| zfs_namecheck.c (325909) | zfs_namecheck.c (339129) |
|---|---|
| 1/* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE --- 9 unchanged lines hidden (view full) --- 18 * 19 * CDDL HEADER END 20 */ 21/* 22 * Copyright 2009 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25/* | 1/* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE --- 9 unchanged lines hidden (view full) --- 18 * 19 * CDDL HEADER END 20 */ 21/* 22 * Copyright 2009 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25/* |
| 26 * Copyright (c) 2013 by Delphix. All rights reserved. | 26 * Copyright (c) 2013, 2016 by Delphix. All rights reserved. |
| 27 */ 28 29/* 30 * Common name validation routines for ZFS. These routines are shared by the 31 * userland code as well as the ioctl() layer to ensure that we don't 32 * inadvertently expose a hole through direct ioctl()s that never gets tested. 33 * In userland, however, we want significantly more information about _why_ the 34 * name is invalid. In the kernel, we only care whether it's valid or not. 35 * Each routine therefore takes a 'namecheck_err_t' which describes exactly why 36 * the name failed to validate. | 27 */ 28 29/* 30 * Common name validation routines for ZFS. These routines are shared by the 31 * userland code as well as the ioctl() layer to ensure that we don't 32 * inadvertently expose a hole through direct ioctl()s that never gets tested. 33 * In userland, however, we want significantly more information about _why_ the 34 * name is invalid. In the kernel, we only care whether it's valid or not. 35 * Each routine therefore takes a 'namecheck_err_t' which describes exactly why 36 * the name failed to validate. |
| 37 * 38 * Each function returns 0 on success, -1 on error. | |
| 39 */ 40 41#if defined(_KERNEL) 42#include <sys/systm.h> 43#else 44#include <string.h> 45#endif 46 47#include <sys/dsl_dir.h> 48#include <sys/param.h> 49#include <sys/nvpair.h> 50#include "zfs_namecheck.h" 51#include "zfs_deleg.h" 52 | 37 */ 38 39#if defined(_KERNEL) 40#include <sys/systm.h> 41#else 42#include <string.h> 43#endif 44 45#include <sys/dsl_dir.h> 46#include <sys/param.h> 47#include <sys/nvpair.h> 48#include "zfs_namecheck.h" 49#include "zfs_deleg.h" 50 |
| 51/* 52 * Deeply nested datasets can overflow the stack, so we put a limit 53 * in the amount of nesting a path can have. zfs_max_dataset_nesting 54 * can be tuned temporarily to fix existing datasets that exceed our 55 * predefined limit. 56 */ 57int zfs_max_dataset_nesting = 50; 58 |
|
| 53static int 54valid_char(char c) 55{ 56 return ((c >= 'a' && c <= 'z') || 57 (c >= 'A' && c <= 'Z') || 58 (c >= '0' && c <= '9') || 59 c == '-' || c == '_' || c == '.' || c == ':' || c == ' '); 60} 61 62/* | 59static int 60valid_char(char c) 61{ 62 return ((c >= 'a' && c <= 'z') || 63 (c >= 'A' && c <= 'Z') || 64 (c >= '0' && c <= '9') || 65 c == '-' || c == '_' || c == '.' || c == ':' || c == ' '); 66} 67 68/* |
| 69 * Looks at a path and returns its level of nesting (depth). 70 */ 71int 72get_dataset_depth(const char *path) 73{ 74 const char *loc = path; 75 int nesting = 0; 76 77 /* 78 * Keep track of nesting until you hit the end of the 79 * path or found the snapshot/bookmark seperator. 80 */ 81 for (int i = 0; loc[i] != '\0' && 82 loc[i] != '@' && 83 loc[i] != '#'; i++) { 84 if (loc[i] == '/') 85 nesting++; 86 } 87 88 return (nesting); 89} 90 91/* |
|
| 63 * Snapshot names must be made up of alphanumeric characters plus the following 64 * characters: 65 * | 92 * Snapshot names must be made up of alphanumeric characters plus the following 93 * characters: 94 * |
| 66 * [-_.: ] | 95 * [-_.: ] 96 * 97 * Returns 0 on success, -1 on error. |
| 67 */ 68int 69zfs_component_namecheck(const char *path, namecheck_err_t *why, char *what) 70{ 71 const char *loc; 72 73 if (strlen(path) >= ZFS_MAX_DATASET_NAME_LEN) { 74 if (why) --- 19 unchanged lines hidden (view full) --- 94 return (0); 95} 96 97 98/* 99 * Permissions set name must start with the letter '@' followed by the 100 * same character restrictions as snapshot names, except that the name 101 * cannot exceed 64 characters. | 98 */ 99int 100zfs_component_namecheck(const char *path, namecheck_err_t *why, char *what) 101{ 102 const char *loc; 103 104 if (strlen(path) >= ZFS_MAX_DATASET_NAME_LEN) { 105 if (why) --- 19 unchanged lines hidden (view full) --- 125 return (0); 126} 127 128 129/* 130 * Permissions set name must start with the letter '@' followed by the 131 * same character restrictions as snapshot names, except that the name 132 * cannot exceed 64 characters. |
| 133 * 134 * Returns 0 on success, -1 on error. |
|
| 102 */ 103int 104permset_namecheck(const char *path, namecheck_err_t *why, char *what) 105{ 106 if (strlen(path) >= ZFS_PERMSET_MAXLEN) { 107 if (why) 108 *why = NAME_ERR_TOOLONG; 109 return (-1); --- 6 unchanged lines hidden (view full) --- 116 } 117 return (-1); 118 } 119 120 return (zfs_component_namecheck(&path[1], why, what)); 121} 122 123/* | 135 */ 136int 137permset_namecheck(const char *path, namecheck_err_t *why, char *what) 138{ 139 if (strlen(path) >= ZFS_PERMSET_MAXLEN) { 140 if (why) 141 *why = NAME_ERR_TOOLONG; 142 return (-1); --- 6 unchanged lines hidden (view full) --- 149 } 150 return (-1); 151 } 152 153 return (zfs_component_namecheck(&path[1], why, what)); 154} 155 156/* |
| 157 * Dataset paths should not be deeper than zfs_max_dataset_nesting 158 * in terms of nesting. 159 * 160 * Returns 0 on success, -1 on error. 161 */ 162int 163dataset_nestcheck(const char *path) 164{ 165 return ((get_dataset_depth(path) < zfs_max_dataset_nesting) ? 0 : -1); 166} 167 168/* |
|
| 124 * Entity names must be of the following form: 125 * | 169 * Entity names must be of the following form: 170 * |
| 126 * [component/]*[component][(@|#)component]? | 171 * [component/]*[component][(@|#)component]? |
| 127 * 128 * Where each component is made up of alphanumeric characters plus the following 129 * characters: 130 * | 172 * 173 * Where each component is made up of alphanumeric characters plus the following 174 * characters: 175 * |
| 131 * [-_.:%] | 176 * [-_.:%] |
| 132 * 133 * We allow '%' here as we use that character internally to create unique 134 * names for temporary clones (for online recv). | 177 * 178 * We allow '%' here as we use that character internally to create unique 179 * names for temporary clones (for online recv). |
| 180 * 181 * Returns 0 on success, -1 on error. |
|
| 135 */ 136int 137entity_namecheck(const char *path, namecheck_err_t *why, char *what) 138{ | 182 */ 183int 184entity_namecheck(const char *path, namecheck_err_t *why, char *what) 185{ |
| 139 const char *start, *end; 140 int found_delim; | 186 const char *end; |
| 141 142 /* 143 * Make sure the name is not too long. 144 */ | 187 188 /* 189 * Make sure the name is not too long. 190 */ |
| 145 | |
| 146 if (strlen(path) >= ZFS_MAX_DATASET_NAME_LEN) { 147 if (why) 148 *why = NAME_ERR_TOOLONG; 149 return (-1); 150 } 151 152 /* Explicitly check for a leading slash. */ 153 if (path[0] == '/') { 154 if (why) 155 *why = NAME_ERR_LEADING_SLASH; 156 return (-1); 157 } 158 159 if (path[0] == '\0') { 160 if (why) 161 *why = NAME_ERR_EMPTY_COMPONENT; 162 return (-1); 163 } 164 | 191 if (strlen(path) >= ZFS_MAX_DATASET_NAME_LEN) { 192 if (why) 193 *why = NAME_ERR_TOOLONG; 194 return (-1); 195 } 196 197 /* Explicitly check for a leading slash. */ 198 if (path[0] == '/') { 199 if (why) 200 *why = NAME_ERR_LEADING_SLASH; 201 return (-1); 202 } 203 204 if (path[0] == '\0') { 205 if (why) 206 *why = NAME_ERR_EMPTY_COMPONENT; 207 return (-1); 208 } 209 |
| 165 start = path; 166 found_delim = 0; | 210 const char *start = path; 211 boolean_t found_delim = B_FALSE; |
| 167 for (;;) { 168 /* Find the end of this component */ 169 end = start; 170 while (*end != '/' && *end != '@' && *end != '#' && 171 *end != '\0') 172 end++; 173 174 if (*end == '\0' && end[-1] == '/') { --- 18 unchanged lines hidden (view full) --- 193 if (*end == '@' || *end == '#') { 194 /* Multiple delimiters are not allowed */ 195 if (found_delim != 0) { 196 if (why) 197 *why = NAME_ERR_MULTIPLE_DELIMITERS; 198 return (-1); 199 } 200 | 212 for (;;) { 213 /* Find the end of this component */ 214 end = start; 215 while (*end != '/' && *end != '@' && *end != '#' && 216 *end != '\0') 217 end++; 218 219 if (*end == '\0' && end[-1] == '/') { --- 18 unchanged lines hidden (view full) --- 238 if (*end == '@' || *end == '#') { 239 /* Multiple delimiters are not allowed */ 240 if (found_delim != 0) { 241 if (why) 242 *why = NAME_ERR_MULTIPLE_DELIMITERS; 243 return (-1); 244 } 245 |
| 201 found_delim = 1; | 246 found_delim = B_TRUE; |
| 202 } 203 204 /* Zero-length components are not allowed */ 205 if (start == end) { 206 if (why) 207 *why = NAME_ERR_EMPTY_COMPONENT; 208 return (-1); 209 } --- 35 unchanged lines hidden (view full) --- 245 246 return (ret); 247} 248 249/* 250 * mountpoint names must be of the following form: 251 * 252 * /[component][/]*[component][/] | 247 } 248 249 /* Zero-length components are not allowed */ 250 if (start == end) { 251 if (why) 252 *why = NAME_ERR_EMPTY_COMPONENT; 253 return (-1); 254 } --- 35 unchanged lines hidden (view full) --- 290 291 return (ret); 292} 293 294/* 295 * mountpoint names must be of the following form: 296 * 297 * /[component][/]*[component][/] |
| 298 * 299 * Returns 0 on success, -1 on error. |
|
| 253 */ 254int 255mountpoint_namecheck(const char *path, namecheck_err_t *why) 256{ 257 const char *start, *end; 258 259 /* 260 * Make sure none of the mountpoint component names are too long. --- 28 unchanged lines hidden (view full) --- 289 return (0); 290} 291 292/* 293 * For pool names, we have the same set of valid characters as described in 294 * dataset names, with the additional restriction that the pool name must begin 295 * with a letter. The pool names 'raidz' and 'mirror' are also reserved names 296 * that cannot be used. | 300 */ 301int 302mountpoint_namecheck(const char *path, namecheck_err_t *why) 303{ 304 const char *start, *end; 305 306 /* 307 * Make sure none of the mountpoint component names are too long. --- 28 unchanged lines hidden (view full) --- 336 return (0); 337} 338 339/* 340 * For pool names, we have the same set of valid characters as described in 341 * dataset names, with the additional restriction that the pool name must begin 342 * with a letter. The pool names 'raidz' and 'mirror' are also reserved names 343 * that cannot be used. |
| 344 * 345 * Returns 0 on success, -1 on error. |
|
| 297 */ 298int 299pool_namecheck(const char *pool, namecheck_err_t *why, char *what) 300{ 301 const char *c; 302 303 /* 304 * Make sure the name is not too long. --- 46 unchanged lines hidden --- | 346 */ 347int 348pool_namecheck(const char *pool, namecheck_err_t *why, char *what) 349{ 350 const char *c; 351 352 /* 353 * Make sure the name is not too long. --- 46 unchanged lines hidden --- |