1#!/bin/ksh -p
2#
3# CDDL HEADER START
4#
5# The contents of this file are subject to the terms of the
6# Common Development and Distribution License (the "License").
7# You may not use this file except in compliance with the License.
8#
9# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10# or https://opensource.org/licenses/CDDL-1.0.
11# See the License for the specific language governing permissions
12# and limitations under the License.
13#
14# When distributing Covered Code, include this CDDL HEADER in each
15# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16# If applicable, add the following below this CDDL HEADER, with the
17# fields enclosed by brackets "[]" replaced with your own identifying
18# information: Portions Copyright [yyyy] [name of copyright owner]
19#
20# CDDL HEADER END
21#
22
23#
24# Copyright (c) 2017 Datto, Inc. All rights reserved.
25#
26
27. $STF_SUITE/include/libtest.shlib
28. $STF_SUITE/tests/functional/cli_root/zfs_unmount/zfs_unmount.kshlib
29. $STF_SUITE/tests/functional/cli_root/zfs_load-key/zfs_load-key_common.kshlib
30
31#
32# DESCRIPTION:
33# "zfs unmount -u" should allow the user to unload their encryption
34# keys while unmounting one or more datasets
35#
36# STRATEGY:
37# 1. Create a hierarchy of encrypted datasets
38# 2. Test that 'zfs unmount -u' unloads keys as it unmounts a dataset
39# 3. Test that 'zfs unmount -u' unloads keys as it unmounts multiple datasets
40# 4. Test that 'zfs unmount -u' returns an error if the key is still in
41#    use by a clone.
42#
43
44verify_runnable "both"
45
46function cleanup
47{
48	datasetexists $TESTPOOL/$TESTFS2 && \
49		destroy_dataset $TESTPOOL/$TESTFS2 -r
50	datasetexists $TESTPOOL/$TESTFS2/newroot && \
51		destroy_dataset $TESTPOOL/$TESTFS2/newroot -r
52	datasetexists $TESTPOOL/$TESTFS2/child && \
53		destroy_dataset $TESTPOOL/$TESTFS2/child -r
54
55}
56log_onexit cleanup
57
58log_assert "'zfs unmount -u' should unload keys for datasets as they are unmounted"
59log_must eval "echo 'password' | zfs create -o encryption=on -o keyformat=passphrase $TESTPOOL/$TESTFS2"
60log_must eval "echo 'password' | zfs create -o encryption=on -o keyformat=passphrase $TESTPOOL/$TESTFS2/newroot"
61log_must zfs create $TESTPOOL/$TESTFS2/child
62
63log_must zfs umount -u $TESTPOOL/$TESTFS2/newroot
64log_must key_unavailable $TESTPOOL/$TESTFS2/newroot
65log_must eval "echo 'password' | zfs mount -l $TESTPOOL/$TESTFS2/newroot"
66
67log_must zfs umount -u $TESTPOOL/$TESTFS2
68log_must key_unavailable $TESTPOOL/$TESTFS2
69log_must key_unavailable $TESTPOOL/$TESTFS2/newroot
70log_must key_unavailable $TESTPOOL/$TESTFS2/child
71log_must eval "echo 'password' | zfs mount -l $TESTPOOL/$TESTFS2/newroot"
72
73log_must zfs snap $TESTPOOL/$TESTFS2/newroot@1
74log_must zfs clone $TESTPOOL/$TESTFS2/newroot@1 $TESTPOOL/$TESTFS2/clone
75log_mustnot zfs umount -u $TESTPOOL/$TESTFS2/newroot
76log_must key_available $TESTPOOL/$TESTFS2/newroot
77log_must mounted $TESTPOOL/$TESTFS2/newroot
78
79log_pass "'zfs unmount -u' unloads keys for datasets as they are unmounted"
80