Use WMI to create SMB Global Mapping

Author: laozc

pkg/os/smb/api.go

@@ -8,6 +8,10 @@ import (
 	"github.com/kubernetes-csi/csi-proxy/pkg/utils"
 )
 
+const (
+	credentialDelimiter = ":"
+)
+
 type API interface {
 	IsSmbMapped(remotePath string) (bool, error)
 	NewSmbLink(remotePath, localPath string) error
@@ -31,6 +35,13 @@ func remotePathForQuery(remotePath string) string {
 	return strings.ReplaceAll(remotePath, "\\", "\\\\")
 }
 
+func escapeUserName(userName string) string {
+	// refer to https://github.com/PowerShell/PowerShell/blob/9303de597da55963a6e26a8fe164d0b256ca3d4d/src/Microsoft.PowerShell.Commands.Management/cimSupport/cmdletization/cim/cimConverter.cs#L169-L170
+	escaped := strings.ReplaceAll(userName, "\\", "\\\\")
+	escaped = strings.ReplaceAll(escaped, credentialDelimiter, "\\"+credentialDelimiter)
+	return escaped
+}
+
 func (*SmbAPI) IsSmbMapped(remotePath string) (bool, error) {
 	inst, err := cim.QuerySmbGlobalMappingByRemotePath(remotePathForQuery(remotePath))
 	if err != nil {
@@ -69,32 +80,22 @@ func (*SmbAPI) NewSmbLink(remotePath, localPath string) error {
 }
 
 func (api *SmbAPI) NewSmbGlobalMapping(remotePath, username, password string) error {
-	// use PowerShell Environment Variables to store user input string to prevent command line injection
-	// https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_environment_variables?view=powershell-5.1
-	cmdLine := fmt.Sprintf(`$PWord = ConvertTo-SecureString -String $Env:smbpassword -AsPlainText -Force`+
-		`;$Credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $Env:smbuser, $PWord`+
-		`;New-SmbGlobalMapping -RemotePath $Env:smbremotepath -Credential $Credential -RequirePrivacy $%t`, api.RequirePrivacy)
-
-	if output, err := utils.RunPowershellCmd(cmdLine,
-		fmt.Sprintf("smbuser=%s", username),
-		fmt.Sprintf("smbpassword=%s", password),
-		fmt.Sprintf("smbremotepath=%s", remotePath)); err != nil {
-		return fmt.Errorf("NewSmbGlobalMapping failed. output: %q, err: %v", string(output), err)
+	params := map[string]interface{}{
+		"RemotePath":     remotePath,
+		"RequirePrivacy": api.RequirePrivacy,
+	}
+	if username != "" {
+		// refer to https://github.com/PowerShell/PowerShell/blob/9303de597da55963a6e26a8fe164d0b256ca3d4d/src/Microsoft.PowerShell.Commands.Management/cimSupport/cmdletization/cim/cimConverter.cs#L166-L178
+		// on how SMB credential is handled in PowerShell
+		params["Credential"] = escapeUserName(username) + credentialDelimiter + password
 	}
+
+	result, _, err := cim.InvokeCimMethod(cim.WMINamespaceSmb, "MSFT_SmbGlobalMapping", "Create", params)
+	if err != nil {
+		return fmt.Errorf("NewSmbGlobalMapping failed. result: %d, err: %v", result, err)
+	}
+
 	return nil
-	//TODO: move to use WMI when the credentials could be correctly handled
-	//params := map[string]interface{}{
-	//	"RemotePath":     remotePath,
-	//	"RequirePrivacy": api.RequirePrivacy,
-	//}
-	//if username != "" {
-	//	params["Credential"] = fmt.Sprintf("%s:%s", username, password)
-	//}
-	//result, _, err := cim.InvokeCimMethod(cim.WMINamespaceSmb, "MSFT_SmbGlobalMapping", "Create", params)
-	//if err != nil {
-	//	return fmt.Errorf("NewSmbGlobalMapping failed. result: %d, err: %v", result, err)
-	//}
-	//return nil
 }
 
 func (*SmbAPI) RemoveSmbGlobalMapping(remotePath string) error {