PVE/Storage/CIFSPlugin.pm

   1 package PVE::Storage::CIFSPlugin;
   2
   3 use strict;
   4 use warnings;
   5 use Net::IP;
   6 use PVE::Tools qw(run_command);
   7 use PVE::ProcFSTools;
   8 use File::Path;
   9 use PVE::Storage::Plugin;
  10 use PVE::JSONSchema qw(get_standard_option);
  11
  12 use base qw(PVE::Storage::Plugin);
  13
  14 # CIFS helper functions
  15
  16 sub cifs_is_mounted : prototype($$) {
  17     my ($scfg, $mountdata) = @_;
  18
  19     my $mountpoint = $scfg->{path};
  20     my $server = $scfg->{server};
  21     my $share = $scfg->{share};
  22     my $subdir = $scfg->{subdir} // "/";
  23
  24     $server = "[$server]" if Net::IP::ip_is_ipv6($server);
  25     my $source = "//${server}/$share$subdir";
  26     $mountdata = PVE::ProcFSTools::parse_proc_mounts() if !$mountdata;
  27
  28     return $mountpoint if grep {
  29         $_->[2] =~ /^cifs/ &&
  30         $_->[0] =~ m|^\Q$source\E/?$| &&
  31         $_->[1] eq $mountpoint
  32     } @$mountdata;
  33     return undef;
  34 }
  35
  36 sub cifs_cred_file_name {
  37     my ($storeid) = @_;
  38     return "/etc/pve/priv/storage/${storeid}.pw";
  39 }
  40
  41 sub cifs_delete_credentials {
  42     my ($storeid) = @_;
  43
  44     if (my $cred_file = get_cred_file($storeid)) {
  45         unlink($cred_file) or warn "removing cifs credientials '$cred_file' failed: $!\n";
  46     }
  47 }
  48
  49 sub cifs_set_credentials {
  50     my ($password, $storeid) = @_;
  51
  52     my $cred_file = cifs_cred_file_name($storeid);
  53     mkdir "/etc/pve/priv/storage";
  54
  55     PVE::Tools::file_set_contents($cred_file, "password=$password\n");
  56
  57     return $cred_file;
  58 }
  59
  60 sub get_cred_file {
  61     my ($storeid) = @_;
  62
  63     my $cred_file = cifs_cred_file_name($storeid);
  64
  65     if (-e $cred_file) {
  66         return $cred_file;
  67     }
  68     return undef;
  69 }
  70
  71 sub cifs_mount : prototype($$$$$) {
  72     my ($scfg, $storeid, $smbver, $user, $domain) = @_;
  73
  74     my $mountpoint = $scfg->{path};
  75     my $server = $scfg->{server};
  76     my $share = $scfg->{share};
  77     my $subdir = $scfg->{subdir} // "/";
  78
  79     $server = "[$server]" if Net::IP::ip_is_ipv6($server);
  80     my $source = "//${server}/$share$subdir";
  81
  82     my $cmd = ['/bin/mount', '-t', 'cifs', $source, $mountpoint, '-o', 'soft', '-o'];
  83
  84     if (my $cred_file = get_cred_file($storeid)) {
  85         push @$cmd, "username=$user", '-o', "credentials=$cred_file";
  86         push @$cmd, '-o', "domain=$domain" if defined($domain);
  87     } else {
  88         push @$cmd, 'guest,username=guest';
  89     }
  90
  91     push @$cmd, '-o', defined($smbver) ? "vers=$smbver" : "vers=default";
  92
  93     run_command($cmd, errmsg => "mount error");
  94 }
  95
  96 # Configuration
  97
  98 sub type {
  99     return 'cifs';
 100 }
 101
 102 sub plugindata {
 103     return {
 104         content => [ { images => 1, rootdir => 1, vztmpl => 1, iso => 1,
 105                    backup => 1, snippets => 1}, { images => 1 }],
 106         format => [ { raw => 1, qcow2 => 1, vmdk => 1 } , 'raw' ],
 107     };
 108 }
 109
 110 sub properties {
 111     return {
 112         share => {
 113             description => "CIFS share.",
 114             type => 'string',
 115         },
 116         password => {
 117             description => "Password for accessing the share/datastore.",
 118             type => 'string',
 119             maxLength => 256,
 120         },
 121         domain => {
 122             description => "CIFS domain.",
 123             type => 'string',
 124             optional => 1,
 125             maxLength => 256,
 126         },
 127         smbversion => {
 128             description => "SMB protocol version. 'default' if not set, negotiates the highest SMB2+"
 129                 ." version supported by both the client and server.",
 130             type => 'string',
 131             default => 'default',
 132             enum => ['default', '2.0', '2.1', '3', '3.0', '3.11'],
 133             optional => 1,
 134         },
 135     };
 136 }
 137
 138 sub options {
 139     return {
 140         path => { fixed => 1 },
 141         'content-dirs' => { optional => 1 },
 142         server => { fixed => 1 },
 143         share => { fixed => 1 },
 144         subdir => { optional => 1 },
 145         nodes => { optional => 1 },
 146         disable => { optional => 1 },
 147         maxfiles => { optional => 1 },
 148         'prune-backups' => { optional => 1 },
 149         'max-protected-backups' => { optional => 1 },
 150         content => { optional => 1 },
 151         format => { optional => 1 },
 152         username => { optional => 1 },
 153         password => { optional => 1},
 154         domain => { optional => 1},
 155         smbversion => { optional => 1},
 156         mkdir => { optional => 1 },
 157         bwlimit => { optional => 1 },
 158         preallocation => { optional => 1 },
 159     };
 160 }
 161
 162
 163 sub check_config {
 164     my ($class, $sectionId, $config, $create, $skipSchemaCheck) = @_;
 165
 166     $config->{path} = "/mnt/pve/$sectionId" if $create && !$config->{path};
 167
 168     return $class->SUPER::check_config($sectionId, $config, $create, $skipSchemaCheck);
 169 }
 170
 171 # Storage implementation
 172
 173 sub on_add_hook {
 174     my ($class, $storeid, $scfg, %sensitive) = @_;
 175
 176     if (defined($sensitive{password})) {
 177         cifs_set_credentials($sensitive{password}, $storeid);
 178         if (!exists($scfg->{username})) {
 179             warn "storage $storeid: ignoring password parameter, no user set\n";
 180         }
 181     } else {
 182         cifs_delete_credentials($storeid);
 183     }
 184
 185     return;
 186 }
 187
 188 sub on_update_hook {
 189     my ($class, $storeid, $scfg, %sensitive) = @_;
 190
 191     return if !exists($sensitive{password});
 192
 193     if (defined($sensitive{password})) {
 194         cifs_set_credentials($sensitive{password}, $storeid);
 195         if (!exists($scfg->{username})) {
 196             warn "storage $storeid: ignoring password parameter, no user set\n";
 197         }
 198     } else {
 199         cifs_delete_credentials($storeid);
 200     }
 201
 202     return;
 203 }
 204
 205 sub on_delete_hook {
 206     my ($class, $storeid, $scfg) = @_;
 207
 208     cifs_delete_credentials($storeid);
 209
 210     return;
 211 }
 212
 213 sub status {
 214     my ($class, $storeid, $scfg, $cache) = @_;
 215
 216     $cache->{mountdata} = PVE::ProcFSTools::parse_proc_mounts()
 217         if !$cache->{mountdata};
 218
 219     return undef
 220         if !cifs_is_mounted($scfg, $cache->{mountdata});
 221
 222     return $class->SUPER::status($storeid, $scfg, $cache);
 223 }
 224
 225 sub activate_storage {
 226     my ($class, $storeid, $scfg, $cache) = @_;
 227
 228     $cache->{mountdata} = PVE::ProcFSTools::parse_proc_mounts()
 229         if !$cache->{mountdata};
 230
 231     my $path = $scfg->{path};
 232
 233     if (!cifs_is_mounted($scfg, $cache->{mountdata})) {
 234
 235         mkpath $path if !(defined($scfg->{mkdir}) && !$scfg->{mkdir});
 236
 237         die "unable to activate storage '$storeid' - " .
 238             "directory '$path' does not exist\n" if ! -d $path;
 239
 240         cifs_mount($scfg, $storeid, $scfg->{smbversion},
 241             $scfg->{username}, $scfg->{domain});
 242     }
 243
 244     $class->SUPER::activate_storage($storeid, $scfg, $cache);
 245 }
 246
 247 sub deactivate_storage {
 248     my ($class, $storeid, $scfg, $cache) = @_;
 249
 250     $cache->{mountdata} = PVE::ProcFSTools::parse_proc_mounts()
 251         if !$cache->{mountdata};
 252
 253     my $path = $scfg->{path};
 254
 255     if (cifs_is_mounted($scfg, $cache->{mountdata})) {
 256         my $cmd = ['/bin/umount', $path];
 257         run_command($cmd, errmsg => 'umount error');
 258     }
 259 }
 260
 261 sub check_connection {
 262     my ($class, $storeid, $scfg) = @_;
 263
 264     my $servicename = '//'.$scfg->{server}.'/'.$scfg->{share};
 265
 266     my $cmd = ['/usr/bin/smbclient', $servicename, '-d', '0'];
 267
 268     if (defined($scfg->{smbversion}) && $scfg->{smbversion} ne 'default') {
 269         # max-protocol version, so basically only relevant for smb2 vs smb3
 270         push @$cmd, '-m', "smb" . int($scfg->{smbversion});
 271     }
 272
 273     if (my $cred_file = get_cred_file($storeid)) {
 274         push @$cmd, '-U', $scfg->{username}, '-A', $cred_file;
 275         push @$cmd, '-W', $scfg->{domain} if defined($scfg->{domain});
 276     } else {
 277         push @$cmd, '-U', 'Guest','-N';
 278     }
 279     push @$cmd, '-c', 'echo 1 0';
 280
 281     my $out_str;
 282     my $out = sub { $out_str .= shift };
 283
 284     eval { run_command($cmd, timeout => 10, outfunc => $out, errfunc => sub {}) };
 285
 286     if (my $err = $@) {
 287         die "$out_str\n" if defined($out_str) &&
 288             ($out_str =~ m/NT_STATUS_(ACCESS_DENIED|LOGON_FAILURE)/);
 289         return 0;
 290     }
 291
 292     return 1;
 293 }
 294
 295 # FIXME remove on the next APIAGE reset.
 296 # Deprecated, use get_volume_attribute instead.
 297 sub get_volume_notes {
 298     my $class = shift;
 299     PVE::Storage::DirPlugin::get_volume_notes($class, @_);
 300 }
 301
 302 # FIXME remove on the next APIAGE reset.
 303 # Deprecated, use update_volume_attribute instead.
 304 sub update_volume_notes {
 305     my $class = shift;
 306     PVE::Storage::DirPlugin::update_volume_notes($class, @_);
 307 }
 308
 309 sub get_volume_attribute {
 310     return PVE::Storage::DirPlugin::get_volume_attribute(@_);
 311 }
 312
 313 sub update_volume_attribute {
 314     return PVE::Storage::DirPlugin::update_volume_attribute(@_);
 315 }
 316
 317 1;