1#!/bin/ksh -p 2# 3# CDDL HEADER START 4# 5# The contents of this file are subject to the terms of the 6# Common Development and Distribution License (the "License"). 7# You may not use this file except in compliance with the License. 8# 9# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10# or https://opensource.org/licenses/CDDL-1.0. 11# See the License for the specific language governing permissions 12# and limitations under the License. 13# 14# When distributing Covered Code, include this CDDL HEADER in each 15# file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16# If applicable, add the following below this CDDL HEADER, with the 17# fields enclosed by brackets "[]" replaced with your own identifying 18# information: Portions Copyright [yyyy] [name of copyright owner] 19# 20# CDDL HEADER END 21# 22 23# 24# Copyright (c) 2017 Datto, Inc. All rights reserved. 25# 26 27. $STF_SUITE/include/libtest.shlib 28. $STF_SUITE/tests/functional/cli_root/zfs_unmount/zfs_unmount.kshlib 29. $STF_SUITE/tests/functional/cli_root/zfs_load-key/zfs_load-key_common.kshlib 30 31# 32# DESCRIPTION: 33# "zfs unmount -u" should allow the user to unload their encryption 34# keys while unmounting one or more datasets 35# 36# STRATEGY: 37# 1. Create a hierarchy of encrypted datasets 38# 2. Test that 'zfs unmount -u' unloads keys as it unmounts a dataset 39# 3. Test that 'zfs unmount -u' unloads keys as it unmounts multiple datasets 40# 4. Test that 'zfs unmount -u' returns an error if the key is still in 41# use by a clone. 42# 43 44verify_runnable "both" 45 46function cleanup 47{ 48 datasetexists $TESTPOOL/$TESTFS2 && \ 49 destroy_dataset $TESTPOOL/$TESTFS2 -r 50 datasetexists $TESTPOOL/$TESTFS2/newroot && \ 51 destroy_dataset $TESTPOOL/$TESTFS2/newroot -r 52 datasetexists $TESTPOOL/$TESTFS2/child && \ 53 destroy_dataset $TESTPOOL/$TESTFS2/child -r 54 55} 56log_onexit cleanup 57 58log_assert "'zfs unmount -u' should unload keys for datasets as they are unmounted" 59log_must eval "echo 'password' | zfs create -o encryption=on -o keyformat=passphrase $TESTPOOL/$TESTFS2" 60log_must eval "echo 'password' | zfs create -o encryption=on -o keyformat=passphrase $TESTPOOL/$TESTFS2/newroot" 61log_must zfs create $TESTPOOL/$TESTFS2/child 62 63log_must zfs umount -u $TESTPOOL/$TESTFS2/newroot 64log_must key_unavailable $TESTPOOL/$TESTFS2/newroot 65log_must eval "echo 'password' | zfs mount -l $TESTPOOL/$TESTFS2/newroot" 66 67log_must zfs umount -u $TESTPOOL/$TESTFS2 68log_must key_unavailable $TESTPOOL/$TESTFS2 69log_must key_unavailable $TESTPOOL/$TESTFS2/newroot 70log_must key_unavailable $TESTPOOL/$TESTFS2/child 71log_must eval "echo 'password' | zfs mount -l $TESTPOOL/$TESTFS2/newroot" 72 73log_must zfs snap $TESTPOOL/$TESTFS2/newroot@1 74log_must zfs clone $TESTPOOL/$TESTFS2/newroot@1 $TESTPOOL/$TESTFS2/clone 75log_mustnot zfs umount -u $TESTPOOL/$TESTFS2/newroot 76log_must key_available $TESTPOOL/$TESTFS2/newroot 77log_must mounted $TESTPOOL/$TESTFS2/newroot 78 79log_pass "'zfs unmount -u' unloads keys for datasets as they are unmounted" 80