[pve-storage.git] / PVE / Storage / CIFSPlugin.pm

package PVE::Storage::CIFSPlugin;

use strict;
use warnings;
use Net::IP;
use PVE::Tools qw(run_command);
use PVE::ProcFSTools;
use File::Path;
use PVE::Storage::Plugin;
use PVE::JSONSchema qw(get_standard_option);

use base qw(PVE::Storage::Plugin);

# CIFS helper functions

sub cifs_is_mounted {
    my ($server, $share, $mountpoint, $mountdata) = @_;

    $server = "[$server]" if Net::IP::ip_is_ipv6($server);
    my $source = "//${server}/$share";
    $mountdata = PVE::ProcFSTools::parse_proc_mounts() if !$mountdata;

    return $mountpoint if grep {
	$_->[2] =~ /^cifs/ &&
	$_->[0] =~ m|^\Q$source\E/?$| &&
	$_->[1] eq $mountpoint
    } @$mountdata;
    return undef;
}

sub cifs_cred_file_name {
    my ($storeid) = @_;
    return "/etc/pve/priv/storage/${storeid}.pw";
}

sub cifs_delete_credentials {
    my ($storeid) = @_;

    if (my $cred_file = get_cred_file($storeid)) {
	unlink($cred_file) or warn "removing cifs credientials '$cred_file' failed: $!\n";
    }
}

sub cifs_set_credentials {
    my ($password, $storeid) = @_;

    my $cred_file = cifs_cred_file_name($storeid);
    mkdir "/etc/pve/priv/storage";

    PVE::Tools::file_set_contents($cred_file, "password=$password\n");

    return $cred_file;
}

sub get_cred_file {
    my ($storeid) = @_;

    my $cred_file = cifs_cred_file_name($storeid);

    if (-e $cred_file) {
	return $cred_file;
    }
    return undef;
}

sub cifs_mount {
    my ($server, $share, $mountpoint, $storeid, $smbver, $user, $domain) = @_;

    $server = "[$server]" if Net::IP::ip_is_ipv6($server);
    my $source = "//${server}/$share";

    my $cmd = ['/bin/mount', '-t', 'cifs', $source, $mountpoint, '-o', 'soft', '-o'];

    if (my $cred_file = get_cred_file($storeid)) {
	push @$cmd, "username=$user", '-o', "credentials=$cred_file";
	push @$cmd, '-o', "domain=$domain" if defined($domain);
    } else {
	push @$cmd, 'guest,username=guest';
    }

    push @$cmd, '-o', defined($smbver) ? "vers=$smbver" : "vers=default";

    run_command($cmd, errmsg => "mount error");
}

# Configuration

sub type {
    return 'cifs';
}

sub plugindata {
    return {
	content => [ { images => 1, rootdir => 1, vztmpl => 1, iso => 1,
		   backup => 1, snippets => 1}, { images => 1 }],
	format => [ { raw => 1, qcow2 => 1, vmdk => 1 } , 'raw' ],
    };
}

sub properties {
    return {
	share => {
	    description => "CIFS share.",
	    type => 'string',
	},
	password => {
	    description => "Password for accessing the share/datastore.",
	    type => 'string',
	    maxLength => 256,
	},
	domain => {
	    description => "CIFS domain.",
	    type => 'string',
	    optional => 1,
	    maxLength => 256,
	},
	smbversion => {
	    description => "SMB protocol version. 'default' if not set, negotiates the highest SMB2+"
	        ." version supported by both the client and server.",
	    type => 'string',
	    default => 'default',
	    enum => ['default', '2.0', '2.1', '3', '3.0', '3.11'],
	    optional => 1,
	},
    };
}

sub options {
    return {
	path => { fixed => 1 },
	dirs => { optional => 1 },
	server => { fixed => 1 },
	share => { fixed => 1 },
	nodes => { optional => 1 },
	disable => { optional => 1 },
	maxfiles => { optional => 1 },
	'prune-backups' => { optional => 1 },
	'max-protected-backups' => { optional => 1 },
	content => { optional => 1 },
	format => { optional => 1 },
	username => { optional => 1 },
	password => { optional => 1},
	domain => { optional => 1},
	smbversion => { optional => 1},
	mkdir => { optional => 1 },
	bwlimit => { optional => 1 },
	preallocation => { optional => 1 },
    };
}


sub check_config {
    my ($class, $sectionId, $config, $create, $skipSchemaCheck) = @_;

    $config->{path} = "/mnt/pve/$sectionId" if $create && !$config->{path};

    return $class->SUPER::check_config($sectionId, $config, $create, $skipSchemaCheck);
}

# Storage implementation

sub on_add_hook {
    my ($class, $storeid, $scfg, %sensitive) = @_;

    if (defined($sensitive{password})) {
	cifs_set_credentials($sensitive{password}, $storeid);
	if (!exists($scfg->{username})) {
	    warn "storage $storeid: ignoring password parameter, no user set\n";
	}
    } else {
	cifs_delete_credentials($storeid);
    }

    return;
}

sub on_update_hook {
    my ($class, $storeid, $scfg, %sensitive) = @_;

    return if !exists($sensitive{password});

    if (defined($sensitive{password})) {
	cifs_set_credentials($sensitive{password}, $storeid);
	if (!exists($scfg->{username})) {
	    warn "storage $storeid: ignoring password parameter, no user set\n";
	}
    } else {
	cifs_delete_credentials($storeid);
    }

    return;
}

sub on_delete_hook {
    my ($class, $storeid, $scfg) = @_;

    cifs_delete_credentials($storeid);

    return;
}

sub status {
    my ($class, $storeid, $scfg, $cache) = @_;

    $cache->{mountdata} = PVE::ProcFSTools::parse_proc_mounts()
	if !$cache->{mountdata};

    my $path = $scfg->{path};
    my $server = $scfg->{server};
    my $share = $scfg->{share};

    return undef
	if !cifs_is_mounted($server, $share, $path, $cache->{mountdata});

    return $class->SUPER::status($storeid, $scfg, $cache);
}

sub activate_storage {
    my ($class, $storeid, $scfg, $cache) = @_;

    $cache->{mountdata} = PVE::ProcFSTools::parse_proc_mounts()
	if !$cache->{mountdata};

    my $path = $scfg->{path};
    my $server = $scfg->{server};
    my $share = $scfg->{share};

    if (!cifs_is_mounted($server, $share, $path, $cache->{mountdata})) {

	mkpath $path if !(defined($scfg->{mkdir}) && !$scfg->{mkdir});

	die "unable to activate storage '$storeid' - " .
	    "directory '$path' does not exist\n" if ! -d $path;

	cifs_mount($server, $share, $path, $storeid, $scfg->{smbversion},
	    $scfg->{username}, $scfg->{domain});
    }

    $class->SUPER::activate_storage($storeid, $scfg, $cache);
}

sub deactivate_storage {
    my ($class, $storeid, $scfg, $cache) = @_;

    $cache->{mountdata} = PVE::ProcFSTools::parse_proc_mounts()
	if !$cache->{mountdata};

    my $path = $scfg->{path};
    my $server = $scfg->{server};
    my $share = $scfg->{share};

    if (cifs_is_mounted($server, $share, $path, $cache->{mountdata})) {
	my $cmd = ['/bin/umount', $path];
	run_command($cmd, errmsg => 'umount error');
    }
}

sub check_connection {
    my ($class, $storeid, $scfg) = @_;

    my $servicename = '//'.$scfg->{server}.'/'.$scfg->{share};

    my $cmd = ['/usr/bin/smbclient', $servicename, '-d', '0'];

    if (defined($scfg->{smbversion}) && $scfg->{smbversion} ne 'default') {
	# max-protocol version, so basically only relevant for smb2 vs smb3
	push @$cmd, '-m', "smb" . int($scfg->{smbversion});
    }

    if (my $cred_file = get_cred_file($storeid)) {
	push @$cmd, '-U', $scfg->{username}, '-A', $cred_file;
	push @$cmd, '-W', $scfg->{domain} if defined($scfg->{domain});
    } else {
	push @$cmd, '-U', 'Guest','-N';
    }
    push @$cmd, '-c', 'echo 1 0';

    my $out_str;
    my $out = sub { $out_str .= shift };

    eval { run_command($cmd, timeout => 10, outfunc => $out, errfunc => sub {}) };

    if (my $err = $@) {
	die "$out_str\n" if defined($out_str) &&
	    ($out_str =~ m/NT_STATUS_(ACCESS_DENIED|LOGON_FAILURE)/);
	return 0;
    }

    return 1;
}

# FIXME remove on the next APIAGE reset.
# Deprecated, use get_volume_attribute instead.
sub get_volume_notes {
    my $class = shift;
    PVE::Storage::DirPlugin::get_volume_notes($class, @_);
}

# FIXME remove on the next APIAGE reset.
# Deprecated, use update_volume_attribute instead.
sub update_volume_notes {
    my $class = shift;
    PVE::Storage::DirPlugin::update_volume_notes($class, @_);
}

sub get_volume_attribute {
    return PVE::Storage::DirPlugin::get_volume_attribute(@_);
}

sub update_volume_attribute {
    return PVE::Storage::DirPlugin::update_volume_attribute(@_);
}

1;
Commit	Line	Data
4792d439 WL	1	package PVE::Storage::CIFSPlugin;
	2
	3	use strict;
	4	use warnings;
	5	use Net::IP;
	6	use PVE::Tools qw(run_command);
	7	use PVE::ProcFSTools;
	8	use File::Path;
	9	use PVE::Storage::Plugin;
	10	use PVE::JSONSchema qw(get_standard_option);
	11
	12	use base qw(PVE::Storage::Plugin);
	13
	14	# CIFS helper functions
	15
	16	sub cifs_is_mounted {
	17	my ($server, $share, $mountpoint, $mountdata) = @_;
	18
	19	$server = "[$server]" if Net::IP::ip_is_ipv6($server);
	20	my $source = "//${server}/$share";
	21	$mountdata = PVE::ProcFSTools::parse_proc_mounts() if !$mountdata;
	22
	23	return $mountpoint if grep {
	24	$_->[2] =~ /^cifs/ &&
	25	$_->[0] =~ m\|^\Q$source\E/?$\| &&
	26	$_->[1] eq $mountpoint
	27	} @$mountdata;
	28	return undef;
	29	}
	30
a9db2ca8 DM	31	sub cifs_cred_file_name {
a9db2ca8 DM	32	my ($storeid) = @_;
f33533d4	33	return "/etc/pve/priv/storage/${storeid}.pw";
a9db2ca8 DM	34	}
a9db2ca8 DM	35
e2fc55b4 DM	36	sub cifs_delete_credentials {
	37	my ($storeid) = @_;
	38
319441e7	39	if (my $cred_file = get_cred_file($storeid)) {
e2fc55b4 DM	40	unlink($cred_file) or warn "removing cifs credientials '$cred_file' failed: $!\n";
	41	}
	42	}
	43
a9db2ca8 DM	44	sub cifs_set_credentials {
	45	my ($password, $storeid) = @_;
	46
	47	my $cred_file = cifs_cred_file_name($storeid);
319441e7	48	mkdir "/etc/pve/priv/storage";
a9db2ca8 DM	49
	50	PVE::Tools::file_set_contents($cred_file, "password=$password\n");
	51
	52	return $cred_file;
	53	}
	54
4792d439 WL	55	sub get_cred_file {
	56	my ($storeid) = @_;
	57
a9db2ca8	58	my $cred_file = cifs_cred_file_name($storeid);
4792d439	59
319441e7 TL	60	if (-e $cred_file) {
319441e7 TL	61	return $cred_file;
319441e7 TL	62	}
319441e7 TL	63	return undef;
4792d439 WL	64	}
	65
	66	sub cifs_mount {
	67	my ($server, $share, $mountpoint, $storeid, $smbver, $user, $domain) = @_;
	68
	69	$server = "[$server]" if Net::IP::ip_is_ipv6($server);
	70	my $source = "//${server}/$share";
	71
	72	my $cmd = ['/bin/mount', '-t', 'cifs', $source, $mountpoint, '-o', 'soft', '-o'];
	73
	74	if (my $cred_file = get_cred_file($storeid)) {
	75	push @$cmd, "username=$user", '-o', "credentials=$cred_file";
	76	push @$cmd, '-o', "domain=$domain" if defined($domain);
	77	} else {
	78	push @$cmd, 'guest,username=guest';
	79	}
	80
e1667a22	81	push @$cmd, '-o', defined($smbver) ? "vers=$smbver" : "vers=default";
4792d439 WL	82
	83	run_command($cmd, errmsg => "mount error");
	84	}
	85
	86	# Configuration
	87
	88	sub type {
	89	return 'cifs';
	90	}
	91
	92	sub plugindata {
	93	return {
	94	content => [ { images => 1, rootdir => 1, vztmpl => 1, iso => 1,
d1eb35ea	95	backup => 1, snippets => 1}, { images => 1 }],
4792d439 WL	96	format => [ { raw => 1, qcow2 => 1, vmdk => 1 } , 'raw' ],
	97	};
	98	}
	99
	100	sub properties {
	101	return {
	102	share => {
	103	description => "CIFS share.",
	104	type => 'string',
	105	},
	106	password => {
0f2549ed	107	description => "Password for accessing the share/datastore.",
4792d439 WL	108	type => 'string',
	109	maxLength => 256,
	110	},
	111	domain => {
	112	description => "CIFS domain.",
	113	type => 'string',
	114	optional => 1,
	115	maxLength => 256,
	116	},
	117	smbversion => {
e1667a22 TL	118	description => "SMB protocol version. 'default' if not set, negotiates the highest SMB2+"
e1667a22 TL	119	." version supported by both the client and server.",
4792d439	120	type => 'string',
e1667a22	121	default => 'default',
9fff8c7a	122	enum => ['default', '2.0', '2.1', '3', '3.0', '3.11'],
4792d439 WL	123	optional => 1,
	124	},
	125	};
	126	}
	127
	128	sub options {
	129	return {
	130	path => { fixed => 1 },
3e7bd7da	131	dirs => { optional => 1 },
4792d439 WL	132	server => { fixed => 1 },
	133	share => { fixed => 1 },
	134	nodes => { optional => 1 },
	135	disable => { optional => 1 },
	136	maxfiles => { optional => 1 },
3353698f	137	'prune-backups' => { optional => 1 },
8009417d	138	'max-protected-backups' => { optional => 1 },
4792d439 WL	139	content => { optional => 1 },
	140	format => { optional => 1 },
	141	username => { optional => 1 },
	142	password => { optional => 1},
	143	domain => { optional => 1},
	144	smbversion => { optional => 1},
3160dbf1	145	mkdir => { optional => 1 },
c3ed9ac3	146	bwlimit => { optional => 1 },
95ff5dbd	147	preallocation => { optional => 1 },
4792d439 WL	148	};
	149	}
	150
	151
	152	sub check_config {
	153	my ($class, $sectionId, $config, $create, $skipSchemaCheck) = @_;
	154
	155	$config->{path} = "/mnt/pve/$sectionId" if $create && !$config->{path};
	156
	157	return $class->SUPER::check_config($sectionId, $config, $create, $skipSchemaCheck);
	158	}
	159
	160	# Storage implementation
	161
ab5e32bb	162	sub on_add_hook {
02f43ab4	163	my ($class, $storeid, $scfg, %sensitive) = @_;
ab5e32bb	164
02f43ab4 TL	165	if (defined($sensitive{password})) {
02f43ab4 TL	166	cifs_set_credentials($sensitive{password}, $storeid);
72385de9	167	if (!exists($scfg->{username})) {
b4e88b7f	168	warn "storage $storeid: ignoring password parameter, no user set\n";
72385de9	169	}
e2fc55b4 DM	170	} else {
	171	cifs_delete_credentials($storeid);
	172	}
f3ccd0ef FE	173
f3ccd0ef FE	174	return;
e2fc55b4 DM	175	}
	176
	177	sub on_update_hook {
02f43ab4	178	my ($class, $storeid, $scfg, %sensitive) = @_;
e2fc55b4	179
02f43ab4	180	return if !exists($sensitive{password});
e2fc55b4	181
02f43ab4 TL	182	if (defined($sensitive{password})) {
02f43ab4 TL	183	cifs_set_credentials($sensitive{password}, $storeid);
72385de9	184	if (!exists($scfg->{username})) {
b4e88b7f	185	warn "storage $storeid: ignoring password parameter, no user set\n";
72385de9	186	}
e2fc55b4 DM	187	} else {
e2fc55b4 DM	188	cifs_delete_credentials($storeid);
ab5e32bb	189	}
f3ccd0ef FE	190
f3ccd0ef FE	191	return;
ab5e32bb TL	192	}
	193
	194	sub on_delete_hook {
	195	my ($class, $storeid, $scfg) = @_;
	196
e2fc55b4	197	cifs_delete_credentials($storeid);
f3ccd0ef FE	198
f3ccd0ef FE	199	return;
ab5e32bb TL	200	}
ab5e32bb TL	201
4792d439 WL	202	sub status {
	203	my ($class, $storeid, $scfg, $cache) = @_;
	204
	205	$cache->{mountdata} = PVE::ProcFSTools::parse_proc_mounts()
	206	if !$cache->{mountdata};
	207
	208	my $path = $scfg->{path};
	209	my $server = $scfg->{server};
	210	my $share = $scfg->{share};
	211
	212	return undef
	213	if !cifs_is_mounted($server, $share, $path, $cache->{mountdata});
	214
	215	return $class->SUPER::status($storeid, $scfg, $cache);
	216	}
	217
	218	sub activate_storage {
	219	my ($class, $storeid, $scfg, $cache) = @_;
	220
	221	$cache->{mountdata} = PVE::ProcFSTools::parse_proc_mounts()
	222	if !$cache->{mountdata};
	223
	224	my $path = $scfg->{path};
	225	my $server = $scfg->{server};
	226	my $share = $scfg->{share};
	227
	228	if (!cifs_is_mounted($server, $share, $path, $cache->{mountdata})) {
	229
3160dbf1	230	mkpath $path if !(defined($scfg->{mkdir}) && !$scfg->{mkdir});
4792d439 WL	231
	232	die "unable to activate storage '$storeid' - " .
	233	"directory '$path' does not exist\n" if ! -d $path;
	234
	235	cifs_mount($server, $share, $path, $storeid, $scfg->{smbversion},
	236	$scfg->{username}, $scfg->{domain});
	237	}
	238
	239	$class->SUPER::activate_storage($storeid, $scfg, $cache);
	240	}
	241
	242	sub deactivate_storage {
	243	my ($class, $storeid, $scfg, $cache) = @_;
	244
	245	$cache->{mountdata} = PVE::ProcFSTools::parse_proc_mounts()
	246	if !$cache->{mountdata};
	247
	248	my $path = $scfg->{path};
	249	my $server = $scfg->{server};
	250	my $share = $scfg->{share};
	251
	252	if (cifs_is_mounted($server, $share, $path, $cache->{mountdata})) {
	253	my $cmd = ['/bin/umount', $path];
	254	run_command($cmd, errmsg => 'umount error');
	255	}
	256	}
	257
	258	sub check_connection {
	259	my ($class, $storeid, $scfg) = @_;
	260
ff6fa67f	261	my $servicename = '//'.$scfg->{server}.'/'.$scfg->{share};
4792d439	262
e1667a22	263	my $cmd = ['/usr/bin/smbclient', $servicename, '-d', '0'];
4792d439	264
e1667a22 TL	265	if (defined($scfg->{smbversion}) && $scfg->{smbversion} ne 'default') {
	266	# max-protocol version, so basically only relevant for smb2 vs smb3
	267	push @$cmd, '-m', "smb" . int($scfg->{smbversion});
	268	}
4792d439 WL	269
	270	if (my $cred_file = get_cred_file($storeid)) {
	271	push @$cmd, '-U', $scfg->{username}, '-A', $cred_file;
	272	push @$cmd, '-W', $scfg->{domain} if defined($scfg->{domain});
	273	} else {
	274	push @$cmd, '-U', 'Guest','-N';
	275	}
ff6fa67f WL	276	push @$cmd, '-c', 'echo 1 0';
ff6fa67f WL	277
4792d439	278	my $out_str;
70232472 TL	279	my $out = sub { $out_str .= shift };
	280
	281	eval { run_command($cmd, timeout => 10, outfunc => $out, errfunc => sub {}) };
4792d439 WL	282
4792d439 WL	283	if (my $err = $@) {
840e3797	284	die "$out_str\n" if defined($out_str) &&
5ef50a82	285	($out_str =~ m/NT_STATUS_(ACCESS_DENIED\|LOGON_FAILURE)/);
4792d439 WL	286	return 0;
	287	}
	288
	289	return 1;
	290	}
	291
f1de8281 FE	292	# FIXME remove on the next APIAGE reset.
f1de8281 FE	293	# Deprecated, use get_volume_attribute instead.
44fdfb2a TL	294	sub get_volume_notes {
	295	my $class = shift;
	296	PVE::Storage::DirPlugin::get_volume_notes($class, @_);
	297	}
f1de8281 FE	298
	299	# FIXME remove on the next APIAGE reset.
	300	# Deprecated, use update_volume_attribute instead.
44fdfb2a TL	301	sub update_volume_notes {
	302	my $class = shift;
	303	PVE::Storage::DirPlugin::update_volume_notes($class, @_);
	304	}
	305
f1de8281 FE	306	sub get_volume_attribute {
	307	return PVE::Storage::DirPlugin::get_volume_attribute(@_);
	308	}
	309
	310	sub update_volume_attribute {
	311	return PVE::Storage::DirPlugin::update_volume_attribute(@_);
	312	}
	313
4792d439	314	1;