1#!/bin/ksh -p 2# 3# CDDL HEADER START 4# 5# This file and its contents are supplied under the terms of the 6# Common Development and Distribution License ("CDDL"), version 1.0. 7# You may only use this file in accordance with the terms of version 8# 1.0 of the CDDL. 9# 10# A full copy of the text of the CDDL should have accompanied this 11# source. A copy of the CDDL is also available via the Internet at 12# http://www.illumos.org/license/CDDL. 13# 14# CDDL HEADER END 15# 16 17# 18# Copyright (c) 2017, Datto, Inc. All rights reserved. 19# 20 21. $STF_SUITE/include/libtest.shlib 22 23# 24# DESCRIPTION: 25# ZFS should not perform unencrypted sends from encrypted datasets 26# with unloaded keys. 27# 28# STRATEGY: 29# 1. Create an encrypted dataset 30# 2. Snapshot the dataset 31# 3. Unload the dataset key 32# 4. Verify sending the stream fails 33# 34 35verify_runnable "both" 36 37function cleanup 38{ 39 datasetexists $TESTPOOL/$TESTFS1 && \ 40 destroy_dataset $TESTPOOL/$TESTFS1 -r 41} 42 43log_onexit cleanup 44 45log_assert "ZFS should not perform unencrypted sends from encrypted datasets" \ 46 "with unloaded keys." 47 48typeset passphrase="password" 49typeset snap="$TESTPOOL/$TESTFS1@snap" 50 51log_must eval "echo $passphrase | zfs create -o encryption=on" \ 52 "-o keyformat=passphrase $TESTPOOL/$TESTFS1" 53log_must zfs snapshot $snap 54log_must zfs unmount $TESTPOOL/$TESTFS1 55log_must zfs unload-key $TESTPOOL/$TESTFS1 56log_mustnot eval "zfs send $snap > /dev/null" 57 58log_pass "ZFS does not perform unencrypted sends from encrypted datasets" \ 59 "with unloaded keys." 60