PVE/Storage/CIFSPlugin.pm

   1 package PVE::Storage::CIFSPlugin;
   2
   3 use strict;
   4 use warnings;
   5 use Net::IP;
   6 use PVE::Tools qw(run_command);
   7 use PVE::ProcFSTools;
   8 use File::Path;
   9 use PVE::Storage::Plugin;
  10 use PVE::JSONSchema qw(get_standard_option);
  11
  12 use base qw(PVE::Storage::Plugin);
  13
  14 # CIFS helper functions
  15
  16 sub cifs_is_mounted {
  17     my ($server, $share, $mountpoint, $mountdata) = @_;
  18
  19     $server = "[$server]" if Net::IP::ip_is_ipv6($server);
  20     my $source = "//${server}/$share";
  21     $mountdata = PVE::ProcFSTools::parse_proc_mounts() if !$mountdata;
  22
  23     return $mountpoint if grep {
  24         $_->[2] =~ /^cifs/ &&
  25         $_->[0] =~ m|^\Q$source\E/?$| &&
  26         $_->[1] eq $mountpoint
  27     } @$mountdata;
  28     return undef;
  29 }
  30
  31 sub cifs_cred_file_name {
  32     my ($storeid) = @_;
  33
  34     return "/etc/pve/priv/${storeid}.cred";
  35 }
  36
  37 sub cifs_set_credentials {
  38     my ($password, $storeid) = @_;
  39
  40     my $cred_file = cifs_cred_file_name($storeid);
  41
  42     PVE::Tools::file_set_contents($cred_file, "password=$password\n");
  43
  44     return $cred_file;
  45 }
  46
  47 sub get_cred_file {
  48     my ($storeid) = @_;
  49
  50     my $cred_file = cifs_cred_file_name($storeid);
  51
  52     return -e $cred_file ? $cred_file : undef;
  53 }
  54
  55 sub cifs_mount {
  56     my ($server, $share, $mountpoint, $storeid, $smbver, $user, $domain) = @_;
  57
  58     $server = "[$server]" if Net::IP::ip_is_ipv6($server);
  59     my $source = "//${server}/$share";
  60
  61     my $cmd = ['/bin/mount', '-t', 'cifs', $source, $mountpoint, '-o', 'soft', '-o'];
  62
  63     if (my $cred_file = get_cred_file($storeid)) {
  64         push @$cmd, "username=$user", '-o', "credentials=$cred_file";
  65         push @$cmd, '-o', "domain=$domain" if defined($domain);
  66     } else {
  67         push @$cmd, 'guest,username=guest';
  68     }
  69
  70     push @$cmd, '-o', defined($smbver) ? "vers=$smbver" : "vers=3.0";
  71
  72     run_command($cmd, errmsg => "mount error");
  73 }
  74
  75 # Configuration
  76
  77 sub type {
  78     return 'cifs';
  79 }
  80
  81 sub plugindata {
  82     return {
  83         content => [ { images => 1, rootdir => 1, vztmpl => 1, iso => 1,
  84                    backup => 1, snippets => 1}, { images => 1 }],
  85         format => [ { raw => 1, qcow2 => 1, vmdk => 1 } , 'raw' ],
  86     };
  87 }
  88
  89 sub properties {
  90     return {
  91         share => {
  92             description => "CIFS share.",
  93             type => 'string',
  94         },
  95         password => {
  96             description => "Password for CIFS share.",
  97             type => 'string',
  98             maxLength => 256,
  99         },
 100         domain => {
 101             description => "CIFS domain.",
 102             type => 'string',
 103             optional => 1,
 104             maxLength => 256,
 105         },
 106         smbversion => {
 107             description => "SMB protocol version",
 108             type => 'string',
 109             enum => ['2.0', '2.1', '3.0'],
 110             optional => 1,
 111         },
 112     };
 113 }
 114
 115 sub options {
 116     return {
 117         path => { fixed => 1 },
 118         server => { fixed => 1 },
 119         share => { fixed => 1 },
 120         nodes => { optional => 1 },
 121         disable => { optional => 1 },
 122         maxfiles => { optional => 1 },
 123         content => { optional => 1 },
 124         format => { optional => 1 },
 125         username => { optional => 1 },
 126         password => { optional => 1},
 127         domain => { optional => 1},
 128         smbversion => { optional => 1},
 129         mkdir => { optional => 1 },
 130         bwlimit => { optional => 1 },
 131     };
 132 }
 133
 134
 135 sub check_config {
 136     my ($class, $sectionId, $config, $create, $skipSchemaCheck) = @_;
 137
 138     $config->{path} = "/mnt/pve/$sectionId" if $create && !$config->{path};
 139
 140     return $class->SUPER::check_config($sectionId, $config, $create, $skipSchemaCheck);
 141 }
 142
 143 # Storage implementation
 144
 145 sub on_add_hook {
 146     my ($class, $storeid, $scfg, %param) = @_;
 147
 148     if (my $password = $param{password}) {
 149         cifs_set_credentials($password, $storeid);
 150     }
 151 }
 152
 153 sub on_delete_hook {
 154     my ($class, $storeid, $scfg) = @_;
 155
 156     my $cred_file = cifs_cred_file_name($storeid);
 157     if (-f $cred_file) {
 158         unlink($cred_file) or warn "removing cifs credientials '$cred_file' failed: $!\n";
 159     }
 160 }
 161
 162 sub status {
 163     my ($class, $storeid, $scfg, $cache) = @_;
 164
 165     $cache->{mountdata} = PVE::ProcFSTools::parse_proc_mounts()
 166         if !$cache->{mountdata};
 167
 168     my $path = $scfg->{path};
 169     my $server = $scfg->{server};
 170     my $share = $scfg->{share};
 171
 172     return undef
 173         if !cifs_is_mounted($server, $share, $path, $cache->{mountdata});
 174
 175     return $class->SUPER::status($storeid, $scfg, $cache);
 176 }
 177
 178 sub activate_storage {
 179     my ($class, $storeid, $scfg, $cache) = @_;
 180
 181     $cache->{mountdata} = PVE::ProcFSTools::parse_proc_mounts()
 182         if !$cache->{mountdata};
 183
 184     my $path = $scfg->{path};
 185     my $server = $scfg->{server};
 186     my $share = $scfg->{share};
 187
 188     if (!cifs_is_mounted($server, $share, $path, $cache->{mountdata})) {
 189
 190         mkpath $path if !(defined($scfg->{mkdir}) && !$scfg->{mkdir});
 191
 192         die "unable to activate storage '$storeid' - " .
 193             "directory '$path' does not exist\n" if ! -d $path;
 194
 195         cifs_mount($server, $share, $path, $storeid, $scfg->{smbversion},
 196             $scfg->{username}, $scfg->{domain});
 197     }
 198
 199     $class->SUPER::activate_storage($storeid, $scfg, $cache);
 200 }
 201
 202 sub deactivate_storage {
 203     my ($class, $storeid, $scfg, $cache) = @_;
 204
 205     $cache->{mountdata} = PVE::ProcFSTools::parse_proc_mounts()
 206         if !$cache->{mountdata};
 207
 208     my $path = $scfg->{path};
 209     my $server = $scfg->{server};
 210     my $share = $scfg->{share};
 211
 212     if (cifs_is_mounted($server, $share, $path, $cache->{mountdata})) {
 213         my $cmd = ['/bin/umount', $path];
 214         run_command($cmd, errmsg => 'umount error');
 215     }
 216 }
 217
 218 sub check_connection {
 219     my ($class, $storeid, $scfg) = @_;
 220
 221     my $servicename = '//'.$scfg->{server}.'/'.$scfg->{share};
 222
 223     my $cmd = ['/usr/bin/smbclient', $servicename, '-d', '0', '-m'];
 224
 225     push @$cmd, $scfg->{smbversion} ? "smb".int($scfg->{smbversion}) : 'smb3';
 226
 227     if (my $cred_file = get_cred_file($storeid)) {
 228         push @$cmd, '-U', $scfg->{username}, '-A', $cred_file;
 229         push @$cmd, '-W', $scfg->{domain} if defined($scfg->{domain});
 230     } else {
 231         push @$cmd, '-U', 'Guest','-N';
 232     }
 233
 234     push @$cmd, '-c', 'echo 1 0';
 235
 236     my $out_str;
 237     eval {
 238         run_command($cmd, timeout => 2, outfunc => sub {$out_str .= shift;},
 239                     errfunc => sub {});
 240     };
 241
 242     if (my $err = $@) {
 243         die "$out_str\n" if defined($out_str) &&
 244             ($out_str =~ m/NT_STATUS_ACCESS_DENIED/);
 245         return 0;
 246     }
 247
 248     return 1;
 249 }
 250
 251 1;