apply(zone_dochandle_t hdl, const char *inpath, uid_t owner,
2875 gid_t group, mode_t mode, const char *acltxt)
2876 {
2877 int ret;
2878 char path[MAXPATHLEN];
2879 struct stat st;
2880 acl_t *aclp;
2881
2882 if ((ret = zonecfg_get_zonepath(hdl, path, sizeof (path))) != Z_OK)
2883 return (ret);
2884
2885 if (strlcat(path, "/dev/", sizeof (path)) >= sizeof (path))
2886 return (Z_TOO_BIG);
2887 if (strlcat(path, inpath, sizeof (path)) >= sizeof (path))
2888 return (Z_TOO_BIG);
2889
2890 if (stat(path, &st) == -1)
2891 return (Z_INVAL);
2892
2893 /* make sure we're only touching device nodes */
2894 if (!S_ISCHR(st.st_mode) && !S_ISBLK(st.st_mode))
2895 return (Z_INVAL);
2896
2897 if (chown(path, owner, group) == -1)
2898 return (Z_SYSTEM);
2899
2900 if (chmod(path, mode) == -1)
2901 return (Z_SYSTEM);
2902
2903 if ((acltxt == NULL) || (strcmp(acltxt, "") == 0))
2904 return (Z_OK);
2905
2906 if (acl_fromtext(acltxt, &aclp) != 0) {
2907 errno = EINVAL;
2908 return (Z_SYSTEM);
2909 }
2910
2911 errno = 0;
2912 if (acl_set(path, aclp) == -1) {
2913 free(aclp);
2914 return (Z_SYSTEM);
2915 }
2916
2917 free(aclp);
2918 return (Z_OK);
2919 }
2920
2921 /*
2922 * This function finds everything mounted under a zone's rootpath.
2923 * This returns the number of mounts under rootpath, or -1 on error.
2924 * callback is called once per mount found with the first argument
2925 * pointing to a mnttab structure containing the mount's information.
2926 *
2927 * If the callback function returns non-zero zonecfg_find_mounts
2928 * aborts with an error.
2929 */
2930 int
2931 zonecfg_find_mounts(char *rootpath, int (*callback)(const struct mnttab *,
2932 void *), void *priv) {
2933 FILE *mnttab;
2934 struct mnttab m;
2935 size_t l;
2936 int zfsl;
2937 int rv = 0;
2938 char zfs_path[MAXPATHLEN];
2939
2940 assert(rootpath != NULL);
2941
2942 if ((zfsl = snprintf(zfs_path, sizeof (zfs_path), "%s/.zfs/", rootpath))
2943 >= sizeof (zfs_path))
2944 return (-1);
2945
2946 l = strlen(rootpath);
2947
2948 mnttab = fopen("/etc/mnttab", "r");
2949
2950 if (mnttab == NULL)
2951 return (-1);
2952
2953 if (ioctl(fileno(mnttab), MNTIOC_SHOWHIDDEN, NULL) < 0) {
2954 rv = -1;
2955 goto out;
2956 }
2957
2958 while (!getmntent(mnttab, &m)) {
2959 if ((strncmp(rootpath, m.mnt_mountp, l) == 0) &&
2960 (m.mnt_mountp[l] == '/') &&
2961 (strncmp(zfs_path, m.mnt_mountp, zfsl) != 0)) {
2962 rv++;
2963 if (callback == NULL)
2964 continue;
2965 if (callback(&m, priv)) {
2966 rv = -1;
2967 goto out;
2968
2969 }
2970 }
2971 }
2972
2973 out:
2974 (void) fclose(mnttab);
2975 return (rv);
2976 }
2977
2978 int
2979 zonecfg_lookup_attr(zone_dochandle_t handle, struct zone_attrtab *tabptr)
2980 {
2981 xmlNodePtr cur, firstmatch;
2982 int err;
2983 char name[MAXNAMELEN], type[MAXNAMELEN], value[MAXNAMELEN];
2984
2985 if (tabptr == NULL)
2986 return (Z_INVAL);
2987
2988 if ((err = operation_prep(handle)) != Z_OK)
2989 return (err);
2990
2991 cur = handle->zone_dh_cur;
2992 firstmatch = NULL;
2993 for (cur = cur->xmlChildrenNode; cur != NULL; cur = cur->next) {
2994 if (xmlStrcmp(cur->name, DTD_ELEM_ATTR))
2995 continue;
2996 if (strlen(tabptr->zone_attr_name) > 0) {
2997 if ((fetchprop(cur, DTD_ATTR_NAME, name,
2998 sizeof (name)) == Z_OK) &&
2999 (strcmp(tabptr->zone_attr_name, name) == 0)) {
3000 if (firstmatch == NULL)
3001 firstmatch = cur;
3002 else
3003 return (Z_INSUFFICIENT_SPEC);
3004 }
3005 }
3006 if (strlen(tabptr->zone_attr_type) > 0) {
3007 if ((fetchprop(cur, DTD_ATTR_TYPE, type,
3008 sizeof (type)) == Z_OK)) {
3009 if (strcmp(tabptr->zone_attr_type, type) == 0) {
3010 if (firstmatch == NULL)
3011 firstmatch = cur;
3012 else if (firstmatch != cur)
3013 return (Z_INSUFFICIENT_SPEC);
3014 } else {
3015 /*
3016 * If another property matched but this
3017 * one doesn't then reset firstmatch.
3018 */
3019 if (firstmatch == cur)
3020 firstmatch = NULL;
3021 }
3022 }
3023 }
3024 if (strlen(tabptr->zone_attr_value) > 0) {
3025 if ((fetchprop(cur, DTD_ATTR_VALUE, value,
3026 sizeof (value)) == Z_OK)) {
3027 if (strcmp(tabptr->zone_attr_value, value) ==
3028 0) {
3029 if (firstmatch == NULL)
3030 firstmatch = cur;
3031 else if (firstmatch != cur)
3032 return (Z_INSUFFICIENT_SPEC);
3033 } else {
3034 /*
3035 * If another property matched but this
3036 * one doesn't then reset firstmatch.
3037 */
3038 if (firstmatch == cur)
3039 firstmatch = NULL;
3040 }
3041 }
3042 }
3043 }
3044 if (firstmatch == NULL)
3045 return (Z_NO_RESOURCE_ID);
3046
3047 cur = firstmatch;
3048
3049 if ((err = fetchprop(cur, DTD_ATTR_NAME, tabptr->zone_attr_name,
3050 sizeof (tabptr->zone_attr_name))) != Z_OK)
3051 return (err);
3052
3053 if ((err = fetchprop(cur, DTD_ATTR_TYPE, tabptr->zone_attr_type,
3054 sizeof (tabptr->zone_attr_type))) != Z_OK)
3055 return (err);
3056
3057 if ((err = fetchprop(cur, DTD_ATTR_VALUE, tabptr->zone_attr_value,
3058 sizeof (tabptr->zone_attr_value))) != Z_OK)
3059 return (err);
3060
3061 return (Z_OK);
3062 }
3063
3064 static int
3065 zonecfg_add_attr_core(zone_dochandle_t handle, struct zone_attrtab *tabptr)
3066 {
3067 xmlNodePtr newnode, cur = handle->zone_dh_cur;
3068 int err;
3069
3070 newnode = xmlNewTextChild(cur, NULL, DTD_ELEM_ATTR, NULL);
3071 err = newprop(newnode, DTD_ATTR_NAME, tabptr->zone_attr_name);
3072 if (err != Z_OK)
3073 return (err);
3074 err = newprop(newnode, DTD_ATTR_TYPE, tabptr->zone_attr_type);
3075 if (err != Z_OK)
3076 return (err);
3077 err = newprop(newnode, DTD_ATTR_VALUE, tabptr->zone_attr_value);
3078 if (err != Z_OK)
3079 return (err);
3080 return (Z_OK);
3081 }
3082
3083 int
3084 zonecfg_add_attr(zone_dochandle_t handle, struct zone_attrtab *tabptr)
3085 {
3086 int err;
3087
3088 if (tabptr == NULL)
3089 return (Z_INVAL);
3090
3091 if ((err = operation_prep(handle)) != Z_OK)
3092 return (err);
3093
3094 if ((err = zonecfg_add_attr_core(handle, tabptr)) != Z_OK)
3095 return (err);
3096
3097 return (Z_OK);
3098 }
3099
3100 static int
3101 zonecfg_delete_attr_core(zone_dochandle_t handle, struct zone_attrtab *tabptr)
3102 {
3103 xmlNodePtr cur = handle->zone_dh_cur;
3104 int name_match, type_match, value_match;
3105
3106 for (cur = cur->xmlChildrenNode; cur != NULL; cur = cur->next) {
3107 if (xmlStrcmp(cur->name, DTD_ELEM_ATTR))
3108 continue;
3109
3110 name_match = match_prop(cur, DTD_ATTR_NAME,
3111 tabptr->zone_attr_name);
3112 type_match = match_prop(cur, DTD_ATTR_TYPE,
3113 tabptr->zone_attr_type);
3114 value_match = match_prop(cur, DTD_ATTR_VALUE,
3115 tabptr->zone_attr_value);
3116
3117 if (name_match && type_match && value_match) {
3118 xmlUnlinkNode(cur);
3119 xmlFreeNode(cur);
3120 return (Z_OK);
3121 }
3122 }
3123 return (Z_NO_RESOURCE_ID);
3124 }
3125
3126 int
3127 zonecfg_delete_attr(zone_dochandle_t handle, struct zone_attrtab *tabptr)
3128 {
3129 int err;
3130
3131 if (tabptr == NULL)
3132 return (Z_INVAL);
3133
3134 if ((err = operation_prep(handle)) != Z_OK)
3135 return (err);
3136
3137 if ((err = zonecfg_delete_attr_core(handle, tabptr)) != Z_OK)
3138 return (err);
3139
3140 return (Z_OK);
3141 }
3142
3143 int
3144 zonecfg_modify_attr(
3145 zone_dochandle_t handle,
3146 struct zone_attrtab *oldtabptr,
3147 struct zone_attrtab *newtabptr)
3148 {
3149 int err;
3150
3151 if (oldtabptr == NULL || newtabptr == NULL)
3152 return (Z_INVAL);
3153
3154 if ((err = operation_prep(handle)) != Z_OK)
3155 return (err);
3156
3157 if ((err = zonecfg_delete_attr_core(handle, oldtabptr)) != Z_OK)
3158 return (err);
3159
3160 if ((err = zonecfg_add_attr_core(handle, newtabptr)) != Z_OK)
3161 return (err);
3162
3163 return (Z_OK);
3164 }
3165
3166 int
3167 zonecfg_get_attr_boolean(const struct zone_attrtab *attr, boolean_t *value)
3168 {
3169 if (attr == NULL)
3170 return (Z_INVAL);
3171
3172 if (strcmp(attr->zone_attr_type, DTD_ENTITY_BOOLEAN) != 0)
3173 return (Z_INVAL);
3174
3175 if (strcmp(attr->zone_attr_value, DTD_ENTITY_TRUE) == 0) {
3176 *value = B_TRUE;
3177 return (Z_OK);
3178 }
3179 if (strcmp(attr->zone_attr_value, DTD_ENTITY_FALSE) == 0) {
3180 *value = B_FALSE;
3181 return (Z_OK);
3182 }
3183 return (Z_INVAL);
3184 }
3185
3186 int
3187 zonecfg_get_attr_int(const struct zone_attrtab *attr, int64_t *value)
3188 {
3189 long long result;
3190 char *endptr;
3191
3192 if (attr == NULL)
3193 return (Z_INVAL);
3194
3195 if (strcmp(attr->zone_attr_type, DTD_ENTITY_INT) != 0)
3196 return (Z_INVAL);
3197
3198 errno = 0;
3199 result = strtoll(attr->zone_attr_value, &endptr, 10);
3200 if (errno != 0 || *endptr != '\0')
3201 return (Z_INVAL);
3202 *value = result;
3203 return (Z_OK);
3204 }
3205
3206 int
3207 zonecfg_get_attr_string(const struct zone_attrtab *attr, char *value,
3208 size_t val_sz)
3209 {
3210 if (attr == NULL)
3211 return (Z_INVAL);
3212
3213 if (strcmp(attr->zone_attr_type, DTD_ENTITY_STRING) != 0)
3214 return (Z_INVAL);
3215
3216 if (strlcpy(value, attr->zone_attr_value, val_sz) >= val_sz)
3217 return (Z_TOO_BIG);
3218 return (Z_OK);
3219 }
3220
3221 int
3222 zonecfg_get_attr_uint(const struct zone_attrtab *attr, uint64_t *value)
3223 {
3224 unsigned long long result;
3225 long long neg_result;
3226 char *endptr;
3227
3228 if (attr == NULL)
3229 return (Z_INVAL);
3230
3231 if (strcmp(attr->zone_attr_type, DTD_ENTITY_UINT) != 0)
3232 return (Z_INVAL);
3233
3234 errno = 0;
3235 result = strtoull(attr->zone_attr_value, &endptr, 10);
3236 if (errno != 0 || *endptr != '\0')
3237 return (Z_INVAL);
3238 errno = 0;
3239 neg_result = strtoll(attr->zone_attr_value, &endptr, 10);
3240 /*
3241 * Incredibly, strtoull("<negative number>", ...) will not fail but
3242 * return whatever (negative) number cast as a u_longlong_t, so we
3243 * need to look for this here.
3244 */
3245 if (errno == 0 && neg_result < 0)
3246 return (Z_INVAL);
3247 *value = result;
3248 return (Z_OK);
3249 }
3250
3251 int
3252 zonecfg_lookup_rctl(zone_dochandle_t handle, struct zone_rctltab *tabptr)
3253 {
3254 xmlNodePtr cur, val;
3255 char savedname[MAXNAMELEN];
3256 struct zone_rctlvaltab *valptr;
3257 int err;
3258
3259 if (strlen(tabptr->zone_rctl_name) == 0)
3260 return (Z_INVAL);
3261
3262 if ((err = operation_prep(handle)) != Z_OK)
3263 return (err);
3264
3265 cur = handle->zone_dh_cur;
3266 for (cur = cur->xmlChildrenNode; cur != NULL; cur = cur->next) {
3267 if (xmlStrcmp(cur->name, DTD_ELEM_RCTL))
3268 continue;
3269 if ((fetchprop(cur, DTD_ATTR_NAME, savedname,
3270 sizeof (savedname)) == Z_OK) &&
3271 (strcmp(savedname, tabptr->zone_rctl_name) == 0)) {
3272 tabptr->zone_rctl_valptr = NULL;
3273 for (val = cur->xmlChildrenNode; val != NULL;
3274 val = val->next) {
3275 valptr = (struct zone_rctlvaltab *)malloc(
3276 sizeof (struct zone_rctlvaltab));
3277 if (valptr == NULL)
3278 return (Z_NOMEM);
3279 if ((fetchprop(val, DTD_ATTR_PRIV,
3280 valptr->zone_rctlval_priv,
3281 sizeof (valptr->zone_rctlval_priv)) !=
3282 Z_OK))
3283 break;
3284 if ((fetchprop(val, DTD_ATTR_LIMIT,
3285 valptr->zone_rctlval_limit,
3286 sizeof (valptr->zone_rctlval_limit)) !=
3287 Z_OK))
3288 break;
3289 if ((fetchprop(val, DTD_ATTR_ACTION,
3290 valptr->zone_rctlval_action,
3291 sizeof (valptr->zone_rctlval_action)) !=
3292 Z_OK))
3293 break;
3294 if (zonecfg_add_rctl_value(tabptr, valptr) !=
3295 Z_OK)
3296 break;
3297 }
3298 return (Z_OK);
3299 }
3300 }
3301 return (Z_NO_RESOURCE_ID);
3302 }
3303
3304 static int
3305 zonecfg_add_rctl_core(zone_dochandle_t handle, struct zone_rctltab *tabptr)
3306 {
3307 xmlNodePtr newnode, cur = handle->zone_dh_cur, valnode;
3308 struct zone_rctlvaltab *valptr;
3309 int err;
3310
3311 newnode = xmlNewTextChild(cur, NULL, DTD_ELEM_RCTL, NULL);
3312 err = newprop(newnode, DTD_ATTR_NAME, tabptr->zone_rctl_name);
3313 if (err != Z_OK)
3314 return (err);
3315 for (valptr = tabptr->zone_rctl_valptr; valptr != NULL;
3316 valptr = valptr->zone_rctlval_next) {
3317 valnode = xmlNewTextChild(newnode, NULL,
3318 DTD_ELEM_RCTLVALUE, NULL);
3319 err = newprop(valnode, DTD_ATTR_PRIV,
3320 valptr->zone_rctlval_priv);
3321 if (err != Z_OK)
3322 return (err);
3323 err = newprop(valnode, DTD_ATTR_LIMIT,
3324 valptr->zone_rctlval_limit);
3325 if (err != Z_OK)
3326 return (err);
3327 err = newprop(valnode, DTD_ATTR_ACTION,
3328 valptr->zone_rctlval_action);
3329 if (err != Z_OK)
3330 return (err);
3331 }
3332 return (Z_OK);
3333 }
3334
3335 int
3336 zonecfg_add_rctl(zone_dochandle_t handle, struct zone_rctltab *tabptr)
3337 {
3338 int err;
3339
3340 if (tabptr == NULL)
3341 return (Z_INVAL);
3342
3343 if ((err = operation_prep(handle)) != Z_OK)
3344 return (err);
3345
3346 if ((err = zonecfg_add_rctl_core(handle, tabptr)) != Z_OK)
3347 return (err);
3348
3349 return (Z_OK);
3350 }
3351
3352 static int
3353 zonecfg_delete_rctl_core(zone_dochandle_t handle, struct zone_rctltab *tabptr)
3354 {
3355 xmlNodePtr cur = handle->zone_dh_cur;
3356 xmlChar *savedname;
3357 int name_result;
3358
3359 for (cur = cur->xmlChildrenNode; cur != NULL; cur = cur->next) {
3360 if (xmlStrcmp(cur->name, DTD_ELEM_RCTL))
3361 continue;
3362
3363 savedname = xmlGetProp(cur, DTD_ATTR_NAME);
3364 if (savedname == NULL) /* shouldn't happen */
3365 continue;
3366 name_result = xmlStrcmp(savedname,
3367 (const xmlChar *) tabptr->zone_rctl_name);
3368 xmlFree(savedname);
3369
3370 if (name_result == 0) {
3371 xmlUnlinkNode(cur);
3372 xmlFreeNode(cur);
3373 return (Z_OK);
3374 }
3375 }
3376 return (Z_NO_RESOURCE_ID);
3377 }
3378
3379 int
3380 zonecfg_delete_rctl(zone_dochandle_t handle, struct zone_rctltab *tabptr)
3381 {
3382 int err;
3383
3384 if (tabptr == NULL)
3385 return (Z_INVAL);
3386
3387 if ((err = operation_prep(handle)) != Z_OK)
3388 return (err);
3389
3390 if ((err = zonecfg_delete_rctl_core(handle, tabptr)) != Z_OK)
3391 return (err);
3392
3393 return (Z_OK);
3394 }
3395
3396 int
3397 zonecfg_modify_rctl(
3398 zone_dochandle_t handle,
3399 struct zone_rctltab *oldtabptr,
3400 struct zone_rctltab *newtabptr)
3401 {
3402 int err;
3403
3404 if (oldtabptr == NULL || newtabptr == NULL)
3405 return (Z_INVAL);
3406
3407 if ((err = operation_prep(handle)) != Z_OK)
3408 return (err);
3409
3410 if ((err = zonecfg_delete_rctl_core(handle, oldtabptr)) != Z_OK)
3411 return (err);
3412
3413 if ((err = zonecfg_add_rctl_core(handle, newtabptr)) != Z_OK)
3414 return (err);
3415
3416 return (Z_OK);
3417 }
3418
3419 int
3420 zonecfg_add_rctl_value(
3421 struct zone_rctltab *tabptr,
3422 struct zone_rctlvaltab *valtabptr)
3423 {
3424 struct zone_rctlvaltab *last, *old, *new;
3425 rctlblk_t *rctlblk = alloca(rctlblk_size());
3426
3427 last = tabptr->zone_rctl_valptr;
3428 for (old = last; old != NULL; old = old->zone_rctlval_next)
3429 last = old; /* walk to the end of the list */
3430 new = valtabptr; /* alloc'd by caller */
3431 new->zone_rctlval_next = NULL;
3432 if (zonecfg_construct_rctlblk(valtabptr, rctlblk) != Z_OK)
3433 return (Z_INVAL);
3434 if (!zonecfg_valid_rctlblk(rctlblk))
3435 return (Z_INVAL);
3436 if (last == NULL)
3437 tabptr->zone_rctl_valptr = new;
3438 else
3439 last->zone_rctlval_next = new;
3440 return (Z_OK);
3441 }
3442
3443 int
3444 zonecfg_remove_rctl_value(
3445 struct zone_rctltab *tabptr,
3446 struct zone_rctlvaltab *valtabptr)
3447 {
3448 struct zone_rctlvaltab *last, *this, *next;
3449
3450 last = tabptr->zone_rctl_valptr;
3451 for (this = last; this != NULL; this = this->zone_rctlval_next) {
3452 if (strcmp(this->zone_rctlval_priv,
3453 valtabptr->zone_rctlval_priv) == 0 &&
3454 strcmp(this->zone_rctlval_limit,
3455 valtabptr->zone_rctlval_limit) == 0 &&
3456 strcmp(this->zone_rctlval_action,
3457 valtabptr->zone_rctlval_action) == 0) {
3458 next = this->zone_rctlval_next;
3459 if (this == tabptr->zone_rctl_valptr)
3460 tabptr->zone_rctl_valptr = next;
3461 else
3462 last->zone_rctlval_next = next;
3463 free(this);
3464 return (Z_OK);
3465 } else
3466 last = this;
3467 }
3468 return (Z_NO_PROPERTY_ID);
3469 }
3470
3471 void
3472 zonecfg_set_swinv(zone_dochandle_t handle)
3473 {
3474 handle->zone_dh_sw_inv = B_TRUE;
3475 }
3476
3477 /*
3478 * Add the pkg to the sw inventory on the handle.
3479 */
3480 int
3481 zonecfg_add_pkg(zone_dochandle_t handle, char *name, char *version)
3482 {
3483 xmlNodePtr newnode;
3484 xmlNodePtr cur;
3485 int err;
3486
3487 if ((err = operation_prep(handle)) != Z_OK)
3488 return (err);
3489
3490 cur = handle->zone_dh_cur;
3491 newnode = xmlNewTextChild(cur, NULL, DTD_ELEM_PACKAGE, NULL);
3492 if ((err = newprop(newnode, DTD_ATTR_NAME, name)) != Z_OK)
3493 return (err);
3494 if ((err = newprop(newnode, DTD_ATTR_VERSION, version)) != Z_OK)
3495 return (err);
3496 return (Z_OK);
3497 }
3498
3499 char *
3500 zonecfg_strerror(int errnum)
3501 {
3502 switch (errnum) {
3503 case Z_OK:
3504 return (dgettext(TEXT_DOMAIN, "OK"));
3505 case Z_EMPTY_DOCUMENT:
3506 return (dgettext(TEXT_DOMAIN, "Empty document"));
3507 case Z_WRONG_DOC_TYPE:
3508 return (dgettext(TEXT_DOMAIN, "Wrong document type"));
3509 case Z_BAD_PROPERTY:
3510 return (dgettext(TEXT_DOMAIN, "Bad document property"));
3511 case Z_TEMP_FILE:
3512 return (dgettext(TEXT_DOMAIN,
3513 "Problem creating temporary file"));
3514 case Z_SAVING_FILE:
3515 return (dgettext(TEXT_DOMAIN, "Problem saving file"));
3516 case Z_NO_ENTRY:
3517 return (dgettext(TEXT_DOMAIN, "No such entry"));
3518 case Z_BOGUS_ZONE_NAME:
3519 return (dgettext(TEXT_DOMAIN, "Bogus zone name"));
3520 case Z_REQD_RESOURCE_MISSING:
3521 return (dgettext(TEXT_DOMAIN, "Required resource missing"));
3522 case Z_REQD_PROPERTY_MISSING:
3523 return (dgettext(TEXT_DOMAIN, "Required property missing"));
3524 case Z_BAD_HANDLE:
3525 return (dgettext(TEXT_DOMAIN, "Bad handle"));
3526 case Z_NOMEM:
3527 return (dgettext(TEXT_DOMAIN, "Out of memory"));
3528 case Z_INVAL:
3529 return (dgettext(TEXT_DOMAIN, "Invalid argument"));
3530 case Z_ACCES:
3531 return (dgettext(TEXT_DOMAIN, "Permission denied"));
3532 case Z_TOO_BIG:
3533 return (dgettext(TEXT_DOMAIN, "Argument list too long"));
3534 case Z_MISC_FS:
3535 return (dgettext(TEXT_DOMAIN,
3536 "Miscellaneous file system error"));
3537 case Z_NO_ZONE:
3538 return (dgettext(TEXT_DOMAIN, "No such zone configured"));
3539 case Z_NO_RESOURCE_TYPE:
3540 return (dgettext(TEXT_DOMAIN, "No such resource type"));
3541 case Z_NO_RESOURCE_ID:
3542 return (dgettext(TEXT_DOMAIN, "No such resource with that id"));
3543 case Z_NO_PROPERTY_TYPE:
3544 return (dgettext(TEXT_DOMAIN, "No such property type"));
3545 case Z_NO_PROPERTY_ID:
3546 return (dgettext(TEXT_DOMAIN, "No such property with that id"));
3547 case Z_BAD_ZONE_STATE:
3548 return (dgettext(TEXT_DOMAIN,
3549 "Zone state is invalid for the requested operation"));
3550 case Z_INVALID_DOCUMENT:
3551 return (dgettext(TEXT_DOMAIN, "Invalid document"));
3552 case Z_NAME_IN_USE:
3553 return (dgettext(TEXT_DOMAIN, "Zone name already in use"));
3554 case Z_NO_SUCH_ID:
3555 return (dgettext(TEXT_DOMAIN, "No such zone ID"));
3556 case Z_UPDATING_INDEX:
3557 return (dgettext(TEXT_DOMAIN, "Problem updating index file"));
3558 case Z_LOCKING_FILE:
3559 return (dgettext(TEXT_DOMAIN, "Locking index file"));
3560 case Z_UNLOCKING_FILE:
3561 return (dgettext(TEXT_DOMAIN, "Unlocking index file"));
3562 case Z_INSUFFICIENT_SPEC:
3563 return (dgettext(TEXT_DOMAIN, "Insufficient specification"));
3564 case Z_RESOLVED_PATH:
3565 return (dgettext(TEXT_DOMAIN, "Resolved path mismatch"));
3566 case Z_IPV6_ADDR_PREFIX_LEN:
3567 return (dgettext(TEXT_DOMAIN,
3568 "IPv6 address missing required prefix length"));
3569 case Z_BOGUS_ADDRESS:
3570 return (dgettext(TEXT_DOMAIN,
3571 "Neither an IPv4 nor an IPv6 address nor a host name"));
3572 case Z_PRIV_PROHIBITED:
3573 return (dgettext(TEXT_DOMAIN,
3574 "Specified privilege is prohibited"));
3575 case Z_PRIV_REQUIRED:
3576 return (dgettext(TEXT_DOMAIN,
3577 "Required privilege is missing"));
3578 case Z_PRIV_UNKNOWN:
3579 return (dgettext(TEXT_DOMAIN,
3580 "Specified privilege is unknown"));
3581 case Z_BRAND_ERROR:
3582 return (dgettext(TEXT_DOMAIN,
3583 "Brand-specific error"));
3584 case Z_INCOMPATIBLE:
3585 return (dgettext(TEXT_DOMAIN, "Incompatible settings"));
3586 case Z_ALIAS_DISALLOW:
3587 return (dgettext(TEXT_DOMAIN,
3588 "An incompatible rctl already exists for this property"));
3589 case Z_CLEAR_DISALLOW:
3590 return (dgettext(TEXT_DOMAIN,
3591 "Clearing this property is not allowed"));
3592 case Z_POOL:
3593 return (dgettext(TEXT_DOMAIN, "libpool(3LIB) error"));
3594 case Z_POOLS_NOT_ACTIVE:
3595 return (dgettext(TEXT_DOMAIN, "Pools facility not active; "
3596 "zone will not be bound to pool"));
3597 case Z_POOL_ENABLE:
3598 return (dgettext(TEXT_DOMAIN,
3599 "Could not enable pools facility"));
3600 case Z_NO_POOL:
3601 return (dgettext(TEXT_DOMAIN,
3602 "Pool not found; using default pool"));
3603 case Z_POOL_CREATE:
3604 return (dgettext(TEXT_DOMAIN,
3605 "Could not create a temporary pool"));
3606 case Z_POOL_BIND:
3607 return (dgettext(TEXT_DOMAIN, "Could not bind zone to pool"));
3608 case Z_INVALID_PROPERTY:
3609 return (dgettext(TEXT_DOMAIN, "Specified property is invalid"));
3610 case Z_SYSTEM:
3611 return (strerror(errno));
3612 default:
3613 return (dgettext(TEXT_DOMAIN, "Unknown error"));
3614 }
3615 }
3616
3617 /*
3618 * Note that the zonecfg_setXent() and zonecfg_endXent() calls are all the
3619 * same, as they just turn around and call zonecfg_setent() / zonecfg_endent().
3620 */
3621
3622 static int
3623 zonecfg_setent(zone_dochandle_t handle)
3624 {
3625 xmlNodePtr cur;
3626 int err;
3627
3628 if (handle == NULL)
3629 return (Z_INVAL);
3630
3631 if ((err = operation_prep(handle)) != Z_OK) {
3632 handle->zone_dh_cur = NULL;
3633 return (err);
3634 }
3635 cur = handle->zone_dh_cur;
3636 cur = cur->xmlChildrenNode;
3637 handle->zone_dh_cur = cur;
3638 return (Z_OK);
3639 }
3640
3641 static int
3642 zonecfg_endent(zone_dochandle_t handle)
3643 {
3644 if (handle == NULL)
3645 return (Z_INVAL);
3646
3647 handle->zone_dh_cur = handle->zone_dh_top;
3648 return (Z_OK);
3649 }
3650
3651 /*
3652 * Do the work required to manipulate a process through libproc.
3653 * If grab_process() returns no errors (0), then release_process()
3654 * must eventually be called.
3655 *
3656 * Return values:
3657 * 0 Successful creation of agent thread
3658 * 1 Error grabbing
3659 * 2 Error creating agent
3660 */
3661 static int
3662 grab_process(pr_info_handle_t *p)
3663 {
3664 int ret;
3665
3666 if ((p->pr = Pgrab(p->pid, 0, &ret)) != NULL) {
3667
3668 if (Psetflags(p->pr, PR_RLC) != 0) {
3669 Prelease(p->pr, 0);
3670 return (1);
3671 }
3672 if (Pcreate_agent(p->pr) == 0) {
3673 return (0);
3674
3675 } else {
3676 Prelease(p->pr, 0);
3677 return (2);
3678 }
3679 } else {
3680 return (1);
3681 }
3682 }
3683
3684 /*
3685 * Release the specified process. This destroys the agent
3686 * and releases the process. If the process is NULL, nothing
3687 * is done. This function should only be called if grab_process()
3688 * has previously been called and returned success.
3689 *
3690 * This function is Pgrab-safe.
3691 */
3692 static void
3693 release_process(struct ps_prochandle *Pr)
3694 {
3695 if (Pr == NULL)
3696 return;
3697
3698 Pdestroy_agent(Pr);
3699 Prelease(Pr, 0);
3700 }
3701
3702 static boolean_t
3703 grab_zone_proc(char *zonename, pr_info_handle_t *p)
3704 {
3705 DIR *dirp;
3706 struct dirent *dentp;
3707 zoneid_t zoneid;
3708 int pid_self;
3709 psinfo_t psinfo;
3710
3711 if (zone_get_id(zonename, &zoneid) != 0)
3712 return (B_FALSE);
3713
3714 pid_self = getpid();
3715
3716 if ((dirp = opendir("/proc")) == NULL)
3717 return (B_FALSE);
3718
3719 while (dentp = readdir(dirp)) {
3720 p->pid = atoi(dentp->d_name);
3721
3722 /* Skip self */
3723 if (p->pid == pid_self)
3724 continue;
3725
3726 if (proc_get_psinfo(p->pid, &psinfo) != 0)
3727 continue;
3728
3729 if (psinfo.pr_zoneid != zoneid)
3730 continue;
3731
3732 /* attempt to grab process */
3733 if (grab_process(p) != 0)
3734 continue;
3735
3736 if (pr_getzoneid(p->pr) != zoneid) {
3737 release_process(p->pr);
3738 continue;
3739 }
3740
3741 (void) closedir(dirp);
3742 return (B_TRUE);
3743 }
3744
3745 (void) closedir(dirp);
3746 return (B_FALSE);
3747 }
3748
3749 static boolean_t
3750 get_priv_rctl(struct ps_prochandle *pr, char *name, rctlblk_t *rblk)
3751 {
3752 if (pr_getrctl(pr, name, NULL, rblk, RCTL_FIRST))
3753 return (B_FALSE);
3754
3755 if (rctlblk_get_privilege(rblk) == RCPRIV_PRIVILEGED)
3756 return (B_TRUE);
3757
3758 while (pr_getrctl(pr, name, rblk, rblk, RCTL_NEXT) == 0) {
3759 if (rctlblk_get_privilege(rblk) == RCPRIV_PRIVILEGED)
3760 return (B_TRUE);
3761 }
3762
3763 return (B_FALSE);
3764 }
3765
3766 /*
3767 * Apply the current rctl settings to the specified, running zone.
3768 */
3769 int
3770 zonecfg_apply_rctls(char *zone_name, zone_dochandle_t handle)
3771 {
3772 int err;
3773 int res = Z_OK;
3774 rctlblk_t *rblk;
3775 pr_info_handle_t p;
3776 struct zone_rctltab rctl;
3777
3778 if ((err = zonecfg_setrctlent(handle)) != Z_OK)
3779 return (err);
3780
3781 if ((rblk = (rctlblk_t *)malloc(rctlblk_size())) == NULL) {
3782 (void) zonecfg_endrctlent(handle);
3783 return (Z_NOMEM);
3784 }
3785
3786 if (!grab_zone_proc(zone_name, &p)) {
3787 (void) zonecfg_endrctlent(handle);
3788 free(rblk);
3789 return (Z_SYSTEM);
3790 }
3791
3792 while (zonecfg_getrctlent(handle, &rctl) == Z_OK) {
3793 char *rname;
3794 struct zone_rctlvaltab *valptr;
3795
3796 rname = rctl.zone_rctl_name;
3797
3798 /* first delete all current privileged settings for this rctl */
3799 while (get_priv_rctl(p.pr, rname, rblk)) {
3800 if (pr_setrctl(p.pr, rname, NULL, rblk, RCTL_DELETE) !=
3801 0) {
3802 res = Z_SYSTEM;
3803 goto done;
3804 }
3805 }
3806
3807 /* now set each new value for the rctl */
3808 for (valptr = rctl.zone_rctl_valptr; valptr != NULL;
3809 valptr = valptr->zone_rctlval_next) {
3810 if ((err = zonecfg_construct_rctlblk(valptr, rblk))
3811 != Z_OK) {
3812 res = errno = err;
3813 goto done;
3814 }
3815
3816 if (pr_setrctl(p.pr, rname, NULL, rblk, RCTL_INSERT)) {
3817 res = Z_SYSTEM;
3818 goto done;
3819 }
3820 }
3821 }
3822
3823 done:
3824 release_process(p.pr);
3825 free(rblk);
3826 (void) zonecfg_endrctlent(handle);
3827
3828 return (res);
3829 }
3830
3831 static const xmlChar *
3832 nm_to_dtd(char *nm)
3833 {
3834 if (strcmp(nm, "device") == 0)
3835 return (DTD_ELEM_DEVICE);
3836 if (strcmp(nm, "fs") == 0)
3837 return (DTD_ELEM_FS);
3838 if (strcmp(nm, "net") == 0)
3839 return (DTD_ELEM_NET);
3840 if (strcmp(nm, "attr") == 0)
3841 return (DTD_ELEM_ATTR);
3842 if (strcmp(nm, "rctl") == 0)
3843 return (DTD_ELEM_RCTL);
3844 if (strcmp(nm, "dataset") == 0)
3845 return (DTD_ELEM_DATASET);
3846 if (strcmp(nm, "admin") == 0)
3847 return (DTD_ELEM_ADMIN);
3848
3849 return (NULL);
3850 }
3851
3852 int
3853 zonecfg_num_resources(zone_dochandle_t handle, char *rsrc)
3854 {
3855 int num = 0;
3856 const xmlChar *dtd;
3857 xmlNodePtr cur;
3858
3859 if ((dtd = nm_to_dtd(rsrc)) == NULL)
3860 return (num);
3861
3862 if (zonecfg_setent(handle) != Z_OK)
3863 return (num);
3864
3865 for (cur = handle->zone_dh_cur; cur != NULL; cur = cur->next)
3866 if (xmlStrcmp(cur->name, dtd) == 0)
3867 num++;
3868
3869 (void) zonecfg_endent(handle);
3870
3871 return (num);
3872 }
3873
3874 int
3875 zonecfg_del_all_resources(zone_dochandle_t handle, char *rsrc)
3876 {
3877 int err;
3878 const xmlChar *dtd;
3879 xmlNodePtr cur;
3880
3881 if ((dtd = nm_to_dtd(rsrc)) == NULL)
3882 return (Z_NO_RESOURCE_TYPE);
3883
3884 if ((err = zonecfg_setent(handle)) != Z_OK)
3885 return (err);
3886
3887 cur = handle->zone_dh_cur;
3888 while (cur != NULL) {
3889 xmlNodePtr tmp;
3890
3891 if (xmlStrcmp(cur->name, dtd)) {
3892 cur = cur->next;
3893 continue;
3894 }
3895
3896 tmp = cur->next;
3897 xmlUnlinkNode(cur);
3898 xmlFreeNode(cur);
3899 cur = tmp;
3900 }
3901
3902 (void) zonecfg_endent(handle);
3903 return (Z_OK);
3904 }
3905
3906 static boolean_t
3907 valid_uint(char *s, uint64_t *n)
3908 {
3909 char *endp;
3910
3911 /* strtoull accepts '-'?! so we want to flag that as an error */
3912 if (strchr(s, '-') != NULL)
3913 return (B_FALSE);
3914
3915 errno = 0;
3916 *n = strtoull(s, &endp, 10);
3917
3918 if (errno != 0 || *endp != '\0')
3919 return (B_FALSE);
3920 return (B_TRUE);
3921 }
3922
3923 /*
3924 * Convert a string representing a number (possibly a fraction) into an integer.
3925 * The string can have a modifier (K, M, G or T). The modifiers are treated
3926 * as powers of two (not 10).
3927 */
3928 int
3929 zonecfg_str_to_bytes(char *str, uint64_t *bytes)
3930 {
3931 long double val;
3932 char *unitp;
3933 uint64_t scale;
3934
3935 if ((val = strtold(str, &unitp)) < 0)
3936 return (-1);
3937
3938 /* remove any leading white space from units string */
3939 while (isspace(*unitp) != 0)
3940 ++unitp;
3941
3942 /* if no units explicitly set, error */
3943 if (unitp == NULL || *unitp == '\0') {
3944 scale = 1;
3945 } else {
3946 int i;
3947 char *units[] = {"K", "M", "G", "T", NULL};
3948
3949 scale = 1024;
3950
3951 /* update scale based on units */
3952 for (i = 0; units[i] != NULL; i++) {
3953 if (strcasecmp(unitp, units[i]) == 0)
3954 break;
3955 scale <<= 10;
3956 }
3957
3958 if (units[i] == NULL)
3959 return (-1);
3960 }
3961
3962 *bytes = (uint64_t)(val * scale);
3963 return (0);
3964 }
3965
3966 boolean_t
3967 zonecfg_valid_ncpus(char *lowstr, char *highstr)
3968 {
3969 uint64_t low, high;
3970
3971 if (!valid_uint(lowstr, &low) || !valid_uint(highstr, &high) ||
3972 low < 1 || low > high)
3973 return (B_FALSE);
3974
3975 return (B_TRUE);
3976 }
3977
3978 boolean_t
3979 zonecfg_valid_importance(char *impstr)
3980 {
3981 uint64_t num;
3982
3983 if (!valid_uint(impstr, &num))
3984 return (B_FALSE);
3985
3986 return (B_TRUE);
3987 }
3988
3989 boolean_t
3990 zonecfg_valid_alias_limit(char *name, char *limitstr, uint64_t *limit)
3991 {
3992 int i;
3993
3994 for (i = 0; aliases[i].shortname != NULL; i++)
3995 if (strcmp(name, aliases[i].shortname) == 0)
3996 break;
3997
3998 if (aliases[i].shortname == NULL)
3999 return (B_FALSE);
4000
4001 if (!valid_uint(limitstr, limit) || *limit < aliases[i].low_limit)
4002 return (B_FALSE);
4003
4004 return (B_TRUE);
4005 }
4006
4007 boolean_t
4008 zonecfg_valid_memlimit(char *memstr, uint64_t *mem_val)
4009 {
4010 if (zonecfg_str_to_bytes(memstr, mem_val) != 0)
4011 return (B_FALSE);
4012
4013 return (B_TRUE);
4014 }
4015
4016 static int
4017 zerr_pool(char *pool_err, int err_size, int res)
4018 {
4019 (void) strlcpy(pool_err, pool_strerror(pool_error()), err_size);
4020 return (res);
4021 }
4022
4023 static int
4024 create_tmp_pset(char *pool_err, int err_size, pool_conf_t *pconf, pool_t *pool,
4025 char *name, int min, int max)
4026 {
4027 pool_resource_t *res;
4028 pool_elem_t *elem;
4029 pool_value_t *val;
4030
4031 if ((res = pool_resource_create(pconf, "pset", name)) == NULL)
4032 return (zerr_pool(pool_err, err_size, Z_POOL));
4033
4034 if (pool_associate(pconf, pool, res) != PO_SUCCESS)
4035 return (zerr_pool(pool_err, err_size, Z_POOL));
4036
4037 if ((elem = pool_resource_to_elem(pconf, res)) == NULL)
4038 return (zerr_pool(pool_err, err_size, Z_POOL));
4039
4040 if ((val = pool_value_alloc()) == NULL)
4041 return (zerr_pool(pool_err, err_size, Z_POOL));
4042
4043 /* set the maximum number of cpus for the pset */
4044 pool_value_set_uint64(val, (uint64_t)max);
4045
4046 if (pool_put_property(pconf, elem, "pset.max", val) != PO_SUCCESS) {
4047 pool_value_free(val);
4048 return (zerr_pool(pool_err, err_size, Z_POOL));
4049 }
4050
4051 /* set the minimum number of cpus for the pset */
4052 pool_value_set_uint64(val, (uint64_t)min);
4053
4054 if (pool_put_property(pconf, elem, "pset.min", val) != PO_SUCCESS) {
4055 pool_value_free(val);
4056 return (zerr_pool(pool_err, err_size, Z_POOL));
4057 }
4058
4059 pool_value_free(val);
4060
4061 return (Z_OK);
4062 }
4063
4064 static int
4065 create_tmp_pool(char *pool_err, int err_size, pool_conf_t *pconf, char *name,
4066 struct zone_psettab *pset_tab)
4067 {
4068 pool_t *pool;
4069 int res = Z_OK;
4070
4071 /* create a temporary pool configuration */
4072 if (pool_conf_open(pconf, NULL, PO_TEMP) != PO_SUCCESS) {
4073 res = zerr_pool(pool_err, err_size, Z_POOL);
4074 return (res);
4075 }
4076
4077 if ((pool = pool_create(pconf, name)) == NULL) {
4078 res = zerr_pool(pool_err, err_size, Z_POOL_CREATE);
4079 goto done;
4080 }
4081
4082 /* set pool importance */
4083 if (pset_tab->zone_importance[0] != '\0') {
4084 pool_elem_t *elem;
4085 pool_value_t *val;
4086
4087 if ((elem = pool_to_elem(pconf, pool)) == NULL) {
4088 res = zerr_pool(pool_err, err_size, Z_POOL);
4089 goto done;
4090 }
4091
4092 if ((val = pool_value_alloc()) == NULL) {
4093 res = zerr_pool(pool_err, err_size, Z_POOL);
4094 goto done;
4095 }
4096
4097 pool_value_set_int64(val,
4098 (int64_t)atoi(pset_tab->zone_importance));
4099
4100 if (pool_put_property(pconf, elem, "pool.importance", val)
4101 != PO_SUCCESS) {
4102 res = zerr_pool(pool_err, err_size, Z_POOL);
4103 pool_value_free(val);
4104 goto done;
4105 }
4106
4107 pool_value_free(val);
4108 }
4109
4110 if ((res = create_tmp_pset(pool_err, err_size, pconf, pool, name,
4111 atoi(pset_tab->zone_ncpu_min),
4112 atoi(pset_tab->zone_ncpu_max))) != Z_OK)
4113 goto done;
4114
4115 /* validation */
4116 if (pool_conf_status(pconf) == POF_INVALID) {
4117 res = zerr_pool(pool_err, err_size, Z_POOL);
4118 goto done;
4119 }
4120
4121 /*
4122 * This validation is the one we expect to fail if the user specified
4123 * an invalid configuration (too many cpus) for this system.
4124 */
4125 if (pool_conf_validate(pconf, POV_RUNTIME) != PO_SUCCESS) {
4126 res = zerr_pool(pool_err, err_size, Z_POOL_CREATE);
4127 goto done;
4128 }
4129
4130 /*
4131 * Commit the dynamic configuration but not the pool configuration
4132 * file.
4133 */
4134 if (pool_conf_commit(pconf, 1) != PO_SUCCESS)
4135 res = zerr_pool(pool_err, err_size, Z_POOL);
4136
4137 done:
4138 (void) pool_conf_close(pconf);
4139 return (res);
4140 }
4141
4142 static int
4143 get_running_tmp_pset(pool_conf_t *pconf, pool_t *pool, pool_resource_t *pset,
4144 struct zone_psettab *pset_tab)
4145 {
4146 int nfound = 0;
4147 pool_elem_t *pe;
4148 pool_value_t *pv = pool_value_alloc();
4149 uint64_t val_uint;
4150
4151 if (pool != NULL) {
4152 pe = pool_to_elem(pconf, pool);
4153 if (pool_get_property(pconf, pe, "pool.importance", pv)
4154 != POC_INVAL) {
4155 int64_t val_int;
4156
4157 (void) pool_value_get_int64(pv, &val_int);
4158 (void) snprintf(pset_tab->zone_importance,
4159 sizeof (pset_tab->zone_importance), "%d", val_int);
4160 nfound++;
4161 }
4162 }
4163
4164 if (pset != NULL) {
4165 pe = pool_resource_to_elem(pconf, pset);
4166 if (pool_get_property(pconf, pe, "pset.min", pv) != POC_INVAL) {
4167 (void) pool_value_get_uint64(pv, &val_uint);
4168 (void) snprintf(pset_tab->zone_ncpu_min,
4169 sizeof (pset_tab->zone_ncpu_min), "%u", val_uint);
4170 nfound++;
4171 }
4172
4173 if (pool_get_property(pconf, pe, "pset.max", pv) != POC_INVAL) {
4174 (void) pool_value_get_uint64(pv, &val_uint);
4175 (void) snprintf(pset_tab->zone_ncpu_max,
4176 sizeof (pset_tab->zone_ncpu_max), "%u", val_uint);
4177 nfound++;
4178 }
4179 }
4180
4181 pool_value_free(pv);
4182
4183 if (nfound == 3)
4184 return (PO_SUCCESS);
4185
4186 return (PO_FAIL);
4187 }
4188
4189 /*
4190 * Determine if a tmp pool is configured and if so, if the configuration is
4191 * still valid or if it has been changed since the tmp pool was created.
4192 * If the tmp pool configuration is no longer valid, delete the tmp pool.
4193 *
4194 * Set *valid=B_TRUE if there is an existing, valid tmp pool configuration.
4195 */
4196 static int
4197 verify_del_tmp_pool(pool_conf_t *pconf, char *tmp_name, char *pool_err,
4198 int err_size, struct zone_psettab *pset_tab, boolean_t *exists)
4199 {
4200 int res = Z_OK;
4201 pool_t *pool;
4202 pool_resource_t *pset;
4203 struct zone_psettab pset_current;
4204
4205 *exists = B_FALSE;
4206
4207 if (pool_conf_open(pconf, pool_dynamic_location(), PO_RDWR)
4208 != PO_SUCCESS) {
4209 res = zerr_pool(pool_err, err_size, Z_POOL);
4210 return (res);
4211 }
4212
4213 pool = pool_get_pool(pconf, tmp_name);
4214 pset = pool_get_resource(pconf, "pset", tmp_name);
4215
4216 if (pool == NULL && pset == NULL) {
4217 /* no tmp pool configured */
4218 goto done;
4219 }
4220
4221 /*
4222 * If an existing tmp pool for this zone is configured with the proper
4223 * settings, then the tmp pool is valid.
4224 */
4225 if (get_running_tmp_pset(pconf, pool, pset, &pset_current)
4226 == PO_SUCCESS &&
4227 strcmp(pset_tab->zone_ncpu_min,
4228 pset_current.zone_ncpu_min) == 0 &&
4229 strcmp(pset_tab->zone_ncpu_max,
4230 pset_current.zone_ncpu_max) == 0 &&
4231 strcmp(pset_tab->zone_importance,
4232 pset_current.zone_importance) == 0) {
4233 *exists = B_TRUE;
4234
4235 } else {
4236 /*
4237 * An out-of-date tmp pool configuration exists. Delete it
4238 * so that we can create the correct tmp pool config.
4239 */
4240 if (pset != NULL &&
4241 pool_resource_destroy(pconf, pset) != PO_SUCCESS) {
4242 res = zerr_pool(pool_err, err_size, Z_POOL);
4243 goto done;
4244 }
4245
4246 if (pool != NULL &&
4247 pool_destroy(pconf, pool) != PO_SUCCESS) {
4248 res = zerr_pool(pool_err, err_size, Z_POOL);
4249 goto done;
4250 }
4251
4252 /* commit dynamic config */
4253 if (pool_conf_commit(pconf, 0) != PO_SUCCESS)
4254 res = zerr_pool(pool_err, err_size, Z_POOL);
4255 }
4256
4257 done:
4258 (void) pool_conf_close(pconf);
4259
4260 return (res);
4261 }
4262
4263 /*
4264 * Destroy any existing tmp pool.
4265 */
4266 int
4267 zonecfg_destroy_tmp_pool(char *zone_name, char *pool_err, int err_size)
4268 {
4269 int status;
4270 int res = Z_OK;
4271 pool_conf_t *pconf;
4272 pool_t *pool;
4273 pool_resource_t *pset;
4274 char tmp_name[MAX_TMP_POOL_NAME];
4275
4276 /* if pools not enabled then nothing to do */
4277 if (pool_get_status(&status) != PO_SUCCESS || status != POOL_ENABLED)
4278 return (Z_OK);
4279
4280 if ((pconf = pool_conf_alloc()) == NULL)
4281 return (zerr_pool(pool_err, err_size, Z_POOL));
4282
4283 (void) snprintf(tmp_name, sizeof (tmp_name), TMP_POOL_NAME, zone_name);
4284
4285 if (pool_conf_open(pconf, pool_dynamic_location(), PO_RDWR)
4286 != PO_SUCCESS) {
4287 res = zerr_pool(pool_err, err_size, Z_POOL);
4288 pool_conf_free(pconf);
4289 return (res);
4290 }
4291
4292 pool = pool_get_pool(pconf, tmp_name);
4293 pset = pool_get_resource(pconf, "pset", tmp_name);
4294
4295 if (pool == NULL && pset == NULL) {
4296 /* nothing to destroy, we're done */
4297 goto done;
4298 }
4299
4300 if (pset != NULL && pool_resource_destroy(pconf, pset) != PO_SUCCESS) {
4301 res = zerr_pool(pool_err, err_size, Z_POOL);
4302 goto done;
4303 }
4304
4305 if (pool != NULL && pool_destroy(pconf, pool) != PO_SUCCESS) {
4306 res = zerr_pool(pool_err, err_size, Z_POOL);
4307 goto done;
4308 }
4309
4310 /* commit dynamic config */
4311 if (pool_conf_commit(pconf, 0) != PO_SUCCESS)
4312 res = zerr_pool(pool_err, err_size, Z_POOL);
4313
4314 done:
4315 (void) pool_conf_close(pconf);
4316 pool_conf_free(pconf);
4317
4318 return (res);
4319 }
4320
4321 /*
4322 * Attempt to bind to a tmp pool for this zone. If there is no tmp pool
4323 * configured, we just return Z_OK.
4324 *
4325 * We either attempt to create the tmp pool for this zone or rebind to an
4326 * existing tmp pool for this zone.
4327 *
4328 * Rebinding is used when a zone with a tmp pool reboots so that we don't have
4329 * to recreate the tmp pool. To do this we need to be sure we work correctly
4330 * for the following cases:
4331 *
4332 * - there is an existing, properly configured tmp pool.
4333 * - zonecfg added tmp pool after zone was booted, must now create.
4334 * - zonecfg updated tmp pool config after zone was booted, in this case
4335 * we destroy the old tmp pool and create a new one.
4336 */
4337 int
4338 zonecfg_bind_tmp_pool(zone_dochandle_t handle, zoneid_t zoneid, char *pool_err,
4339 int err_size)
4340 {
4341 struct zone_psettab pset_tab;
4342 int err;
4343 int status;
4344 pool_conf_t *pconf;
4345 boolean_t exists;
4346 char zone_name[ZONENAME_MAX];
4347 char tmp_name[MAX_TMP_POOL_NAME];
4348
4349 (void) getzonenamebyid(zoneid, zone_name, sizeof (zone_name));
4350
4351 err = zonecfg_lookup_pset(handle, &pset_tab);
4352
4353 /* if no temporary pool configured, we're done */
4354 if (err == Z_NO_ENTRY)
4355 return (Z_OK);
4356
4357 /*
4358 * importance might not have a value but we need to validate it here,
4359 * so set the default.
4360 */
4361 if (pset_tab.zone_importance[0] == '\0')
4362 (void) strlcpy(pset_tab.zone_importance, "1",
4363 sizeof (pset_tab.zone_importance));
4364
4365 /* if pools not enabled, enable them now */
4366 if (pool_get_status(&status) != PO_SUCCESS || status != POOL_ENABLED) {
4367 if (pool_set_status(POOL_ENABLED) != PO_SUCCESS)
4368 return (Z_POOL_ENABLE);
4369 }
4370
4371 if ((pconf = pool_conf_alloc()) == NULL)
4372 return (zerr_pool(pool_err, err_size, Z_POOL));
4373
4374 (void) snprintf(tmp_name, sizeof (tmp_name), TMP_POOL_NAME, zone_name);
4375
4376 /*
4377 * Check if a valid tmp pool/pset already exists. If so, we just
4378 * reuse it.
4379 */
4380 if ((err = verify_del_tmp_pool(pconf, tmp_name, pool_err, err_size,
4381 &pset_tab, &exists)) != Z_OK) {
4382 pool_conf_free(pconf);
4383 return (err);
4384 }
4385
4386 if (!exists)
4387 err = create_tmp_pool(pool_err, err_size, pconf, tmp_name,
4388 &pset_tab);
4389
4390 pool_conf_free(pconf);
4391
4392 if (err != Z_OK)
4393 return (err);
4394
4395 /* Bind the zone to the pool. */
4396 if (pool_set_binding(tmp_name, P_ZONEID, zoneid) != PO_SUCCESS)
4397 return (zerr_pool(pool_err, err_size, Z_POOL_BIND));
4398
4399 return (Z_OK);
4400 }
4401
4402 /*
4403 * Attempt to bind to a permanent pool for this zone. If there is no
4404 * permanent pool configured, we just return Z_OK.
4405 */
4406 int
4407 zonecfg_bind_pool(zone_dochandle_t handle, zoneid_t zoneid, char *pool_err,
4408 int err_size)
4409 {
4410 pool_conf_t *poolconf;
4411 pool_t *pool;
4412 char poolname[MAXPATHLEN];
4413 int status;
4414 int error;
4415
4416 /*
4417 * Find the pool mentioned in the zone configuration, and bind to it.
4418 */
4419 error = zonecfg_get_pool(handle, poolname, sizeof (poolname));
4420 if (error == Z_NO_ENTRY || (error == Z_OK && strlen(poolname) == 0)) {
4421 /*
4422 * The property is not set on the zone, so the pool
4423 * should be bound to the default pool. But that's
4424 * already done by the kernel, so we can just return.
4425 */
4426 return (Z_OK);
4427 }
4428 if (error != Z_OK) {
4429 /*
4430 * Not an error, even though it shouldn't be happening.
4431 */
4432 return (Z_OK);
4433 }
4434 /*
4435 * Don't do anything if pools aren't enabled.
4436 */
4437 if (pool_get_status(&status) != PO_SUCCESS || status != POOL_ENABLED)
4438 return (Z_POOLS_NOT_ACTIVE);
4439
4440 /*
4441 * Try to provide a sane error message if the requested pool doesn't
4442 * exist.
4443 */
4444 if ((poolconf = pool_conf_alloc()) == NULL)
4445 return (zerr_pool(pool_err, err_size, Z_POOL));
4446
4447 if (pool_conf_open(poolconf, pool_dynamic_location(), PO_RDONLY) !=
4448 PO_SUCCESS) {
4449 pool_conf_free(poolconf);
4450 return (zerr_pool(pool_err, err_size, Z_POOL));
4451 }
4452 pool = pool_get_pool(poolconf, poolname);
4453 (void) pool_conf_close(poolconf);
4454 pool_conf_free(poolconf);
4455 if (pool == NULL)
4456 return (Z_NO_POOL);
4457
4458 /*
4459 * Bind the zone to the pool.
4460 */
4461 if (pool_set_binding(poolname, P_ZONEID, zoneid) != PO_SUCCESS) {
4462 /* if bind fails, return poolname for the error msg */
4463 (void) strlcpy(pool_err, poolname, err_size);
4464 return (Z_POOL_BIND);
4465 }
4466
4467 return (Z_OK);
4468 }
4469
4470 int
4471 zonecfg_get_poolname(zone_dochandle_t handle, char *zone, char *pool,
4472 size_t poolsize)
4473 {
4474 int err;
4475 struct zone_psettab pset_tab;
4476
4477 err = zonecfg_lookup_pset(handle, &pset_tab);
4478 if ((err != Z_NO_ENTRY) && (err != Z_OK))
4479 return (err);
4480
4481 /* pset was found so a temporary pool was created */
4482 if (err == Z_OK) {
4483 (void) snprintf(pool, poolsize, TMP_POOL_NAME, zone);
4484 return (Z_OK);
4485 }
4486
4487 /* lookup the poolname in zonecfg */
4488 return (zonecfg_get_pool(handle, pool, poolsize));
4489 }
4490
4491 static boolean_t
4492 svc_enabled(char *svc_name)
4493 {
4494 scf_simple_prop_t *prop;
4495 boolean_t found = B_FALSE;
4496
4497 prop = scf_simple_prop_get(NULL, svc_name, SCF_PG_GENERAL,
4498 SCF_PROPERTY_ENABLED);
4499
4500 if (scf_simple_prop_numvalues(prop) == 1 &&
4501 *scf_simple_prop_next_boolean(prop) != 0)
4502 found = B_TRUE;
4503
4504 scf_simple_prop_free(prop);
4505
4506 return (found);
4507 }
4508
4509 /*
4510 * If the zone has capped-memory, make sure the rcap service is enabled.
4511 */
4512 int
4513 zonecfg_enable_rcapd(char *err, int size)
4514 {
4515 if (!svc_enabled(RCAP_SERVICE) &&
4516 smf_enable_instance(RCAP_SERVICE, 0) == -1) {
4517 (void) strlcpy(err, scf_strerror(scf_error()), size);
4518 return (Z_SYSTEM);
4519 }
4520
4521 return (Z_OK);
4522 }
4523
4524 /*
4525 * Return true if pset has cpu range specified and poold is not enabled.
4526 */
4527 boolean_t
4528 zonecfg_warn_poold(zone_dochandle_t handle)
4529 {
4530 struct zone_psettab pset_tab;
4531 int min, max;
4532 int err;
4533
4534 err = zonecfg_lookup_pset(handle, &pset_tab);
4535
4536 /* if no temporary pool configured, we're done */
4537 if (err == Z_NO_ENTRY)
4538 return (B_FALSE);
4539
4540 min = atoi(pset_tab.zone_ncpu_min);
4541 max = atoi(pset_tab.zone_ncpu_max);
4542
4543 /* range not specified, no need for poold */
4544 if (min == max)
4545 return (B_FALSE);
4546
4547 /* we have a range, check if poold service is enabled */
4548 if (svc_enabled(POOLD_SERVICE))
4549 return (B_FALSE);
4550
4551 return (B_TRUE);
4552 }
4553
4554 /*
4555 * Retrieve the specified pool's thread scheduling class. 'poolname' must
4556 * refer to the name of a configured resource pool. The thread scheduling
4557 * class specified by the pool will be stored in the buffer to which 'class'
4558 * points. 'clsize' is the byte size of the buffer to which 'class' points.
4559 *
4560 * This function returns Z_OK if it successfully stored the specified pool's
4561 * thread scheduling class into the buffer to which 'class' points. It returns
4562 * Z_NO_POOL if resource pools are not enabled, the function is unable to
4563 * access the system's resource pools configuration, or the specified pool
4564 * does not exist. The function returns Z_TOO_BIG if the buffer to which
4565 * 'class' points is not large enough to contain the thread scheduling class'
4566 * name. The function returns Z_NO_ENTRY if the pool does not specify a thread
4567 * scheduling class.
4568 */
4569 static int
4570 get_pool_sched_class(char *poolname, char *class, int clsize)
4571 {
4572 int status;
4573 pool_conf_t *poolconf;
4574 pool_t *pool;
4575 pool_elem_t *pe;
4576 pool_value_t *pv = pool_value_alloc();
4577 const char *sched_str;
4578
4579 if (pool_get_status(&status) != PO_SUCCESS || status != POOL_ENABLED)
4580 return (Z_NO_POOL);
4581
4582 if ((poolconf = pool_conf_alloc()) == NULL)
4583 return (Z_NO_POOL);
4584
4585 if (pool_conf_open(poolconf, pool_dynamic_location(), PO_RDONLY) !=
4586 PO_SUCCESS) {
4587 pool_conf_free(poolconf);
4588 return (Z_NO_POOL);
4589 }
4590
4591 if ((pool = pool_get_pool(poolconf, poolname)) == NULL) {
4592 (void) pool_conf_close(poolconf);
4593 pool_conf_free(poolconf);
4594 return (Z_NO_POOL);
4595 }
4596
4597 pe = pool_to_elem(poolconf, pool);
4598 if (pool_get_property(poolconf, pe, "pool.scheduler", pv) !=
4599 POC_STRING) {
4600 (void) pool_conf_close(poolconf);
4601 pool_conf_free(poolconf);
4602 return (Z_NO_ENTRY);
4603 }
4604 (void) pool_value_get_string(pv, &sched_str);
4605 (void) pool_conf_close(poolconf);
4606 pool_conf_free(poolconf);
4607 if (strlcpy(class, sched_str, clsize) >= clsize)
4608 return (Z_TOO_BIG);
4609 return (Z_OK);
4610 }
4611
4612 /*
4613 * Get the default scheduling class for the zone. This will either be the
4614 * class set on the zone's pool or the system default scheduling class.
4615 */
4616 int
4617 zonecfg_get_dflt_sched_class(zone_dochandle_t handle, char *class, int clsize)
4618 {
4619 char poolname[MAXPATHLEN];
4620
4621 if (zonecfg_get_pool(handle, poolname, sizeof (poolname)) == Z_OK) {
4622 /* check if the zone's pool specified a sched class */
4623 if (get_pool_sched_class(poolname, class, clsize) == Z_OK)
4624 return (Z_OK);
4625 }
4626
4627 if (priocntl(0, 0, PC_GETDFLCL, class, (uint64_t)clsize) == -1)
4628 return (Z_TOO_BIG);
4629
4630 return (Z_OK);
4631 }
4632
4633 int
4634 zonecfg_setfsent(zone_dochandle_t handle)
4635 {
4636 return (zonecfg_setent(handle));
4637 }
4638
4639 int
4640 zonecfg_getfsent(zone_dochandle_t handle, struct zone_fstab *tabptr)
4641 {
4642 xmlNodePtr cur, options;
4643 char options_str[MAX_MNTOPT_STR];
4644 int err;
4645
4646 if (handle == NULL)
4647 return (Z_INVAL);
4648
4649 if ((cur = handle->zone_dh_cur) == NULL)
4650 return (Z_NO_ENTRY);
4651
4652 for (; cur != NULL; cur = cur->next)
4653 if (!xmlStrcmp(cur->name, DTD_ELEM_FS))
4654 break;
4655 if (cur == NULL) {
4656 handle->zone_dh_cur = handle->zone_dh_top;
4657 return (Z_NO_ENTRY);
4658 }
4659
4660 if ((err = fetchprop(cur, DTD_ATTR_SPECIAL, tabptr->zone_fs_special,
4661 sizeof (tabptr->zone_fs_special))) != Z_OK) {
4662 handle->zone_dh_cur = handle->zone_dh_top;
4663 return (err);
4664 }
4665
4666 if ((err = fetchprop(cur, DTD_ATTR_RAW, tabptr->zone_fs_raw,
4667 sizeof (tabptr->zone_fs_raw))) != Z_OK) {
4668 handle->zone_dh_cur = handle->zone_dh_top;
4669 return (err);
4670 }
4671
4672 if ((err = fetchprop(cur, DTD_ATTR_DIR, tabptr->zone_fs_dir,
4673 sizeof (tabptr->zone_fs_dir))) != Z_OK) {
4674 handle->zone_dh_cur = handle->zone_dh_top;
4675 return (err);
4676 }
4677
4678 if ((err = fetchprop(cur, DTD_ATTR_TYPE, tabptr->zone_fs_type,
4679 sizeof (tabptr->zone_fs_type))) != Z_OK) {
4680 handle->zone_dh_cur = handle->zone_dh_top;
4681 return (err);
4682 }
4683
4684 /* OK for options to be NULL */
4685 tabptr->zone_fs_options = NULL;
4686 for (options = cur->xmlChildrenNode; options != NULL;
4687 options = options->next) {
4688 if (fetchprop(options, DTD_ATTR_NAME, options_str,
4689 sizeof (options_str)) != Z_OK)
4690 break;
4691 if (zonecfg_add_fs_option(tabptr, options_str) != Z_OK)
4692 break;
4693 }
4694
4695 handle->zone_dh_cur = cur->next;
4696 return (Z_OK);
4697 }
4698
4699 int
4700 zonecfg_endfsent(zone_dochandle_t handle)
4701 {
4702 return (zonecfg_endent(handle));
4703 }
4704
4705 int
4706 zonecfg_setnwifent(zone_dochandle_t handle)
4707 {
4708 return (zonecfg_setent(handle));
4709 }
4710
4711 int
4712 zonecfg_getnwifent(zone_dochandle_t handle, struct zone_nwiftab *tabptr)
4713 {
4714 xmlNodePtr cur;
4715 int err;
4716
4717 if (handle == NULL)
4718 return (Z_INVAL);
4719
4720 if ((cur = handle->zone_dh_cur) == NULL)
4721 return (Z_NO_ENTRY);
4722
4723 for (; cur != NULL; cur = cur->next)
4724 if (!xmlStrcmp(cur->name, DTD_ELEM_NET))
4725 break;
4726 if (cur == NULL) {
4727 handle->zone_dh_cur = handle->zone_dh_top;
4728 return (Z_NO_ENTRY);
4729 }
4730
4731 if ((err = fetchprop(cur, DTD_ATTR_ADDRESS, tabptr->zone_nwif_address,
4732 sizeof (tabptr->zone_nwif_address))) != Z_OK) {
4733 handle->zone_dh_cur = handle->zone_dh_top;
4734 return (err);
4735 }
4736
4737 if ((err = fetchprop(cur, DTD_ATTR_ALLOWED_ADDRESS,
4738 tabptr->zone_nwif_allowed_address,
4739 sizeof (tabptr->zone_nwif_allowed_address))) != Z_OK) {
4740 handle->zone_dh_cur = handle->zone_dh_top;
4741 return (err);
4742 }
4743
4744 if ((err = fetchprop(cur, DTD_ATTR_PHYSICAL, tabptr->zone_nwif_physical,
4745 sizeof (tabptr->zone_nwif_physical))) != Z_OK) {
4746 handle->zone_dh_cur = handle->zone_dh_top;
4747 return (err);
4748 }
4749
4750 if ((err = fetchprop(cur, DTD_ATTR_DEFROUTER,
4751 tabptr->zone_nwif_defrouter,
4752 sizeof (tabptr->zone_nwif_defrouter))) != Z_OK) {
4753 handle->zone_dh_cur = handle->zone_dh_top;
4754 return (err);
4755 }
4756
4757 handle->zone_dh_cur = cur->next;
4758 return (Z_OK);
4759 }
4760
4761 int
4762 zonecfg_endnwifent(zone_dochandle_t handle)
4763 {
4764 return (zonecfg_endent(handle));
4765 }
4766
4767 int
4768 zonecfg_setdevent(zone_dochandle_t handle)
4769 {
4770 return (zonecfg_setent(handle));
4771 }
4772
4773 int
4774 zonecfg_getdevent(zone_dochandle_t handle, struct zone_devtab *tabptr)
4775 {
4776 xmlNodePtr cur;
4777 int err;
4778
4779 if (handle == NULL)
4780 return (Z_INVAL);
4781
4782 if ((cur = handle->zone_dh_cur) == NULL)
4783 return (Z_NO_ENTRY);
4784
4785 for (; cur != NULL; cur = cur->next)
4786 if (!xmlStrcmp(cur->name, DTD_ELEM_DEVICE))
4787 break;
4788 if (cur == NULL) {
4789 handle->zone_dh_cur = handle->zone_dh_top;
4790 return (Z_NO_ENTRY);
4791 }
4792
4793 if ((err = fetchprop(cur, DTD_ATTR_MATCH, tabptr->zone_dev_match,
4794 sizeof (tabptr->zone_dev_match))) != Z_OK) {
4795 handle->zone_dh_cur = handle->zone_dh_top;
4796 return (err);
4797 }
4798
4799 handle->zone_dh_cur = cur->next;
4800 return (Z_OK);
4801 }
4802
4803 int
4804 zonecfg_enddevent(zone_dochandle_t handle)
4805 {
4806 return (zonecfg_endent(handle));
4807 }
4808
4809 int
4810 zonecfg_setrctlent(zone_dochandle_t handle)
4811 {
4812 return (zonecfg_setent(handle));
4813 }
4814
4815 int
4816 zonecfg_getrctlent(zone_dochandle_t handle, struct zone_rctltab *tabptr)
4817 {
4818 xmlNodePtr cur, val;
4819 struct zone_rctlvaltab *valptr;
4820 int err;
4821
4822 if (handle == NULL)
4823 return (Z_INVAL);
4824
4825 if ((cur = handle->zone_dh_cur) == NULL)
4826 return (Z_NO_ENTRY);
4827
4828 for (; cur != NULL; cur = cur->next)
4829 if (!xmlStrcmp(cur->name, DTD_ELEM_RCTL))
4830 break;
4831 if (cur == NULL) {
4832 handle->zone_dh_cur = handle->zone_dh_top;
4833 return (Z_NO_ENTRY);
4834 }
4835
4836 if ((err = fetchprop(cur, DTD_ATTR_NAME, tabptr->zone_rctl_name,
4837 sizeof (tabptr->zone_rctl_name))) != Z_OK) {
4838 handle->zone_dh_cur = handle->zone_dh_top;
4839 return (err);
4840 }
4841
4842 tabptr->zone_rctl_valptr = NULL;
4843 for (val = cur->xmlChildrenNode; val != NULL; val = val->next) {
4844 valptr = (struct zone_rctlvaltab *)malloc(
4845 sizeof (struct zone_rctlvaltab));
4846 if (valptr == NULL)
4847 return (Z_NOMEM);
4848 if (fetchprop(val, DTD_ATTR_PRIV, valptr->zone_rctlval_priv,
4849 sizeof (valptr->zone_rctlval_priv)) != Z_OK)
4850 break;
4851 if (fetchprop(val, DTD_ATTR_LIMIT, valptr->zone_rctlval_limit,
4852 sizeof (valptr->zone_rctlval_limit)) != Z_OK)
4853 break;
4854 if (fetchprop(val, DTD_ATTR_ACTION, valptr->zone_rctlval_action,
4855 sizeof (valptr->zone_rctlval_action)) != Z_OK)
4856 break;
4857 if (zonecfg_add_rctl_value(tabptr, valptr) != Z_OK)
4858 break;
4859 }
4860
4861 handle->zone_dh_cur = cur->next;
4862 return (Z_OK);
4863 }
4864
4865 int
4866 zonecfg_endrctlent(zone_dochandle_t handle)
4867 {
4868 return (zonecfg_endent(handle));
4869 }
4870
4871 int
4872 zonecfg_setattrent(zone_dochandle_t handle)
4873 {
4874 return (zonecfg_setent(handle));
4875 }
4876
4877 int
4878 zonecfg_getattrent(zone_dochandle_t handle, struct zone_attrtab *tabptr)
4879 {
4880 xmlNodePtr cur;
4881 int err;
4882
4883 if (handle == NULL)
4884 return (Z_INVAL);
4885
4886 if ((cur = handle->zone_dh_cur) == NULL)
4887 return (Z_NO_ENTRY);
4888
4889 for (; cur != NULL; cur = cur->next)
4890 if (!xmlStrcmp(cur->name, DTD_ELEM_ATTR))
4891 break;
4892 if (cur == NULL) {
4893 handle->zone_dh_cur = handle->zone_dh_top;
4894 return (Z_NO_ENTRY);
4895 }
4896
4897 if ((err = fetchprop(cur, DTD_ATTR_NAME, tabptr->zone_attr_name,
4898 sizeof (tabptr->zone_attr_name))) != Z_OK) {
4899 handle->zone_dh_cur = handle->zone_dh_top;
4900 return (err);
4901 }
4902
4903 if ((err = fetchprop(cur, DTD_ATTR_TYPE, tabptr->zone_attr_type,
4904 sizeof (tabptr->zone_attr_type))) != Z_OK) {
4905 handle->zone_dh_cur = handle->zone_dh_top;
4906 return (err);
4907 }
4908
4909 if ((err = fetchprop(cur, DTD_ATTR_VALUE, tabptr->zone_attr_value,
4910 sizeof (tabptr->zone_attr_value))) != Z_OK) {
4911 handle->zone_dh_cur = handle->zone_dh_top;
4912 return (err);
4913 }
4914
4915 handle->zone_dh_cur = cur->next;
4916 return (Z_OK);
4917 }
4918
4919 int
4920 zonecfg_endattrent(zone_dochandle_t handle)
4921 {
4922 return (zonecfg_endent(handle));
4923 }
4924
4925 int
4926 zonecfg_setadminent(zone_dochandle_t handle)
4927 {
4928 return (zonecfg_setent(handle));
4929 }
4930
4931 int
4932 zonecfg_getadminent(zone_dochandle_t handle, struct zone_admintab *tabptr)
4933 {
4934 xmlNodePtr cur;
4935 int err;
4936
4937 if (handle == NULL)
4938 return (Z_INVAL);
4939
4940 if ((cur = handle->zone_dh_cur) == NULL)
4941 return (Z_NO_ENTRY);
4942
4943 for (; cur != NULL; cur = cur->next)
4944 if (!xmlStrcmp(cur->name, DTD_ELEM_ADMIN))
4945 break;
4946 if (cur == NULL) {
4947 handle->zone_dh_cur = handle->zone_dh_top;
4948 return (Z_NO_ENTRY);
4949 }
4950
4951 if ((err = fetchprop(cur, DTD_ATTR_USER, tabptr->zone_admin_user,
4952 sizeof (tabptr->zone_admin_user))) != Z_OK) {
4953 handle->zone_dh_cur = handle->zone_dh_top;
4954 return (err);
4955 }
4956
4957
4958 if ((err = fetchprop(cur, DTD_ATTR_AUTHS, tabptr->zone_admin_auths,
4959 sizeof (tabptr->zone_admin_auths))) != Z_OK) {
4960 handle->zone_dh_cur = handle->zone_dh_top;
4961 return (err);
4962 }
4963
4964 handle->zone_dh_cur = cur->next;
4965 return (Z_OK);
4966 }
4967
4968 int
4969 zonecfg_endadminent(zone_dochandle_t handle)
4970 {
4971 return (zonecfg_endent(handle));
4972 }
4973
4974 /*
4975 * The privileges available on the system and described in privileges(5)
4976 * fall into four categories with respect to non-global zones:
4977 *
4978 * Default set of privileges considered safe for all non-global
4979 * zones. These privileges are "safe" in the sense that a
4980 * privileged process in the zone cannot affect processes in any
4981 * other zone on the system.
4982 *
4983 * Set of privileges not currently permitted within a non-global
4984 * zone. These privileges are considered by default, "unsafe,"
4985 * and include ones which affect global resources (such as the
4986 * system clock or physical memory) or are overly broad and cover
4987 * more than one mechanism in the system. In other cases, there
4988 * has not been sufficient virtualization in the parts of the
4989 * system the privilege covers to allow its use within a
4990 * non-global zone.
4991 *
4992 * Set of privileges required in order to get a zone booted and
4993 * init(1M) started. These cannot be removed from the zone's
4994 * privilege set.
4995 *
4996 * All other privileges are optional and are potentially useful for
4997 * processes executing inside a non-global zone.
4998 *
4999 * When privileges are added to the system, a determination needs to be
5000 * made as to which category the privilege belongs to. Ideally,
5001 * privileges should be fine-grained enough and the mechanisms they cover
5002 * virtualized enough so that they can be made available to non-global
5003 * zones.
5004 */
5005
5006 /*
5007 * Define some of the tokens that priv_str_to_set(3C) recognizes. Since
5008 * the privilege string separator can be any character, although it is
5009 * usually a comma character, define these here as well in the event that
5010 * they change or are augmented in the future.
5011 */
5012 #define BASIC_TOKEN "basic"
5013 #define DEFAULT_TOKEN "default"
5014 #define ZONE_TOKEN "zone"
5015 #define TOKEN_PRIV_CHAR ','
5016 #define TOKEN_PRIV_STR ","
5017
5018 typedef struct priv_node {
5019 struct priv_node *pn_next; /* Next privilege */
5020 char *pn_priv; /* Privileges name */
5021 } priv_node_t;
5022
5023 /* Privileges lists can differ across brands */
5024 typedef struct priv_lists {
5025 /* Privileges considered safe for all non-global zones of a brand */
5026 struct priv_node *pl_default;
5027
5028 /* Privileges not permitted for all non-global zones of a brand */
5029 struct priv_node *pl_prohibited;
5030
5031 /* Privileges required for all non-global zones of a brand */
5032 struct priv_node *pl_required;
5033
5034 /*
5035 * ip-type of the zone these privileges lists apply to.
5036 * It is used to pass ip-type to the callback function,
5037 * priv_lists_cb, which has no way of getting the ip-type.
5038 */
5039 const char *pl_iptype;
5040 } priv_lists_t;
5041
5042 static int
5043 priv_lists_cb(void *data, priv_iter_t *priv_iter)
5044 {
5045 priv_lists_t *plp = (priv_lists_t *)data;
5046 priv_node_t *pnp;
5047
5048 /* Skip this privilege if ip-type does not match */
5049 if ((strcmp(priv_iter->pi_iptype, "all") != 0) &&
5050 (strcmp(priv_iter->pi_iptype, plp->pl_iptype) != 0))
5051 return (0);
5052
5053 /* Allocate a new priv list node. */
5054 if ((pnp = malloc(sizeof (*pnp))) == NULL)
5055 return (-1);
5056 if ((pnp->pn_priv = strdup(priv_iter->pi_name)) == NULL) {
5057 free(pnp);
5058 return (-1);
5059 }
5060
5061 /* Insert the new priv list node into the right list */
5062 if (strcmp(priv_iter->pi_set, "default") == 0) {
5063 pnp->pn_next = plp->pl_default;
5064 plp->pl_default = pnp;
5065 } else if (strcmp(priv_iter->pi_set, "prohibited") == 0) {
5066 pnp->pn_next = plp->pl_prohibited;
5067 plp->pl_prohibited = pnp;
5068 } else if (strcmp(priv_iter->pi_set, "required") == 0) {
5069 pnp->pn_next = plp->pl_required;
5070 plp->pl_required = pnp;
5071 } else {
5072 free(pnp->pn_priv);
5073 free(pnp);
5074 return (-1);
5075 }
5076 return (0);
5077 }
5078
5079 static void
5080 priv_lists_destroy(priv_lists_t *plp)
5081 {
5082 priv_node_t *pnp;
5083
5084 assert(plp != NULL);
5085
5086 while ((pnp = plp->pl_default) != NULL) {
5087 plp->pl_default = pnp->pn_next;
5088 free(pnp->pn_priv);
5089 free(pnp);
5090 }
5091 while ((pnp = plp->pl_prohibited) != NULL) {
5092 plp->pl_prohibited = pnp->pn_next;
5093 free(pnp->pn_priv);
5094 free(pnp);
5095 }
5096 while ((pnp = plp->pl_required) != NULL) {
5097 plp->pl_required = pnp->pn_next;
5098 free(pnp->pn_priv);
5099 free(pnp);
5100 }
5101 free(plp);
5102 }
5103
5104 static int
5105 priv_lists_create(zone_dochandle_t handle, char *brand, priv_lists_t **plpp,
5106 const char *curr_iptype)
5107 {
5108 priv_lists_t *plp;
5109 brand_handle_t bh;
5110 char brand_str[MAXNAMELEN];
5111
5112 /* handle or brand must be set, but never both */
5113 assert((handle != NULL) || (brand != NULL));
5114 assert((handle == NULL) || (brand == NULL));
5115
5116 if (handle != NULL) {
5117 brand = brand_str;
5118 if (zonecfg_get_brand(handle, brand, sizeof (brand_str)) != 0)
5119 return (Z_BRAND_ERROR);
5120 }
5121
5122 if ((bh = brand_open(brand)) == NULL)
5123 return (Z_BRAND_ERROR);
5124
5125 if ((plp = calloc(1, sizeof (priv_lists_t))) == NULL) {
5126 brand_close(bh);
5127 return (Z_NOMEM);
5128 }
5129
5130 plp->pl_iptype = curr_iptype;
5131
5132 /* construct the privilege lists */
5133 if (brand_config_iter_privilege(bh, priv_lists_cb, plp) != 0) {
5134 priv_lists_destroy(plp);
5135 brand_close(bh);
5136 return (Z_BRAND_ERROR);
5137 }
5138
5139 brand_close(bh);
5140 *plpp = plp;
5141 return (Z_OK);
5142 }
5143
5144 static int
5145 get_default_privset(priv_set_t *privs, priv_lists_t *plp)
5146 {
5147 priv_node_t *pnp;
5148 priv_set_t *basic;
5149
5150 basic = priv_str_to_set(BASIC_TOKEN, TOKEN_PRIV_STR, NULL);
5151 if (basic == NULL)
5152 return (errno == ENOMEM ? Z_NOMEM : Z_INVAL);
5153
5154 priv_union(basic, privs);
5155 priv_freeset(basic);
5156
5157 for (pnp = plp->pl_default; pnp != NULL; pnp = pnp->pn_next) {
5158 if (priv_addset(privs, pnp->pn_priv) != 0)
5159 return (Z_INVAL);
5160 }
5161
5162 return (Z_OK);
5163 }
5164
5165 int
5166 zonecfg_default_brand(char *brand, size_t brandsize)
5167 {
5168 zone_dochandle_t handle;
5169 int myzoneid = getzoneid();
5170 int ret;
5171
5172 /*
5173 * If we're running within a zone, then the default brand is the
5174 * current zone's brand.
5175 */
5176 if (myzoneid != GLOBAL_ZONEID) {
5177 ret = zone_getattr(myzoneid, ZONE_ATTR_BRAND, brand, brandsize);
5178 if (ret < 0)
5179 return ((errno == EFAULT) ? Z_TOO_BIG : Z_INVAL);
5180 return (Z_OK);
5181 }
5182
5183 if ((handle = zonecfg_init_handle()) == NULL)
5184 return (Z_NOMEM);
5185 if ((ret = zonecfg_get_handle("SUNWdefault", handle)) == Z_OK) {
5186 ret = i_zonecfg_get_brand(handle, brand, brandsize, B_TRUE);
5187 zonecfg_fini_handle(handle);
5188 return (ret);
5189 }
5190 return (ret);
5191 }
5192
5193 int
5194 zonecfg_default_privset(priv_set_t *privs, const char *curr_iptype)
5195 {
5196 priv_lists_t *plp;
5197 char buf[MAXNAMELEN];
5198 int ret;
5199
5200 if ((ret = zonecfg_default_brand(buf, sizeof (buf))) != Z_OK)
5201 return (ret);
5202 if ((ret = priv_lists_create(NULL, buf, &plp, curr_iptype)) != Z_OK)
5203 return (ret);
5204 ret = get_default_privset(privs, plp);
5205 priv_lists_destroy(plp);
5206 return (ret);
5207 }
5208
5209 void
5210 append_priv_token(char *priv, char *str, size_t strlen)
5211 {
5212 if (*str != '\0')
5213 (void) strlcat(str, TOKEN_PRIV_STR, strlen);
5214 (void) strlcat(str, priv, strlen);
5215 }
5216
5217 /*
5218 * Verify that the supplied string is a valid privilege limit set for a
5219 * non-global zone. This string must not only be acceptable to
5220 * priv_str_to_set(3C) which parses it, but it also must resolve to a
5221 * privilege set that includes certain required privileges and lacks
5222 * certain prohibited privileges.
5223 */
5224 static int
5225 verify_privset(char *privbuf, priv_set_t *privs, char **privname,
5226 boolean_t add_default, priv_lists_t *plp)
5227 {
5228 priv_node_t *pnp;
5229 char *tmp, *cp, *lasts;
5230 size_t len;
5231 priv_set_t *mergeset;
5232 const char *token;
5233
5234 /*
5235 * The verification of the privilege string occurs in several
5236 * phases. In the first phase, the supplied string is scanned for
5237 * the ZONE_TOKEN token which is not support as part of the
5238 * "limitpriv" property.
5239 *
5240 * Duplicate the supplied privilege string since strtok_r(3C)
5241 * tokenizes its input by null-terminating the tokens.
5242 */
5243 if ((tmp = strdup(privbuf)) == NULL)
5244 return (Z_NOMEM);
5245 for (cp = strtok_r(tmp, TOKEN_PRIV_STR, &lasts); cp != NULL;
5246 cp = strtok_r(NULL, TOKEN_PRIV_STR, &lasts)) {
5247 if (strcmp(cp, ZONE_TOKEN) == 0) {
5248 free(tmp);
5249 if ((*privname = strdup(ZONE_TOKEN)) == NULL)
5250 return (Z_NOMEM);
5251 else
5252 return (Z_PRIV_UNKNOWN);
5253 }
5254 }
5255 free(tmp);
5256
5257 if (add_default) {
5258 /*
5259 * If DEFAULT_TOKEN was specified, a string needs to be
5260 * built containing the privileges from the default, safe
5261 * set along with those of the "limitpriv" property.
5262 */
5263 len = strlen(privbuf) + sizeof (BASIC_TOKEN) + 2;
5264
5265 for (pnp = plp->pl_default; pnp != NULL; pnp = pnp->pn_next)
5266 len += strlen(pnp->pn_priv) + 1;
5267 tmp = alloca(len);
5268 *tmp = '\0';
5269
5270 append_priv_token(BASIC_TOKEN, tmp, len);
5271 for (pnp = plp->pl_default; pnp != NULL; pnp = pnp->pn_next)
5272 append_priv_token(pnp->pn_priv, tmp, len);
5273 (void) strlcat(tmp, TOKEN_PRIV_STR, len);
5274 (void) strlcat(tmp, privbuf, len);
5275 } else {
5276 tmp = privbuf;
5277 }
5278
5279
5280 /*
5281 * In the next phase, attempt to convert the merged privilege
5282 * string into a privilege set. In the case of an error, either
5283 * there was a memory allocation failure or there was an invalid
5284 * privilege token in the string. In either case, return an
5285 * appropriate error code but in the event of an invalid token,
5286 * allocate a string containing its name and return that back to
5287 * the caller.
5288 */
5289 mergeset = priv_str_to_set(tmp, TOKEN_PRIV_STR, &token);
5290 if (mergeset == NULL) {
5291 if (token == NULL)
5292 return (Z_NOMEM);
5293 if ((cp = strchr(token, TOKEN_PRIV_CHAR)) != NULL)
5294 *cp = '\0';
5295 if ((*privname = strdup(token)) == NULL)
5296 return (Z_NOMEM);
5297 else
5298 return (Z_PRIV_UNKNOWN);
5299 }
5300
5301 /*
5302 * Next, verify that none of the prohibited zone privileges are
5303 * present in the merged privilege set.
5304 */
5305 for (pnp = plp->pl_prohibited; pnp != NULL; pnp = pnp->pn_next) {
5306 if (priv_ismember(mergeset, pnp->pn_priv)) {
5307 priv_freeset(mergeset);
5308 if ((*privname = strdup(pnp->pn_priv)) == NULL)
5309 return (Z_NOMEM);
5310 else
5311 return (Z_PRIV_PROHIBITED);
5312 }
5313 }
5314
5315 /*
5316 * Finally, verify that all of the required zone privileges are
5317 * present in the merged privilege set.
5318 */
5319 for (pnp = plp->pl_required; pnp != NULL; pnp = pnp->pn_next) {
5320 if (!priv_ismember(mergeset, pnp->pn_priv)) {
5321 priv_freeset(mergeset);
5322 if ((*privname = strdup(pnp->pn_priv)) == NULL)
5323 return (Z_NOMEM);
5324 else
5325 return (Z_PRIV_REQUIRED);
5326 }
5327 }
5328
5329 priv_copyset(mergeset, privs);
5330 priv_freeset(mergeset);
5331 return (Z_OK);
5332 }
5333
5334 /*
5335 * Fill in the supplied privilege set with either the default, safe set of
5336 * privileges suitable for a non-global zone, or one based on the
5337 * "limitpriv" property in the zone's configuration.
5338 *
5339 * In the event of an invalid privilege specification in the
5340 * configuration, a string is allocated and returned containing the
5341 * "privilege" causing the issue. It is the caller's responsibility to
5342 * free this memory when it is done with it.
5343 */
5344 int
5345 zonecfg_get_privset(zone_dochandle_t handle, priv_set_t *privs,
5346 char **privname)
5347 {
5348 priv_lists_t *plp;
5349 char *cp, *limitpriv = NULL;
5350 int err, limitlen;
5351 zone_iptype_t iptype;
5352 const char *curr_iptype;
5353
5354 /*
5355 * Attempt to lookup the "limitpriv" property. If it does not
5356 * exist or matches the string DEFAULT_TOKEN exactly, then the
5357 * default, safe privilege set is returned.
5358 */
5359 if ((err = zonecfg_get_limitpriv(handle, &limitpriv)) != Z_OK)
5360 return (err);
5361
5362 if ((err = zonecfg_get_iptype(handle, &iptype)) != Z_OK)
5363 return (err);
5364
5365 switch (iptype) {
5366 case ZS_SHARED:
5367 curr_iptype = "shared";
5368 break;
5369 case ZS_EXCLUSIVE:
5370 curr_iptype = "exclusive";
5371 break;
5372 }
5373
5374 if ((err = priv_lists_create(handle, NULL, &plp, curr_iptype)) != Z_OK)
5375 return (err);
5376
5377 limitlen = strlen(limitpriv);
5378 if (limitlen == 0 || strcmp(limitpriv, DEFAULT_TOKEN) == 0) {
5379 free(limitpriv);
5380 err = get_default_privset(privs, plp);
5381 priv_lists_destroy(plp);
5382 return (err);
5383 }
5384
5385 /*
5386 * Check if the string DEFAULT_TOKEN is the first token in a list
5387 * of privileges.
5388 */
5389 cp = strchr(limitpriv, TOKEN_PRIV_CHAR);
5390 if (cp != NULL &&
5391 strncmp(limitpriv, DEFAULT_TOKEN, cp - limitpriv) == 0)
5392 err = verify_privset(cp + 1, privs, privname, B_TRUE, plp);
5393 else
5394 err = verify_privset(limitpriv, privs, privname, B_FALSE, plp);
5395
5396 free(limitpriv);
5397 priv_lists_destroy(plp);
5398 return (err);
5399 }
5400
5401 int
5402 zone_get_zonepath(char *zone_name, char *zonepath, size_t rp_sz)
5403 {
5404 zone_dochandle_t handle;
5405 boolean_t found = B_FALSE;
5406 struct zoneent *ze;
5407 FILE *cookie;
5408 int err;
5409 char *cp;
5410
5411 if (zone_name == NULL)
5412 return (Z_INVAL);
5413
5414 (void) strlcpy(zonepath, zonecfg_root, rp_sz);
5415 cp = zonepath + strlen(zonepath);
5416 while (cp > zonepath && cp[-1] == '/')
5417 *--cp = '\0';
5418
5419 if (strcmp(zone_name, GLOBAL_ZONENAME) == 0) {
5420 if (zonepath[0] == '\0')
5421 (void) strlcpy(zonepath, "/", rp_sz);
5422 return (Z_OK);
5423 }
5424
5425 /*
5426 * First check the index file. Because older versions did not have
5427 * a copy of the zone path, allow for it to be zero length, in which
5428 * case we ignore this result and fall back to the XML files.
5429 */
5430 cookie = setzoneent();
5431 while ((ze = getzoneent_private(cookie)) != NULL) {
5432 if (strcmp(ze->zone_name, zone_name) == 0) {
5433 found = B_TRUE;
5434 if (ze->zone_path[0] != '\0')
5435 (void) strlcpy(cp, ze->zone_path,
5436 rp_sz - (cp - zonepath));
5437 }
5438 free(ze);
5439 if (found)
5440 break;
5441 }
5442 endzoneent(cookie);
5443 if (found && *cp != '\0')
5444 return (Z_OK);
5445
5446 /* Fall back to the XML files. */
5447 if ((handle = zonecfg_init_handle()) == NULL)
5448 return (Z_NOMEM);
5449
5450 /*
5451 * Check the snapshot first: if a zone is running, its zonepath
5452 * may have changed.
5453 */
5454 if (zonecfg_get_snapshot_handle(zone_name, handle) != Z_OK) {
5455 if ((err = zonecfg_get_handle(zone_name, handle)) != Z_OK) {
5456 zonecfg_fini_handle(handle);
5457 return (err);
5458 }
5459 }
5460 err = zonecfg_get_zonepath(handle, zonepath, rp_sz);
5461 zonecfg_fini_handle(handle);
5462 return (err);
5463 }
5464
5465 int
5466 zone_get_rootpath(char *zone_name, char *rootpath, size_t rp_sz)
5467 {
5468 int err;
5469
5470 /* This function makes sense for non-global zones only. */
5471 if (strcmp(zone_name, GLOBAL_ZONENAME) == 0)
5472 return (Z_BOGUS_ZONE_NAME);
5473 if ((err = zone_get_zonepath(zone_name, rootpath, rp_sz)) != Z_OK)
5474 return (err);
5475 if (strlcat(rootpath, "/root", rp_sz) >= rp_sz)
5476 return (Z_TOO_BIG);
5477 return (Z_OK);
5478 }
5479
5480 int
5481 zone_get_brand(char *zone_name, char *brandname, size_t rp_sz)
5482 {
5483 int err;
5484 zone_dochandle_t handle;
5485 char myzone[MAXNAMELEN];
5486 int myzoneid = getzoneid();
5487
5488 /*
5489 * If we are not in the global zone, then we don't have the zone
5490 * .xml files with the brand name available. Thus, we are going to
5491 * have to ask the kernel for the information.
5492 */
5493 if (myzoneid != GLOBAL_ZONEID) {
5494 if (is_system_labeled()) {
5495 (void) strlcpy(brandname, NATIVE_BRAND_NAME, rp_sz);
5496 return (Z_OK);
5497 }
5498 if (zone_getattr(myzoneid, ZONE_ATTR_NAME, myzone,
5499 sizeof (myzone)) < 0)
5500 return (Z_NO_ZONE);
5501 if (!zonecfg_is_scratch(myzone)) {
5502 if (strncmp(zone_name, myzone, MAXNAMELEN) != 0)
5503 return (Z_NO_ZONE);
5504 }
5505 err = zone_getattr(myzoneid, ZONE_ATTR_BRAND, brandname, rp_sz);
5506 if (err < 0)
5507 return ((errno == EFAULT) ? Z_TOO_BIG : Z_INVAL);
5508
5509 return (Z_OK);
5510 }
5511
5512 if (strcmp(zone_name, "global") == 0)
5513 return (zonecfg_default_brand(brandname, rp_sz));
5514
5515 if ((handle = zonecfg_init_handle()) == NULL)
5516 return (Z_NOMEM);
5517
5518 err = zonecfg_get_handle((char *)zone_name, handle);
5519 if (err == Z_OK)
5520 err = zonecfg_get_brand(handle, brandname, rp_sz);
5521
5522 zonecfg_fini_handle(handle);
5523 return (err);
5524 }
5525
5526 /*
5527 * Return the appropriate root for the active /dev.
5528 * For normal zone, the path is $ZONEPATH/root;
5529 * for scratch zone, the dev path is $ZONEPATH/lu.
5530 */
5531 int
5532 zone_get_devroot(char *zone_name, char *devroot, size_t rp_sz)
5533 {
5534 int err;
5535 char *suffix;
5536 zone_state_t state;
5537
5538 /* This function makes sense for non-global zones only. */
5539 if (strcmp(zone_name, GLOBAL_ZONENAME) == 0)
5540 return (Z_BOGUS_ZONE_NAME);
5541 if ((err = zone_get_zonepath(zone_name, devroot, rp_sz)) != Z_OK)
5542 return (err);
5543
5544 if (zone_get_state(zone_name, &state) == Z_OK &&
5545 state == ZONE_STATE_MOUNTED)
5546 suffix = "/lu";
5547 else
5548 suffix = "/root";
5549 if (strlcat(devroot, suffix, rp_sz) >= rp_sz)
5550 return (Z_TOO_BIG);
5551 return (Z_OK);
5552 }
5553
5554 static zone_state_t
5555 kernel_state_to_user_state(zoneid_t zoneid, zone_status_t kernel_state)
5556 {
5557 char zoneroot[MAXPATHLEN];
5558 size_t zlen;
5559
5560 assert(kernel_state <= ZONE_MAX_STATE);
5561 switch (kernel_state) {
5562 case ZONE_IS_UNINITIALIZED:
5563 case ZONE_IS_INITIALIZED:
5564 /* The kernel will not return these two states */
5565 return (ZONE_STATE_READY);
5566 case ZONE_IS_READY:
5567 /*
5568 * If the zone's root is mounted on $ZONEPATH/lu, then
5569 * it's a mounted scratch zone.
5570 */
5571 if (zone_getattr(zoneid, ZONE_ATTR_ROOT, zoneroot,
5572 sizeof (zoneroot)) >= 0) {
5573 zlen = strlen(zoneroot);
5574 if (zlen > 3 &&
5575 strcmp(zoneroot + zlen - 3, "/lu") == 0)
5576 return (ZONE_STATE_MOUNTED);
5577 }
5578 return (ZONE_STATE_READY);
5579 case ZONE_IS_BOOTING:
5580 case ZONE_IS_RUNNING:
5581 return (ZONE_STATE_RUNNING);
5582 case ZONE_IS_SHUTTING_DOWN:
5583 case ZONE_IS_EMPTY:
5584 return (ZONE_STATE_SHUTTING_DOWN);
5585 case ZONE_IS_DOWN:
5586 case ZONE_IS_DYING:
5587 case ZONE_IS_DEAD:
5588 default:
5589 return (ZONE_STATE_DOWN);
5590 }
5591 /* NOTREACHED */
5592 }
5593
5594 int
5595 zone_get_state(char *zone_name, zone_state_t *state_num)
5596 {
5597 zone_status_t status;
5598 zoneid_t zone_id;
5599 struct zoneent *ze;
5600 boolean_t found = B_FALSE;
5601 FILE *cookie;
5602 char kernzone[ZONENAME_MAX];
5603 FILE *fp;
5604
5605 if (zone_name == NULL)
5606 return (Z_INVAL);
5607
5608 /*
5609 * If we're looking at an alternate root, then we need to query the
5610 * kernel using the scratch zone name.
5611 */
5612 zone_id = -1;
5613 if (*zonecfg_root != '\0' && !zonecfg_is_scratch(zone_name)) {
5614 if ((fp = zonecfg_open_scratch("", B_FALSE)) != NULL) {
5615 if (zonecfg_find_scratch(fp, zone_name, zonecfg_root,
5616 kernzone, sizeof (kernzone)) == 0)
5617 zone_id = getzoneidbyname(kernzone);
5618 zonecfg_close_scratch(fp);
5619 }
5620 } else {
5621 zone_id = getzoneidbyname(zone_name);
5622 }
5623
5624 /* check to see if zone is running */
5625 if (zone_id != -1 &&
5626 zone_getattr(zone_id, ZONE_ATTR_STATUS, &status,
5627 sizeof (status)) >= 0) {
5628 *state_num = kernel_state_to_user_state(zone_id, status);
5629 return (Z_OK);
5630 }
5631
5632 cookie = setzoneent();
5633 while ((ze = getzoneent_private(cookie)) != NULL) {
5634 if (strcmp(ze->zone_name, zone_name) == 0) {
5635 found = B_TRUE;
5636 *state_num = ze->zone_state;
5637 }
5638 free(ze);
5639 if (found)
5640 break;
5641 }
5642 endzoneent(cookie);
5643 return ((found) ? Z_OK : Z_NO_ZONE);
5644 }
5645
5646 int
5647 zone_set_state(char *zone, zone_state_t state)
5648 {
5649 struct zoneent ze;
5650
5651 if (state != ZONE_STATE_CONFIGURED && state != ZONE_STATE_INSTALLED &&
5652 state != ZONE_STATE_INCOMPLETE)
5653 return (Z_INVAL);
5654
5655 bzero(&ze, sizeof (ze));
5656 (void) strlcpy(ze.zone_name, zone, sizeof (ze.zone_name));
5657 ze.zone_state = state;
5658 (void) strlcpy(ze.zone_path, "", sizeof (ze.zone_path));
5659 return (putzoneent(&ze, PZE_MODIFY));
5660 }
5661
5662 /*
5663 * Get id (if any) for specified zone. There are four possible outcomes:
5664 * - If the string corresponds to the numeric id of an active (booted)
5665 * zone, sets *zip to the zone id and returns 0.
5666 * - If the string corresponds to the name of an active (booted) zone,
5667 * sets *zip to the zone id and returns 0.
5668 * - If the string is a name in the configuration but is not booted,
5669 * sets *zip to ZONE_ID_UNDEFINED and returns 0.
5670 * - Otherwise, leaves *zip unchanged and returns -1.
5671 *
5672 * This function acts as an auxiliary filter on the function of the same
5673 * name in libc; the linker binds to this version if libzonecfg exists,
5674 * and the libc version if it doesn't. Any changes to this version of
5675 * the function should probably be reflected in the libc version as well.
5676 */
5677 int
5678 zone_get_id(const char *str, zoneid_t *zip)
5679 {
5680 zone_dochandle_t hdl;
5681 zoneid_t zoneid;
5682 char *cp;
5683 int err;
5684
5685 /* first try looking for active zone by id */
5686 errno = 0;
5687 zoneid = (zoneid_t)strtol(str, &cp, 0);
5688 if (errno == 0 && cp != str && *cp == '\0' &&
5689 getzonenamebyid(zoneid, NULL, 0) != -1) {
5690 *zip = zoneid;
5691 return (0);
5692 }
5693
5694 /* then look for active zone by name */
5695 if ((zoneid = getzoneidbyname(str)) != -1) {
5696 *zip = zoneid;
5697 return (0);
5698 }
5699
5700 /* if in global zone, try looking up name in configuration database */
5701 if (getzoneid() != GLOBAL_ZONEID ||
5702 (hdl = zonecfg_init_handle()) == NULL)
5703 return (-1);
5704
5705 if (zonecfg_get_handle(str, hdl) == Z_OK) {
5706 /* zone exists but isn't active */
5707 *zip = ZONE_ID_UNDEFINED;
5708 err = 0;
5709 } else {
5710 err = -1;
5711 }
5712
5713 zonecfg_fini_handle(hdl);
5714 return (err);
5715 }
5716
5717 char *
5718 zone_state_str(zone_state_t state_num)
5719 {
5720 switch (state_num) {
5721 case ZONE_STATE_CONFIGURED:
5722 return (ZONE_STATE_STR_CONFIGURED);
5723 case ZONE_STATE_INCOMPLETE:
5724 return (ZONE_STATE_STR_INCOMPLETE);
5725 case ZONE_STATE_INSTALLED:
5726 return (ZONE_STATE_STR_INSTALLED);
5727 case ZONE_STATE_READY:
5728 return (ZONE_STATE_STR_READY);
5729 case ZONE_STATE_MOUNTED:
5730 return (ZONE_STATE_STR_MOUNTED);
5731 case ZONE_STATE_RUNNING:
5732 return (ZONE_STATE_STR_RUNNING);
5733 case ZONE_STATE_SHUTTING_DOWN:
5734 return (ZONE_STATE_STR_SHUTTING_DOWN);
5735 case ZONE_STATE_DOWN:
5736 return (ZONE_STATE_STR_DOWN);
5737 default:
5738 return ("unknown");
5739 }
5740 }
5741
5742 /*
5743 * Given a UUID value, find an associated zone name. This is intended to be
5744 * used by callers who set up some 'default' name (corresponding to the
5745 * expected name for the zone) in the zonename buffer, and thus the function
5746 * doesn't touch this buffer on failure.
5747 */
5748 int
5749 zonecfg_get_name_by_uuid(const uuid_t uuidin, char *zonename, size_t namelen)
5750 {
5751 FILE *fp;
5752 struct zoneent *ze;
5753 uchar_t *uuid;
5754
5755 /*
5756 * A small amount of subterfuge via casts is necessary here because
5757 * libuuid doesn't use const correctly, but we don't want to export
5758 * this brokenness to our clients.
5759 */
5760 uuid = (uchar_t *)uuidin;
5761 if (uuid_is_null(uuid))
5762 return (Z_NO_ZONE);
5763 if ((fp = setzoneent()) == NULL)
5764 return (Z_NO_ZONE);
5765 while ((ze = getzoneent_private(fp)) != NULL) {
5766 if (uuid_compare(uuid, ze->zone_uuid) == 0)
5767 break;
5768 free(ze);
5769 }
5770 endzoneent(fp);
5771 if (ze != NULL) {
5772 (void) strlcpy(zonename, ze->zone_name, namelen);
5773 free(ze);
5774 return (Z_OK);
5775 } else {
5776 return (Z_NO_ZONE);
5777 }
5778 }
5779
5780 /*
5781 * Given a zone name, get its UUID. Returns a "NULL" UUID value if the zone
5782 * exists but the file doesn't have a value set yet. Returns an error if the
5783 * zone cannot be located.
5784 */
5785 int
5786 zonecfg_get_uuid(const char *zonename, uuid_t uuid)
5787 {
5788 FILE *fp;
5789 struct zoneent *ze;
5790
5791 if ((fp = setzoneent()) == NULL)
5792 return (Z_NO_ZONE);
5793 while ((ze = getzoneent_private(fp)) != NULL) {
5794 if (strcmp(ze->zone_name, zonename) == 0)
5795 break;
5796 free(ze);
5797 }
5798 endzoneent(fp);
5799 if (ze != NULL) {
5800 uuid_copy(uuid, ze->zone_uuid);
5801 free(ze);
5802 return (Z_OK);
5803 } else {
5804 return (Z_NO_ZONE);
5805 }
5806 }
5807
5808 /*
5809 * File-system convenience functions.
5810 */
5811 boolean_t
5812 zonecfg_valid_fs_type(const char *type)
5813 {
5814 /*
5815 * We already know which FS types don't work.
5816 */
5817 if (strcmp(type, "proc") == 0 ||
5818 strcmp(type, "mntfs") == 0 ||
5819 strcmp(type, "autofs") == 0 ||
5820 strncmp(type, "nfs", sizeof ("nfs") - 1) == 0 ||
5821 strcmp(type, "cachefs") == 0)
5822 return (B_FALSE);
5823 /*
5824 * The caller may do more detailed verification to make sure other
5825 * aspects of this filesystem type make sense.
5826 */
5827 return (B_TRUE);
5828 }
5829
5830 /*
5831 * Generally uninteresting rctl convenience functions.
5832 */
5833
5834 int
5835 zonecfg_construct_rctlblk(const struct zone_rctlvaltab *rctlval,
5836 rctlblk_t *rctlblk)
5837 {
5838 unsigned long long ull;
5839 char *endp;
5840 rctl_priv_t priv;
5841 rctl_qty_t limit;
5842 uint_t action;
5843
5844 /* Get the privilege */
5845 if (strcmp(rctlval->zone_rctlval_priv, "basic") == 0) {
5846 priv = RCPRIV_BASIC;
5847 } else if (strcmp(rctlval->zone_rctlval_priv, "privileged") == 0) {
5848 priv = RCPRIV_PRIVILEGED;
5849 } else {
5850 /* Invalid privilege */
5851 return (Z_INVAL);
5852 }
5853
5854 /* deal with negative input; strtoull(3c) doesn't do what we want */
5855 if (rctlval->zone_rctlval_limit[0] == '-')
5856 return (Z_INVAL);
5857 /* Get the limit */
5858 errno = 0;
5859 ull = strtoull(rctlval->zone_rctlval_limit, &endp, 0);
5860 if (errno != 0 || *endp != '\0') {
5861 /* parse failed */
5862 return (Z_INVAL);
5863 }
5864 limit = (rctl_qty_t)ull;
5865
5866 /* Get the action */
5867 if (strcmp(rctlval->zone_rctlval_action, "none") == 0) {
5868 action = RCTL_LOCAL_NOACTION;
5869 } else if (strcmp(rctlval->zone_rctlval_action, "signal") == 0) {
5870 action = RCTL_LOCAL_SIGNAL;
5871 } else if (strcmp(rctlval->zone_rctlval_action, "deny") == 0) {
5872 action = RCTL_LOCAL_DENY;
5873 } else {
5874 /* Invalid Action */
5875 return (Z_INVAL);
5876 }
5877 rctlblk_set_local_action(rctlblk, action, 0);
5878 rctlblk_set_privilege(rctlblk, priv);
5879 rctlblk_set_value(rctlblk, limit);
5880 return (Z_OK);
5881 }
5882
5883 static int
5884 rctl_check(const char *rctlname, void *arg)
5885 {
5886 const char *attrname = arg;
5887
5888 /*
5889 * Returning 1 here is our signal to zonecfg_is_rctl() that it is
5890 * indeed an rctl name recognized by the system.
5891 */
5892 return (strcmp(rctlname, attrname) == 0 ? 1 : 0);
5893 }
5894
5895 boolean_t
5896 zonecfg_is_rctl(const char *name)
5897 {
5898 return (rctl_walk(rctl_check, (void *)name) == 1);
5899 }
5900
5901 boolean_t
5902 zonecfg_valid_rctlname(const char *name)
5903 {
5904 const char *c;
5905
5906 if (strncmp(name, "zone.", sizeof ("zone.") - 1) != 0)
5907 return (B_FALSE);
5908 if (strlen(name) == sizeof ("zone.") - 1)
5909 return (B_FALSE);
5910 for (c = name + sizeof ("zone.") - 1; *c != '\0'; c++) {
5911 if (!isalpha(*c) && *c != '-')
5912 return (B_FALSE);
5913 }
5914 return (B_TRUE);
5915 }
5916
5917 boolean_t
5918 zonecfg_valid_rctlblk(const rctlblk_t *rctlblk)
5919 {
5920 rctl_priv_t priv = rctlblk_get_privilege((rctlblk_t *)rctlblk);
5921 uint_t action = rctlblk_get_local_action((rctlblk_t *)rctlblk, NULL);
5922
5923 if (priv != RCPRIV_PRIVILEGED)
5924 return (B_FALSE);
5925 if (action != RCTL_LOCAL_NOACTION && action != RCTL_LOCAL_DENY)
5926 return (B_FALSE);
5927 return (B_TRUE);
5928 }
5929
5930 boolean_t
5931 zonecfg_valid_rctl(const char *name, const rctlblk_t *rctlblk)
5932 {
5933 rctlblk_t *current, *next;
5934 rctl_qty_t limit = rctlblk_get_value((rctlblk_t *)rctlblk);
5935 uint_t action = rctlblk_get_local_action((rctlblk_t *)rctlblk, NULL);
5936 uint_t global_flags;
5937
5938 if (!zonecfg_valid_rctlblk(rctlblk))
5939 return (B_FALSE);
5940 if (!zonecfg_valid_rctlname(name))
5941 return (B_FALSE);
5942
5943 current = alloca(rctlblk_size());
5944 if (getrctl(name, NULL, current, RCTL_FIRST) != 0)
5945 return (B_TRUE); /* not an rctl on this system */
5946 /*
5947 * Make sure the proposed value isn't greater than the current system
5948 * value.
5949 */
5950 next = alloca(rctlblk_size());
5951 while (rctlblk_get_privilege(current) != RCPRIV_SYSTEM) {
5952 rctlblk_t *tmp;
5953
5954 if (getrctl(name, current, next, RCTL_NEXT) != 0)
5955 return (B_FALSE); /* shouldn't happen */
5956 tmp = current;
5957 current = next;
5958 next = tmp;
5959 }
5960 if (limit > rctlblk_get_value(current))
5961 return (B_FALSE);
5962
5963 /*
5964 * Make sure the proposed action is allowed.
5965 */
5966 global_flags = rctlblk_get_global_flags(current);
5967 if ((global_flags & RCTL_GLOBAL_DENY_NEVER) &&
5968 action == RCTL_LOCAL_DENY)
5969 return (B_FALSE);
5970 if ((global_flags & RCTL_GLOBAL_DENY_ALWAYS) &&
5971 action == RCTL_LOCAL_NOACTION)
5972 return (B_FALSE);
5973
5974 return (B_TRUE);
5975 }
5976
5977 /*
5978 * There is always a race condition between reading the initial copy of
5979 * a zones state and its state changing. We address this by providing
5980 * zonecfg_notify_critical_enter and zonecfg_noticy_critical_exit functions.
5981 * When zonecfg_critical_enter is called, sets the state field to LOCKED
5982 * and aquires biglock. Biglock protects against other threads executing
5983 * critical_enter and the state field protects against state changes during
5984 * the critical period.
5985 *
5986 * If any state changes occur, zn_cb will set the failed field of the znotify
5987 * structure. This will cause the critical_exit function to re-lock the
5988 * channel and return an error. Since evsnts may be delayed, the critical_exit
5989 * function "flushes" the queue by putting an event on the queue and waiting for
5990 * zn_cb to notify critical_exit that it received the ping event.
5991 */
5992 static const char *
5993 string_get_tok(const char *in, char delim, int num)
5994 {
5995 int i = 0;
5996
5997 for (; i < num; in++) {
5998 if (*in == delim)
5999 i++;
6000 if (*in == 0)
6001 return (NULL);
6002 }
6003 return (in);
6004 }
6005
6006 static boolean_t
6007 is_ping(sysevent_t *ev)
6008 {
6009 if (strcmp(sysevent_get_subclass_name(ev),
6010 ZONE_EVENT_PING_SUBCLASS) == 0) {
6011 return (B_TRUE);
6012 } else {
6013 return (B_FALSE);
6014 }
6015 }
6016
6017 static boolean_t
6018 is_my_ping(sysevent_t *ev)
6019 {
6020 const char *sender;
6021 char mypid[sizeof (pid_t) * 3 + 1];
6022
6023 (void) snprintf(mypid, sizeof (mypid), "%i", getpid());
6024 sender = string_get_tok(sysevent_get_pub(ev), ':', 3);
6025 if (sender == NULL)
6026 return (B_FALSE);
6027 if (strcmp(sender, mypid) != 0)
6028 return (B_FALSE);
6029 return (B_TRUE);
6030 }
6031
6032 static int
6033 do_callback(struct znotify *zevtchan, sysevent_t *ev)
6034 {
6035 nvlist_t *l;
6036 int zid;
6037 char *zonename;
6038 char *newstate;
6039 char *oldstate;
6040 int ret;
6041 hrtime_t when;
6042
6043 if (strcmp(sysevent_get_subclass_name(ev),
6044 ZONE_EVENT_STATUS_SUBCLASS) == 0) {
6045
6046 if (sysevent_get_attr_list(ev, &l) != 0) {
6047 if (errno == ENOMEM) {
6048 zevtchan->zn_failure_count++;
6049 return (EAGAIN);
6050 }
6051 return (0);
6052 }
6053 ret = 0;
6054
6055 if ((nvlist_lookup_string(l, ZONE_CB_NAME, &zonename) == 0) &&
6056 (nvlist_lookup_string(l, ZONE_CB_NEWSTATE, &newstate)
6057 == 0) &&
6058 (nvlist_lookup_string(l, ZONE_CB_OLDSTATE, &oldstate)
6059 == 0) &&
6060 (nvlist_lookup_uint64(l, ZONE_CB_TIMESTAMP,
6061 (uint64_t *)&when) == 0) &&
6062 (nvlist_lookup_int32(l, ZONE_CB_ZONEID, &zid) == 0)) {
6063 ret = zevtchan->zn_callback(zonename, zid, newstate,
6064 oldstate, when, zevtchan->zn_private);
6065 }
6066
6067 zevtchan->zn_failure_count = 0;
6068 nvlist_free(l);
6069 return (ret);
6070 } else {
6071 /*
6072 * We have received an event in an unknown subclass. Ignore.
6073 */
6074 zevtchan->zn_failure_count = 0;
6075 return (0);
6076 }
6077 }
6078
6079 static int
6080 zn_cb(sysevent_t *ev, void *p)
6081 {
6082 struct znotify *zevtchan = p;
6083 int error;
6084
6085 (void) pthread_mutex_lock(&(zevtchan->zn_mutex));
6086
6087 if (is_ping(ev) && !is_my_ping(ev)) {
6088 (void) pthread_mutex_unlock((&zevtchan->zn_mutex));
6089 return (0);
6090 }
6091
6092 if (zevtchan->zn_state == ZN_LOCKED) {
6093 assert(!is_ping(ev));
6094 zevtchan->zn_failed = B_TRUE;
6095 (void) pthread_mutex_unlock(&(zevtchan->zn_mutex));
6096 return (0);
6097 }
6098
6099 if (zevtchan->zn_state == ZN_PING_INFLIGHT) {
6100 if (is_ping(ev)) {
6101 zevtchan->zn_state = ZN_PING_RECEIVED;
6102 (void) pthread_cond_signal(&(zevtchan->zn_cond));
6103 (void) pthread_mutex_unlock(&(zevtchan->zn_mutex));
6104 return (0);
6105 } else {
6106 zevtchan->zn_failed = B_TRUE;
6107 (void) pthread_mutex_unlock(&(zevtchan->zn_mutex));
6108 return (0);
6109 }
6110 }
6111
6112 if (zevtchan->zn_state == ZN_UNLOCKED) {
6113
6114 error = do_callback(zevtchan, ev);
6115 (void) pthread_mutex_unlock(&(zevtchan->zn_mutex));
6116 /*
6117 * Every ENOMEM failure causes do_callback to increment
6118 * zn_failure_count and every success causes it to
6119 * set zn_failure_count to zero. If we got EAGAIN,
6120 * we will sleep for zn_failure_count seconds and return
6121 * EAGAIN to gpec to try again.
6122 *
6123 * After 55 seconds, or 10 try's we give up and drop the
6124 * event.
6125 */
6126 if (error == EAGAIN) {
6127 if (zevtchan->zn_failure_count > ZONE_CB_RETRY_COUNT) {
6128 return (0);
6129 }
6130 (void) sleep(zevtchan->zn_failure_count);
6131 }
6132 return (error);
6133 }
6134
6135 if (zevtchan->zn_state == ZN_PING_RECEIVED) {
6136 (void) pthread_mutex_unlock(&(zevtchan->zn_mutex));
6137 return (0);
6138 }
6139
6140 abort();
6141 return (0);
6142 }
6143
6144 void
6145 zonecfg_notify_critical_enter(void *h)
6146 {
6147 struct znotify *zevtchan = h;
6148
6149 (void) pthread_mutex_lock(&(zevtchan->zn_bigmutex));
6150 zevtchan->zn_state = ZN_LOCKED;
6151 }
6152
6153 int
6154 zonecfg_notify_critical_exit(void * h)
6155 {
6156
6157 struct znotify *zevtchan = h;
6158
6159 if (zevtchan->zn_state == ZN_UNLOCKED)
6160 return (0);
6161
6162 (void) pthread_mutex_lock(&(zevtchan->zn_mutex));
6163 zevtchan->zn_state = ZN_PING_INFLIGHT;
6164
6165 (void) sysevent_evc_publish(zevtchan->zn_eventchan,
6166 ZONE_EVENT_STATUS_CLASS,
6167 ZONE_EVENT_PING_SUBCLASS, ZONE_EVENT_PING_PUBLISHER,
6168 zevtchan->zn_subscriber_id, NULL, EVCH_SLEEP);
6169
6170 while (zevtchan->zn_state != ZN_PING_RECEIVED) {
6171 (void) pthread_cond_wait(&(zevtchan->zn_cond),
6172 &(zevtchan->zn_mutex));
6173 }
6174
6175 if (zevtchan->zn_failed == B_TRUE) {
6176 zevtchan->zn_state = ZN_LOCKED;
6177 zevtchan->zn_failed = B_FALSE;
6178 (void) pthread_mutex_unlock(&(zevtchan->zn_mutex));
6179 return (1);
6180 }
6181
6182 zevtchan->zn_state = ZN_UNLOCKED;
6183 (void) pthread_mutex_unlock(&(zevtchan->zn_mutex));
6184 (void) pthread_mutex_unlock(&(zevtchan->zn_bigmutex));
6185 return (0);
6186 }
6187
6188 void
6189 zonecfg_notify_critical_abort(void *h)
6190 {
6191 struct znotify *zevtchan = h;
6192
6193 zevtchan->zn_state = ZN_UNLOCKED;
6194 zevtchan->zn_failed = B_FALSE;
6195 /*
6196 * Don't do anything about zn_lock. If it is held, it could only be
6197 * held by zn_cb and it will be unlocked soon.
6198 */
6199 (void) pthread_mutex_unlock(&(zevtchan->zn_bigmutex));
6200 }
6201
6202 void *
6203 zonecfg_notify_bind(int(*func)(const char *zonename, zoneid_t zid,
6204 const char *newstate, const char *oldstate, hrtime_t when, void *p),
6205 void *p)
6206 {
6207 struct znotify *zevtchan;
6208 int i = 1;
6209 int r;
6210
6211 zevtchan = malloc(sizeof (struct znotify));
6212
6213 if (zevtchan == NULL)
6214 return (NULL);
6215
6216 zevtchan->zn_private = p;
6217 zevtchan->zn_callback = func;
6218 zevtchan->zn_state = ZN_UNLOCKED;
6219 zevtchan->zn_failed = B_FALSE;
6220
6221 if (pthread_mutex_init(&(zevtchan->zn_mutex), NULL))
6222 goto out3;
6223 if (pthread_cond_init(&(zevtchan->zn_cond), NULL)) {
6224 (void) pthread_mutex_destroy(&(zevtchan->zn_mutex));
6225 goto out3;
6226 }
6227 if (pthread_mutex_init(&(zevtchan->zn_bigmutex), NULL)) {
6228 (void) pthread_mutex_destroy(&(zevtchan->zn_mutex));
6229 (void) pthread_cond_destroy(&(zevtchan->zn_cond));
6230 goto out3;
6231 }
6232
6233 if (sysevent_evc_bind(ZONE_EVENT_CHANNEL, &(zevtchan->zn_eventchan),
6234 0) != 0)
6235 goto out2;
6236
6237 do {
6238 /*
6239 * At 4 digits the subscriber ID gets too long and we have
6240 * no chance of successfully registering.
6241 */
6242 if (i > 999)
6243 goto out1;
6244
6245 (void) sprintf(zevtchan->zn_subscriber_id, "zone_%li_%i",
6246 getpid() % 999999l, i);
6247
6248 r = sysevent_evc_subscribe(zevtchan->zn_eventchan,
6249 zevtchan->zn_subscriber_id, ZONE_EVENT_STATUS_CLASS, zn_cb,
6250 zevtchan, 0);
6251
6252 i++;
6253
6254 } while (r);
6255
6256 return (zevtchan);
6257 out1:
6258 (void) sysevent_evc_unbind(zevtchan->zn_eventchan);
6259 out2:
6260 (void) pthread_mutex_destroy(&zevtchan->zn_mutex);
6261 (void) pthread_cond_destroy(&zevtchan->zn_cond);
6262 (void) pthread_mutex_destroy(&(zevtchan->zn_bigmutex));
6263 out3:
6264 free(zevtchan);
6265
6266 return (NULL);
6267 }
6268
6269 void
6270 zonecfg_notify_unbind(void *handle)
6271 {
6272
6273 int ret;
6274
6275 (void) sysevent_evc_unbind(((struct znotify *)handle)->zn_eventchan);
6276 /*
6277 * Check that all evc threads have gone away. This should be
6278 * enforced by sysevent_evc_unbind.
6279 */
6280 ret = pthread_mutex_trylock(&((struct znotify *)handle)->zn_mutex);
6281
6282 if (ret)
6283 abort();
6284
6285 (void) pthread_mutex_unlock(&((struct znotify *)handle)->zn_mutex);
6286 (void) pthread_mutex_destroy(&((struct znotify *)handle)->zn_mutex);
6287 (void) pthread_cond_destroy(&((struct znotify *)handle)->zn_cond);
6288 (void) pthread_mutex_destroy(&((struct znotify *)handle)->zn_bigmutex);
6289
6290 free(handle);
6291 }
6292
6293 static int
6294 zonecfg_add_ds_core(zone_dochandle_t handle, struct zone_dstab *tabptr)
6295 {
6296 xmlNodePtr newnode, cur = handle->zone_dh_cur;
6297 int err;
6298
6299 newnode = xmlNewTextChild(cur, NULL, DTD_ELEM_DATASET, NULL);
6300 if ((err = newprop(newnode, DTD_ATTR_NAME,
6301 tabptr->zone_dataset_name)) != Z_OK)
6302 return (err);
6303 return (Z_OK);
6304 }
6305
6306 int
6307 zonecfg_add_ds(zone_dochandle_t handle, struct zone_dstab *tabptr)
6308 {
6309 int err;
6310
6311 if (tabptr == NULL)
6312 return (Z_INVAL);
6313
6314 if ((err = operation_prep(handle)) != Z_OK)
6315 return (err);
6316
6317 if ((err = zonecfg_add_ds_core(handle, tabptr)) != Z_OK)
6318 return (err);
6319
6320 return (Z_OK);
6321 }
6322
6323 static int
6324 zonecfg_delete_ds_core(zone_dochandle_t handle, struct zone_dstab *tabptr)
6325 {
6326 xmlNodePtr cur = handle->zone_dh_cur;
6327
6328 for (cur = cur->xmlChildrenNode; cur != NULL; cur = cur->next) {
6329 if (xmlStrcmp(cur->name, DTD_ELEM_DATASET))
6330 continue;
6331
6332 if (match_prop(cur, DTD_ATTR_NAME,
6333 tabptr->zone_dataset_name)) {
6334 xmlUnlinkNode(cur);
6335 xmlFreeNode(cur);
6336 return (Z_OK);
6337 }
6338 }
6339 return (Z_NO_RESOURCE_ID);
6340 }
6341
6342 int
6343 zonecfg_delete_ds(zone_dochandle_t handle, struct zone_dstab *tabptr)
6344 {
6345 int err;
6346
6347 if (tabptr == NULL)
6348 return (Z_INVAL);
6349
6350 if ((err = operation_prep(handle)) != Z_OK)
6351 return (err);
6352
6353 if ((err = zonecfg_delete_ds_core(handle, tabptr)) != Z_OK)
6354 return (err);
6355
6356 return (Z_OK);
6357 }
6358
6359 int
6360 zonecfg_modify_ds(
6361 zone_dochandle_t handle,
6362 struct zone_dstab *oldtabptr,
6363 struct zone_dstab *newtabptr)
6364 {
6365 int err;
6366
6367 if (oldtabptr == NULL || newtabptr == NULL)
6368 return (Z_INVAL);
6369
6370 if ((err = operation_prep(handle)) != Z_OK)
6371 return (err);
6372
6373 if ((err = zonecfg_delete_ds_core(handle, oldtabptr)) != Z_OK)
6374 return (err);
6375
6376 if ((err = zonecfg_add_ds_core(handle, newtabptr)) != Z_OK)
6377 return (err);
6378
6379 return (Z_OK);
6380 }
6381
6382 int
6383 zonecfg_lookup_ds(zone_dochandle_t handle, struct zone_dstab *tabptr)
6384 {
6385 xmlNodePtr cur, firstmatch;
6386 int err;
6387 char dataset[MAXNAMELEN];
6388
6389 if (tabptr == NULL)
6390 return (Z_INVAL);
6391
6392 if ((err = operation_prep(handle)) != Z_OK)
6393 return (err);
6394
6395 cur = handle->zone_dh_cur;
6396 firstmatch = NULL;
6397 for (cur = cur->xmlChildrenNode; cur != NULL; cur = cur->next) {
6398 if (xmlStrcmp(cur->name, DTD_ELEM_DATASET))
6399 continue;
6400 if (strlen(tabptr->zone_dataset_name) > 0) {
6401 if ((fetchprop(cur, DTD_ATTR_NAME, dataset,
6402 sizeof (dataset)) == Z_OK) &&
6403 (strcmp(tabptr->zone_dataset_name,
6404 dataset) == 0)) {
6405 if (firstmatch == NULL)
6406 firstmatch = cur;
6407 else
6408 return (Z_INSUFFICIENT_SPEC);
6409 }
6410 }
6411 }
6412 if (firstmatch == NULL)
6413 return (Z_NO_RESOURCE_ID);
6414
6415 cur = firstmatch;
6416
6417 if ((err = fetchprop(cur, DTD_ATTR_NAME, tabptr->zone_dataset_name,
6418 sizeof (tabptr->zone_dataset_name))) != Z_OK)
6419 return (err);
6420
6421 return (Z_OK);
6422 }
6423
6424 int
6425 zonecfg_setdsent(zone_dochandle_t handle)
6426 {
6427 return (zonecfg_setent(handle));
6428 }
6429
6430 int
6431 zonecfg_getdsent(zone_dochandle_t handle, struct zone_dstab *tabptr)
6432 {
6433 xmlNodePtr cur;
6434 int err;
6435
6436 if (handle == NULL)
6437 return (Z_INVAL);
6438
6439 if ((cur = handle->zone_dh_cur) == NULL)
6440 return (Z_NO_ENTRY);
6441
6442 for (; cur != NULL; cur = cur->next)
6443 if (!xmlStrcmp(cur->name, DTD_ELEM_DATASET))
6444 break;
6445 if (cur == NULL) {
6446 handle->zone_dh_cur = handle->zone_dh_top;
6447 return (Z_NO_ENTRY);
6448 }
6449
6450 if ((err = fetchprop(cur, DTD_ATTR_NAME, tabptr->zone_dataset_name,
6451 sizeof (tabptr->zone_dataset_name))) != Z_OK) {
6452 handle->zone_dh_cur = handle->zone_dh_top;
6453 return (err);
6454 }
6455
6456 handle->zone_dh_cur = cur->next;
6457 return (Z_OK);
6458 }
6459
6460 int
6461 zonecfg_enddsent(zone_dochandle_t handle)
6462 {
6463 return (zonecfg_endent(handle));
6464 }
6465
6466 /*
6467 * Support for aliased rctls; that is, rctls that have simplified names in
6468 * zonecfg. For example, max-lwps is an alias for a well defined zone.max-lwps
6469 * rctl. If there are multiple existing values for one of these rctls or if
6470 * there is a single value that does not match the well defined template (i.e.
6471 * it has a different action) then we cannot treat the rctl as having an alias
6472 * so we return Z_ALIAS_DISALLOW. That means that the rctl cannot be
6473 * managed in zonecfg via an alias and that the standard rctl syntax must be
6474 * used.
6475 *
6476 * The possible return values are:
6477 * Z_NO_PROPERTY_ID - invalid alias name
6478 * Z_ALIAS_DISALLOW - pre-existing, incompatible rctl definition
6479 * Z_NO_ENTRY - no rctl is configured for this alias
6480 * Z_OK - we got a valid rctl for the specified alias
6481 */
6482 int
6483 zonecfg_get_aliased_rctl(zone_dochandle_t handle, char *name, uint64_t *rval)
6484 {
6485 boolean_t found = B_FALSE;
6486 boolean_t found_val = B_FALSE;
6487 xmlNodePtr cur, val;
6488 char savedname[MAXNAMELEN];
6489 struct zone_rctlvaltab rctl;
6490 int i;
6491 int err;
6492
6493 for (i = 0; aliases[i].shortname != NULL; i++)
6494 if (strcmp(name, aliases[i].shortname) == 0)
6495 break;
6496
6497 if (aliases[i].shortname == NULL)
6498 return (Z_NO_PROPERTY_ID);
6499
6500 if ((err = operation_prep(handle)) != Z_OK)
6501 return (err);
6502
6503 cur = handle->zone_dh_cur;
6504 for (cur = cur->xmlChildrenNode; cur != NULL; cur = cur->next) {
6505 if (xmlStrcmp(cur->name, DTD_ELEM_RCTL) != 0)
6506 continue;
6507 if ((fetchprop(cur, DTD_ATTR_NAME, savedname,
6508 sizeof (savedname)) == Z_OK) &&
6509 (strcmp(savedname, aliases[i].realname) == 0)) {
6510
6511 /*
6512 * If we already saw one of these, we can't have an
6513 * alias since we just found another.
6514 */
6515 if (found)
6516 return (Z_ALIAS_DISALLOW);
6517 found = B_TRUE;
6518
6519 for (val = cur->xmlChildrenNode; val != NULL;
6520 val = val->next) {
6521 /*
6522 * If we already have one value, we can't have
6523 * an alias since we just found another.
6524 */
6525 if (found_val)
6526 return (Z_ALIAS_DISALLOW);
6527 found_val = B_TRUE;
6528
6529 if ((fetchprop(val, DTD_ATTR_PRIV,
6530 rctl.zone_rctlval_priv,
6531 sizeof (rctl.zone_rctlval_priv)) != Z_OK))
6532 break;
6533 if ((fetchprop(val, DTD_ATTR_LIMIT,
6534 rctl.zone_rctlval_limit,
6535 sizeof (rctl.zone_rctlval_limit)) != Z_OK))
6536 break;
6537 if ((fetchprop(val, DTD_ATTR_ACTION,
6538 rctl.zone_rctlval_action,
6539 sizeof (rctl.zone_rctlval_action)) != Z_OK))
6540 break;
6541 }
6542
6543 /* check priv and action match the expected vals */
6544 if (strcmp(rctl.zone_rctlval_priv,
6545 aliases[i].priv) != 0 ||
6546 strcmp(rctl.zone_rctlval_action,
6547 aliases[i].action) != 0)
6548 return (Z_ALIAS_DISALLOW);
6549 }
6550 }
6551
6552 if (found) {
6553 *rval = strtoull(rctl.zone_rctlval_limit, NULL, 10);
6554 return (Z_OK);
6555 }
6556
6557 return (Z_NO_ENTRY);
6558 }
6559
6560 int
6561 zonecfg_rm_aliased_rctl(zone_dochandle_t handle, char *name)
6562 {
6563 int i;
6564 uint64_t val;
6565 struct zone_rctltab rctltab;
6566
6567 /*
6568 * First check that we have a valid aliased rctl to remove.
6569 * This will catch an rctl entry with non-standard values or
6570 * multiple rctl values for this name. We need to ignore those
6571 * rctl entries.
6572 */
6573 if (zonecfg_get_aliased_rctl(handle, name, &val) != Z_OK)
6574 return (Z_OK);
6575
6576 for (i = 0; aliases[i].shortname != NULL; i++)
6577 if (strcmp(name, aliases[i].shortname) == 0)
6578 break;
6579
6580 if (aliases[i].shortname == NULL)
6581 return (Z_NO_RESOURCE_ID);
6582
6583 (void) strlcpy(rctltab.zone_rctl_name, aliases[i].realname,
6584 sizeof (rctltab.zone_rctl_name));
6585
6586 return (zonecfg_delete_rctl(handle, &rctltab));
6587 }
6588
6589 boolean_t
6590 zonecfg_aliased_rctl_ok(zone_dochandle_t handle, char *name)
6591 {
6592 uint64_t tmp_val;
6593
6594 switch (zonecfg_get_aliased_rctl(handle, name, &tmp_val)) {
6595 case Z_OK:
6596 /*FALLTHRU*/
6597 case Z_NO_ENTRY:
6598 return (B_TRUE);
6599 default:
6600 return (B_FALSE);
6601 }
6602 }
6603
6604 int
6605 zonecfg_set_aliased_rctl(zone_dochandle_t handle, char *name, uint64_t val)
6606 {
6607 int i;
6608 int err;
6609 struct zone_rctltab rctltab;
6610 struct zone_rctlvaltab *rctlvaltab;
6611 char buf[128];
6612
6613 if (!zonecfg_aliased_rctl_ok(handle, name))
6614 return (Z_ALIAS_DISALLOW);
6615
6616 for (i = 0; aliases[i].shortname != NULL; i++)
6617 if (strcmp(name, aliases[i].shortname) == 0)
6618 break;
6619
6620 if (aliases[i].shortname == NULL)
6621 return (Z_NO_RESOURCE_ID);
6622
6623 /* remove any pre-existing definition for this rctl */
6624 (void) zonecfg_rm_aliased_rctl(handle, name);
6625
6626 (void) strlcpy(rctltab.zone_rctl_name, aliases[i].realname,
6627 sizeof (rctltab.zone_rctl_name));
6628
6629 rctltab.zone_rctl_valptr = NULL;
6630
6631 if ((rctlvaltab = calloc(1, sizeof (struct zone_rctlvaltab))) == NULL)
6632 return (Z_NOMEM);
6633
6634 (void) snprintf(buf, sizeof (buf), "%llu", (long long)val);
6635
6636 (void) strlcpy(rctlvaltab->zone_rctlval_priv, aliases[i].priv,
6637 sizeof (rctlvaltab->zone_rctlval_priv));
6638 (void) strlcpy(rctlvaltab->zone_rctlval_limit, buf,
6639 sizeof (rctlvaltab->zone_rctlval_limit));
6640 (void) strlcpy(rctlvaltab->zone_rctlval_action, aliases[i].action,
6641 sizeof (rctlvaltab->zone_rctlval_action));
6642
6643 rctlvaltab->zone_rctlval_next = NULL;
6644
6645 if ((err = zonecfg_add_rctl_value(&rctltab, rctlvaltab)) != Z_OK)
6646 return (err);
6647
6648 return (zonecfg_add_rctl(handle, &rctltab));
6649 }
6650
6651 static int
6652 delete_tmp_pool(zone_dochandle_t handle)
6653 {
6654 int err;
6655 xmlNodePtr cur = handle->zone_dh_cur;
6656
6657 if ((err = operation_prep(handle)) != Z_OK)
6658 return (err);
6659
6660 for (cur = cur->xmlChildrenNode; cur != NULL; cur = cur->next) {
6661 if (xmlStrcmp(cur->name, DTD_ELEM_TMPPOOL) == 0) {
6662 xmlUnlinkNode(cur);
6663 xmlFreeNode(cur);
6664 return (Z_OK);
6665 }
6666 }
6667
6668 return (Z_NO_RESOURCE_ID);
6669 }
6670
6671 static int
6672 modify_tmp_pool(zone_dochandle_t handle, char *pool_importance)
6673 {
6674 int err;
6675 xmlNodePtr cur = handle->zone_dh_cur;
6676 xmlNodePtr newnode;
6677
6678 err = delete_tmp_pool(handle);
6679 if (err != Z_OK && err != Z_NO_RESOURCE_ID)
6680 return (err);
6681
6682 if (*pool_importance != '\0') {
6683 if ((err = operation_prep(handle)) != Z_OK)
6684 return (err);
6685
6686 newnode = xmlNewTextChild(cur, NULL, DTD_ELEM_TMPPOOL, NULL);
6687 if ((err = newprop(newnode, DTD_ATTR_IMPORTANCE,
6688 pool_importance)) != Z_OK)
6689 return (err);
6690 }
6691
6692 return (Z_OK);
6693 }
6694
6695 static int
6696 add_pset_core(zone_dochandle_t handle, struct zone_psettab *tabptr)
6697 {
6698 xmlNodePtr newnode, cur = handle->zone_dh_cur;
6699 int err;
6700
6701 newnode = xmlNewTextChild(cur, NULL, DTD_ELEM_PSET, NULL);
6702 if ((err = newprop(newnode, DTD_ATTR_NCPU_MIN,
6703 tabptr->zone_ncpu_min)) != Z_OK)
6704 return (err);
6705 if ((err = newprop(newnode, DTD_ATTR_NCPU_MAX,
6706 tabptr->zone_ncpu_max)) != Z_OK)
6707 return (err);
6708
6709 if ((err = modify_tmp_pool(handle, tabptr->zone_importance)) != Z_OK)
6710 return (err);
6711
6712 return (Z_OK);
6713 }
6714
6715 int
6716 zonecfg_add_pset(zone_dochandle_t handle, struct zone_psettab *tabptr)
6717 {
6718 int err;
6719
6720 if (tabptr == NULL)
6721 return (Z_INVAL);
6722
6723 if ((err = operation_prep(handle)) != Z_OK)
6724 return (err);
6725
6726 if ((err = add_pset_core(handle, tabptr)) != Z_OK)
6727 return (err);
6728
6729 return (Z_OK);
6730 }
6731
6732 int
6733 zonecfg_delete_pset(zone_dochandle_t handle)
6734 {
6735 int err;
6736 int res = Z_NO_RESOURCE_ID;
6737 xmlNodePtr cur = handle->zone_dh_cur;
6738
6739 if ((err = operation_prep(handle)) != Z_OK)
6740 return (err);
6741
6742 for (cur = cur->xmlChildrenNode; cur != NULL; cur = cur->next) {
6743 if (xmlStrcmp(cur->name, DTD_ELEM_PSET) == 0) {
6744 xmlUnlinkNode(cur);
6745 xmlFreeNode(cur);
6746 res = Z_OK;
6747 break;
6748 }
6749 }
6750
6751 /*
6752 * Once we have msets, we should check that a mset
6753 * do not exist before we delete the tmp_pool data.
6754 */
6755 err = delete_tmp_pool(handle);
6756 if (err != Z_OK && err != Z_NO_RESOURCE_ID)
6757 return (err);
6758
6759 return (res);
6760 }
6761
6762 int
6763 zonecfg_modify_pset(zone_dochandle_t handle, struct zone_psettab *tabptr)
6764 {
6765 int err;
6766
6767 if (tabptr == NULL)
6768 return (Z_INVAL);
6769
6770 if ((err = zonecfg_delete_pset(handle)) != Z_OK)
6771 return (err);
6772
6773 if ((err = add_pset_core(handle, tabptr)) != Z_OK)
6774 return (err);
6775
6776 return (Z_OK);
6777 }
6778
6779 int
6780 zonecfg_lookup_pset(zone_dochandle_t handle, struct zone_psettab *tabptr)
6781 {
6782 xmlNodePtr cur;
6783 int err;
6784 int res = Z_NO_ENTRY;
6785
6786 if (tabptr == NULL)
6787 return (Z_INVAL);
6788
6789 if ((err = operation_prep(handle)) != Z_OK)
6790 return (err);
6791
6792 /* this is an optional component */
6793 tabptr->zone_importance[0] = '\0';
6794
6795 cur = handle->zone_dh_cur;
6796 for (cur = cur->xmlChildrenNode; cur != NULL; cur = cur->next) {
6797 if (xmlStrcmp(cur->name, DTD_ELEM_PSET) == 0) {
6798 if ((err = fetchprop(cur, DTD_ATTR_NCPU_MIN,
6799 tabptr->zone_ncpu_min,
6800 sizeof (tabptr->zone_ncpu_min))) != Z_OK) {
6801 handle->zone_dh_cur = handle->zone_dh_top;
6802 return (err);
6803 }
6804
6805 if ((err = fetchprop(cur, DTD_ATTR_NCPU_MAX,
6806 tabptr->zone_ncpu_max,
6807 sizeof (tabptr->zone_ncpu_max))) != Z_OK) {
6808 handle->zone_dh_cur = handle->zone_dh_top;
6809 return (err);
6810 }
6811
6812 res = Z_OK;
6813
6814 } else if (xmlStrcmp(cur->name, DTD_ELEM_TMPPOOL) == 0) {
6815 if ((err = fetchprop(cur, DTD_ATTR_IMPORTANCE,
6816 tabptr->zone_importance,
6817 sizeof (tabptr->zone_importance))) != Z_OK) {
6818 handle->zone_dh_cur = handle->zone_dh_top;
6819 return (err);
6820 }
6821 }
6822 }
6823
6824 return (res);
6825 }
6826
6827 int
6828 zonecfg_getpsetent(zone_dochandle_t handle, struct zone_psettab *tabptr)
6829 {
6830 int err;
6831
6832 if ((err = zonecfg_setent(handle)) != Z_OK)
6833 return (err);
6834
6835 err = zonecfg_lookup_pset(handle, tabptr);
6836
6837 (void) zonecfg_endent(handle);
6838
6839 return (err);
6840 }
6841
6842 static int
6843 add_mcap(zone_dochandle_t handle, struct zone_mcaptab *tabptr)
6844 {
6845 xmlNodePtr newnode, cur = handle->zone_dh_cur;
6846 int err;
6847
6848 newnode = xmlNewTextChild(cur, NULL, DTD_ELEM_MCAP, NULL);
6849 if ((err = newprop(newnode, DTD_ATTR_PHYSCAP, tabptr->zone_physmem_cap))
6850 != Z_OK)
6851 return (err);
6852
6853 return (Z_OK);
6854 }
6855
6856 int
6857 zonecfg_delete_mcap(zone_dochandle_t handle)
6858 {
6859 int err;
6860 xmlNodePtr cur = handle->zone_dh_cur;
6861
6862 if ((err = operation_prep(handle)) != Z_OK)
6863 return (err);
6864
6865 for (cur = cur->xmlChildrenNode; cur != NULL; cur = cur->next) {
6866 if (xmlStrcmp(cur->name, DTD_ELEM_MCAP) != 0)
6867 continue;
6868
6869 xmlUnlinkNode(cur);
6870 xmlFreeNode(cur);
6871 return (Z_OK);
6872 }
6873 return (Z_NO_RESOURCE_ID);
6874 }
6875
6876 int
6877 zonecfg_modify_mcap(zone_dochandle_t handle, struct zone_mcaptab *tabptr)
6878 {
6879 int err;
6880
6881 if (tabptr == NULL)
6882 return (Z_INVAL);
6883
6884 err = zonecfg_delete_mcap(handle);
6885 /* it is ok if there is no mcap entry */
6886 if (err != Z_OK && err != Z_NO_RESOURCE_ID)
6887 return (err);
6888
6889 if ((err = add_mcap(handle, tabptr)) != Z_OK)
6890 return (err);
6891
6892 return (Z_OK);
6893 }
6894
6895 int
6896 zonecfg_lookup_mcap(zone_dochandle_t handle, struct zone_mcaptab *tabptr)
6897 {
6898 xmlNodePtr cur;
6899 int err;
6900
6901 if (tabptr == NULL)
6902 return (Z_INVAL);
6903
6904 if ((err = operation_prep(handle)) != Z_OK)
6905 return (err);
6906
6907 cur = handle->zone_dh_cur;
6908 for (cur = cur->xmlChildrenNode; cur != NULL; cur = cur->next) {
6909 if (xmlStrcmp(cur->name, DTD_ELEM_MCAP) != 0)
6910 continue;
6911 if ((err = fetchprop(cur, DTD_ATTR_PHYSCAP,
6912 tabptr->zone_physmem_cap,
6913 sizeof (tabptr->zone_physmem_cap))) != Z_OK) {
6914 handle->zone_dh_cur = handle->zone_dh_top;
6915 return (err);
6916 }
6917
6918 return (Z_OK);
6919 }
6920
6921 return (Z_NO_ENTRY);
6922 }
6923
6924 static int
6925 getmcapent_core(zone_dochandle_t handle, struct zone_mcaptab *tabptr)
6926 {
6927 xmlNodePtr cur;
6928 int err;
6929
6930 if (handle == NULL)
6931 return (Z_INVAL);
6932
6933 if ((cur = handle->zone_dh_cur) == NULL)
6934 return (Z_NO_ENTRY);
6935
6936 for (; cur != NULL; cur = cur->next)
6937 if (xmlStrcmp(cur->name, DTD_ELEM_MCAP) == 0)
6938 break;
6939 if (cur == NULL) {
6940 handle->zone_dh_cur = handle->zone_dh_top;
6941 return (Z_NO_ENTRY);
6942 }
6943
6944 if ((err = fetchprop(cur, DTD_ATTR_PHYSCAP, tabptr->zone_physmem_cap,
6945 sizeof (tabptr->zone_physmem_cap))) != Z_OK) {
6946 handle->zone_dh_cur = handle->zone_dh_top;
6947 return (err);
6948 }
6949
6950 handle->zone_dh_cur = cur->next;
6951 return (Z_OK);
6952 }
6953
6954 int
6955 zonecfg_getmcapent(zone_dochandle_t handle, struct zone_mcaptab *tabptr)
6956 {
6957 int err;
6958
6959 if ((err = zonecfg_setent(handle)) != Z_OK)
6960 return (err);
6961
6962 err = getmcapent_core(handle, tabptr);
6963
6964 (void) zonecfg_endent(handle);
6965
6966 return (err);
6967 }
6968
6969 /*
6970 * Get the full tree of pkg metadata in a set of nested AVL trees.
6971 * pkgs_avl is an AVL tree of pkgs.
6972 *
6973 * The zone xml data contains DTD_ELEM_PACKAGE elements.
6974 */
6975 int
6976 zonecfg_getpkgdata(zone_dochandle_t handle, uu_avl_pool_t *pkg_pool,
6977 uu_avl_t *pkgs_avl)
6978 {
6979 xmlNodePtr cur;
6980 int res;
6981 zone_pkg_entry_t *pkg;
6982 char name[MAXNAMELEN];
6983 char version[ZONE_PKG_VERSMAX];
6984
6985 if (handle == NULL)
6986 return (Z_INVAL);
6987
6988 if ((res = zonecfg_setent(handle)) != Z_OK)
6989 return (res);
6990
6991 if ((cur = handle->zone_dh_cur) == NULL) {
6992 res = Z_NO_ENTRY;
6993 goto done;
6994 }
6995
6996 for (; cur != NULL; cur = cur->next) {
6997 if (xmlStrcmp(cur->name, DTD_ELEM_PACKAGE) == 0) {
6998 uu_avl_index_t where;
6999
7000 if ((res = fetchprop(cur, DTD_ATTR_NAME, name,
7001 sizeof (name))) != Z_OK)
7002 goto done;
7003
7004 if ((res = fetchprop(cur, DTD_ATTR_VERSION, version,
7005 sizeof (version))) != Z_OK)
7006 goto done;
7007
7008 if ((pkg = (zone_pkg_entry_t *)
7009 malloc(sizeof (zone_pkg_entry_t))) == NULL) {
7010 res = Z_NOMEM;
7011 goto done;
7012 }
7013
7014 if ((pkg->zpe_name = strdup(name)) == NULL) {
7015 free(pkg);
7016 res = Z_NOMEM;
7017 goto done;
7018 }
7019
7020 if ((pkg->zpe_vers = strdup(version)) == NULL) {
7021 free(pkg->zpe_name);
7022 free(pkg);
7023 res = Z_NOMEM;
7024 goto done;
7025 }
7026
7027 uu_avl_node_init(pkg, &pkg->zpe_entry, pkg_pool);
7028 if (uu_avl_find(pkgs_avl, pkg, NULL, &where) != NULL) {
7029 free(pkg->zpe_name);
7030 free(pkg->zpe_vers);
7031 free(pkg);
7032 } else {
7033 uu_avl_insert(pkgs_avl, pkg, where);
7034 }
7035 }
7036 }
7037
7038 done:
7039 (void) zonecfg_endent(handle);
7040 return (res);
7041 }
7042
7043 int
7044 zonecfg_setdevperment(zone_dochandle_t handle)
7045 {
7046 return (zonecfg_setent(handle));
7047 }
7048
7049 int
7050 zonecfg_getdevperment(zone_dochandle_t handle, struct zone_devpermtab *tabptr)
7051 {
7052 xmlNodePtr cur;
7053 int err;
7054 char buf[128];
7055
7056 tabptr->zone_devperm_acl = NULL;
7057
7058 if (handle == NULL)
7059 return (Z_INVAL);
7060
7061 if ((cur = handle->zone_dh_cur) == NULL)
7062 return (Z_NO_ENTRY);
7063
7064 for (; cur != NULL; cur = cur->next)
7065 if (!xmlStrcmp(cur->name, DTD_ELEM_DEV_PERM))
7066 break;
7067 if (cur == NULL) {
7068 handle->zone_dh_cur = handle->zone_dh_top;
7069 return (Z_NO_ENTRY);
7070 }
7071
7072 if ((err = fetchprop(cur, DTD_ATTR_NAME, tabptr->zone_devperm_name,
7073 sizeof (tabptr->zone_devperm_name))) != Z_OK) {
7074 handle->zone_dh_cur = handle->zone_dh_top;
7075 return (err);
7076 }
7077
7078 if ((err = fetchprop(cur, DTD_ATTR_UID, buf, sizeof (buf))) != Z_OK) {
7079 handle->zone_dh_cur = handle->zone_dh_top;
7080 return (err);
7081 }
7082 tabptr->zone_devperm_uid = (uid_t)atol(buf);
7083
7084 if ((err = fetchprop(cur, DTD_ATTR_GID, buf, sizeof (buf))) != Z_OK) {
7085 handle->zone_dh_cur = handle->zone_dh_top;
7086 return (err);
7087 }
7088 tabptr->zone_devperm_gid = (gid_t)atol(buf);
7089
7090 if ((err = fetchprop(cur, DTD_ATTR_MODE, buf, sizeof (buf))) != Z_OK) {
7091 handle->zone_dh_cur = handle->zone_dh_top;
7092 return (err);
7093 }
7094 tabptr->zone_devperm_mode = (mode_t)strtol(buf, (char **)NULL, 8);
7095
7096 if ((err = fetch_alloc_prop(cur, DTD_ATTR_ACL,
7097 &(tabptr->zone_devperm_acl))) != Z_OK) {
7098 handle->zone_dh_cur = handle->zone_dh_top;
7099 return (err);
7100 }
7101
7102 handle->zone_dh_cur = cur->next;
7103 return (Z_OK);
7104 }
7105
7106 int
7107 zonecfg_enddevperment(zone_dochandle_t handle)
7108 {
7109 return (zonecfg_endent(handle));
7110 }
7111
7112 /* PRINTFLIKE1 */
7113 static void
7114 zerror(const char *zone_name, const char *fmt, ...)
7115 {
7116 va_list alist;
7117
7118 va_start(alist, fmt);
7119 (void) fprintf(stderr, "zone '%s': ", zone_name);
7120 (void) vfprintf(stderr, fmt, alist);
7121 (void) fprintf(stderr, "\n");
7122 va_end(alist);
7123 }
7124
7125 static void
7126 zperror(const char *str)
7127 {
7128 (void) fprintf(stderr, "%s: %s\n", str, strerror(errno));
7129 }
7130
7131 /*
7132 * The following three routines implement a simple locking mechanism to
7133 * ensure that only one instance of zoneadm at a time is able to manipulate
7134 * a given zone. The lock is built on top of an fcntl(2) lock of
7135 * [<altroot>]/var/run/zones/<zonename>.zoneadm.lock. If a zoneadm instance
7136 * can grab that lock, it is allowed to manipulate the zone.
7137 *
7138 * Since zoneadm may call external applications which in turn invoke
7139 * zoneadm again, we introduce the notion of "lock inheritance". Any
7140 * instance of zoneadm that has another instance in its ancestry is assumed
7141 * to be acting on behalf of the original zoneadm, and is thus allowed to
7142 * manipulate its zone.
7143 *
7144 * This inheritance is implemented via the _ZONEADM_LOCK_HELD environment
7145 * variable. When zoneadm is granted a lock on its zone, this environment
7146 * variable is set to 1. When it releases the lock, the variable is set to
7147 * 0. Since a child process inherits its parent's environment, checking
7148 * the state of this variable indicates whether or not any ancestor owns
7149 * the lock.
7150 */
7151 void
7152 zonecfg_init_lock_file(const char *zone_name, char **lock_env)
7153 {
7154 *lock_env = getenv(LOCK_ENV_VAR);
7155 if (*lock_env == NULL) {
7156 if (putenv(zoneadm_lock_not_held) != 0) {
7157 zerror(zone_name, gettext("could not set env: %s"),
7158 strerror(errno));
7159 exit(1);
7160 }
7161 } else {
7162 if (atoi(*lock_env) == 1)
7163 zone_lock_cnt = 1;
7164 }
7165 }
7166
7167 void
7168 zonecfg_release_lock_file(const char *zone_name, int lockfd)
7169 {
7170 /*
7171 * If we are cleaning up from a failed attempt to lock the zone for
7172 * the first time, we might have a zone_lock_cnt of 0. In that
7173 * error case, we don't want to do anything but close the lock
7174 * file.
7175 */
7176 assert(zone_lock_cnt >= 0);
7177 if (zone_lock_cnt > 0) {
7178 assert(getenv(LOCK_ENV_VAR) != NULL);
7179 assert(atoi(getenv(LOCK_ENV_VAR)) == 1);
7180 if (--zone_lock_cnt > 0) {
7181 assert(lockfd == -1);
7182 return;
7183 }
7184 if (putenv(zoneadm_lock_not_held) != 0) {
7185 zerror(zone_name, gettext("could not set env: %s"),
7186 strerror(errno));
7187 exit(1);
7188 }
7189 }
7190 assert(lockfd >= 0);
7191 (void) close(lockfd);
7192 }
7193
7194 int
7195 zonecfg_grab_lock_file(const char *zone_name, int *lockfd)
7196 {
7197 char pathbuf[PATH_MAX];
7198 struct flock flock;
7199
7200 /*
7201 * If we already have the lock, we can skip this expensive song
7202 * and dance.
7203 */
7204 assert(zone_lock_cnt >= 0);
7205 assert(getenv(LOCK_ENV_VAR) != NULL);
7206 if (zone_lock_cnt > 0) {
7207 assert(atoi(getenv(LOCK_ENV_VAR)) == 1);
7208 zone_lock_cnt++;
7209 *lockfd = -1;
7210 return (Z_OK);
7211 }
7212 assert(getenv(LOCK_ENV_VAR) != NULL);
7213 assert(atoi(getenv(LOCK_ENV_VAR)) == 0);
7214
7215 if (snprintf(pathbuf, sizeof (pathbuf), "%s%s", zonecfg_get_root(),
7216 ZONES_TMPDIR) >= sizeof (pathbuf)) {
7217 zerror(zone_name, gettext("alternate root path is too long"));
7218 return (-1);
7219 }
7220 if (mkdir(pathbuf, S_IRWXU) < 0 && errno != EEXIST) {
7221 zerror(zone_name, gettext("could not mkdir %s: %s"), pathbuf,
7222 strerror(errno));
7223 return (-1);
7224 }
7225 (void) chmod(pathbuf, S_IRWXU);
7226
7227 /*
7228 * One of these lock files is created for each zone (when needed).
7229 * The lock files are not cleaned up (except on system reboot),
7230 * but since there is only one per zone, there is no resource
7231 * starvation issue.
7232 */
7233 if (snprintf(pathbuf, sizeof (pathbuf), "%s%s/%s.zoneadm.lock",
7234 zonecfg_get_root(), ZONES_TMPDIR, zone_name) >= sizeof (pathbuf)) {
7235 zerror(zone_name, gettext("alternate root path is too long"));
7236 return (-1);
7237 }
7238 if ((*lockfd = open(pathbuf, O_RDWR|O_CREAT, S_IRUSR|S_IWUSR)) < 0) {
7239 zerror(zone_name, gettext("could not open %s: %s"), pathbuf,
7240 strerror(errno));
7241 return (-1);
7242 }
7243 /*
7244 * Lock the file to synchronize with other zoneadmds
7245 */
7246 flock.l_type = F_WRLCK;
7247 flock.l_whence = SEEK_SET;
7248 flock.l_start = (off_t)0;
7249 flock.l_len = (off_t)0;
7250 if ((fcntl(*lockfd, F_SETLKW, &flock) < 0) ||
7251 (putenv(zoneadm_lock_held) != 0)) {
7252 zerror(zone_name, gettext("unable to lock %s: %s"), pathbuf,
7253 strerror(errno));
7254 zonecfg_release_lock_file(zone_name, *lockfd);
7255 return (-1);
7256 }
7257 zone_lock_cnt = 1;
7258 return (Z_OK);
7259 }
7260
7261 boolean_t
7262 zonecfg_lock_file_held(int *lockfd)
7263 {
7264 if (*lockfd >= 0 || zone_lock_cnt > 0)
7265 return (B_TRUE);
7266 return (B_FALSE);
7267 }
7268
7269 static boolean_t
7270 get_doorname(const char *zone_name, char *buffer)
7271 {
7272 return (snprintf(buffer, PATH_MAX, "%s" ZONE_DOOR_PATH,
7273 zonecfg_get_root(), zone_name) < PATH_MAX);
7274 }
7275
7276 /*
7277 * system daemons are not audited. For the global zone, this occurs
7278 * "naturally" since init is started with the default audit
7279 * characteristics. Since zoneadmd is a system daemon and it starts
7280 * init for a zone, it is necessary to clear out the audit
7281 * characteristics inherited from whomever started zoneadmd. This is
7282 * indicated by the audit id, which is set from the ruid parameter of
7283 * adt_set_user(), below.
7284 */
7285
7286 static void
7287 prepare_audit_context(const char *zone_name)
7288 {
7289 adt_session_data_t *ah;
7290 char *failure = gettext("audit failure: %s");
7291
7292 if (adt_start_session(&ah, NULL, 0)) {
7293 zerror(zone_name, failure, strerror(errno));
7294 return;
7295 }
7296 if (adt_set_user(ah, ADT_NO_AUDIT, ADT_NO_AUDIT,
7297 ADT_NO_AUDIT, ADT_NO_AUDIT, NULL, ADT_NEW)) {
7298 zerror(zone_name, failure, strerror(errno));
7299 (void) adt_end_session(ah);
7300 return;
7301 }
7302 if (adt_set_proc(ah))
7303 zerror(zone_name, failure, strerror(errno));
7304
7305 (void) adt_end_session(ah);
7306 }
7307
7308 static int
7309 start_zoneadmd(const char *zone_name, boolean_t lock)
7310 {
7311 char doorpath[PATH_MAX];
7312 pid_t child_pid;
7313 int error = -1;
7314 int doorfd, lockfd;
7315 struct door_info info;
7316
7317 if (!get_doorname(zone_name, doorpath))
7318 return (-1);
7319
7320 if (lock)
7321 if (zonecfg_grab_lock_file(zone_name, &lockfd) != Z_OK)
7322 return (-1);
7323
7324 /*
7325 * Now that we have the lock, re-confirm that the daemon is
7326 * *not* up and working fine. If it is still down, we have a green
7327 * light to start it.
7328 */
7329 if ((doorfd = open(doorpath, O_RDONLY)) < 0) {
7330 if (errno != ENOENT) {
7331 zperror(doorpath);
7332 goto out;
7333 }
7334 } else {
7335 if (door_info(doorfd, &info) == 0 &&
7336 ((info.di_attributes & DOOR_REVOKED) == 0)) {
7337 error = Z_OK;
7338 (void) close(doorfd);
7339 goto out;
7340 }
7341 (void) close(doorfd);
7342 }
7343
7344 if ((child_pid = fork()) == -1) {
7345 zperror(gettext("could not fork"));
7346 goto out;
7347 }
7348
7349 if (child_pid == 0) {
7350 const char *argv[6], **ap;
7351
7352 /* child process */
7353 prepare_audit_context(zone_name);
7354
7355 ap = argv;
7356 *ap++ = "zoneadmd";
7357 *ap++ = "-z";
7358 *ap++ = zone_name;
7359 if (zonecfg_in_alt_root()) {
7360 *ap++ = "-R";
7361 *ap++ = zonecfg_get_root();
7362 }
7363 *ap = NULL;
7364
7365 (void) execv("/usr/lib/zones/zoneadmd", (char * const *)argv);
7366 /*
7367 * TRANSLATION_NOTE
7368 * zoneadmd is a literal that should not be translated.
7369 */
7370 zperror(gettext("could not exec zoneadmd"));
7371 _exit(1);
7372 } else {
7373 /* parent process */
7374 pid_t retval;
7375 int pstatus = 0;
7376
7377 do {
7378 retval = waitpid(child_pid, &pstatus, 0);
7379 } while (retval != child_pid);
7380 if (WIFSIGNALED(pstatus) || (WIFEXITED(pstatus) &&
7381 WEXITSTATUS(pstatus) != 0)) {
7382 zerror(zone_name, gettext("could not start %s"),
7383 "zoneadmd");
7384 goto out;
7385 }
7386 }
7387 error = Z_OK;
7388 out:
7389 if (lock)
7390 zonecfg_release_lock_file(zone_name, lockfd);
7391 return (error);
7392 }
7393
7394 int
7395 zonecfg_ping_zoneadmd(const char *zone_name)
7396 {
7397 char doorpath[PATH_MAX];
7398 int doorfd;
7399 struct door_info info;
7400
7401 if (!get_doorname(zone_name, doorpath))
7402 return (-1);
7403
7404 if ((doorfd = open(doorpath, O_RDONLY)) < 0) {
7405 return (-1);
7406 }
7407 if (door_info(doorfd, &info) == 0 &&
7408 ((info.di_attributes & DOOR_REVOKED) == 0)) {
7409 (void) close(doorfd);
7410 return (Z_OK);
7411 }
7412 (void) close(doorfd);
7413 return (-1);
7414 }
7415
7416 int
7417 zonecfg_call_zoneadmd(const char *zone_name, zone_cmd_arg_t *arg, char *locale,
7418 boolean_t lock)
7419 {
7420 char doorpath[PATH_MAX];
7421 int doorfd, result;
7422 door_arg_t darg;
7423
7424 zoneid_t zoneid;
7425 uint64_t uniqid = 0;
7426
7427 zone_cmd_rval_t *rvalp;
7428 size_t rlen;
7429 char *cp, *errbuf;
7430
7431 rlen = getpagesize();
7432 if ((rvalp = malloc(rlen)) == NULL) {
7433 zerror(zone_name, gettext("failed to allocate %lu bytes: %s"),
7434 rlen, strerror(errno));
7435 return (-1);
7436 }
7437
7438 if ((zoneid = getzoneidbyname(zone_name)) != ZONE_ID_UNDEFINED) {
7439 (void) zone_getattr(zoneid, ZONE_ATTR_UNIQID, &uniqid,
7440 sizeof (uniqid));
7441 }
7442 arg->uniqid = uniqid;
7443 (void) strlcpy(arg->locale, locale, sizeof (arg->locale));
7444 if (!get_doorname(zone_name, doorpath)) {
7445 zerror(zone_name, gettext("alternate root path is too long"));
7446 free(rvalp);
7447 return (-1);
7448 }
7449
7450 /*
7451 * Loop trying to start zoneadmd; if something goes seriously
7452 * wrong we break out and fail.
7453 */
7454 for (;;) {
7455 if (start_zoneadmd(zone_name, lock) != Z_OK)
7456 break;
7457
7458 if ((doorfd = open(doorpath, O_RDONLY)) < 0) {
7459 zperror(gettext("failed to open zone door"));
7460 break;
7461 }
7462
7463 darg.data_ptr = (char *)arg;
7464 darg.data_size = sizeof (*arg);
7465 darg.desc_ptr = NULL;
7466 darg.desc_num = 0;
7467 darg.rbuf = (char *)rvalp;
7468 darg.rsize = rlen;
7469 if (door_call(doorfd, &darg) != 0) {
7470 (void) close(doorfd);
7471 /*
7472 * We'll get EBADF if the door has been revoked.
7473 */
7474 if (errno != EBADF) {
7475 zperror(gettext("door_call failed"));
7476 break;
7477 }
7478 continue; /* take another lap */
7479 }
7480 (void) close(doorfd);
7481
7482 if (darg.data_size == 0) {
7483 /* Door server is going away; kick it again. */
7484 continue;
7485 }
7486
7487 errbuf = rvalp->errbuf;
7488 while (*errbuf != '\0') {
7489 /*
7490 * Remove any newlines since zerror()
7491 * will append one automatically.
7492 */
7493 cp = strchr(errbuf, '\n');
7494 if (cp != NULL)
7495 *cp = '\0';
7496 zerror(zone_name, "%s", errbuf);
7497 if (cp == NULL)
7498 break;
7499 errbuf = cp + 1;
7500 }
7501 result = rvalp->rval == 0 ? 0 : -1;
7502 free(rvalp);
7503 return (result);
7504 }
7505
7506 free(rvalp);
7507 return (-1);
7508 }
7509
7510 boolean_t
7511 zonecfg_valid_auths(const char *auths, const char *zonename)
7512 {
7513 char *right;
7514 char *tmpauths;
7515 char *lasts;
7516 char authname[MAXAUTHS];
7517 boolean_t status = B_TRUE;
7518
7519 tmpauths = strdup(auths);
7520 if (tmpauths == NULL) {
7521 zerror(zonename, gettext("Out of memory"));
7522 return (B_FALSE);
7523 }
7524 right = strtok_r(tmpauths, ",", &lasts);
7525 while (right != NULL) {
7526 (void) snprintf(authname, MAXAUTHS, "%s%s",
7527 ZONE_AUTH_PREFIX, right);
7528 if (getauthnam(authname) == NULL) {
7529 status = B_FALSE;
7530 zerror(zonename,
7531 gettext("'%s' is not a valid authorization"),
7532 right);
7533 }
7534 right = strtok_r(NULL, ",", &lasts);
7535 }
7536 free(tmpauths);
7537 return (status);
7538 }
7539
7540 int
7541 zonecfg_delete_admins(zone_dochandle_t handle, char *zonename)
7542 {
7543 int err;
7544 struct zone_admintab admintab;
7545 boolean_t changed = B_FALSE;
7546
7547 if ((err = zonecfg_setadminent(handle)) != Z_OK) {
7548 return (err);
7549 }
7550 while (zonecfg_getadminent(handle, &admintab) == Z_OK) {
7551 err = zonecfg_delete_admin(handle, &admintab,
7552 zonename);
7553 if (err != Z_OK) {
7554 (void) zonecfg_endadminent(handle);
7555 return (err);
7556 } else {
7557 changed = B_TRUE;
7558 }
7559 if ((err = zonecfg_setadminent(handle)) != Z_OK) {
7560 return (err);
7561 }
7562 }
7563 (void) zonecfg_endadminent(handle);
7564 return (changed? Z_OK:Z_NO_ENTRY);
7565 }
7566
7567 /*
7568 * Checks if a long authorization applies to this zone.
7569 * If so, it returns true, after destructively stripping
7570 * the authorization of its prefix and zone suffix.
7571 */
7572 static boolean_t
7573 is_zone_auth(char **auth, char *zonename, char *oldzonename)
7574 {
7575 char *suffix;
7576 size_t offset;
7577
7578 offset = strlen(ZONE_AUTH_PREFIX);
7579 if ((strncmp(*auth, ZONE_AUTH_PREFIX, offset) == 0) &&
7580 ((suffix = strchr(*auth, '/')) != NULL)) {
7581 if (strcmp(suffix + 1, zonename) == 0) {
7582 *auth += offset;
7583 suffix[0] = '\0';
7584 return (B_TRUE);
7585 } else if ((oldzonename != NULL) &&
7586 (strcmp(suffix + 1, oldzonename) == 0)) {
7587 *auth += offset;
7588 suffix[0] = '\0';
7589 return (B_TRUE);
7590 }
7591 }
7592 return (B_FALSE);
7593 }
7594
7595 /*
7596 * This function determines whether the zone-specific authorization
7597 * assignments in /etc/user_attr have been changed more recently
7598 * than the equivalent data stored in the zone's configuration file.
7599 * This should only happen if the zone-specific authorizations in
7600 * the user_attr file were modified using a tool other than zonecfg.
7601 * If the configuration file is out-of-date with respect to these
7602 * authorization assignments, it is updated to match those specified
7603 * in /etc/user_attr.
7604 */
7605
7606 int
7607 zonecfg_update_userauths(zone_dochandle_t handle, char *zonename)
7608 {
7609 userattr_t *ua_ptr;
7610 char *authlist;
7611 char *lasts;
7612 FILE *uaf;
7613 struct zone_admintab admintab;
7614 struct stat config_st, ua_st;
7615 char config_file[MAXPATHLEN];
7616 boolean_t changed = B_FALSE;
7617 int err;
7618
7619 if ((uaf = fopen(USERATTR_FILENAME, "r")) == NULL) {
7620 zerror(zonename, gettext("could not open file %s: %s"),
7621 USERATTR_FILENAME, strerror(errno));
7622 if (errno == EACCES)
7623 return (Z_ACCES);
7624 if (errno == ENOENT)
7625 return (Z_NO_ZONE);
7626 return (Z_MISC_FS);
7627 }
7628 if ((err = fstat(fileno(uaf), &ua_st)) != 0) {
7629 zerror(zonename, gettext("could not stat file %s: %s"),
7630 USERATTR_FILENAME, strerror(errno));
7631 (void) fclose(uaf);
7632 return (Z_MISC_FS);
7633 }
7634 if (!config_file_path(zonename, config_file)) {
7635 (void) fclose(uaf);
7636 return (Z_MISC_FS);
7637 }
7638
7639 if ((err = stat(config_file, &config_st)) != 0) {
7640 zerror(zonename, gettext("could not stat file %s: %s"),
7641 config_file, strerror(errno));
7642 (void) fclose(uaf);
7643 return (Z_MISC_FS);
7644 }
7645 if (config_st.st_mtime >= ua_st.st_mtime) {
7646 (void) fclose(uaf);
7647 return (Z_NO_ENTRY);
7648 }
7649 if ((err = zonecfg_delete_admins(handle, zonename)) == Z_OK) {
7650 changed = B_TRUE;
7651 } else if (err != Z_NO_ENTRY) {
7652 (void) fclose(uaf);
7653 return (err);
7654 }
7655 while ((ua_ptr = fgetuserattr(uaf)) != NULL) {
7656 if (ua_ptr->name[0] == '#') {
7657 continue;
7658 }
7659 authlist = kva_match(ua_ptr->attr, USERATTR_AUTHS_KW);
7660 if (authlist != NULL) {
7661 char *cur_auth;
7662 boolean_t first;
7663
7664 first = B_TRUE;
7665 bzero(&admintab.zone_admin_auths, MAXAUTHS);
7666 cur_auth = strtok_r(authlist, ",", &lasts);
7667 while (cur_auth != NULL) {
7668 if (is_zone_auth(&cur_auth, zonename,
7669 NULL)) {
7670 /*
7671 * Add auths for this zone
7672 */
7673 if (first) {
7674 first = B_FALSE;
7675 } else {
7676 (void) strlcat(
7677 admintab.zone_admin_auths,
7678 ",", MAXAUTHS);
7679 }
7680 (void) strlcat(
7681 admintab.zone_admin_auths,
7682 cur_auth, MAXAUTHS);
7683 }
7684 cur_auth = strtok_r(NULL, ",", &lasts);
7685 }
7686 if (!first) {
7687 /*
7688 * Add this right to config file
7689 */
7690 (void) strlcpy(admintab.zone_admin_user,
7691 ua_ptr->name,
7692 sizeof (admintab.zone_admin_user));
7693 err = zonecfg_add_admin(handle,
7694 &admintab, zonename);
7695 if (err != Z_OK) {
7696 (void) fclose(uaf);
7697 return (err);
7698 } else {
7699 changed = B_TRUE;
7700 }
7701 }
7702 }
7703 } /* end-of-while-loop */
7704 (void) fclose(uaf);
7705 return (changed? Z_OK: Z_NO_ENTRY);
7706 }
7707
7708 static void
7709 update_profiles(char *rbac_profs, boolean_t add)
7710 {
7711 char new_profs[MAXPROFS];
7712 char *cur_prof;
7713 boolean_t first = B_TRUE;
7714 boolean_t found = B_FALSE;
7715 char *lasts;
7716
7717 cur_prof = strtok_r(rbac_profs, ",", &lasts);
7718 while (cur_prof != NULL) {
7719 if (strcmp(cur_prof, ZONE_MGMT_PROF) == 0) {
7720 found = B_TRUE;
7721 if (!add) {
7722 cur_prof = strtok_r(NULL, ",", &lasts);
7723 continue;
7724 }
7725 }
7726 if (first) {
7727 first = B_FALSE;
7728 } else {
7729 (void) strlcat(new_profs, ",",
7730 MAXPROFS);
7731 }
7732 (void) strlcat(new_profs, cur_prof,
7733 MAXPROFS);
7734 cur_prof = strtok_r(NULL, ",", &lasts);
7735 }
7736 /*
7737 * Now prepend the Zone Management profile at the beginning
7738 * of the list if it is needed, and append the rest.
7739 * Return the updated list in the original buffer.
7740 */
7741 if (add && !found) {
7742 first = B_FALSE;
7743 (void) strlcpy(rbac_profs, ZONE_MGMT_PROF, MAXPROFS);
7744 } else {
7745 first = B_TRUE;
7746 rbac_profs[0] = '\0';
7747 }
7748 if (strlen(new_profs) > 0) {
7749 if (!first)
7750 (void) strlcat(rbac_profs, ",", MAXPROFS);
7751 (void) strlcat(rbac_profs, new_profs, MAXPROFS);
7752 }
7753 }
7754
7755 #define MAX_CMD_LEN 1024
7756
7757 static int
7758 do_subproc(char *zonename, char *cmdbuf)
7759 {
7760 char inbuf[MAX_CMD_LEN];
7761 FILE *file;
7762 int status;
7763
7764 file = popen(cmdbuf, "r");
7765 if (file == NULL) {
7766 zerror(zonename, gettext("Could not launch: %s"), cmdbuf);
7767 return (-1);
7768 }
7769
7770 while (fgets(inbuf, sizeof (inbuf), file) != NULL)
7771 (void) fprintf(stderr, "%s", inbuf);
7772 status = pclose(file);
7773
7774 if (WIFSIGNALED(status)) {
7775 zerror(zonename, gettext("%s unexpectedly terminated "
7776 "due to signal %d"),
7777 cmdbuf, WTERMSIG(status));
7778 return (-1);
7779 }
7780 assert(WIFEXITED(status));
7781 return (WEXITSTATUS(status));
7782 }
7783
7784 /*
7785 * This function updates the local /etc/user_attr file to
7786 * correspond to the admin settings that are currently being
7787 * committed. The updates are done via usermod and/or rolemod
7788 * depending on the type of the specified user. It is also
7789 * invoked to remove entries from user_attr corresponding to
7790 * removed admin assignments, using an empty auths string.
7791 *
7792 * Because the removed entries are no longer included in the
7793 * cofiguration that is being committed, a linked list of
7794 * removed admin entries is maintained to keep track of such
7795 * transactions. The head of the list is stored in the zone_dh_userauths
7796 * element of the handle strcture.
7797 */
7798 static int
7799 zonecfg_authorize_user_impl(zone_dochandle_t handle, char *user,
7800 char *auths, char *zonename)
7801 {
7802 char *right;
7803 char old_auths[MAXAUTHS];
7804 char new_auths[MAXAUTHS];
7805 char rbac_profs[MAXPROFS];
7806 char *lasts;
7807 userattr_t *u;
7808 boolean_t first = B_TRUE;
7809 boolean_t is_zone_admin = B_FALSE;
7810 char user_cmd[] = "/usr/sbin/usermod";
7811 char role_cmd[] = "/usr/sbin/rolemod";
7812 char *auths_cmd = user_cmd; /* either usermod or rolemod */
7813 char *new_auth_start; /* string containing the new auths */
7814 int new_auth_cnt = 0; /* delta of changed authorizations */
7815
7816 /*
7817 * First get the existing authorizations for this user
7818 */
7819
7820 bzero(&old_auths, sizeof (old_auths));
7821 bzero(&new_auths, sizeof (new_auths));
7822 bzero(&rbac_profs, sizeof (rbac_profs));
7823 if ((u = getusernam(user)) != NULL) {
7824 char *current_auths;
7825 char *current_profs;
7826 char *type;
7827
7828 type = kva_match(u->attr, USERATTR_TYPE_KW);
7829 if (type != NULL) {
7830 if (strcmp(type, USERATTR_TYPE_NONADMIN_KW) == 0)
7831 auths_cmd = role_cmd;
7832 }
7833
7834 current_auths = kva_match(u->attr, USERATTR_AUTHS_KW);
7835 if (current_auths != NULL) {
7836 char *cur_auth;
7837 char *delete_name;
7838 size_t offset;
7839
7840 offset = strlen(ZONE_AUTH_PREFIX);
7841
7842 (void) strlcpy(old_auths, current_auths, MAXAUTHS);
7843 cur_auth = strtok_r(current_auths, ",", &lasts);
7844
7845 /*
7846 * Next, remove any existing authorizations
7847 * for this zone, and determine if the
7848 * user still needs the Zone Management Profile.
7849 */
7850 if (is_renaming(handle))
7851 delete_name = handle->zone_dh_delete_name;
7852 else
7853 delete_name = NULL;
7854 while (cur_auth != NULL) {
7855 if (!is_zone_auth(&cur_auth, zonename,
7856 delete_name)) {
7857 if (first) {
7858 first = B_FALSE;
7859 } else {
7860 (void) strlcat(new_auths, ",",
7861 MAXAUTHS);
7862 }
7863 (void) strlcat(new_auths, cur_auth,
7864 MAXAUTHS);
7865 /*
7866 * If the user has authorizations
7867 * for other zones, then set a
7868 * flag indicate that the Zone
7869 * Management profile should be
7870 * preserved in user_attr.
7871 */
7872 if (strncmp(cur_auth,
7873 ZONE_AUTH_PREFIX, offset) == 0)
7874 is_zone_admin = B_TRUE;
7875 } else {
7876 new_auth_cnt++;
7877 }
7878 cur_auth = strtok_r(NULL, ",", &lasts);
7879 }
7880 }
7881 current_profs = kva_match(u->attr, USERATTR_PROFILES_KW);
7882 if (current_profs != NULL) {
7883 (void) strlcpy(rbac_profs, current_profs, MAXPROFS);
7884 }
7885 free_userattr(u);
7886 }
7887 /*
7888 * The following is done to avoid revisiting the
7889 * user_attr entry for this user
7890 */
7891 (void) zonecfg_remove_userauths(handle, user, "", B_FALSE);
7892
7893 /*
7894 * Convert each right into a properly formatted authorization
7895 */
7896 new_auth_start = new_auths + strlen(new_auths);
7897 if (!first)
7898 new_auth_start++;
7899 right = strtok_r(auths, ",", &lasts);
7900 while (right != NULL) {
7901 char auth[MAXAUTHS];
7902
7903 (void) snprintf(auth, MAXAUTHS, "%s%s/%s",
7904 ZONE_AUTH_PREFIX, right, zonename);
7905 if (first) {
7906 first = B_FALSE;
7907 } else {
7908 (void) strlcat(new_auths, ",", MAXAUTHS);
7909 }
7910 (void) strlcat(new_auths, auth, MAXAUTHS);
7911 is_zone_admin = B_TRUE;
7912 new_auth_cnt--;
7913 right = strtok_r(NULL, ",", &lasts);
7914 }
7915
7916 /*
7917 * Need to update the authorizations in user_attr unless
7918 * the number of old and new authorizations is unchanged
7919 * and the new auths are a substrings of the old auths.
7920 *
7921 * If the user's previous authorizations have changed
7922 * execute the usermod progam to update them in user_attr.
7923 */
7924 if ((new_auth_cnt != 0) ||
7925 (strstr(old_auths, new_auth_start) == NULL)) {
7926 char *cmdbuf;
7927 size_t cmd_len;
7928
7929 update_profiles(rbac_profs, is_zone_admin);
7930 cmd_len = snprintf(NULL, 0, "%s -A \"%s\" -P \"%s\" %s",
7931 auths_cmd, new_auths, rbac_profs, user) + 1;
7932 if ((cmdbuf = malloc(cmd_len)) == NULL) {
7933 return (Z_NOMEM);
7934 }
7935 (void) snprintf(cmdbuf, cmd_len, "%s -A \"%s\" -P \"%s\" %s",
7936 auths_cmd, new_auths, rbac_profs, user);
7937 if (do_subproc(zonename, cmdbuf) != 0) {
7938 free(cmdbuf);
7939 return (Z_SYSTEM);
7940 }
7941 free(cmdbuf);
7942 }
7943
7944 return (Z_OK);
7945 }
7946
7947 int
7948 zonecfg_authorize_users(zone_dochandle_t handle, char *zonename)
7949 {
7950 xmlNodePtr cur;
7951 int err;
7952 char user[MAXUSERNAME];
7953 char auths[MAXAUTHS];
7954
7955 if ((err = operation_prep(handle)) != Z_OK)
7956 return (err);
7957
7958 cur = handle->zone_dh_cur;
7959 for (cur = cur->xmlChildrenNode; cur != NULL; cur = cur->next) {
7960 if (xmlStrcmp(cur->name, DTD_ELEM_ADMIN))
7961 continue;
7962 if (fetchprop(cur, DTD_ATTR_USER, user,
7963 sizeof (user)) != Z_OK)
7964 continue;
7965 if (fetchprop(cur, DTD_ATTR_AUTHS, auths,
7966 sizeof (auths)) != Z_OK)
7967 continue;
7968 if (zonecfg_authorize_user_impl(handle, user, auths, zonename)
7969 != Z_OK)
7970 return (Z_SYSTEM);
7971 }
7972 (void) zonecfg_remove_userauths(handle, "", "", B_TRUE);
7973
7974 return (Z_OK);
7975 }
7976
7977 int
7978 zonecfg_deauthorize_user(zone_dochandle_t handle, char *user, char *zonename)
7979 {
7980 return (zonecfg_authorize_user_impl(handle, user, "", zonename));
7981 }
7982
7983 int
7984 zonecfg_deauthorize_users(zone_dochandle_t handle, char *zonename)
7985 {
7986 xmlNodePtr cur;
7987 int err;
7988 char user[MAXUSERNAME];
7989
7990 if ((err = operation_prep(handle)) != Z_OK)
7991 return (err);
7992
7993 cur = handle->zone_dh_cur;
7994 for (cur = cur->xmlChildrenNode; cur != NULL; cur = cur->next) {
7995 if (xmlStrcmp(cur->name, DTD_ELEM_ADMIN))
7996 continue;
7997 if (fetchprop(cur, DTD_ATTR_USER, user,
7998 sizeof (user)) != Z_OK)
7999 continue;
8000 if ((err = zonecfg_deauthorize_user(handle, user,
8001 zonename)) != Z_OK)
8002 return (err);
8003 }
8004 return (Z_OK);
8005 }
8006
8007 int
8008 zonecfg_insert_userauths(zone_dochandle_t handle, char *user, char *zonename)
8009 {
8010 zone_userauths_t *new, **prev, *next;
8011
8012 prev = &handle->zone_dh_userauths;
8013 next = *prev;
8014 while (next) {
8015 if ((strncmp(next->user, user, MAXUSERNAME) == 0) &&
8016 (strncmp(next->zonename, zonename,
8017 ZONENAME_MAX) == 0)) {
8018 /*
8019 * user is already in list
8020 * which isn't supposed to happen!
8021 */
8022 return (Z_OK);
8023 }
8024 prev = &next->next;
8025 next = *prev;
8026 }
8027 new = (zone_userauths_t *)malloc(sizeof (zone_userauths_t));
8028 if (new == NULL)
8029 return (Z_NOMEM);
8030
8031 (void) strlcpy(new->user, user, sizeof (new->user));
8032 (void) strlcpy(new->zonename, zonename, sizeof (new->zonename));
8033 new->next = NULL;
8034 *prev = new;
8035 return (Z_OK);
8036 }
8037
8038 int
8039 zonecfg_remove_userauths(zone_dochandle_t handle, char *user, char *zonename,
8040 boolean_t deauthorize)
8041 {
8042 zone_userauths_t *new, **prev, *next;
8043
8044 prev = &handle->zone_dh_userauths;
8045 next = *prev;
8046
8047 while (next) {
8048 if ((strlen(user) == 0 ||
8049 strncmp(next->user, user, MAXUSERNAME) == 0) &&
8050 (strlen(zonename) == 0 ||
8051 (strncmp(next->zonename, zonename, ZONENAME_MAX) == 0))) {
8052 new = next;
8053 *prev = next->next;
8054 next = *prev;
8055 if (deauthorize)
8056 (void) zonecfg_deauthorize_user(handle,
8057 new->user, new->zonename);
8058 free(new);
8059 continue;
8060 }
8061 prev = &next->next;
8062 next = *prev;
8063 }
8064 return (Z_OK);
8065 }