1#!/bin/ksh -p 2# 3# CDDL HEADER START 4# 5# This file and its contents are supplied under the terms of the 6# Common Development and Distribution License ("CDDL"), version 1.0. 7# You may only use this file in accordance with the terms of version 8# 1.0 of the CDDL. 9# 10# A full copy of the text of the CDDL should have accompanied this 11# source. A copy of the CDDL is also available via the Internet at 12# http://www.illumos.org/license/CDDL. 13# 14# CDDL HEADER END 15# 16 17# 18# Copyright (c) 2017 Datto, Inc. All rights reserved. 19# 20 21. $STF_SUITE/include/libtest.shlib 22 23# 24# DESCRIPTION: 25# ZFS should receive to an encrypted child dataset. 26# 27# STRATEGY: 28# 1. Snapshot the default dataset 29# 2. Create an encrypted dataset 30# 3. Attempt to receive a stream to an encrypted child 31# 4. Attempt to receive a stream with properties to an encrypted child 32# 5. Attempt to receive a replication stream to an encrypted child 33# 6. Unmount and unload the encrypted dataset keys 34# 7. Attempt to receive a snapshot stream to an encrypted child 35# 36 37verify_runnable "both" 38 39function cleanup 40{ 41 snapexists $snap && log_must_busy zfs destroy -f $snap 42 43 datasetexists $TESTPOOL/$TESTFS1 && \ 44 log_must zfs destroy -r $TESTPOOL/$TESTFS1 45} 46 47log_onexit cleanup 48 49log_assert "ZFS should receive to an encrypted child dataset" 50 51typeset passphrase="password" 52typeset snap="$TESTPOOL/$TESTFS@snap" 53typeset testfile="testfile" 54 55log_must zfs snapshot $snap 56 57log_must eval "echo $passphrase | zfs create -o encryption=on" \ 58 "-o keyformat=passphrase $TESTPOOL/$TESTFS1" 59 60log_note "Verifying ZFS will receive to an encrypted child" 61log_must eval "zfs send $snap | zfs receive $TESTPOOL/$TESTFS1/c1" 62 63log_note "Verifying 'send -p' will not receive to an encrypted child" 64log_mustnot eval "zfs send -p $snap | zfs receive $TESTPOOL/$TESTFS1/c2" 65 66log_note "Verifying 'send -R' will not receive to an encrypted child" 67log_mustnot eval "zfs send -R $snap | zfs receive $TESTPOOL/$TESTFS1/c3" 68 69log_note "Verifying ZFS will not receive to an encrypted child when the" \ 70 "parent key is unloaded" 71log_must zfs unmount $TESTPOOL/$TESTFS1 72log_must zfs unload-key $TESTPOOL/$TESTFS1 73log_mustnot eval "zfs send $snap | zfs receive $TESTPOOL/$TESTFS1/c4" 74 75log_pass "ZFS can receive to an encrypted child dataset" 76