Use WMI to create SMB Global Mapping

laozc · laozc · commit 79fb1d3a0c48 · 2025-05-13T01:16:45.000+08:00
diff --git a/pkg/os/smb/api.go b/pkg/os/smb/api.go
@@ -3,9 +3,15 @@ package smb
 import (
 	"fmt"
 	"strings"
+	"syscall"
 
 	"github.com/kubernetes-csi/csi-proxy/pkg/cim"
-	"github.com/kubernetes-csi/csi-proxy/pkg/utils"
+	"golang.org/x/sys/windows"
+)
+
+const (
+	credentialDelimiter = ":"
+	longPathPrefix      = `\\?\`
 )
 
 type API interface {
@@ -31,6 +37,30 @@ func remotePathForQuery(remotePath string) string {
 	return strings.ReplaceAll(remotePath, "\\", "\\\\")
 }
 
+func escapeUserName(userName string) string {
+	// refer to https://github.com/PowerShell/PowerShell/blob/9303de597da55963a6e26a8fe164d0b256ca3d4d/src/Microsoft.PowerShell.Commands.Management/cimSupport/cmdletization/cim/cimConverter.cs#L169-L170
+	escaped := strings.ReplaceAll(userName, "\\", "\\\\")
+	escaped = strings.ReplaceAll(escaped, credentialDelimiter, "\\"+credentialDelimiter)
+	return escaped
+}
+
+func createSymlink(link, target string, isDir bool) error {
+	linkPtr, _ := syscall.UTF16PtrFromString(link)
+	targetPtr, _ := syscall.UTF16PtrFromString(target)
+
+	var flags uint32
+	if isDir {
+		flags = windows.SYMBOLIC_LINK_FLAG_DIRECTORY
+	}
+
+	err := windows.CreateSymbolicLink(
+		linkPtr,
+		targetPtr,
+		flags,
+	)
+	return err
+}
+
 func (*SmbAPI) IsSmbMapped(remotePath string) (bool, error) {
 	inst, err := cim.QuerySmbGlobalMappingByRemotePath(remotePathForQuery(remotePath))
 	if err != nil {
@@ -58,43 +88,40 @@ func (*SmbAPI) NewSmbLink(remotePath, localPath string) error {
 		// so add one if needed.
 		remotePath = remotePath + "\\"
 	}
+	longRemotePath := remotePath
+	if !strings.HasPrefix(longRemotePath, longPathPrefix) {
+		longRemotePath = longPathPrefix + longRemotePath
+	}
+	longLocalPath := localPath
+	if !strings.HasPrefix(longLocalPath, longPathPrefix) {
+		longLocalPath = longPathPrefix + longLocalPath
+	}
 
-	cmdLine := `New-Item -ItemType SymbolicLink $Env:smblocalPath -Target $Env:smbremotepath`
-	output, err := utils.RunPowershellCmd(cmdLine, fmt.Sprintf("smbremotepath=%s", remotePath), fmt.Sprintf("smblocalpath=%s", localPath))
+	err := createSymlink(longLocalPath, longRemotePath, true)
 	if err != nil {
-		return fmt.Errorf("error linking %s to %s. output: %s, err: %v", remotePath, localPath, string(output), err)
+		return fmt.Errorf("error linking %s to %s. err: %v", remotePath, localPath, err)
 	}
 
 	return nil
 }
 
 func (api *SmbAPI) NewSmbGlobalMapping(remotePath, username, password string) error {
-	// use PowerShell Environment Variables to store user input string to prevent command line injection
-	// https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_environment_variables?view=powershell-5.1
-	cmdLine := fmt.Sprintf(`$PWord = ConvertTo-SecureString -String $Env:smbpassword -AsPlainText -Force`+
-		`;$Credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $Env:smbuser, $PWord`+
-		`;New-SmbGlobalMapping -RemotePath $Env:smbremotepath -Credential $Credential -RequirePrivacy $%t`, api.RequirePrivacy)
-
-	if output, err := utils.RunPowershellCmd(cmdLine,
-		fmt.Sprintf("smbuser=%s", username),
-		fmt.Sprintf("smbpassword=%s", password),
-		fmt.Sprintf("smbremotepath=%s", remotePath)); err != nil {
-		return fmt.Errorf("NewSmbGlobalMapping failed. output: %q, err: %v", string(output), err)
+	params := map[string]interface{}{
+		"RemotePath":     remotePath,
+		"RequirePrivacy": api.RequirePrivacy,
+	}
+	if username != "" {
+		// refer to https://github.com/PowerShell/PowerShell/blob/9303de597da55963a6e26a8fe164d0b256ca3d4d/src/Microsoft.PowerShell.Commands.Management/cimSupport/cmdletization/cim/cimConverter.cs#L166-L178
+		// on how SMB credential is handled in PowerShell
+		params["Credential"] = escapeUserName(username) + credentialDelimiter + password
 	}
+
+	result, _, err := cim.InvokeCimMethod(cim.WMINamespaceSmb, "MSFT_SmbGlobalMapping", "Create", params)
+	if err != nil {
+		return fmt.Errorf("NewSmbGlobalMapping failed. result: %d, err: %v", result, err)
+	}
+
 	return nil
-	//TODO: move to use WMI when the credentials could be correctly handled
-	//params := map[string]interface{}{
-	//	"RemotePath":     remotePath,
-	//	"RequirePrivacy": api.RequirePrivacy,
-	//}
-	//if username != "" {
-	//	params["Credential"] = fmt.Sprintf("%s:%s", username, password)
-	//}
-	//result, _, err := cim.InvokeCimMethod(cim.WMINamespaceSmb, "MSFT_SmbGlobalMapping", "Create", params)
-	//if err != nil {
-	//	return fmt.Errorf("NewSmbGlobalMapping failed. result: %d, err: %v", result, err)
-	//}
-	//return nil
 }
 
 func (*SmbAPI) RemoveSmbGlobalMapping(remotePath string) error {
