summaryrefslogtreecommitdiffstats
path: root/contrib/pyzfs
diff options
context:
space:
mode:
authorTom Caputi <[email protected]>2017-10-13 13:09:04 -0400
committerBrian Behlendorf <[email protected]>2018-08-15 09:48:49 -0700
commitd9c460a0b659c044d4397b7405712f2c9450d3c4 (patch)
tree973b92b7f835540f5ee722b56ff838828fd53116 /contrib/pyzfs
parentfe8a7982ca90c3c9b8a09ec33f032527d7034a7b (diff)
Added encryption support for zfs recv -o / -x
One small integration that was absent from b52563 was support for zfs recv -o / -x with regards to encryption parameters. The main use cases of this are as follows: * Receiving an unencrypted stream as encrypted without needing to create a "dummy" encrypted parent so that encryption can be inheritted. * Allowing users to change their keylocation on receive, so long as the receiving dataset is an encryption root. * Allowing users to explicitly exclude or override the encryption property from an unencrypted properties stream, allowing it to be received as encrypted. * Receiving a recursive heirarchy of unencrypted datasets, encrypting the top-level one and forcing all children to inherit the encryption. Reviewed-by: Jorgen Lundman <[email protected]> Reviewed by: Matthew Ahrens <[email protected]> Reviewed-by: Brian Behlendorf <[email protected]> Reviewed-by: Richard Elling <[email protected]> Signed-off-by: Tom Caputi <[email protected]> Closes #7650
Diffstat (limited to 'contrib/pyzfs')
-rw-r--r--contrib/pyzfs/libzfs_core/_libzfs_core.py16
-rw-r--r--contrib/pyzfs/libzfs_core/bindings/libzfs_core.py6
2 files changed, 15 insertions, 7 deletions
diff --git a/contrib/pyzfs/libzfs_core/_libzfs_core.py b/contrib/pyzfs/libzfs_core/_libzfs_core.py
index 1e38a3f32..ffc930812 100644
--- a/contrib/pyzfs/libzfs_core/_libzfs_core.py
+++ b/contrib/pyzfs/libzfs_core/_libzfs_core.py
@@ -1303,7 +1303,8 @@ def lzc_receive_one(
@_uncommitted()
def lzc_receive_with_cmdprops(
snapname, fd, begin_record, force=False, resumable=False, raw=False,
- origin=None, props=None, cmdprops=None, cleanup_fd=-1, action_handle=0
+ origin=None, props=None, cmdprops=None, key=None, cleanup_fd=-1,
+ action_handle=0
):
'''
Like :func:`lzc_receive_one`, but allows the caller to pass an additional
@@ -1333,6 +1334,8 @@ def lzc_receive_with_cmdprops(
every other value is set locally as if the command "zfs set" was
invoked immediately before the receive.
:type cmdprops: dict of bytes : Any
+ :param key: raw bytes representing user's wrapping key
+ :type key: bytes
:param int cleanup_fd: file descriptor used to set a cleanup-on-exit file
descriptor.
:param int action_handle: variable used to pass the handle for guid/ds
@@ -1400,14 +1403,19 @@ def lzc_receive_with_cmdprops(
props = {}
if cmdprops is None:
cmdprops = {}
+ if key is None:
+ key = bytes("")
+ else:
+ key = bytes(key)
+
nvlist = nvlist_in(props)
cmdnvlist = nvlist_in(cmdprops)
properrs = {}
with nvlist_out(properrs) as c_errors:
ret = _lib.lzc_receive_with_cmdprops(
- snapname, nvlist, cmdnvlist, c_origin, force, resumable, raw, fd,
- begin_record, cleanup_fd, c_read_bytes, c_errflags,
- c_action_handle, c_errors)
+ snapname, nvlist, cmdnvlist, key, len(key), c_origin,
+ force, resumable, raw, fd, begin_record, cleanup_fd, c_read_bytes,
+ c_errflags, c_action_handle, c_errors)
errors.lzc_receive_translate_errors(
ret, snapname, fd, force, raw, False, False, origin, properrs)
return (int(c_read_bytes[0]), action_handle)
diff --git a/contrib/pyzfs/libzfs_core/bindings/libzfs_core.py b/contrib/pyzfs/libzfs_core/bindings/libzfs_core.py
index a67a01ee7..55899b556 100644
--- a/contrib/pyzfs/libzfs_core/bindings/libzfs_core.py
+++ b/contrib/pyzfs/libzfs_core/bindings/libzfs_core.py
@@ -108,9 +108,9 @@ CDEF = """
int lzc_receive_resumable(const char *, nvlist_t *, const char *,
boolean_t, boolean_t, int);
int lzc_receive_with_cmdprops(const char *, nvlist_t *, nvlist_t *,
- const char *, boolean_t, boolean_t, boolean_t, int,
- const dmu_replay_record_t *, int, uint64_t *, uint64_t *, uint64_t *,
- nvlist_t **);
+ uint8_t *, uint_t, const char *, boolean_t, boolean_t,
+ boolean_t, int, const dmu_replay_record_t *, int, uint64_t *,
+ uint64_t *, uint64_t *, nvlist_t **);
int lzc_receive_with_header(const char *, nvlist_t *, const char *,
boolean_t, boolean_t, boolean_t, int, const dmu_replay_record_t *);
int lzc_release(nvlist_t *, nvlist_t **);