src/PVE/Storage/CIFSPlugin.pm

   1 package PVE::Storage::CIFSPlugin;
   2
   3 use strict;
   4 use warnings;
   5 use Net::IP;
   6 use PVE::Tools qw(run_command);
   7 use PVE::ProcFSTools;
   8 use File::Path;
   9 use PVE::Storage::Plugin;
  10 use PVE::JSONSchema qw(get_standard_option);
  11
  12 use base qw(PVE::Storage::Plugin);
  13
  14 # CIFS helper functions
  15
  16 sub cifs_is_mounted : prototype($$) {
  17     my ($scfg, $mountdata) = @_;
  18
  19     my ($mountpoint, $server, $share) = $scfg->@{'path', 'server', 'share'};
  20     my $subdir = $scfg->{subdir} // '';
  21
  22     $server = "[$server]" if Net::IP::ip_is_ipv6($server);
  23     my $source = "//${server}/$share$subdir";
  24     $mountdata = PVE::ProcFSTools::parse_proc_mounts() if !$mountdata;
  25
  26     return $mountpoint if grep {
  27         $_->[2] =~ /^cifs/ &&
  28         $_->[0] =~ m|^\Q$source\E/?$| &&
  29         $_->[1] eq $mountpoint
  30     } @$mountdata;
  31     return undef;
  32 }
  33
  34 sub cifs_cred_file_name {
  35     my ($storeid) = @_;
  36     return "/etc/pve/priv/storage/${storeid}.pw";
  37 }
  38
  39 sub cifs_delete_credentials {
  40     my ($storeid) = @_;
  41
  42     if (my $cred_file = get_cred_file($storeid)) {
  43         unlink($cred_file) or warn "removing cifs credientials '$cred_file' failed: $!\n";
  44     }
  45 }
  46
  47 sub cifs_set_credentials {
  48     my ($password, $storeid) = @_;
  49
  50     my $cred_file = cifs_cred_file_name($storeid);
  51     mkdir "/etc/pve/priv/storage";
  52
  53     PVE::Tools::file_set_contents($cred_file, "password=$password\n");
  54
  55     return $cred_file;
  56 }
  57
  58 sub get_cred_file {
  59     my ($storeid) = @_;
  60
  61     my $cred_file = cifs_cred_file_name($storeid);
  62
  63     if (-e $cred_file) {
  64         return $cred_file;
  65     }
  66     return undef;
  67 }
  68
  69 sub cifs_mount : prototype($$$$$) {
  70     my ($scfg, $storeid, $smbver, $user, $domain) = @_;
  71
  72     my ($mountpoint, $server, $share, $options) = $scfg->@{'path', 'server', 'share', 'options'};
  73     my $subdir = $scfg->{subdir} // '';
  74
  75     $server = "[$server]" if Net::IP::ip_is_ipv6($server);
  76     my $source = "//${server}/$share$subdir";
  77
  78     my $cmd = ['/bin/mount', '-t', 'cifs', $source, $mountpoint, '-o', 'soft', '-o'];
  79
  80     if (my $cred_file = get_cred_file($storeid)) {
  81         push @$cmd, "username=$user", '-o', "credentials=$cred_file";
  82         push @$cmd, '-o', "domain=$domain" if defined($domain);
  83     } else {
  84         push @$cmd, 'guest,username=guest';
  85     }
  86
  87     push @$cmd, '-o', defined($smbver) ? "vers=$smbver" : "vers=default";
  88     push @$cmd, '-o', $options if $options;
  89
  90     run_command($cmd, errmsg => "mount error");
  91 }
  92
  93 # Configuration
  94
  95 sub type {
  96     return 'cifs';
  97 }
  98
  99 sub plugindata {
 100     return {
 101         content => [ { images => 1, rootdir => 1, vztmpl => 1, iso => 1,
 102                    backup => 1, snippets => 1}, { images => 1 }],
 103         format => [ { raw => 1, qcow2 => 1, vmdk => 1 } , 'raw' ],
 104     };
 105 }
 106
 107 sub properties {
 108     return {
 109         share => {
 110             description => "CIFS share.",
 111             type => 'string',
 112         },
 113         password => {
 114             description => "Password for accessing the share/datastore.",
 115             type => 'string',
 116             maxLength => 256,
 117         },
 118         domain => {
 119             description => "CIFS domain.",
 120             type => 'string',
 121             optional => 1,
 122             maxLength => 256,
 123         },
 124         smbversion => {
 125             description => "SMB protocol version. 'default' if not set, negotiates the highest SMB2+"
 126                 ." version supported by both the client and server.",
 127             type => 'string',
 128             default => 'default',
 129             enum => ['default', '2.0', '2.1', '3', '3.0', '3.11'],
 130             optional => 1,
 131         },
 132     };
 133 }
 134
 135 sub options {
 136     return {
 137         path => { fixed => 1 },
 138         'content-dirs' => { optional => 1 },
 139         server => { fixed => 1 },
 140         share => { fixed => 1 },
 141         subdir => { optional => 1 },
 142         nodes => { optional => 1 },
 143         disable => { optional => 1 },
 144         maxfiles => { optional => 1 },
 145         'prune-backups' => { optional => 1 },
 146         'max-protected-backups' => { optional => 1 },
 147         content => { optional => 1 },
 148         format => { optional => 1 },
 149         username => { optional => 1 },
 150         password => { optional => 1},
 151         domain => { optional => 1},
 152         smbversion => { optional => 1},
 153         mkdir => { optional => 1 },
 154         'create-base-path' => { optional => 1 },
 155         'create-subdirs' => { optional => 1 },
 156         bwlimit => { optional => 1 },
 157         preallocation => { optional => 1 },
 158         options => { optional => 1 },
 159     };
 160 }
 161
 162
 163 sub check_config {
 164     my ($class, $sectionId, $config, $create, $skipSchemaCheck) = @_;
 165
 166     $config->{path} = "/mnt/pve/$sectionId" if $create && !$config->{path};
 167
 168     return $class->SUPER::check_config($sectionId, $config, $create, $skipSchemaCheck);
 169 }
 170
 171 # Storage implementation
 172
 173 sub on_add_hook {
 174     my ($class, $storeid, $scfg, %sensitive) = @_;
 175
 176     if (defined($sensitive{password})) {
 177         cifs_set_credentials($sensitive{password}, $storeid);
 178         if (!exists($scfg->{username})) {
 179             warn "storage $storeid: ignoring password parameter, no user set\n";
 180         }
 181     } else {
 182         cifs_delete_credentials($storeid);
 183     }
 184
 185     return;
 186 }
 187
 188 sub on_update_hook {
 189     my ($class, $storeid, $scfg, %sensitive) = @_;
 190
 191     return if !exists($sensitive{password});
 192
 193     if (defined($sensitive{password})) {
 194         cifs_set_credentials($sensitive{password}, $storeid);
 195         if (!exists($scfg->{username})) {
 196             warn "storage $storeid: ignoring password parameter, no user set\n";
 197         }
 198     } else {
 199         cifs_delete_credentials($storeid);
 200     }
 201
 202     return;
 203 }
 204
 205 sub on_delete_hook {
 206     my ($class, $storeid, $scfg) = @_;
 207
 208     cifs_delete_credentials($storeid);
 209
 210     return;
 211 }
 212
 213 sub status {
 214     my ($class, $storeid, $scfg, $cache) = @_;
 215
 216     $cache->{mountdata} = PVE::ProcFSTools::parse_proc_mounts()
 217         if !$cache->{mountdata};
 218
 219     return undef
 220         if !cifs_is_mounted($scfg, $cache->{mountdata});
 221
 222     return $class->SUPER::status($storeid, $scfg, $cache);
 223 }
 224
 225 sub activate_storage {
 226     my ($class, $storeid, $scfg, $cache) = @_;
 227
 228     $cache->{mountdata} = PVE::ProcFSTools::parse_proc_mounts()
 229         if !$cache->{mountdata};
 230
 231     my $path = $scfg->{path};
 232
 233     if (!cifs_is_mounted($scfg, $cache->{mountdata})) {
 234
 235         $class->config_aware_base_mkdir($scfg, $path);
 236
 237         die "unable to activate storage '$storeid' - " .
 238             "directory '$path' does not exist\n" if ! -d $path;
 239
 240         cifs_mount($scfg, $storeid, $scfg->{smbversion},
 241             $scfg->{username}, $scfg->{domain});
 242     }
 243
 244     $class->SUPER::activate_storage($storeid, $scfg, $cache);
 245 }
 246
 247 sub deactivate_storage {
 248     my ($class, $storeid, $scfg, $cache) = @_;
 249
 250     $cache->{mountdata} = PVE::ProcFSTools::parse_proc_mounts()
 251         if !$cache->{mountdata};
 252
 253     my $path = $scfg->{path};
 254
 255     if (cifs_is_mounted($scfg, $cache->{mountdata})) {
 256         my $cmd = ['/bin/umount', $path];
 257         run_command($cmd, errmsg => 'umount error');
 258     }
 259 }
 260
 261 sub check_connection {
 262     my ($class, $storeid, $scfg) = @_;
 263
 264     my $servicename = '//'.$scfg->{server}.'/'.$scfg->{share};
 265
 266     my $cmd = ['/usr/bin/smbclient', $servicename, '-d', '0'];
 267
 268     if (defined($scfg->{smbversion}) && $scfg->{smbversion} ne 'default') {
 269         # max-protocol version, so basically only relevant for smb2 vs smb3
 270         push @$cmd, '-m', "smb" . int($scfg->{smbversion});
 271     }
 272
 273     if (my $cred_file = get_cred_file($storeid)) {
 274         push @$cmd, '-U', $scfg->{username}, '-A', $cred_file;
 275         push @$cmd, '-W', $scfg->{domain} if $scfg->{domain};
 276     } else {
 277         push @$cmd, '-U', 'Guest','-N';
 278     }
 279     push @$cmd, '-c', 'echo 1 0';
 280
 281     my $out_str;
 282     my $out = sub { $out_str .= shift };
 283
 284     eval { run_command($cmd, timeout => 10, outfunc => $out, errfunc => sub {}) };
 285
 286     if (my $err = $@) {
 287         die "$out_str\n" if defined($out_str) &&
 288             ($out_str =~ m/NT_STATUS_(ACCESS_DENIED|INVALID_PARAMETER|LOGON_FAILURE)/);
 289         return 0;
 290     }
 291
 292     return 1;
 293 }
 294
 295 # FIXME remove on the next APIAGE reset.
 296 # Deprecated, use get_volume_attribute instead.
 297 sub get_volume_notes {
 298     my $class = shift;
 299     PVE::Storage::DirPlugin::get_volume_notes($class, @_);
 300 }
 301
 302 # FIXME remove on the next APIAGE reset.
 303 # Deprecated, use update_volume_attribute instead.
 304 sub update_volume_notes {
 305     my $class = shift;
 306     PVE::Storage::DirPlugin::update_volume_notes($class, @_);
 307 }
 308
 309 sub get_volume_attribute {
 310     return PVE::Storage::DirPlugin::get_volume_attribute(@_);
 311 }
 312
 313 sub update_volume_attribute {
 314     return PVE::Storage::DirPlugin::update_volume_attribute(@_);
 315 }
 316
 317 1;