PVE/Storage/CIFSPlugin.pm

   1 package PVE::Storage::CIFSPlugin;
   2
   3 use strict;
   4 use warnings;
   5 use Net::IP;
   6 use PVE::Tools qw(run_command);
   7 use PVE::ProcFSTools;
   8 use File::Path;
   9 use PVE::Storage::Plugin;
  10 use PVE::JSONSchema qw(get_standard_option);
  11
  12 use base qw(PVE::Storage::Plugin);
  13
  14 # CIFS helper functions
  15
  16 sub cifs_is_mounted {
  17     my ($server, $share, $mountpoint, $mountdata) = @_;
  18
  19     $server = "[$server]" if Net::IP::ip_is_ipv6($server);
  20     my $source = "//${server}/$share";
  21     $mountdata = PVE::ProcFSTools::parse_proc_mounts() if !$mountdata;
  22
  23     return $mountpoint if grep {
  24         $_->[2] =~ /^cifs/ &&
  25         $_->[0] =~ m|^\Q$source\E/?$| &&
  26         $_->[1] eq $mountpoint
  27     } @$mountdata;
  28     return undef;
  29 }
  30
  31 sub cifs_cred_file_name {
  32     my ($storeid) = @_;
  33     return "/etc/pve/priv/storage/${storeid}.pw";
  34 }
  35
  36 sub cifs_delete_credentials {
  37     my ($storeid) = @_;
  38
  39     if (my $cred_file = get_cred_file($storeid)) {
  40         unlink($cred_file) or warn "removing cifs credientials '$cred_file' failed: $!\n";
  41     }
  42 }
  43
  44 sub cifs_set_credentials {
  45     my ($password, $storeid) = @_;
  46
  47     my $cred_file = cifs_cred_file_name($storeid);
  48     mkdir "/etc/pve/priv/storage";
  49
  50     PVE::Tools::file_set_contents($cred_file, "password=$password\n");
  51
  52     return $cred_file;
  53 }
  54
  55 sub get_cred_file {
  56     my ($storeid) = @_;
  57
  58     my $cred_file = cifs_cred_file_name($storeid);
  59
  60     if (-e $cred_file) {
  61         return $cred_file;
  62     }
  63     return undef;
  64 }
  65
  66 sub cifs_mount {
  67     my ($server, $share, $mountpoint, $storeid, $smbver, $user, $domain) = @_;
  68
  69     $server = "[$server]" if Net::IP::ip_is_ipv6($server);
  70     my $source = "//${server}/$share";
  71
  72     my $cmd = ['/bin/mount', '-t', 'cifs', $source, $mountpoint, '-o', 'soft', '-o'];
  73
  74     if (my $cred_file = get_cred_file($storeid)) {
  75         push @$cmd, "username=$user", '-o', "credentials=$cred_file";
  76         push @$cmd, '-o', "domain=$domain" if defined($domain);
  77     } else {
  78         push @$cmd, 'guest,username=guest';
  79     }
  80
  81     push @$cmd, '-o', defined($smbver) ? "vers=$smbver" : "vers=default";
  82
  83     run_command($cmd, errmsg => "mount error");
  84 }
  85
  86 # Configuration
  87
  88 sub type {
  89     return 'cifs';
  90 }
  91
  92 sub plugindata {
  93     return {
  94         content => [ { images => 1, rootdir => 1, vztmpl => 1, iso => 1,
  95                    backup => 1, snippets => 1}, { images => 1 }],
  96         format => [ { raw => 1, qcow2 => 1, vmdk => 1 } , 'raw' ],
  97     };
  98 }
  99
 100 sub properties {
 101     return {
 102         share => {
 103             description => "CIFS share.",
 104             type => 'string',
 105         },
 106         password => {
 107             description => "Password for accessing the share/datastore.",
 108             type => 'string',
 109             maxLength => 256,
 110         },
 111         domain => {
 112             description => "CIFS domain.",
 113             type => 'string',
 114             optional => 1,
 115             maxLength => 256,
 116         },
 117         smbversion => {
 118             description => "SMB protocol version. 'default' if not set, negotiates the highest SMB2+"
 119                 ." version supported by both the client and server.",
 120             type => 'string',
 121             default => 'default',
 122             enum => ['default', '2.0', '2.1', '3', '3.0', '3.11'],
 123             optional => 1,
 124         },
 125     };
 126 }
 127
 128 sub options {
 129     return {
 130         path => { fixed => 1 },
 131         server => { fixed => 1 },
 132         share => { fixed => 1 },
 133         nodes => { optional => 1 },
 134         disable => { optional => 1 },
 135         maxfiles => { optional => 1 },
 136         'prune-backups' => { optional => 1 },
 137         'max-protected-backups' => { optional => 1 },
 138         content => { optional => 1 },
 139         format => { optional => 1 },
 140         username => { optional => 1 },
 141         password => { optional => 1},
 142         domain => { optional => 1},
 143         smbversion => { optional => 1},
 144         mkdir => { optional => 1 },
 145         bwlimit => { optional => 1 },
 146         preallocation => { optional => 1 },
 147     };
 148 }
 149
 150
 151 sub check_config {
 152     my ($class, $sectionId, $config, $create, $skipSchemaCheck) = @_;
 153
 154     $config->{path} = "/mnt/pve/$sectionId" if $create && !$config->{path};
 155
 156     return $class->SUPER::check_config($sectionId, $config, $create, $skipSchemaCheck);
 157 }
 158
 159 # Storage implementation
 160
 161 sub on_add_hook {
 162     my ($class, $storeid, $scfg, %sensitive) = @_;
 163
 164     if (defined($sensitive{password})) {
 165         cifs_set_credentials($sensitive{password}, $storeid);
 166         if (!exists($scfg->{username})) {
 167             warn "storage $storeid: ignoring password parameter, no user set\n";
 168         }
 169     } else {
 170         cifs_delete_credentials($storeid);
 171     }
 172
 173     return;
 174 }
 175
 176 sub on_update_hook {
 177     my ($class, $storeid, $scfg, %sensitive) = @_;
 178
 179     return if !exists($sensitive{password});
 180
 181     if (defined($sensitive{password})) {
 182         cifs_set_credentials($sensitive{password}, $storeid);
 183         if (!exists($scfg->{username})) {
 184             warn "storage $storeid: ignoring password parameter, no user set\n";
 185         }
 186     } else {
 187         cifs_delete_credentials($storeid);
 188     }
 189
 190     return;
 191 }
 192
 193 sub on_delete_hook {
 194     my ($class, $storeid, $scfg) = @_;
 195
 196     cifs_delete_credentials($storeid);
 197
 198     return;
 199 }
 200
 201 sub status {
 202     my ($class, $storeid, $scfg, $cache) = @_;
 203
 204     $cache->{mountdata} = PVE::ProcFSTools::parse_proc_mounts()
 205         if !$cache->{mountdata};
 206
 207     my $path = $scfg->{path};
 208     my $server = $scfg->{server};
 209     my $share = $scfg->{share};
 210
 211     return undef
 212         if !cifs_is_mounted($server, $share, $path, $cache->{mountdata});
 213
 214     return $class->SUPER::status($storeid, $scfg, $cache);
 215 }
 216
 217 sub activate_storage {
 218     my ($class, $storeid, $scfg, $cache) = @_;
 219
 220     $cache->{mountdata} = PVE::ProcFSTools::parse_proc_mounts()
 221         if !$cache->{mountdata};
 222
 223     my $path = $scfg->{path};
 224     my $server = $scfg->{server};
 225     my $share = $scfg->{share};
 226
 227     if (!cifs_is_mounted($server, $share, $path, $cache->{mountdata})) {
 228
 229         mkpath $path if !(defined($scfg->{mkdir}) && !$scfg->{mkdir});
 230
 231         die "unable to activate storage '$storeid' - " .
 232             "directory '$path' does not exist\n" if ! -d $path;
 233
 234         cifs_mount($server, $share, $path, $storeid, $scfg->{smbversion},
 235             $scfg->{username}, $scfg->{domain});
 236     }
 237
 238     $class->SUPER::activate_storage($storeid, $scfg, $cache);
 239 }
 240
 241 sub deactivate_storage {
 242     my ($class, $storeid, $scfg, $cache) = @_;
 243
 244     $cache->{mountdata} = PVE::ProcFSTools::parse_proc_mounts()
 245         if !$cache->{mountdata};
 246
 247     my $path = $scfg->{path};
 248     my $server = $scfg->{server};
 249     my $share = $scfg->{share};
 250
 251     if (cifs_is_mounted($server, $share, $path, $cache->{mountdata})) {
 252         my $cmd = ['/bin/umount', $path];
 253         run_command($cmd, errmsg => 'umount error');
 254     }
 255 }
 256
 257 sub check_connection {
 258     my ($class, $storeid, $scfg) = @_;
 259
 260     my $servicename = '//'.$scfg->{server}.'/'.$scfg->{share};
 261
 262     my $cmd = ['/usr/bin/smbclient', $servicename, '-d', '0'];
 263
 264     if (defined($scfg->{smbversion}) && $scfg->{smbversion} ne 'default') {
 265         # max-protocol version, so basically only relevant for smb2 vs smb3
 266         push @$cmd, '-m', "smb" . int($scfg->{smbversion});
 267     }
 268
 269     if (my $cred_file = get_cred_file($storeid)) {
 270         push @$cmd, '-U', $scfg->{username}, '-A', $cred_file;
 271         push @$cmd, '-W', $scfg->{domain} if defined($scfg->{domain});
 272     } else {
 273         push @$cmd, '-U', 'Guest','-N';
 274     }
 275     push @$cmd, '-c', 'echo 1 0';
 276
 277     my $out_str;
 278     my $out = sub { $out_str .= shift };
 279
 280     eval { run_command($cmd, timeout => 10, outfunc => $out, errfunc => sub {}) };
 281
 282     if (my $err = $@) {
 283         die "$out_str\n" if defined($out_str) &&
 284             ($out_str =~ m/NT_STATUS_(ACCESS_DENIED|LOGON_FAILURE)/);
 285         return 0;
 286     }
 287
 288     return 1;
 289 }
 290
 291 # FIXME remove on the next APIAGE reset.
 292 # Deprecated, use get_volume_attribute instead.
 293 sub get_volume_notes {
 294     my $class = shift;
 295     PVE::Storage::DirPlugin::get_volume_notes($class, @_);
 296 }
 297
 298 # FIXME remove on the next APIAGE reset.
 299 # Deprecated, use update_volume_attribute instead.
 300 sub update_volume_notes {
 301     my $class = shift;
 302     PVE::Storage::DirPlugin::update_volume_notes($class, @_);
 303 }
 304
 305 sub get_volume_attribute {
 306     return PVE::Storage::DirPlugin::get_volume_attribute(@_);
 307 }
 308
 309 sub update_volume_attribute {
 310     return PVE::Storage::DirPlugin::update_volume_attribute(@_);
 311 }
 312
 313 1;