[pve-storage.git] / PVE / Storage / CIFSPlugin.pm

package PVE::Storage::CIFSPlugin;

use strict;
use warnings;
use Net::IP;
use PVE::Tools qw(run_command);
use PVE::ProcFSTools;
use File::Path;
use PVE::Storage::Plugin;
use PVE::JSONSchema qw(get_standard_option);

use base qw(PVE::Storage::Plugin);

# CIFS helper functions

sub cifs_is_mounted {
    my ($server, $share, $mountpoint, $mountdata) = @_;

    $server = "[$server]" if Net::IP::ip_is_ipv6($server);
    my $source = "//${server}/$share";
    $mountdata = PVE::ProcFSTools::parse_proc_mounts() if !$mountdata;

    return $mountpoint if grep {
	$_->[2] =~ /^cifs/ &&
	$_->[0] =~ m|^\Q$source\E/?$| &&
	$_->[1] eq $mountpoint
    } @$mountdata;
    return undef;
}

sub cifs_cred_file_name {
    my ($storeid) = @_;
    return "/etc/pve/priv/storage/${storeid}.pw";
}

sub cifs_delete_credentials {
    my ($storeid) = @_;

    if (my $cred_file = get_cred_file($storeid)) {
	unlink($cred_file) or warn "removing cifs credientials '$cred_file' failed: $!\n";
    }
}

sub cifs_set_credentials {
    my ($password, $storeid) = @_;

    my $cred_file = cifs_cred_file_name($storeid);
    mkdir "/etc/pve/priv/storage";

    PVE::Tools::file_set_contents($cred_file, "password=$password\n");

    return $cred_file;
}

sub get_cred_file {
    my ($storeid) = @_;

    my $cred_file = cifs_cred_file_name($storeid);

    if (-e $cred_file) {
	return $cred_file;
    }
    return undef;
}

sub cifs_mount {
    my ($server, $share, $mountpoint, $storeid, $smbver, $user, $domain) = @_;

    $server = "[$server]" if Net::IP::ip_is_ipv6($server);
    my $source = "//${server}/$share";

    my $cmd = ['/bin/mount', '-t', 'cifs', $source, $mountpoint, '-o', 'soft', '-o'];

    if (my $cred_file = get_cred_file($storeid)) {
	push @$cmd, "username=$user", '-o', "credentials=$cred_file";
	push @$cmd, '-o', "domain=$domain" if defined($domain);
    } else {
	push @$cmd, 'guest,username=guest';
    }

    push @$cmd, '-o', defined($smbver) ? "vers=$smbver" : "vers=default";

    run_command($cmd, errmsg => "mount error");
}

# Configuration

sub type {
    return 'cifs';
}

sub plugindata {
    return {
	content => [ { images => 1, rootdir => 1, vztmpl => 1, iso => 1,
		   backup => 1, snippets => 1}, { images => 1 }],
	format => [ { raw => 1, qcow2 => 1, vmdk => 1 } , 'raw' ],
    };
}

sub properties {
    return {
	share => {
	    description => "CIFS share.",
	    type => 'string',
	},
	password => {
	    description => "Password for accessing the share/datastore.",
	    type => 'string',
	    maxLength => 256,
	},
	domain => {
	    description => "CIFS domain.",
	    type => 'string',
	    optional => 1,
	    maxLength => 256,
	},
	smbversion => {
	    description => "SMB protocol version. 'default' if not set, negotiates the highest SMB2+"
	        ." version supported by both the client and server.",
	    type => 'string',
	    default => 'default',
	    enum => ['default', '2.0', '2.1', '3', '3.0', '3.11'],
	    optional => 1,
	},
    };
}

sub options {
    return {
	path => { fixed => 1 },
	server => { fixed => 1 },
	share => { fixed => 1 },
	nodes => { optional => 1 },
	disable => { optional => 1 },
	maxfiles => { optional => 1 },
	'prune-backups' => { optional => 1 },
	content => { optional => 1 },
	format => { optional => 1 },
	username => { optional => 1 },
	password => { optional => 1},
	domain => { optional => 1},
	smbversion => { optional => 1},
	mkdir => { optional => 1 },
	bwlimit => { optional => 1 },
	preallocation => { optional => 1 },
    };
}


sub check_config {
    my ($class, $sectionId, $config, $create, $skipSchemaCheck) = @_;

    $config->{path} = "/mnt/pve/$sectionId" if $create && !$config->{path};

    return $class->SUPER::check_config($sectionId, $config, $create, $skipSchemaCheck);
}

# Storage implementation

sub on_add_hook {
    my ($class, $storeid, $scfg, %sensitive) = @_;

    if (defined($sensitive{password})) {
	cifs_set_credentials($sensitive{password}, $storeid);
	if (!exists($scfg->{username})) {
	    warn "storage $storeid: ignoring password parameter, no user set\n";
	}
    } else {
	cifs_delete_credentials($storeid);
    }

    return;
}

sub on_update_hook {
    my ($class, $storeid, $scfg, %sensitive) = @_;

    return if !exists($sensitive{password});

    if (defined($sensitive{password})) {
	cifs_set_credentials($sensitive{password}, $storeid);
	if (!exists($scfg->{username})) {
	    warn "storage $storeid: ignoring password parameter, no user set\n";
	}
    } else {
	cifs_delete_credentials($storeid);
    }

    return;
}

sub on_delete_hook {
    my ($class, $storeid, $scfg) = @_;

    cifs_delete_credentials($storeid);

    return;
}

sub status {
    my ($class, $storeid, $scfg, $cache) = @_;

    $cache->{mountdata} = PVE::ProcFSTools::parse_proc_mounts()
	if !$cache->{mountdata};

    my $path = $scfg->{path};
    my $server = $scfg->{server};
    my $share = $scfg->{share};

    return undef
	if !cifs_is_mounted($server, $share, $path, $cache->{mountdata});

    return $class->SUPER::status($storeid, $scfg, $cache);
}

sub activate_storage {
    my ($class, $storeid, $scfg, $cache) = @_;

    $cache->{mountdata} = PVE::ProcFSTools::parse_proc_mounts()
	if !$cache->{mountdata};

    my $path = $scfg->{path};
    my $server = $scfg->{server};
    my $share = $scfg->{share};

    if (!cifs_is_mounted($server, $share, $path, $cache->{mountdata})) {

	mkpath $path if !(defined($scfg->{mkdir}) && !$scfg->{mkdir});

	die "unable to activate storage '$storeid' - " .
	    "directory '$path' does not exist\n" if ! -d $path;

	cifs_mount($server, $share, $path, $storeid, $scfg->{smbversion},
	    $scfg->{username}, $scfg->{domain});
    }

    $class->SUPER::activate_storage($storeid, $scfg, $cache);
}

sub deactivate_storage {
    my ($class, $storeid, $scfg, $cache) = @_;

    $cache->{mountdata} = PVE::ProcFSTools::parse_proc_mounts()
	if !$cache->{mountdata};

    my $path = $scfg->{path};
    my $server = $scfg->{server};
    my $share = $scfg->{share};

    if (cifs_is_mounted($server, $share, $path, $cache->{mountdata})) {
	my $cmd = ['/bin/umount', $path];
	run_command($cmd, errmsg => 'umount error');
    }
}

sub check_connection {
    my ($class, $storeid, $scfg) = @_;

    my $servicename = '//'.$scfg->{server}.'/'.$scfg->{share};

    my $cmd = ['/usr/bin/smbclient', $servicename, '-d', '0'];

    if (defined($scfg->{smbversion}) && $scfg->{smbversion} ne 'default') {
	# max-protocol version, so basically only relevant for smb2 vs smb3
	push @$cmd, '-m', "smb" . int($scfg->{smbversion});
    }

    if (my $cred_file = get_cred_file($storeid)) {
	push @$cmd, '-U', $scfg->{username}, '-A', $cred_file;
	push @$cmd, '-W', $scfg->{domain} if defined($scfg->{domain});
    } else {
	push @$cmd, '-U', 'Guest','-N';
    }
    push @$cmd, '-c', 'echo 1 0';

    my $out_str;
    my $out = sub { $out_str .= shift };

    eval { run_command($cmd, timeout => 10, outfunc => $out, errfunc => sub {}) };

    if (my $err = $@) {
	die "$out_str\n" if defined($out_str) &&
	    ($out_str =~ m/NT_STATUS_ACCESS_DENIED/);
	return 0;
    }

    return 1;
}

sub get_volume_notes {
    my $class = shift;
    PVE::Storage::DirPlugin::get_volume_notes($class, @_);
}
sub update_volume_notes {
    my $class = shift;
    PVE::Storage::DirPlugin::update_volume_notes($class, @_);
}

1;
Commit	Line	Data
4792d439 WL	1	package PVE::Storage::CIFSPlugin;
	2
	3	use strict;
	4	use warnings;
	5	use Net::IP;
	6	use PVE::Tools qw(run_command);
	7	use PVE::ProcFSTools;
	8	use File::Path;
	9	use PVE::Storage::Plugin;
	10	use PVE::JSONSchema qw(get_standard_option);
	11
	12	use base qw(PVE::Storage::Plugin);
	13
	14	# CIFS helper functions
	15
	16	sub cifs_is_mounted {
	17	my ($server, $share, $mountpoint, $mountdata) = @_;
	18
	19	$server = "[$server]" if Net::IP::ip_is_ipv6($server);
	20	my $source = "//${server}/$share";
	21	$mountdata = PVE::ProcFSTools::parse_proc_mounts() if !$mountdata;
	22
	23	return $mountpoint if grep {
	24	$_->[2] =~ /^cifs/ &&
	25	$_->[0] =~ m\|^\Q$source\E/?$\| &&
	26	$_->[1] eq $mountpoint
	27	} @$mountdata;
	28	return undef;
	29	}
	30
a9db2ca8 DM	31	sub cifs_cred_file_name {
a9db2ca8 DM	32	my ($storeid) = @_;
f33533d4	33	return "/etc/pve/priv/storage/${storeid}.pw";
a9db2ca8 DM	34	}
a9db2ca8 DM	35
e2fc55b4 DM	36	sub cifs_delete_credentials {
	37	my ($storeid) = @_;
	38
319441e7	39	if (my $cred_file = get_cred_file($storeid)) {
e2fc55b4 DM	40	unlink($cred_file) or warn "removing cifs credientials '$cred_file' failed: $!\n";
	41	}
	42	}
	43
a9db2ca8 DM	44	sub cifs_set_credentials {
	45	my ($password, $storeid) = @_;
	46
	47	my $cred_file = cifs_cred_file_name($storeid);
319441e7	48	mkdir "/etc/pve/priv/storage";
a9db2ca8 DM	49
	50	PVE::Tools::file_set_contents($cred_file, "password=$password\n");
	51
	52	return $cred_file;
	53	}
	54
4792d439 WL	55	sub get_cred_file {
	56	my ($storeid) = @_;
	57
a9db2ca8	58	my $cred_file = cifs_cred_file_name($storeid);
4792d439	59
319441e7 TL	60	if (-e $cred_file) {
319441e7 TL	61	return $cred_file;
319441e7 TL	62	}
319441e7 TL	63	return undef;
4792d439 WL	64	}
	65
	66	sub cifs_mount {
	67	my ($server, $share, $mountpoint, $storeid, $smbver, $user, $domain) = @_;
	68
	69	$server = "[$server]" if Net::IP::ip_is_ipv6($server);
	70	my $source = "//${server}/$share";
	71
	72	my $cmd = ['/bin/mount', '-t', 'cifs', $source, $mountpoint, '-o', 'soft', '-o'];
	73
	74	if (my $cred_file = get_cred_file($storeid)) {
	75	push @$cmd, "username=$user", '-o', "credentials=$cred_file";
	76	push @$cmd, '-o', "domain=$domain" if defined($domain);
	77	} else {
	78	push @$cmd, 'guest,username=guest';
	79	}
	80
e1667a22	81	push @$cmd, '-o', defined($smbver) ? "vers=$smbver" : "vers=default";
4792d439 WL	82
	83	run_command($cmd, errmsg => "mount error");
	84	}
	85
	86	# Configuration
	87
	88	sub type {
	89	return 'cifs';
	90	}
	91
	92	sub plugindata {
	93	return {
	94	content => [ { images => 1, rootdir => 1, vztmpl => 1, iso => 1,
d1eb35ea	95	backup => 1, snippets => 1}, { images => 1 }],
4792d439 WL	96	format => [ { raw => 1, qcow2 => 1, vmdk => 1 } , 'raw' ],
	97	};
	98	}
	99
	100	sub properties {
	101	return {
	102	share => {
	103	description => "CIFS share.",
	104	type => 'string',
	105	},
	106	password => {
0f2549ed	107	description => "Password for accessing the share/datastore.",
4792d439 WL	108	type => 'string',
	109	maxLength => 256,
	110	},
	111	domain => {
	112	description => "CIFS domain.",
	113	type => 'string',
	114	optional => 1,
	115	maxLength => 256,
	116	},
	117	smbversion => {
e1667a22 TL	118	description => "SMB protocol version. 'default' if not set, negotiates the highest SMB2+"
e1667a22 TL	119	." version supported by both the client and server.",
4792d439	120	type => 'string',
e1667a22	121	default => 'default',
9fff8c7a	122	enum => ['default', '2.0', '2.1', '3', '3.0', '3.11'],
4792d439 WL	123	optional => 1,
	124	},
	125	};
	126	}
	127
	128	sub options {
	129	return {
	130	path => { fixed => 1 },
	131	server => { fixed => 1 },
	132	share => { fixed => 1 },
	133	nodes => { optional => 1 },
	134	disable => { optional => 1 },
	135	maxfiles => { optional => 1 },
3353698f	136	'prune-backups' => { optional => 1 },
4792d439 WL	137	content => { optional => 1 },
	138	format => { optional => 1 },
	139	username => { optional => 1 },
	140	password => { optional => 1},
	141	domain => { optional => 1},
	142	smbversion => { optional => 1},
3160dbf1	143	mkdir => { optional => 1 },
c3ed9ac3	144	bwlimit => { optional => 1 },
95ff5dbd	145	preallocation => { optional => 1 },
4792d439 WL	146	};
	147	}
	148
	149
	150	sub check_config {
	151	my ($class, $sectionId, $config, $create, $skipSchemaCheck) = @_;
	152
	153	$config->{path} = "/mnt/pve/$sectionId" if $create && !$config->{path};
	154
	155	return $class->SUPER::check_config($sectionId, $config, $create, $skipSchemaCheck);
	156	}
	157
	158	# Storage implementation
	159
ab5e32bb	160	sub on_add_hook {
02f43ab4	161	my ($class, $storeid, $scfg, %sensitive) = @_;
ab5e32bb	162
02f43ab4 TL	163	if (defined($sensitive{password})) {
02f43ab4 TL	164	cifs_set_credentials($sensitive{password}, $storeid);
72385de9	165	if (!exists($scfg->{username})) {
b4e88b7f	166	warn "storage $storeid: ignoring password parameter, no user set\n";
72385de9	167	}
e2fc55b4 DM	168	} else {
	169	cifs_delete_credentials($storeid);
	170	}
f3ccd0ef FE	171
f3ccd0ef FE	172	return;
e2fc55b4 DM	173	}
	174
	175	sub on_update_hook {
02f43ab4	176	my ($class, $storeid, $scfg, %sensitive) = @_;
e2fc55b4	177
02f43ab4	178	return if !exists($sensitive{password});
e2fc55b4	179
02f43ab4 TL	180	if (defined($sensitive{password})) {
02f43ab4 TL	181	cifs_set_credentials($sensitive{password}, $storeid);
72385de9	182	if (!exists($scfg->{username})) {
b4e88b7f	183	warn "storage $storeid: ignoring password parameter, no user set\n";
72385de9	184	}
e2fc55b4 DM	185	} else {
e2fc55b4 DM	186	cifs_delete_credentials($storeid);
ab5e32bb	187	}
f3ccd0ef FE	188
f3ccd0ef FE	189	return;
ab5e32bb TL	190	}
	191
	192	sub on_delete_hook {
	193	my ($class, $storeid, $scfg) = @_;
	194
e2fc55b4	195	cifs_delete_credentials($storeid);
f3ccd0ef FE	196
f3ccd0ef FE	197	return;
ab5e32bb TL	198	}
ab5e32bb TL	199
4792d439 WL	200	sub status {
	201	my ($class, $storeid, $scfg, $cache) = @_;
	202
	203	$cache->{mountdata} = PVE::ProcFSTools::parse_proc_mounts()
	204	if !$cache->{mountdata};
	205
	206	my $path = $scfg->{path};
	207	my $server = $scfg->{server};
	208	my $share = $scfg->{share};
	209
	210	return undef
	211	if !cifs_is_mounted($server, $share, $path, $cache->{mountdata});
	212
	213	return $class->SUPER::status($storeid, $scfg, $cache);
	214	}
	215
	216	sub activate_storage {
	217	my ($class, $storeid, $scfg, $cache) = @_;
	218
	219	$cache->{mountdata} = PVE::ProcFSTools::parse_proc_mounts()
	220	if !$cache->{mountdata};
	221
	222	my $path = $scfg->{path};
	223	my $server = $scfg->{server};
	224	my $share = $scfg->{share};
	225
	226	if (!cifs_is_mounted($server, $share, $path, $cache->{mountdata})) {
	227
3160dbf1	228	mkpath $path if !(defined($scfg->{mkdir}) && !$scfg->{mkdir});
4792d439 WL	229
	230	die "unable to activate storage '$storeid' - " .
	231	"directory '$path' does not exist\n" if ! -d $path;
	232
	233	cifs_mount($server, $share, $path, $storeid, $scfg->{smbversion},
	234	$scfg->{username}, $scfg->{domain});
	235	}
	236
	237	$class->SUPER::activate_storage($storeid, $scfg, $cache);
	238	}
	239
	240	sub deactivate_storage {
	241	my ($class, $storeid, $scfg, $cache) = @_;
	242
	243	$cache->{mountdata} = PVE::ProcFSTools::parse_proc_mounts()
	244	if !$cache->{mountdata};
	245
	246	my $path = $scfg->{path};
	247	my $server = $scfg->{server};
	248	my $share = $scfg->{share};
	249
	250	if (cifs_is_mounted($server, $share, $path, $cache->{mountdata})) {
	251	my $cmd = ['/bin/umount', $path];
	252	run_command($cmd, errmsg => 'umount error');
	253	}
	254	}
	255
	256	sub check_connection {
	257	my ($class, $storeid, $scfg) = @_;
	258
ff6fa67f	259	my $servicename = '//'.$scfg->{server}.'/'.$scfg->{share};
4792d439	260
e1667a22	261	my $cmd = ['/usr/bin/smbclient', $servicename, '-d', '0'];
4792d439	262
e1667a22 TL	263	if (defined($scfg->{smbversion}) && $scfg->{smbversion} ne 'default') {
	264	# max-protocol version, so basically only relevant for smb2 vs smb3
	265	push @$cmd, '-m', "smb" . int($scfg->{smbversion});
	266	}
4792d439 WL	267
	268	if (my $cred_file = get_cred_file($storeid)) {
	269	push @$cmd, '-U', $scfg->{username}, '-A', $cred_file;
	270	push @$cmd, '-W', $scfg->{domain} if defined($scfg->{domain});
	271	} else {
	272	push @$cmd, '-U', 'Guest','-N';
	273	}
ff6fa67f WL	274	push @$cmd, '-c', 'echo 1 0';
ff6fa67f WL	275
4792d439	276	my $out_str;
70232472 TL	277	my $out = sub { $out_str .= shift };
	278
	279	eval { run_command($cmd, timeout => 10, outfunc => $out, errfunc => sub {}) };
4792d439 WL	280
4792d439 WL	281	if (my $err = $@) {
840e3797 WL	282	die "$out_str\n" if defined($out_str) &&
840e3797 WL	283	($out_str =~ m/NT_STATUS_ACCESS_DENIED/);
4792d439 WL	284	return 0;
	285	}
	286
	287	return 1;
	288	}
	289
44fdfb2a TL	290	sub get_volume_notes {
	291	my $class = shift;
	292	PVE::Storage::DirPlugin::get_volume_notes($class, @_);
	293	}
	294	sub update_volume_notes {
	295	my $class = shift;
	296	PVE::Storage::DirPlugin::update_volume_notes($class, @_);
	297	}
	298
4792d439	299	1;