1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 22 /* 23 * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved. 24 */ 25 26 #include <libsysevent.h> 27 #include <pthread.h> 28 #include <stdlib.h> 29 #include <errno.h> 30 #include <fnmatch.h> 31 #include <strings.h> 32 #include <unistd.h> 33 #include <assert.h> 34 #include <libgen.h> 35 #include <libintl.h> 36 #include <alloca.h> 37 #include <ctype.h> 38 #include <sys/acl.h> 39 #include <sys/stat.h> 40 #include <sys/brand.h> 41 #include <sys/mntio.h> 42 #include <sys/mnttab.h> 43 #include <sys/nvpair.h> 44 #include <sys/types.h> 45 #include <sys/sockio.h> 46 #include <sys/systeminfo.h> 47 #include <ftw.h> 48 #include <pool.h> 49 #include <libscf.h> 50 #include <libproc.h> 51 #include <sys/priocntl.h> 52 #include <libuutil.h> 53 #include <wait.h> 54 #include <bsm/adt.h> 55 #include <auth_attr.h> 56 #include <auth_list.h> 57 #include <secdb.h> 58 #include <user_attr.h> 59 #include <prof_attr.h> 60 61 #include <arpa/inet.h> 62 #include <netdb.h> 63 64 #include <libxml/xmlmemory.h> 65 #include <libxml/parser.h> 66 67 #include <libdevinfo.h> 68 #include <uuid/uuid.h> 69 #include <dirent.h> 70 #include <libbrand.h> 71 72 #include <libzonecfg.h> 73 #include "zonecfg_impl.h" 74 75 #define _PATH_TMPFILE "/zonecfg.XXXXXX" 76 #define ZONE_CB_RETRY_COUNT 10 77 #define ZONE_EVENT_PING_SUBCLASS "ping" 78 #define ZONE_EVENT_PING_PUBLISHER "solaris" 79 80 /* Hard-code the DTD element/attribute/entity names just once, here. */ 81 #define DTD_ELEM_ATTR (const xmlChar *) "attr" 82 #define DTD_ELEM_COMMENT (const xmlChar *) "comment" 83 #define DTD_ELEM_DEVICE (const xmlChar *) "device" 84 #define DTD_ELEM_FS (const xmlChar *) "filesystem" 85 #define DTD_ELEM_FSOPTION (const xmlChar *) "fsoption" 86 #define DTD_ELEM_NET (const xmlChar *) "network" 87 #define DTD_ELEM_RCTL (const xmlChar *) "rctl" 88 #define DTD_ELEM_RCTLVALUE (const xmlChar *) "rctl-value" 89 #define DTD_ELEM_ZONE (const xmlChar *) "zone" 90 #define DTD_ELEM_DATASET (const xmlChar *) "dataset" 91 #define DTD_ELEM_TMPPOOL (const xmlChar *) "tmp_pool" 92 #define DTD_ELEM_PSET (const xmlChar *) "pset" 93 #define DTD_ELEM_MCAP (const xmlChar *) "mcap" 94 #define DTD_ELEM_PACKAGE (const xmlChar *) "package" 95 #define DTD_ELEM_OBSOLETES (const xmlChar *) "obsoletes" 96 #define DTD_ELEM_DEV_PERM (const xmlChar *) "dev-perm" 97 #define DTD_ELEM_ADMIN (const xmlChar *) "admin" 98 99 #define DTD_ATTR_ACTION (const xmlChar *) "action" 100 #define DTD_ATTR_ADDRESS (const xmlChar *) "address" 101 #define DTD_ATTR_ALLOWED_ADDRESS (const xmlChar *) "allowed-address" 102 #define DTD_ATTR_AUTOBOOT (const xmlChar *) "autoboot" 103 #define DTD_ATTR_IPTYPE (const xmlChar *) "ip-type" 104 #define DTD_ATTR_DEFROUTER (const xmlChar *) "defrouter" 105 #define DTD_ATTR_DIR (const xmlChar *) "directory" 106 #define DTD_ATTR_LIMIT (const xmlChar *) "limit" 107 #define DTD_ATTR_LIMITPRIV (const xmlChar *) "limitpriv" 108 #define DTD_ATTR_BOOTARGS (const xmlChar *) "bootargs" 109 #define DTD_ATTR_SCHED (const xmlChar *) "scheduling-class" 110 #define DTD_ATTR_MATCH (const xmlChar *) "match" 111 #define DTD_ATTR_NAME (const xmlChar *) "name" 112 #define DTD_ATTR_PHYSICAL (const xmlChar *) "physical" 113 #define DTD_ATTR_POOL (const xmlChar *) "pool" 114 #define DTD_ATTR_PRIV (const xmlChar *) "priv" 115 #define DTD_ATTR_RAW (const xmlChar *) "raw" 116 #define DTD_ATTR_SPECIAL (const xmlChar *) "special" 117 #define DTD_ATTR_TYPE (const xmlChar *) "type" 118 #define DTD_ATTR_VALUE (const xmlChar *) "value" 119 #define DTD_ATTR_ZONEPATH (const xmlChar *) "zonepath" 120 #define DTD_ATTR_NCPU_MIN (const xmlChar *) "ncpu_min" 121 #define DTD_ATTR_NCPU_MAX (const xmlChar *) "ncpu_max" 122 #define DTD_ATTR_IMPORTANCE (const xmlChar *) "importance" 123 #define DTD_ATTR_PHYSCAP (const xmlChar *) "physcap" 124 #define DTD_ATTR_VERSION (const xmlChar *) "version" 125 #define DTD_ATTR_ID (const xmlChar *) "id" 126 #define DTD_ATTR_UID (const xmlChar *) "uid" 127 #define DTD_ATTR_GID (const xmlChar *) "gid" 128 #define DTD_ATTR_MODE (const xmlChar *) "mode" 129 #define DTD_ATTR_ACL (const xmlChar *) "acl" 130 #define DTD_ATTR_BRAND (const xmlChar *) "brand" 131 #define DTD_ATTR_HOSTID (const xmlChar *) "hostid" 132 #define DTD_ATTR_USER (const xmlChar *) "user" 133 #define DTD_ATTR_AUTHS (const xmlChar *) "auths" 134 #define DTD_ATTR_FS_ALLOWED (const xmlChar *) "fs-allowed" 135 136 #define DTD_ENTITY_BOOLEAN "boolean" 137 #define DTD_ENTITY_DEVPATH "devpath" 138 #define DTD_ENTITY_DRIVER "driver" 139 #define DTD_ENTITY_DRVMIN "drv_min" 140 #define DTD_ENTITY_FALSE "false" 141 #define DTD_ENTITY_INT "int" 142 #define DTD_ENTITY_STRING "string" 143 #define DTD_ENTITY_TRUE "true" 144 #define DTD_ENTITY_UINT "uint" 145 146 #define DTD_ENTITY_BOOL_LEN 6 /* "false" */ 147 148 #define ATTACH_FORCED "SUNWattached.xml" 149 150 #define TMP_POOL_NAME "SUNWtmp_%s" 151 #define MAX_TMP_POOL_NAME (ZONENAME_MAX + 9) 152 #define RCAP_SERVICE "system/rcap:default" 153 #define POOLD_SERVICE "system/pools/dynamic:default" 154 155 /* 156 * rctl alias definitions 157 * 158 * This holds the alias, the full rctl name, the default priv value, action 159 * and lower limit. The functions that handle rctl aliases step through 160 * this table, matching on the alias, and using the full values for setting 161 * the rctl entry as well the limit for validation. 162 */ 163 static struct alias { 164 char *shortname; 165 char *realname; 166 char *priv; 167 char *action; 168 uint64_t low_limit; 169 } aliases[] = { 170 {ALIAS_MAXLWPS, "zone.max-lwps", "privileged", "deny", 100}, 171 {ALIAS_MAXSHMMEM, "zone.max-shm-memory", "privileged", "deny", 0}, 172 {ALIAS_MAXSHMIDS, "zone.max-shm-ids", "privileged", "deny", 0}, 173 {ALIAS_MAXMSGIDS, "zone.max-msg-ids", "privileged", "deny", 0}, 174 {ALIAS_MAXSEMIDS, "zone.max-sem-ids", "privileged", "deny", 0}, 175 {ALIAS_MAXLOCKEDMEM, "zone.max-locked-memory", "privileged", "deny", 0}, 176 {ALIAS_MAXSWAP, "zone.max-swap", "privileged", "deny", 0}, 177 {ALIAS_SHARES, "zone.cpu-shares", "privileged", "none", 0}, 178 {ALIAS_CPUCAP, "zone.cpu-cap", "privileged", "deny", 0}, 179 {ALIAS_MAXPROCS, "zone.max-processes", "privileged", "deny", 100}, 180 {NULL, NULL, NULL, NULL, 0} 181 }; 182 183 /* 184 * Structure for applying rctls to a running zone. It allows important 185 * process values to be passed together easily. 186 */ 187 typedef struct pr_info_handle { 188 struct ps_prochandle *pr; 189 pid_t pid; 190 } pr_info_handle_t; 191 192 struct zone_dochandle { 193 char *zone_dh_rootdir; 194 xmlDocPtr zone_dh_doc; 195 xmlNodePtr zone_dh_cur; 196 xmlNodePtr zone_dh_top; 197 boolean_t zone_dh_newzone; 198 boolean_t zone_dh_snapshot; 199 boolean_t zone_dh_sw_inv; 200 zone_userauths_t *zone_dh_userauths; 201 char zone_dh_delete_name[ZONENAME_MAX]; 202 }; 203 204 struct znotify { 205 void * zn_private; 206 evchan_t *zn_eventchan; 207 int (*zn_callback)(const char *zonename, zoneid_t zid, 208 const char *newstate, const char *oldstate, hrtime_t when, void *p); 209 pthread_mutex_t zn_mutex; 210 pthread_cond_t zn_cond; 211 pthread_mutex_t zn_bigmutex; 212 volatile enum {ZN_UNLOCKED, ZN_LOCKED, ZN_PING_INFLIGHT, 213 ZN_PING_RECEIVED} zn_state; 214 char zn_subscriber_id[MAX_SUBID_LEN]; 215 volatile boolean_t zn_failed; 216 int zn_failure_count; 217 }; 218 219 /* used to track nested zone-lock operations */ 220 static int zone_lock_cnt = 0; 221 222 /* used to communicate lock status to children */ 223 #define LOCK_ENV_VAR "_ZONEADM_LOCK_HELD" 224 static char zoneadm_lock_held[] = LOCK_ENV_VAR"=1"; 225 static char zoneadm_lock_not_held[] = LOCK_ENV_VAR"=0"; 226 227 char *zonecfg_root = ""; 228 229 /* 230 * For functions which return int, which is most of the functions herein, 231 * the return values should be from the Z_foo set defined in <libzonecfg.h>. 232 * In some instances, we take pains mapping some libc errno values to Z_foo 233 * values from this set. 234 */ 235 236 /* 237 * Set the root (/) path for all zonecfg configuration files. This is a 238 * private interface used by Live Upgrade extensions to access zone 239 * configuration inside mounted alternate boot environments. 240 * This interface is also used by zoneadm mount and unmount subcommands. 241 */ 242 void 243 zonecfg_set_root(const char *rootpath) 244 { 245 if (*zonecfg_root != '\0') 246 free(zonecfg_root); 247 if (rootpath == NULL || rootpath[0] == '\0' || rootpath[1] == '\0' || 248 (zonecfg_root = strdup(rootpath)) == NULL) 249 zonecfg_root = ""; 250 } 251 252 const char * 253 zonecfg_get_root(void) 254 { 255 return (zonecfg_root); 256 } 257 258 boolean_t 259 zonecfg_in_alt_root(void) 260 { 261 return (*zonecfg_root != '\0'); 262 } 263 264 /* 265 * Callers of the _file_path() functions are expected to have the second 266 * parameter be a (char foo[MAXPATHLEN]). 267 */ 268 269 static boolean_t 270 config_file_path(const char *zonename, char *answer) 271 { 272 return (snprintf(answer, MAXPATHLEN, "%s%s/%s.xml", zonecfg_root, 273 ZONE_CONFIG_ROOT, zonename) < MAXPATHLEN); 274 } 275 276 static boolean_t 277 snap_file_path(const char *zonename, char *answer) 278 { 279 return (snprintf(answer, MAXPATHLEN, "%s%s/%s.snapshot.xml", 280 zonecfg_root, ZONE_SNAPSHOT_ROOT, zonename) < MAXPATHLEN); 281 } 282 283 /*ARGSUSED*/ 284 static void 285 zonecfg_error_func(void *ctx, const char *msg, ...) 286 { 287 /* 288 * This function does nothing by design. Its purpose is to prevent 289 * libxml from dumping unwanted messages to stdout/stderr. 290 */ 291 } 292 293 zone_dochandle_t 294 zonecfg_init_handle(void) 295 { 296 zone_dochandle_t handle = calloc(1, sizeof (struct zone_dochandle)); 297 if (handle == NULL) { 298 errno = Z_NOMEM; 299 return (NULL); 300 } 301 302 /* generic libxml initialization */ 303 (void) xmlLineNumbersDefault(1); 304 xmlLoadExtDtdDefaultValue |= XML_DETECT_IDS; 305 xmlDoValidityCheckingDefaultValue = 1; 306 (void) xmlKeepBlanksDefault(0); 307 xmlGetWarningsDefaultValue = 0; 308 xmlSetGenericErrorFunc(NULL, zonecfg_error_func); 309 310 return (handle); 311 } 312 313 int 314 zonecfg_check_handle(zone_dochandle_t handle) 315 { 316 if (handle == NULL || handle->zone_dh_doc == NULL) 317 return (Z_BAD_HANDLE); 318 return (Z_OK); 319 } 320 321 void 322 zonecfg_fini_handle(zone_dochandle_t handle) 323 { 324 if (zonecfg_check_handle(handle) == Z_OK) 325 xmlFreeDoc(handle->zone_dh_doc); 326 if (handle != NULL) 327 free(handle); 328 } 329 330 static int 331 zonecfg_destroy_impl(char *filename) 332 { 333 if (unlink(filename) == -1) { 334 if (errno == EACCES) 335 return (Z_ACCES); 336 if (errno == ENOENT) 337 return (Z_NO_ZONE); 338 return (Z_MISC_FS); 339 } 340 return (Z_OK); 341 } 342 343 int 344 zonecfg_destroy(const char *zonename, boolean_t force) 345 { 346 char path[MAXPATHLEN]; 347 struct zoneent ze; 348 int err, state_err; 349 zone_state_t state; 350 351 if (!config_file_path(zonename, path)) 352 return (Z_MISC_FS); 353 354 state_err = zone_get_state((char *)zonename, &state); 355 err = access(path, W_OK); 356 357 /* 358 * If there is no file, and no index entry, reliably indicate that no 359 * such zone exists. 360 */ 361 if ((state_err == Z_NO_ZONE) && (err == -1) && (errno == ENOENT)) 362 return (Z_NO_ZONE); 363 364 /* 365 * Handle any other filesystem related errors (except if the XML 366 * file is missing, which we treat silently), unless we're forcing, 367 * in which case we plow on. 368 */ 369 if (err == -1 && errno != ENOENT) { 370 if (errno == EACCES) 371 return (Z_ACCES); 372 else if (!force) 373 return (Z_MISC_FS); 374 } 375 376 if (state > ZONE_STATE_INSTALLED) 377 return (Z_BAD_ZONE_STATE); 378 379 if (!force && state > ZONE_STATE_CONFIGURED) 380 return (Z_BAD_ZONE_STATE); 381 382 /* 383 * Index deletion succeeds even if the entry doesn't exist. So this 384 * will fail only if we've had some more severe problem. 385 */ 386 bzero(&ze, sizeof (ze)); 387 (void) strlcpy(ze.zone_name, zonename, sizeof (ze.zone_name)); 388 if ((err = putzoneent(&ze, PZE_REMOVE)) != Z_OK) 389 if (!force) 390 return (err); 391 392 err = zonecfg_destroy_impl(path); 393 394 /* 395 * Treat failure to find the XML file silently, since, well, it's 396 * gone, and with the index file cleaned up, we're done. 397 */ 398 if (err == Z_OK || err == Z_NO_ZONE) 399 return (Z_OK); 400 return (err); 401 } 402 403 int 404 zonecfg_destroy_snapshot(const char *zonename) 405 { 406 char path[MAXPATHLEN]; 407 408 if (!snap_file_path(zonename, path)) 409 return (Z_MISC_FS); 410 return (zonecfg_destroy_impl(path)); 411 } 412 413 static int 414 getroot(zone_dochandle_t handle, xmlNodePtr *root) 415 { 416 if (zonecfg_check_handle(handle) == Z_BAD_HANDLE) 417 return (Z_BAD_HANDLE); 418 419 *root = xmlDocGetRootElement(handle->zone_dh_doc); 420 421 if (*root == NULL) 422 return (Z_EMPTY_DOCUMENT); 423 424 if (xmlStrcmp((*root)->name, DTD_ELEM_ZONE)) 425 return (Z_WRONG_DOC_TYPE); 426 427 return (Z_OK); 428 } 429 430 static int 431 operation_prep(zone_dochandle_t handle) 432 { 433 xmlNodePtr root; 434 int err; 435 436 if ((err = getroot(handle, &root)) != 0) 437 return (err); 438 439 handle->zone_dh_cur = root; 440 handle->zone_dh_top = root; 441 return (Z_OK); 442 } 443 444 static int 445 fetchprop(xmlNodePtr cur, const xmlChar *propname, char *dst, size_t dstsize) 446 { 447 xmlChar *property; 448 size_t srcsize; 449 450 if ((property = xmlGetProp(cur, propname)) == NULL) 451 return (Z_BAD_PROPERTY); 452 srcsize = strlcpy(dst, (char *)property, dstsize); 453 xmlFree(property); 454 if (srcsize >= dstsize) 455 return (Z_TOO_BIG); 456 return (Z_OK); 457 } 458 459 static int 460 fetch_alloc_prop(xmlNodePtr cur, const xmlChar *propname, char **dst) 461 { 462 xmlChar *property; 463 464 if ((property = xmlGetProp(cur, propname)) == NULL) 465 return (Z_BAD_PROPERTY); 466 if ((*dst = strdup((char *)property)) == NULL) { 467 xmlFree(property); 468 return (Z_NOMEM); 469 } 470 xmlFree(property); 471 return (Z_OK); 472 } 473 474 static int 475 getrootattr(zone_dochandle_t handle, const xmlChar *propname, 476 char *propval, size_t propsize) 477 { 478 xmlNodePtr root; 479 int err; 480 481 if ((err = getroot(handle, &root)) != 0) 482 return (err); 483 484 return (fetchprop(root, propname, propval, propsize)); 485 } 486 487 static int 488 get_alloc_rootattr(zone_dochandle_t handle, const xmlChar *propname, 489 char **propval) 490 { 491 xmlNodePtr root; 492 int err; 493 494 if ((err = getroot(handle, &root)) != 0) 495 return (err); 496 497 return (fetch_alloc_prop(root, propname, propval)); 498 } 499 500 static int 501 setrootattr(zone_dochandle_t handle, const xmlChar *propname, 502 const char *propval) 503 { 504 int err; 505 xmlNodePtr root; 506 507 if ((err = getroot(handle, &root)) != Z_OK) 508 return (err); 509 510 /* 511 * If we get a null propval remove the property (ignore return since it 512 * may not be set to begin with). 513 */ 514 if (propval == NULL) { 515 (void) xmlUnsetProp(root, propname); 516 } else { 517 if (xmlSetProp(root, propname, (const xmlChar *) propval) 518 == NULL) 519 return (Z_INVAL); 520 } 521 return (Z_OK); 522 } 523 524 static void 525 addcomment(zone_dochandle_t handle, const char *comment) 526 { 527 xmlNodePtr node; 528 node = xmlNewComment((xmlChar *) comment); 529 530 if (node != NULL) 531 (void) xmlAddPrevSibling(handle->zone_dh_top, node); 532 } 533 534 static void 535 stripcomments(zone_dochandle_t handle) 536 { 537 xmlDocPtr top; 538 xmlNodePtr child, next; 539 540 top = handle->zone_dh_doc; 541 for (child = top->xmlChildrenNode; child != NULL; child = next) { 542 next = child->next; 543 if (child->name == NULL) 544 continue; 545 if (xmlStrcmp(child->name, DTD_ELEM_COMMENT) == 0) { 546 next = child->next; 547 xmlUnlinkNode(child); 548 xmlFreeNode(child); 549 } 550 } 551 } 552 553 static void 554 strip_sw_inv(zone_dochandle_t handle) 555 { 556 xmlNodePtr root, child, next; 557 558 root = xmlDocGetRootElement(handle->zone_dh_doc); 559 for (child = root->xmlChildrenNode; child != NULL; child = next) { 560 next = child->next; 561 if (child->name == NULL) 562 continue; 563 if (xmlStrcmp(child->name, DTD_ELEM_PACKAGE) == 0) { 564 next = child->next; 565 xmlUnlinkNode(child); 566 xmlFreeNode(child); 567 } 568 } 569 } 570 571 static int 572 zonecfg_get_handle_impl(const char *zonename, const char *filename, 573 zone_dochandle_t handle) 574 { 575 xmlValidCtxtPtr cvp; 576 struct stat statbuf; 577 int valid; 578 579 if (zonename == NULL) 580 return (Z_NO_ZONE); 581 582 if ((handle->zone_dh_doc = xmlParseFile(filename)) == NULL) { 583 /* distinguish file not found vs. found but not parsed */ 584 if (stat(filename, &statbuf) == 0) 585 return (Z_INVALID_DOCUMENT); 586 return (Z_NO_ZONE); 587 } 588 if ((cvp = xmlNewValidCtxt()) == NULL) 589 return (Z_NOMEM); 590 cvp->error = zonecfg_error_func; 591 cvp->warning = zonecfg_error_func; 592 valid = xmlValidateDocument(cvp, handle->zone_dh_doc); 593 xmlFreeValidCtxt(cvp); 594 if (valid == 0) 595 return (Z_INVALID_DOCUMENT); 596 597 /* delete any comments such as inherited Sun copyright / ident str */ 598 stripcomments(handle); 599 return (Z_OK); 600 } 601 602 int 603 zonecfg_get_handle(const char *zonename, zone_dochandle_t handle) 604 { 605 char path[MAXPATHLEN]; 606 607 if (!config_file_path(zonename, path)) 608 return (Z_MISC_FS); 609 handle->zone_dh_newzone = B_FALSE; 610 611 return (zonecfg_get_handle_impl(zonename, path, handle)); 612 } 613 614 int 615 zonecfg_get_attach_handle(const char *path, const char *fname, 616 const char *zonename, boolean_t preserve_sw, zone_dochandle_t handle) 617 { 618 char migpath[MAXPATHLEN]; 619 int err; 620 struct stat buf; 621 622 if (snprintf(migpath, sizeof (migpath), "%s/root", path) >= 623 sizeof (migpath)) 624 return (Z_NOMEM); 625 626 if (stat(migpath, &buf) == -1 || !S_ISDIR(buf.st_mode)) 627 return (Z_NO_ZONE); 628 629 if (snprintf(migpath, sizeof (migpath), "%s/%s", path, fname) >= 630 sizeof (migpath)) 631 return (Z_NOMEM); 632 633 if ((err = zonecfg_get_handle_impl(zonename, migpath, handle)) != Z_OK) 634 return (err); 635 636 if (!preserve_sw) 637 strip_sw_inv(handle); 638 639 handle->zone_dh_newzone = B_TRUE; 640 if ((err = setrootattr(handle, DTD_ATTR_ZONEPATH, path)) != Z_OK) 641 return (err); 642 643 return (setrootattr(handle, DTD_ATTR_NAME, zonename)); 644 } 645 646 int 647 zonecfg_get_snapshot_handle(const char *zonename, zone_dochandle_t handle) 648 { 649 char path[MAXPATHLEN]; 650 651 if (!snap_file_path(zonename, path)) 652 return (Z_MISC_FS); 653 handle->zone_dh_newzone = B_FALSE; 654 return (zonecfg_get_handle_impl(zonename, path, handle)); 655 } 656 657 int 658 zonecfg_get_template_handle(const char *template, const char *zonename, 659 zone_dochandle_t handle) 660 { 661 char path[MAXPATHLEN]; 662 int err; 663 664 if (!config_file_path(template, path)) 665 return (Z_MISC_FS); 666 667 if ((err = zonecfg_get_handle_impl(template, path, handle)) != Z_OK) 668 return (err); 669 handle->zone_dh_newzone = B_TRUE; 670 return (setrootattr(handle, DTD_ATTR_NAME, zonename)); 671 } 672 673 int 674 zonecfg_get_xml_handle(const char *path, zone_dochandle_t handle) 675 { 676 struct stat buf; 677 int err; 678 679 if (stat(path, &buf) == -1) 680 return (Z_MISC_FS); 681 682 if ((err = zonecfg_get_handle_impl("xml", path, handle)) != Z_OK) 683 return (err); 684 handle->zone_dh_newzone = B_TRUE; 685 return (Z_OK); 686 } 687 688 /* 689 * Initialize two handles from the manifest read on fd. The rem_handle 690 * is initialized from the input file, including the sw inventory. The 691 * local_handle is initialized with the same zone configuration but with 692 * no sw inventory. 693 */ 694 int 695 zonecfg_attach_manifest(int fd, zone_dochandle_t local_handle, 696 zone_dochandle_t rem_handle) 697 { 698 xmlValidCtxtPtr cvp; 699 int valid; 700 701 /* load the manifest into the handle for the remote system */ 702 if ((rem_handle->zone_dh_doc = xmlReadFd(fd, NULL, NULL, 0)) == NULL) { 703 return (Z_INVALID_DOCUMENT); 704 } 705 if ((cvp = xmlNewValidCtxt()) == NULL) 706 return (Z_NOMEM); 707 cvp->error = zonecfg_error_func; 708 cvp->warning = zonecfg_error_func; 709 valid = xmlValidateDocument(cvp, rem_handle->zone_dh_doc); 710 xmlFreeValidCtxt(cvp); 711 if (valid == 0) 712 return (Z_INVALID_DOCUMENT); 713 714 /* delete any comments such as inherited Sun copyright / ident str */ 715 stripcomments(rem_handle); 716 717 rem_handle->zone_dh_newzone = B_TRUE; 718 rem_handle->zone_dh_sw_inv = B_TRUE; 719 720 /* 721 * Now use the remote system handle to generate a local system handle 722 * with an identical zones configuration but no sw inventory. 723 */ 724 if ((local_handle->zone_dh_doc = xmlCopyDoc(rem_handle->zone_dh_doc, 725 1)) == NULL) { 726 return (Z_INVALID_DOCUMENT); 727 } 728 729 /* 730 * We need to re-run xmlValidateDocument on local_handle to properly 731 * update the in-core representation of the configuration. 732 */ 733 if ((cvp = xmlNewValidCtxt()) == NULL) 734 return (Z_NOMEM); 735 cvp->error = zonecfg_error_func; 736 cvp->warning = zonecfg_error_func; 737 valid = xmlValidateDocument(cvp, local_handle->zone_dh_doc); 738 xmlFreeValidCtxt(cvp); 739 if (valid == 0) 740 return (Z_INVALID_DOCUMENT); 741 742 strip_sw_inv(local_handle); 743 744 local_handle->zone_dh_newzone = B_TRUE; 745 local_handle->zone_dh_sw_inv = B_FALSE; 746 747 return (Z_OK); 748 } 749 750 static boolean_t 751 is_renaming(zone_dochandle_t handle) 752 { 753 if (handle->zone_dh_newzone) 754 return (B_FALSE); 755 if (strlen(handle->zone_dh_delete_name) > 0) 756 return (B_TRUE); 757 return (B_FALSE); 758 } 759 760 static boolean_t 761 is_new(zone_dochandle_t handle) 762 { 763 return (handle->zone_dh_newzone || handle->zone_dh_snapshot); 764 } 765 766 static boolean_t 767 is_snapshot(zone_dochandle_t handle) 768 { 769 return (handle->zone_dh_snapshot); 770 } 771 772 /* 773 * It would be great to be able to use libc's ctype(3c) macros, but we 774 * can't, as they are locale sensitive, and it would break our limited thread 775 * safety if this routine had to change the app locale on the fly. 776 */ 777 int 778 zonecfg_validate_zonename(const char *zone) 779 { 780 int i; 781 782 if (strcmp(zone, GLOBAL_ZONENAME) == 0) 783 return (Z_BOGUS_ZONE_NAME); 784 785 if (strlen(zone) >= ZONENAME_MAX) 786 return (Z_BOGUS_ZONE_NAME); 787 788 if (!((zone[0] >= 'a' && zone[0] <= 'z') || 789 (zone[0] >= 'A' && zone[0] <= 'Z') || 790 (zone[0] >= '0' && zone[0] <= '9'))) 791 return (Z_BOGUS_ZONE_NAME); 792 793 for (i = 1; zone[i] != '\0'; i++) { 794 if (!((zone[i] >= 'a' && zone[i] <= 'z') || 795 (zone[i] >= 'A' && zone[i] <= 'Z') || 796 (zone[i] >= '0' && zone[i] <= '9') || 797 (zone[i] == '-') || (zone[i] == '_') || (zone[i] == '.'))) 798 return (Z_BOGUS_ZONE_NAME); 799 } 800 801 return (Z_OK); 802 } 803 804 /* 805 * Changing the zone name requires us to track both the old and new 806 * name of the zone until commit time. 807 */ 808 int 809 zonecfg_get_name(zone_dochandle_t handle, char *name, size_t namesize) 810 { 811 return (getrootattr(handle, DTD_ATTR_NAME, name, namesize)); 812 } 813 814 static int 815 insert_admins(zone_dochandle_t handle, char *zonename) 816 { 817 int err; 818 struct zone_admintab admintab; 819 820 if ((err = zonecfg_setadminent(handle)) != Z_OK) { 821 return (err); 822 } 823 while (zonecfg_getadminent(handle, &admintab) == Z_OK) { 824 err = zonecfg_insert_userauths(handle, 825 admintab.zone_admin_user, zonename); 826 if (err != Z_OK) { 827 (void) zonecfg_endadminent(handle); 828 return (err); 829 } 830 } 831 (void) zonecfg_endadminent(handle); 832 return (Z_OK); 833 } 834 835 int 836 zonecfg_set_name(zone_dochandle_t handle, char *name) 837 { 838 zone_state_t state; 839 char curname[ZONENAME_MAX], old_delname[ZONENAME_MAX]; 840 int err; 841 842 if ((err = getrootattr(handle, DTD_ATTR_NAME, curname, 843 sizeof (curname))) != Z_OK) 844 return (err); 845 846 if (strcmp(name, curname) == 0) 847 return (Z_OK); 848 849 /* 850 * Switching zone names to one beginning with SUNW is not permitted. 851 */ 852 if (strncmp(name, "SUNW", 4) == 0) 853 return (Z_BOGUS_ZONE_NAME); 854 855 if ((err = zonecfg_validate_zonename(name)) != Z_OK) 856 return (err); 857 858 /* 859 * Setting the name back to the original name (effectively a revert of 860 * the name) is fine. But if we carry on, we'll falsely identify the 861 * name as "in use," so special case here. 862 */ 863 if (strcmp(name, handle->zone_dh_delete_name) == 0) { 864 err = setrootattr(handle, DTD_ATTR_NAME, name); 865 handle->zone_dh_delete_name[0] = '\0'; 866 return (err); 867 } 868 869 /* Check to see if new name chosen is already in use */ 870 if (zone_get_state(name, &state) != Z_NO_ZONE) 871 return (Z_NAME_IN_USE); 872 873 /* 874 * If this isn't already "new" or in a renaming transition, then 875 * we're initiating a rename here; so stash the "delete name" 876 * (i.e. the name of the zone we'll be removing) for the rename. 877 */ 878 (void) strlcpy(old_delname, handle->zone_dh_delete_name, 879 sizeof (old_delname)); 880 if (!is_new(handle) && !is_renaming(handle)) { 881 /* 882 * Name change is allowed only when the zone we're altering 883 * is not ready or running. 884 */ 885 err = zone_get_state(curname, &state); 886 if (err == Z_OK) { 887 if (state > ZONE_STATE_INSTALLED) 888 return (Z_BAD_ZONE_STATE); 889 } else if (err != Z_NO_ZONE) { 890 return (err); 891 } 892 893 (void) strlcpy(handle->zone_dh_delete_name, curname, 894 sizeof (handle->zone_dh_delete_name)); 895 assert(is_renaming(handle)); 896 } else if (is_renaming(handle)) { 897 err = zone_get_state(handle->zone_dh_delete_name, &state); 898 if (err == Z_OK) { 899 if (state > ZONE_STATE_INSTALLED) 900 return (Z_BAD_ZONE_STATE); 901 } else if (err != Z_NO_ZONE) { 902 return (err); 903 } 904 } 905 906 if ((err = setrootattr(handle, DTD_ATTR_NAME, name)) != Z_OK) { 907 /* 908 * Restore the deletename to whatever it was at the 909 * top of the routine, since we've had a failure. 910 */ 911 (void) strlcpy(handle->zone_dh_delete_name, old_delname, 912 sizeof (handle->zone_dh_delete_name)); 913 return (err); 914 } 915 916 /* 917 * Record the old admins from the old zonename 918 * so that they can be deleted when the operation is committed. 919 */ 920 if ((err = insert_admins(handle, curname)) != Z_OK) 921 return (err); 922 else 923 return (Z_OK); 924 } 925 926 int 927 zonecfg_get_zonepath(zone_dochandle_t handle, char *path, size_t pathsize) 928 { 929 size_t len; 930 931 if ((len = strlcpy(path, zonecfg_root, pathsize)) >= pathsize) 932 return (Z_TOO_BIG); 933 return (getrootattr(handle, DTD_ATTR_ZONEPATH, path + len, 934 pathsize - len)); 935 } 936 937 int 938 zonecfg_set_zonepath(zone_dochandle_t handle, char *zonepath) 939 { 940 size_t len; 941 char *modpath, *copy_mp, *curr_mp; /* modified path ptrs */ 942 char last_copied; 943 int ret; 944 945 /* 946 * Collapse multiple contiguous slashes and remove trailing slash. 947 */ 948 modpath = strdup(zonepath); 949 if (modpath == NULL) 950 return (Z_NOMEM); 951 last_copied = '\0'; 952 for (copy_mp = curr_mp = modpath; *curr_mp != '\0'; curr_mp++) { 953 if (*curr_mp != '/' || last_copied != '/') { 954 last_copied = *copy_mp = *curr_mp; 955 copy_mp++; 956 } 957 } 958 if (last_copied == '/') 959 copy_mp--; 960 *copy_mp = '\0'; 961 962 /* 963 * The user deals in absolute paths in the running global zone, but the 964 * internal configuration files deal with boot environment relative 965 * paths. Strip out the alternate root when specified. 966 */ 967 len = strlen(zonecfg_root); 968 if (strncmp(modpath, zonecfg_root, len) != 0 || modpath[len] != '/') { 969 free(modpath); 970 return (Z_BAD_PROPERTY); 971 } 972 curr_mp = modpath + len; 973 ret = setrootattr(handle, DTD_ATTR_ZONEPATH, curr_mp); 974 free(modpath); 975 return (ret); 976 } 977 978 static int 979 i_zonecfg_get_brand(zone_dochandle_t handle, char *brand, size_t brandsize, 980 boolean_t default_query) 981 { 982 int ret, sz; 983 984 ret = getrootattr(handle, DTD_ATTR_BRAND, brand, brandsize); 985 986 /* 987 * If the lookup failed, or succeeded in finding a non-null brand 988 * string then return. 989 */ 990 if (ret != Z_OK || brand[0] != '\0') 991 return (ret); 992 993 if (!default_query) { 994 /* If the zone has no brand, it is the default brand. */ 995 return (zonecfg_default_brand(brand, brandsize)); 996 } 997 998 /* if SUNWdefault didn't specify a brand, fallback to "native" */ 999 sz = strlcpy(brand, NATIVE_BRAND_NAME, brandsize); 1000 if (sz >= brandsize) 1001 return (Z_TOO_BIG); 1002 return (Z_OK); 1003 } 1004 1005 int 1006 zonecfg_get_brand(zone_dochandle_t handle, char *brand, size_t brandsize) 1007 { 1008 return (i_zonecfg_get_brand(handle, brand, brandsize, B_FALSE)); 1009 } 1010 1011 int 1012 zonecfg_set_brand(zone_dochandle_t handle, char *brand) 1013 { 1014 return (setrootattr(handle, DTD_ATTR_BRAND, brand)); 1015 } 1016 1017 int 1018 zonecfg_get_autoboot(zone_dochandle_t handle, boolean_t *autoboot) 1019 { 1020 char autobootstr[DTD_ENTITY_BOOL_LEN]; 1021 int ret; 1022 1023 if ((ret = getrootattr(handle, DTD_ATTR_AUTOBOOT, autobootstr, 1024 sizeof (autobootstr))) != Z_OK) 1025 return (ret); 1026 1027 if (strcmp(autobootstr, DTD_ENTITY_TRUE) == 0) 1028 *autoboot = B_TRUE; 1029 else if (strcmp(autobootstr, DTD_ENTITY_FALSE) == 0) 1030 *autoboot = B_FALSE; 1031 else 1032 ret = Z_BAD_PROPERTY; 1033 return (ret); 1034 } 1035 1036 int 1037 zonecfg_set_autoboot(zone_dochandle_t handle, boolean_t autoboot) 1038 { 1039 return (setrootattr(handle, DTD_ATTR_AUTOBOOT, 1040 autoboot ? DTD_ENTITY_TRUE : DTD_ENTITY_FALSE)); 1041 } 1042 1043 int 1044 zonecfg_get_pool(zone_dochandle_t handle, char *pool, size_t poolsize) 1045 { 1046 return (getrootattr(handle, DTD_ATTR_POOL, pool, poolsize)); 1047 } 1048 1049 int 1050 zonecfg_set_pool(zone_dochandle_t handle, char *pool) 1051 { 1052 return (setrootattr(handle, DTD_ATTR_POOL, pool)); 1053 } 1054 1055 int 1056 zonecfg_get_limitpriv(zone_dochandle_t handle, char **limitpriv) 1057 { 1058 return (get_alloc_rootattr(handle, DTD_ATTR_LIMITPRIV, limitpriv)); 1059 } 1060 1061 int 1062 zonecfg_set_limitpriv(zone_dochandle_t handle, char *limitpriv) 1063 { 1064 return (setrootattr(handle, DTD_ATTR_LIMITPRIV, limitpriv)); 1065 } 1066 1067 int 1068 zonecfg_get_bootargs(zone_dochandle_t handle, char *bargs, size_t bargssize) 1069 { 1070 return (getrootattr(handle, DTD_ATTR_BOOTARGS, bargs, bargssize)); 1071 } 1072 1073 int 1074 zonecfg_set_bootargs(zone_dochandle_t handle, char *bargs) 1075 { 1076 return (setrootattr(handle, DTD_ATTR_BOOTARGS, bargs)); 1077 } 1078 1079 int 1080 zonecfg_get_sched_class(zone_dochandle_t handle, char *sched, size_t schedsize) 1081 { 1082 return (getrootattr(handle, DTD_ATTR_SCHED, sched, schedsize)); 1083 } 1084 1085 int 1086 zonecfg_set_sched(zone_dochandle_t handle, char *sched) 1087 { 1088 return (setrootattr(handle, DTD_ATTR_SCHED, sched)); 1089 } 1090 1091 /* 1092 * /etc/zones/index caches a vital piece of information which is also 1093 * in the <zonename>.xml file: the path to the zone. This is for performance, 1094 * since we need to walk all zonepath's in order to be able to detect conflicts 1095 * (see crosscheck_zonepaths() in the zoneadm command). 1096 * 1097 * An additional complexity is that when doing a rename, we'd like the entire 1098 * index update operation (rename, and potential state changes) to be atomic. 1099 * In general, the operation of this function should succeed or fail as 1100 * a unit. 1101 */ 1102 int 1103 zonecfg_refresh_index_file(zone_dochandle_t handle) 1104 { 1105 char name[ZONENAME_MAX], zonepath[MAXPATHLEN]; 1106 struct zoneent ze; 1107 int err; 1108 int opcode; 1109 char *zn; 1110 1111 bzero(&ze, sizeof (ze)); 1112 ze.zone_state = -1; /* Preserve existing state in index */ 1113 1114 if ((err = zonecfg_get_name(handle, name, sizeof (name))) != Z_OK) 1115 return (err); 1116 (void) strlcpy(ze.zone_name, name, sizeof (ze.zone_name)); 1117 1118 if ((err = zonecfg_get_zonepath(handle, zonepath, 1119 sizeof (zonepath))) != Z_OK) 1120 return (err); 1121 (void) strlcpy(ze.zone_path, zonepath + strlen(zonecfg_root), 1122 sizeof (ze.zone_path)); 1123 1124 if (is_renaming(handle)) { 1125 opcode = PZE_MODIFY; 1126 (void) strlcpy(ze.zone_name, handle->zone_dh_delete_name, 1127 sizeof (ze.zone_name)); 1128 (void) strlcpy(ze.zone_newname, name, sizeof (ze.zone_newname)); 1129 } else if (is_new(handle)) { 1130 FILE *cookie; 1131 /* 1132 * Be tolerant of the zone already existing in the index file, 1133 * since we might be forcibly overwriting an existing 1134 * configuration with a new one (for example 'create -F' 1135 * in zonecfg). 1136 */ 1137 opcode = PZE_ADD; 1138 cookie = setzoneent(); 1139 while ((zn = getzoneent(cookie)) != NULL) { 1140 if (strcmp(zn, name) == 0) { 1141 opcode = PZE_MODIFY; 1142 free(zn); 1143 break; 1144 } 1145 free(zn); 1146 } 1147 endzoneent(cookie); 1148 ze.zone_state = ZONE_STATE_CONFIGURED; 1149 } else { 1150 opcode = PZE_MODIFY; 1151 } 1152 1153 if ((err = putzoneent(&ze, opcode)) != Z_OK) 1154 return (err); 1155 1156 return (Z_OK); 1157 } 1158 1159 /* 1160 * The goal of this routine is to cause the index file update and the 1161 * document save to happen as an atomic operation. We do the document 1162 * first, saving a backup copy using a hard link; if that succeeds, we go 1163 * on to the index. If that fails, we roll the document back into place. 1164 * 1165 * Strategy: 1166 * 1167 * New zone 'foo' configuration: 1168 * Create tmpfile (zonecfg.xxxxxx) 1169 * Write XML to tmpfile 1170 * Rename tmpfile to xmlfile (zonecfg.xxxxxx -> foo.xml) 1171 * Add entry to index file 1172 * If it fails, delete foo.xml, leaving nothing behind. 1173 * 1174 * Save existing zone 'foo': 1175 * Make backup of foo.xml -> .backup 1176 * Create tmpfile (zonecfg.xxxxxx) 1177 * Write XML to tmpfile 1178 * Rename tmpfile to xmlfile (zonecfg.xxxxxx -> foo.xml) 1179 * Modify index file as needed 1180 * If it fails, recover from .backup -> foo.xml 1181 * 1182 * Rename 'foo' to 'bar': 1183 * Create tmpfile (zonecfg.xxxxxx) 1184 * Write XML to tmpfile 1185 * Rename tmpfile to xmlfile (zonecfg.xxxxxx -> bar.xml) 1186 * Add entry for 'bar' to index file, Remove entry for 'foo' (refresh) 1187 * If it fails, delete bar.xml; foo.xml is left behind. 1188 */ 1189 static int 1190 zonecfg_save_impl(zone_dochandle_t handle, char *filename) 1191 { 1192 char tmpfile[MAXPATHLEN]; 1193 char bakdir[MAXPATHLEN], bakbase[MAXPATHLEN], bakfile[MAXPATHLEN]; 1194 int tmpfd, err, valid; 1195 xmlValidCtxt cvp = { NULL }; 1196 boolean_t backup; 1197 1198 (void) strlcpy(tmpfile, filename, sizeof (tmpfile)); 1199 (void) dirname(tmpfile); 1200 (void) strlcat(tmpfile, _PATH_TMPFILE, sizeof (tmpfile)); 1201 1202 tmpfd = mkstemp(tmpfile); 1203 if (tmpfd == -1) { 1204 (void) unlink(tmpfile); 1205 return (Z_TEMP_FILE); 1206 } 1207 (void) close(tmpfd); 1208 1209 cvp.error = zonecfg_error_func; 1210 cvp.warning = zonecfg_error_func; 1211 1212 /* 1213 * We do a final validation of the document. Since the library has 1214 * malfunctioned if it fails to validate, we follow-up with an 1215 * assert() that the doc is valid. 1216 */ 1217 valid = xmlValidateDocument(&cvp, handle->zone_dh_doc); 1218 assert(valid != 0); 1219 1220 if (xmlSaveFormatFile(tmpfile, handle->zone_dh_doc, 1) <= 0) 1221 goto err; 1222 1223 (void) chmod(tmpfile, 0644); 1224 1225 /* 1226 * In the event we are doing a standard save, hard link a copy of the 1227 * original file in .backup.<pid>.filename so we can restore it if 1228 * something goes wrong. 1229 */ 1230 if (!is_new(handle) && !is_renaming(handle)) { 1231 backup = B_TRUE; 1232 1233 (void) strlcpy(bakdir, filename, sizeof (bakdir)); 1234 (void) strlcpy(bakbase, filename, sizeof (bakbase)); 1235 (void) snprintf(bakfile, sizeof (bakfile), "%s/.backup.%d.%s", 1236 dirname(bakdir), getpid(), basename(bakbase)); 1237 1238 if (link(filename, bakfile) == -1) { 1239 err = errno; 1240 (void) unlink(tmpfile); 1241 if (errno == EACCES) 1242 return (Z_ACCES); 1243 return (Z_MISC_FS); 1244 } 1245 } 1246 1247 /* 1248 * Move the new document over top of the old. 1249 * i.e.: zonecfg.XXXXXX -> myzone.xml 1250 */ 1251 if (rename(tmpfile, filename) == -1) { 1252 err = errno; 1253 (void) unlink(tmpfile); 1254 if (backup) 1255 (void) unlink(bakfile); 1256 if (err == EACCES) 1257 return (Z_ACCES); 1258 return (Z_MISC_FS); 1259 } 1260 1261 /* 1262 * If this is a snapshot, we're done-- don't add an index entry. 1263 */ 1264 if (is_snapshot(handle)) 1265 return (Z_OK); 1266 1267 /* now update the index file to reflect whatever we just did */ 1268 if ((err = zonecfg_refresh_index_file(handle)) != Z_OK) { 1269 if (backup) { 1270 /* 1271 * Try to restore from our backup. 1272 */ 1273 (void) unlink(filename); 1274 (void) rename(bakfile, filename); 1275 } else { 1276 /* 1277 * Either the zone is new, in which case we can delete 1278 * new.xml, or we're doing a rename, so ditto. 1279 */ 1280 assert(is_new(handle) || is_renaming(handle)); 1281 (void) unlink(filename); 1282 } 1283 return (Z_UPDATING_INDEX); 1284 } 1285 1286 if (backup) 1287 (void) unlink(bakfile); 1288 1289 return (Z_OK); 1290 1291 err: 1292 (void) unlink(tmpfile); 1293 return (Z_SAVING_FILE); 1294 } 1295 1296 int 1297 zonecfg_save(zone_dochandle_t handle) 1298 { 1299 char zname[ZONENAME_MAX], path[MAXPATHLEN]; 1300 char delpath[MAXPATHLEN]; 1301 int err = Z_SAVING_FILE; 1302 1303 if (zonecfg_check_handle(handle) != Z_OK) 1304 return (Z_BAD_HANDLE); 1305 1306 /* 1307 * We don't support saving snapshots or a tree containing a sw 1308 * inventory at this time. 1309 */ 1310 if (handle->zone_dh_snapshot || handle->zone_dh_sw_inv) 1311 return (Z_INVAL); 1312 1313 if ((err = zonecfg_get_name(handle, zname, sizeof (zname))) != Z_OK) 1314 return (err); 1315 1316 if (!config_file_path(zname, path)) 1317 return (Z_MISC_FS); 1318 1319 addcomment(handle, "\n DO NOT EDIT THIS " 1320 "FILE. Use zonecfg(1M) instead.\n"); 1321 1322 /* 1323 * Update user_attr first so that it will be older 1324 * than the config file. 1325 */ 1326 (void) zonecfg_authorize_users(handle, zname); 1327 err = zonecfg_save_impl(handle, path); 1328 1329 stripcomments(handle); 1330 1331 if (err != Z_OK) 1332 return (err); 1333 1334 handle->zone_dh_newzone = B_FALSE; 1335 1336 if (is_renaming(handle)) { 1337 if (config_file_path(handle->zone_dh_delete_name, delpath)) 1338 (void) unlink(delpath); 1339 handle->zone_dh_delete_name[0] = '\0'; 1340 } 1341 1342 return (Z_OK); 1343 } 1344 1345 int 1346 zonecfg_verify_save(zone_dochandle_t handle, char *filename) 1347 { 1348 int valid; 1349 1350 xmlValidCtxt cvp = { NULL }; 1351 1352 if (zonecfg_check_handle(handle) != Z_OK) 1353 return (Z_BAD_HANDLE); 1354 1355 cvp.error = zonecfg_error_func; 1356 cvp.warning = zonecfg_error_func; 1357 1358 /* 1359 * We do a final validation of the document. Since the library has 1360 * malfunctioned if it fails to validate, we follow-up with an 1361 * assert() that the doc is valid. 1362 */ 1363 valid = xmlValidateDocument(&cvp, handle->zone_dh_doc); 1364 assert(valid != 0); 1365 1366 if (xmlSaveFormatFile(filename, handle->zone_dh_doc, 1) <= 0) 1367 return (Z_SAVING_FILE); 1368 1369 return (Z_OK); 1370 } 1371 1372 int 1373 zonecfg_detach_save(zone_dochandle_t handle, uint_t flags) 1374 { 1375 char zname[ZONENAME_MAX]; 1376 char path[MAXPATHLEN]; 1377 char migpath[MAXPATHLEN]; 1378 xmlValidCtxt cvp = { NULL }; 1379 int err = Z_SAVING_FILE; 1380 int valid; 1381 1382 if (zonecfg_check_handle(handle) != Z_OK) 1383 return (Z_BAD_HANDLE); 1384 1385 if (flags & ZONE_DRY_RUN) { 1386 (void) strlcpy(migpath, "-", sizeof (migpath)); 1387 } else { 1388 if ((err = zonecfg_get_name(handle, zname, sizeof (zname))) 1389 != Z_OK) 1390 return (err); 1391 1392 if ((err = zone_get_zonepath(zname, path, sizeof (path))) 1393 != Z_OK) 1394 return (err); 1395 1396 if (snprintf(migpath, sizeof (migpath), "%s/%s", path, 1397 ZONE_DETACHED) >= sizeof (migpath)) 1398 return (Z_NOMEM); 1399 } 1400 1401 if ((err = operation_prep(handle)) != Z_OK) 1402 return (err); 1403 1404 addcomment(handle, "\n DO NOT EDIT THIS FILE. " 1405 "Use zonecfg(1M) and zoneadm(1M) attach.\n"); 1406 1407 cvp.error = zonecfg_error_func; 1408 cvp.warning = zonecfg_error_func; 1409 1410 /* 1411 * We do a final validation of the document. Since the library has 1412 * malfunctioned if it fails to validate, we follow-up with an 1413 * assert() that the doc is valid. 1414 */ 1415 valid = xmlValidateDocument(&cvp, handle->zone_dh_doc); 1416 assert(valid != 0); 1417 1418 if (xmlSaveFormatFile(migpath, handle->zone_dh_doc, 1) <= 0) 1419 return (Z_SAVING_FILE); 1420 1421 if (!(flags & ZONE_DRY_RUN)) 1422 (void) chmod(migpath, 0644); 1423 1424 stripcomments(handle); 1425 1426 handle->zone_dh_newzone = B_FALSE; 1427 1428 return (Z_OK); 1429 } 1430 1431 boolean_t 1432 zonecfg_detached(const char *path) 1433 { 1434 char migpath[MAXPATHLEN]; 1435 struct stat buf; 1436 1437 if (snprintf(migpath, sizeof (migpath), "%s/%s", path, ZONE_DETACHED) >= 1438 sizeof (migpath)) 1439 return (B_FALSE); 1440 1441 if (stat(migpath, &buf) != -1) 1442 return (B_TRUE); 1443 1444 return (B_FALSE); 1445 } 1446 1447 void 1448 zonecfg_rm_detached(zone_dochandle_t handle, boolean_t forced) 1449 { 1450 char zname[ZONENAME_MAX]; 1451 char path[MAXPATHLEN]; 1452 char detached[MAXPATHLEN]; 1453 char attached[MAXPATHLEN]; 1454 1455 if (zonecfg_check_handle(handle) != Z_OK) 1456 return; 1457 1458 if (zonecfg_get_name(handle, zname, sizeof (zname)) != Z_OK) 1459 return; 1460 1461 if (zone_get_zonepath(zname, path, sizeof (path)) != Z_OK) 1462 return; 1463 1464 (void) snprintf(detached, sizeof (detached), "%s/%s", path, 1465 ZONE_DETACHED); 1466 (void) snprintf(attached, sizeof (attached), "%s/%s", path, 1467 ATTACH_FORCED); 1468 1469 if (forced) { 1470 (void) rename(detached, attached); 1471 } else { 1472 (void) unlink(attached); 1473 (void) unlink(detached); 1474 } 1475 } 1476 1477 /* 1478 * Special case: if access(2) fails with ENOENT, then try again using 1479 * ZONE_CONFIG_ROOT instead of config_file_path(zonename). This is how we 1480 * work around the case of a config file which has not been created yet: 1481 * the user will need access to the directory so use that as a heuristic. 1482 */ 1483 1484 int 1485 zonecfg_access(const char *zonename, int amode) 1486 { 1487 char path[MAXPATHLEN]; 1488 1489 if (!config_file_path(zonename, path)) 1490 return (Z_INVAL); 1491 if (access(path, amode) == 0) 1492 return (Z_OK); 1493 if (errno == ENOENT) { 1494 if (snprintf(path, sizeof (path), "%s%s", zonecfg_root, 1495 ZONE_CONFIG_ROOT) >= sizeof (path)) 1496 return (Z_INVAL); 1497 if (access(path, amode) == 0) 1498 return (Z_OK); 1499 } 1500 if (errno == EACCES) 1501 return (Z_ACCES); 1502 if (errno == EINVAL) 1503 return (Z_INVAL); 1504 return (Z_MISC_FS); 1505 } 1506 1507 int 1508 zonecfg_create_snapshot(const char *zonename) 1509 { 1510 zone_dochandle_t handle; 1511 char path[MAXPATHLEN], zonepath[MAXPATHLEN], rpath[MAXPATHLEN]; 1512 int error = Z_OK, res; 1513 1514 if ((handle = zonecfg_init_handle()) == NULL) { 1515 return (Z_NOMEM); 1516 } 1517 1518 handle->zone_dh_newzone = B_TRUE; 1519 handle->zone_dh_snapshot = B_TRUE; 1520 1521 if ((error = zonecfg_get_handle(zonename, handle)) != Z_OK) 1522 goto out; 1523 if ((error = operation_prep(handle)) != Z_OK) 1524 goto out; 1525 error = zonecfg_get_zonepath(handle, zonepath, sizeof (zonepath)); 1526 if (error != Z_OK) 1527 goto out; 1528 if ((res = resolvepath(zonepath, rpath, sizeof (rpath))) == -1) { 1529 error = Z_RESOLVED_PATH; 1530 goto out; 1531 } 1532 /* 1533 * If the resolved path is not the same as the original path, then 1534 * save the resolved path in the snapshot, thus preventing any 1535 * potential problems down the line when zoneadmd goes to unmount 1536 * file systems and depends on initial string matches with resolved 1537 * paths. 1538 */ 1539 rpath[res] = '\0'; 1540 if (strcmp(zonepath, rpath) != 0) { 1541 if ((error = zonecfg_set_zonepath(handle, rpath)) != Z_OK) 1542 goto out; 1543 } 1544 if (snprintf(path, sizeof (path), "%s%s", zonecfg_root, 1545 ZONE_SNAPSHOT_ROOT) >= sizeof (path)) { 1546 error = Z_MISC_FS; 1547 goto out; 1548 } 1549 if ((mkdir(path, S_IRWXU) == -1) && (errno != EEXIST)) { 1550 error = Z_MISC_FS; 1551 goto out; 1552 } 1553 1554 if (!snap_file_path(zonename, path)) { 1555 error = Z_MISC_FS; 1556 goto out; 1557 } 1558 1559 addcomment(handle, "\n DO NOT EDIT THIS FILE. " 1560 "It is a snapshot of running zone state.\n"); 1561 1562 error = zonecfg_save_impl(handle, path); 1563 1564 stripcomments(handle); 1565 1566 out: 1567 zonecfg_fini_handle(handle); 1568 return (error); 1569 } 1570 1571 int 1572 zonecfg_get_iptype(zone_dochandle_t handle, zone_iptype_t *iptypep) 1573 { 1574 char property[10]; /* 10 is big enough for "shared"/"exclusive" */ 1575 int err; 1576 1577 err = getrootattr(handle, DTD_ATTR_IPTYPE, property, sizeof (property)); 1578 if (err == Z_BAD_PROPERTY) { 1579 /* Return default value */ 1580 *iptypep = ZS_SHARED; 1581 return (Z_OK); 1582 } else if (err != Z_OK) { 1583 return (err); 1584 } 1585 1586 if (strlen(property) == 0 || 1587 strcmp(property, "shared") == 0) 1588 *iptypep = ZS_SHARED; 1589 else if (strcmp(property, "exclusive") == 0) 1590 *iptypep = ZS_EXCLUSIVE; 1591 else 1592 return (Z_INVAL); 1593 1594 return (Z_OK); 1595 } 1596 1597 int 1598 zonecfg_set_iptype(zone_dochandle_t handle, zone_iptype_t iptype) 1599 { 1600 xmlNodePtr cur; 1601 1602 if (handle == NULL) 1603 return (Z_INVAL); 1604 1605 cur = xmlDocGetRootElement(handle->zone_dh_doc); 1606 if (cur == NULL) { 1607 return (Z_EMPTY_DOCUMENT); 1608 } 1609 1610 if (xmlStrcmp(cur->name, DTD_ELEM_ZONE) != 0) { 1611 return (Z_WRONG_DOC_TYPE); 1612 } 1613 switch (iptype) { 1614 case ZS_SHARED: 1615 /* 1616 * Since "shared" is the default, we don't write it to the 1617 * configuration file, so that it's easier to migrate those 1618 * zones elsewhere, eg., to systems which are not IP-Instances 1619 * aware. 1620 * xmlUnsetProp only fails when the attribute doesn't exist, 1621 * which we don't care. 1622 */ 1623 (void) xmlUnsetProp(cur, DTD_ATTR_IPTYPE); 1624 break; 1625 case ZS_EXCLUSIVE: 1626 if (xmlSetProp(cur, DTD_ATTR_IPTYPE, 1627 (const xmlChar *) "exclusive") == NULL) 1628 return (Z_INVAL); 1629 break; 1630 } 1631 return (Z_OK); 1632 } 1633 1634 static int 1635 newprop(xmlNodePtr node, const xmlChar *attrname, char *src) 1636 { 1637 xmlAttrPtr newattr; 1638 1639 newattr = xmlNewProp(node, attrname, (xmlChar *)src); 1640 if (newattr == NULL) { 1641 xmlUnlinkNode(node); 1642 xmlFreeNode(node); 1643 return (Z_BAD_PROPERTY); 1644 } 1645 return (Z_OK); 1646 } 1647 1648 static int 1649 zonecfg_add_filesystem_core(zone_dochandle_t handle, struct zone_fstab *tabptr) 1650 { 1651 xmlNodePtr newnode, cur = handle->zone_dh_cur, options_node; 1652 zone_fsopt_t *ptr; 1653 int err; 1654 1655 newnode = xmlNewTextChild(cur, NULL, DTD_ELEM_FS, NULL); 1656 if ((err = newprop(newnode, DTD_ATTR_SPECIAL, 1657 tabptr->zone_fs_special)) != Z_OK) 1658 return (err); 1659 if (tabptr->zone_fs_raw[0] != '\0' && 1660 (err = newprop(newnode, DTD_ATTR_RAW, tabptr->zone_fs_raw)) != Z_OK) 1661 return (err); 1662 if ((err = newprop(newnode, DTD_ATTR_DIR, tabptr->zone_fs_dir)) != Z_OK) 1663 return (err); 1664 if ((err = newprop(newnode, DTD_ATTR_TYPE, 1665 tabptr->zone_fs_type)) != Z_OK) 1666 return (err); 1667 if (tabptr->zone_fs_options != NULL) { 1668 for (ptr = tabptr->zone_fs_options; ptr != NULL; 1669 ptr = ptr->zone_fsopt_next) { 1670 options_node = xmlNewTextChild(newnode, NULL, 1671 DTD_ELEM_FSOPTION, NULL); 1672 if ((err = newprop(options_node, DTD_ATTR_NAME, 1673 ptr->zone_fsopt_opt)) != Z_OK) 1674 return (err); 1675 } 1676 } 1677 return (Z_OK); 1678 } 1679 1680 int 1681 zonecfg_add_filesystem(zone_dochandle_t handle, struct zone_fstab *tabptr) 1682 { 1683 int err; 1684 1685 if (tabptr == NULL) 1686 return (Z_INVAL); 1687 1688 if ((err = operation_prep(handle)) != Z_OK) 1689 return (err); 1690 1691 if ((err = zonecfg_add_filesystem_core(handle, tabptr)) != Z_OK) 1692 return (err); 1693 1694 return (Z_OK); 1695 } 1696 1697 int 1698 zonecfg_add_fs_option(struct zone_fstab *tabptr, char *option) 1699 { 1700 zone_fsopt_t *last, *old, *new; 1701 1702 last = tabptr->zone_fs_options; 1703 for (old = last; old != NULL; old = old->zone_fsopt_next) 1704 last = old; /* walk to the end of the list */ 1705 new = (zone_fsopt_t *)malloc(sizeof (zone_fsopt_t)); 1706 if (new == NULL) 1707 return (Z_NOMEM); 1708 (void) strlcpy(new->zone_fsopt_opt, option, 1709 sizeof (new->zone_fsopt_opt)); 1710 new->zone_fsopt_next = NULL; 1711 if (last == NULL) 1712 tabptr->zone_fs_options = new; 1713 else 1714 last->zone_fsopt_next = new; 1715 return (Z_OK); 1716 } 1717 1718 int 1719 zonecfg_remove_fs_option(struct zone_fstab *tabptr, char *option) 1720 { 1721 zone_fsopt_t *last, *this, *next; 1722 1723 last = tabptr->zone_fs_options; 1724 for (this = last; this != NULL; this = this->zone_fsopt_next) { 1725 if (strcmp(this->zone_fsopt_opt, option) == 0) { 1726 next = this->zone_fsopt_next; 1727 if (this == tabptr->zone_fs_options) 1728 tabptr->zone_fs_options = next; 1729 else 1730 last->zone_fsopt_next = next; 1731 free(this); 1732 return (Z_OK); 1733 } else 1734 last = this; 1735 } 1736 return (Z_NO_PROPERTY_ID); 1737 } 1738 1739 void 1740 zonecfg_free_fs_option_list(zone_fsopt_t *list) 1741 { 1742 zone_fsopt_t *this, *next; 1743 1744 for (this = list; this != NULL; this = next) { 1745 next = this->zone_fsopt_next; 1746 free(this); 1747 } 1748 } 1749 1750 void 1751 zonecfg_free_rctl_value_list(struct zone_rctlvaltab *valtab) 1752 { 1753 if (valtab == NULL) 1754 return; 1755 zonecfg_free_rctl_value_list(valtab->zone_rctlval_next); 1756 free(valtab); 1757 } 1758 1759 static boolean_t 1760 match_prop(xmlNodePtr cur, const xmlChar *attr, char *user_prop) 1761 { 1762 xmlChar *gotten_prop; 1763 int prop_result; 1764 1765 gotten_prop = xmlGetProp(cur, attr); 1766 if (gotten_prop == NULL) /* shouldn't happen */ 1767 return (B_FALSE); 1768 prop_result = xmlStrcmp(gotten_prop, (const xmlChar *) user_prop); 1769 xmlFree(gotten_prop); 1770 return ((prop_result == 0)); 1771 } 1772 1773 static int 1774 zonecfg_delete_filesystem_core(zone_dochandle_t handle, 1775 struct zone_fstab *tabptr) 1776 { 1777 xmlNodePtr cur = handle->zone_dh_cur; 1778 boolean_t dir_match, spec_match, raw_match, type_match; 1779 1780 for (cur = cur->xmlChildrenNode; cur != NULL; cur = cur->next) { 1781 if (xmlStrcmp(cur->name, DTD_ELEM_FS)) 1782 continue; 1783 dir_match = match_prop(cur, DTD_ATTR_DIR, tabptr->zone_fs_dir); 1784 spec_match = match_prop(cur, DTD_ATTR_SPECIAL, 1785 tabptr->zone_fs_special); 1786 raw_match = match_prop(cur, DTD_ATTR_RAW, 1787 tabptr->zone_fs_raw); 1788 type_match = match_prop(cur, DTD_ATTR_TYPE, 1789 tabptr->zone_fs_type); 1790 if (dir_match && spec_match && raw_match && type_match) { 1791 xmlUnlinkNode(cur); 1792 xmlFreeNode(cur); 1793 return (Z_OK); 1794 } 1795 } 1796 return (Z_NO_RESOURCE_ID); 1797 } 1798 1799 int 1800 zonecfg_delete_filesystem(zone_dochandle_t handle, struct zone_fstab *tabptr) 1801 { 1802 int err; 1803 1804 if (tabptr == NULL) 1805 return (Z_INVAL); 1806 1807 if ((err = operation_prep(handle)) != Z_OK) 1808 return (err); 1809 1810 if ((err = zonecfg_delete_filesystem_core(handle, tabptr)) != Z_OK) 1811 return (err); 1812 1813 return (Z_OK); 1814 } 1815 1816 int 1817 zonecfg_modify_filesystem( 1818 zone_dochandle_t handle, 1819 struct zone_fstab *oldtabptr, 1820 struct zone_fstab *newtabptr) 1821 { 1822 int err; 1823 1824 if (oldtabptr == NULL || newtabptr == NULL) 1825 return (Z_INVAL); 1826 1827 if ((err = operation_prep(handle)) != Z_OK) 1828 return (err); 1829 1830 if ((err = zonecfg_delete_filesystem_core(handle, oldtabptr)) != Z_OK) 1831 return (err); 1832 1833 if ((err = zonecfg_add_filesystem_core(handle, newtabptr)) != Z_OK) 1834 return (err); 1835 1836 return (Z_OK); 1837 } 1838 1839 int 1840 zonecfg_lookup_filesystem( 1841 zone_dochandle_t handle, 1842 struct zone_fstab *tabptr) 1843 { 1844 xmlNodePtr cur, options, firstmatch; 1845 int err; 1846 char dirname[MAXPATHLEN], special[MAXPATHLEN], raw[MAXPATHLEN]; 1847 char type[FSTYPSZ]; 1848 char options_str[MAX_MNTOPT_STR]; 1849 1850 if (tabptr == NULL) 1851 return (Z_INVAL); 1852 1853 if ((err = operation_prep(handle)) != Z_OK) 1854 return (err); 1855 1856 /* 1857 * Walk the list of children looking for matches on any properties 1858 * specified in the fstab parameter. If more than one resource 1859 * matches, we return Z_INSUFFICIENT_SPEC; if none match, we return 1860 * Z_NO_RESOURCE_ID. 1861 */ 1862 cur = handle->zone_dh_cur; 1863 firstmatch = NULL; 1864 for (cur = cur->xmlChildrenNode; cur != NULL; cur = cur->next) { 1865 if (xmlStrcmp(cur->name, DTD_ELEM_FS)) 1866 continue; 1867 if (strlen(tabptr->zone_fs_dir) > 0) { 1868 if ((fetchprop(cur, DTD_ATTR_DIR, dirname, 1869 sizeof (dirname)) == Z_OK) && 1870 (strcmp(tabptr->zone_fs_dir, dirname) == 0)) { 1871 if (firstmatch == NULL) 1872 firstmatch = cur; 1873 else 1874 return (Z_INSUFFICIENT_SPEC); 1875 } 1876 } 1877 if (strlen(tabptr->zone_fs_special) > 0) { 1878 if ((fetchprop(cur, DTD_ATTR_SPECIAL, special, 1879 sizeof (special)) == Z_OK)) { 1880 if (strcmp(tabptr->zone_fs_special, 1881 special) == 0) { 1882 if (firstmatch == NULL) 1883 firstmatch = cur; 1884 else if (firstmatch != cur) 1885 return (Z_INSUFFICIENT_SPEC); 1886 } else { 1887 /* 1888 * If another property matched but this 1889 * one doesn't then reset firstmatch. 1890 */ 1891 if (firstmatch == cur) 1892 firstmatch = NULL; 1893 } 1894 } 1895 } 1896 if (strlen(tabptr->zone_fs_raw) > 0) { 1897 if ((fetchprop(cur, DTD_ATTR_RAW, raw, 1898 sizeof (raw)) == Z_OK)) { 1899 if (strcmp(tabptr->zone_fs_raw, raw) == 0) { 1900 if (firstmatch == NULL) 1901 firstmatch = cur; 1902 else if (firstmatch != cur) 1903 return (Z_INSUFFICIENT_SPEC); 1904 } else { 1905 /* 1906 * If another property matched but this 1907 * one doesn't then reset firstmatch. 1908 */ 1909 if (firstmatch == cur) 1910 firstmatch = NULL; 1911 } 1912 } 1913 } 1914 if (strlen(tabptr->zone_fs_type) > 0) { 1915 if ((fetchprop(cur, DTD_ATTR_TYPE, type, 1916 sizeof (type)) == Z_OK)) { 1917 if (strcmp(tabptr->zone_fs_type, type) == 0) { 1918 if (firstmatch == NULL) 1919 firstmatch = cur; 1920 else if (firstmatch != cur) 1921 return (Z_INSUFFICIENT_SPEC); 1922 } else { 1923 /* 1924 * If another property matched but this 1925 * one doesn't then reset firstmatch. 1926 */ 1927 if (firstmatch == cur) 1928 firstmatch = NULL; 1929 } 1930 } 1931 } 1932 } 1933 1934 if (firstmatch == NULL) 1935 return (Z_NO_RESOURCE_ID); 1936 1937 cur = firstmatch; 1938 1939 if ((err = fetchprop(cur, DTD_ATTR_DIR, tabptr->zone_fs_dir, 1940 sizeof (tabptr->zone_fs_dir))) != Z_OK) 1941 return (err); 1942 1943 if ((err = fetchprop(cur, DTD_ATTR_SPECIAL, tabptr->zone_fs_special, 1944 sizeof (tabptr->zone_fs_special))) != Z_OK) 1945 return (err); 1946 1947 if ((err = fetchprop(cur, DTD_ATTR_RAW, tabptr->zone_fs_raw, 1948 sizeof (tabptr->zone_fs_raw))) != Z_OK) 1949 return (err); 1950 1951 if ((err = fetchprop(cur, DTD_ATTR_TYPE, tabptr->zone_fs_type, 1952 sizeof (tabptr->zone_fs_type))) != Z_OK) 1953 return (err); 1954 1955 /* options are optional */ 1956 tabptr->zone_fs_options = NULL; 1957 for (options = cur->xmlChildrenNode; options != NULL; 1958 options = options->next) { 1959 if ((fetchprop(options, DTD_ATTR_NAME, options_str, 1960 sizeof (options_str)) != Z_OK)) 1961 break; 1962 if (zonecfg_add_fs_option(tabptr, options_str) != Z_OK) 1963 break; 1964 } 1965 return (Z_OK); 1966 } 1967 1968 /* 1969 * Compare two IP addresses in string form. Allow for the possibility that 1970 * one might have "/<prefix-length>" at the end: allow a match on just the 1971 * IP address (or host name) part. 1972 */ 1973 1974 boolean_t 1975 zonecfg_same_net_address(char *a1, char *a2) 1976 { 1977 char *slashp, *slashp1, *slashp2; 1978 int result; 1979 1980 if (strcmp(a1, a2) == 0) 1981 return (B_TRUE); 1982 1983 /* 1984 * If neither has a slash or both do, they need to match to be 1985 * considered the same, but they did not match above, so fail. 1986 */ 1987 slashp1 = strchr(a1, '/'); 1988 slashp2 = strchr(a2, '/'); 1989 if ((slashp1 == NULL && slashp2 == NULL) || 1990 (slashp1 != NULL && slashp2 != NULL)) 1991 return (B_FALSE); 1992 1993 /* 1994 * Only one had a slash: pick that one, zero out the slash, compare 1995 * the "address only" strings, restore the slash, and return the 1996 * result of the comparison. 1997 */ 1998 slashp = (slashp1 == NULL) ? slashp2 : slashp1; 1999 *slashp = '\0'; 2000 result = strcmp(a1, a2); 2001 *slashp = '/'; 2002 return ((result == 0)); 2003 } 2004 2005 int 2006 zonecfg_valid_net_address(char *address, struct lifreq *lifr) 2007 { 2008 struct sockaddr_in *sin4; 2009 struct sockaddr_in6 *sin6; 2010 struct addrinfo hints, *result; 2011 char *slashp = strchr(address, '/'); 2012 2013 bzero(lifr, sizeof (struct lifreq)); 2014 sin4 = (struct sockaddr_in *)&lifr->lifr_addr; 2015 sin6 = (struct sockaddr_in6 *)&lifr->lifr_addr; 2016 if (slashp != NULL) 2017 *slashp = '\0'; 2018 if (inet_pton(AF_INET, address, &sin4->sin_addr) == 1) { 2019 sin4->sin_family = AF_INET; 2020 } else if (inet_pton(AF_INET6, address, &sin6->sin6_addr) == 1) { 2021 if (slashp == NULL) 2022 return (Z_IPV6_ADDR_PREFIX_LEN); 2023 sin6->sin6_family = AF_INET6; 2024 } else { 2025 /* "address" may be a host name */ 2026 (void) memset(&hints, 0, sizeof (hints)); 2027 hints.ai_family = PF_INET; 2028 if (getaddrinfo(address, NULL, &hints, &result) != 0) 2029 return (Z_BOGUS_ADDRESS); 2030 sin4->sin_family = result->ai_family; 2031 2032 (void) memcpy(&sin4->sin_addr, 2033 /* LINTED E_BAD_PTR_CAST_ALIGN */ 2034 &((struct sockaddr_in *)result->ai_addr)->sin_addr, 2035 sizeof (struct in_addr)); 2036 2037 freeaddrinfo(result); 2038 } 2039 return (Z_OK); 2040 } 2041 2042 boolean_t 2043 zonecfg_ifname_exists(sa_family_t af, char *ifname) 2044 { 2045 struct lifreq lifr; 2046 int so; 2047 int save_errno; 2048 2049 (void) memset(&lifr, 0, sizeof (lifr)); 2050 (void) strlcpy(lifr.lifr_name, ifname, sizeof (lifr.lifr_name)); 2051 lifr.lifr_addr.ss_family = af; 2052 if ((so = socket(af, SOCK_DGRAM, 0)) < 0) { 2053 /* Odd - can't tell if the ifname exists */ 2054 return (B_FALSE); 2055 } 2056 if (ioctl(so, SIOCGLIFFLAGS, (caddr_t)&lifr) < 0) { 2057 save_errno = errno; 2058 (void) close(so); 2059 errno = save_errno; 2060 return (B_FALSE); 2061 } 2062 (void) close(so); 2063 return (B_TRUE); 2064 } 2065 2066 /* 2067 * Determines whether there is a net resource with the physical interface, IP 2068 * address, and default router specified by 'tabptr' in the zone configuration 2069 * to which 'handle' refers. 'tabptr' must have an interface, an address, a 2070 * default router, or a combination of the three. This function returns Z_OK 2071 * iff there is exactly one net resource matching the query specified by 2072 * 'tabptr'. The function returns Z_INSUFFICIENT_SPEC if there are multiple 2073 * matches or 'tabptr' does not specify a physical interface, address, or 2074 * default router. The function returns Z_NO_RESOURCE_ID if are no matches. 2075 * 2076 * Errors might also be returned if the entry that exactly matches the 2077 * query lacks critical network resource information. 2078 * 2079 * If there is a single match, then the matching entry's physical interface, IP 2080 * address, and default router information are stored in 'tabptr'. 2081 */ 2082 int 2083 zonecfg_lookup_nwif(zone_dochandle_t handle, struct zone_nwiftab *tabptr) 2084 { 2085 xmlNodePtr cur; 2086 xmlNodePtr firstmatch; 2087 int err; 2088 char address[INET6_ADDRSTRLEN]; 2089 char physical[LIFNAMSIZ]; 2090 size_t addrspec; /* nonzero if tabptr has IP addr */ 2091 size_t physspec; /* nonzero if tabptr has interface */ 2092 size_t defrouterspec; /* nonzero if tabptr has def. router */ 2093 size_t allowed_addrspec; 2094 zone_iptype_t iptype; 2095 2096 if (tabptr == NULL) 2097 return (Z_INVAL); 2098 2099 /* 2100 * Determine the fields that will be searched. There must be at least 2101 * one. 2102 * 2103 * zone_nwif_address, zone_nwif_physical, and zone_nwif_defrouter are 2104 * arrays, so no NULL checks are necessary. 2105 */ 2106 addrspec = strlen(tabptr->zone_nwif_address); 2107 physspec = strlen(tabptr->zone_nwif_physical); 2108 defrouterspec = strlen(tabptr->zone_nwif_defrouter); 2109 allowed_addrspec = strlen(tabptr->zone_nwif_allowed_address); 2110 if (addrspec != 0 && allowed_addrspec != 0) 2111 return (Z_INVAL); /* can't specify both */ 2112 if (addrspec == 0 && physspec == 0 && defrouterspec == 0 && 2113 allowed_addrspec == 0) 2114 return (Z_INSUFFICIENT_SPEC); 2115 2116 if ((err = operation_prep(handle)) != Z_OK) 2117 return (err); 2118 2119 if ((err = zonecfg_get_iptype(handle, &iptype)) != Z_OK) 2120 return (err); 2121 /* 2122 * Iterate over the configuration's elements and look for net elements 2123 * that match the query. 2124 */ 2125 firstmatch = NULL; 2126 cur = handle->zone_dh_cur; 2127 for (cur = cur->xmlChildrenNode; cur != NULL; cur = cur->next) { 2128 /* Skip non-net elements */ 2129 if (xmlStrcmp(cur->name, DTD_ELEM_NET)) 2130 continue; 2131 2132 /* 2133 * If any relevant fields don't match the query, then skip 2134 * the current net element. 2135 */ 2136 if (physspec != 0 && (fetchprop(cur, DTD_ATTR_PHYSICAL, 2137 physical, sizeof (physical)) != Z_OK || 2138 strcmp(tabptr->zone_nwif_physical, physical) != 0)) 2139 continue; 2140 if (iptype == ZS_SHARED && addrspec != 0 && 2141 (fetchprop(cur, DTD_ATTR_ADDRESS, address, 2142 sizeof (address)) != Z_OK || 2143 !zonecfg_same_net_address(tabptr->zone_nwif_address, 2144 address))) 2145 continue; 2146 if (iptype == ZS_EXCLUSIVE && allowed_addrspec != 0 && 2147 (fetchprop(cur, DTD_ATTR_ALLOWED_ADDRESS, address, 2148 sizeof (address)) != Z_OK || 2149 !zonecfg_same_net_address(tabptr->zone_nwif_allowed_address, 2150 address))) 2151 continue; 2152 if (defrouterspec != 0 && (fetchprop(cur, DTD_ATTR_DEFROUTER, 2153 address, sizeof (address)) != Z_OK || 2154 !zonecfg_same_net_address(tabptr->zone_nwif_defrouter, 2155 address))) 2156 continue; 2157 2158 /* 2159 * The current net element matches the query. Select it if 2160 * it's the first match; otherwise, abort the search. 2161 */ 2162 if (firstmatch == NULL) 2163 firstmatch = cur; 2164 else 2165 return (Z_INSUFFICIENT_SPEC); 2166 } 2167 if (firstmatch == NULL) 2168 return (Z_NO_RESOURCE_ID); 2169 2170 cur = firstmatch; 2171 2172 if ((err = fetchprop(cur, DTD_ATTR_PHYSICAL, tabptr->zone_nwif_physical, 2173 sizeof (tabptr->zone_nwif_physical))) != Z_OK) 2174 return (err); 2175 2176 if (iptype == ZS_SHARED && 2177 (err = fetchprop(cur, DTD_ATTR_ADDRESS, tabptr->zone_nwif_address, 2178 sizeof (tabptr->zone_nwif_address))) != Z_OK) 2179 return (err); 2180 2181 if (iptype == ZS_EXCLUSIVE && 2182 (err = fetchprop(cur, DTD_ATTR_ALLOWED_ADDRESS, 2183 tabptr->zone_nwif_allowed_address, 2184 sizeof (tabptr->zone_nwif_allowed_address))) != Z_OK) 2185 return (err); 2186 2187 if ((err = fetchprop(cur, DTD_ATTR_DEFROUTER, 2188 tabptr->zone_nwif_defrouter, 2189 sizeof (tabptr->zone_nwif_defrouter))) != Z_OK) 2190 return (err); 2191 2192 return (Z_OK); 2193 } 2194 2195 static int 2196 zonecfg_add_nwif_core(zone_dochandle_t handle, struct zone_nwiftab *tabptr) 2197 { 2198 xmlNodePtr newnode, cur = handle->zone_dh_cur; 2199 int err; 2200 2201 newnode = xmlNewTextChild(cur, NULL, DTD_ELEM_NET, NULL); 2202 if (strlen(tabptr->zone_nwif_address) > 0 && 2203 (err = newprop(newnode, DTD_ATTR_ADDRESS, 2204 tabptr->zone_nwif_address)) != Z_OK) 2205 return (err); 2206 if (strlen(tabptr->zone_nwif_allowed_address) > 0 && 2207 (err = newprop(newnode, DTD_ATTR_ALLOWED_ADDRESS, 2208 tabptr->zone_nwif_allowed_address)) != Z_OK) 2209 return (err); 2210 if ((err = newprop(newnode, DTD_ATTR_PHYSICAL, 2211 tabptr->zone_nwif_physical)) != Z_OK) 2212 return (err); 2213 /* 2214 * Do not add this property when it is not set, for backwards 2215 * compatibility and because it is optional. 2216 */ 2217 if ((strlen(tabptr->zone_nwif_defrouter) > 0) && 2218 ((err = newprop(newnode, DTD_ATTR_DEFROUTER, 2219 tabptr->zone_nwif_defrouter)) != Z_OK)) 2220 return (err); 2221 return (Z_OK); 2222 } 2223 2224 int 2225 zonecfg_add_nwif(zone_dochandle_t handle, struct zone_nwiftab *tabptr) 2226 { 2227 int err; 2228 2229 if (tabptr == NULL) 2230 return (Z_INVAL); 2231 2232 if ((err = operation_prep(handle)) != Z_OK) 2233 return (err); 2234 2235 if ((err = zonecfg_add_nwif_core(handle, tabptr)) != Z_OK) 2236 return (err); 2237 2238 return (Z_OK); 2239 } 2240 2241 static int 2242 zonecfg_delete_nwif_core(zone_dochandle_t handle, struct zone_nwiftab *tabptr) 2243 { 2244 xmlNodePtr cur = handle->zone_dh_cur; 2245 boolean_t addr_match, phys_match, allowed_addr_match; 2246 2247 for (cur = cur->xmlChildrenNode; cur != NULL; cur = cur->next) { 2248 if (xmlStrcmp(cur->name, DTD_ELEM_NET)) 2249 continue; 2250 2251 addr_match = match_prop(cur, DTD_ATTR_ADDRESS, 2252 tabptr->zone_nwif_address); 2253 allowed_addr_match = match_prop(cur, DTD_ATTR_ALLOWED_ADDRESS, 2254 tabptr->zone_nwif_allowed_address); 2255 phys_match = match_prop(cur, DTD_ATTR_PHYSICAL, 2256 tabptr->zone_nwif_physical); 2257 2258 if ((addr_match || allowed_addr_match) && phys_match) { 2259 xmlUnlinkNode(cur); 2260 xmlFreeNode(cur); 2261 return (Z_OK); 2262 } 2263 } 2264 return (Z_NO_RESOURCE_ID); 2265 } 2266 2267 int 2268 zonecfg_delete_nwif(zone_dochandle_t handle, struct zone_nwiftab *tabptr) 2269 { 2270 int err; 2271 2272 if (tabptr == NULL) 2273 return (Z_INVAL); 2274 2275 if ((err = operation_prep(handle)) != Z_OK) 2276 return (err); 2277 2278 if ((err = zonecfg_delete_nwif_core(handle, tabptr)) != Z_OK) 2279 return (err); 2280 2281 return (Z_OK); 2282 } 2283 2284 int 2285 zonecfg_modify_nwif( 2286 zone_dochandle_t handle, 2287 struct zone_nwiftab *oldtabptr, 2288 struct zone_nwiftab *newtabptr) 2289 { 2290 int err; 2291 2292 if (oldtabptr == NULL || newtabptr == NULL) 2293 return (Z_INVAL); 2294 2295 if ((err = operation_prep(handle)) != Z_OK) 2296 return (err); 2297 2298 if ((err = zonecfg_delete_nwif_core(handle, oldtabptr)) != Z_OK) 2299 return (err); 2300 2301 if ((err = zonecfg_add_nwif_core(handle, newtabptr)) != Z_OK) 2302 return (err); 2303 2304 return (Z_OK); 2305 } 2306 2307 /* 2308 * Must be a comma-separated list of alpha-numeric file system names. 2309 */ 2310 static int 2311 zonecfg_valid_fs_allowed(const char *fsallowedp) 2312 { 2313 char tmp[ZONE_FS_ALLOWED_MAX]; 2314 char *cp = tmp; 2315 char *p; 2316 2317 if (strlen(fsallowedp) > ZONE_FS_ALLOWED_MAX) 2318 return (Z_TOO_BIG); 2319 2320 (void) strlcpy(tmp, fsallowedp, sizeof (tmp)); 2321 2322 while (*cp != '\0') { 2323 p = cp; 2324 while (*p != '\0' && *p != ',') { 2325 if (!isalnum(*p) && *p != '-') 2326 return (Z_INVALID_PROPERTY); 2327 p++; 2328 } 2329 2330 if (*p == ',') { 2331 if (p == cp) 2332 return (Z_INVALID_PROPERTY); 2333 2334 p++; 2335 2336 if (*p == '\0') 2337 return (Z_INVALID_PROPERTY); 2338 } 2339 2340 cp = p; 2341 } 2342 2343 return (Z_OK); 2344 } 2345 2346 int 2347 zonecfg_get_fs_allowed(zone_dochandle_t handle, char *bufp, size_t buflen) 2348 { 2349 int err; 2350 2351 if ((err = getrootattr(handle, DTD_ATTR_FS_ALLOWED, 2352 bufp, buflen)) != Z_OK) 2353 return (err); 2354 if (bufp[0] == '\0') 2355 return (Z_BAD_PROPERTY); 2356 return (zonecfg_valid_fs_allowed(bufp)); 2357 } 2358 2359 int 2360 zonecfg_set_fs_allowed(zone_dochandle_t handle, const char *bufp) 2361 { 2362 int err; 2363 2364 if (bufp == NULL || (err = zonecfg_valid_fs_allowed(bufp)) == Z_OK) 2365 return (setrootattr(handle, DTD_ATTR_FS_ALLOWED, bufp)); 2366 return (err); 2367 } 2368 2369 /* 2370 * Determines if the specified string is a valid hostid string. This function 2371 * returns Z_OK if the string is a valid hostid string. It returns Z_INVAL if 2372 * 'hostidp' is NULL, Z_TOO_BIG if 'hostidp' refers to a string buffer 2373 * containing a hex string with more than 8 digits, and Z_INVALID_PROPERTY if 2374 * the string has an invalid format. 2375 */ 2376 static int 2377 zonecfg_valid_hostid(const char *hostidp) 2378 { 2379 char *currentp; 2380 u_longlong_t hostidval; 2381 size_t len; 2382 2383 if (hostidp == NULL) 2384 return (Z_INVAL); 2385 2386 /* Empty strings and strings with whitespace are invalid. */ 2387 if (*hostidp == '\0') 2388 return (Z_INVALID_PROPERTY); 2389 for (currentp = (char *)hostidp; *currentp != '\0'; ++currentp) { 2390 if (isspace(*currentp)) 2391 return (Z_INVALID_PROPERTY); 2392 } 2393 len = (size_t)(currentp - hostidp); 2394 2395 /* 2396 * The caller might pass a hostid that is larger than the maximum 2397 * unsigned 32-bit integral value. Check for this! Also, make sure 2398 * that the whole string is converted (this helps us find illegal 2399 * characters) and that the whole string fits within a buffer of size 2400 * HW_HOSTID_LEN. 2401 */ 2402 currentp = (char *)hostidp; 2403 if (strncmp(hostidp, "0x", 2) == 0 || strncmp(hostidp, "0X", 2) == 0) 2404 currentp += 2; 2405 hostidval = strtoull(currentp, ¤tp, 16); 2406 if ((size_t)(currentp - hostidp) >= HW_HOSTID_LEN) 2407 return (Z_TOO_BIG); 2408 if (hostidval > UINT_MAX || hostidval == HW_INVALID_HOSTID || 2409 currentp != hostidp + len) 2410 return (Z_INVALID_PROPERTY); 2411 return (Z_OK); 2412 } 2413 2414 /* 2415 * Gets the zone hostid string stored in the specified zone configuration 2416 * document. This function returns Z_OK on success. Z_BAD_PROPERTY is returned 2417 * if the config file doesn't specify a hostid or if the hostid is blank. 2418 * 2419 * Note that buflen should be at least HW_HOSTID_LEN. 2420 */ 2421 int 2422 zonecfg_get_hostid(zone_dochandle_t handle, char *bufp, size_t buflen) 2423 { 2424 int err; 2425 2426 if ((err = getrootattr(handle, DTD_ATTR_HOSTID, bufp, buflen)) != Z_OK) 2427 return (err); 2428 if (bufp[0] == '\0') 2429 return (Z_BAD_PROPERTY); 2430 return (zonecfg_valid_hostid(bufp)); 2431 } 2432 2433 /* 2434 * Sets the hostid string in the specified zone config document to the given 2435 * string value. If 'hostidp' is NULL, then the config document's hostid 2436 * attribute is cleared. Non-NULL hostids are validated. This function returns 2437 * Z_OK on success. Any other return value indicates failure. 2438 */ 2439 int 2440 zonecfg_set_hostid(zone_dochandle_t handle, const char *hostidp) 2441 { 2442 int err; 2443 2444 /* 2445 * A NULL hostid string is interpreted as a request to clear the 2446 * hostid. 2447 */ 2448 if (hostidp == NULL || (err = zonecfg_valid_hostid(hostidp)) == Z_OK) 2449 return (setrootattr(handle, DTD_ATTR_HOSTID, hostidp)); 2450 return (err); 2451 } 2452 2453 int 2454 zonecfg_lookup_dev(zone_dochandle_t handle, struct zone_devtab *tabptr) 2455 { 2456 xmlNodePtr cur, firstmatch; 2457 int err; 2458 char match[MAXPATHLEN]; 2459 2460 if (tabptr == NULL) 2461 return (Z_INVAL); 2462 2463 if ((err = operation_prep(handle)) != Z_OK) 2464 return (err); 2465 2466 cur = handle->zone_dh_cur; 2467 firstmatch = NULL; 2468 for (cur = cur->xmlChildrenNode; cur != NULL; cur = cur->next) { 2469 if (xmlStrcmp(cur->name, DTD_ELEM_DEVICE)) 2470 continue; 2471 if (strlen(tabptr->zone_dev_match) == 0) 2472 continue; 2473 2474 if ((fetchprop(cur, DTD_ATTR_MATCH, match, 2475 sizeof (match)) == Z_OK)) { 2476 if (strcmp(tabptr->zone_dev_match, 2477 match) == 0) { 2478 if (firstmatch == NULL) 2479 firstmatch = cur; 2480 else if (firstmatch != cur) 2481 return (Z_INSUFFICIENT_SPEC); 2482 } else { 2483 /* 2484 * If another property matched but this 2485 * one doesn't then reset firstmatch. 2486 */ 2487 if (firstmatch == cur) 2488 firstmatch = NULL; 2489 } 2490 } 2491 } 2492 if (firstmatch == NULL) 2493 return (Z_NO_RESOURCE_ID); 2494 2495 cur = firstmatch; 2496 2497 if ((err = fetchprop(cur, DTD_ATTR_MATCH, tabptr->zone_dev_match, 2498 sizeof (tabptr->zone_dev_match))) != Z_OK) 2499 return (err); 2500 2501 return (Z_OK); 2502 } 2503 2504 static int 2505 zonecfg_add_dev_core(zone_dochandle_t handle, struct zone_devtab *tabptr) 2506 { 2507 xmlNodePtr newnode, cur = handle->zone_dh_cur; 2508 int err; 2509 2510 newnode = xmlNewTextChild(cur, NULL, DTD_ELEM_DEVICE, NULL); 2511 2512 if ((err = newprop(newnode, DTD_ATTR_MATCH, 2513 tabptr->zone_dev_match)) != Z_OK) 2514 return (err); 2515 2516 return (Z_OK); 2517 } 2518 2519 int 2520 zonecfg_add_dev(zone_dochandle_t handle, struct zone_devtab *tabptr) 2521 { 2522 int err; 2523 2524 if (tabptr == NULL) 2525 return (Z_INVAL); 2526 2527 if ((err = operation_prep(handle)) != Z_OK) 2528 return (err); 2529 2530 if ((err = zonecfg_add_dev_core(handle, tabptr)) != Z_OK) 2531 return (err); 2532 2533 return (Z_OK); 2534 } 2535 2536 static int 2537 zonecfg_delete_dev_core(zone_dochandle_t handle, struct zone_devtab *tabptr) 2538 { 2539 xmlNodePtr cur = handle->zone_dh_cur; 2540 int match_match; 2541 2542 for (cur = cur->xmlChildrenNode; cur != NULL; cur = cur->next) { 2543 if (xmlStrcmp(cur->name, DTD_ELEM_DEVICE)) 2544 continue; 2545 2546 match_match = match_prop(cur, DTD_ATTR_MATCH, 2547 tabptr->zone_dev_match); 2548 2549 if (match_match) { 2550 xmlUnlinkNode(cur); 2551 xmlFreeNode(cur); 2552 return (Z_OK); 2553 } 2554 } 2555 return (Z_NO_RESOURCE_ID); 2556 } 2557 2558 int 2559 zonecfg_delete_dev(zone_dochandle_t handle, struct zone_devtab *tabptr) 2560 { 2561 int err; 2562 2563 if (tabptr == NULL) 2564 return (Z_INVAL); 2565 2566 if ((err = operation_prep(handle)) != Z_OK) 2567 return (err); 2568 2569 if ((err = zonecfg_delete_dev_core(handle, tabptr)) != Z_OK) 2570 return (err); 2571 2572 return (Z_OK); 2573 } 2574 2575 int 2576 zonecfg_modify_dev( 2577 zone_dochandle_t handle, 2578 struct zone_devtab *oldtabptr, 2579 struct zone_devtab *newtabptr) 2580 { 2581 int err; 2582 2583 if (oldtabptr == NULL || newtabptr == NULL) 2584 return (Z_INVAL); 2585 2586 if ((err = operation_prep(handle)) != Z_OK) 2587 return (err); 2588 2589 if ((err = zonecfg_delete_dev_core(handle, oldtabptr)) != Z_OK) 2590 return (err); 2591 2592 if ((err = zonecfg_add_dev_core(handle, newtabptr)) != Z_OK) 2593 return (err); 2594 2595 return (Z_OK); 2596 } 2597 2598 static int 2599 zonecfg_add_auth_core(zone_dochandle_t handle, struct zone_admintab *tabptr, 2600 char *zonename) 2601 { 2602 xmlNodePtr newnode, cur = handle->zone_dh_cur; 2603 int err; 2604 2605 newnode = xmlNewTextChild(cur, NULL, DTD_ELEM_ADMIN, NULL); 2606 err = newprop(newnode, DTD_ATTR_USER, tabptr->zone_admin_user); 2607 if (err != Z_OK) 2608 return (err); 2609 err = newprop(newnode, DTD_ATTR_AUTHS, tabptr->zone_admin_auths); 2610 if (err != Z_OK) 2611 return (err); 2612 if ((err = zonecfg_remove_userauths( 2613 handle, tabptr->zone_admin_user, zonename, B_FALSE)) != Z_OK) 2614 return (err); 2615 return (Z_OK); 2616 } 2617 2618 int 2619 zonecfg_add_admin(zone_dochandle_t handle, struct zone_admintab *tabptr, 2620 char *zonename) 2621 { 2622 int err; 2623 2624 if (tabptr == NULL) 2625 return (Z_INVAL); 2626 2627 if ((err = operation_prep(handle)) != Z_OK) 2628 return (err); 2629 2630 if ((err = zonecfg_add_auth_core(handle, tabptr, 2631 zonename)) != Z_OK) 2632 return (err); 2633 2634 return (Z_OK); 2635 } 2636 static int 2637 zonecfg_delete_auth_core(zone_dochandle_t handle, struct zone_admintab *tabptr, 2638 char *zonename) 2639 { 2640 xmlNodePtr cur = handle->zone_dh_cur; 2641 boolean_t auth_match; 2642 int err; 2643 2644 for (cur = cur->xmlChildrenNode; cur != NULL; cur = cur->next) { 2645 if (xmlStrcmp(cur->name, DTD_ELEM_ADMIN)) 2646 continue; 2647 auth_match = match_prop(cur, DTD_ATTR_USER, 2648 tabptr->zone_admin_user); 2649 if (auth_match) { 2650 if ((err = zonecfg_insert_userauths( 2651 handle, tabptr->zone_admin_user, 2652 zonename)) != Z_OK) 2653 return (err); 2654 xmlUnlinkNode(cur); 2655 xmlFreeNode(cur); 2656 return (Z_OK); 2657 } 2658 } 2659 return (Z_NO_RESOURCE_ID); 2660 } 2661 2662 int 2663 zonecfg_delete_admin(zone_dochandle_t handle, struct zone_admintab *tabptr, 2664 char *zonename) 2665 { 2666 int err; 2667 2668 if (tabptr == NULL) 2669 return (Z_INVAL); 2670 2671 if ((err = operation_prep(handle)) != Z_OK) 2672 return (err); 2673 2674 if ((err = zonecfg_delete_auth_core(handle, tabptr, zonename)) != Z_OK) 2675 return (err); 2676 2677 return (Z_OK); 2678 } 2679 2680 int 2681 zonecfg_modify_admin(zone_dochandle_t handle, struct zone_admintab *oldtabptr, 2682 struct zone_admintab *newtabptr, char *zonename) 2683 { 2684 int err; 2685 2686 if (oldtabptr == NULL || newtabptr == NULL) 2687 return (Z_INVAL); 2688 2689 if ((err = operation_prep(handle)) != Z_OK) 2690 return (err); 2691 2692 if ((err = zonecfg_delete_auth_core(handle, oldtabptr, zonename)) 2693 != Z_OK) 2694 return (err); 2695 2696 if ((err = zonecfg_add_auth_core(handle, newtabptr, 2697 zonename)) != Z_OK) 2698 return (err); 2699 2700 return (Z_OK); 2701 } 2702 2703 int 2704 zonecfg_lookup_admin(zone_dochandle_t handle, struct zone_admintab *tabptr) 2705 { 2706 xmlNodePtr cur, firstmatch; 2707 int err; 2708 char user[MAXUSERNAME]; 2709 2710 if (tabptr == NULL) 2711 return (Z_INVAL); 2712 2713 if ((err = operation_prep(handle)) != Z_OK) 2714 return (err); 2715 2716 cur = handle->zone_dh_cur; 2717 firstmatch = NULL; 2718 for (cur = cur->xmlChildrenNode; cur != NULL; cur = cur->next) { 2719 if (xmlStrcmp(cur->name, DTD_ELEM_ADMIN)) 2720 continue; 2721 if (strlen(tabptr->zone_admin_user) > 0) { 2722 if ((fetchprop(cur, DTD_ATTR_USER, user, 2723 sizeof (user)) == Z_OK) && 2724 (strcmp(tabptr->zone_admin_user, user) == 0)) { 2725 if (firstmatch == NULL) 2726 firstmatch = cur; 2727 else 2728 return (Z_INSUFFICIENT_SPEC); 2729 } 2730 } 2731 } 2732 if (firstmatch == NULL) 2733 return (Z_NO_RESOURCE_ID); 2734 2735 cur = firstmatch; 2736 2737 if ((err = fetchprop(cur, DTD_ATTR_USER, tabptr->zone_admin_user, 2738 sizeof (tabptr->zone_admin_user))) != Z_OK) 2739 return (err); 2740 2741 if ((err = fetchprop(cur, DTD_ATTR_AUTHS, tabptr->zone_admin_auths, 2742 sizeof (tabptr->zone_admin_auths))) != Z_OK) 2743 return (err); 2744 2745 return (Z_OK); 2746 } 2747 2748 2749 /* Lock to serialize all devwalks */ 2750 static pthread_mutex_t zonecfg_devwalk_lock = PTHREAD_MUTEX_INITIALIZER; 2751 /* 2752 * Global variables used to pass data from zonecfg_dev_manifest to the nftw 2753 * call-back (zonecfg_devwalk_cb). g_devwalk_data is really the void* 2754 * parameter and g_devwalk_cb is really the *cb parameter from 2755 * zonecfg_dev_manifest. 2756 */ 2757 typedef struct __g_devwalk_data *g_devwalk_data_t; 2758 static g_devwalk_data_t g_devwalk_data; 2759 static int (*g_devwalk_cb)(const char *, uid_t, gid_t, mode_t, const char *, 2760 void *); 2761 static size_t g_devwalk_skip_prefix; 2762 2763 /* 2764 * zonecfg_dev_manifest call-back function used during detach to generate the 2765 * dev info in the manifest. 2766 */ 2767 static int 2768 get_detach_dev_entry(const char *name, uid_t uid, gid_t gid, mode_t mode, 2769 const char *acl, void *hdl) 2770 { 2771 zone_dochandle_t handle = (zone_dochandle_t)hdl; 2772 xmlNodePtr newnode; 2773 xmlNodePtr cur; 2774 int err; 2775 char buf[128]; 2776 2777 if ((err = operation_prep(handle)) != Z_OK) 2778 return (err); 2779 2780 cur = handle->zone_dh_cur; 2781 newnode = xmlNewTextChild(cur, NULL, DTD_ELEM_DEV_PERM, NULL); 2782 if ((err = newprop(newnode, DTD_ATTR_NAME, (char *)name)) != Z_OK) 2783 return (err); 2784 (void) snprintf(buf, sizeof (buf), "%lu", uid); 2785 if ((err = newprop(newnode, DTD_ATTR_UID, buf)) != Z_OK) 2786 return (err); 2787 (void) snprintf(buf, sizeof (buf), "%lu", gid); 2788 if ((err = newprop(newnode, DTD_ATTR_GID, buf)) != Z_OK) 2789 return (err); 2790 (void) snprintf(buf, sizeof (buf), "%o", mode); 2791 if ((err = newprop(newnode, DTD_ATTR_MODE, buf)) != Z_OK) 2792 return (err); 2793 if ((err = newprop(newnode, DTD_ATTR_ACL, (char *)acl)) != Z_OK) 2794 return (err); 2795 return (Z_OK); 2796 } 2797 2798 /* 2799 * This is the nftw call-back function used by zonecfg_dev_manifest. It is 2800 * responsible for calling the actual call-back. 2801 */ 2802 /* ARGSUSED2 */ 2803 static int 2804 zonecfg_devwalk_cb(const char *path, const struct stat *st, int f, 2805 struct FTW *ftw) 2806 { 2807 acl_t *acl; 2808 char *acl_txt = NULL; 2809 2810 /* skip all but character and block devices */ 2811 if (!S_ISBLK(st->st_mode) && !S_ISCHR(st->st_mode)) 2812 return (0); 2813 2814 if ((acl_get(path, ACL_NO_TRIVIAL, &acl) == 0) && 2815 acl != NULL) { 2816 acl_txt = acl_totext(acl, ACL_NORESOLVE); 2817 acl_free(acl); 2818 } 2819 2820 if (strlen(path) <= g_devwalk_skip_prefix) 2821 return (0); 2822 2823 g_devwalk_cb(path + g_devwalk_skip_prefix, st->st_uid, st->st_gid, 2824 st->st_mode & S_IAMB, acl_txt != NULL ? acl_txt : "", 2825 g_devwalk_data); 2826 free(acl_txt); 2827 return (0); 2828 } 2829 2830 /* 2831 * Walk the dev tree for the zone specified by hdl and call the 2832 * get_detach_dev_entry call-back function for each entry in the tree. The 2833 * call-back will be passed the name, uid, gid, mode, acl string and the 2834 * handle input parameter for each dev entry. 2835 * 2836 * Data is passed to get_detach_dev_entry through the global variables 2837 * g_devwalk_data, *g_devwalk_cb, and g_devwalk_skip_prefix. The 2838 * zonecfg_devwalk_cb function will actually call get_detach_dev_entry. 2839 */ 2840 int 2841 zonecfg_dev_manifest(zone_dochandle_t hdl) 2842 { 2843 char path[MAXPATHLEN]; 2844 int ret; 2845 2846 if ((ret = zonecfg_get_zonepath(hdl, path, sizeof (path))) != Z_OK) 2847 return (ret); 2848 2849 if (strlcat(path, "/dev", sizeof (path)) >= sizeof (path)) 2850 return (Z_TOO_BIG); 2851 2852 /* 2853 * We have to serialize all devwalks in the same process 2854 * (which should be fine), since nftw() is so badly designed. 2855 */ 2856 (void) pthread_mutex_lock(&zonecfg_devwalk_lock); 2857 2858 g_devwalk_skip_prefix = strlen(path) + 1; 2859 g_devwalk_data = (g_devwalk_data_t)hdl; 2860 g_devwalk_cb = get_detach_dev_entry; 2861 (void) nftw(path, zonecfg_devwalk_cb, 0, FTW_PHYS); 2862 2863 (void) pthread_mutex_unlock(&zonecfg_devwalk_lock); 2864 return (Z_OK); 2865 } 2866 2867 /* 2868 * Update the owner, group, mode and acl on the specified dev (inpath) for 2869 * the zone (hdl). This function can be used to fix up the dev tree after 2870 * attaching a migrated zone. 2871 */ 2872 int 2873 zonecfg_devperms_apply(zone_dochandle_t hdl, const char *inpath, uid_t owner, 2874 gid_t group, mode_t mode, const char *acltxt) 2875 { 2876 int ret; 2877 char path[MAXPATHLEN]; 2878 struct stat st; 2879 acl_t *aclp; 2880 2881 if ((ret = zonecfg_get_zonepath(hdl, path, sizeof (path))) != Z_OK) 2882 return (ret); 2883 2884 if (strlcat(path, "/dev/", sizeof (path)) >= sizeof (path)) 2885 return (Z_TOO_BIG); 2886 if (strlcat(path, inpath, sizeof (path)) >= sizeof (path)) 2887 return (Z_TOO_BIG); 2888 2889 if (stat(path, &st) == -1) 2890 return (Z_INVAL); 2891 2892 /* make sure we're only touching device nodes */ 2893 if (!S_ISCHR(st.st_mode) && !S_ISBLK(st.st_mode)) 2894 return (Z_INVAL); 2895 2896 if (chown(path, owner, group) == -1) 2897 return (Z_SYSTEM); 2898 2899 if (chmod(path, mode) == -1) 2900 return (Z_SYSTEM); 2901 2902 if ((acltxt == NULL) || (strcmp(acltxt, "") == 0)) 2903 return (Z_OK); 2904 2905 if (acl_fromtext(acltxt, &aclp) != 0) { 2906 errno = EINVAL; 2907 return (Z_SYSTEM); 2908 } 2909 2910 errno = 0; 2911 if (acl_set(path, aclp) == -1) { 2912 free(aclp); 2913 return (Z_SYSTEM); 2914 } 2915 2916 free(aclp); 2917 return (Z_OK); 2918 } 2919 2920 /* 2921 * This function finds everything mounted under a zone's rootpath. 2922 * This returns the number of mounts under rootpath, or -1 on error. 2923 * callback is called once per mount found with the first argument 2924 * pointing to a mnttab structure containing the mount's information. 2925 * 2926 * If the callback function returns non-zero zonecfg_find_mounts 2927 * aborts with an error. 2928 */ 2929 int 2930 zonecfg_find_mounts(char *rootpath, int (*callback)(const struct mnttab *, 2931 void *), void *priv) { 2932 FILE *mnttab; 2933 struct mnttab m; 2934 size_t l; 2935 int zfsl; 2936 int rv = 0; 2937 char zfs_path[MAXPATHLEN]; 2938 2939 assert(rootpath != NULL); 2940 2941 if ((zfsl = snprintf(zfs_path, sizeof (zfs_path), "%s/.zfs/", rootpath)) 2942 >= sizeof (zfs_path)) 2943 return (-1); 2944 2945 l = strlen(rootpath); 2946 2947 mnttab = fopen("/etc/mnttab", "r"); 2948 2949 if (mnttab == NULL) 2950 return (-1); 2951 2952 if (ioctl(fileno(mnttab), MNTIOC_SHOWHIDDEN, NULL) < 0) { 2953 rv = -1; 2954 goto out; 2955 } 2956 2957 while (!getmntent(mnttab, &m)) { 2958 if ((strncmp(rootpath, m.mnt_mountp, l) == 0) && 2959 (m.mnt_mountp[l] == '/') && 2960 (strncmp(zfs_path, m.mnt_mountp, zfsl) != 0)) { 2961 rv++; 2962 if (callback == NULL) 2963 continue; 2964 if (callback(&m, priv)) { 2965 rv = -1; 2966 goto out; 2967 2968 } 2969 } 2970 } 2971 2972 out: 2973 (void) fclose(mnttab); 2974 return (rv); 2975 } 2976 2977 int 2978 zonecfg_lookup_attr(zone_dochandle_t handle, struct zone_attrtab *tabptr) 2979 { 2980 xmlNodePtr cur, firstmatch; 2981 int err; 2982 char name[MAXNAMELEN], type[MAXNAMELEN], value[MAXNAMELEN]; 2983 2984 if (tabptr == NULL) 2985 return (Z_INVAL); 2986 2987 if ((err = operation_prep(handle)) != Z_OK) 2988 return (err); 2989 2990 cur = handle->zone_dh_cur; 2991 firstmatch = NULL; 2992 for (cur = cur->xmlChildrenNode; cur != NULL; cur = cur->next) { 2993 if (xmlStrcmp(cur->name, DTD_ELEM_ATTR)) 2994 continue; 2995 if (strlen(tabptr->zone_attr_name) > 0) { 2996 if ((fetchprop(cur, DTD_ATTR_NAME, name, 2997 sizeof (name)) == Z_OK) && 2998 (strcmp(tabptr->zone_attr_name, name) == 0)) { 2999 if (firstmatch == NULL) 3000 firstmatch = cur; 3001 else 3002 return (Z_INSUFFICIENT_SPEC); 3003 } 3004 } 3005 if (strlen(tabptr->zone_attr_type) > 0) { 3006 if ((fetchprop(cur, DTD_ATTR_TYPE, type, 3007 sizeof (type)) == Z_OK)) { 3008 if (strcmp(tabptr->zone_attr_type, type) == 0) { 3009 if (firstmatch == NULL) 3010 firstmatch = cur; 3011 else if (firstmatch != cur) 3012 return (Z_INSUFFICIENT_SPEC); 3013 } else { 3014 /* 3015 * If another property matched but this 3016 * one doesn't then reset firstmatch. 3017 */ 3018 if (firstmatch == cur) 3019 firstmatch = NULL; 3020 } 3021 } 3022 } 3023 if (strlen(tabptr->zone_attr_value) > 0) { 3024 if ((fetchprop(cur, DTD_ATTR_VALUE, value, 3025 sizeof (value)) == Z_OK)) { 3026 if (strcmp(tabptr->zone_attr_value, value) == 3027 0) { 3028 if (firstmatch == NULL) 3029 firstmatch = cur; 3030 else if (firstmatch != cur) 3031 return (Z_INSUFFICIENT_SPEC); 3032 } else { 3033 /* 3034 * If another property matched but this 3035 * one doesn't then reset firstmatch. 3036 */ 3037 if (firstmatch == cur) 3038 firstmatch = NULL; 3039 } 3040 } 3041 } 3042 } 3043 if (firstmatch == NULL) 3044 return (Z_NO_RESOURCE_ID); 3045 3046 cur = firstmatch; 3047 3048 if ((err = fetchprop(cur, DTD_ATTR_NAME, tabptr->zone_attr_name, 3049 sizeof (tabptr->zone_attr_name))) != Z_OK) 3050 return (err); 3051 3052 if ((err = fetchprop(cur, DTD_ATTR_TYPE, tabptr->zone_attr_type, 3053 sizeof (tabptr->zone_attr_type))) != Z_OK) 3054 return (err); 3055 3056 if ((err = fetchprop(cur, DTD_ATTR_VALUE, tabptr->zone_attr_value, 3057 sizeof (tabptr->zone_attr_value))) != Z_OK) 3058 return (err); 3059 3060 return (Z_OK); 3061 } 3062 3063 static int 3064 zonecfg_add_attr_core(zone_dochandle_t handle, struct zone_attrtab *tabptr) 3065 { 3066 xmlNodePtr newnode, cur = handle->zone_dh_cur; 3067 int err; 3068 3069 newnode = xmlNewTextChild(cur, NULL, DTD_ELEM_ATTR, NULL); 3070 err = newprop(newnode, DTD_ATTR_NAME, tabptr->zone_attr_name); 3071 if (err != Z_OK) 3072 return (err); 3073 err = newprop(newnode, DTD_ATTR_TYPE, tabptr->zone_attr_type); 3074 if (err != Z_OK) 3075 return (err); 3076 err = newprop(newnode, DTD_ATTR_VALUE, tabptr->zone_attr_value); 3077 if (err != Z_OK) 3078 return (err); 3079 return (Z_OK); 3080 } 3081 3082 int 3083 zonecfg_add_attr(zone_dochandle_t handle, struct zone_attrtab *tabptr) 3084 { 3085 int err; 3086 3087 if (tabptr == NULL) 3088 return (Z_INVAL); 3089 3090 if ((err = operation_prep(handle)) != Z_OK) 3091 return (err); 3092 3093 if ((err = zonecfg_add_attr_core(handle, tabptr)) != Z_OK) 3094 return (err); 3095 3096 return (Z_OK); 3097 } 3098 3099 static int 3100 zonecfg_delete_attr_core(zone_dochandle_t handle, struct zone_attrtab *tabptr) 3101 { 3102 xmlNodePtr cur = handle->zone_dh_cur; 3103 int name_match, type_match, value_match; 3104 3105 for (cur = cur->xmlChildrenNode; cur != NULL; cur = cur->next) { 3106 if (xmlStrcmp(cur->name, DTD_ELEM_ATTR)) 3107 continue; 3108 3109 name_match = match_prop(cur, DTD_ATTR_NAME, 3110 tabptr->zone_attr_name); 3111 type_match = match_prop(cur, DTD_ATTR_TYPE, 3112 tabptr->zone_attr_type); 3113 value_match = match_prop(cur, DTD_ATTR_VALUE, 3114 tabptr->zone_attr_value); 3115 3116 if (name_match && type_match && value_match) { 3117 xmlUnlinkNode(cur); 3118 xmlFreeNode(cur); 3119 return (Z_OK); 3120 } 3121 } 3122 return (Z_NO_RESOURCE_ID); 3123 } 3124 3125 int 3126 zonecfg_delete_attr(zone_dochandle_t handle, struct zone_attrtab *tabptr) 3127 { 3128 int err; 3129 3130 if (tabptr == NULL) 3131 return (Z_INVAL); 3132 3133 if ((err = operation_prep(handle)) != Z_OK) 3134 return (err); 3135 3136 if ((err = zonecfg_delete_attr_core(handle, tabptr)) != Z_OK) 3137 return (err); 3138 3139 return (Z_OK); 3140 } 3141 3142 int 3143 zonecfg_modify_attr( 3144 zone_dochandle_t handle, 3145 struct zone_attrtab *oldtabptr, 3146 struct zone_attrtab *newtabptr) 3147 { 3148 int err; 3149 3150 if (oldtabptr == NULL || newtabptr == NULL) 3151 return (Z_INVAL); 3152 3153 if ((err = operation_prep(handle)) != Z_OK) 3154 return (err); 3155 3156 if ((err = zonecfg_delete_attr_core(handle, oldtabptr)) != Z_OK) 3157 return (err); 3158 3159 if ((err = zonecfg_add_attr_core(handle, newtabptr)) != Z_OK) 3160 return (err); 3161 3162 return (Z_OK); 3163 } 3164 3165 int 3166 zonecfg_get_attr_boolean(const struct zone_attrtab *attr, boolean_t *value) 3167 { 3168 if (attr == NULL) 3169 return (Z_INVAL); 3170 3171 if (strcmp(attr->zone_attr_type, DTD_ENTITY_BOOLEAN) != 0) 3172 return (Z_INVAL); 3173 3174 if (strcmp(attr->zone_attr_value, DTD_ENTITY_TRUE) == 0) { 3175 *value = B_TRUE; 3176 return (Z_OK); 3177 } 3178 if (strcmp(attr->zone_attr_value, DTD_ENTITY_FALSE) == 0) { 3179 *value = B_FALSE; 3180 return (Z_OK); 3181 } 3182 return (Z_INVAL); 3183 } 3184 3185 int 3186 zonecfg_get_attr_int(const struct zone_attrtab *attr, int64_t *value) 3187 { 3188 long long result; 3189 char *endptr; 3190 3191 if (attr == NULL) 3192 return (Z_INVAL); 3193 3194 if (strcmp(attr->zone_attr_type, DTD_ENTITY_INT) != 0) 3195 return (Z_INVAL); 3196 3197 errno = 0; 3198 result = strtoll(attr->zone_attr_value, &endptr, 10); 3199 if (errno != 0 || *endptr != '\0') 3200 return (Z_INVAL); 3201 *value = result; 3202 return (Z_OK); 3203 } 3204 3205 int 3206 zonecfg_get_attr_string(const struct zone_attrtab *attr, char *value, 3207 size_t val_sz) 3208 { 3209 if (attr == NULL) 3210 return (Z_INVAL); 3211 3212 if (strcmp(attr->zone_attr_type, DTD_ENTITY_STRING) != 0) 3213 return (Z_INVAL); 3214 3215 if (strlcpy(value, attr->zone_attr_value, val_sz) >= val_sz) 3216 return (Z_TOO_BIG); 3217 return (Z_OK); 3218 } 3219 3220 int 3221 zonecfg_get_attr_uint(const struct zone_attrtab *attr, uint64_t *value) 3222 { 3223 unsigned long long result; 3224 long long neg_result; 3225 char *endptr; 3226 3227 if (attr == NULL) 3228 return (Z_INVAL); 3229 3230 if (strcmp(attr->zone_attr_type, DTD_ENTITY_UINT) != 0) 3231 return (Z_INVAL); 3232 3233 errno = 0; 3234 result = strtoull(attr->zone_attr_value, &endptr, 10); 3235 if (errno != 0 || *endptr != '\0') 3236 return (Z_INVAL); 3237 errno = 0; 3238 neg_result = strtoll(attr->zone_attr_value, &endptr, 10); 3239 /* 3240 * Incredibly, strtoull("<negative number>", ...) will not fail but 3241 * return whatever (negative) number cast as a u_longlong_t, so we 3242 * need to look for this here. 3243 */ 3244 if (errno == 0 && neg_result < 0) 3245 return (Z_INVAL); 3246 *value = result; 3247 return (Z_OK); 3248 } 3249 3250 int 3251 zonecfg_lookup_rctl(zone_dochandle_t handle, struct zone_rctltab *tabptr) 3252 { 3253 xmlNodePtr cur, val; 3254 char savedname[MAXNAMELEN]; 3255 struct zone_rctlvaltab *valptr; 3256 int err; 3257 3258 if (strlen(tabptr->zone_rctl_name) == 0) 3259 return (Z_INVAL); 3260 3261 if ((err = operation_prep(handle)) != Z_OK) 3262 return (err); 3263 3264 cur = handle->zone_dh_cur; 3265 for (cur = cur->xmlChildrenNode; cur != NULL; cur = cur->next) { 3266 if (xmlStrcmp(cur->name, DTD_ELEM_RCTL)) 3267 continue; 3268 if ((fetchprop(cur, DTD_ATTR_NAME, savedname, 3269 sizeof (savedname)) == Z_OK) && 3270 (strcmp(savedname, tabptr->zone_rctl_name) == 0)) { 3271 tabptr->zone_rctl_valptr = NULL; 3272 for (val = cur->xmlChildrenNode; val != NULL; 3273 val = val->next) { 3274 valptr = (struct zone_rctlvaltab *)malloc( 3275 sizeof (struct zone_rctlvaltab)); 3276 if (valptr == NULL) 3277 return (Z_NOMEM); 3278 if ((fetchprop(val, DTD_ATTR_PRIV, 3279 valptr->zone_rctlval_priv, 3280 sizeof (valptr->zone_rctlval_priv)) != 3281 Z_OK)) 3282 break; 3283 if ((fetchprop(val, DTD_ATTR_LIMIT, 3284 valptr->zone_rctlval_limit, 3285 sizeof (valptr->zone_rctlval_limit)) != 3286 Z_OK)) 3287 break; 3288 if ((fetchprop(val, DTD_ATTR_ACTION, 3289 valptr->zone_rctlval_action, 3290 sizeof (valptr->zone_rctlval_action)) != 3291 Z_OK)) 3292 break; 3293 if (zonecfg_add_rctl_value(tabptr, valptr) != 3294 Z_OK) 3295 break; 3296 } 3297 return (Z_OK); 3298 } 3299 } 3300 return (Z_NO_RESOURCE_ID); 3301 } 3302 3303 static int 3304 zonecfg_add_rctl_core(zone_dochandle_t handle, struct zone_rctltab *tabptr) 3305 { 3306 xmlNodePtr newnode, cur = handle->zone_dh_cur, valnode; 3307 struct zone_rctlvaltab *valptr; 3308 int err; 3309 3310 newnode = xmlNewTextChild(cur, NULL, DTD_ELEM_RCTL, NULL); 3311 err = newprop(newnode, DTD_ATTR_NAME, tabptr->zone_rctl_name); 3312 if (err != Z_OK) 3313 return (err); 3314 for (valptr = tabptr->zone_rctl_valptr; valptr != NULL; 3315 valptr = valptr->zone_rctlval_next) { 3316 valnode = xmlNewTextChild(newnode, NULL, 3317 DTD_ELEM_RCTLVALUE, NULL); 3318 err = newprop(valnode, DTD_ATTR_PRIV, 3319 valptr->zone_rctlval_priv); 3320 if (err != Z_OK) 3321 return (err); 3322 err = newprop(valnode, DTD_ATTR_LIMIT, 3323 valptr->zone_rctlval_limit); 3324 if (err != Z_OK) 3325 return (err); 3326 err = newprop(valnode, DTD_ATTR_ACTION, 3327 valptr->zone_rctlval_action); 3328 if (err != Z_OK) 3329 return (err); 3330 } 3331 return (Z_OK); 3332 } 3333 3334 int 3335 zonecfg_add_rctl(zone_dochandle_t handle, struct zone_rctltab *tabptr) 3336 { 3337 int err; 3338 3339 if (tabptr == NULL) 3340 return (Z_INVAL); 3341 3342 if ((err = operation_prep(handle)) != Z_OK) 3343 return (err); 3344 3345 if ((err = zonecfg_add_rctl_core(handle, tabptr)) != Z_OK) 3346 return (err); 3347 3348 return (Z_OK); 3349 } 3350 3351 static int 3352 zonecfg_delete_rctl_core(zone_dochandle_t handle, struct zone_rctltab *tabptr) 3353 { 3354 xmlNodePtr cur = handle->zone_dh_cur; 3355 xmlChar *savedname; 3356 int name_result; 3357 3358 for (cur = cur->xmlChildrenNode; cur != NULL; cur = cur->next) { 3359 if (xmlStrcmp(cur->name, DTD_ELEM_RCTL)) 3360 continue; 3361 3362 savedname = xmlGetProp(cur, DTD_ATTR_NAME); 3363 if (savedname == NULL) /* shouldn't happen */ 3364 continue; 3365 name_result = xmlStrcmp(savedname, 3366 (const xmlChar *) tabptr->zone_rctl_name); 3367 xmlFree(savedname); 3368 3369 if (name_result == 0) { 3370 xmlUnlinkNode(cur); 3371 xmlFreeNode(cur); 3372 return (Z_OK); 3373 } 3374 } 3375 return (Z_NO_RESOURCE_ID); 3376 } 3377 3378 int 3379 zonecfg_delete_rctl(zone_dochandle_t handle, struct zone_rctltab *tabptr) 3380 { 3381 int err; 3382 3383 if (tabptr == NULL) 3384 return (Z_INVAL); 3385 3386 if ((err = operation_prep(handle)) != Z_OK) 3387 return (err); 3388 3389 if ((err = zonecfg_delete_rctl_core(handle, tabptr)) != Z_OK) 3390 return (err); 3391 3392 return (Z_OK); 3393 } 3394 3395 int 3396 zonecfg_modify_rctl( 3397 zone_dochandle_t handle, 3398 struct zone_rctltab *oldtabptr, 3399 struct zone_rctltab *newtabptr) 3400 { 3401 int err; 3402 3403 if (oldtabptr == NULL || newtabptr == NULL) 3404 return (Z_INVAL); 3405 3406 if ((err = operation_prep(handle)) != Z_OK) 3407 return (err); 3408 3409 if ((err = zonecfg_delete_rctl_core(handle, oldtabptr)) != Z_OK) 3410 return (err); 3411 3412 if ((err = zonecfg_add_rctl_core(handle, newtabptr)) != Z_OK) 3413 return (err); 3414 3415 return (Z_OK); 3416 } 3417 3418 int 3419 zonecfg_add_rctl_value( 3420 struct zone_rctltab *tabptr, 3421 struct zone_rctlvaltab *valtabptr) 3422 { 3423 struct zone_rctlvaltab *last, *old, *new; 3424 rctlblk_t *rctlblk = alloca(rctlblk_size()); 3425 3426 last = tabptr->zone_rctl_valptr; 3427 for (old = last; old != NULL; old = old->zone_rctlval_next) 3428 last = old; /* walk to the end of the list */ 3429 new = valtabptr; /* alloc'd by caller */ 3430 new->zone_rctlval_next = NULL; 3431 if (zonecfg_construct_rctlblk(valtabptr, rctlblk) != Z_OK) 3432 return (Z_INVAL); 3433 if (!zonecfg_valid_rctlblk(rctlblk)) 3434 return (Z_INVAL); 3435 if (last == NULL) 3436 tabptr->zone_rctl_valptr = new; 3437 else 3438 last->zone_rctlval_next = new; 3439 return (Z_OK); 3440 } 3441 3442 int 3443 zonecfg_remove_rctl_value( 3444 struct zone_rctltab *tabptr, 3445 struct zone_rctlvaltab *valtabptr) 3446 { 3447 struct zone_rctlvaltab *last, *this, *next; 3448 3449 last = tabptr->zone_rctl_valptr; 3450 for (this = last; this != NULL; this = this->zone_rctlval_next) { 3451 if (strcmp(this->zone_rctlval_priv, 3452 valtabptr->zone_rctlval_priv) == 0 && 3453 strcmp(this->zone_rctlval_limit, 3454 valtabptr->zone_rctlval_limit) == 0 && 3455 strcmp(this->zone_rctlval_action, 3456 valtabptr->zone_rctlval_action) == 0) { 3457 next = this->zone_rctlval_next; 3458 if (this == tabptr->zone_rctl_valptr) 3459 tabptr->zone_rctl_valptr = next; 3460 else 3461 last->zone_rctlval_next = next; 3462 free(this); 3463 return (Z_OK); 3464 } else 3465 last = this; 3466 } 3467 return (Z_NO_PROPERTY_ID); 3468 } 3469 3470 void 3471 zonecfg_set_swinv(zone_dochandle_t handle) 3472 { 3473 handle->zone_dh_sw_inv = B_TRUE; 3474 } 3475 3476 /* 3477 * Add the pkg to the sw inventory on the handle. 3478 */ 3479 int 3480 zonecfg_add_pkg(zone_dochandle_t handle, char *name, char *version) 3481 { 3482 xmlNodePtr newnode; 3483 xmlNodePtr cur; 3484 int err; 3485 3486 if ((err = operation_prep(handle)) != Z_OK) 3487 return (err); 3488 3489 cur = handle->zone_dh_cur; 3490 newnode = xmlNewTextChild(cur, NULL, DTD_ELEM_PACKAGE, NULL); 3491 if ((err = newprop(newnode, DTD_ATTR_NAME, name)) != Z_OK) 3492 return (err); 3493 if ((err = newprop(newnode, DTD_ATTR_VERSION, version)) != Z_OK) 3494 return (err); 3495 return (Z_OK); 3496 } 3497 3498 char * 3499 zonecfg_strerror(int errnum) 3500 { 3501 switch (errnum) { 3502 case Z_OK: 3503 return (dgettext(TEXT_DOMAIN, "OK")); 3504 case Z_EMPTY_DOCUMENT: 3505 return (dgettext(TEXT_DOMAIN, "Empty document")); 3506 case Z_WRONG_DOC_TYPE: 3507 return (dgettext(TEXT_DOMAIN, "Wrong document type")); 3508 case Z_BAD_PROPERTY: 3509 return (dgettext(TEXT_DOMAIN, "Bad document property")); 3510 case Z_TEMP_FILE: 3511 return (dgettext(TEXT_DOMAIN, 3512 "Problem creating temporary file")); 3513 case Z_SAVING_FILE: 3514 return (dgettext(TEXT_DOMAIN, "Problem saving file")); 3515 case Z_NO_ENTRY: 3516 return (dgettext(TEXT_DOMAIN, "No such entry")); 3517 case Z_BOGUS_ZONE_NAME: 3518 return (dgettext(TEXT_DOMAIN, "Bogus zone name")); 3519 case Z_REQD_RESOURCE_MISSING: 3520 return (dgettext(TEXT_DOMAIN, "Required resource missing")); 3521 case Z_REQD_PROPERTY_MISSING: 3522 return (dgettext(TEXT_DOMAIN, "Required property missing")); 3523 case Z_BAD_HANDLE: 3524 return (dgettext(TEXT_DOMAIN, "Bad handle")); 3525 case Z_NOMEM: 3526 return (dgettext(TEXT_DOMAIN, "Out of memory")); 3527 case Z_INVAL: 3528 return (dgettext(TEXT_DOMAIN, "Invalid argument")); 3529 case Z_ACCES: 3530 return (dgettext(TEXT_DOMAIN, "Permission denied")); 3531 case Z_TOO_BIG: 3532 return (dgettext(TEXT_DOMAIN, "Argument list too long")); 3533 case Z_MISC_FS: 3534 return (dgettext(TEXT_DOMAIN, 3535 "Miscellaneous file system error")); 3536 case Z_NO_ZONE: 3537 return (dgettext(TEXT_DOMAIN, "No such zone configured")); 3538 case Z_NO_RESOURCE_TYPE: 3539 return (dgettext(TEXT_DOMAIN, "No such resource type")); 3540 case Z_NO_RESOURCE_ID: 3541 return (dgettext(TEXT_DOMAIN, "No such resource with that id")); 3542 case Z_NO_PROPERTY_TYPE: 3543 return (dgettext(TEXT_DOMAIN, "No such property type")); 3544 case Z_NO_PROPERTY_ID: 3545 return (dgettext(TEXT_DOMAIN, "No such property with that id")); 3546 case Z_BAD_ZONE_STATE: 3547 return (dgettext(TEXT_DOMAIN, 3548 "Zone state is invalid for the requested operation")); 3549 case Z_INVALID_DOCUMENT: 3550 return (dgettext(TEXT_DOMAIN, "Invalid document")); 3551 case Z_NAME_IN_USE: 3552 return (dgettext(TEXT_DOMAIN, "Zone name already in use")); 3553 case Z_NO_SUCH_ID: 3554 return (dgettext(TEXT_DOMAIN, "No such zone ID")); 3555 case Z_UPDATING_INDEX: 3556 return (dgettext(TEXT_DOMAIN, "Problem updating index file")); 3557 case Z_LOCKING_FILE: 3558 return (dgettext(TEXT_DOMAIN, "Locking index file")); 3559 case Z_UNLOCKING_FILE: 3560 return (dgettext(TEXT_DOMAIN, "Unlocking index file")); 3561 case Z_INSUFFICIENT_SPEC: 3562 return (dgettext(TEXT_DOMAIN, "Insufficient specification")); 3563 case Z_RESOLVED_PATH: 3564 return (dgettext(TEXT_DOMAIN, "Resolved path mismatch")); 3565 case Z_IPV6_ADDR_PREFIX_LEN: 3566 return (dgettext(TEXT_DOMAIN, 3567 "IPv6 address missing required prefix length")); 3568 case Z_BOGUS_ADDRESS: 3569 return (dgettext(TEXT_DOMAIN, 3570 "Neither an IPv4 nor an IPv6 address nor a host name")); 3571 case Z_PRIV_PROHIBITED: 3572 return (dgettext(TEXT_DOMAIN, 3573 "Specified privilege is prohibited")); 3574 case Z_PRIV_REQUIRED: 3575 return (dgettext(TEXT_DOMAIN, 3576 "Required privilege is missing")); 3577 case Z_PRIV_UNKNOWN: 3578 return (dgettext(TEXT_DOMAIN, 3579 "Specified privilege is unknown")); 3580 case Z_BRAND_ERROR: 3581 return (dgettext(TEXT_DOMAIN, 3582 "Brand-specific error")); 3583 case Z_INCOMPATIBLE: 3584 return (dgettext(TEXT_DOMAIN, "Incompatible settings")); 3585 case Z_ALIAS_DISALLOW: 3586 return (dgettext(TEXT_DOMAIN, 3587 "An incompatible rctl already exists for this property")); 3588 case Z_CLEAR_DISALLOW: 3589 return (dgettext(TEXT_DOMAIN, 3590 "Clearing this property is not allowed")); 3591 case Z_POOL: 3592 return (dgettext(TEXT_DOMAIN, "libpool(3LIB) error")); 3593 case Z_POOLS_NOT_ACTIVE: 3594 return (dgettext(TEXT_DOMAIN, "Pools facility not active; " 3595 "zone will not be bound to pool")); 3596 case Z_POOL_ENABLE: 3597 return (dgettext(TEXT_DOMAIN, 3598 "Could not enable pools facility")); 3599 case Z_NO_POOL: 3600 return (dgettext(TEXT_DOMAIN, 3601 "Pool not found; using default pool")); 3602 case Z_POOL_CREATE: 3603 return (dgettext(TEXT_DOMAIN, 3604 "Could not create a temporary pool")); 3605 case Z_POOL_BIND: 3606 return (dgettext(TEXT_DOMAIN, "Could not bind zone to pool")); 3607 case Z_INVALID_PROPERTY: 3608 return (dgettext(TEXT_DOMAIN, "Specified property is invalid")); 3609 case Z_SYSTEM: 3610 return (strerror(errno)); 3611 default: 3612 return (dgettext(TEXT_DOMAIN, "Unknown error")); 3613 } 3614 } 3615 3616 /* 3617 * Note that the zonecfg_setXent() and zonecfg_endXent() calls are all the 3618 * same, as they just turn around and call zonecfg_setent() / zonecfg_endent(). 3619 */ 3620 3621 static int 3622 zonecfg_setent(zone_dochandle_t handle) 3623 { 3624 xmlNodePtr cur; 3625 int err; 3626 3627 if (handle == NULL) 3628 return (Z_INVAL); 3629 3630 if ((err = operation_prep(handle)) != Z_OK) { 3631 handle->zone_dh_cur = NULL; 3632 return (err); 3633 } 3634 cur = handle->zone_dh_cur; 3635 cur = cur->xmlChildrenNode; 3636 handle->zone_dh_cur = cur; 3637 return (Z_OK); 3638 } 3639 3640 static int 3641 zonecfg_endent(zone_dochandle_t handle) 3642 { 3643 if (handle == NULL) 3644 return (Z_INVAL); 3645 3646 handle->zone_dh_cur = handle->zone_dh_top; 3647 return (Z_OK); 3648 } 3649 3650 /* 3651 * Do the work required to manipulate a process through libproc. 3652 * If grab_process() returns no errors (0), then release_process() 3653 * must eventually be called. 3654 * 3655 * Return values: 3656 * 0 Successful creation of agent thread 3657 * 1 Error grabbing 3658 * 2 Error creating agent 3659 */ 3660 static int 3661 grab_process(pr_info_handle_t *p) 3662 { 3663 int ret; 3664 3665 if ((p->pr = Pgrab(p->pid, 0, &ret)) != NULL) { 3666 3667 if (Psetflags(p->pr, PR_RLC) != 0) { 3668 Prelease(p->pr, 0); 3669 return (1); 3670 } 3671 if (Pcreate_agent(p->pr) == 0) { 3672 return (0); 3673 3674 } else { 3675 Prelease(p->pr, 0); 3676 return (2); 3677 } 3678 } else { 3679 return (1); 3680 } 3681 } 3682 3683 /* 3684 * Release the specified process. This destroys the agent 3685 * and releases the process. If the process is NULL, nothing 3686 * is done. This function should only be called if grab_process() 3687 * has previously been called and returned success. 3688 * 3689 * This function is Pgrab-safe. 3690 */ 3691 static void 3692 release_process(struct ps_prochandle *Pr) 3693 { 3694 if (Pr == NULL) 3695 return; 3696 3697 Pdestroy_agent(Pr); 3698 Prelease(Pr, 0); 3699 } 3700 3701 static boolean_t 3702 grab_zone_proc(char *zonename, pr_info_handle_t *p) 3703 { 3704 DIR *dirp; 3705 struct dirent *dentp; 3706 zoneid_t zoneid; 3707 int pid_self; 3708 psinfo_t psinfo; 3709 3710 if (zone_get_id(zonename, &zoneid) != 0) 3711 return (B_FALSE); 3712 3713 pid_self = getpid(); 3714 3715 if ((dirp = opendir("/proc")) == NULL) 3716 return (B_FALSE); 3717 3718 while (dentp = readdir(dirp)) { 3719 p->pid = atoi(dentp->d_name); 3720 3721 /* Skip self */ 3722 if (p->pid == pid_self) 3723 continue; 3724 3725 if (proc_get_psinfo(p->pid, &psinfo) != 0) 3726 continue; 3727 3728 if (psinfo.pr_zoneid != zoneid) 3729 continue; 3730 3731 /* attempt to grab process */ 3732 if (grab_process(p) != 0) 3733 continue; 3734 3735 if (pr_getzoneid(p->pr) != zoneid) { 3736 release_process(p->pr); 3737 continue; 3738 } 3739 3740 (void) closedir(dirp); 3741 return (B_TRUE); 3742 } 3743 3744 (void) closedir(dirp); 3745 return (B_FALSE); 3746 } 3747 3748 static boolean_t 3749 get_priv_rctl(struct ps_prochandle *pr, char *name, rctlblk_t *rblk) 3750 { 3751 if (pr_getrctl(pr, name, NULL, rblk, RCTL_FIRST)) 3752 return (B_FALSE); 3753 3754 if (rctlblk_get_privilege(rblk) == RCPRIV_PRIVILEGED) 3755 return (B_TRUE); 3756 3757 while (pr_getrctl(pr, name, rblk, rblk, RCTL_NEXT) == 0) { 3758 if (rctlblk_get_privilege(rblk) == RCPRIV_PRIVILEGED) 3759 return (B_TRUE); 3760 } 3761 3762 return (B_FALSE); 3763 } 3764 3765 /* 3766 * Apply the current rctl settings to the specified, running zone. 3767 */ 3768 int 3769 zonecfg_apply_rctls(char *zone_name, zone_dochandle_t handle) 3770 { 3771 int err; 3772 int res = Z_OK; 3773 rctlblk_t *rblk; 3774 pr_info_handle_t p; 3775 struct zone_rctltab rctl; 3776 3777 if ((err = zonecfg_setrctlent(handle)) != Z_OK) 3778 return (err); 3779 3780 if ((rblk = (rctlblk_t *)malloc(rctlblk_size())) == NULL) { 3781 (void) zonecfg_endrctlent(handle); 3782 return (Z_NOMEM); 3783 } 3784 3785 if (!grab_zone_proc(zone_name, &p)) { 3786 (void) zonecfg_endrctlent(handle); 3787 free(rblk); 3788 return (Z_SYSTEM); 3789 } 3790 3791 while (zonecfg_getrctlent(handle, &rctl) == Z_OK) { 3792 char *rname; 3793 struct zone_rctlvaltab *valptr; 3794 3795 rname = rctl.zone_rctl_name; 3796 3797 /* first delete all current privileged settings for this rctl */ 3798 while (get_priv_rctl(p.pr, rname, rblk)) { 3799 if (pr_setrctl(p.pr, rname, NULL, rblk, RCTL_DELETE) != 3800 0) { 3801 res = Z_SYSTEM; 3802 goto done; 3803 } 3804 } 3805 3806 /* now set each new value for the rctl */ 3807 for (valptr = rctl.zone_rctl_valptr; valptr != NULL; 3808 valptr = valptr->zone_rctlval_next) { 3809 if ((err = zonecfg_construct_rctlblk(valptr, rblk)) 3810 != Z_OK) { 3811 res = errno = err; 3812 goto done; 3813 } 3814 3815 if (pr_setrctl(p.pr, rname, NULL, rblk, RCTL_INSERT)) { 3816 res = Z_SYSTEM; 3817 goto done; 3818 } 3819 } 3820 } 3821 3822 done: 3823 release_process(p.pr); 3824 free(rblk); 3825 (void) zonecfg_endrctlent(handle); 3826 3827 return (res); 3828 } 3829 3830 static const xmlChar * 3831 nm_to_dtd(char *nm) 3832 { 3833 if (strcmp(nm, "device") == 0) 3834 return (DTD_ELEM_DEVICE); 3835 if (strcmp(nm, "fs") == 0) 3836 return (DTD_ELEM_FS); 3837 if (strcmp(nm, "net") == 0) 3838 return (DTD_ELEM_NET); 3839 if (strcmp(nm, "attr") == 0) 3840 return (DTD_ELEM_ATTR); 3841 if (strcmp(nm, "rctl") == 0) 3842 return (DTD_ELEM_RCTL); 3843 if (strcmp(nm, "dataset") == 0) 3844 return (DTD_ELEM_DATASET); 3845 if (strcmp(nm, "admin") == 0) 3846 return (DTD_ELEM_ADMIN); 3847 3848 return (NULL); 3849 } 3850 3851 int 3852 zonecfg_num_resources(zone_dochandle_t handle, char *rsrc) 3853 { 3854 int num = 0; 3855 const xmlChar *dtd; 3856 xmlNodePtr cur; 3857 3858 if ((dtd = nm_to_dtd(rsrc)) == NULL) 3859 return (num); 3860 3861 if (zonecfg_setent(handle) != Z_OK) 3862 return (num); 3863 3864 for (cur = handle->zone_dh_cur; cur != NULL; cur = cur->next) 3865 if (xmlStrcmp(cur->name, dtd) == 0) 3866 num++; 3867 3868 (void) zonecfg_endent(handle); 3869 3870 return (num); 3871 } 3872 3873 int 3874 zonecfg_del_all_resources(zone_dochandle_t handle, char *rsrc) 3875 { 3876 int err; 3877 const xmlChar *dtd; 3878 xmlNodePtr cur; 3879 3880 if ((dtd = nm_to_dtd(rsrc)) == NULL) 3881 return (Z_NO_RESOURCE_TYPE); 3882 3883 if ((err = zonecfg_setent(handle)) != Z_OK) 3884 return (err); 3885 3886 cur = handle->zone_dh_cur; 3887 while (cur != NULL) { 3888 xmlNodePtr tmp; 3889 3890 if (xmlStrcmp(cur->name, dtd)) { 3891 cur = cur->next; 3892 continue; 3893 } 3894 3895 tmp = cur->next; 3896 xmlUnlinkNode(cur); 3897 xmlFreeNode(cur); 3898 cur = tmp; 3899 } 3900 3901 (void) zonecfg_endent(handle); 3902 return (Z_OK); 3903 } 3904 3905 static boolean_t 3906 valid_uint(char *s, uint64_t *n) 3907 { 3908 char *endp; 3909 3910 /* strtoull accepts '-'?! so we want to flag that as an error */ 3911 if (strchr(s, '-') != NULL) 3912 return (B_FALSE); 3913 3914 errno = 0; 3915 *n = strtoull(s, &endp, 10); 3916 3917 if (errno != 0 || *endp != '\0') 3918 return (B_FALSE); 3919 return (B_TRUE); 3920 } 3921 3922 /* 3923 * Convert a string representing a number (possibly a fraction) into an integer. 3924 * The string can have a modifier (K, M, G or T). The modifiers are treated 3925 * as powers of two (not 10). 3926 */ 3927 int 3928 zonecfg_str_to_bytes(char *str, uint64_t *bytes) 3929 { 3930 long double val; 3931 char *unitp; 3932 uint64_t scale; 3933 3934 if ((val = strtold(str, &unitp)) < 0) 3935 return (-1); 3936 3937 /* remove any leading white space from units string */ 3938 while (isspace(*unitp) != 0) 3939 ++unitp; 3940 3941 /* if no units explicitly set, error */ 3942 if (unitp == NULL || *unitp == '\0') { 3943 scale = 1; 3944 } else { 3945 int i; 3946 char *units[] = {"K", "M", "G", "T", NULL}; 3947 3948 scale = 1024; 3949 3950 /* update scale based on units */ 3951 for (i = 0; units[i] != NULL; i++) { 3952 if (strcasecmp(unitp, units[i]) == 0) 3953 break; 3954 scale <<= 10; 3955 } 3956 3957 if (units[i] == NULL) 3958 return (-1); 3959 } 3960 3961 *bytes = (uint64_t)(val * scale); 3962 return (0); 3963 } 3964 3965 boolean_t 3966 zonecfg_valid_ncpus(char *lowstr, char *highstr) 3967 { 3968 uint64_t low, high; 3969 3970 if (!valid_uint(lowstr, &low) || !valid_uint(highstr, &high) || 3971 low < 1 || low > high) 3972 return (B_FALSE); 3973 3974 return (B_TRUE); 3975 } 3976 3977 boolean_t 3978 zonecfg_valid_importance(char *impstr) 3979 { 3980 uint64_t num; 3981 3982 if (!valid_uint(impstr, &num)) 3983 return (B_FALSE); 3984 3985 return (B_TRUE); 3986 } 3987 3988 boolean_t 3989 zonecfg_valid_alias_limit(char *name, char *limitstr, uint64_t *limit) 3990 { 3991 int i; 3992 3993 for (i = 0; aliases[i].shortname != NULL; i++) 3994 if (strcmp(name, aliases[i].shortname) == 0) 3995 break; 3996 3997 if (aliases[i].shortname == NULL) 3998 return (B_FALSE); 3999 4000 if (!valid_uint(limitstr, limit) || *limit < aliases[i].low_limit) 4001 return (B_FALSE); 4002 4003 return (B_TRUE); 4004 } 4005 4006 boolean_t 4007 zonecfg_valid_memlimit(char *memstr, uint64_t *mem_val) 4008 { 4009 if (zonecfg_str_to_bytes(memstr, mem_val) != 0) 4010 return (B_FALSE); 4011 4012 return (B_TRUE); 4013 } 4014 4015 static int 4016 zerr_pool(char *pool_err, int err_size, int res) 4017 { 4018 (void) strlcpy(pool_err, pool_strerror(pool_error()), err_size); 4019 return (res); 4020 } 4021 4022 static int 4023 create_tmp_pset(char *pool_err, int err_size, pool_conf_t *pconf, pool_t *pool, 4024 char *name, int min, int max) 4025 { 4026 pool_resource_t *res; 4027 pool_elem_t *elem; 4028 pool_value_t *val; 4029 4030 if ((res = pool_resource_create(pconf, "pset", name)) == NULL) 4031 return (zerr_pool(pool_err, err_size, Z_POOL)); 4032 4033 if (pool_associate(pconf, pool, res) != PO_SUCCESS) 4034 return (zerr_pool(pool_err, err_size, Z_POOL)); 4035 4036 if ((elem = pool_resource_to_elem(pconf, res)) == NULL) 4037 return (zerr_pool(pool_err, err_size, Z_POOL)); 4038 4039 if ((val = pool_value_alloc()) == NULL) 4040 return (zerr_pool(pool_err, err_size, Z_POOL)); 4041 4042 /* set the maximum number of cpus for the pset */ 4043 pool_value_set_uint64(val, (uint64_t)max); 4044 4045 if (pool_put_property(pconf, elem, "pset.max", val) != PO_SUCCESS) { 4046 pool_value_free(val); 4047 return (zerr_pool(pool_err, err_size, Z_POOL)); 4048 } 4049 4050 /* set the minimum number of cpus for the pset */ 4051 pool_value_set_uint64(val, (uint64_t)min); 4052 4053 if (pool_put_property(pconf, elem, "pset.min", val) != PO_SUCCESS) { 4054 pool_value_free(val); 4055 return (zerr_pool(pool_err, err_size, Z_POOL)); 4056 } 4057 4058 pool_value_free(val); 4059 4060 return (Z_OK); 4061 } 4062 4063 static int 4064 create_tmp_pool(char *pool_err, int err_size, pool_conf_t *pconf, char *name, 4065 struct zone_psettab *pset_tab) 4066 { 4067 pool_t *pool; 4068 int res = Z_OK; 4069 4070 /* create a temporary pool configuration */ 4071 if (pool_conf_open(pconf, NULL, PO_TEMP) != PO_SUCCESS) { 4072 res = zerr_pool(pool_err, err_size, Z_POOL); 4073 return (res); 4074 } 4075 4076 if ((pool = pool_create(pconf, name)) == NULL) { 4077 res = zerr_pool(pool_err, err_size, Z_POOL_CREATE); 4078 goto done; 4079 } 4080 4081 /* set pool importance */ 4082 if (pset_tab->zone_importance[0] != '\0') { 4083 pool_elem_t *elem; 4084 pool_value_t *val; 4085 4086 if ((elem = pool_to_elem(pconf, pool)) == NULL) { 4087 res = zerr_pool(pool_err, err_size, Z_POOL); 4088 goto done; 4089 } 4090 4091 if ((val = pool_value_alloc()) == NULL) { 4092 res = zerr_pool(pool_err, err_size, Z_POOL); 4093 goto done; 4094 } 4095 4096 pool_value_set_int64(val, 4097 (int64_t)atoi(pset_tab->zone_importance)); 4098 4099 if (pool_put_property(pconf, elem, "pool.importance", val) 4100 != PO_SUCCESS) { 4101 res = zerr_pool(pool_err, err_size, Z_POOL); 4102 pool_value_free(val); 4103 goto done; 4104 } 4105 4106 pool_value_free(val); 4107 } 4108 4109 if ((res = create_tmp_pset(pool_err, err_size, pconf, pool, name, 4110 atoi(pset_tab->zone_ncpu_min), 4111 atoi(pset_tab->zone_ncpu_max))) != Z_OK) 4112 goto done; 4113 4114 /* validation */ 4115 if (pool_conf_status(pconf) == POF_INVALID) { 4116 res = zerr_pool(pool_err, err_size, Z_POOL); 4117 goto done; 4118 } 4119 4120 /* 4121 * This validation is the one we expect to fail if the user specified 4122 * an invalid configuration (too many cpus) for this system. 4123 */ 4124 if (pool_conf_validate(pconf, POV_RUNTIME) != PO_SUCCESS) { 4125 res = zerr_pool(pool_err, err_size, Z_POOL_CREATE); 4126 goto done; 4127 } 4128 4129 /* 4130 * Commit the dynamic configuration but not the pool configuration 4131 * file. 4132 */ 4133 if (pool_conf_commit(pconf, 1) != PO_SUCCESS) 4134 res = zerr_pool(pool_err, err_size, Z_POOL); 4135 4136 done: 4137 (void) pool_conf_close(pconf); 4138 return (res); 4139 } 4140 4141 static int 4142 get_running_tmp_pset(pool_conf_t *pconf, pool_t *pool, pool_resource_t *pset, 4143 struct zone_psettab *pset_tab) 4144 { 4145 int nfound = 0; 4146 pool_elem_t *pe; 4147 pool_value_t *pv = pool_value_alloc(); 4148 uint64_t val_uint; 4149 4150 if (pool != NULL) { 4151 pe = pool_to_elem(pconf, pool); 4152 if (pool_get_property(pconf, pe, "pool.importance", pv) 4153 != POC_INVAL) { 4154 int64_t val_int; 4155 4156 (void) pool_value_get_int64(pv, &val_int); 4157 (void) snprintf(pset_tab->zone_importance, 4158 sizeof (pset_tab->zone_importance), "%d", val_int); 4159 nfound++; 4160 } 4161 } 4162 4163 if (pset != NULL) { 4164 pe = pool_resource_to_elem(pconf, pset); 4165 if (pool_get_property(pconf, pe, "pset.min", pv) != POC_INVAL) { 4166 (void) pool_value_get_uint64(pv, &val_uint); 4167 (void) snprintf(pset_tab->zone_ncpu_min, 4168 sizeof (pset_tab->zone_ncpu_min), "%u", val_uint); 4169 nfound++; 4170 } 4171 4172 if (pool_get_property(pconf, pe, "pset.max", pv) != POC_INVAL) { 4173 (void) pool_value_get_uint64(pv, &val_uint); 4174 (void) snprintf(pset_tab->zone_ncpu_max, 4175 sizeof (pset_tab->zone_ncpu_max), "%u", val_uint); 4176 nfound++; 4177 } 4178 } 4179 4180 pool_value_free(pv); 4181 4182 if (nfound == 3) 4183 return (PO_SUCCESS); 4184 4185 return (PO_FAIL); 4186 } 4187 4188 /* 4189 * Determine if a tmp pool is configured and if so, if the configuration is 4190 * still valid or if it has been changed since the tmp pool was created. 4191 * If the tmp pool configuration is no longer valid, delete the tmp pool. 4192 * 4193 * Set *valid=B_TRUE if there is an existing, valid tmp pool configuration. 4194 */ 4195 static int 4196 verify_del_tmp_pool(pool_conf_t *pconf, char *tmp_name, char *pool_err, 4197 int err_size, struct zone_psettab *pset_tab, boolean_t *exists) 4198 { 4199 int res = Z_OK; 4200 pool_t *pool; 4201 pool_resource_t *pset; 4202 struct zone_psettab pset_current; 4203 4204 *exists = B_FALSE; 4205 4206 if (pool_conf_open(pconf, pool_dynamic_location(), PO_RDWR) 4207 != PO_SUCCESS) { 4208 res = zerr_pool(pool_err, err_size, Z_POOL); 4209 return (res); 4210 } 4211 4212 pool = pool_get_pool(pconf, tmp_name); 4213 pset = pool_get_resource(pconf, "pset", tmp_name); 4214 4215 if (pool == NULL && pset == NULL) { 4216 /* no tmp pool configured */ 4217 goto done; 4218 } 4219 4220 /* 4221 * If an existing tmp pool for this zone is configured with the proper 4222 * settings, then the tmp pool is valid. 4223 */ 4224 if (get_running_tmp_pset(pconf, pool, pset, &pset_current) 4225 == PO_SUCCESS && 4226 strcmp(pset_tab->zone_ncpu_min, 4227 pset_current.zone_ncpu_min) == 0 && 4228 strcmp(pset_tab->zone_ncpu_max, 4229 pset_current.zone_ncpu_max) == 0 && 4230 strcmp(pset_tab->zone_importance, 4231 pset_current.zone_importance) == 0) { 4232 *exists = B_TRUE; 4233 4234 } else { 4235 /* 4236 * An out-of-date tmp pool configuration exists. Delete it 4237 * so that we can create the correct tmp pool config. 4238 */ 4239 if (pset != NULL && 4240 pool_resource_destroy(pconf, pset) != PO_SUCCESS) { 4241 res = zerr_pool(pool_err, err_size, Z_POOL); 4242 goto done; 4243 } 4244 4245 if (pool != NULL && 4246 pool_destroy(pconf, pool) != PO_SUCCESS) { 4247 res = zerr_pool(pool_err, err_size, Z_POOL); 4248 goto done; 4249 } 4250 4251 /* commit dynamic config */ 4252 if (pool_conf_commit(pconf, 0) != PO_SUCCESS) 4253 res = zerr_pool(pool_err, err_size, Z_POOL); 4254 } 4255 4256 done: 4257 (void) pool_conf_close(pconf); 4258 4259 return (res); 4260 } 4261 4262 /* 4263 * Destroy any existing tmp pool. 4264 */ 4265 int 4266 zonecfg_destroy_tmp_pool(char *zone_name, char *pool_err, int err_size) 4267 { 4268 int status; 4269 int res = Z_OK; 4270 pool_conf_t *pconf; 4271 pool_t *pool; 4272 pool_resource_t *pset; 4273 char tmp_name[MAX_TMP_POOL_NAME]; 4274 4275 /* if pools not enabled then nothing to do */ 4276 if (pool_get_status(&status) != PO_SUCCESS || status != POOL_ENABLED) 4277 return (Z_OK); 4278 4279 if ((pconf = pool_conf_alloc()) == NULL) 4280 return (zerr_pool(pool_err, err_size, Z_POOL)); 4281 4282 (void) snprintf(tmp_name, sizeof (tmp_name), TMP_POOL_NAME, zone_name); 4283 4284 if (pool_conf_open(pconf, pool_dynamic_location(), PO_RDWR) 4285 != PO_SUCCESS) { 4286 res = zerr_pool(pool_err, err_size, Z_POOL); 4287 pool_conf_free(pconf); 4288 return (res); 4289 } 4290 4291 pool = pool_get_pool(pconf, tmp_name); 4292 pset = pool_get_resource(pconf, "pset", tmp_name); 4293 4294 if (pool == NULL && pset == NULL) { 4295 /* nothing to destroy, we're done */ 4296 goto done; 4297 } 4298 4299 if (pset != NULL && pool_resource_destroy(pconf, pset) != PO_SUCCESS) { 4300 res = zerr_pool(pool_err, err_size, Z_POOL); 4301 goto done; 4302 } 4303 4304 if (pool != NULL && pool_destroy(pconf, pool) != PO_SUCCESS) { 4305 res = zerr_pool(pool_err, err_size, Z_POOL); 4306 goto done; 4307 } 4308 4309 /* commit dynamic config */ 4310 if (pool_conf_commit(pconf, 0) != PO_SUCCESS) 4311 res = zerr_pool(pool_err, err_size, Z_POOL); 4312 4313 done: 4314 (void) pool_conf_close(pconf); 4315 pool_conf_free(pconf); 4316 4317 return (res); 4318 } 4319 4320 /* 4321 * Attempt to bind to a tmp pool for this zone. If there is no tmp pool 4322 * configured, we just return Z_OK. 4323 * 4324 * We either attempt to create the tmp pool for this zone or rebind to an 4325 * existing tmp pool for this zone. 4326 * 4327 * Rebinding is used when a zone with a tmp pool reboots so that we don't have 4328 * to recreate the tmp pool. To do this we need to be sure we work correctly 4329 * for the following cases: 4330 * 4331 * - there is an existing, properly configured tmp pool. 4332 * - zonecfg added tmp pool after zone was booted, must now create. 4333 * - zonecfg updated tmp pool config after zone was booted, in this case 4334 * we destroy the old tmp pool and create a new one. 4335 */ 4336 int 4337 zonecfg_bind_tmp_pool(zone_dochandle_t handle, zoneid_t zoneid, char *pool_err, 4338 int err_size) 4339 { 4340 struct zone_psettab pset_tab; 4341 int err; 4342 int status; 4343 pool_conf_t *pconf; 4344 boolean_t exists; 4345 char zone_name[ZONENAME_MAX]; 4346 char tmp_name[MAX_TMP_POOL_NAME]; 4347 4348 (void) getzonenamebyid(zoneid, zone_name, sizeof (zone_name)); 4349 4350 err = zonecfg_lookup_pset(handle, &pset_tab); 4351 4352 /* if no temporary pool configured, we're done */ 4353 if (err == Z_NO_ENTRY) 4354 return (Z_OK); 4355 4356 /* 4357 * importance might not have a value but we need to validate it here, 4358 * so set the default. 4359 */ 4360 if (pset_tab.zone_importance[0] == '\0') 4361 (void) strlcpy(pset_tab.zone_importance, "1", 4362 sizeof (pset_tab.zone_importance)); 4363 4364 /* if pools not enabled, enable them now */ 4365 if (pool_get_status(&status) != PO_SUCCESS || status != POOL_ENABLED) { 4366 if (pool_set_status(POOL_ENABLED) != PO_SUCCESS) 4367 return (Z_POOL_ENABLE); 4368 } 4369 4370 if ((pconf = pool_conf_alloc()) == NULL) 4371 return (zerr_pool(pool_err, err_size, Z_POOL)); 4372 4373 (void) snprintf(tmp_name, sizeof (tmp_name), TMP_POOL_NAME, zone_name); 4374 4375 /* 4376 * Check if a valid tmp pool/pset already exists. If so, we just 4377 * reuse it. 4378 */ 4379 if ((err = verify_del_tmp_pool(pconf, tmp_name, pool_err, err_size, 4380 &pset_tab, &exists)) != Z_OK) { 4381 pool_conf_free(pconf); 4382 return (err); 4383 } 4384 4385 if (!exists) 4386 err = create_tmp_pool(pool_err, err_size, pconf, tmp_name, 4387 &pset_tab); 4388 4389 pool_conf_free(pconf); 4390 4391 if (err != Z_OK) 4392 return (err); 4393 4394 /* Bind the zone to the pool. */ 4395 if (pool_set_binding(tmp_name, P_ZONEID, zoneid) != PO_SUCCESS) 4396 return (zerr_pool(pool_err, err_size, Z_POOL_BIND)); 4397 4398 return (Z_OK); 4399 } 4400 4401 /* 4402 * Attempt to bind to a permanent pool for this zone. If there is no 4403 * permanent pool configured, we just return Z_OK. 4404 */ 4405 int 4406 zonecfg_bind_pool(zone_dochandle_t handle, zoneid_t zoneid, char *pool_err, 4407 int err_size) 4408 { 4409 pool_conf_t *poolconf; 4410 pool_t *pool; 4411 char poolname[MAXPATHLEN]; 4412 int status; 4413 int error; 4414 4415 /* 4416 * Find the pool mentioned in the zone configuration, and bind to it. 4417 */ 4418 error = zonecfg_get_pool(handle, poolname, sizeof (poolname)); 4419 if (error == Z_NO_ENTRY || (error == Z_OK && strlen(poolname) == 0)) { 4420 /* 4421 * The property is not set on the zone, so the pool 4422 * should be bound to the default pool. But that's 4423 * already done by the kernel, so we can just return. 4424 */ 4425 return (Z_OK); 4426 } 4427 if (error != Z_OK) { 4428 /* 4429 * Not an error, even though it shouldn't be happening. 4430 */ 4431 return (Z_OK); 4432 } 4433 /* 4434 * Don't do anything if pools aren't enabled. 4435 */ 4436 if (pool_get_status(&status) != PO_SUCCESS || status != POOL_ENABLED) 4437 return (Z_POOLS_NOT_ACTIVE); 4438 4439 /* 4440 * Try to provide a sane error message if the requested pool doesn't 4441 * exist. 4442 */ 4443 if ((poolconf = pool_conf_alloc()) == NULL) 4444 return (zerr_pool(pool_err, err_size, Z_POOL)); 4445 4446 if (pool_conf_open(poolconf, pool_dynamic_location(), PO_RDONLY) != 4447 PO_SUCCESS) { 4448 pool_conf_free(poolconf); 4449 return (zerr_pool(pool_err, err_size, Z_POOL)); 4450 } 4451 pool = pool_get_pool(poolconf, poolname); 4452 (void) pool_conf_close(poolconf); 4453 pool_conf_free(poolconf); 4454 if (pool == NULL) 4455 return (Z_NO_POOL); 4456 4457 /* 4458 * Bind the zone to the pool. 4459 */ 4460 if (pool_set_binding(poolname, P_ZONEID, zoneid) != PO_SUCCESS) { 4461 /* if bind fails, return poolname for the error msg */ 4462 (void) strlcpy(pool_err, poolname, err_size); 4463 return (Z_POOL_BIND); 4464 } 4465 4466 return (Z_OK); 4467 } 4468 4469 int 4470 zonecfg_get_poolname(zone_dochandle_t handle, char *zone, char *pool, 4471 size_t poolsize) 4472 { 4473 int err; 4474 struct zone_psettab pset_tab; 4475 4476 err = zonecfg_lookup_pset(handle, &pset_tab); 4477 if ((err != Z_NO_ENTRY) && (err != Z_OK)) 4478 return (err); 4479 4480 /* pset was found so a temporary pool was created */ 4481 if (err == Z_OK) { 4482 (void) snprintf(pool, poolsize, TMP_POOL_NAME, zone); 4483 return (Z_OK); 4484 } 4485 4486 /* lookup the poolname in zonecfg */ 4487 return (zonecfg_get_pool(handle, pool, poolsize)); 4488 } 4489 4490 static boolean_t 4491 svc_enabled(char *svc_name) 4492 { 4493 scf_simple_prop_t *prop; 4494 boolean_t found = B_FALSE; 4495 4496 prop = scf_simple_prop_get(NULL, svc_name, SCF_PG_GENERAL, 4497 SCF_PROPERTY_ENABLED); 4498 4499 if (scf_simple_prop_numvalues(prop) == 1 && 4500 *scf_simple_prop_next_boolean(prop) != 0) 4501 found = B_TRUE; 4502 4503 scf_simple_prop_free(prop); 4504 4505 return (found); 4506 } 4507 4508 /* 4509 * If the zone has capped-memory, make sure the rcap service is enabled. 4510 */ 4511 int 4512 zonecfg_enable_rcapd(char *err, int size) 4513 { 4514 if (!svc_enabled(RCAP_SERVICE) && 4515 smf_enable_instance(RCAP_SERVICE, 0) == -1) { 4516 (void) strlcpy(err, scf_strerror(scf_error()), size); 4517 return (Z_SYSTEM); 4518 } 4519 4520 return (Z_OK); 4521 } 4522 4523 /* 4524 * Return true if pset has cpu range specified and poold is not enabled. 4525 */ 4526 boolean_t 4527 zonecfg_warn_poold(zone_dochandle_t handle) 4528 { 4529 struct zone_psettab pset_tab; 4530 int min, max; 4531 int err; 4532 4533 err = zonecfg_lookup_pset(handle, &pset_tab); 4534 4535 /* if no temporary pool configured, we're done */ 4536 if (err == Z_NO_ENTRY) 4537 return (B_FALSE); 4538 4539 min = atoi(pset_tab.zone_ncpu_min); 4540 max = atoi(pset_tab.zone_ncpu_max); 4541 4542 /* range not specified, no need for poold */ 4543 if (min == max) 4544 return (B_FALSE); 4545 4546 /* we have a range, check if poold service is enabled */ 4547 if (svc_enabled(POOLD_SERVICE)) 4548 return (B_FALSE); 4549 4550 return (B_TRUE); 4551 } 4552 4553 /* 4554 * Retrieve the specified pool's thread scheduling class. 'poolname' must 4555 * refer to the name of a configured resource pool. The thread scheduling 4556 * class specified by the pool will be stored in the buffer to which 'class' 4557 * points. 'clsize' is the byte size of the buffer to which 'class' points. 4558 * 4559 * This function returns Z_OK if it successfully stored the specified pool's 4560 * thread scheduling class into the buffer to which 'class' points. It returns 4561 * Z_NO_POOL if resource pools are not enabled, the function is unable to 4562 * access the system's resource pools configuration, or the specified pool 4563 * does not exist. The function returns Z_TOO_BIG if the buffer to which 4564 * 'class' points is not large enough to contain the thread scheduling class' 4565 * name. The function returns Z_NO_ENTRY if the pool does not specify a thread 4566 * scheduling class. 4567 */ 4568 static int 4569 get_pool_sched_class(char *poolname, char *class, int clsize) 4570 { 4571 int status; 4572 pool_conf_t *poolconf; 4573 pool_t *pool; 4574 pool_elem_t *pe; 4575 pool_value_t *pv = pool_value_alloc(); 4576 const char *sched_str; 4577 4578 if (pool_get_status(&status) != PO_SUCCESS || status != POOL_ENABLED) 4579 return (Z_NO_POOL); 4580 4581 if ((poolconf = pool_conf_alloc()) == NULL) 4582 return (Z_NO_POOL); 4583 4584 if (pool_conf_open(poolconf, pool_dynamic_location(), PO_RDONLY) != 4585 PO_SUCCESS) { 4586 pool_conf_free(poolconf); 4587 return (Z_NO_POOL); 4588 } 4589 4590 if ((pool = pool_get_pool(poolconf, poolname)) == NULL) { 4591 (void) pool_conf_close(poolconf); 4592 pool_conf_free(poolconf); 4593 return (Z_NO_POOL); 4594 } 4595 4596 pe = pool_to_elem(poolconf, pool); 4597 if (pool_get_property(poolconf, pe, "pool.scheduler", pv) != 4598 POC_STRING) { 4599 (void) pool_conf_close(poolconf); 4600 pool_conf_free(poolconf); 4601 return (Z_NO_ENTRY); 4602 } 4603 (void) pool_value_get_string(pv, &sched_str); 4604 (void) pool_conf_close(poolconf); 4605 pool_conf_free(poolconf); 4606 if (strlcpy(class, sched_str, clsize) >= clsize) 4607 return (Z_TOO_BIG); 4608 return (Z_OK); 4609 } 4610 4611 /* 4612 * Get the default scheduling class for the zone. This will either be the 4613 * class set on the zone's pool or the system default scheduling class. 4614 */ 4615 int 4616 zonecfg_get_dflt_sched_class(zone_dochandle_t handle, char *class, int clsize) 4617 { 4618 char poolname[MAXPATHLEN]; 4619 4620 if (zonecfg_get_pool(handle, poolname, sizeof (poolname)) == Z_OK) { 4621 /* check if the zone's pool specified a sched class */ 4622 if (get_pool_sched_class(poolname, class, clsize) == Z_OK) 4623 return (Z_OK); 4624 } 4625 4626 if (priocntl(0, 0, PC_GETDFLCL, class, (uint64_t)clsize) == -1) 4627 return (Z_TOO_BIG); 4628 4629 return (Z_OK); 4630 } 4631 4632 int 4633 zonecfg_setfsent(zone_dochandle_t handle) 4634 { 4635 return (zonecfg_setent(handle)); 4636 } 4637 4638 int 4639 zonecfg_getfsent(zone_dochandle_t handle, struct zone_fstab *tabptr) 4640 { 4641 xmlNodePtr cur, options; 4642 char options_str[MAX_MNTOPT_STR]; 4643 int err; 4644 4645 if (handle == NULL) 4646 return (Z_INVAL); 4647 4648 if ((cur = handle->zone_dh_cur) == NULL) 4649 return (Z_NO_ENTRY); 4650 4651 for (; cur != NULL; cur = cur->next) 4652 if (!xmlStrcmp(cur->name, DTD_ELEM_FS)) 4653 break; 4654 if (cur == NULL) { 4655 handle->zone_dh_cur = handle->zone_dh_top; 4656 return (Z_NO_ENTRY); 4657 } 4658 4659 if ((err = fetchprop(cur, DTD_ATTR_SPECIAL, tabptr->zone_fs_special, 4660 sizeof (tabptr->zone_fs_special))) != Z_OK) { 4661 handle->zone_dh_cur = handle->zone_dh_top; 4662 return (err); 4663 } 4664 4665 if ((err = fetchprop(cur, DTD_ATTR_RAW, tabptr->zone_fs_raw, 4666 sizeof (tabptr->zone_fs_raw))) != Z_OK) { 4667 handle->zone_dh_cur = handle->zone_dh_top; 4668 return (err); 4669 } 4670 4671 if ((err = fetchprop(cur, DTD_ATTR_DIR, tabptr->zone_fs_dir, 4672 sizeof (tabptr->zone_fs_dir))) != Z_OK) { 4673 handle->zone_dh_cur = handle->zone_dh_top; 4674 return (err); 4675 } 4676 4677 if ((err = fetchprop(cur, DTD_ATTR_TYPE, tabptr->zone_fs_type, 4678 sizeof (tabptr->zone_fs_type))) != Z_OK) { 4679 handle->zone_dh_cur = handle->zone_dh_top; 4680 return (err); 4681 } 4682 4683 /* OK for options to be NULL */ 4684 tabptr->zone_fs_options = NULL; 4685 for (options = cur->xmlChildrenNode; options != NULL; 4686 options = options->next) { 4687 if (fetchprop(options, DTD_ATTR_NAME, options_str, 4688 sizeof (options_str)) != Z_OK) 4689 break; 4690 if (zonecfg_add_fs_option(tabptr, options_str) != Z_OK) 4691 break; 4692 } 4693 4694 handle->zone_dh_cur = cur->next; 4695 return (Z_OK); 4696 } 4697 4698 int 4699 zonecfg_endfsent(zone_dochandle_t handle) 4700 { 4701 return (zonecfg_endent(handle)); 4702 } 4703 4704 int 4705 zonecfg_setnwifent(zone_dochandle_t handle) 4706 { 4707 return (zonecfg_setent(handle)); 4708 } 4709 4710 int 4711 zonecfg_getnwifent(zone_dochandle_t handle, struct zone_nwiftab *tabptr) 4712 { 4713 xmlNodePtr cur; 4714 int err; 4715 4716 if (handle == NULL) 4717 return (Z_INVAL); 4718 4719 if ((cur = handle->zone_dh_cur) == NULL) 4720 return (Z_NO_ENTRY); 4721 4722 for (; cur != NULL; cur = cur->next) 4723 if (!xmlStrcmp(cur->name, DTD_ELEM_NET)) 4724 break; 4725 if (cur == NULL) { 4726 handle->zone_dh_cur = handle->zone_dh_top; 4727 return (Z_NO_ENTRY); 4728 } 4729 4730 if ((err = fetchprop(cur, DTD_ATTR_ADDRESS, tabptr->zone_nwif_address, 4731 sizeof (tabptr->zone_nwif_address))) != Z_OK) { 4732 handle->zone_dh_cur = handle->zone_dh_top; 4733 return (err); 4734 } 4735 4736 if ((err = fetchprop(cur, DTD_ATTR_ALLOWED_ADDRESS, 4737 tabptr->zone_nwif_allowed_address, 4738 sizeof (tabptr->zone_nwif_allowed_address))) != Z_OK) { 4739 handle->zone_dh_cur = handle->zone_dh_top; 4740 return (err); 4741 } 4742 4743 if ((err = fetchprop(cur, DTD_ATTR_PHYSICAL, tabptr->zone_nwif_physical, 4744 sizeof (tabptr->zone_nwif_physical))) != Z_OK) { 4745 handle->zone_dh_cur = handle->zone_dh_top; 4746 return (err); 4747 } 4748 4749 if ((err = fetchprop(cur, DTD_ATTR_DEFROUTER, 4750 tabptr->zone_nwif_defrouter, 4751 sizeof (tabptr->zone_nwif_defrouter))) != Z_OK) { 4752 handle->zone_dh_cur = handle->zone_dh_top; 4753 return (err); 4754 } 4755 4756 handle->zone_dh_cur = cur->next; 4757 return (Z_OK); 4758 } 4759 4760 int 4761 zonecfg_endnwifent(zone_dochandle_t handle) 4762 { 4763 return (zonecfg_endent(handle)); 4764 } 4765 4766 int 4767 zonecfg_setdevent(zone_dochandle_t handle) 4768 { 4769 return (zonecfg_setent(handle)); 4770 } 4771 4772 int 4773 zonecfg_getdevent(zone_dochandle_t handle, struct zone_devtab *tabptr) 4774 { 4775 xmlNodePtr cur; 4776 int err; 4777 4778 if (handle == NULL) 4779 return (Z_INVAL); 4780 4781 if ((cur = handle->zone_dh_cur) == NULL) 4782 return (Z_NO_ENTRY); 4783 4784 for (; cur != NULL; cur = cur->next) 4785 if (!xmlStrcmp(cur->name, DTD_ELEM_DEVICE)) 4786 break; 4787 if (cur == NULL) { 4788 handle->zone_dh_cur = handle->zone_dh_top; 4789 return (Z_NO_ENTRY); 4790 } 4791 4792 if ((err = fetchprop(cur, DTD_ATTR_MATCH, tabptr->zone_dev_match, 4793 sizeof (tabptr->zone_dev_match))) != Z_OK) { 4794 handle->zone_dh_cur = handle->zone_dh_top; 4795 return (err); 4796 } 4797 4798 handle->zone_dh_cur = cur->next; 4799 return (Z_OK); 4800 } 4801 4802 int 4803 zonecfg_enddevent(zone_dochandle_t handle) 4804 { 4805 return (zonecfg_endent(handle)); 4806 } 4807 4808 int 4809 zonecfg_setrctlent(zone_dochandle_t handle) 4810 { 4811 return (zonecfg_setent(handle)); 4812 } 4813 4814 int 4815 zonecfg_getrctlent(zone_dochandle_t handle, struct zone_rctltab *tabptr) 4816 { 4817 xmlNodePtr cur, val; 4818 struct zone_rctlvaltab *valptr; 4819 int err; 4820 4821 if (handle == NULL) 4822 return (Z_INVAL); 4823 4824 if ((cur = handle->zone_dh_cur) == NULL) 4825 return (Z_NO_ENTRY); 4826 4827 for (; cur != NULL; cur = cur->next) 4828 if (!xmlStrcmp(cur->name, DTD_ELEM_RCTL)) 4829 break; 4830 if (cur == NULL) { 4831 handle->zone_dh_cur = handle->zone_dh_top; 4832 return (Z_NO_ENTRY); 4833 } 4834 4835 if ((err = fetchprop(cur, DTD_ATTR_NAME, tabptr->zone_rctl_name, 4836 sizeof (tabptr->zone_rctl_name))) != Z_OK) { 4837 handle->zone_dh_cur = handle->zone_dh_top; 4838 return (err); 4839 } 4840 4841 tabptr->zone_rctl_valptr = NULL; 4842 for (val = cur->xmlChildrenNode; val != NULL; val = val->next) { 4843 valptr = (struct zone_rctlvaltab *)malloc( 4844 sizeof (struct zone_rctlvaltab)); 4845 if (valptr == NULL) 4846 return (Z_NOMEM); 4847 if (fetchprop(val, DTD_ATTR_PRIV, valptr->zone_rctlval_priv, 4848 sizeof (valptr->zone_rctlval_priv)) != Z_OK) 4849 break; 4850 if (fetchprop(val, DTD_ATTR_LIMIT, valptr->zone_rctlval_limit, 4851 sizeof (valptr->zone_rctlval_limit)) != Z_OK) 4852 break; 4853 if (fetchprop(val, DTD_ATTR_ACTION, valptr->zone_rctlval_action, 4854 sizeof (valptr->zone_rctlval_action)) != Z_OK) 4855 break; 4856 if (zonecfg_add_rctl_value(tabptr, valptr) != Z_OK) 4857 break; 4858 } 4859 4860 handle->zone_dh_cur = cur->next; 4861 return (Z_OK); 4862 } 4863 4864 int 4865 zonecfg_endrctlent(zone_dochandle_t handle) 4866 { 4867 return (zonecfg_endent(handle)); 4868 } 4869 4870 int 4871 zonecfg_setattrent(zone_dochandle_t handle) 4872 { 4873 return (zonecfg_setent(handle)); 4874 } 4875 4876 int 4877 zonecfg_getattrent(zone_dochandle_t handle, struct zone_attrtab *tabptr) 4878 { 4879 xmlNodePtr cur; 4880 int err; 4881 4882 if (handle == NULL) 4883 return (Z_INVAL); 4884 4885 if ((cur = handle->zone_dh_cur) == NULL) 4886 return (Z_NO_ENTRY); 4887 4888 for (; cur != NULL; cur = cur->next) 4889 if (!xmlStrcmp(cur->name, DTD_ELEM_ATTR)) 4890 break; 4891 if (cur == NULL) { 4892 handle->zone_dh_cur = handle->zone_dh_top; 4893 return (Z_NO_ENTRY); 4894 } 4895 4896 if ((err = fetchprop(cur, DTD_ATTR_NAME, tabptr->zone_attr_name, 4897 sizeof (tabptr->zone_attr_name))) != Z_OK) { 4898 handle->zone_dh_cur = handle->zone_dh_top; 4899 return (err); 4900 } 4901 4902 if ((err = fetchprop(cur, DTD_ATTR_TYPE, tabptr->zone_attr_type, 4903 sizeof (tabptr->zone_attr_type))) != Z_OK) { 4904 handle->zone_dh_cur = handle->zone_dh_top; 4905 return (err); 4906 } 4907 4908 if ((err = fetchprop(cur, DTD_ATTR_VALUE, tabptr->zone_attr_value, 4909 sizeof (tabptr->zone_attr_value))) != Z_OK) { 4910 handle->zone_dh_cur = handle->zone_dh_top; 4911 return (err); 4912 } 4913 4914 handle->zone_dh_cur = cur->next; 4915 return (Z_OK); 4916 } 4917 4918 int 4919 zonecfg_endattrent(zone_dochandle_t handle) 4920 { 4921 return (zonecfg_endent(handle)); 4922 } 4923 4924 int 4925 zonecfg_setadminent(zone_dochandle_t handle) 4926 { 4927 return (zonecfg_setent(handle)); 4928 } 4929 4930 int 4931 zonecfg_getadminent(zone_dochandle_t handle, struct zone_admintab *tabptr) 4932 { 4933 xmlNodePtr cur; 4934 int err; 4935 4936 if (handle == NULL) 4937 return (Z_INVAL); 4938 4939 if ((cur = handle->zone_dh_cur) == NULL) 4940 return (Z_NO_ENTRY); 4941 4942 for (; cur != NULL; cur = cur->next) 4943 if (!xmlStrcmp(cur->name, DTD_ELEM_ADMIN)) 4944 break; 4945 if (cur == NULL) { 4946 handle->zone_dh_cur = handle->zone_dh_top; 4947 return (Z_NO_ENTRY); 4948 } 4949 4950 if ((err = fetchprop(cur, DTD_ATTR_USER, tabptr->zone_admin_user, 4951 sizeof (tabptr->zone_admin_user))) != Z_OK) { 4952 handle->zone_dh_cur = handle->zone_dh_top; 4953 return (err); 4954 } 4955 4956 4957 if ((err = fetchprop(cur, DTD_ATTR_AUTHS, tabptr->zone_admin_auths, 4958 sizeof (tabptr->zone_admin_auths))) != Z_OK) { 4959 handle->zone_dh_cur = handle->zone_dh_top; 4960 return (err); 4961 } 4962 4963 handle->zone_dh_cur = cur->next; 4964 return (Z_OK); 4965 } 4966 4967 int 4968 zonecfg_endadminent(zone_dochandle_t handle) 4969 { 4970 return (zonecfg_endent(handle)); 4971 } 4972 4973 /* 4974 * The privileges available on the system and described in privileges(5) 4975 * fall into four categories with respect to non-global zones: 4976 * 4977 * Default set of privileges considered safe for all non-global 4978 * zones. These privileges are "safe" in the sense that a 4979 * privileged process in the zone cannot affect processes in any 4980 * other zone on the system. 4981 * 4982 * Set of privileges not currently permitted within a non-global 4983 * zone. These privileges are considered by default, "unsafe," 4984 * and include ones which affect global resources (such as the 4985 * system clock or physical memory) or are overly broad and cover 4986 * more than one mechanism in the system. In other cases, there 4987 * has not been sufficient virtualization in the parts of the 4988 * system the privilege covers to allow its use within a 4989 * non-global zone. 4990 * 4991 * Set of privileges required in order to get a zone booted and 4992 * init(1M) started. These cannot be removed from the zone's 4993 * privilege set. 4994 * 4995 * All other privileges are optional and are potentially useful for 4996 * processes executing inside a non-global zone. 4997 * 4998 * When privileges are added to the system, a determination needs to be 4999 * made as to which category the privilege belongs to. Ideally, 5000 * privileges should be fine-grained enough and the mechanisms they cover 5001 * virtualized enough so that they can be made available to non-global 5002 * zones. 5003 */ 5004 5005 /* 5006 * Define some of the tokens that priv_str_to_set(3C) recognizes. Since 5007 * the privilege string separator can be any character, although it is 5008 * usually a comma character, define these here as well in the event that 5009 * they change or are augmented in the future. 5010 */ 5011 #define BASIC_TOKEN "basic" 5012 #define DEFAULT_TOKEN "default" 5013 #define ZONE_TOKEN "zone" 5014 #define TOKEN_PRIV_CHAR ',' 5015 #define TOKEN_PRIV_STR "," 5016 5017 typedef struct priv_node { 5018 struct priv_node *pn_next; /* Next privilege */ 5019 char *pn_priv; /* Privileges name */ 5020 } priv_node_t; 5021 5022 /* Privileges lists can differ across brands */ 5023 typedef struct priv_lists { 5024 /* Privileges considered safe for all non-global zones of a brand */ 5025 struct priv_node *pl_default; 5026 5027 /* Privileges not permitted for all non-global zones of a brand */ 5028 struct priv_node *pl_prohibited; 5029 5030 /* Privileges required for all non-global zones of a brand */ 5031 struct priv_node *pl_required; 5032 5033 /* 5034 * ip-type of the zone these privileges lists apply to. 5035 * It is used to pass ip-type to the callback function, 5036 * priv_lists_cb, which has no way of getting the ip-type. 5037 */ 5038 const char *pl_iptype; 5039 } priv_lists_t; 5040 5041 static int 5042 priv_lists_cb(void *data, priv_iter_t *priv_iter) 5043 { 5044 priv_lists_t *plp = (priv_lists_t *)data; 5045 priv_node_t *pnp; 5046 5047 /* Skip this privilege if ip-type does not match */ 5048 if ((strcmp(priv_iter->pi_iptype, "all") != 0) && 5049 (strcmp(priv_iter->pi_iptype, plp->pl_iptype) != 0)) 5050 return (0); 5051 5052 /* Allocate a new priv list node. */ 5053 if ((pnp = malloc(sizeof (*pnp))) == NULL) 5054 return (-1); 5055 if ((pnp->pn_priv = strdup(priv_iter->pi_name)) == NULL) { 5056 free(pnp); 5057 return (-1); 5058 } 5059 5060 /* Insert the new priv list node into the right list */ 5061 if (strcmp(priv_iter->pi_set, "default") == 0) { 5062 pnp->pn_next = plp->pl_default; 5063 plp->pl_default = pnp; 5064 } else if (strcmp(priv_iter->pi_set, "prohibited") == 0) { 5065 pnp->pn_next = plp->pl_prohibited; 5066 plp->pl_prohibited = pnp; 5067 } else if (strcmp(priv_iter->pi_set, "required") == 0) { 5068 pnp->pn_next = plp->pl_required; 5069 plp->pl_required = pnp; 5070 } else { 5071 free(pnp->pn_priv); 5072 free(pnp); 5073 return (-1); 5074 } 5075 return (0); 5076 } 5077 5078 static void 5079 priv_lists_destroy(priv_lists_t *plp) 5080 { 5081 priv_node_t *pnp; 5082 5083 assert(plp != NULL); 5084 5085 while ((pnp = plp->pl_default) != NULL) { 5086 plp->pl_default = pnp->pn_next; 5087 free(pnp->pn_priv); 5088 free(pnp); 5089 } 5090 while ((pnp = plp->pl_prohibited) != NULL) { 5091 plp->pl_prohibited = pnp->pn_next; 5092 free(pnp->pn_priv); 5093 free(pnp); 5094 } 5095 while ((pnp = plp->pl_required) != NULL) { 5096 plp->pl_required = pnp->pn_next; 5097 free(pnp->pn_priv); 5098 free(pnp); 5099 } 5100 free(plp); 5101 } 5102 5103 static int 5104 priv_lists_create(zone_dochandle_t handle, char *brand, priv_lists_t **plpp, 5105 const char *curr_iptype) 5106 { 5107 priv_lists_t *plp; 5108 brand_handle_t bh; 5109 char brand_str[MAXNAMELEN]; 5110 5111 /* handle or brand must be set, but never both */ 5112 assert((handle != NULL) || (brand != NULL)); 5113 assert((handle == NULL) || (brand == NULL)); 5114 5115 if (handle != NULL) { 5116 brand = brand_str; 5117 if (zonecfg_get_brand(handle, brand, sizeof (brand_str)) != 0) 5118 return (Z_BRAND_ERROR); 5119 } 5120 5121 if ((bh = brand_open(brand)) == NULL) 5122 return (Z_BRAND_ERROR); 5123 5124 if ((plp = calloc(1, sizeof (priv_lists_t))) == NULL) { 5125 brand_close(bh); 5126 return (Z_NOMEM); 5127 } 5128 5129 plp->pl_iptype = curr_iptype; 5130 5131 /* construct the privilege lists */ 5132 if (brand_config_iter_privilege(bh, priv_lists_cb, plp) != 0) { 5133 priv_lists_destroy(plp); 5134 brand_close(bh); 5135 return (Z_BRAND_ERROR); 5136 } 5137 5138 brand_close(bh); 5139 *plpp = plp; 5140 return (Z_OK); 5141 } 5142 5143 static int 5144 get_default_privset(priv_set_t *privs, priv_lists_t *plp) 5145 { 5146 priv_node_t *pnp; 5147 priv_set_t *basic; 5148 5149 basic = priv_str_to_set(BASIC_TOKEN, TOKEN_PRIV_STR, NULL); 5150 if (basic == NULL) 5151 return (errno == ENOMEM ? Z_NOMEM : Z_INVAL); 5152 5153 priv_union(basic, privs); 5154 priv_freeset(basic); 5155 5156 for (pnp = plp->pl_default; pnp != NULL; pnp = pnp->pn_next) { 5157 if (priv_addset(privs, pnp->pn_priv) != 0) 5158 return (Z_INVAL); 5159 } 5160 5161 return (Z_OK); 5162 } 5163 5164 int 5165 zonecfg_default_brand(char *brand, size_t brandsize) 5166 { 5167 zone_dochandle_t handle; 5168 int myzoneid = getzoneid(); 5169 int ret; 5170 5171 /* 5172 * If we're running within a zone, then the default brand is the 5173 * current zone's brand. 5174 */ 5175 if (myzoneid != GLOBAL_ZONEID) { 5176 ret = zone_getattr(myzoneid, ZONE_ATTR_BRAND, brand, brandsize); 5177 if (ret < 0) 5178 return ((errno == EFAULT) ? Z_TOO_BIG : Z_INVAL); 5179 return (Z_OK); 5180 } 5181 5182 if ((handle = zonecfg_init_handle()) == NULL) 5183 return (Z_NOMEM); 5184 if ((ret = zonecfg_get_handle("SUNWdefault", handle)) == Z_OK) { 5185 ret = i_zonecfg_get_brand(handle, brand, brandsize, B_TRUE); 5186 zonecfg_fini_handle(handle); 5187 return (ret); 5188 } 5189 return (ret); 5190 } 5191 5192 int 5193 zonecfg_default_privset(priv_set_t *privs, const char *curr_iptype) 5194 { 5195 priv_lists_t *plp; 5196 char buf[MAXNAMELEN]; 5197 int ret; 5198 5199 if ((ret = zonecfg_default_brand(buf, sizeof (buf))) != Z_OK) 5200 return (ret); 5201 if ((ret = priv_lists_create(NULL, buf, &plp, curr_iptype)) != Z_OK) 5202 return (ret); 5203 ret = get_default_privset(privs, plp); 5204 priv_lists_destroy(plp); 5205 return (ret); 5206 } 5207 5208 void 5209 append_priv_token(char *priv, char *str, size_t strlen) 5210 { 5211 if (*str != '\0') 5212 (void) strlcat(str, TOKEN_PRIV_STR, strlen); 5213 (void) strlcat(str, priv, strlen); 5214 } 5215 5216 /* 5217 * Verify that the supplied string is a valid privilege limit set for a 5218 * non-global zone. This string must not only be acceptable to 5219 * priv_str_to_set(3C) which parses it, but it also must resolve to a 5220 * privilege set that includes certain required privileges and lacks 5221 * certain prohibited privileges. 5222 */ 5223 static int 5224 verify_privset(char *privbuf, priv_set_t *privs, char **privname, 5225 boolean_t add_default, priv_lists_t *plp) 5226 { 5227 priv_node_t *pnp; 5228 char *tmp, *cp, *lasts; 5229 size_t len; 5230 priv_set_t *mergeset; 5231 const char *token; 5232 5233 /* 5234 * The verification of the privilege string occurs in several 5235 * phases. In the first phase, the supplied string is scanned for 5236 * the ZONE_TOKEN token which is not support as part of the 5237 * "limitpriv" property. 5238 * 5239 * Duplicate the supplied privilege string since strtok_r(3C) 5240 * tokenizes its input by null-terminating the tokens. 5241 */ 5242 if ((tmp = strdup(privbuf)) == NULL) 5243 return (Z_NOMEM); 5244 for (cp = strtok_r(tmp, TOKEN_PRIV_STR, &lasts); cp != NULL; 5245 cp = strtok_r(NULL, TOKEN_PRIV_STR, &lasts)) { 5246 if (strcmp(cp, ZONE_TOKEN) == 0) { 5247 free(tmp); 5248 if ((*privname = strdup(ZONE_TOKEN)) == NULL) 5249 return (Z_NOMEM); 5250 else 5251 return (Z_PRIV_UNKNOWN); 5252 } 5253 } 5254 free(tmp); 5255 5256 if (add_default) { 5257 /* 5258 * If DEFAULT_TOKEN was specified, a string needs to be 5259 * built containing the privileges from the default, safe 5260 * set along with those of the "limitpriv" property. 5261 */ 5262 len = strlen(privbuf) + sizeof (BASIC_TOKEN) + 2; 5263 5264 for (pnp = plp->pl_default; pnp != NULL; pnp = pnp->pn_next) 5265 len += strlen(pnp->pn_priv) + 1; 5266 tmp = alloca(len); 5267 *tmp = '\0'; 5268 5269 append_priv_token(BASIC_TOKEN, tmp, len); 5270 for (pnp = plp->pl_default; pnp != NULL; pnp = pnp->pn_next) 5271 append_priv_token(pnp->pn_priv, tmp, len); 5272 (void) strlcat(tmp, TOKEN_PRIV_STR, len); 5273 (void) strlcat(tmp, privbuf, len); 5274 } else { 5275 tmp = privbuf; 5276 } 5277 5278 5279 /* 5280 * In the next phase, attempt to convert the merged privilege 5281 * string into a privilege set. In the case of an error, either 5282 * there was a memory allocation failure or there was an invalid 5283 * privilege token in the string. In either case, return an 5284 * appropriate error code but in the event of an invalid token, 5285 * allocate a string containing its name and return that back to 5286 * the caller. 5287 */ 5288 mergeset = priv_str_to_set(tmp, TOKEN_PRIV_STR, &token); 5289 if (mergeset == NULL) { 5290 if (token == NULL) 5291 return (Z_NOMEM); 5292 if ((cp = strchr(token, TOKEN_PRIV_CHAR)) != NULL) 5293 *cp = '\0'; 5294 if ((*privname = strdup(token)) == NULL) 5295 return (Z_NOMEM); 5296 else 5297 return (Z_PRIV_UNKNOWN); 5298 } 5299 5300 /* 5301 * Next, verify that none of the prohibited zone privileges are 5302 * present in the merged privilege set. 5303 */ 5304 for (pnp = plp->pl_prohibited; pnp != NULL; pnp = pnp->pn_next) { 5305 if (priv_ismember(mergeset, pnp->pn_priv)) { 5306 priv_freeset(mergeset); 5307 if ((*privname = strdup(pnp->pn_priv)) == NULL) 5308 return (Z_NOMEM); 5309 else 5310 return (Z_PRIV_PROHIBITED); 5311 } 5312 } 5313 5314 /* 5315 * Finally, verify that all of the required zone privileges are 5316 * present in the merged privilege set. 5317 */ 5318 for (pnp = plp->pl_required; pnp != NULL; pnp = pnp->pn_next) { 5319 if (!priv_ismember(mergeset, pnp->pn_priv)) { 5320 priv_freeset(mergeset); 5321 if ((*privname = strdup(pnp->pn_priv)) == NULL) 5322 return (Z_NOMEM); 5323 else 5324 return (Z_PRIV_REQUIRED); 5325 } 5326 } 5327 5328 priv_copyset(mergeset, privs); 5329 priv_freeset(mergeset); 5330 return (Z_OK); 5331 } 5332 5333 /* 5334 * Fill in the supplied privilege set with either the default, safe set of 5335 * privileges suitable for a non-global zone, or one based on the 5336 * "limitpriv" property in the zone's configuration. 5337 * 5338 * In the event of an invalid privilege specification in the 5339 * configuration, a string is allocated and returned containing the 5340 * "privilege" causing the issue. It is the caller's responsibility to 5341 * free this memory when it is done with it. 5342 */ 5343 int 5344 zonecfg_get_privset(zone_dochandle_t handle, priv_set_t *privs, 5345 char **privname) 5346 { 5347 priv_lists_t *plp; 5348 char *cp, *limitpriv = NULL; 5349 int err, limitlen; 5350 zone_iptype_t iptype; 5351 const char *curr_iptype; 5352 5353 /* 5354 * Attempt to lookup the "limitpriv" property. If it does not 5355 * exist or matches the string DEFAULT_TOKEN exactly, then the 5356 * default, safe privilege set is returned. 5357 */ 5358 if ((err = zonecfg_get_limitpriv(handle, &limitpriv)) != Z_OK) 5359 return (err); 5360 5361 if ((err = zonecfg_get_iptype(handle, &iptype)) != Z_OK) 5362 return (err); 5363 5364 switch (iptype) { 5365 case ZS_SHARED: 5366 curr_iptype = "shared"; 5367 break; 5368 case ZS_EXCLUSIVE: 5369 curr_iptype = "exclusive"; 5370 break; 5371 } 5372 5373 if ((err = priv_lists_create(handle, NULL, &plp, curr_iptype)) != Z_OK) 5374 return (err); 5375 5376 limitlen = strlen(limitpriv); 5377 if (limitlen == 0 || strcmp(limitpriv, DEFAULT_TOKEN) == 0) { 5378 free(limitpriv); 5379 err = get_default_privset(privs, plp); 5380 priv_lists_destroy(plp); 5381 return (err); 5382 } 5383 5384 /* 5385 * Check if the string DEFAULT_TOKEN is the first token in a list 5386 * of privileges. 5387 */ 5388 cp = strchr(limitpriv, TOKEN_PRIV_CHAR); 5389 if (cp != NULL && 5390 strncmp(limitpriv, DEFAULT_TOKEN, cp - limitpriv) == 0) 5391 err = verify_privset(cp + 1, privs, privname, B_TRUE, plp); 5392 else 5393 err = verify_privset(limitpriv, privs, privname, B_FALSE, plp); 5394 5395 free(limitpriv); 5396 priv_lists_destroy(plp); 5397 return (err); 5398 } 5399 5400 int 5401 zone_get_zonepath(char *zone_name, char *zonepath, size_t rp_sz) 5402 { 5403 zone_dochandle_t handle; 5404 boolean_t found = B_FALSE; 5405 struct zoneent *ze; 5406 FILE *cookie; 5407 int err; 5408 char *cp; 5409 5410 if (zone_name == NULL) 5411 return (Z_INVAL); 5412 5413 (void) strlcpy(zonepath, zonecfg_root, rp_sz); 5414 cp = zonepath + strlen(zonepath); 5415 while (cp > zonepath && cp[-1] == '/') 5416 *--cp = '\0'; 5417 5418 if (strcmp(zone_name, GLOBAL_ZONENAME) == 0) { 5419 if (zonepath[0] == '\0') 5420 (void) strlcpy(zonepath, "/", rp_sz); 5421 return (Z_OK); 5422 } 5423 5424 /* 5425 * First check the index file. Because older versions did not have 5426 * a copy of the zone path, allow for it to be zero length, in which 5427 * case we ignore this result and fall back to the XML files. 5428 */ 5429 cookie = setzoneent(); 5430 while ((ze = getzoneent_private(cookie)) != NULL) { 5431 if (strcmp(ze->zone_name, zone_name) == 0) { 5432 found = B_TRUE; 5433 if (ze->zone_path[0] != '\0') 5434 (void) strlcpy(cp, ze->zone_path, 5435 rp_sz - (cp - zonepath)); 5436 } 5437 free(ze); 5438 if (found) 5439 break; 5440 } 5441 endzoneent(cookie); 5442 if (found && *cp != '\0') 5443 return (Z_OK); 5444 5445 /* Fall back to the XML files. */ 5446 if ((handle = zonecfg_init_handle()) == NULL) 5447 return (Z_NOMEM); 5448 5449 /* 5450 * Check the snapshot first: if a zone is running, its zonepath 5451 * may have changed. 5452 */ 5453 if (zonecfg_get_snapshot_handle(zone_name, handle) != Z_OK) { 5454 if ((err = zonecfg_get_handle(zone_name, handle)) != Z_OK) { 5455 zonecfg_fini_handle(handle); 5456 return (err); 5457 } 5458 } 5459 err = zonecfg_get_zonepath(handle, zonepath, rp_sz); 5460 zonecfg_fini_handle(handle); 5461 return (err); 5462 } 5463 5464 int 5465 zone_get_rootpath(char *zone_name, char *rootpath, size_t rp_sz) 5466 { 5467 int err; 5468 5469 /* This function makes sense for non-global zones only. */ 5470 if (strcmp(zone_name, GLOBAL_ZONENAME) == 0) 5471 return (Z_BOGUS_ZONE_NAME); 5472 if ((err = zone_get_zonepath(zone_name, rootpath, rp_sz)) != Z_OK) 5473 return (err); 5474 if (strlcat(rootpath, "/root", rp_sz) >= rp_sz) 5475 return (Z_TOO_BIG); 5476 return (Z_OK); 5477 } 5478 5479 int 5480 zone_get_brand(char *zone_name, char *brandname, size_t rp_sz) 5481 { 5482 int err; 5483 zone_dochandle_t handle; 5484 char myzone[MAXNAMELEN]; 5485 int myzoneid = getzoneid(); 5486 5487 /* 5488 * If we are not in the global zone, then we don't have the zone 5489 * .xml files with the brand name available. Thus, we are going to 5490 * have to ask the kernel for the information. 5491 */ 5492 if (myzoneid != GLOBAL_ZONEID) { 5493 if (is_system_labeled()) { 5494 (void) strlcpy(brandname, NATIVE_BRAND_NAME, rp_sz); 5495 return (Z_OK); 5496 } 5497 if (zone_getattr(myzoneid, ZONE_ATTR_NAME, myzone, 5498 sizeof (myzone)) < 0) 5499 return (Z_NO_ZONE); 5500 if (!zonecfg_is_scratch(myzone)) { 5501 if (strncmp(zone_name, myzone, MAXNAMELEN) != 0) 5502 return (Z_NO_ZONE); 5503 } 5504 err = zone_getattr(myzoneid, ZONE_ATTR_BRAND, brandname, rp_sz); 5505 if (err < 0) 5506 return ((errno == EFAULT) ? Z_TOO_BIG : Z_INVAL); 5507 5508 return (Z_OK); 5509 } 5510 5511 if (strcmp(zone_name, "global") == 0) 5512 return (zonecfg_default_brand(brandname, rp_sz)); 5513 5514 if ((handle = zonecfg_init_handle()) == NULL) 5515 return (Z_NOMEM); 5516 5517 err = zonecfg_get_handle((char *)zone_name, handle); 5518 if (err == Z_OK) 5519 err = zonecfg_get_brand(handle, brandname, rp_sz); 5520 5521 zonecfg_fini_handle(handle); 5522 return (err); 5523 } 5524 5525 /* 5526 * Return the appropriate root for the active /dev. 5527 * For normal zone, the path is $ZONEPATH/root; 5528 * for scratch zone, the dev path is $ZONEPATH/lu. 5529 */ 5530 int 5531 zone_get_devroot(char *zone_name, char *devroot, size_t rp_sz) 5532 { 5533 int err; 5534 char *suffix; 5535 zone_state_t state; 5536 5537 /* This function makes sense for non-global zones only. */ 5538 if (strcmp(zone_name, GLOBAL_ZONENAME) == 0) 5539 return (Z_BOGUS_ZONE_NAME); 5540 if ((err = zone_get_zonepath(zone_name, devroot, rp_sz)) != Z_OK) 5541 return (err); 5542 5543 if (zone_get_state(zone_name, &state) == Z_OK && 5544 state == ZONE_STATE_MOUNTED) 5545 suffix = "/lu"; 5546 else 5547 suffix = "/root"; 5548 if (strlcat(devroot, suffix, rp_sz) >= rp_sz) 5549 return (Z_TOO_BIG); 5550 return (Z_OK); 5551 } 5552 5553 static zone_state_t 5554 kernel_state_to_user_state(zoneid_t zoneid, zone_status_t kernel_state) 5555 { 5556 char zoneroot[MAXPATHLEN]; 5557 size_t zlen; 5558 5559 assert(kernel_state <= ZONE_MAX_STATE); 5560 switch (kernel_state) { 5561 case ZONE_IS_UNINITIALIZED: 5562 case ZONE_IS_INITIALIZED: 5563 /* The kernel will not return these two states */ 5564 return (ZONE_STATE_READY); 5565 case ZONE_IS_READY: 5566 /* 5567 * If the zone's root is mounted on $ZONEPATH/lu, then 5568 * it's a mounted scratch zone. 5569 */ 5570 if (zone_getattr(zoneid, ZONE_ATTR_ROOT, zoneroot, 5571 sizeof (zoneroot)) >= 0) { 5572 zlen = strlen(zoneroot); 5573 if (zlen > 3 && 5574 strcmp(zoneroot + zlen - 3, "/lu") == 0) 5575 return (ZONE_STATE_MOUNTED); 5576 } 5577 return (ZONE_STATE_READY); 5578 case ZONE_IS_BOOTING: 5579 case ZONE_IS_RUNNING: 5580 return (ZONE_STATE_RUNNING); 5581 case ZONE_IS_SHUTTING_DOWN: 5582 case ZONE_IS_EMPTY: 5583 return (ZONE_STATE_SHUTTING_DOWN); 5584 case ZONE_IS_DOWN: 5585 case ZONE_IS_DYING: 5586 case ZONE_IS_DEAD: 5587 default: 5588 return (ZONE_STATE_DOWN); 5589 } 5590 /* NOTREACHED */ 5591 } 5592 5593 int 5594 zone_get_state(char *zone_name, zone_state_t *state_num) 5595 { 5596 zone_status_t status; 5597 zoneid_t zone_id; 5598 struct zoneent *ze; 5599 boolean_t found = B_FALSE; 5600 FILE *cookie; 5601 char kernzone[ZONENAME_MAX]; 5602 FILE *fp; 5603 5604 if (zone_name == NULL) 5605 return (Z_INVAL); 5606 5607 /* 5608 * If we're looking at an alternate root, then we need to query the 5609 * kernel using the scratch zone name. 5610 */ 5611 zone_id = -1; 5612 if (*zonecfg_root != '\0' && !zonecfg_is_scratch(zone_name)) { 5613 if ((fp = zonecfg_open_scratch("", B_FALSE)) != NULL) { 5614 if (zonecfg_find_scratch(fp, zone_name, zonecfg_root, 5615 kernzone, sizeof (kernzone)) == 0) 5616 zone_id = getzoneidbyname(kernzone); 5617 zonecfg_close_scratch(fp); 5618 } 5619 } else { 5620 zone_id = getzoneidbyname(zone_name); 5621 } 5622 5623 /* check to see if zone is running */ 5624 if (zone_id != -1 && 5625 zone_getattr(zone_id, ZONE_ATTR_STATUS, &status, 5626 sizeof (status)) >= 0) { 5627 *state_num = kernel_state_to_user_state(zone_id, status); 5628 return (Z_OK); 5629 } 5630 5631 cookie = setzoneent(); 5632 while ((ze = getzoneent_private(cookie)) != NULL) { 5633 if (strcmp(ze->zone_name, zone_name) == 0) { 5634 found = B_TRUE; 5635 *state_num = ze->zone_state; 5636 } 5637 free(ze); 5638 if (found) 5639 break; 5640 } 5641 endzoneent(cookie); 5642 return ((found) ? Z_OK : Z_NO_ZONE); 5643 } 5644 5645 int 5646 zone_set_state(char *zone, zone_state_t state) 5647 { 5648 struct zoneent ze; 5649 5650 if (state != ZONE_STATE_CONFIGURED && state != ZONE_STATE_INSTALLED && 5651 state != ZONE_STATE_INCOMPLETE) 5652 return (Z_INVAL); 5653 5654 bzero(&ze, sizeof (ze)); 5655 (void) strlcpy(ze.zone_name, zone, sizeof (ze.zone_name)); 5656 ze.zone_state = state; 5657 (void) strlcpy(ze.zone_path, "", sizeof (ze.zone_path)); 5658 return (putzoneent(&ze, PZE_MODIFY)); 5659 } 5660 5661 /* 5662 * Get id (if any) for specified zone. There are four possible outcomes: 5663 * - If the string corresponds to the numeric id of an active (booted) 5664 * zone, sets *zip to the zone id and returns 0. 5665 * - If the string corresponds to the name of an active (booted) zone, 5666 * sets *zip to the zone id and returns 0. 5667 * - If the string is a name in the configuration but is not booted, 5668 * sets *zip to ZONE_ID_UNDEFINED and returns 0. 5669 * - Otherwise, leaves *zip unchanged and returns -1. 5670 * 5671 * This function acts as an auxiliary filter on the function of the same 5672 * name in libc; the linker binds to this version if libzonecfg exists, 5673 * and the libc version if it doesn't. Any changes to this version of 5674 * the function should probably be reflected in the libc version as well. 5675 */ 5676 int 5677 zone_get_id(const char *str, zoneid_t *zip) 5678 { 5679 zone_dochandle_t hdl; 5680 zoneid_t zoneid; 5681 char *cp; 5682 int err; 5683 5684 /* first try looking for active zone by id */ 5685 errno = 0; 5686 zoneid = (zoneid_t)strtol(str, &cp, 0); 5687 if (errno == 0 && cp != str && *cp == '\0' && 5688 getzonenamebyid(zoneid, NULL, 0) != -1) { 5689 *zip = zoneid; 5690 return (0); 5691 } 5692 5693 /* then look for active zone by name */ 5694 if ((zoneid = getzoneidbyname(str)) != -1) { 5695 *zip = zoneid; 5696 return (0); 5697 } 5698 5699 /* if in global zone, try looking up name in configuration database */ 5700 if (getzoneid() != GLOBAL_ZONEID || 5701 (hdl = zonecfg_init_handle()) == NULL) 5702 return (-1); 5703 5704 if (zonecfg_get_handle(str, hdl) == Z_OK) { 5705 /* zone exists but isn't active */ 5706 *zip = ZONE_ID_UNDEFINED; 5707 err = 0; 5708 } else { 5709 err = -1; 5710 } 5711 5712 zonecfg_fini_handle(hdl); 5713 return (err); 5714 } 5715 5716 char * 5717 zone_state_str(zone_state_t state_num) 5718 { 5719 switch (state_num) { 5720 case ZONE_STATE_CONFIGURED: 5721 return (ZONE_STATE_STR_CONFIGURED); 5722 case ZONE_STATE_INCOMPLETE: 5723 return (ZONE_STATE_STR_INCOMPLETE); 5724 case ZONE_STATE_INSTALLED: 5725 return (ZONE_STATE_STR_INSTALLED); 5726 case ZONE_STATE_READY: 5727 return (ZONE_STATE_STR_READY); 5728 case ZONE_STATE_MOUNTED: 5729 return (ZONE_STATE_STR_MOUNTED); 5730 case ZONE_STATE_RUNNING: 5731 return (ZONE_STATE_STR_RUNNING); 5732 case ZONE_STATE_SHUTTING_DOWN: 5733 return (ZONE_STATE_STR_SHUTTING_DOWN); 5734 case ZONE_STATE_DOWN: 5735 return (ZONE_STATE_STR_DOWN); 5736 default: 5737 return ("unknown"); 5738 } 5739 } 5740 5741 /* 5742 * Given a UUID value, find an associated zone name. This is intended to be 5743 * used by callers who set up some 'default' name (corresponding to the 5744 * expected name for the zone) in the zonename buffer, and thus the function 5745 * doesn't touch this buffer on failure. 5746 */ 5747 int 5748 zonecfg_get_name_by_uuid(const uuid_t uuidin, char *zonename, size_t namelen) 5749 { 5750 FILE *fp; 5751 struct zoneent *ze; 5752 uchar_t *uuid; 5753 5754 /* 5755 * A small amount of subterfuge via casts is necessary here because 5756 * libuuid doesn't use const correctly, but we don't want to export 5757 * this brokenness to our clients. 5758 */ 5759 uuid = (uchar_t *)uuidin; 5760 if (uuid_is_null(uuid)) 5761 return (Z_NO_ZONE); 5762 if ((fp = setzoneent()) == NULL) 5763 return (Z_NO_ZONE); 5764 while ((ze = getzoneent_private(fp)) != NULL) { 5765 if (uuid_compare(uuid, ze->zone_uuid) == 0) 5766 break; 5767 free(ze); 5768 } 5769 endzoneent(fp); 5770 if (ze != NULL) { 5771 (void) strlcpy(zonename, ze->zone_name, namelen); 5772 free(ze); 5773 return (Z_OK); 5774 } else { 5775 return (Z_NO_ZONE); 5776 } 5777 } 5778 5779 /* 5780 * Given a zone name, get its UUID. Returns a "NULL" UUID value if the zone 5781 * exists but the file doesn't have a value set yet. Returns an error if the 5782 * zone cannot be located. 5783 */ 5784 int 5785 zonecfg_get_uuid(const char *zonename, uuid_t uuid) 5786 { 5787 FILE *fp; 5788 struct zoneent *ze; 5789 5790 if ((fp = setzoneent()) == NULL) 5791 return (Z_NO_ZONE); 5792 while ((ze = getzoneent_private(fp)) != NULL) { 5793 if (strcmp(ze->zone_name, zonename) == 0) 5794 break; 5795 free(ze); 5796 } 5797 endzoneent(fp); 5798 if (ze != NULL) { 5799 uuid_copy(uuid, ze->zone_uuid); 5800 free(ze); 5801 return (Z_OK); 5802 } else { 5803 return (Z_NO_ZONE); 5804 } 5805 } 5806 5807 /* 5808 * File-system convenience functions. 5809 */ 5810 boolean_t 5811 zonecfg_valid_fs_type(const char *type) 5812 { 5813 /* 5814 * We already know which FS types don't work. 5815 */ 5816 if (strcmp(type, "proc") == 0 || 5817 strcmp(type, "mntfs") == 0 || 5818 strcmp(type, "autofs") == 0 || 5819 strncmp(type, "nfs", sizeof ("nfs") - 1) == 0 || 5820 strcmp(type, "cachefs") == 0) 5821 return (B_FALSE); 5822 /* 5823 * The caller may do more detailed verification to make sure other 5824 * aspects of this filesystem type make sense. 5825 */ 5826 return (B_TRUE); 5827 } 5828 5829 /* 5830 * Generally uninteresting rctl convenience functions. 5831 */ 5832 5833 int 5834 zonecfg_construct_rctlblk(const struct zone_rctlvaltab *rctlval, 5835 rctlblk_t *rctlblk) 5836 { 5837 unsigned long long ull; 5838 char *endp; 5839 rctl_priv_t priv; 5840 rctl_qty_t limit; 5841 uint_t action; 5842 5843 /* Get the privilege */ 5844 if (strcmp(rctlval->zone_rctlval_priv, "basic") == 0) { 5845 priv = RCPRIV_BASIC; 5846 } else if (strcmp(rctlval->zone_rctlval_priv, "privileged") == 0) { 5847 priv = RCPRIV_PRIVILEGED; 5848 } else { 5849 /* Invalid privilege */ 5850 return (Z_INVAL); 5851 } 5852 5853 /* deal with negative input; strtoull(3c) doesn't do what we want */ 5854 if (rctlval->zone_rctlval_limit[0] == '-') 5855 return (Z_INVAL); 5856 /* Get the limit */ 5857 errno = 0; 5858 ull = strtoull(rctlval->zone_rctlval_limit, &endp, 0); 5859 if (errno != 0 || *endp != '\0') { 5860 /* parse failed */ 5861 return (Z_INVAL); 5862 } 5863 limit = (rctl_qty_t)ull; 5864 5865 /* Get the action */ 5866 if (strcmp(rctlval->zone_rctlval_action, "none") == 0) { 5867 action = RCTL_LOCAL_NOACTION; 5868 } else if (strcmp(rctlval->zone_rctlval_action, "signal") == 0) { 5869 action = RCTL_LOCAL_SIGNAL; 5870 } else if (strcmp(rctlval->zone_rctlval_action, "deny") == 0) { 5871 action = RCTL_LOCAL_DENY; 5872 } else { 5873 /* Invalid Action */ 5874 return (Z_INVAL); 5875 } 5876 rctlblk_set_local_action(rctlblk, action, 0); 5877 rctlblk_set_privilege(rctlblk, priv); 5878 rctlblk_set_value(rctlblk, limit); 5879 return (Z_OK); 5880 } 5881 5882 static int 5883 rctl_check(const char *rctlname, void *arg) 5884 { 5885 const char *attrname = arg; 5886 5887 /* 5888 * Returning 1 here is our signal to zonecfg_is_rctl() that it is 5889 * indeed an rctl name recognized by the system. 5890 */ 5891 return (strcmp(rctlname, attrname) == 0 ? 1 : 0); 5892 } 5893 5894 boolean_t 5895 zonecfg_is_rctl(const char *name) 5896 { 5897 return (rctl_walk(rctl_check, (void *)name) == 1); 5898 } 5899 5900 boolean_t 5901 zonecfg_valid_rctlname(const char *name) 5902 { 5903 const char *c; 5904 5905 if (strncmp(name, "zone.", sizeof ("zone.") - 1) != 0) 5906 return (B_FALSE); 5907 if (strlen(name) == sizeof ("zone.") - 1) 5908 return (B_FALSE); 5909 for (c = name + sizeof ("zone.") - 1; *c != '\0'; c++) { 5910 if (!isalpha(*c) && *c != '-') 5911 return (B_FALSE); 5912 } 5913 return (B_TRUE); 5914 } 5915 5916 boolean_t 5917 zonecfg_valid_rctlblk(const rctlblk_t *rctlblk) 5918 { 5919 rctl_priv_t priv = rctlblk_get_privilege((rctlblk_t *)rctlblk); 5920 uint_t action = rctlblk_get_local_action((rctlblk_t *)rctlblk, NULL); 5921 5922 if (priv != RCPRIV_PRIVILEGED) 5923 return (B_FALSE); 5924 if (action != RCTL_LOCAL_NOACTION && action != RCTL_LOCAL_DENY) 5925 return (B_FALSE); 5926 return (B_TRUE); 5927 } 5928 5929 boolean_t 5930 zonecfg_valid_rctl(const char *name, const rctlblk_t *rctlblk) 5931 { 5932 rctlblk_t *current, *next; 5933 rctl_qty_t limit = rctlblk_get_value((rctlblk_t *)rctlblk); 5934 uint_t action = rctlblk_get_local_action((rctlblk_t *)rctlblk, NULL); 5935 uint_t global_flags; 5936 5937 if (!zonecfg_valid_rctlblk(rctlblk)) 5938 return (B_FALSE); 5939 if (!zonecfg_valid_rctlname(name)) 5940 return (B_FALSE); 5941 5942 current = alloca(rctlblk_size()); 5943 if (getrctl(name, NULL, current, RCTL_FIRST) != 0) 5944 return (B_TRUE); /* not an rctl on this system */ 5945 /* 5946 * Make sure the proposed value isn't greater than the current system 5947 * value. 5948 */ 5949 next = alloca(rctlblk_size()); 5950 while (rctlblk_get_privilege(current) != RCPRIV_SYSTEM) { 5951 rctlblk_t *tmp; 5952 5953 if (getrctl(name, current, next, RCTL_NEXT) != 0) 5954 return (B_FALSE); /* shouldn't happen */ 5955 tmp = current; 5956 current = next; 5957 next = tmp; 5958 } 5959 if (limit > rctlblk_get_value(current)) 5960 return (B_FALSE); 5961 5962 /* 5963 * Make sure the proposed action is allowed. 5964 */ 5965 global_flags = rctlblk_get_global_flags(current); 5966 if ((global_flags & RCTL_GLOBAL_DENY_NEVER) && 5967 action == RCTL_LOCAL_DENY) 5968 return (B_FALSE); 5969 if ((global_flags & RCTL_GLOBAL_DENY_ALWAYS) && 5970 action == RCTL_LOCAL_NOACTION) 5971 return (B_FALSE); 5972 5973 return (B_TRUE); 5974 } 5975 5976 /* 5977 * There is always a race condition between reading the initial copy of 5978 * a zones state and its state changing. We address this by providing 5979 * zonecfg_notify_critical_enter and zonecfg_noticy_critical_exit functions. 5980 * When zonecfg_critical_enter is called, sets the state field to LOCKED 5981 * and aquires biglock. Biglock protects against other threads executing 5982 * critical_enter and the state field protects against state changes during 5983 * the critical period. 5984 * 5985 * If any state changes occur, zn_cb will set the failed field of the znotify 5986 * structure. This will cause the critical_exit function to re-lock the 5987 * channel and return an error. Since evsnts may be delayed, the critical_exit 5988 * function "flushes" the queue by putting an event on the queue and waiting for 5989 * zn_cb to notify critical_exit that it received the ping event. 5990 */ 5991 static const char * 5992 string_get_tok(const char *in, char delim, int num) 5993 { 5994 int i = 0; 5995 5996 for (; i < num; in++) { 5997 if (*in == delim) 5998 i++; 5999 if (*in == 0) 6000 return (NULL); 6001 } 6002 return (in); 6003 } 6004 6005 static boolean_t 6006 is_ping(sysevent_t *ev) 6007 { 6008 if (strcmp(sysevent_get_subclass_name(ev), 6009 ZONE_EVENT_PING_SUBCLASS) == 0) { 6010 return (B_TRUE); 6011 } else { 6012 return (B_FALSE); 6013 } 6014 } 6015 6016 static boolean_t 6017 is_my_ping(sysevent_t *ev) 6018 { 6019 const char *sender; 6020 char mypid[sizeof (pid_t) * 3 + 1]; 6021 6022 (void) snprintf(mypid, sizeof (mypid), "%i", getpid()); 6023 sender = string_get_tok(sysevent_get_pub(ev), ':', 3); 6024 if (sender == NULL) 6025 return (B_FALSE); 6026 if (strcmp(sender, mypid) != 0) 6027 return (B_FALSE); 6028 return (B_TRUE); 6029 } 6030 6031 static int 6032 do_callback(struct znotify *zevtchan, sysevent_t *ev) 6033 { 6034 nvlist_t *l; 6035 int zid; 6036 char *zonename; 6037 char *newstate; 6038 char *oldstate; 6039 int ret; 6040 hrtime_t when; 6041 6042 if (strcmp(sysevent_get_subclass_name(ev), 6043 ZONE_EVENT_STATUS_SUBCLASS) == 0) { 6044 6045 if (sysevent_get_attr_list(ev, &l) != 0) { 6046 if (errno == ENOMEM) { 6047 zevtchan->zn_failure_count++; 6048 return (EAGAIN); 6049 } 6050 return (0); 6051 } 6052 ret = 0; 6053 6054 if ((nvlist_lookup_string(l, ZONE_CB_NAME, &zonename) == 0) && 6055 (nvlist_lookup_string(l, ZONE_CB_NEWSTATE, &newstate) 6056 == 0) && 6057 (nvlist_lookup_string(l, ZONE_CB_OLDSTATE, &oldstate) 6058 == 0) && 6059 (nvlist_lookup_uint64(l, ZONE_CB_TIMESTAMP, 6060 (uint64_t *)&when) == 0) && 6061 (nvlist_lookup_int32(l, ZONE_CB_ZONEID, &zid) == 0)) { 6062 ret = zevtchan->zn_callback(zonename, zid, newstate, 6063 oldstate, when, zevtchan->zn_private); 6064 } 6065 6066 zevtchan->zn_failure_count = 0; 6067 nvlist_free(l); 6068 return (ret); 6069 } else { 6070 /* 6071 * We have received an event in an unknown subclass. Ignore. 6072 */ 6073 zevtchan->zn_failure_count = 0; 6074 return (0); 6075 } 6076 } 6077 6078 static int 6079 zn_cb(sysevent_t *ev, void *p) 6080 { 6081 struct znotify *zevtchan = p; 6082 int error; 6083 6084 (void) pthread_mutex_lock(&(zevtchan->zn_mutex)); 6085 6086 if (is_ping(ev) && !is_my_ping(ev)) { 6087 (void) pthread_mutex_unlock((&zevtchan->zn_mutex)); 6088 return (0); 6089 } 6090 6091 if (zevtchan->zn_state == ZN_LOCKED) { 6092 assert(!is_ping(ev)); 6093 zevtchan->zn_failed = B_TRUE; 6094 (void) pthread_mutex_unlock(&(zevtchan->zn_mutex)); 6095 return (0); 6096 } 6097 6098 if (zevtchan->zn_state == ZN_PING_INFLIGHT) { 6099 if (is_ping(ev)) { 6100 zevtchan->zn_state = ZN_PING_RECEIVED; 6101 (void) pthread_cond_signal(&(zevtchan->zn_cond)); 6102 (void) pthread_mutex_unlock(&(zevtchan->zn_mutex)); 6103 return (0); 6104 } else { 6105 zevtchan->zn_failed = B_TRUE; 6106 (void) pthread_mutex_unlock(&(zevtchan->zn_mutex)); 6107 return (0); 6108 } 6109 } 6110 6111 if (zevtchan->zn_state == ZN_UNLOCKED) { 6112 6113 error = do_callback(zevtchan, ev); 6114 (void) pthread_mutex_unlock(&(zevtchan->zn_mutex)); 6115 /* 6116 * Every ENOMEM failure causes do_callback to increment 6117 * zn_failure_count and every success causes it to 6118 * set zn_failure_count to zero. If we got EAGAIN, 6119 * we will sleep for zn_failure_count seconds and return 6120 * EAGAIN to gpec to try again. 6121 * 6122 * After 55 seconds, or 10 try's we give up and drop the 6123 * event. 6124 */ 6125 if (error == EAGAIN) { 6126 if (zevtchan->zn_failure_count > ZONE_CB_RETRY_COUNT) { 6127 return (0); 6128 } 6129 (void) sleep(zevtchan->zn_failure_count); 6130 } 6131 return (error); 6132 } 6133 6134 if (zevtchan->zn_state == ZN_PING_RECEIVED) { 6135 (void) pthread_mutex_unlock(&(zevtchan->zn_mutex)); 6136 return (0); 6137 } 6138 6139 abort(); 6140 return (0); 6141 } 6142 6143 void 6144 zonecfg_notify_critical_enter(void *h) 6145 { 6146 struct znotify *zevtchan = h; 6147 6148 (void) pthread_mutex_lock(&(zevtchan->zn_bigmutex)); 6149 zevtchan->zn_state = ZN_LOCKED; 6150 } 6151 6152 int 6153 zonecfg_notify_critical_exit(void * h) 6154 { 6155 6156 struct znotify *zevtchan = h; 6157 6158 if (zevtchan->zn_state == ZN_UNLOCKED) 6159 return (0); 6160 6161 (void) pthread_mutex_lock(&(zevtchan->zn_mutex)); 6162 zevtchan->zn_state = ZN_PING_INFLIGHT; 6163 6164 (void) sysevent_evc_publish(zevtchan->zn_eventchan, 6165 ZONE_EVENT_STATUS_CLASS, 6166 ZONE_EVENT_PING_SUBCLASS, ZONE_EVENT_PING_PUBLISHER, 6167 zevtchan->zn_subscriber_id, NULL, EVCH_SLEEP); 6168 6169 while (zevtchan->zn_state != ZN_PING_RECEIVED) { 6170 (void) pthread_cond_wait(&(zevtchan->zn_cond), 6171 &(zevtchan->zn_mutex)); 6172 } 6173 6174 if (zevtchan->zn_failed == B_TRUE) { 6175 zevtchan->zn_state = ZN_LOCKED; 6176 zevtchan->zn_failed = B_FALSE; 6177 (void) pthread_mutex_unlock(&(zevtchan->zn_mutex)); 6178 return (1); 6179 } 6180 6181 zevtchan->zn_state = ZN_UNLOCKED; 6182 (void) pthread_mutex_unlock(&(zevtchan->zn_mutex)); 6183 (void) pthread_mutex_unlock(&(zevtchan->zn_bigmutex)); 6184 return (0); 6185 } 6186 6187 void 6188 zonecfg_notify_critical_abort(void *h) 6189 { 6190 struct znotify *zevtchan = h; 6191 6192 zevtchan->zn_state = ZN_UNLOCKED; 6193 zevtchan->zn_failed = B_FALSE; 6194 /* 6195 * Don't do anything about zn_lock. If it is held, it could only be 6196 * held by zn_cb and it will be unlocked soon. 6197 */ 6198 (void) pthread_mutex_unlock(&(zevtchan->zn_bigmutex)); 6199 } 6200 6201 void * 6202 zonecfg_notify_bind(int(*func)(const char *zonename, zoneid_t zid, 6203 const char *newstate, const char *oldstate, hrtime_t when, void *p), 6204 void *p) 6205 { 6206 struct znotify *zevtchan; 6207 int i = 1; 6208 int r; 6209 6210 zevtchan = malloc(sizeof (struct znotify)); 6211 6212 if (zevtchan == NULL) 6213 return (NULL); 6214 6215 zevtchan->zn_private = p; 6216 zevtchan->zn_callback = func; 6217 zevtchan->zn_state = ZN_UNLOCKED; 6218 zevtchan->zn_failed = B_FALSE; 6219 6220 if (pthread_mutex_init(&(zevtchan->zn_mutex), NULL)) 6221 goto out3; 6222 if (pthread_cond_init(&(zevtchan->zn_cond), NULL)) { 6223 (void) pthread_mutex_destroy(&(zevtchan->zn_mutex)); 6224 goto out3; 6225 } 6226 if (pthread_mutex_init(&(zevtchan->zn_bigmutex), NULL)) { 6227 (void) pthread_mutex_destroy(&(zevtchan->zn_mutex)); 6228 (void) pthread_cond_destroy(&(zevtchan->zn_cond)); 6229 goto out3; 6230 } 6231 6232 if (sysevent_evc_bind(ZONE_EVENT_CHANNEL, &(zevtchan->zn_eventchan), 6233 0) != 0) 6234 goto out2; 6235 6236 do { 6237 /* 6238 * At 4 digits the subscriber ID gets too long and we have 6239 * no chance of successfully registering. 6240 */ 6241 if (i > 999) 6242 goto out1; 6243 6244 (void) sprintf(zevtchan->zn_subscriber_id, "zone_%li_%i", 6245 getpid() % 999999l, i); 6246 6247 r = sysevent_evc_subscribe(zevtchan->zn_eventchan, 6248 zevtchan->zn_subscriber_id, ZONE_EVENT_STATUS_CLASS, zn_cb, 6249 zevtchan, 0); 6250 6251 i++; 6252 6253 } while (r); 6254 6255 return (zevtchan); 6256 out1: 6257 (void) sysevent_evc_unbind(zevtchan->zn_eventchan); 6258 out2: 6259 (void) pthread_mutex_destroy(&zevtchan->zn_mutex); 6260 (void) pthread_cond_destroy(&zevtchan->zn_cond); 6261 (void) pthread_mutex_destroy(&(zevtchan->zn_bigmutex)); 6262 out3: 6263 free(zevtchan); 6264 6265 return (NULL); 6266 } 6267 6268 void 6269 zonecfg_notify_unbind(void *handle) 6270 { 6271 6272 int ret; 6273 6274 (void) sysevent_evc_unbind(((struct znotify *)handle)->zn_eventchan); 6275 /* 6276 * Check that all evc threads have gone away. This should be 6277 * enforced by sysevent_evc_unbind. 6278 */ 6279 ret = pthread_mutex_trylock(&((struct znotify *)handle)->zn_mutex); 6280 6281 if (ret) 6282 abort(); 6283 6284 (void) pthread_mutex_unlock(&((struct znotify *)handle)->zn_mutex); 6285 (void) pthread_mutex_destroy(&((struct znotify *)handle)->zn_mutex); 6286 (void) pthread_cond_destroy(&((struct znotify *)handle)->zn_cond); 6287 (void) pthread_mutex_destroy(&((struct znotify *)handle)->zn_bigmutex); 6288 6289 free(handle); 6290 } 6291 6292 static int 6293 zonecfg_add_ds_core(zone_dochandle_t handle, struct zone_dstab *tabptr) 6294 { 6295 xmlNodePtr newnode, cur = handle->zone_dh_cur; 6296 int err; 6297 6298 newnode = xmlNewTextChild(cur, NULL, DTD_ELEM_DATASET, NULL); 6299 if ((err = newprop(newnode, DTD_ATTR_NAME, 6300 tabptr->zone_dataset_name)) != Z_OK) 6301 return (err); 6302 return (Z_OK); 6303 } 6304 6305 int 6306 zonecfg_add_ds(zone_dochandle_t handle, struct zone_dstab *tabptr) 6307 { 6308 int err; 6309 6310 if (tabptr == NULL) 6311 return (Z_INVAL); 6312 6313 if ((err = operation_prep(handle)) != Z_OK) 6314 return (err); 6315 6316 if ((err = zonecfg_add_ds_core(handle, tabptr)) != Z_OK) 6317 return (err); 6318 6319 return (Z_OK); 6320 } 6321 6322 static int 6323 zonecfg_delete_ds_core(zone_dochandle_t handle, struct zone_dstab *tabptr) 6324 { 6325 xmlNodePtr cur = handle->zone_dh_cur; 6326 6327 for (cur = cur->xmlChildrenNode; cur != NULL; cur = cur->next) { 6328 if (xmlStrcmp(cur->name, DTD_ELEM_DATASET)) 6329 continue; 6330 6331 if (match_prop(cur, DTD_ATTR_NAME, 6332 tabptr->zone_dataset_name)) { 6333 xmlUnlinkNode(cur); 6334 xmlFreeNode(cur); 6335 return (Z_OK); 6336 } 6337 } 6338 return (Z_NO_RESOURCE_ID); 6339 } 6340 6341 int 6342 zonecfg_delete_ds(zone_dochandle_t handle, struct zone_dstab *tabptr) 6343 { 6344 int err; 6345 6346 if (tabptr == NULL) 6347 return (Z_INVAL); 6348 6349 if ((err = operation_prep(handle)) != Z_OK) 6350 return (err); 6351 6352 if ((err = zonecfg_delete_ds_core(handle, tabptr)) != Z_OK) 6353 return (err); 6354 6355 return (Z_OK); 6356 } 6357 6358 int 6359 zonecfg_modify_ds( 6360 zone_dochandle_t handle, 6361 struct zone_dstab *oldtabptr, 6362 struct zone_dstab *newtabptr) 6363 { 6364 int err; 6365 6366 if (oldtabptr == NULL || newtabptr == NULL) 6367 return (Z_INVAL); 6368 6369 if ((err = operation_prep(handle)) != Z_OK) 6370 return (err); 6371 6372 if ((err = zonecfg_delete_ds_core(handle, oldtabptr)) != Z_OK) 6373 return (err); 6374 6375 if ((err = zonecfg_add_ds_core(handle, newtabptr)) != Z_OK) 6376 return (err); 6377 6378 return (Z_OK); 6379 } 6380 6381 int 6382 zonecfg_lookup_ds(zone_dochandle_t handle, struct zone_dstab *tabptr) 6383 { 6384 xmlNodePtr cur, firstmatch; 6385 int err; 6386 char dataset[MAXNAMELEN]; 6387 6388 if (tabptr == NULL) 6389 return (Z_INVAL); 6390 6391 if ((err = operation_prep(handle)) != Z_OK) 6392 return (err); 6393 6394 cur = handle->zone_dh_cur; 6395 firstmatch = NULL; 6396 for (cur = cur->xmlChildrenNode; cur != NULL; cur = cur->next) { 6397 if (xmlStrcmp(cur->name, DTD_ELEM_DATASET)) 6398 continue; 6399 if (strlen(tabptr->zone_dataset_name) > 0) { 6400 if ((fetchprop(cur, DTD_ATTR_NAME, dataset, 6401 sizeof (dataset)) == Z_OK) && 6402 (strcmp(tabptr->zone_dataset_name, 6403 dataset) == 0)) { 6404 if (firstmatch == NULL) 6405 firstmatch = cur; 6406 else 6407 return (Z_INSUFFICIENT_SPEC); 6408 } 6409 } 6410 } 6411 if (firstmatch == NULL) 6412 return (Z_NO_RESOURCE_ID); 6413 6414 cur = firstmatch; 6415 6416 if ((err = fetchprop(cur, DTD_ATTR_NAME, tabptr->zone_dataset_name, 6417 sizeof (tabptr->zone_dataset_name))) != Z_OK) 6418 return (err); 6419 6420 return (Z_OK); 6421 } 6422 6423 int 6424 zonecfg_setdsent(zone_dochandle_t handle) 6425 { 6426 return (zonecfg_setent(handle)); 6427 } 6428 6429 int 6430 zonecfg_getdsent(zone_dochandle_t handle, struct zone_dstab *tabptr) 6431 { 6432 xmlNodePtr cur; 6433 int err; 6434 6435 if (handle == NULL) 6436 return (Z_INVAL); 6437 6438 if ((cur = handle->zone_dh_cur) == NULL) 6439 return (Z_NO_ENTRY); 6440 6441 for (; cur != NULL; cur = cur->next) 6442 if (!xmlStrcmp(cur->name, DTD_ELEM_DATASET)) 6443 break; 6444 if (cur == NULL) { 6445 handle->zone_dh_cur = handle->zone_dh_top; 6446 return (Z_NO_ENTRY); 6447 } 6448 6449 if ((err = fetchprop(cur, DTD_ATTR_NAME, tabptr->zone_dataset_name, 6450 sizeof (tabptr->zone_dataset_name))) != Z_OK) { 6451 handle->zone_dh_cur = handle->zone_dh_top; 6452 return (err); 6453 } 6454 6455 handle->zone_dh_cur = cur->next; 6456 return (Z_OK); 6457 } 6458 6459 int 6460 zonecfg_enddsent(zone_dochandle_t handle) 6461 { 6462 return (zonecfg_endent(handle)); 6463 } 6464 6465 /* 6466 * Support for aliased rctls; that is, rctls that have simplified names in 6467 * zonecfg. For example, max-lwps is an alias for a well defined zone.max-lwps 6468 * rctl. If there are multiple existing values for one of these rctls or if 6469 * there is a single value that does not match the well defined template (i.e. 6470 * it has a different action) then we cannot treat the rctl as having an alias 6471 * so we return Z_ALIAS_DISALLOW. That means that the rctl cannot be 6472 * managed in zonecfg via an alias and that the standard rctl syntax must be 6473 * used. 6474 * 6475 * The possible return values are: 6476 * Z_NO_PROPERTY_ID - invalid alias name 6477 * Z_ALIAS_DISALLOW - pre-existing, incompatible rctl definition 6478 * Z_NO_ENTRY - no rctl is configured for this alias 6479 * Z_OK - we got a valid rctl for the specified alias 6480 */ 6481 int 6482 zonecfg_get_aliased_rctl(zone_dochandle_t handle, char *name, uint64_t *rval) 6483 { 6484 boolean_t found = B_FALSE; 6485 boolean_t found_val = B_FALSE; 6486 xmlNodePtr cur, val; 6487 char savedname[MAXNAMELEN]; 6488 struct zone_rctlvaltab rctl; 6489 int i; 6490 int err; 6491 6492 for (i = 0; aliases[i].shortname != NULL; i++) 6493 if (strcmp(name, aliases[i].shortname) == 0) 6494 break; 6495 6496 if (aliases[i].shortname == NULL) 6497 return (Z_NO_PROPERTY_ID); 6498 6499 if ((err = operation_prep(handle)) != Z_OK) 6500 return (err); 6501 6502 cur = handle->zone_dh_cur; 6503 for (cur = cur->xmlChildrenNode; cur != NULL; cur = cur->next) { 6504 if (xmlStrcmp(cur->name, DTD_ELEM_RCTL) != 0) 6505 continue; 6506 if ((fetchprop(cur, DTD_ATTR_NAME, savedname, 6507 sizeof (savedname)) == Z_OK) && 6508 (strcmp(savedname, aliases[i].realname) == 0)) { 6509 6510 /* 6511 * If we already saw one of these, we can't have an 6512 * alias since we just found another. 6513 */ 6514 if (found) 6515 return (Z_ALIAS_DISALLOW); 6516 found = B_TRUE; 6517 6518 for (val = cur->xmlChildrenNode; val != NULL; 6519 val = val->next) { 6520 /* 6521 * If we already have one value, we can't have 6522 * an alias since we just found another. 6523 */ 6524 if (found_val) 6525 return (Z_ALIAS_DISALLOW); 6526 found_val = B_TRUE; 6527 6528 if ((fetchprop(val, DTD_ATTR_PRIV, 6529 rctl.zone_rctlval_priv, 6530 sizeof (rctl.zone_rctlval_priv)) != Z_OK)) 6531 break; 6532 if ((fetchprop(val, DTD_ATTR_LIMIT, 6533 rctl.zone_rctlval_limit, 6534 sizeof (rctl.zone_rctlval_limit)) != Z_OK)) 6535 break; 6536 if ((fetchprop(val, DTD_ATTR_ACTION, 6537 rctl.zone_rctlval_action, 6538 sizeof (rctl.zone_rctlval_action)) != Z_OK)) 6539 break; 6540 } 6541 6542 /* check priv and action match the expected vals */ 6543 if (strcmp(rctl.zone_rctlval_priv, 6544 aliases[i].priv) != 0 || 6545 strcmp(rctl.zone_rctlval_action, 6546 aliases[i].action) != 0) 6547 return (Z_ALIAS_DISALLOW); 6548 } 6549 } 6550 6551 if (found) { 6552 *rval = strtoull(rctl.zone_rctlval_limit, NULL, 10); 6553 return (Z_OK); 6554 } 6555 6556 return (Z_NO_ENTRY); 6557 } 6558 6559 int 6560 zonecfg_rm_aliased_rctl(zone_dochandle_t handle, char *name) 6561 { 6562 int i; 6563 uint64_t val; 6564 struct zone_rctltab rctltab; 6565 6566 /* 6567 * First check that we have a valid aliased rctl to remove. 6568 * This will catch an rctl entry with non-standard values or 6569 * multiple rctl values for this name. We need to ignore those 6570 * rctl entries. 6571 */ 6572 if (zonecfg_get_aliased_rctl(handle, name, &val) != Z_OK) 6573 return (Z_OK); 6574 6575 for (i = 0; aliases[i].shortname != NULL; i++) 6576 if (strcmp(name, aliases[i].shortname) == 0) 6577 break; 6578 6579 if (aliases[i].shortname == NULL) 6580 return (Z_NO_RESOURCE_ID); 6581 6582 (void) strlcpy(rctltab.zone_rctl_name, aliases[i].realname, 6583 sizeof (rctltab.zone_rctl_name)); 6584 6585 return (zonecfg_delete_rctl(handle, &rctltab)); 6586 } 6587 6588 boolean_t 6589 zonecfg_aliased_rctl_ok(zone_dochandle_t handle, char *name) 6590 { 6591 uint64_t tmp_val; 6592 6593 switch (zonecfg_get_aliased_rctl(handle, name, &tmp_val)) { 6594 case Z_OK: 6595 /*FALLTHRU*/ 6596 case Z_NO_ENTRY: 6597 return (B_TRUE); 6598 default: 6599 return (B_FALSE); 6600 } 6601 } 6602 6603 int 6604 zonecfg_set_aliased_rctl(zone_dochandle_t handle, char *name, uint64_t val) 6605 { 6606 int i; 6607 int err; 6608 struct zone_rctltab rctltab; 6609 struct zone_rctlvaltab *rctlvaltab; 6610 char buf[128]; 6611 6612 if (!zonecfg_aliased_rctl_ok(handle, name)) 6613 return (Z_ALIAS_DISALLOW); 6614 6615 for (i = 0; aliases[i].shortname != NULL; i++) 6616 if (strcmp(name, aliases[i].shortname) == 0) 6617 break; 6618 6619 if (aliases[i].shortname == NULL) 6620 return (Z_NO_RESOURCE_ID); 6621 6622 /* remove any pre-existing definition for this rctl */ 6623 (void) zonecfg_rm_aliased_rctl(handle, name); 6624 6625 (void) strlcpy(rctltab.zone_rctl_name, aliases[i].realname, 6626 sizeof (rctltab.zone_rctl_name)); 6627 6628 rctltab.zone_rctl_valptr = NULL; 6629 6630 if ((rctlvaltab = calloc(1, sizeof (struct zone_rctlvaltab))) == NULL) 6631 return (Z_NOMEM); 6632 6633 (void) snprintf(buf, sizeof (buf), "%llu", (long long)val); 6634 6635 (void) strlcpy(rctlvaltab->zone_rctlval_priv, aliases[i].priv, 6636 sizeof (rctlvaltab->zone_rctlval_priv)); 6637 (void) strlcpy(rctlvaltab->zone_rctlval_limit, buf, 6638 sizeof (rctlvaltab->zone_rctlval_limit)); 6639 (void) strlcpy(rctlvaltab->zone_rctlval_action, aliases[i].action, 6640 sizeof (rctlvaltab->zone_rctlval_action)); 6641 6642 rctlvaltab->zone_rctlval_next = NULL; 6643 6644 if ((err = zonecfg_add_rctl_value(&rctltab, rctlvaltab)) != Z_OK) 6645 return (err); 6646 6647 return (zonecfg_add_rctl(handle, &rctltab)); 6648 } 6649 6650 static int 6651 delete_tmp_pool(zone_dochandle_t handle) 6652 { 6653 int err; 6654 xmlNodePtr cur = handle->zone_dh_cur; 6655 6656 if ((err = operation_prep(handle)) != Z_OK) 6657 return (err); 6658 6659 for (cur = cur->xmlChildrenNode; cur != NULL; cur = cur->next) { 6660 if (xmlStrcmp(cur->name, DTD_ELEM_TMPPOOL) == 0) { 6661 xmlUnlinkNode(cur); 6662 xmlFreeNode(cur); 6663 return (Z_OK); 6664 } 6665 } 6666 6667 return (Z_NO_RESOURCE_ID); 6668 } 6669 6670 static int 6671 modify_tmp_pool(zone_dochandle_t handle, char *pool_importance) 6672 { 6673 int err; 6674 xmlNodePtr cur = handle->zone_dh_cur; 6675 xmlNodePtr newnode; 6676 6677 err = delete_tmp_pool(handle); 6678 if (err != Z_OK && err != Z_NO_RESOURCE_ID) 6679 return (err); 6680 6681 if (*pool_importance != '\0') { 6682 if ((err = operation_prep(handle)) != Z_OK) 6683 return (err); 6684 6685 newnode = xmlNewTextChild(cur, NULL, DTD_ELEM_TMPPOOL, NULL); 6686 if ((err = newprop(newnode, DTD_ATTR_IMPORTANCE, 6687 pool_importance)) != Z_OK) 6688 return (err); 6689 } 6690 6691 return (Z_OK); 6692 } 6693 6694 static int 6695 add_pset_core(zone_dochandle_t handle, struct zone_psettab *tabptr) 6696 { 6697 xmlNodePtr newnode, cur = handle->zone_dh_cur; 6698 int err; 6699 6700 newnode = xmlNewTextChild(cur, NULL, DTD_ELEM_PSET, NULL); 6701 if ((err = newprop(newnode, DTD_ATTR_NCPU_MIN, 6702 tabptr->zone_ncpu_min)) != Z_OK) 6703 return (err); 6704 if ((err = newprop(newnode, DTD_ATTR_NCPU_MAX, 6705 tabptr->zone_ncpu_max)) != Z_OK) 6706 return (err); 6707 6708 if ((err = modify_tmp_pool(handle, tabptr->zone_importance)) != Z_OK) 6709 return (err); 6710 6711 return (Z_OK); 6712 } 6713 6714 int 6715 zonecfg_add_pset(zone_dochandle_t handle, struct zone_psettab *tabptr) 6716 { 6717 int err; 6718 6719 if (tabptr == NULL) 6720 return (Z_INVAL); 6721 6722 if ((err = operation_prep(handle)) != Z_OK) 6723 return (err); 6724 6725 if ((err = add_pset_core(handle, tabptr)) != Z_OK) 6726 return (err); 6727 6728 return (Z_OK); 6729 } 6730 6731 int 6732 zonecfg_delete_pset(zone_dochandle_t handle) 6733 { 6734 int err; 6735 int res = Z_NO_RESOURCE_ID; 6736 xmlNodePtr cur = handle->zone_dh_cur; 6737 6738 if ((err = operation_prep(handle)) != Z_OK) 6739 return (err); 6740 6741 for (cur = cur->xmlChildrenNode; cur != NULL; cur = cur->next) { 6742 if (xmlStrcmp(cur->name, DTD_ELEM_PSET) == 0) { 6743 xmlUnlinkNode(cur); 6744 xmlFreeNode(cur); 6745 res = Z_OK; 6746 break; 6747 } 6748 } 6749 6750 /* 6751 * Once we have msets, we should check that a mset 6752 * do not exist before we delete the tmp_pool data. 6753 */ 6754 err = delete_tmp_pool(handle); 6755 if (err != Z_OK && err != Z_NO_RESOURCE_ID) 6756 return (err); 6757 6758 return (res); 6759 } 6760 6761 int 6762 zonecfg_modify_pset(zone_dochandle_t handle, struct zone_psettab *tabptr) 6763 { 6764 int err; 6765 6766 if (tabptr == NULL) 6767 return (Z_INVAL); 6768 6769 if ((err = zonecfg_delete_pset(handle)) != Z_OK) 6770 return (err); 6771 6772 if ((err = add_pset_core(handle, tabptr)) != Z_OK) 6773 return (err); 6774 6775 return (Z_OK); 6776 } 6777 6778 int 6779 zonecfg_lookup_pset(zone_dochandle_t handle, struct zone_psettab *tabptr) 6780 { 6781 xmlNodePtr cur; 6782 int err; 6783 int res = Z_NO_ENTRY; 6784 6785 if (tabptr == NULL) 6786 return (Z_INVAL); 6787 6788 if ((err = operation_prep(handle)) != Z_OK) 6789 return (err); 6790 6791 /* this is an optional component */ 6792 tabptr->zone_importance[0] = '\0'; 6793 6794 cur = handle->zone_dh_cur; 6795 for (cur = cur->xmlChildrenNode; cur != NULL; cur = cur->next) { 6796 if (xmlStrcmp(cur->name, DTD_ELEM_PSET) == 0) { 6797 if ((err = fetchprop(cur, DTD_ATTR_NCPU_MIN, 6798 tabptr->zone_ncpu_min, 6799 sizeof (tabptr->zone_ncpu_min))) != Z_OK) { 6800 handle->zone_dh_cur = handle->zone_dh_top; 6801 return (err); 6802 } 6803 6804 if ((err = fetchprop(cur, DTD_ATTR_NCPU_MAX, 6805 tabptr->zone_ncpu_max, 6806 sizeof (tabptr->zone_ncpu_max))) != Z_OK) { 6807 handle->zone_dh_cur = handle->zone_dh_top; 6808 return (err); 6809 } 6810 6811 res = Z_OK; 6812 6813 } else if (xmlStrcmp(cur->name, DTD_ELEM_TMPPOOL) == 0) { 6814 if ((err = fetchprop(cur, DTD_ATTR_IMPORTANCE, 6815 tabptr->zone_importance, 6816 sizeof (tabptr->zone_importance))) != Z_OK) { 6817 handle->zone_dh_cur = handle->zone_dh_top; 6818 return (err); 6819 } 6820 } 6821 } 6822 6823 return (res); 6824 } 6825 6826 int 6827 zonecfg_getpsetent(zone_dochandle_t handle, struct zone_psettab *tabptr) 6828 { 6829 int err; 6830 6831 if ((err = zonecfg_setent(handle)) != Z_OK) 6832 return (err); 6833 6834 err = zonecfg_lookup_pset(handle, tabptr); 6835 6836 (void) zonecfg_endent(handle); 6837 6838 return (err); 6839 } 6840 6841 static int 6842 add_mcap(zone_dochandle_t handle, struct zone_mcaptab *tabptr) 6843 { 6844 xmlNodePtr newnode, cur = handle->zone_dh_cur; 6845 int err; 6846 6847 newnode = xmlNewTextChild(cur, NULL, DTD_ELEM_MCAP, NULL); 6848 if ((err = newprop(newnode, DTD_ATTR_PHYSCAP, tabptr->zone_physmem_cap)) 6849 != Z_OK) 6850 return (err); 6851 6852 return (Z_OK); 6853 } 6854 6855 int 6856 zonecfg_delete_mcap(zone_dochandle_t handle) 6857 { 6858 int err; 6859 xmlNodePtr cur = handle->zone_dh_cur; 6860 6861 if ((err = operation_prep(handle)) != Z_OK) 6862 return (err); 6863 6864 for (cur = cur->xmlChildrenNode; cur != NULL; cur = cur->next) { 6865 if (xmlStrcmp(cur->name, DTD_ELEM_MCAP) != 0) 6866 continue; 6867 6868 xmlUnlinkNode(cur); 6869 xmlFreeNode(cur); 6870 return (Z_OK); 6871 } 6872 return (Z_NO_RESOURCE_ID); 6873 } 6874 6875 int 6876 zonecfg_modify_mcap(zone_dochandle_t handle, struct zone_mcaptab *tabptr) 6877 { 6878 int err; 6879 6880 if (tabptr == NULL) 6881 return (Z_INVAL); 6882 6883 err = zonecfg_delete_mcap(handle); 6884 /* it is ok if there is no mcap entry */ 6885 if (err != Z_OK && err != Z_NO_RESOURCE_ID) 6886 return (err); 6887 6888 if ((err = add_mcap(handle, tabptr)) != Z_OK) 6889 return (err); 6890 6891 return (Z_OK); 6892 } 6893 6894 int 6895 zonecfg_lookup_mcap(zone_dochandle_t handle, struct zone_mcaptab *tabptr) 6896 { 6897 xmlNodePtr cur; 6898 int err; 6899 6900 if (tabptr == NULL) 6901 return (Z_INVAL); 6902 6903 if ((err = operation_prep(handle)) != Z_OK) 6904 return (err); 6905 6906 cur = handle->zone_dh_cur; 6907 for (cur = cur->xmlChildrenNode; cur != NULL; cur = cur->next) { 6908 if (xmlStrcmp(cur->name, DTD_ELEM_MCAP) != 0) 6909 continue; 6910 if ((err = fetchprop(cur, DTD_ATTR_PHYSCAP, 6911 tabptr->zone_physmem_cap, 6912 sizeof (tabptr->zone_physmem_cap))) != Z_OK) { 6913 handle->zone_dh_cur = handle->zone_dh_top; 6914 return (err); 6915 } 6916 6917 return (Z_OK); 6918 } 6919 6920 return (Z_NO_ENTRY); 6921 } 6922 6923 static int 6924 getmcapent_core(zone_dochandle_t handle, struct zone_mcaptab *tabptr) 6925 { 6926 xmlNodePtr cur; 6927 int err; 6928 6929 if (handle == NULL) 6930 return (Z_INVAL); 6931 6932 if ((cur = handle->zone_dh_cur) == NULL) 6933 return (Z_NO_ENTRY); 6934 6935 for (; cur != NULL; cur = cur->next) 6936 if (xmlStrcmp(cur->name, DTD_ELEM_MCAP) == 0) 6937 break; 6938 if (cur == NULL) { 6939 handle->zone_dh_cur = handle->zone_dh_top; 6940 return (Z_NO_ENTRY); 6941 } 6942 6943 if ((err = fetchprop(cur, DTD_ATTR_PHYSCAP, tabptr->zone_physmem_cap, 6944 sizeof (tabptr->zone_physmem_cap))) != Z_OK) { 6945 handle->zone_dh_cur = handle->zone_dh_top; 6946 return (err); 6947 } 6948 6949 handle->zone_dh_cur = cur->next; 6950 return (Z_OK); 6951 } 6952 6953 int 6954 zonecfg_getmcapent(zone_dochandle_t handle, struct zone_mcaptab *tabptr) 6955 { 6956 int err; 6957 6958 if ((err = zonecfg_setent(handle)) != Z_OK) 6959 return (err); 6960 6961 err = getmcapent_core(handle, tabptr); 6962 6963 (void) zonecfg_endent(handle); 6964 6965 return (err); 6966 } 6967 6968 /* 6969 * Get the full tree of pkg metadata in a set of nested AVL trees. 6970 * pkgs_avl is an AVL tree of pkgs. 6971 * 6972 * The zone xml data contains DTD_ELEM_PACKAGE elements. 6973 */ 6974 int 6975 zonecfg_getpkgdata(zone_dochandle_t handle, uu_avl_pool_t *pkg_pool, 6976 uu_avl_t *pkgs_avl) 6977 { 6978 xmlNodePtr cur; 6979 int res; 6980 zone_pkg_entry_t *pkg; 6981 char name[MAXNAMELEN]; 6982 char version[ZONE_PKG_VERSMAX]; 6983 6984 if (handle == NULL) 6985 return (Z_INVAL); 6986 6987 if ((res = zonecfg_setent(handle)) != Z_OK) 6988 return (res); 6989 6990 if ((cur = handle->zone_dh_cur) == NULL) { 6991 res = Z_NO_ENTRY; 6992 goto done; 6993 } 6994 6995 for (; cur != NULL; cur = cur->next) { 6996 if (xmlStrcmp(cur->name, DTD_ELEM_PACKAGE) == 0) { 6997 uu_avl_index_t where; 6998 6999 if ((res = fetchprop(cur, DTD_ATTR_NAME, name, 7000 sizeof (name))) != Z_OK) 7001 goto done; 7002 7003 if ((res = fetchprop(cur, DTD_ATTR_VERSION, version, 7004 sizeof (version))) != Z_OK) 7005 goto done; 7006 7007 if ((pkg = (zone_pkg_entry_t *) 7008 malloc(sizeof (zone_pkg_entry_t))) == NULL) { 7009 res = Z_NOMEM; 7010 goto done; 7011 } 7012 7013 if ((pkg->zpe_name = strdup(name)) == NULL) { 7014 free(pkg); 7015 res = Z_NOMEM; 7016 goto done; 7017 } 7018 7019 if ((pkg->zpe_vers = strdup(version)) == NULL) { 7020 free(pkg->zpe_name); 7021 free(pkg); 7022 res = Z_NOMEM; 7023 goto done; 7024 } 7025 7026 uu_avl_node_init(pkg, &pkg->zpe_entry, pkg_pool); 7027 if (uu_avl_find(pkgs_avl, pkg, NULL, &where) != NULL) { 7028 free(pkg->zpe_name); 7029 free(pkg->zpe_vers); 7030 free(pkg); 7031 } else { 7032 uu_avl_insert(pkgs_avl, pkg, where); 7033 } 7034 } 7035 } 7036 7037 done: 7038 (void) zonecfg_endent(handle); 7039 return (res); 7040 } 7041 7042 int 7043 zonecfg_setdevperment(zone_dochandle_t handle) 7044 { 7045 return (zonecfg_setent(handle)); 7046 } 7047 7048 int 7049 zonecfg_getdevperment(zone_dochandle_t handle, struct zone_devpermtab *tabptr) 7050 { 7051 xmlNodePtr cur; 7052 int err; 7053 char buf[128]; 7054 7055 tabptr->zone_devperm_acl = NULL; 7056 7057 if (handle == NULL) 7058 return (Z_INVAL); 7059 7060 if ((cur = handle->zone_dh_cur) == NULL) 7061 return (Z_NO_ENTRY); 7062 7063 for (; cur != NULL; cur = cur->next) 7064 if (!xmlStrcmp(cur->name, DTD_ELEM_DEV_PERM)) 7065 break; 7066 if (cur == NULL) { 7067 handle->zone_dh_cur = handle->zone_dh_top; 7068 return (Z_NO_ENTRY); 7069 } 7070 7071 if ((err = fetchprop(cur, DTD_ATTR_NAME, tabptr->zone_devperm_name, 7072 sizeof (tabptr->zone_devperm_name))) != Z_OK) { 7073 handle->zone_dh_cur = handle->zone_dh_top; 7074 return (err); 7075 } 7076 7077 if ((err = fetchprop(cur, DTD_ATTR_UID, buf, sizeof (buf))) != Z_OK) { 7078 handle->zone_dh_cur = handle->zone_dh_top; 7079 return (err); 7080 } 7081 tabptr->zone_devperm_uid = (uid_t)atol(buf); 7082 7083 if ((err = fetchprop(cur, DTD_ATTR_GID, buf, sizeof (buf))) != Z_OK) { 7084 handle->zone_dh_cur = handle->zone_dh_top; 7085 return (err); 7086 } 7087 tabptr->zone_devperm_gid = (gid_t)atol(buf); 7088 7089 if ((err = fetchprop(cur, DTD_ATTR_MODE, buf, sizeof (buf))) != Z_OK) { 7090 handle->zone_dh_cur = handle->zone_dh_top; 7091 return (err); 7092 } 7093 tabptr->zone_devperm_mode = (mode_t)strtol(buf, (char **)NULL, 8); 7094 7095 if ((err = fetch_alloc_prop(cur, DTD_ATTR_ACL, 7096 &(tabptr->zone_devperm_acl))) != Z_OK) { 7097 handle->zone_dh_cur = handle->zone_dh_top; 7098 return (err); 7099 } 7100 7101 handle->zone_dh_cur = cur->next; 7102 return (Z_OK); 7103 } 7104 7105 int 7106 zonecfg_enddevperment(zone_dochandle_t handle) 7107 { 7108 return (zonecfg_endent(handle)); 7109 } 7110 7111 /* PRINTFLIKE1 */ 7112 static void 7113 zerror(const char *zone_name, const char *fmt, ...) 7114 { 7115 va_list alist; 7116 7117 va_start(alist, fmt); 7118 (void) fprintf(stderr, "zone '%s': ", zone_name); 7119 (void) vfprintf(stderr, fmt, alist); 7120 (void) fprintf(stderr, "\n"); 7121 va_end(alist); 7122 } 7123 7124 static void 7125 zperror(const char *str) 7126 { 7127 (void) fprintf(stderr, "%s: %s\n", str, strerror(errno)); 7128 } 7129 7130 /* 7131 * The following three routines implement a simple locking mechanism to 7132 * ensure that only one instance of zoneadm at a time is able to manipulate 7133 * a given zone. The lock is built on top of an fcntl(2) lock of 7134 * [<altroot>]/var/run/zones/<zonename>.zoneadm.lock. If a zoneadm instance 7135 * can grab that lock, it is allowed to manipulate the zone. 7136 * 7137 * Since zoneadm may call external applications which in turn invoke 7138 * zoneadm again, we introduce the notion of "lock inheritance". Any 7139 * instance of zoneadm that has another instance in its ancestry is assumed 7140 * to be acting on behalf of the original zoneadm, and is thus allowed to 7141 * manipulate its zone. 7142 * 7143 * This inheritance is implemented via the _ZONEADM_LOCK_HELD environment 7144 * variable. When zoneadm is granted a lock on its zone, this environment 7145 * variable is set to 1. When it releases the lock, the variable is set to 7146 * 0. Since a child process inherits its parent's environment, checking 7147 * the state of this variable indicates whether or not any ancestor owns 7148 * the lock. 7149 */ 7150 void 7151 zonecfg_init_lock_file(const char *zone_name, char **lock_env) 7152 { 7153 *lock_env = getenv(LOCK_ENV_VAR); 7154 if (*lock_env == NULL) { 7155 if (putenv(zoneadm_lock_not_held) != 0) { 7156 zerror(zone_name, gettext("could not set env: %s"), 7157 strerror(errno)); 7158 exit(1); 7159 } 7160 } else { 7161 if (atoi(*lock_env) == 1) 7162 zone_lock_cnt = 1; 7163 } 7164 } 7165 7166 void 7167 zonecfg_release_lock_file(const char *zone_name, int lockfd) 7168 { 7169 /* 7170 * If we are cleaning up from a failed attempt to lock the zone for 7171 * the first time, we might have a zone_lock_cnt of 0. In that 7172 * error case, we don't want to do anything but close the lock 7173 * file. 7174 */ 7175 assert(zone_lock_cnt >= 0); 7176 if (zone_lock_cnt > 0) { 7177 assert(getenv(LOCK_ENV_VAR) != NULL); 7178 assert(atoi(getenv(LOCK_ENV_VAR)) == 1); 7179 if (--zone_lock_cnt > 0) { 7180 assert(lockfd == -1); 7181 return; 7182 } 7183 if (putenv(zoneadm_lock_not_held) != 0) { 7184 zerror(zone_name, gettext("could not set env: %s"), 7185 strerror(errno)); 7186 exit(1); 7187 } 7188 } 7189 assert(lockfd >= 0); 7190 (void) close(lockfd); 7191 } 7192 7193 int 7194 zonecfg_grab_lock_file(const char *zone_name, int *lockfd) 7195 { 7196 char pathbuf[PATH_MAX]; 7197 struct flock flock; 7198 7199 /* 7200 * If we already have the lock, we can skip this expensive song 7201 * and dance. 7202 */ 7203 assert(zone_lock_cnt >= 0); 7204 assert(getenv(LOCK_ENV_VAR) != NULL); 7205 if (zone_lock_cnt > 0) { 7206 assert(atoi(getenv(LOCK_ENV_VAR)) == 1); 7207 zone_lock_cnt++; 7208 *lockfd = -1; 7209 return (Z_OK); 7210 } 7211 assert(getenv(LOCK_ENV_VAR) != NULL); 7212 assert(atoi(getenv(LOCK_ENV_VAR)) == 0); 7213 7214 if (snprintf(pathbuf, sizeof (pathbuf), "%s%s", zonecfg_get_root(), 7215 ZONES_TMPDIR) >= sizeof (pathbuf)) { 7216 zerror(zone_name, gettext("alternate root path is too long")); 7217 return (-1); 7218 } 7219 if (mkdir(pathbuf, S_IRWXU) < 0 && errno != EEXIST) { 7220 zerror(zone_name, gettext("could not mkdir %s: %s"), pathbuf, 7221 strerror(errno)); 7222 return (-1); 7223 } 7224 (void) chmod(pathbuf, S_IRWXU); 7225 7226 /* 7227 * One of these lock files is created for each zone (when needed). 7228 * The lock files are not cleaned up (except on system reboot), 7229 * but since there is only one per zone, there is no resource 7230 * starvation issue. 7231 */ 7232 if (snprintf(pathbuf, sizeof (pathbuf), "%s%s/%s.zoneadm.lock", 7233 zonecfg_get_root(), ZONES_TMPDIR, zone_name) >= sizeof (pathbuf)) { 7234 zerror(zone_name, gettext("alternate root path is too long")); 7235 return (-1); 7236 } 7237 if ((*lockfd = open(pathbuf, O_RDWR|O_CREAT, S_IRUSR|S_IWUSR)) < 0) { 7238 zerror(zone_name, gettext("could not open %s: %s"), pathbuf, 7239 strerror(errno)); 7240 return (-1); 7241 } 7242 /* 7243 * Lock the file to synchronize with other zoneadmds 7244 */ 7245 flock.l_type = F_WRLCK; 7246 flock.l_whence = SEEK_SET; 7247 flock.l_start = (off_t)0; 7248 flock.l_len = (off_t)0; 7249 if ((fcntl(*lockfd, F_SETLKW, &flock) < 0) || 7250 (putenv(zoneadm_lock_held) != 0)) { 7251 zerror(zone_name, gettext("unable to lock %s: %s"), pathbuf, 7252 strerror(errno)); 7253 zonecfg_release_lock_file(zone_name, *lockfd); 7254 return (-1); 7255 } 7256 zone_lock_cnt = 1; 7257 return (Z_OK); 7258 } 7259 7260 boolean_t 7261 zonecfg_lock_file_held(int *lockfd) 7262 { 7263 if (*lockfd >= 0 || zone_lock_cnt > 0) 7264 return (B_TRUE); 7265 return (B_FALSE); 7266 } 7267 7268 static boolean_t 7269 get_doorname(const char *zone_name, char *buffer) 7270 { 7271 return (snprintf(buffer, PATH_MAX, "%s" ZONE_DOOR_PATH, 7272 zonecfg_get_root(), zone_name) < PATH_MAX); 7273 } 7274 7275 /* 7276 * system daemons are not audited. For the global zone, this occurs 7277 * "naturally" since init is started with the default audit 7278 * characteristics. Since zoneadmd is a system daemon and it starts 7279 * init for a zone, it is necessary to clear out the audit 7280 * characteristics inherited from whomever started zoneadmd. This is 7281 * indicated by the audit id, which is set from the ruid parameter of 7282 * adt_set_user(), below. 7283 */ 7284 7285 static void 7286 prepare_audit_context(const char *zone_name) 7287 { 7288 adt_session_data_t *ah; 7289 char *failure = gettext("audit failure: %s"); 7290 7291 if (adt_start_session(&ah, NULL, 0)) { 7292 zerror(zone_name, failure, strerror(errno)); 7293 return; 7294 } 7295 if (adt_set_user(ah, ADT_NO_AUDIT, ADT_NO_AUDIT, 7296 ADT_NO_AUDIT, ADT_NO_AUDIT, NULL, ADT_NEW)) { 7297 zerror(zone_name, failure, strerror(errno)); 7298 (void) adt_end_session(ah); 7299 return; 7300 } 7301 if (adt_set_proc(ah)) 7302 zerror(zone_name, failure, strerror(errno)); 7303 7304 (void) adt_end_session(ah); 7305 } 7306 7307 static int 7308 start_zoneadmd(const char *zone_name, boolean_t lock) 7309 { 7310 char doorpath[PATH_MAX]; 7311 pid_t child_pid; 7312 int error = -1; 7313 int doorfd, lockfd; 7314 struct door_info info; 7315 7316 if (!get_doorname(zone_name, doorpath)) 7317 return (-1); 7318 7319 if (lock) 7320 if (zonecfg_grab_lock_file(zone_name, &lockfd) != Z_OK) 7321 return (-1); 7322 7323 /* 7324 * Now that we have the lock, re-confirm that the daemon is 7325 * *not* up and working fine. If it is still down, we have a green 7326 * light to start it. 7327 */ 7328 if ((doorfd = open(doorpath, O_RDONLY)) < 0) { 7329 if (errno != ENOENT) { 7330 zperror(doorpath); 7331 goto out; 7332 } 7333 } else { 7334 if (door_info(doorfd, &info) == 0 && 7335 ((info.di_attributes & DOOR_REVOKED) == 0)) { 7336 error = Z_OK; 7337 (void) close(doorfd); 7338 goto out; 7339 } 7340 (void) close(doorfd); 7341 } 7342 7343 if ((child_pid = fork()) == -1) { 7344 zperror(gettext("could not fork")); 7345 goto out; 7346 } 7347 7348 if (child_pid == 0) { 7349 const char *argv[6], **ap; 7350 7351 /* child process */ 7352 prepare_audit_context(zone_name); 7353 7354 ap = argv; 7355 *ap++ = "zoneadmd"; 7356 *ap++ = "-z"; 7357 *ap++ = zone_name; 7358 if (zonecfg_in_alt_root()) { 7359 *ap++ = "-R"; 7360 *ap++ = zonecfg_get_root(); 7361 } 7362 *ap = NULL; 7363 7364 (void) execv("/usr/lib/zones/zoneadmd", (char * const *)argv); 7365 /* 7366 * TRANSLATION_NOTE 7367 * zoneadmd is a literal that should not be translated. 7368 */ 7369 zperror(gettext("could not exec zoneadmd")); 7370 _exit(1); 7371 } else { 7372 /* parent process */ 7373 pid_t retval; 7374 int pstatus = 0; 7375 7376 do { 7377 retval = waitpid(child_pid, &pstatus, 0); 7378 } while (retval != child_pid); 7379 if (WIFSIGNALED(pstatus) || (WIFEXITED(pstatus) && 7380 WEXITSTATUS(pstatus) != 0)) { 7381 zerror(zone_name, gettext("could not start %s"), 7382 "zoneadmd"); 7383 goto out; 7384 } 7385 } 7386 error = Z_OK; 7387 out: 7388 if (lock) 7389 zonecfg_release_lock_file(zone_name, lockfd); 7390 return (error); 7391 } 7392 7393 int 7394 zonecfg_ping_zoneadmd(const char *zone_name) 7395 { 7396 char doorpath[PATH_MAX]; 7397 int doorfd; 7398 struct door_info info; 7399 7400 if (!get_doorname(zone_name, doorpath)) 7401 return (-1); 7402 7403 if ((doorfd = open(doorpath, O_RDONLY)) < 0) { 7404 return (-1); 7405 } 7406 if (door_info(doorfd, &info) == 0 && 7407 ((info.di_attributes & DOOR_REVOKED) == 0)) { 7408 (void) close(doorfd); 7409 return (Z_OK); 7410 } 7411 (void) close(doorfd); 7412 return (-1); 7413 } 7414 7415 int 7416 zonecfg_call_zoneadmd(const char *zone_name, zone_cmd_arg_t *arg, char *locale, 7417 boolean_t lock) 7418 { 7419 char doorpath[PATH_MAX]; 7420 int doorfd, result; 7421 door_arg_t darg; 7422 7423 zoneid_t zoneid; 7424 uint64_t uniqid = 0; 7425 7426 zone_cmd_rval_t *rvalp; 7427 size_t rlen; 7428 char *cp, *errbuf; 7429 7430 rlen = getpagesize(); 7431 if ((rvalp = malloc(rlen)) == NULL) { 7432 zerror(zone_name, gettext("failed to allocate %lu bytes: %s"), 7433 rlen, strerror(errno)); 7434 return (-1); 7435 } 7436 7437 if ((zoneid = getzoneidbyname(zone_name)) != ZONE_ID_UNDEFINED) { 7438 (void) zone_getattr(zoneid, ZONE_ATTR_UNIQID, &uniqid, 7439 sizeof (uniqid)); 7440 } 7441 arg->uniqid = uniqid; 7442 (void) strlcpy(arg->locale, locale, sizeof (arg->locale)); 7443 if (!get_doorname(zone_name, doorpath)) { 7444 zerror(zone_name, gettext("alternate root path is too long")); 7445 free(rvalp); 7446 return (-1); 7447 } 7448 7449 /* 7450 * Loop trying to start zoneadmd; if something goes seriously 7451 * wrong we break out and fail. 7452 */ 7453 for (;;) { 7454 if (start_zoneadmd(zone_name, lock) != Z_OK) 7455 break; 7456 7457 if ((doorfd = open(doorpath, O_RDONLY)) < 0) { 7458 zperror(gettext("failed to open zone door")); 7459 break; 7460 } 7461 7462 darg.data_ptr = (char *)arg; 7463 darg.data_size = sizeof (*arg); 7464 darg.desc_ptr = NULL; 7465 darg.desc_num = 0; 7466 darg.rbuf = (char *)rvalp; 7467 darg.rsize = rlen; 7468 if (door_call(doorfd, &darg) != 0) { 7469 (void) close(doorfd); 7470 /* 7471 * We'll get EBADF if the door has been revoked. 7472 */ 7473 if (errno != EBADF) { 7474 zperror(gettext("door_call failed")); 7475 break; 7476 } 7477 continue; /* take another lap */ 7478 } 7479 (void) close(doorfd); 7480 7481 if (darg.data_size == 0) { 7482 /* Door server is going away; kick it again. */ 7483 continue; 7484 } 7485 7486 errbuf = rvalp->errbuf; 7487 while (*errbuf != '\0') { 7488 /* 7489 * Remove any newlines since zerror() 7490 * will append one automatically. 7491 */ 7492 cp = strchr(errbuf, '\n'); 7493 if (cp != NULL) 7494 *cp = '\0'; 7495 zerror(zone_name, "%s", errbuf); 7496 if (cp == NULL) 7497 break; 7498 errbuf = cp + 1; 7499 } 7500 result = rvalp->rval == 0 ? 0 : -1; 7501 free(rvalp); 7502 return (result); 7503 } 7504 7505 free(rvalp); 7506 return (-1); 7507 } 7508 7509 boolean_t 7510 zonecfg_valid_auths(const char *auths, const char *zonename) 7511 { 7512 char *right; 7513 char *tmpauths; 7514 char *lasts; 7515 char authname[MAXAUTHS]; 7516 boolean_t status = B_TRUE; 7517 7518 tmpauths = strdup(auths); 7519 if (tmpauths == NULL) { 7520 zerror(zonename, gettext("Out of memory")); 7521 return (B_FALSE); 7522 } 7523 right = strtok_r(tmpauths, ",", &lasts); 7524 while (right != NULL) { 7525 (void) snprintf(authname, MAXAUTHS, "%s%s", 7526 ZONE_AUTH_PREFIX, right); 7527 if (getauthnam(authname) == NULL) { 7528 status = B_FALSE; 7529 zerror(zonename, 7530 gettext("'%s' is not a valid authorization"), 7531 right); 7532 } 7533 right = strtok_r(NULL, ",", &lasts); 7534 } 7535 free(tmpauths); 7536 return (status); 7537 } 7538 7539 int 7540 zonecfg_delete_admins(zone_dochandle_t handle, char *zonename) 7541 { 7542 int err; 7543 struct zone_admintab admintab; 7544 boolean_t changed = B_FALSE; 7545 7546 if ((err = zonecfg_setadminent(handle)) != Z_OK) { 7547 return (err); 7548 } 7549 while (zonecfg_getadminent(handle, &admintab) == Z_OK) { 7550 err = zonecfg_delete_admin(handle, &admintab, 7551 zonename); 7552 if (err != Z_OK) { 7553 (void) zonecfg_endadminent(handle); 7554 return (err); 7555 } else { 7556 changed = B_TRUE; 7557 } 7558 if ((err = zonecfg_setadminent(handle)) != Z_OK) { 7559 return (err); 7560 } 7561 } 7562 (void) zonecfg_endadminent(handle); 7563 return (changed? Z_OK:Z_NO_ENTRY); 7564 } 7565 7566 /* 7567 * Checks if a long authorization applies to this zone. 7568 * If so, it returns true, after destructively stripping 7569 * the authorization of its prefix and zone suffix. 7570 */ 7571 static boolean_t 7572 is_zone_auth(char **auth, char *zonename, char *oldzonename) 7573 { 7574 char *suffix; 7575 size_t offset; 7576 7577 offset = strlen(ZONE_AUTH_PREFIX); 7578 if ((strncmp(*auth, ZONE_AUTH_PREFIX, offset) == 0) && 7579 ((suffix = strchr(*auth, '/')) != NULL)) { 7580 if (strcmp(suffix + 1, zonename) == 0) { 7581 *auth += offset; 7582 suffix[0] = '\0'; 7583 return (B_TRUE); 7584 } else if ((oldzonename != NULL) && 7585 (strcmp(suffix + 1, oldzonename) == 0)) { 7586 *auth += offset; 7587 suffix[0] = '\0'; 7588 return (B_TRUE); 7589 } 7590 } 7591 return (B_FALSE); 7592 } 7593 7594 /* 7595 * This function determines whether the zone-specific authorization 7596 * assignments in /etc/user_attr have been changed more recently 7597 * than the equivalent data stored in the zone's configuration file. 7598 * This should only happen if the zone-specific authorizations in 7599 * the user_attr file were modified using a tool other than zonecfg. 7600 * If the configuration file is out-of-date with respect to these 7601 * authorization assignments, it is updated to match those specified 7602 * in /etc/user_attr. 7603 */ 7604 7605 int 7606 zonecfg_update_userauths(zone_dochandle_t handle, char *zonename) 7607 { 7608 userattr_t *ua_ptr; 7609 char *authlist; 7610 char *lasts; 7611 FILE *uaf; 7612 struct zone_admintab admintab; 7613 struct stat config_st, ua_st; 7614 char config_file[MAXPATHLEN]; 7615 boolean_t changed = B_FALSE; 7616 int err; 7617 7618 if ((uaf = fopen(USERATTR_FILENAME, "r")) == NULL) { 7619 zerror(zonename, gettext("could not open file %s: %s"), 7620 USERATTR_FILENAME, strerror(errno)); 7621 if (errno == EACCES) 7622 return (Z_ACCES); 7623 if (errno == ENOENT) 7624 return (Z_NO_ZONE); 7625 return (Z_MISC_FS); 7626 } 7627 if ((err = fstat(fileno(uaf), &ua_st)) != 0) { 7628 zerror(zonename, gettext("could not stat file %s: %s"), 7629 USERATTR_FILENAME, strerror(errno)); 7630 (void) fclose(uaf); 7631 return (Z_MISC_FS); 7632 } 7633 if (!config_file_path(zonename, config_file)) { 7634 (void) fclose(uaf); 7635 return (Z_MISC_FS); 7636 } 7637 7638 if ((err = stat(config_file, &config_st)) != 0) { 7639 zerror(zonename, gettext("could not stat file %s: %s"), 7640 config_file, strerror(errno)); 7641 (void) fclose(uaf); 7642 return (Z_MISC_FS); 7643 } 7644 if (config_st.st_mtime >= ua_st.st_mtime) { 7645 (void) fclose(uaf); 7646 return (Z_NO_ENTRY); 7647 } 7648 if ((err = zonecfg_delete_admins(handle, zonename)) == Z_OK) { 7649 changed = B_TRUE; 7650 } else if (err != Z_NO_ENTRY) { 7651 (void) fclose(uaf); 7652 return (err); 7653 } 7654 while ((ua_ptr = fgetuserattr(uaf)) != NULL) { 7655 if (ua_ptr->name[0] == '#') { 7656 continue; 7657 } 7658 authlist = kva_match(ua_ptr->attr, USERATTR_AUTHS_KW); 7659 if (authlist != NULL) { 7660 char *cur_auth; 7661 boolean_t first; 7662 7663 first = B_TRUE; 7664 bzero(&admintab.zone_admin_auths, MAXAUTHS); 7665 cur_auth = strtok_r(authlist, ",", &lasts); 7666 while (cur_auth != NULL) { 7667 if (is_zone_auth(&cur_auth, zonename, 7668 NULL)) { 7669 /* 7670 * Add auths for this zone 7671 */ 7672 if (first) { 7673 first = B_FALSE; 7674 } else { 7675 (void) strlcat( 7676 admintab.zone_admin_auths, 7677 ",", MAXAUTHS); 7678 } 7679 (void) strlcat( 7680 admintab.zone_admin_auths, 7681 cur_auth, MAXAUTHS); 7682 } 7683 cur_auth = strtok_r(NULL, ",", &lasts); 7684 } 7685 if (!first) { 7686 /* 7687 * Add this right to config file 7688 */ 7689 (void) strlcpy(admintab.zone_admin_user, 7690 ua_ptr->name, 7691 sizeof (admintab.zone_admin_user)); 7692 err = zonecfg_add_admin(handle, 7693 &admintab, zonename); 7694 if (err != Z_OK) { 7695 (void) fclose(uaf); 7696 return (err); 7697 } else { 7698 changed = B_TRUE; 7699 } 7700 } 7701 } 7702 } /* end-of-while-loop */ 7703 (void) fclose(uaf); 7704 return (changed? Z_OK: Z_NO_ENTRY); 7705 } 7706 7707 static void 7708 update_profiles(char *rbac_profs, boolean_t add) 7709 { 7710 char new_profs[MAXPROFS]; 7711 char *cur_prof; 7712 boolean_t first = B_TRUE; 7713 boolean_t found = B_FALSE; 7714 char *lasts; 7715 7716 cur_prof = strtok_r(rbac_profs, ",", &lasts); 7717 while (cur_prof != NULL) { 7718 if (strcmp(cur_prof, ZONE_MGMT_PROF) == 0) { 7719 found = B_TRUE; 7720 if (!add) { 7721 cur_prof = strtok_r(NULL, ",", &lasts); 7722 continue; 7723 } 7724 } 7725 if (first) { 7726 first = B_FALSE; 7727 } else { 7728 (void) strlcat(new_profs, ",", 7729 MAXPROFS); 7730 } 7731 (void) strlcat(new_profs, cur_prof, 7732 MAXPROFS); 7733 cur_prof = strtok_r(NULL, ",", &lasts); 7734 } 7735 /* 7736 * Now prepend the Zone Management profile at the beginning 7737 * of the list if it is needed, and append the rest. 7738 * Return the updated list in the original buffer. 7739 */ 7740 if (add && !found) { 7741 first = B_FALSE; 7742 (void) strlcpy(rbac_profs, ZONE_MGMT_PROF, MAXPROFS); 7743 } else { 7744 first = B_TRUE; 7745 rbac_profs[0] = '\0'; 7746 } 7747 if (strlen(new_profs) > 0) { 7748 if (!first) 7749 (void) strlcat(rbac_profs, ",", MAXPROFS); 7750 (void) strlcat(rbac_profs, new_profs, MAXPROFS); 7751 } 7752 } 7753 7754 #define MAX_CMD_LEN 1024 7755 7756 static int 7757 do_subproc(char *zonename, char *cmdbuf) 7758 { 7759 char inbuf[MAX_CMD_LEN]; 7760 FILE *file; 7761 int status; 7762 7763 file = popen(cmdbuf, "r"); 7764 if (file == NULL) { 7765 zerror(zonename, gettext("Could not launch: %s"), cmdbuf); 7766 return (-1); 7767 } 7768 7769 while (fgets(inbuf, sizeof (inbuf), file) != NULL) 7770 (void) fprintf(stderr, "%s", inbuf); 7771 status = pclose(file); 7772 7773 if (WIFSIGNALED(status)) { 7774 zerror(zonename, gettext("%s unexpectedly terminated " 7775 "due to signal %d"), 7776 cmdbuf, WTERMSIG(status)); 7777 return (-1); 7778 } 7779 assert(WIFEXITED(status)); 7780 return (WEXITSTATUS(status)); 7781 } 7782 7783 /* 7784 * This function updates the local /etc/user_attr file to 7785 * correspond to the admin settings that are currently being 7786 * committed. The updates are done via usermod and/or rolemod 7787 * depending on the type of the specified user. It is also 7788 * invoked to remove entries from user_attr corresponding to 7789 * removed admin assignments, using an empty auths string. 7790 * 7791 * Because the removed entries are no longer included in the 7792 * cofiguration that is being committed, a linked list of 7793 * removed admin entries is maintained to keep track of such 7794 * transactions. The head of the list is stored in the zone_dh_userauths 7795 * element of the handle strcture. 7796 */ 7797 static int 7798 zonecfg_authorize_user_impl(zone_dochandle_t handle, char *user, 7799 char *auths, char *zonename) 7800 { 7801 char *right; 7802 char old_auths[MAXAUTHS]; 7803 char new_auths[MAXAUTHS]; 7804 char rbac_profs[MAXPROFS]; 7805 char *lasts; 7806 userattr_t *u; 7807 boolean_t first = B_TRUE; 7808 boolean_t is_zone_admin = B_FALSE; 7809 char user_cmd[] = "/usr/sbin/usermod"; 7810 char role_cmd[] = "/usr/sbin/rolemod"; 7811 char *auths_cmd = user_cmd; /* either usermod or rolemod */ 7812 char *new_auth_start; /* string containing the new auths */ 7813 int new_auth_cnt = 0; /* delta of changed authorizations */ 7814 7815 /* 7816 * First get the existing authorizations for this user 7817 */ 7818 7819 bzero(&old_auths, sizeof (old_auths)); 7820 bzero(&new_auths, sizeof (new_auths)); 7821 bzero(&rbac_profs, sizeof (rbac_profs)); 7822 if ((u = getusernam(user)) != NULL) { 7823 char *current_auths; 7824 char *current_profs; 7825 char *type; 7826 7827 type = kva_match(u->attr, USERATTR_TYPE_KW); 7828 if (type != NULL) { 7829 if (strcmp(type, USERATTR_TYPE_NONADMIN_KW) == 0) 7830 auths_cmd = role_cmd; 7831 } 7832 7833 current_auths = kva_match(u->attr, USERATTR_AUTHS_KW); 7834 if (current_auths != NULL) { 7835 char *cur_auth; 7836 char *delete_name; 7837 size_t offset; 7838 7839 offset = strlen(ZONE_AUTH_PREFIX); 7840 7841 (void) strlcpy(old_auths, current_auths, MAXAUTHS); 7842 cur_auth = strtok_r(current_auths, ",", &lasts); 7843 7844 /* 7845 * Next, remove any existing authorizations 7846 * for this zone, and determine if the 7847 * user still needs the Zone Management Profile. 7848 */ 7849 if (is_renaming(handle)) 7850 delete_name = handle->zone_dh_delete_name; 7851 else 7852 delete_name = NULL; 7853 while (cur_auth != NULL) { 7854 if (!is_zone_auth(&cur_auth, zonename, 7855 delete_name)) { 7856 if (first) { 7857 first = B_FALSE; 7858 } else { 7859 (void) strlcat(new_auths, ",", 7860 MAXAUTHS); 7861 } 7862 (void) strlcat(new_auths, cur_auth, 7863 MAXAUTHS); 7864 /* 7865 * If the user has authorizations 7866 * for other zones, then set a 7867 * flag indicate that the Zone 7868 * Management profile should be 7869 * preserved in user_attr. 7870 */ 7871 if (strncmp(cur_auth, 7872 ZONE_AUTH_PREFIX, offset) == 0) 7873 is_zone_admin = B_TRUE; 7874 } else { 7875 new_auth_cnt++; 7876 } 7877 cur_auth = strtok_r(NULL, ",", &lasts); 7878 } 7879 } 7880 current_profs = kva_match(u->attr, USERATTR_PROFILES_KW); 7881 if (current_profs != NULL) { 7882 (void) strlcpy(rbac_profs, current_profs, MAXPROFS); 7883 } 7884 free_userattr(u); 7885 } 7886 /* 7887 * The following is done to avoid revisiting the 7888 * user_attr entry for this user 7889 */ 7890 (void) zonecfg_remove_userauths(handle, user, "", B_FALSE); 7891 7892 /* 7893 * Convert each right into a properly formatted authorization 7894 */ 7895 new_auth_start = new_auths + strlen(new_auths); 7896 if (!first) 7897 new_auth_start++; 7898 right = strtok_r(auths, ",", &lasts); 7899 while (right != NULL) { 7900 char auth[MAXAUTHS]; 7901 7902 (void) snprintf(auth, MAXAUTHS, "%s%s/%s", 7903 ZONE_AUTH_PREFIX, right, zonename); 7904 if (first) { 7905 first = B_FALSE; 7906 } else { 7907 (void) strlcat(new_auths, ",", MAXAUTHS); 7908 } 7909 (void) strlcat(new_auths, auth, MAXAUTHS); 7910 is_zone_admin = B_TRUE; 7911 new_auth_cnt--; 7912 right = strtok_r(NULL, ",", &lasts); 7913 } 7914 7915 /* 7916 * Need to update the authorizations in user_attr unless 7917 * the number of old and new authorizations is unchanged 7918 * and the new auths are a substrings of the old auths. 7919 * 7920 * If the user's previous authorizations have changed 7921 * execute the usermod progam to update them in user_attr. 7922 */ 7923 if ((new_auth_cnt != 0) || 7924 (strstr(old_auths, new_auth_start) == NULL)) { 7925 char *cmdbuf; 7926 size_t cmd_len; 7927 7928 update_profiles(rbac_profs, is_zone_admin); 7929 cmd_len = snprintf(NULL, 0, "%s -A \"%s\" -P \"%s\" %s", 7930 auths_cmd, new_auths, rbac_profs, user) + 1; 7931 if ((cmdbuf = malloc(cmd_len)) == NULL) { 7932 return (Z_NOMEM); 7933 } 7934 (void) snprintf(cmdbuf, cmd_len, "%s -A \"%s\" -P \"%s\" %s", 7935 auths_cmd, new_auths, rbac_profs, user); 7936 if (do_subproc(zonename, cmdbuf) != 0) { 7937 free(cmdbuf); 7938 return (Z_SYSTEM); 7939 } 7940 free(cmdbuf); 7941 } 7942 7943 return (Z_OK); 7944 } 7945 7946 int 7947 zonecfg_authorize_users(zone_dochandle_t handle, char *zonename) 7948 { 7949 xmlNodePtr cur; 7950 int err; 7951 char user[MAXUSERNAME]; 7952 char auths[MAXAUTHS]; 7953 7954 if ((err = operation_prep(handle)) != Z_OK) 7955 return (err); 7956 7957 cur = handle->zone_dh_cur; 7958 for (cur = cur->xmlChildrenNode; cur != NULL; cur = cur->next) { 7959 if (xmlStrcmp(cur->name, DTD_ELEM_ADMIN)) 7960 continue; 7961 if (fetchprop(cur, DTD_ATTR_USER, user, 7962 sizeof (user)) != Z_OK) 7963 continue; 7964 if (fetchprop(cur, DTD_ATTR_AUTHS, auths, 7965 sizeof (auths)) != Z_OK) 7966 continue; 7967 if (zonecfg_authorize_user_impl(handle, user, auths, zonename) 7968 != Z_OK) 7969 return (Z_SYSTEM); 7970 } 7971 (void) zonecfg_remove_userauths(handle, "", "", B_TRUE); 7972 7973 return (Z_OK); 7974 } 7975 7976 int 7977 zonecfg_deauthorize_user(zone_dochandle_t handle, char *user, char *zonename) 7978 { 7979 return (zonecfg_authorize_user_impl(handle, user, "", zonename)); 7980 } 7981 7982 int 7983 zonecfg_deauthorize_users(zone_dochandle_t handle, char *zonename) 7984 { 7985 xmlNodePtr cur; 7986 int err; 7987 char user[MAXUSERNAME]; 7988 7989 if ((err = operation_prep(handle)) != Z_OK) 7990 return (err); 7991 7992 cur = handle->zone_dh_cur; 7993 for (cur = cur->xmlChildrenNode; cur != NULL; cur = cur->next) { 7994 if (xmlStrcmp(cur->name, DTD_ELEM_ADMIN)) 7995 continue; 7996 if (fetchprop(cur, DTD_ATTR_USER, user, 7997 sizeof (user)) != Z_OK) 7998 continue; 7999 if ((err = zonecfg_deauthorize_user(handle, user, 8000 zonename)) != Z_OK) 8001 return (err); 8002 } 8003 return (Z_OK); 8004 } 8005 8006 int 8007 zonecfg_insert_userauths(zone_dochandle_t handle, char *user, char *zonename) 8008 { 8009 zone_userauths_t *new, **prev, *next; 8010 8011 prev = &handle->zone_dh_userauths; 8012 next = *prev; 8013 while (next) { 8014 if ((strncmp(next->user, user, MAXUSERNAME) == 0) && 8015 (strncmp(next->zonename, zonename, 8016 ZONENAME_MAX) == 0)) { 8017 /* 8018 * user is already in list 8019 * which isn't supposed to happen! 8020 */ 8021 return (Z_OK); 8022 } 8023 prev = &next->next; 8024 next = *prev; 8025 } 8026 new = (zone_userauths_t *)malloc(sizeof (zone_userauths_t)); 8027 if (new == NULL) 8028 return (Z_NOMEM); 8029 8030 (void) strlcpy(new->user, user, sizeof (new->user)); 8031 (void) strlcpy(new->zonename, zonename, sizeof (new->zonename)); 8032 new->next = NULL; 8033 *prev = new; 8034 return (Z_OK); 8035 } 8036 8037 int 8038 zonecfg_remove_userauths(zone_dochandle_t handle, char *user, char *zonename, 8039 boolean_t deauthorize) 8040 { 8041 zone_userauths_t *new, **prev, *next; 8042 8043 prev = &handle->zone_dh_userauths; 8044 next = *prev; 8045 8046 while (next) { 8047 if ((strlen(user) == 0 || 8048 strncmp(next->user, user, MAXUSERNAME) == 0) && 8049 (strlen(zonename) == 0 || 8050 (strncmp(next->zonename, zonename, ZONENAME_MAX) == 0))) { 8051 new = next; 8052 *prev = next->next; 8053 next = *prev; 8054 if (deauthorize) 8055 (void) zonecfg_deauthorize_user(handle, 8056 new->user, new->zonename); 8057 free(new); 8058 continue; 8059 } 8060 prev = &next->next; 8061 next = *prev; 8062 } 8063 return (Z_OK); 8064 }