1 /***************************************************************************
2 * _ _ ____ _
3 * Project ___| | | | _ \| |
4 * / __| | | | |_) | |
5 * | (__| |_| | _ <| |___
6 * \___|\___/|_| \_\_____|
7 *
8 * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
9 * Copyright (C) Bill Nagel <wnagel@tycoint.com>, Exacq Technologies
10 *
11 * This software is licensed as described in the file COPYING, which
12 * you should have received as part of this distribution. The terms
13 * are also available at https://curl.se/docs/copyright.html.
14 *
15 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
16 * copies of the Software, and permit persons to whom the Software is
17 * furnished to do so, under the terms of the COPYING file.
18 *
19 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
20 * KIND, either express or implied.
21 *
22 * SPDX-License-Identifier: curl
23 *
24 ***************************************************************************/
25
26 #include "curl_setup.h"
27
28 #if !defined(CURL_DISABLE_SMB) && defined(USE_CURL_NTLM_CORE)
29
30 #ifdef _WIN32
31 #define getpid GetCurrentProcessId
32 #endif
33
34 #include "smb.h"
35 #include "urldata.h"
36 #include "sendf.h"
37 #include "multiif.h"
38 #include "cfilters.h"
39 #include "connect.h"
40 #include "progress.h"
41 #include "transfer.h"
42 #include "vtls/vtls.h"
43 #include "curl_ntlm_core.h"
44 #include "escape.h"
45 #include "curl_endian.h"
46
47 /* The last #include files should be: */
48 #include "curl_memory.h"
49 #include "memdebug.h"
50
51 /*
52 * Definitions for SMB protocol data structures
53 */
54 #if defined(_MSC_VER) || defined(__ILEC400__)
55 # define PACK
56 # pragma pack(push)
57 # pragma pack(1)
58 #elif defined(__GNUC__)
59 # define PACK __attribute__((packed))
60 #else
61 # define PACK
62 #endif
63
64 #define SMB_COM_CLOSE 0x04
65 #define SMB_COM_READ_ANDX 0x2e
66 #define SMB_COM_WRITE_ANDX 0x2f
67 #define SMB_COM_TREE_DISCONNECT 0x71
68 #define SMB_COM_NEGOTIATE 0x72
69 #define SMB_COM_SETUP_ANDX 0x73
70 #define SMB_COM_TREE_CONNECT_ANDX 0x75
71 #define SMB_COM_NT_CREATE_ANDX 0xa2
72 #define SMB_COM_NO_ANDX_COMMAND 0xff
73
74 #define SMB_WC_CLOSE 0x03
75 #define SMB_WC_READ_ANDX 0x0c
76 #define SMB_WC_WRITE_ANDX 0x0e
77 #define SMB_WC_SETUP_ANDX 0x0d
78 #define SMB_WC_TREE_CONNECT_ANDX 0x04
79 #define SMB_WC_NT_CREATE_ANDX 0x18
80
81 #define SMB_FLAGS_CANONICAL_PATHNAMES 0x10
82 #define SMB_FLAGS_CASELESS_PATHNAMES 0x08
83 #define SMB_FLAGS2_UNICODE_STRINGS 0x8000
84 #define SMB_FLAGS2_IS_LONG_NAME 0x0040
85 #define SMB_FLAGS2_KNOWS_LONG_NAME 0x0001
86
87 #define SMB_CAP_LARGE_FILES 0x08
88 #define SMB_GENERIC_WRITE 0x40000000
89 #define SMB_GENERIC_READ 0x80000000
90 #define SMB_FILE_SHARE_ALL 0x07
91 #define SMB_FILE_OPEN 0x01
92 #define SMB_FILE_OVERWRITE_IF 0x05
93
94 #define SMB_ERR_NOACCESS 0x00050001
95
96 struct smb_header {
97 unsigned char nbt_type;
98 unsigned char nbt_flags;
99 unsigned short nbt_length;
100 unsigned char magic[4];
101 unsigned char command;
102 unsigned int status;
103 unsigned char flags;
104 unsigned short flags2;
105 unsigned short pid_high;
106 unsigned char signature[8];
107 unsigned short pad;
108 unsigned short tid;
109 unsigned short pid;
110 unsigned short uid;
111 unsigned short mid;
112 } PACK;
113
114 struct smb_negotiate_response {
115 struct smb_header h;
116 unsigned char word_count;
117 unsigned short dialect_index;
118 unsigned char security_mode;
119 unsigned short max_mpx_count;
120 unsigned short max_number_vcs;
121 unsigned int max_buffer_size;
122 unsigned int max_raw_size;
123 unsigned int session_key;
124 unsigned int capabilities;
125 unsigned int system_time_low;
126 unsigned int system_time_high;
127 unsigned short server_time_zone;
128 unsigned char encryption_key_length;
129 unsigned short byte_count;
130 char bytes[1];
131 } PACK;
132
133 struct andx {
134 unsigned char command;
135 unsigned char pad;
136 unsigned short offset;
137 } PACK;
138
139 struct smb_setup {
140 unsigned char word_count;
141 struct andx andx;
142 unsigned short max_buffer_size;
143 unsigned short max_mpx_count;
144 unsigned short vc_number;
145 unsigned int session_key;
146 unsigned short lengths[2];
147 unsigned int pad;
148 unsigned int capabilities;
149 unsigned short byte_count;
150 char bytes[1024];
151 } PACK;
152
153 struct smb_tree_connect {
154 unsigned char word_count;
155 struct andx andx;
156 unsigned short flags;
157 unsigned short pw_len;
158 unsigned short byte_count;
159 char bytes[1024];
160 } PACK;
161
162 struct smb_nt_create {
163 unsigned char word_count;
164 struct andx andx;
165 unsigned char pad;
166 unsigned short name_length;
167 unsigned int flags;
168 unsigned int root_fid;
169 unsigned int access;
170 curl_off_t allocation_size;
171 unsigned int ext_file_attributes;
172 unsigned int share_access;
173 unsigned int create_disposition;
174 unsigned int create_options;
175 unsigned int impersonation_level;
176 unsigned char security_flags;
177 unsigned short byte_count;
178 char bytes[1024];
179 } PACK;
180
181 struct smb_nt_create_response {
182 struct smb_header h;
183 unsigned char word_count;
184 struct andx andx;
185 unsigned char op_lock_level;
186 unsigned short fid;
187 unsigned int create_disposition;
188
189 curl_off_t create_time;
190 curl_off_t last_access_time;
191 curl_off_t last_write_time;
192 curl_off_t last_change_time;
193 unsigned int ext_file_attributes;
194 curl_off_t allocation_size;
195 curl_off_t end_of_file;
196 } PACK;
197
198 struct smb_read {
199 unsigned char word_count;
200 struct andx andx;
201 unsigned short fid;
202 unsigned int offset;
203 unsigned short max_bytes;
204 unsigned short min_bytes;
205 unsigned int timeout;
206 unsigned short remaining;
207 unsigned int offset_high;
208 unsigned short byte_count;
209 } PACK;
210
211 struct smb_write {
212 struct smb_header h;
213 unsigned char word_count;
214 struct andx andx;
215 unsigned short fid;
216 unsigned int offset;
217 unsigned int timeout;
218 unsigned short write_mode;
219 unsigned short remaining;
220 unsigned short pad;
221 unsigned short data_length;
222 unsigned short data_offset;
223 unsigned int offset_high;
224 unsigned short byte_count;
225 unsigned char pad2;
226 } PACK;
227
228 struct smb_close {
229 unsigned char word_count;
230 unsigned short fid;
231 unsigned int last_mtime;
232 unsigned short byte_count;
233 } PACK;
234
235 struct smb_tree_disconnect {
236 unsigned char word_count;
237 unsigned short byte_count;
238 } PACK;
239
240 #if defined(_MSC_VER) || defined(__ILEC400__)
241 # pragma pack(pop)
242 #endif
243
244 /* Local API functions */
245 static CURLcode smb_setup_connection(struct Curl_easy *data,
246 struct connectdata *conn);
247 static CURLcode smb_connect(struct Curl_easy *data, bool *done);
248 static CURLcode smb_connection_state(struct Curl_easy *data, bool *done);
249 static CURLcode smb_do(struct Curl_easy *data, bool *done);
250 static CURLcode smb_request_state(struct Curl_easy *data, bool *done);
251 static CURLcode smb_disconnect(struct Curl_easy *data,
252 struct connectdata *conn, bool dead);
253 static int smb_getsock(struct Curl_easy *data, struct connectdata *conn,
254 curl_socket_t *socks);
255 static CURLcode smb_parse_url_path(struct Curl_easy *data,
256 struct connectdata *conn);
257
258 /*
259 * SMB handler interface
260 */
261 const struct Curl_handler Curl_handler_smb = {
262 "smb", /* scheme */
263 smb_setup_connection, /* setup_connection */
264 smb_do, /* do_it */
265 ZERO_NULL, /* done */
266 ZERO_NULL, /* do_more */
267 smb_connect, /* connect_it */
268 smb_connection_state, /* connecting */
269 smb_request_state, /* doing */
270 smb_getsock, /* proto_getsock */
271 smb_getsock, /* doing_getsock */
272 ZERO_NULL, /* domore_getsock */
273 ZERO_NULL, /* perform_getsock */
274 smb_disconnect, /* disconnect */
275 ZERO_NULL, /* write_resp */
276 ZERO_NULL, /* write_resp_hd */
277 ZERO_NULL, /* connection_check */
278 ZERO_NULL, /* attach connection */
279 PORT_SMB, /* defport */
280 CURLPROTO_SMB, /* protocol */
281 CURLPROTO_SMB, /* family */
282 PROTOPT_NONE /* flags */
283 };
284
285 #ifdef USE_SSL
286 /*
287 * SMBS handler interface
288 */
289 const struct Curl_handler Curl_handler_smbs = {
290 "smbs", /* scheme */
291 smb_setup_connection, /* setup_connection */
292 smb_do, /* do_it */
293 ZERO_NULL, /* done */
294 ZERO_NULL, /* do_more */
295 smb_connect, /* connect_it */
296 smb_connection_state, /* connecting */
297 smb_request_state, /* doing */
298 smb_getsock, /* proto_getsock */
299 smb_getsock, /* doing_getsock */
300 ZERO_NULL, /* domore_getsock */
301 ZERO_NULL, /* perform_getsock */
302 smb_disconnect, /* disconnect */
303 ZERO_NULL, /* write_resp */
304 ZERO_NULL, /* write_resp_hd */
305 ZERO_NULL, /* connection_check */
306 ZERO_NULL, /* attach connection */
307 PORT_SMBS, /* defport */
308 CURLPROTO_SMBS, /* protocol */
309 CURLPROTO_SMB, /* family */
310 PROTOPT_SSL /* flags */
311 };
312 #endif
313
314 #define MAX_PAYLOAD_SIZE 0x8000
315 #define MAX_MESSAGE_SIZE (MAX_PAYLOAD_SIZE + 0x1000)
316 #define CLIENTNAME "curl"
317 #define SERVICENAME "?????"
318
319 /* Append a string to an SMB message */
320 #define MSGCAT(str) \
321 do { \
322 strcpy(p, (str)); \
323 p += strlen(str); \
324 } while(0)
325
326 /* Append a null-terminated string to an SMB message */
327 #define MSGCATNULL(str) \
328 do { \
329 strcpy(p, (str)); \
330 p += strlen(str) + 1; \
331 } while(0)
332
333 /* SMB is mostly little endian */
334 #if (defined(__BYTE_ORDER__) && __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__) || \
335 defined(__OS400__)
smb_swap16(unsigned short x)336 static unsigned short smb_swap16(unsigned short x)
337 {
338 return (unsigned short) ((x << 8) | ((x >> 8) & 0xff));
339 }
340
smb_swap32(unsigned int x)341 static unsigned int smb_swap32(unsigned int x)
342 {
343 return (x << 24) | ((x << 8) & 0xff0000) | ((x >> 8) & 0xff00) |
344 ((x >> 24) & 0xff);
345 }
346
smb_swap64(curl_off_t x)347 static curl_off_t smb_swap64(curl_off_t x)
348 {
349 return ((curl_off_t) smb_swap32((unsigned int) x) << 32) |
350 smb_swap32((unsigned int) (x >> 32));
351 }
352
353 #else
354 # define smb_swap16(x) (x)
355 # define smb_swap32(x) (x)
356 # define smb_swap64(x) (x)
357 #endif
358
359 /* SMB request state */
360 enum smb_req_state {
361 SMB_REQUESTING,
362 SMB_TREE_CONNECT,
363 SMB_OPEN,
364 SMB_DOWNLOAD,
365 SMB_UPLOAD,
366 SMB_CLOSE,
367 SMB_TREE_DISCONNECT,
368 SMB_DONE
369 };
370
371 /* SMB request data */
372 struct smb_request {
373 enum smb_req_state state;
374 char *path;
375 unsigned short tid; /* Even if we connect to the same tree as another */
376 unsigned short fid; /* request, the tid will be different */
377 CURLcode result;
378 };
379
conn_state(struct Curl_easy * data,enum smb_conn_state newstate)380 static void conn_state(struct Curl_easy *data, enum smb_conn_state newstate)
381 {
382 struct smb_conn *smbc = &data->conn->proto.smbc;
383 #if defined(DEBUGBUILD) && !defined(CURL_DISABLE_VERBOSE_STRINGS)
384 /* For debug purposes */
385 static const char * const names[] = {
386 "SMB_NOT_CONNECTED",
387 "SMB_CONNECTING",
388 "SMB_NEGOTIATE",
389 "SMB_SETUP",
390 "SMB_CONNECTED",
391 /* LAST */
392 };
393
394 if(smbc->state != newstate)
395 infof(data, "SMB conn %p state change from %s to %s",
396 (void *)smbc, names[smbc->state], names[newstate]);
397 #endif
398
399 smbc->state = newstate;
400 }
401
request_state(struct Curl_easy * data,enum smb_req_state newstate)402 static void request_state(struct Curl_easy *data,
403 enum smb_req_state newstate)
404 {
405 struct smb_request *req = data->req.p.smb;
406 #if defined(DEBUGBUILD) && !defined(CURL_DISABLE_VERBOSE_STRINGS)
407 /* For debug purposes */
408 static const char * const names[] = {
409 "SMB_REQUESTING",
410 "SMB_TREE_CONNECT",
411 "SMB_OPEN",
412 "SMB_DOWNLOAD",
413 "SMB_UPLOAD",
414 "SMB_CLOSE",
415 "SMB_TREE_DISCONNECT",
416 "SMB_DONE",
417 /* LAST */
418 };
419
420 if(req->state != newstate)
421 infof(data, "SMB request %p state change from %s to %s",
422 (void *)req, names[req->state], names[newstate]);
423 #endif
424
425 req->state = newstate;
426 }
427
428 /* this should setup things in the connection, not in the easy
429 handle */
smb_setup_connection(struct Curl_easy * data,struct connectdata * conn)430 static CURLcode smb_setup_connection(struct Curl_easy *data,
431 struct connectdata *conn)
432 {
433 struct smb_request *req;
434
435 /* Initialize the request state */
436 data->req.p.smb = req = calloc(1, sizeof(struct smb_request));
437 if(!req)
438 return CURLE_OUT_OF_MEMORY;
439
440 /* Parse the URL path */
441 return smb_parse_url_path(data, conn);
442 }
443
smb_connect(struct Curl_easy * data,bool * done)444 static CURLcode smb_connect(struct Curl_easy *data, bool *done)
445 {
446 struct connectdata *conn = data->conn;
447 struct smb_conn *smbc = &conn->proto.smbc;
448 char *slash;
449
450 (void) done;
451
452 /* Check we have a username and password to authenticate with */
453 if(!data->state.aptr.user)
454 return CURLE_LOGIN_DENIED;
455
456 /* Initialize the connection state */
457 smbc->state = SMB_CONNECTING;
458 smbc->recv_buf = malloc(MAX_MESSAGE_SIZE);
459 if(!smbc->recv_buf)
460 return CURLE_OUT_OF_MEMORY;
461 smbc->send_buf = malloc(MAX_MESSAGE_SIZE);
462 if(!smbc->send_buf)
463 return CURLE_OUT_OF_MEMORY;
464
465 /* Multiple requests are allowed with this connection */
466 connkeep(conn, "SMB default");
467
468 /* Parse the username, domain, and password */
469 slash = strchr(conn->user, '/');
470 if(!slash)
471 slash = strchr(conn->user, '\\');
472
473 if(slash) {
474 smbc->user = slash + 1;
475 smbc->domain = strdup(conn->user);
476 if(!smbc->domain)
477 return CURLE_OUT_OF_MEMORY;
478 smbc->domain[slash - conn->user] = 0;
479 }
480 else {
481 smbc->user = conn->user;
482 smbc->domain = strdup(conn->host.name);
483 if(!smbc->domain)
484 return CURLE_OUT_OF_MEMORY;
485 }
486
487 return CURLE_OK;
488 }
489
smb_recv_message(struct Curl_easy * data,void ** msg)490 static CURLcode smb_recv_message(struct Curl_easy *data, void **msg)
491 {
492 struct connectdata *conn = data->conn;
493 struct smb_conn *smbc = &conn->proto.smbc;
494 char *buf = smbc->recv_buf;
495 ssize_t bytes_read;
496 size_t nbt_size;
497 size_t msg_size;
498 size_t len = MAX_MESSAGE_SIZE - smbc->got;
499 CURLcode result;
500
501 result = Curl_xfer_recv(data, buf + smbc->got, len, &bytes_read);
502 if(result)
503 return result;
504
505 if(!bytes_read)
506 return CURLE_OK;
507
508 smbc->got += bytes_read;
509
510 /* Check for a 32-bit nbt header */
511 if(smbc->got < sizeof(unsigned int))
512 return CURLE_OK;
513
514 nbt_size = Curl_read16_be((const unsigned char *)
515 (buf + sizeof(unsigned short))) +
516 sizeof(unsigned int);
517 if(smbc->got < nbt_size)
518 return CURLE_OK;
519
520 msg_size = sizeof(struct smb_header);
521 if(nbt_size >= msg_size + 1) {
522 /* Add the word count */
523 msg_size += 1 + ((unsigned char) buf[msg_size]) * sizeof(unsigned short);
524 if(nbt_size >= msg_size + sizeof(unsigned short)) {
525 /* Add the byte count */
526 msg_size += sizeof(unsigned short) +
527 Curl_read16_le((const unsigned char *)&buf[msg_size]);
528 if(nbt_size < msg_size)
529 return CURLE_READ_ERROR;
530 }
531 }
532
533 *msg = buf;
534
535 return CURLE_OK;
536 }
537
smb_pop_message(struct connectdata * conn)538 static void smb_pop_message(struct connectdata *conn)
539 {
540 struct smb_conn *smbc = &conn->proto.smbc;
541
542 smbc->got = 0;
543 }
544
smb_format_message(struct Curl_easy * data,struct smb_header * h,unsigned char cmd,size_t len)545 static void smb_format_message(struct Curl_easy *data, struct smb_header *h,
546 unsigned char cmd, size_t len)
547 {
548 struct connectdata *conn = data->conn;
549 struct smb_conn *smbc = &conn->proto.smbc;
550 struct smb_request *req = data->req.p.smb;
551 unsigned int pid;
552
553 memset(h, 0, sizeof(*h));
554 h->nbt_length = htons((unsigned short) (sizeof(*h) - sizeof(unsigned int) +
555 len));
556 memcpy((char *)h->magic, "\xffSMB", 4);
557 h->command = cmd;
558 h->flags = SMB_FLAGS_CANONICAL_PATHNAMES | SMB_FLAGS_CASELESS_PATHNAMES;
559 h->flags2 = smb_swap16(SMB_FLAGS2_IS_LONG_NAME | SMB_FLAGS2_KNOWS_LONG_NAME);
560 h->uid = smb_swap16(smbc->uid);
561 h->tid = smb_swap16(req->tid);
562 pid = (unsigned int)getpid();
563 h->pid_high = smb_swap16((unsigned short)(pid >> 16));
564 h->pid = smb_swap16((unsigned short) pid);
565 }
566
smb_send(struct Curl_easy * data,size_t len,size_t upload_size)567 static CURLcode smb_send(struct Curl_easy *data, size_t len,
568 size_t upload_size)
569 {
570 struct connectdata *conn = data->conn;
571 struct smb_conn *smbc = &conn->proto.smbc;
572 size_t bytes_written;
573 CURLcode result;
574
575 result = Curl_xfer_send(data, smbc->send_buf, len, FALSE, &bytes_written);
576 if(result)
577 return result;
578
579 if(bytes_written != len) {
580 smbc->send_size = len;
581 smbc->sent = bytes_written;
582 }
583
584 smbc->upload_size = upload_size;
585
586 return CURLE_OK;
587 }
588
smb_flush(struct Curl_easy * data)589 static CURLcode smb_flush(struct Curl_easy *data)
590 {
591 struct connectdata *conn = data->conn;
592 struct smb_conn *smbc = &conn->proto.smbc;
593 size_t bytes_written;
594 size_t len = smbc->send_size - smbc->sent;
595 CURLcode result;
596
597 if(!smbc->send_size)
598 return CURLE_OK;
599
600 result = Curl_xfer_send(data, smbc->send_buf + smbc->sent, len, FALSE,
601 &bytes_written);
602 if(result)
603 return result;
604
605 if(bytes_written != len)
606 smbc->sent += bytes_written;
607 else
608 smbc->send_size = 0;
609
610 return CURLE_OK;
611 }
612
smb_send_message(struct Curl_easy * data,unsigned char cmd,const void * msg,size_t msg_len)613 static CURLcode smb_send_message(struct Curl_easy *data, unsigned char cmd,
614 const void *msg, size_t msg_len)
615 {
616 struct connectdata *conn = data->conn;
617 struct smb_conn *smbc = &conn->proto.smbc;
618
619 smb_format_message(data, (struct smb_header *)smbc->send_buf,
620 cmd, msg_len);
621 DEBUGASSERT((sizeof(struct smb_header) + msg_len) <= MAX_MESSAGE_SIZE);
622 memcpy(smbc->send_buf + sizeof(struct smb_header), msg, msg_len);
623
624 return smb_send(data, sizeof(struct smb_header) + msg_len, 0);
625 }
626
smb_send_negotiate(struct Curl_easy * data)627 static CURLcode smb_send_negotiate(struct Curl_easy *data)
628 {
629 const char *msg = "\x00\x0c\x00\x02NT LM 0.12";
630
631 return smb_send_message(data, SMB_COM_NEGOTIATE, msg, 15);
632 }
633
smb_send_setup(struct Curl_easy * data)634 static CURLcode smb_send_setup(struct Curl_easy *data)
635 {
636 struct connectdata *conn = data->conn;
637 struct smb_conn *smbc = &conn->proto.smbc;
638 struct smb_setup msg;
639 char *p = msg.bytes;
640 unsigned char lm_hash[21];
641 unsigned char lm[24];
642 unsigned char nt_hash[21];
643 unsigned char nt[24];
644
645 const size_t byte_count = sizeof(lm) + sizeof(nt) +
646 strlen(smbc->user) + strlen(smbc->domain) +
647 strlen(OS) + strlen(CLIENTNAME) + 4; /* 4 null chars */
648 if(byte_count > sizeof(msg.bytes))
649 return CURLE_FILESIZE_EXCEEDED;
650
651 Curl_ntlm_core_mk_lm_hash(conn->passwd, lm_hash);
652 Curl_ntlm_core_lm_resp(lm_hash, smbc->challenge, lm);
653 Curl_ntlm_core_mk_nt_hash(conn->passwd, nt_hash);
654 Curl_ntlm_core_lm_resp(nt_hash, smbc->challenge, nt);
655
656 memset(&msg, 0, sizeof(msg) - sizeof(msg.bytes));
657 msg.word_count = SMB_WC_SETUP_ANDX;
658 msg.andx.command = SMB_COM_NO_ANDX_COMMAND;
659 msg.max_buffer_size = smb_swap16(MAX_MESSAGE_SIZE);
660 msg.max_mpx_count = smb_swap16(1);
661 msg.vc_number = smb_swap16(1);
662 msg.session_key = smb_swap32(smbc->session_key);
663 msg.capabilities = smb_swap32(SMB_CAP_LARGE_FILES);
664 msg.lengths[0] = smb_swap16(sizeof(lm));
665 msg.lengths[1] = smb_swap16(sizeof(nt));
666 memcpy(p, lm, sizeof(lm));
667 p += sizeof(lm);
668 memcpy(p, nt, sizeof(nt));
669 p += sizeof(nt);
670 MSGCATNULL(smbc->user);
671 MSGCATNULL(smbc->domain);
672 MSGCATNULL(OS);
673 MSGCATNULL(CLIENTNAME);
674 DEBUGASSERT(byte_count == (size_t)(p - msg.bytes));
675 msg.byte_count = smb_swap16((unsigned short)byte_count);
676
677 return smb_send_message(data, SMB_COM_SETUP_ANDX, &msg,
678 sizeof(msg) - sizeof(msg.bytes) + byte_count);
679 }
680
smb_send_tree_connect(struct Curl_easy * data)681 static CURLcode smb_send_tree_connect(struct Curl_easy *data)
682 {
683 struct smb_tree_connect msg;
684 struct connectdata *conn = data->conn;
685 struct smb_conn *smbc = &conn->proto.smbc;
686 char *p = msg.bytes;
687
688 const size_t byte_count = strlen(conn->host.name) + strlen(smbc->share) +
689 strlen(SERVICENAME) + 5; /* 2 nulls and 3 backslashes */
690 if(byte_count > sizeof(msg.bytes))
691 return CURLE_FILESIZE_EXCEEDED;
692
693 memset(&msg, 0, sizeof(msg) - sizeof(msg.bytes));
694 msg.word_count = SMB_WC_TREE_CONNECT_ANDX;
695 msg.andx.command = SMB_COM_NO_ANDX_COMMAND;
696 msg.pw_len = 0;
697 MSGCAT("\\\\");
698 MSGCAT(conn->host.name);
699 MSGCAT("\\");
700 MSGCATNULL(smbc->share);
701 MSGCATNULL(SERVICENAME); /* Match any type of service */
702 DEBUGASSERT(byte_count == (size_t)(p - msg.bytes));
703 msg.byte_count = smb_swap16((unsigned short)byte_count);
704
705 return smb_send_message(data, SMB_COM_TREE_CONNECT_ANDX, &msg,
706 sizeof(msg) - sizeof(msg.bytes) + byte_count);
707 }
708
smb_send_open(struct Curl_easy * data)709 static CURLcode smb_send_open(struct Curl_easy *data)
710 {
711 struct smb_request *req = data->req.p.smb;
712 struct smb_nt_create msg;
713 const size_t byte_count = strlen(req->path) + 1;
714
715 if(byte_count > sizeof(msg.bytes))
716 return CURLE_FILESIZE_EXCEEDED;
717
718 memset(&msg, 0, sizeof(msg) - sizeof(msg.bytes));
719 msg.word_count = SMB_WC_NT_CREATE_ANDX;
720 msg.andx.command = SMB_COM_NO_ANDX_COMMAND;
721 msg.name_length = smb_swap16((unsigned short)(byte_count - 1));
722 msg.share_access = smb_swap32(SMB_FILE_SHARE_ALL);
723 if(data->state.upload) {
724 msg.access = smb_swap32(SMB_GENERIC_READ | SMB_GENERIC_WRITE);
725 msg.create_disposition = smb_swap32(SMB_FILE_OVERWRITE_IF);
726 }
727 else {
728 msg.access = smb_swap32(SMB_GENERIC_READ);
729 msg.create_disposition = smb_swap32(SMB_FILE_OPEN);
730 }
731 msg.byte_count = smb_swap16((unsigned short) byte_count);
732 strcpy(msg.bytes, req->path);
733
734 return smb_send_message(data, SMB_COM_NT_CREATE_ANDX, &msg,
735 sizeof(msg) - sizeof(msg.bytes) + byte_count);
736 }
737
smb_send_close(struct Curl_easy * data)738 static CURLcode smb_send_close(struct Curl_easy *data)
739 {
740 struct smb_request *req = data->req.p.smb;
741 struct smb_close msg;
742
743 memset(&msg, 0, sizeof(msg));
744 msg.word_count = SMB_WC_CLOSE;
745 msg.fid = smb_swap16(req->fid);
746
747 return smb_send_message(data, SMB_COM_CLOSE, &msg, sizeof(msg));
748 }
749
smb_send_tree_disconnect(struct Curl_easy * data)750 static CURLcode smb_send_tree_disconnect(struct Curl_easy *data)
751 {
752 struct smb_tree_disconnect msg;
753
754 memset(&msg, 0, sizeof(msg));
755
756 return smb_send_message(data, SMB_COM_TREE_DISCONNECT, &msg, sizeof(msg));
757 }
758
smb_send_read(struct Curl_easy * data)759 static CURLcode smb_send_read(struct Curl_easy *data)
760 {
761 struct smb_request *req = data->req.p.smb;
762 curl_off_t offset = data->req.offset;
763 struct smb_read msg;
764
765 memset(&msg, 0, sizeof(msg));
766 msg.word_count = SMB_WC_READ_ANDX;
767 msg.andx.command = SMB_COM_NO_ANDX_COMMAND;
768 msg.fid = smb_swap16(req->fid);
769 msg.offset = smb_swap32((unsigned int) offset);
770 msg.offset_high = smb_swap32((unsigned int) (offset >> 32));
771 msg.min_bytes = smb_swap16(MAX_PAYLOAD_SIZE);
772 msg.max_bytes = smb_swap16(MAX_PAYLOAD_SIZE);
773
774 return smb_send_message(data, SMB_COM_READ_ANDX, &msg, sizeof(msg));
775 }
776
smb_send_write(struct Curl_easy * data)777 static CURLcode smb_send_write(struct Curl_easy *data)
778 {
779 struct connectdata *conn = data->conn;
780 struct smb_conn *smbc = &conn->proto.smbc;
781 struct smb_write *msg;
782 struct smb_request *req = data->req.p.smb;
783 curl_off_t offset = data->req.offset;
784 curl_off_t upload_size = data->req.size - data->req.bytecount;
785
786 msg = (struct smb_write *)smbc->send_buf;
787 if(upload_size >= MAX_PAYLOAD_SIZE - 1) /* There is one byte of padding */
788 upload_size = MAX_PAYLOAD_SIZE - 1;
789
790 memset(msg, 0, sizeof(*msg));
791 msg->word_count = SMB_WC_WRITE_ANDX;
792 msg->andx.command = SMB_COM_NO_ANDX_COMMAND;
793 msg->fid = smb_swap16(req->fid);
794 msg->offset = smb_swap32((unsigned int) offset);
795 msg->offset_high = smb_swap32((unsigned int) (offset >> 32));
796 msg->data_length = smb_swap16((unsigned short) upload_size);
797 msg->data_offset = smb_swap16(sizeof(*msg) - sizeof(unsigned int));
798 msg->byte_count = smb_swap16((unsigned short) (upload_size + 1));
799
800 smb_format_message(data, &msg->h, SMB_COM_WRITE_ANDX,
801 sizeof(*msg) - sizeof(msg->h) + (size_t) upload_size);
802
803 return smb_send(data, sizeof(*msg), (size_t) upload_size);
804 }
805
smb_send_and_recv(struct Curl_easy * data,void ** msg)806 static CURLcode smb_send_and_recv(struct Curl_easy *data, void **msg)
807 {
808 struct connectdata *conn = data->conn;
809 struct smb_conn *smbc = &conn->proto.smbc;
810 CURLcode result;
811 *msg = NULL; /* if it returns early */
812
813 /* Check if there is data in the transfer buffer */
814 if(!smbc->send_size && smbc->upload_size) {
815 size_t nread = smbc->upload_size > (size_t)MAX_MESSAGE_SIZE ?
816 (size_t)MAX_MESSAGE_SIZE : smbc->upload_size;
817 bool eos;
818
819 result = Curl_client_read(data, smbc->send_buf, nread, &nread, &eos);
820 if(result && result != CURLE_AGAIN)
821 return result;
822 if(!nread)
823 return CURLE_OK;
824
825 smbc->upload_size -= nread;
826 smbc->send_size = nread;
827 smbc->sent = 0;
828 }
829
830 /* Check if there is data to send */
831 if(smbc->send_size) {
832 result = smb_flush(data);
833 if(result)
834 return result;
835 }
836
837 /* Check if there is still data to be sent */
838 if(smbc->send_size || smbc->upload_size)
839 return CURLE_AGAIN;
840
841 return smb_recv_message(data, msg);
842 }
843
smb_connection_state(struct Curl_easy * data,bool * done)844 static CURLcode smb_connection_state(struct Curl_easy *data, bool *done)
845 {
846 struct connectdata *conn = data->conn;
847 struct smb_conn *smbc = &conn->proto.smbc;
848 struct smb_negotiate_response *nrsp;
849 struct smb_header *h;
850 CURLcode result;
851 void *msg = NULL;
852
853 if(smbc->state == SMB_CONNECTING) {
854 #ifdef USE_SSL
855 if((conn->handler->flags & PROTOPT_SSL)) {
856 bool ssl_done = FALSE;
857 result = Curl_conn_connect(data, FIRSTSOCKET, FALSE, &ssl_done);
858 if(result && result != CURLE_AGAIN)
859 return result;
860 if(!ssl_done)
861 return CURLE_OK;
862 }
863 #endif
864
865 result = smb_send_negotiate(data);
866 if(result) {
867 connclose(conn, "SMB: failed to send negotiate message");
868 return result;
869 }
870
871 conn_state(data, SMB_NEGOTIATE);
872 }
873
874 /* Send the previous message and check for a response */
875 result = smb_send_and_recv(data, &msg);
876 if(result && result != CURLE_AGAIN) {
877 connclose(conn, "SMB: failed to communicate");
878 return result;
879 }
880
881 if(!msg)
882 return CURLE_OK;
883
884 h = msg;
885
886 switch(smbc->state) {
887 case SMB_NEGOTIATE:
888 if((smbc->got < sizeof(*nrsp) + sizeof(smbc->challenge) - 1) ||
889 h->status) {
890 connclose(conn, "SMB: negotiation failed");
891 return CURLE_COULDNT_CONNECT;
892 }
893 nrsp = msg;
894 memcpy(smbc->challenge, nrsp->bytes, sizeof(smbc->challenge));
895 smbc->session_key = smb_swap32(nrsp->session_key);
896 result = smb_send_setup(data);
897 if(result) {
898 connclose(conn, "SMB: failed to send setup message");
899 return result;
900 }
901 conn_state(data, SMB_SETUP);
902 break;
903
904 case SMB_SETUP:
905 if(h->status) {
906 connclose(conn, "SMB: authentication failed");
907 return CURLE_LOGIN_DENIED;
908 }
909 smbc->uid = smb_swap16(h->uid);
910 conn_state(data, SMB_CONNECTED);
911 *done = true;
912 break;
913
914 default:
915 smb_pop_message(conn);
916 return CURLE_OK; /* ignore */
917 }
918
919 smb_pop_message(conn);
920
921 return CURLE_OK;
922 }
923
924 /*
925 * Convert a timestamp from the Windows world (100 nsec units from 1 Jan 1601)
926 * to POSIX time. Cap the output to fit within a time_t.
927 */
get_posix_time(time_t * out,curl_off_t timestamp)928 static void get_posix_time(time_t *out, curl_off_t timestamp)
929 {
930 timestamp -= 116444736000000000;
931 timestamp /= 10000000;
932 #if SIZEOF_TIME_T < SIZEOF_CURL_OFF_T
933 if(timestamp > TIME_T_MAX)
934 *out = TIME_T_MAX;
935 else if(timestamp < TIME_T_MIN)
936 *out = TIME_T_MIN;
937 else
938 #endif
939 *out = (time_t) timestamp;
940 }
941
smb_request_state(struct Curl_easy * data,bool * done)942 static CURLcode smb_request_state(struct Curl_easy *data, bool *done)
943 {
944 struct connectdata *conn = data->conn;
945 struct smb_request *req = data->req.p.smb;
946 struct smb_header *h;
947 struct smb_conn *smbc = &conn->proto.smbc;
948 enum smb_req_state next_state = SMB_DONE;
949 unsigned short len;
950 unsigned short off;
951 CURLcode result;
952 void *msg = NULL;
953 const struct smb_nt_create_response *smb_m;
954
955 if(data->state.upload && (data->state.infilesize < 0)) {
956 failf(data, "SMB upload needs to know the size up front");
957 return CURLE_SEND_ERROR;
958 }
959
960 /* Start the request */
961 if(req->state == SMB_REQUESTING) {
962 result = smb_send_tree_connect(data);
963 if(result) {
964 connclose(conn, "SMB: failed to send tree connect message");
965 return result;
966 }
967
968 request_state(data, SMB_TREE_CONNECT);
969 }
970
971 /* Send the previous message and check for a response */
972 result = smb_send_and_recv(data, &msg);
973 if(result && result != CURLE_AGAIN) {
974 connclose(conn, "SMB: failed to communicate");
975 return result;
976 }
977
978 if(!msg)
979 return CURLE_OK;
980
981 h = msg;
982
983 switch(req->state) {
984 case SMB_TREE_CONNECT:
985 if(h->status) {
986 req->result = CURLE_REMOTE_FILE_NOT_FOUND;
987 if(h->status == smb_swap32(SMB_ERR_NOACCESS))
988 req->result = CURLE_REMOTE_ACCESS_DENIED;
989 break;
990 }
991 req->tid = smb_swap16(h->tid);
992 next_state = SMB_OPEN;
993 break;
994
995 case SMB_OPEN:
996 if(h->status || smbc->got < sizeof(struct smb_nt_create_response)) {
997 req->result = CURLE_REMOTE_FILE_NOT_FOUND;
998 if(h->status == smb_swap32(SMB_ERR_NOACCESS))
999 req->result = CURLE_REMOTE_ACCESS_DENIED;
1000 next_state = SMB_TREE_DISCONNECT;
1001 break;
1002 }
1003 smb_m = (const struct smb_nt_create_response*) msg;
1004 req->fid = smb_swap16(smb_m->fid);
1005 data->req.offset = 0;
1006 if(data->state.upload) {
1007 data->req.size = data->state.infilesize;
1008 Curl_pgrsSetUploadSize(data, data->req.size);
1009 next_state = SMB_UPLOAD;
1010 }
1011 else {
1012 data->req.size = smb_swap64(smb_m->end_of_file);
1013 if(data->req.size < 0) {
1014 req->result = CURLE_WEIRD_SERVER_REPLY;
1015 next_state = SMB_CLOSE;
1016 }
1017 else {
1018 Curl_pgrsSetDownloadSize(data, data->req.size);
1019 if(data->set.get_filetime)
1020 get_posix_time(&data->info.filetime, smb_m->last_change_time);
1021 next_state = SMB_DOWNLOAD;
1022 }
1023 }
1024 break;
1025
1026 case SMB_DOWNLOAD:
1027 if(h->status || smbc->got < sizeof(struct smb_header) + 14) {
1028 req->result = CURLE_RECV_ERROR;
1029 next_state = SMB_CLOSE;
1030 break;
1031 }
1032 len = Curl_read16_le(((const unsigned char *) msg) +
1033 sizeof(struct smb_header) + 11);
1034 off = Curl_read16_le(((const unsigned char *) msg) +
1035 sizeof(struct smb_header) + 13);
1036 if(len > 0) {
1037 if(off + sizeof(unsigned int) + len > smbc->got) {
1038 failf(data, "Invalid input packet");
1039 result = CURLE_RECV_ERROR;
1040 }
1041 else
1042 result = Curl_client_write(data, CLIENTWRITE_BODY,
1043 (char *)msg + off + sizeof(unsigned int),
1044 len);
1045 if(result) {
1046 req->result = result;
1047 next_state = SMB_CLOSE;
1048 break;
1049 }
1050 }
1051 data->req.offset += len;
1052 next_state = (len < MAX_PAYLOAD_SIZE) ? SMB_CLOSE : SMB_DOWNLOAD;
1053 break;
1054
1055 case SMB_UPLOAD:
1056 if(h->status || smbc->got < sizeof(struct smb_header) + 6) {
1057 req->result = CURLE_UPLOAD_FAILED;
1058 next_state = SMB_CLOSE;
1059 break;
1060 }
1061 len = Curl_read16_le(((const unsigned char *) msg) +
1062 sizeof(struct smb_header) + 5);
1063 data->req.bytecount += len;
1064 data->req.offset += len;
1065 Curl_pgrsSetUploadCounter(data, data->req.bytecount);
1066 if(data->req.bytecount >= data->req.size)
1067 next_state = SMB_CLOSE;
1068 else
1069 next_state = SMB_UPLOAD;
1070 break;
1071
1072 case SMB_CLOSE:
1073 /* We do not care if the close failed, proceed to tree disconnect anyway */
1074 next_state = SMB_TREE_DISCONNECT;
1075 break;
1076
1077 case SMB_TREE_DISCONNECT:
1078 next_state = SMB_DONE;
1079 break;
1080
1081 default:
1082 smb_pop_message(conn);
1083 return CURLE_OK; /* ignore */
1084 }
1085
1086 smb_pop_message(conn);
1087
1088 switch(next_state) {
1089 case SMB_OPEN:
1090 result = smb_send_open(data);
1091 break;
1092
1093 case SMB_DOWNLOAD:
1094 result = smb_send_read(data);
1095 break;
1096
1097 case SMB_UPLOAD:
1098 result = smb_send_write(data);
1099 break;
1100
1101 case SMB_CLOSE:
1102 result = smb_send_close(data);
1103 break;
1104
1105 case SMB_TREE_DISCONNECT:
1106 result = smb_send_tree_disconnect(data);
1107 break;
1108
1109 case SMB_DONE:
1110 result = req->result;
1111 *done = true;
1112 break;
1113
1114 default:
1115 break;
1116 }
1117
1118 if(result) {
1119 connclose(conn, "SMB: failed to send message");
1120 return result;
1121 }
1122
1123 request_state(data, next_state);
1124
1125 return CURLE_OK;
1126 }
1127
smb_disconnect(struct Curl_easy * data,struct connectdata * conn,bool dead)1128 static CURLcode smb_disconnect(struct Curl_easy *data,
1129 struct connectdata *conn, bool dead)
1130 {
1131 struct smb_conn *smbc = &conn->proto.smbc;
1132 (void) dead;
1133 (void) data;
1134 Curl_safefree(smbc->share);
1135 Curl_safefree(smbc->domain);
1136 Curl_safefree(smbc->recv_buf);
1137 Curl_safefree(smbc->send_buf);
1138 return CURLE_OK;
1139 }
1140
smb_getsock(struct Curl_easy * data,struct connectdata * conn,curl_socket_t * socks)1141 static int smb_getsock(struct Curl_easy *data,
1142 struct connectdata *conn, curl_socket_t *socks)
1143 {
1144 (void)data;
1145 socks[0] = conn->sock[FIRSTSOCKET];
1146 return GETSOCK_READSOCK(0) | GETSOCK_WRITESOCK(0);
1147 }
1148
smb_do(struct Curl_easy * data,bool * done)1149 static CURLcode smb_do(struct Curl_easy *data, bool *done)
1150 {
1151 struct connectdata *conn = data->conn;
1152 struct smb_conn *smbc = &conn->proto.smbc;
1153
1154 *done = FALSE;
1155 if(smbc->share) {
1156 return CURLE_OK;
1157 }
1158 return CURLE_URL_MALFORMAT;
1159 }
1160
smb_parse_url_path(struct Curl_easy * data,struct connectdata * conn)1161 static CURLcode smb_parse_url_path(struct Curl_easy *data,
1162 struct connectdata *conn)
1163 {
1164 struct smb_request *req = data->req.p.smb;
1165 struct smb_conn *smbc = &conn->proto.smbc;
1166 char *path;
1167 char *slash;
1168
1169 /* URL decode the path */
1170 CURLcode result = Curl_urldecode(data->state.up.path, 0, &path, NULL,
1171 REJECT_CTRL);
1172 if(result)
1173 return result;
1174
1175 /* Parse the path for the share */
1176 smbc->share = strdup((*path == '/' || *path == '\\') ? path + 1 : path);
1177 free(path);
1178 if(!smbc->share)
1179 return CURLE_OUT_OF_MEMORY;
1180
1181 slash = strchr(smbc->share, '/');
1182 if(!slash)
1183 slash = strchr(smbc->share, '\\');
1184
1185 /* The share must be present */
1186 if(!slash) {
1187 Curl_safefree(smbc->share);
1188 failf(data, "missing share in URL path for SMB");
1189 return CURLE_URL_MALFORMAT;
1190 }
1191
1192 /* Parse the path for the file path converting any forward slashes into
1193 backslashes */
1194 *slash++ = 0;
1195 req->path = slash;
1196
1197 for(; *slash; slash++) {
1198 if(*slash == '/')
1199 *slash = '\\';
1200 }
1201 return CURLE_OK;
1202 }
1203
1204 #endif /* CURL_DISABLE_SMB && USE_CURL_NTLM_CORE &&
1205 SIZEOF_CURL_OFF_T > 4 */
1206