/* raw streams can't override encryption properties */
if ((zfs_prop_encryption_key_param(prop) ||
- prop == ZFS_PROP_ENCRYPTION) && (raw || !newfs)) {
+ prop == ZFS_PROP_ENCRYPTION) && raw) {
zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
"encryption property '%s' cannot "
- "be set or excluded for raw or incremental "
- "streams."), name);
+ "be set or excluded for raw streams."), name);
+ ret = zfs_error(hdl, EZFS_BADPROP, errbuf);
+ goto error;
+ }
+
+ /* incremental streams can only exclude encryption properties */
+ if ((zfs_prop_encryption_key_param(prop) ||
+ prop == ZFS_PROP_ENCRYPTION) && !newfs &&
+ nvpair_type(nvp) != DATA_TYPE_BOOLEAN) {
+ zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
+ "encryption property '%s' cannot "
+ "be set for incremental streams."), name);
ret = zfs_error(hdl, EZFS_BADPROP, errbuf);
goto error;
}
*/
if (nvlist_exists(origprops, name)) {
nvlist_t *attrs;
+ char *source = NULL;
attrs = fnvlist_lookup_nvlist(origprops, name);
- if (strcmp(fnvlist_lookup_string(attrs,
- ZPROP_SOURCE), ZPROP_SOURCE_VAL_RECVD) != 0)
+ if (nvlist_lookup_string(attrs,
+ ZPROP_SOURCE, &source) == 0 &&
+ strcmp(source, ZPROP_SOURCE_VAL_RECVD) != 0)
continue;
}
/*
typeset keyfile=/$TESTPOOL/pkey
typeset sendfile=/$TESTPOOL/sendfile
-typeset snap=$TESTPOOL/ds@snap
+typeset snap=$TESTPOOL/ds@snap1
+typeset snap2=$TESTPOOL/ds@snap2
typeset esnap=$TESTPOOL/crypt@snap1
typeset esnap2=$TESTPOOL/crypt@snap2
typeset cksum=$(md5digest /$TESTPOOL/ds/$TESTFILE0)
log_must zfs snap -r $snap
+log_must zfs snap -r $snap2
log_must zfs snap -r $esnap
log_must zfs snap -r $esnap2
log_must test "$recv_cksum" == "$cksum"
log_must zfs destroy -r $ds
+# Test that we can override an unencrypted, incremental, recursive stream's
+# encryption settings, receiving all datasets as encrypted children.
+log_note "Must be able to receive recursive stream to encrypted child"
+ds=$TESTPOOL/crypt/recv
+log_must eval "zfs send -R $snap2 > $sendfile"
+log_must eval "zfs recv -x encryption $ds < $sendfile"
+log_must test "$(get_prop 'encryptionroot' $ds)" == "$TESTPOOL/crypt"
+log_must test "$(get_prop 'encryption' $ds)" == "aes-256-ccm"
+log_must test "$(get_prop 'keyformat' $ds)" == "passphrase"
+log_must test "$(get_prop 'mounted' $ds)" == "yes"
+recv_cksum=$(md5digest /$ds/$TESTFILE0)
+log_must test "$recv_cksum" == "$cksum"
+log_must zfs destroy -r $ds
+
# Check that we haven't printed the key to the zpool history log
log_mustnot eval "zpool history -i | grep -q 'wkeydata'"