[pve-storage.git] / PVE / Storage / CIFSPlugin.pm

package PVE::Storage::CIFSPlugin;

use strict;
use warnings;
use Net::IP;
use PVE::Tools qw(run_command);
use PVE::ProcFSTools;
use File::Path;
use PVE::Storage::Plugin;
use PVE::JSONSchema qw(get_standard_option);

use base qw(PVE::Storage::Plugin);

# CIFS helper functions

sub cifs_is_mounted : prototype($$) {
    my ($scfg, $mountdata) = @_;

    my ($mountpoint, $server, $share) = $scfg->@{'path', 'server', 'share'};
    my $subdir = $scfg->{subdir} // '';

    $server = "[$server]" if Net::IP::ip_is_ipv6($server);
    my $source = "//${server}/$share$subdir";
    $mountdata = PVE::ProcFSTools::parse_proc_mounts() if !$mountdata;

    return $mountpoint if grep {
	$_->[2] =~ /^cifs/ &&
	$_->[0] =~ m|^\Q$source\E/?$| &&
	$_->[1] eq $mountpoint
    } @$mountdata;
    return undef;
}

sub cifs_cred_file_name {
    my ($storeid) = @_;
    return "/etc/pve/priv/storage/${storeid}.pw";
}

sub cifs_delete_credentials {
    my ($storeid) = @_;

    if (my $cred_file = get_cred_file($storeid)) {
	unlink($cred_file) or warn "removing cifs credientials '$cred_file' failed: $!\n";
    }
}

sub cifs_set_credentials {
    my ($password, $storeid) = @_;

    my $cred_file = cifs_cred_file_name($storeid);
    mkdir "/etc/pve/priv/storage";

    PVE::Tools::file_set_contents($cred_file, "password=$password\n");

    return $cred_file;
}

sub get_cred_file {
    my ($storeid) = @_;

    my $cred_file = cifs_cred_file_name($storeid);

    if (-e $cred_file) {
	return $cred_file;
    }
    return undef;
}

sub cifs_mount : prototype($$$$$) {
    my ($scfg, $storeid, $smbver, $user, $domain) = @_;

    my ($mountpoint, $server, $share) = $scfg->@{'path', 'server', 'share'};
    my $subdir = $scfg->{subdir} // '';

    $server = "[$server]" if Net::IP::ip_is_ipv6($server);
    my $source = "//${server}/$share$subdir";

    my $cmd = ['/bin/mount', '-t', 'cifs', $source, $mountpoint, '-o', 'soft', '-o'];

    if (my $cred_file = get_cred_file($storeid)) {
	push @$cmd, "username=$user", '-o', "credentials=$cred_file";
	push @$cmd, '-o', "domain=$domain" if defined($domain);
    } else {
	push @$cmd, 'guest,username=guest';
    }

    push @$cmd, '-o', defined($smbver) ? "vers=$smbver" : "vers=default";

    run_command($cmd, errmsg => "mount error");
}

# Configuration

sub type {
    return 'cifs';
}

sub plugindata {
    return {
	content => [ { images => 1, rootdir => 1, vztmpl => 1, iso => 1,
		   backup => 1, snippets => 1}, { images => 1 }],
	format => [ { raw => 1, qcow2 => 1, vmdk => 1 } , 'raw' ],
    };
}

sub properties {
    return {
	share => {
	    description => "CIFS share.",
	    type => 'string',
	},
	password => {
	    description => "Password for accessing the share/datastore.",
	    type => 'string',
	    maxLength => 256,
	},
	domain => {
	    description => "CIFS domain.",
	    type => 'string',
	    optional => 1,
	    maxLength => 256,
	},
	smbversion => {
	    description => "SMB protocol version. 'default' if not set, negotiates the highest SMB2+"
	        ." version supported by both the client and server.",
	    type => 'string',
	    default => 'default',
	    enum => ['default', '2.0', '2.1', '3', '3.0', '3.11'],
	    optional => 1,
	},
    };
}

sub options {
    return {
	path => { fixed => 1 },
	'content-dirs' => { optional => 1 },
	server => { fixed => 1 },
	share => { fixed => 1 },
	subdir => { optional => 1 },
	nodes => { optional => 1 },
	disable => { optional => 1 },
	maxfiles => { optional => 1 },
	'prune-backups' => { optional => 1 },
	'max-protected-backups' => { optional => 1 },
	content => { optional => 1 },
	format => { optional => 1 },
	username => { optional => 1 },
	password => { optional => 1},
	domain => { optional => 1},
	smbversion => { optional => 1},
	mkdir => { optional => 1 },
	bwlimit => { optional => 1 },
	preallocation => { optional => 1 },
    };
}


sub check_config {
    my ($class, $sectionId, $config, $create, $skipSchemaCheck) = @_;

    $config->{path} = "/mnt/pve/$sectionId" if $create && !$config->{path};

    return $class->SUPER::check_config($sectionId, $config, $create, $skipSchemaCheck);
}

# Storage implementation

sub on_add_hook {
    my ($class, $storeid, $scfg, %sensitive) = @_;

    if (defined($sensitive{password})) {
	cifs_set_credentials($sensitive{password}, $storeid);
	if (!exists($scfg->{username})) {
	    warn "storage $storeid: ignoring password parameter, no user set\n";
	}
    } else {
	cifs_delete_credentials($storeid);
    }

    return;
}

sub on_update_hook {
    my ($class, $storeid, $scfg, %sensitive) = @_;

    return if !exists($sensitive{password});

    if (defined($sensitive{password})) {
	cifs_set_credentials($sensitive{password}, $storeid);
	if (!exists($scfg->{username})) {
	    warn "storage $storeid: ignoring password parameter, no user set\n";
	}
    } else {
	cifs_delete_credentials($storeid);
    }

    return;
}

sub on_delete_hook {
    my ($class, $storeid, $scfg) = @_;

    cifs_delete_credentials($storeid);

    return;
}

sub status {
    my ($class, $storeid, $scfg, $cache) = @_;

    $cache->{mountdata} = PVE::ProcFSTools::parse_proc_mounts()
	if !$cache->{mountdata};

    return undef
	if !cifs_is_mounted($scfg, $cache->{mountdata});

    return $class->SUPER::status($storeid, $scfg, $cache);
}

sub activate_storage {
    my ($class, $storeid, $scfg, $cache) = @_;

    $cache->{mountdata} = PVE::ProcFSTools::parse_proc_mounts()
	if !$cache->{mountdata};

    my $path = $scfg->{path};

    if (!cifs_is_mounted($scfg, $cache->{mountdata})) {

	mkpath $path if !(defined($scfg->{mkdir}) && !$scfg->{mkdir});

	die "unable to activate storage '$storeid' - " .
	    "directory '$path' does not exist\n" if ! -d $path;

	cifs_mount($scfg, $storeid, $scfg->{smbversion},
	    $scfg->{username}, $scfg->{domain});
    }

    $class->SUPER::activate_storage($storeid, $scfg, $cache);
}

sub deactivate_storage {
    my ($class, $storeid, $scfg, $cache) = @_;

    $cache->{mountdata} = PVE::ProcFSTools::parse_proc_mounts()
	if !$cache->{mountdata};

    my $path = $scfg->{path};

    if (cifs_is_mounted($scfg, $cache->{mountdata})) {
	my $cmd = ['/bin/umount', $path];
	run_command($cmd, errmsg => 'umount error');
    }
}

sub check_connection {
    my ($class, $storeid, $scfg) = @_;

    my $servicename = '//'.$scfg->{server}.'/'.$scfg->{share};

    my $cmd = ['/usr/bin/smbclient', $servicename, '-d', '0'];

    if (defined($scfg->{smbversion}) && $scfg->{smbversion} ne 'default') {
	# max-protocol version, so basically only relevant for smb2 vs smb3
	push @$cmd, '-m', "smb" . int($scfg->{smbversion});
    }

    if (my $cred_file = get_cred_file($storeid)) {
	push @$cmd, '-U', $scfg->{username}, '-A', $cred_file;
	push @$cmd, '-W', $scfg->{domain} if defined($scfg->{domain});
    } else {
	push @$cmd, '-U', 'Guest','-N';
    }
    push @$cmd, '-c', 'echo 1 0';

    my $out_str;
    my $out = sub { $out_str .= shift };

    eval { run_command($cmd, timeout => 10, outfunc => $out, errfunc => sub {}) };

    if (my $err = $@) {
	die "$out_str\n" if defined($out_str) &&
	    ($out_str =~ m/NT_STATUS_(ACCESS_DENIED|LOGON_FAILURE)/);
	return 0;
    }

    return 1;
}

# FIXME remove on the next APIAGE reset.
# Deprecated, use get_volume_attribute instead.
sub get_volume_notes {
    my $class = shift;
    PVE::Storage::DirPlugin::get_volume_notes($class, @_);
}

# FIXME remove on the next APIAGE reset.
# Deprecated, use update_volume_attribute instead.
sub update_volume_notes {
    my $class = shift;
    PVE::Storage::DirPlugin::update_volume_notes($class, @_);
}

sub get_volume_attribute {
    return PVE::Storage::DirPlugin::get_volume_attribute(@_);
}

sub update_volume_attribute {
    return PVE::Storage::DirPlugin::update_volume_attribute(@_);
}

1;
Commit	Line	Data
4792d439 WL	1	package PVE::Storage::CIFSPlugin;
	2
	3	use strict;
	4	use warnings;
	5	use Net::IP;
	6	use PVE::Tools qw(run_command);
	7	use PVE::ProcFSTools;
	8	use File::Path;
	9	use PVE::Storage::Plugin;
	10	use PVE::JSONSchema qw(get_standard_option);
	11
	12	use base qw(PVE::Storage::Plugin);
	13
	14	# CIFS helper functions
	15
362159a8 LN	16	sub cifs_is_mounted : prototype($$) {
	17	my ($scfg, $mountdata) = @_;
	18
97edd11f	19	my ($mountpoint, $server, $share) = $scfg->@{'path', 'server', 'share'};
30c0c708	20	my $subdir = $scfg->{subdir} // '';
4792d439 WL	21
4792d439 WL	22	$server = "[$server]" if Net::IP::ip_is_ipv6($server);
362159a8	23	my $source = "//${server}/$share$subdir";
4792d439 WL	24	$mountdata = PVE::ProcFSTools::parse_proc_mounts() if !$mountdata;
	25
	26	return $mountpoint if grep {
	27	$_->[2] =~ /^cifs/ &&
	28	$_->[0] =~ m\|^\Q$source\E/?$\| &&
	29	$_->[1] eq $mountpoint
	30	} @$mountdata;
	31	return undef;
	32	}
	33
a9db2ca8 DM	34	sub cifs_cred_file_name {
a9db2ca8 DM	35	my ($storeid) = @_;
f33533d4	36	return "/etc/pve/priv/storage/${storeid}.pw";
a9db2ca8 DM	37	}
a9db2ca8 DM	38
e2fc55b4 DM	39	sub cifs_delete_credentials {
	40	my ($storeid) = @_;
	41
319441e7	42	if (my $cred_file = get_cred_file($storeid)) {
e2fc55b4 DM	43	unlink($cred_file) or warn "removing cifs credientials '$cred_file' failed: $!\n";
	44	}
	45	}
	46
a9db2ca8 DM	47	sub cifs_set_credentials {
	48	my ($password, $storeid) = @_;
	49
	50	my $cred_file = cifs_cred_file_name($storeid);
319441e7	51	mkdir "/etc/pve/priv/storage";
a9db2ca8 DM	52
	53	PVE::Tools::file_set_contents($cred_file, "password=$password\n");
	54
	55	return $cred_file;
	56	}
	57
4792d439 WL	58	sub get_cred_file {
	59	my ($storeid) = @_;
	60
a9db2ca8	61	my $cred_file = cifs_cred_file_name($storeid);
4792d439	62
319441e7 TL	63	if (-e $cred_file) {
319441e7 TL	64	return $cred_file;
319441e7 TL	65	}
319441e7 TL	66	return undef;
4792d439 WL	67	}
4792d439 WL	68
362159a8 LN	69	sub cifs_mount : prototype($$$$$) {
	70	my ($scfg, $storeid, $smbver, $user, $domain) = @_;
	71
97edd11f	72	my ($mountpoint, $server, $share) = $scfg->@{'path', 'server', 'share'};
30c0c708	73	my $subdir = $scfg->{subdir} // '';
4792d439 WL	74
4792d439 WL	75	$server = "[$server]" if Net::IP::ip_is_ipv6($server);
362159a8	76	my $source = "//${server}/$share$subdir";
4792d439 WL	77
	78	my $cmd = ['/bin/mount', '-t', 'cifs', $source, $mountpoint, '-o', 'soft', '-o'];
	79
	80	if (my $cred_file = get_cred_file($storeid)) {
	81	push @$cmd, "username=$user", '-o', "credentials=$cred_file";
	82	push @$cmd, '-o', "domain=$domain" if defined($domain);
	83	} else {
	84	push @$cmd, 'guest,username=guest';
	85	}
	86
e1667a22	87	push @$cmd, '-o', defined($smbver) ? "vers=$smbver" : "vers=default";
4792d439 WL	88
	89	run_command($cmd, errmsg => "mount error");
	90	}
	91
	92	# Configuration
	93
	94	sub type {
	95	return 'cifs';
	96	}
	97
	98	sub plugindata {
	99	return {
	100	content => [ { images => 1, rootdir => 1, vztmpl => 1, iso => 1,
d1eb35ea	101	backup => 1, snippets => 1}, { images => 1 }],
4792d439 WL	102	format => [ { raw => 1, qcow2 => 1, vmdk => 1 } , 'raw' ],
	103	};
	104	}
	105
	106	sub properties {
	107	return {
	108	share => {
	109	description => "CIFS share.",
	110	type => 'string',
	111	},
	112	password => {
0f2549ed	113	description => "Password for accessing the share/datastore.",
4792d439 WL	114	type => 'string',
	115	maxLength => 256,
	116	},
	117	domain => {
	118	description => "CIFS domain.",
	119	type => 'string',
	120	optional => 1,
	121	maxLength => 256,
	122	},
	123	smbversion => {
e1667a22 TL	124	description => "SMB protocol version. 'default' if not set, negotiates the highest SMB2+"
e1667a22 TL	125	." version supported by both the client and server.",
4792d439	126	type => 'string',
e1667a22	127	default => 'default',
9fff8c7a	128	enum => ['default', '2.0', '2.1', '3', '3.0', '3.11'],
4792d439 WL	129	optional => 1,
	130	},
	131	};
	132	}
	133
	134	sub options {
	135	return {
	136	path => { fixed => 1 },
b539bb46	137	'content-dirs' => { optional => 1 },
4792d439 WL	138	server => { fixed => 1 },
4792d439 WL	139	share => { fixed => 1 },
362159a8	140	subdir => { optional => 1 },
4792d439 WL	141	nodes => { optional => 1 },
	142	disable => { optional => 1 },
	143	maxfiles => { optional => 1 },
3353698f	144	'prune-backups' => { optional => 1 },
8009417d	145	'max-protected-backups' => { optional => 1 },
4792d439 WL	146	content => { optional => 1 },
	147	format => { optional => 1 },
	148	username => { optional => 1 },
	149	password => { optional => 1},
	150	domain => { optional => 1},
	151	smbversion => { optional => 1},
3160dbf1	152	mkdir => { optional => 1 },
c3ed9ac3	153	bwlimit => { optional => 1 },
95ff5dbd	154	preallocation => { optional => 1 },
4792d439 WL	155	};
	156	}
	157
	158
	159	sub check_config {
	160	my ($class, $sectionId, $config, $create, $skipSchemaCheck) = @_;
	161
	162	$config->{path} = "/mnt/pve/$sectionId" if $create && !$config->{path};
	163
	164	return $class->SUPER::check_config($sectionId, $config, $create, $skipSchemaCheck);
	165	}
	166
	167	# Storage implementation
	168
ab5e32bb	169	sub on_add_hook {
02f43ab4	170	my ($class, $storeid, $scfg, %sensitive) = @_;
ab5e32bb	171
02f43ab4 TL	172	if (defined($sensitive{password})) {
02f43ab4 TL	173	cifs_set_credentials($sensitive{password}, $storeid);
72385de9	174	if (!exists($scfg->{username})) {
b4e88b7f	175	warn "storage $storeid: ignoring password parameter, no user set\n";
72385de9	176	}
e2fc55b4 DM	177	} else {
	178	cifs_delete_credentials($storeid);
	179	}
f3ccd0ef FE	180
f3ccd0ef FE	181	return;
e2fc55b4 DM	182	}
	183
	184	sub on_update_hook {
02f43ab4	185	my ($class, $storeid, $scfg, %sensitive) = @_;
e2fc55b4	186
02f43ab4	187	return if !exists($sensitive{password});
e2fc55b4	188
02f43ab4 TL	189	if (defined($sensitive{password})) {
02f43ab4 TL	190	cifs_set_credentials($sensitive{password}, $storeid);
72385de9	191	if (!exists($scfg->{username})) {
b4e88b7f	192	warn "storage $storeid: ignoring password parameter, no user set\n";
72385de9	193	}
e2fc55b4 DM	194	} else {
e2fc55b4 DM	195	cifs_delete_credentials($storeid);
ab5e32bb	196	}
f3ccd0ef FE	197
f3ccd0ef FE	198	return;
ab5e32bb TL	199	}
	200
	201	sub on_delete_hook {
	202	my ($class, $storeid, $scfg) = @_;
	203
e2fc55b4	204	cifs_delete_credentials($storeid);
f3ccd0ef FE	205
f3ccd0ef FE	206	return;
ab5e32bb TL	207	}
ab5e32bb TL	208
4792d439 WL	209	sub status {
	210	my ($class, $storeid, $scfg, $cache) = @_;
	211
	212	$cache->{mountdata} = PVE::ProcFSTools::parse_proc_mounts()
	213	if !$cache->{mountdata};
	214
4792d439	215	return undef
362159a8	216	if !cifs_is_mounted($scfg, $cache->{mountdata});
4792d439 WL	217
	218	return $class->SUPER::status($storeid, $scfg, $cache);
	219	}
	220
	221	sub activate_storage {
	222	my ($class, $storeid, $scfg, $cache) = @_;
	223
	224	$cache->{mountdata} = PVE::ProcFSTools::parse_proc_mounts()
	225	if !$cache->{mountdata};
	226
	227	my $path = $scfg->{path};
4792d439	228
362159a8	229	if (!cifs_is_mounted($scfg, $cache->{mountdata})) {
4792d439	230
3160dbf1	231	mkpath $path if !(defined($scfg->{mkdir}) && !$scfg->{mkdir});
4792d439 WL	232
	233	die "unable to activate storage '$storeid' - " .
	234	"directory '$path' does not exist\n" if ! -d $path;
	235
362159a8	236	cifs_mount($scfg, $storeid, $scfg->{smbversion},
4792d439 WL	237	$scfg->{username}, $scfg->{domain});
	238	}
	239
	240	$class->SUPER::activate_storage($storeid, $scfg, $cache);
	241	}
	242
	243	sub deactivate_storage {
	244	my ($class, $storeid, $scfg, $cache) = @_;
	245
	246	$cache->{mountdata} = PVE::ProcFSTools::parse_proc_mounts()
	247	if !$cache->{mountdata};
	248
	249	my $path = $scfg->{path};
4792d439	250
362159a8	251	if (cifs_is_mounted($scfg, $cache->{mountdata})) {
4792d439 WL	252	my $cmd = ['/bin/umount', $path];
	253	run_command($cmd, errmsg => 'umount error');
	254	}
	255	}
	256
	257	sub check_connection {
	258	my ($class, $storeid, $scfg) = @_;
	259
ff6fa67f	260	my $servicename = '//'.$scfg->{server}.'/'.$scfg->{share};
4792d439	261
e1667a22	262	my $cmd = ['/usr/bin/smbclient', $servicename, '-d', '0'];
4792d439	263
e1667a22 TL	264	if (defined($scfg->{smbversion}) && $scfg->{smbversion} ne 'default') {
	265	# max-protocol version, so basically only relevant for smb2 vs smb3
	266	push @$cmd, '-m', "smb" . int($scfg->{smbversion});
	267	}
4792d439 WL	268
	269	if (my $cred_file = get_cred_file($storeid)) {
	270	push @$cmd, '-U', $scfg->{username}, '-A', $cred_file;
	271	push @$cmd, '-W', $scfg->{domain} if defined($scfg->{domain});
	272	} else {
	273	push @$cmd, '-U', 'Guest','-N';
	274	}
ff6fa67f WL	275	push @$cmd, '-c', 'echo 1 0';
ff6fa67f WL	276
4792d439	277	my $out_str;
70232472 TL	278	my $out = sub { $out_str .= shift };
	279
	280	eval { run_command($cmd, timeout => 10, outfunc => $out, errfunc => sub {}) };
4792d439 WL	281
4792d439 WL	282	if (my $err = $@) {
840e3797	283	die "$out_str\n" if defined($out_str) &&
5ef50a82	284	($out_str =~ m/NT_STATUS_(ACCESS_DENIED\|LOGON_FAILURE)/);
4792d439 WL	285	return 0;
	286	}
	287
	288	return 1;
	289	}
	290
f1de8281 FE	291	# FIXME remove on the next APIAGE reset.
f1de8281 FE	292	# Deprecated, use get_volume_attribute instead.
44fdfb2a TL	293	sub get_volume_notes {
	294	my $class = shift;
	295	PVE::Storage::DirPlugin::get_volume_notes($class, @_);
	296	}
f1de8281 FE	297
	298	# FIXME remove on the next APIAGE reset.
	299	# Deprecated, use update_volume_attribute instead.
44fdfb2a TL	300	sub update_volume_notes {
	301	my $class = shift;
	302	PVE::Storage::DirPlugin::update_volume_notes($class, @_);
	303	}
	304
f1de8281 FE	305	sub get_volume_attribute {
	306	return PVE::Storage::DirPlugin::get_volume_attribute(@_);
	307	}
	308
	309	sub update_volume_attribute {
	310	return PVE::Storage::DirPlugin::update_volume_attribute(@_);
	311	}
	312
4792d439	313	1;