[pve-storage.git] / PVE / Storage / CIFSPlugin.pm

package PVE::Storage::CIFSPlugin;

use strict;
use warnings;
use Net::IP;
use PVE::Tools qw(run_command);
use PVE::ProcFSTools;
use File::Path;
use PVE::Storage::Plugin;
use PVE::JSONSchema qw(get_standard_option);

use base qw(PVE::Storage::Plugin);

# CIFS helper functions

sub cifs_is_mounted {
    my ($server, $share, $mountpoint, $mountdata) = @_;

    $server = "[$server]" if Net::IP::ip_is_ipv6($server);
    my $source = "//${server}/$share";
    $mountdata = PVE::ProcFSTools::parse_proc_mounts() if !$mountdata;

    return $mountpoint if grep {
	$_->[2] =~ /^cifs/ &&
	$_->[0] =~ m|^\Q$source\E/?$| &&
	$_->[1] eq $mountpoint
    } @$mountdata;
    return undef;
}

sub cifs_cred_file_name {
    my ($storeid) = @_;
    return "/etc/pve/priv/storage/${storeid}.pw";
}

sub cifs_delete_credentials {
    my ($storeid) = @_;

    if (my $cred_file = get_cred_file($storeid)) {
	unlink($cred_file) or warn "removing cifs credientials '$cred_file' failed: $!\n";
    }
}

sub cifs_set_credentials {
    my ($password, $storeid) = @_;

    my $cred_file = cifs_cred_file_name($storeid);
    mkdir "/etc/pve/priv/storage";

    PVE::Tools::file_set_contents($cred_file, "password=$password\n");

    return $cred_file;
}

sub get_cred_file {
    my ($storeid) = @_;

    my $cred_file = cifs_cred_file_name($storeid);

    if (-e $cred_file) {
	return $cred_file;
    } elsif (-e "/etc/pve/priv/${storeid}.cred") {
	# FIXME: remove fallback with 7.0 by doing a rename on upgrade from 6.x
	return "/etc/pve/priv/${storeid}.cred";
    }
    return undef;
}

sub cifs_mount {
    my ($server, $share, $mountpoint, $storeid, $smbver, $user, $domain) = @_;

    $server = "[$server]" if Net::IP::ip_is_ipv6($server);
    my $source = "//${server}/$share";

    my $cmd = ['/bin/mount', '-t', 'cifs', $source, $mountpoint, '-o', 'soft', '-o'];

    if (my $cred_file = get_cred_file($storeid)) {
	push @$cmd, "username=$user", '-o', "credentials=$cred_file";
	push @$cmd, '-o', "domain=$domain" if defined($domain);
    } else {
	push @$cmd, 'guest,username=guest';
    }

    push @$cmd, '-o', defined($smbver) ? "vers=$smbver" : "vers=3.0";

    run_command($cmd, errmsg => "mount error");
}

# Configuration

sub type {
    return 'cifs';
}

sub plugindata {
    return {
	content => [ { images => 1, rootdir => 1, vztmpl => 1, iso => 1,
		   backup => 1, snippets => 1}, { images => 1 }],
	format => [ { raw => 1, qcow2 => 1, vmdk => 1 } , 'raw' ],
    };
}

sub properties {
    return {
	share => {
	    description => "CIFS share.",
	    type => 'string',
	},
	password => {
	    description => "Password for accessing the share/datastore.",
	    type => 'string',
	    maxLength => 256,
	},
	domain => {
	    description => "CIFS domain.",
	    type => 'string',
	    optional => 1,
	    maxLength => 256,
	},
	smbversion => {
	    description => "SMB protocol version",
	    type => 'string',
	    enum => ['2.0', '2.1', '3.0'],
	    optional => 1,
	},
    };
}

sub options {
    return {
	path => { fixed => 1 },
	server => { fixed => 1 },
	share => { fixed => 1 },
	nodes => { optional => 1 },
	disable => { optional => 1 },
	maxfiles => { optional => 1 },
	content => { optional => 1 },
	format => { optional => 1 },
	username => { optional => 1 },
	password => { optional => 1},
	domain => { optional => 1},
	smbversion => { optional => 1},
	mkdir => { optional => 1 },
	bwlimit => { optional => 1 },
    };
}


sub check_config {
    my ($class, $sectionId, $config, $create, $skipSchemaCheck) = @_;

    $config->{path} = "/mnt/pve/$sectionId" if $create && !$config->{path};

    return $class->SUPER::check_config($sectionId, $config, $create, $skipSchemaCheck);
}

# Storage implementation

sub on_add_hook {
    my ($class, $storeid, $scfg, %param) = @_;

    if (defined($param{password})) {
	cifs_set_credentials($param{password}, $storeid);
	if (!exists($scfg->{username})) {
	    warn "ignoring password parameter\n";
	}
    } else {
	cifs_delete_credentials($storeid);
    }
}

sub on_update_hook {
    my ($class, $storeid, $scfg, %param) = @_;

    return if !exists($param{password});

    if (defined($param{password})) {
	cifs_set_credentials($param{password}, $storeid);
	if (!exists($scfg->{username})) {
	    warn "ignoring password parameter\n";
	}
    } else {
	cifs_delete_credentials($storeid);
    }
}

sub on_delete_hook {
    my ($class, $storeid, $scfg) = @_;

    cifs_delete_credentials($storeid);
}

sub status {
    my ($class, $storeid, $scfg, $cache) = @_;

    $cache->{mountdata} = PVE::ProcFSTools::parse_proc_mounts()
	if !$cache->{mountdata};

    my $path = $scfg->{path};
    my $server = $scfg->{server};
    my $share = $scfg->{share};

    return undef
	if !cifs_is_mounted($server, $share, $path, $cache->{mountdata});

    return $class->SUPER::status($storeid, $scfg, $cache);
}

sub activate_storage {
    my ($class, $storeid, $scfg, $cache) = @_;

    $cache->{mountdata} = PVE::ProcFSTools::parse_proc_mounts()
	if !$cache->{mountdata};

    my $path = $scfg->{path};
    my $server = $scfg->{server};
    my $share = $scfg->{share};

    if (!cifs_is_mounted($server, $share, $path, $cache->{mountdata})) {

	mkpath $path if !(defined($scfg->{mkdir}) && !$scfg->{mkdir});

	die "unable to activate storage '$storeid' - " .
	    "directory '$path' does not exist\n" if ! -d $path;

	cifs_mount($server, $share, $path, $storeid, $scfg->{smbversion},
	    $scfg->{username}, $scfg->{domain});
    }

    $class->SUPER::activate_storage($storeid, $scfg, $cache);
}

sub deactivate_storage {
    my ($class, $storeid, $scfg, $cache) = @_;

    $cache->{mountdata} = PVE::ProcFSTools::parse_proc_mounts()
	if !$cache->{mountdata};

    my $path = $scfg->{path};
    my $server = $scfg->{server};
    my $share = $scfg->{share};

    if (cifs_is_mounted($server, $share, $path, $cache->{mountdata})) {
	my $cmd = ['/bin/umount', $path];
	run_command($cmd, errmsg => 'umount error');
    }
}

sub check_connection {
    my ($class, $storeid, $scfg) = @_;

    my $servicename = '//'.$scfg->{server}.'/'.$scfg->{share};

    my $cmd = ['/usr/bin/smbclient', $servicename, '-d', '0', '-m'];

    push @$cmd, $scfg->{smbversion} ? "smb".int($scfg->{smbversion}) : 'smb3';

    if (my $cred_file = get_cred_file($storeid)) {
	push @$cmd, '-U', $scfg->{username}, '-A', $cred_file;
	push @$cmd, '-W', $scfg->{domain} if defined($scfg->{domain});
    } else {
	push @$cmd, '-U', 'Guest','-N';
    }

    push @$cmd, '-c', 'echo 1 0';

    my $out_str;
    eval {
	run_command($cmd, timeout => 2, outfunc => sub {$out_str .= shift;},
		    errfunc => sub {});
    };

    if (my $err = $@) {
	die "$out_str\n" if defined($out_str) &&
	    ($out_str =~ m/NT_STATUS_ACCESS_DENIED/);
	return 0;
    }

    return 1;
}

1;
Commit	Line	Data
4792d439 WL	1	package PVE::Storage::CIFSPlugin;
	2
	3	use strict;
	4	use warnings;
	5	use Net::IP;
	6	use PVE::Tools qw(run_command);
	7	use PVE::ProcFSTools;
	8	use File::Path;
	9	use PVE::Storage::Plugin;
	10	use PVE::JSONSchema qw(get_standard_option);
	11
	12	use base qw(PVE::Storage::Plugin);
	13
	14	# CIFS helper functions
	15
	16	sub cifs_is_mounted {
	17	my ($server, $share, $mountpoint, $mountdata) = @_;
	18
	19	$server = "[$server]" if Net::IP::ip_is_ipv6($server);
	20	my $source = "//${server}/$share";
	21	$mountdata = PVE::ProcFSTools::parse_proc_mounts() if !$mountdata;
	22
	23	return $mountpoint if grep {
	24	$_->[2] =~ /^cifs/ &&
	25	$_->[0] =~ m\|^\Q$source\E/?$\| &&
	26	$_->[1] eq $mountpoint
	27	} @$mountdata;
	28	return undef;
	29	}
	30
a9db2ca8 DM	31	sub cifs_cred_file_name {
a9db2ca8 DM	32	my ($storeid) = @_;
f33533d4	33	return "/etc/pve/priv/storage/${storeid}.pw";
a9db2ca8 DM	34	}
a9db2ca8 DM	35
e2fc55b4 DM	36	sub cifs_delete_credentials {
	37	my ($storeid) = @_;
	38
319441e7	39	if (my $cred_file = get_cred_file($storeid)) {
e2fc55b4 DM	40	unlink($cred_file) or warn "removing cifs credientials '$cred_file' failed: $!\n";
	41	}
	42	}
	43
a9db2ca8 DM	44	sub cifs_set_credentials {
	45	my ($password, $storeid) = @_;
	46
	47	my $cred_file = cifs_cred_file_name($storeid);
319441e7	48	mkdir "/etc/pve/priv/storage";
a9db2ca8 DM	49
	50	PVE::Tools::file_set_contents($cred_file, "password=$password\n");
	51
	52	return $cred_file;
	53	}
	54
4792d439 WL	55	sub get_cred_file {
	56	my ($storeid) = @_;
	57
a9db2ca8	58	my $cred_file = cifs_cred_file_name($storeid);
4792d439	59
319441e7 TL	60	if (-e $cred_file) {
319441e7 TL	61	return $cred_file;
f33533d4	62	} elsif (-e "/etc/pve/priv/${storeid}.cred") {
319441e7 TL	63	# FIXME: remove fallback with 7.0 by doing a rename on upgrade from 6.x
	64	return "/etc/pve/priv/${storeid}.cred";
	65	}
	66	return undef;
4792d439 WL	67	}
	68
	69	sub cifs_mount {
	70	my ($server, $share, $mountpoint, $storeid, $smbver, $user, $domain) = @_;
	71
	72	$server = "[$server]" if Net::IP::ip_is_ipv6($server);
	73	my $source = "//${server}/$share";
	74
	75	my $cmd = ['/bin/mount', '-t', 'cifs', $source, $mountpoint, '-o', 'soft', '-o'];
	76
	77	if (my $cred_file = get_cred_file($storeid)) {
	78	push @$cmd, "username=$user", '-o', "credentials=$cred_file";
	79	push @$cmd, '-o', "domain=$domain" if defined($domain);
	80	} else {
	81	push @$cmd, 'guest,username=guest';
	82	}
	83
	84	push @$cmd, '-o', defined($smbver) ? "vers=$smbver" : "vers=3.0";
	85
	86	run_command($cmd, errmsg => "mount error");
	87	}
	88
	89	# Configuration
	90
	91	sub type {
	92	return 'cifs';
	93	}
	94
	95	sub plugindata {
	96	return {
	97	content => [ { images => 1, rootdir => 1, vztmpl => 1, iso => 1,
d1eb35ea	98	backup => 1, snippets => 1}, { images => 1 }],
4792d439 WL	99	format => [ { raw => 1, qcow2 => 1, vmdk => 1 } , 'raw' ],
	100	};
	101	}
	102
	103	sub properties {
	104	return {
	105	share => {
	106	description => "CIFS share.",
	107	type => 'string',
	108	},
	109	password => {
0f2549ed	110	description => "Password for accessing the share/datastore.",
4792d439 WL	111	type => 'string',
	112	maxLength => 256,
	113	},
	114	domain => {
	115	description => "CIFS domain.",
	116	type => 'string',
	117	optional => 1,
	118	maxLength => 256,
	119	},
	120	smbversion => {
5bc3edb2	121	description => "SMB protocol version",
4792d439	122	type => 'string',
c2f12dc6	123	enum => ['2.0', '2.1', '3.0'],
4792d439 WL	124	optional => 1,
	125	},
	126	};
	127	}
	128
	129	sub options {
	130	return {
	131	path => { fixed => 1 },
	132	server => { fixed => 1 },
	133	share => { fixed => 1 },
	134	nodes => { optional => 1 },
	135	disable => { optional => 1 },
	136	maxfiles => { optional => 1 },
	137	content => { optional => 1 },
	138	format => { optional => 1 },
	139	username => { optional => 1 },
	140	password => { optional => 1},
	141	domain => { optional => 1},
	142	smbversion => { optional => 1},
3160dbf1	143	mkdir => { optional => 1 },
c3ed9ac3	144	bwlimit => { optional => 1 },
4792d439 WL	145	};
	146	}
	147
	148
	149	sub check_config {
	150	my ($class, $sectionId, $config, $create, $skipSchemaCheck) = @_;
	151
	152	$config->{path} = "/mnt/pve/$sectionId" if $create && !$config->{path};
	153
	154	return $class->SUPER::check_config($sectionId, $config, $create, $skipSchemaCheck);
	155	}
	156
	157	# Storage implementation
	158
ab5e32bb TL	159	sub on_add_hook {
	160	my ($class, $storeid, $scfg, %param) = @_;
	161
e2fc55b4 DM	162	if (defined($param{password})) {
e2fc55b4 DM	163	cifs_set_credentials($param{password}, $storeid);
72385de9 WB	164	if (!exists($scfg->{username})) {
	165	warn "ignoring password parameter\n";
	166	}
e2fc55b4 DM	167	} else {
	168	cifs_delete_credentials($storeid);
	169	}
	170	}
	171
	172	sub on_update_hook {
	173	my ($class, $storeid, $scfg, %param) = @_;
	174
	175	return if !exists($param{password});
	176
	177	if (defined($param{password})) {
	178	cifs_set_credentials($param{password}, $storeid);
72385de9 WB	179	if (!exists($scfg->{username})) {
	180	warn "ignoring password parameter\n";
	181	}
e2fc55b4 DM	182	} else {
e2fc55b4 DM	183	cifs_delete_credentials($storeid);
ab5e32bb TL	184	}
	185	}
	186
	187	sub on_delete_hook {
	188	my ($class, $storeid, $scfg) = @_;
	189
e2fc55b4	190	cifs_delete_credentials($storeid);
ab5e32bb TL	191	}
ab5e32bb TL	192
4792d439 WL	193	sub status {
	194	my ($class, $storeid, $scfg, $cache) = @_;
	195
	196	$cache->{mountdata} = PVE::ProcFSTools::parse_proc_mounts()
	197	if !$cache->{mountdata};
	198
	199	my $path = $scfg->{path};
	200	my $server = $scfg->{server};
	201	my $share = $scfg->{share};
	202
	203	return undef
	204	if !cifs_is_mounted($server, $share, $path, $cache->{mountdata});
	205
	206	return $class->SUPER::status($storeid, $scfg, $cache);
	207	}
	208
	209	sub activate_storage {
	210	my ($class, $storeid, $scfg, $cache) = @_;
	211
	212	$cache->{mountdata} = PVE::ProcFSTools::parse_proc_mounts()
	213	if !$cache->{mountdata};
	214
	215	my $path = $scfg->{path};
	216	my $server = $scfg->{server};
	217	my $share = $scfg->{share};
	218
	219	if (!cifs_is_mounted($server, $share, $path, $cache->{mountdata})) {
	220
3160dbf1	221	mkpath $path if !(defined($scfg->{mkdir}) && !$scfg->{mkdir});
4792d439 WL	222
	223	die "unable to activate storage '$storeid' - " .
	224	"directory '$path' does not exist\n" if ! -d $path;
	225
	226	cifs_mount($server, $share, $path, $storeid, $scfg->{smbversion},
	227	$scfg->{username}, $scfg->{domain});
	228	}
	229
	230	$class->SUPER::activate_storage($storeid, $scfg, $cache);
	231	}
	232
	233	sub deactivate_storage {
	234	my ($class, $storeid, $scfg, $cache) = @_;
	235
	236	$cache->{mountdata} = PVE::ProcFSTools::parse_proc_mounts()
	237	if !$cache->{mountdata};
	238
	239	my $path = $scfg->{path};
	240	my $server = $scfg->{server};
	241	my $share = $scfg->{share};
	242
	243	if (cifs_is_mounted($server, $share, $path, $cache->{mountdata})) {
	244	my $cmd = ['/bin/umount', $path];
	245	run_command($cmd, errmsg => 'umount error');
	246	}
	247	}
	248
	249	sub check_connection {
	250	my ($class, $storeid, $scfg) = @_;
	251
ff6fa67f	252	my $servicename = '//'.$scfg->{server}.'/'.$scfg->{share};
4792d439	253
ff6fa67f	254	my $cmd = ['/usr/bin/smbclient', $servicename, '-d', '0', '-m'];
4792d439 WL	255
	256	push @$cmd, $scfg->{smbversion} ? "smb".int($scfg->{smbversion}) : 'smb3';
	257
	258	if (my $cred_file = get_cred_file($storeid)) {
	259	push @$cmd, '-U', $scfg->{username}, '-A', $cred_file;
	260	push @$cmd, '-W', $scfg->{domain} if defined($scfg->{domain});
	261	} else {
	262	push @$cmd, '-U', 'Guest','-N';
	263	}
	264
ff6fa67f WL	265	push @$cmd, '-c', 'echo 1 0';
ff6fa67f WL	266
4792d439 WL	267	my $out_str;
	268	eval {
	269	run_command($cmd, timeout => 2, outfunc => sub {$out_str .= shift;},
	270	errfunc => sub {});
	271	};
	272
	273	if (my $err = $@) {
840e3797 WL	274	die "$out_str\n" if defined($out_str) &&
840e3797 WL	275	($out_str =~ m/NT_STATUS_ACCESS_DENIED/);
4792d439 WL	276	return 0;
	277	}
	278
	279	return 1;
	280	}
	281
	282	1;