1 /***************************************************************************
2 * _ _ ____ _
3 * Project ___| | | | _ \| |
4 * / __| | | | |_) | |
5 * | (__| |_| | _ <| |___
6 * \___|\___/|_| \_\_____|
7 *
8 * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
9 * Copyright (C) Bill Nagel <wnagel@tycoint.com>, Exacq Technologies
10 *
11 * This software is licensed as described in the file COPYING, which
12 * you should have received as part of this distribution. The terms
13 * are also available at https://curl.se/docs/copyright.html.
14 *
15 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
16 * copies of the Software, and permit persons to whom the Software is
17 * furnished to do so, under the terms of the COPYING file.
18 *
19 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
20 * KIND, either express or implied.
21 *
22 * SPDX-License-Identifier: curl
23 *
24 ***************************************************************************/
25
26 #include "curl_setup.h"
27
28 #if !defined(CURL_DISABLE_SMB) && defined(USE_CURL_NTLM_CORE)
29
30 #ifdef _WIN32
31 #define getpid GetCurrentProcessId
32 #endif
33
34 #include "smb.h"
35 #include "urldata.h"
36 #include "sendf.h"
37 #include "multiif.h"
38 #include "cfilters.h"
39 #include "connect.h"
40 #include "progress.h"
41 #include "transfer.h"
42 #include "vtls/vtls.h"
43 #include "curl_ntlm_core.h"
44 #include "escape.h"
45 #include "curl_endian.h"
46
47 /* The last #include files should be: */
48 #include "curl_memory.h"
49 #include "memdebug.h"
50
51 /*
52 * Definitions for SMB protocol data structures
53 */
54 #if defined(_MSC_VER) || defined(__ILEC400__)
55 # define PACK
56 # pragma pack(push)
57 # pragma pack(1)
58 #elif defined(__GNUC__)
59 # define PACK __attribute__((packed))
60 #else
61 # define PACK
62 #endif
63
64 #define SMB_COM_CLOSE 0x04
65 #define SMB_COM_READ_ANDX 0x2e
66 #define SMB_COM_WRITE_ANDX 0x2f
67 #define SMB_COM_TREE_DISCONNECT 0x71
68 #define SMB_COM_NEGOTIATE 0x72
69 #define SMB_COM_SETUP_ANDX 0x73
70 #define SMB_COM_TREE_CONNECT_ANDX 0x75
71 #define SMB_COM_NT_CREATE_ANDX 0xa2
72 #define SMB_COM_NO_ANDX_COMMAND 0xff
73
74 #define SMB_WC_CLOSE 0x03
75 #define SMB_WC_READ_ANDX 0x0c
76 #define SMB_WC_WRITE_ANDX 0x0e
77 #define SMB_WC_SETUP_ANDX 0x0d
78 #define SMB_WC_TREE_CONNECT_ANDX 0x04
79 #define SMB_WC_NT_CREATE_ANDX 0x18
80
81 #define SMB_FLAGS_CANONICAL_PATHNAMES 0x10
82 #define SMB_FLAGS_CASELESS_PATHNAMES 0x08
83 #define SMB_FLAGS2_UNICODE_STRINGS 0x8000
84 #define SMB_FLAGS2_IS_LONG_NAME 0x0040
85 #define SMB_FLAGS2_KNOWS_LONG_NAME 0x0001
86
87 #define SMB_CAP_LARGE_FILES 0x08
88 #define SMB_GENERIC_WRITE 0x40000000
89 #define SMB_GENERIC_READ 0x80000000
90 #define SMB_FILE_SHARE_ALL 0x07
91 #define SMB_FILE_OPEN 0x01
92 #define SMB_FILE_OVERWRITE_IF 0x05
93
94 #define SMB_ERR_NOACCESS 0x00050001
95
96 struct smb_header {
97 unsigned char nbt_type;
98 unsigned char nbt_flags;
99 unsigned short nbt_length;
100 unsigned char magic[4];
101 unsigned char command;
102 unsigned int status;
103 unsigned char flags;
104 unsigned short flags2;
105 unsigned short pid_high;
106 unsigned char signature[8];
107 unsigned short pad;
108 unsigned short tid;
109 unsigned short pid;
110 unsigned short uid;
111 unsigned short mid;
112 } PACK;
113
114 struct smb_negotiate_response {
115 struct smb_header h;
116 unsigned char word_count;
117 unsigned short dialect_index;
118 unsigned char security_mode;
119 unsigned short max_mpx_count;
120 unsigned short max_number_vcs;
121 unsigned int max_buffer_size;
122 unsigned int max_raw_size;
123 unsigned int session_key;
124 unsigned int capabilities;
125 unsigned int system_time_low;
126 unsigned int system_time_high;
127 unsigned short server_time_zone;
128 unsigned char encryption_key_length;
129 unsigned short byte_count;
130 char bytes[1];
131 } PACK;
132
133 struct andx {
134 unsigned char command;
135 unsigned char pad;
136 unsigned short offset;
137 } PACK;
138
139 struct smb_setup {
140 unsigned char word_count;
141 struct andx andx;
142 unsigned short max_buffer_size;
143 unsigned short max_mpx_count;
144 unsigned short vc_number;
145 unsigned int session_key;
146 unsigned short lengths[2];
147 unsigned int pad;
148 unsigned int capabilities;
149 unsigned short byte_count;
150 char bytes[1024];
151 } PACK;
152
153 struct smb_tree_connect {
154 unsigned char word_count;
155 struct andx andx;
156 unsigned short flags;
157 unsigned short pw_len;
158 unsigned short byte_count;
159 char bytes[1024];
160 } PACK;
161
162 struct smb_nt_create {
163 unsigned char word_count;
164 struct andx andx;
165 unsigned char pad;
166 unsigned short name_length;
167 unsigned int flags;
168 unsigned int root_fid;
169 unsigned int access;
170 curl_off_t allocation_size;
171 unsigned int ext_file_attributes;
172 unsigned int share_access;
173 unsigned int create_disposition;
174 unsigned int create_options;
175 unsigned int impersonation_level;
176 unsigned char security_flags;
177 unsigned short byte_count;
178 char bytes[1024];
179 } PACK;
180
181 struct smb_nt_create_response {
182 struct smb_header h;
183 unsigned char word_count;
184 struct andx andx;
185 unsigned char op_lock_level;
186 unsigned short fid;
187 unsigned int create_disposition;
188
189 curl_off_t create_time;
190 curl_off_t last_access_time;
191 curl_off_t last_write_time;
192 curl_off_t last_change_time;
193 unsigned int ext_file_attributes;
194 curl_off_t allocation_size;
195 curl_off_t end_of_file;
196 } PACK;
197
198 struct smb_read {
199 unsigned char word_count;
200 struct andx andx;
201 unsigned short fid;
202 unsigned int offset;
203 unsigned short max_bytes;
204 unsigned short min_bytes;
205 unsigned int timeout;
206 unsigned short remaining;
207 unsigned int offset_high;
208 unsigned short byte_count;
209 } PACK;
210
211 struct smb_write {
212 struct smb_header h;
213 unsigned char word_count;
214 struct andx andx;
215 unsigned short fid;
216 unsigned int offset;
217 unsigned int timeout;
218 unsigned short write_mode;
219 unsigned short remaining;
220 unsigned short pad;
221 unsigned short data_length;
222 unsigned short data_offset;
223 unsigned int offset_high;
224 unsigned short byte_count;
225 unsigned char pad2;
226 } PACK;
227
228 struct smb_close {
229 unsigned char word_count;
230 unsigned short fid;
231 unsigned int last_mtime;
232 unsigned short byte_count;
233 } PACK;
234
235 struct smb_tree_disconnect {
236 unsigned char word_count;
237 unsigned short byte_count;
238 } PACK;
239
240 #if defined(_MSC_VER) || defined(__ILEC400__)
241 # pragma pack(pop)
242 #endif
243
244 /* Local API functions */
245 static CURLcode smb_setup_connection(struct Curl_easy *data,
246 struct connectdata *conn);
247 static CURLcode smb_connect(struct Curl_easy *data, bool *done);
248 static CURLcode smb_connection_state(struct Curl_easy *data, bool *done);
249 static CURLcode smb_do(struct Curl_easy *data, bool *done);
250 static CURLcode smb_request_state(struct Curl_easy *data, bool *done);
251 static CURLcode smb_disconnect(struct Curl_easy *data,
252 struct connectdata *conn, bool dead);
253 static int smb_getsock(struct Curl_easy *data, struct connectdata *conn,
254 curl_socket_t *socks);
255 static CURLcode smb_parse_url_path(struct Curl_easy *data,
256 struct connectdata *conn);
257
258 /*
259 * SMB handler interface
260 */
261 const struct Curl_handler Curl_handler_smb = {
262 "smb", /* scheme */
263 smb_setup_connection, /* setup_connection */
264 smb_do, /* do_it */
265 ZERO_NULL, /* done */
266 ZERO_NULL, /* do_more */
267 smb_connect, /* connect_it */
268 smb_connection_state, /* connecting */
269 smb_request_state, /* doing */
270 smb_getsock, /* proto_getsock */
271 smb_getsock, /* doing_getsock */
272 ZERO_NULL, /* domore_getsock */
273 ZERO_NULL, /* perform_getsock */
274 smb_disconnect, /* disconnect */
275 ZERO_NULL, /* write_resp */
276 ZERO_NULL, /* write_resp_hd */
277 ZERO_NULL, /* connection_check */
278 ZERO_NULL, /* attach connection */
279 PORT_SMB, /* defport */
280 CURLPROTO_SMB, /* protocol */
281 CURLPROTO_SMB, /* family */
282 PROTOPT_NONE /* flags */
283 };
284
285 #ifdef USE_SSL
286 /*
287 * SMBS handler interface
288 */
289 const struct Curl_handler Curl_handler_smbs = {
290 "smbs", /* scheme */
291 smb_setup_connection, /* setup_connection */
292 smb_do, /* do_it */
293 ZERO_NULL, /* done */
294 ZERO_NULL, /* do_more */
295 smb_connect, /* connect_it */
296 smb_connection_state, /* connecting */
297 smb_request_state, /* doing */
298 smb_getsock, /* proto_getsock */
299 smb_getsock, /* doing_getsock */
300 ZERO_NULL, /* domore_getsock */
301 ZERO_NULL, /* perform_getsock */
302 smb_disconnect, /* disconnect */
303 ZERO_NULL, /* write_resp */
304 ZERO_NULL, /* write_resp_hd */
305 ZERO_NULL, /* connection_check */
306 ZERO_NULL, /* attach connection */
307 PORT_SMBS, /* defport */
308 CURLPROTO_SMBS, /* protocol */
309 CURLPROTO_SMB, /* family */
310 PROTOPT_SSL /* flags */
311 };
312 #endif
313
314 #define MAX_PAYLOAD_SIZE 0x8000
315 #define MAX_MESSAGE_SIZE (MAX_PAYLOAD_SIZE + 0x1000)
316 #define CLIENTNAME "curl"
317 #define SERVICENAME "?????"
318
319 /* Append a string to an SMB message */
320 #define MSGCAT(str) \
321 do { \
322 strcpy(p, (str)); \
323 p += strlen(str); \
324 } while(0)
325
326 /* Append a null-terminated string to an SMB message */
327 #define MSGCATNULL(str) \
328 do { \
329 strcpy(p, (str)); \
330 p += strlen(str) + 1; \
331 } while(0)
332
333 /* SMB is mostly little endian */
334 #if (defined(__BYTE_ORDER__) && __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__) || \
335 defined(__OS400__)
smb_swap16(unsigned short x)336 static unsigned short smb_swap16(unsigned short x)
337 {
338 return (unsigned short) ((x << 8) | ((x >> 8) & 0xff));
339 }
340
smb_swap32(unsigned int x)341 static unsigned int smb_swap32(unsigned int x)
342 {
343 return (x << 24) | ((x << 8) & 0xff0000) | ((x >> 8) & 0xff00) |
344 ((x >> 24) & 0xff);
345 }
346
smb_swap64(curl_off_t x)347 static curl_off_t smb_swap64(curl_off_t x)
348 {
349 return ((curl_off_t) smb_swap32((unsigned int) x) << 32) |
350 smb_swap32((unsigned int) (x >> 32));
351 }
352
353 #else
354 # define smb_swap16(x) (x)
355 # define smb_swap32(x) (x)
356 # define smb_swap64(x) (x)
357 #endif
358
359 /* SMB request state */
360 enum smb_req_state {
361 SMB_REQUESTING,
362 SMB_TREE_CONNECT,
363 SMB_OPEN,
364 SMB_DOWNLOAD,
365 SMB_UPLOAD,
366 SMB_CLOSE,
367 SMB_TREE_DISCONNECT,
368 SMB_DONE
369 };
370
371 /* SMB request data */
372 struct smb_request {
373 enum smb_req_state state;
374 char *path;
375 unsigned short tid; /* Even if we connect to the same tree as another */
376 unsigned short fid; /* request, the tid will be different */
377 CURLcode result;
378 };
379
conn_state(struct Curl_easy * data,enum smb_conn_state newstate)380 static void conn_state(struct Curl_easy *data, enum smb_conn_state newstate)
381 {
382 struct smb_conn *smbc = &data->conn->proto.smbc;
383 #if defined(DEBUGBUILD) && !defined(CURL_DISABLE_VERBOSE_STRINGS)
384 /* For debug purposes */
385 static const char * const names[] = {
386 "SMB_NOT_CONNECTED",
387 "SMB_CONNECTING",
388 "SMB_NEGOTIATE",
389 "SMB_SETUP",
390 "SMB_CONNECTED",
391 /* LAST */
392 };
393
394 if(smbc->state != newstate)
395 infof(data, "SMB conn %p state change from %s to %s",
396 (void *)smbc, names[smbc->state], names[newstate]);
397 #endif
398
399 smbc->state = newstate;
400 }
401
request_state(struct Curl_easy * data,enum smb_req_state newstate)402 static void request_state(struct Curl_easy *data,
403 enum smb_req_state newstate)
404 {
405 struct smb_request *req = data->req.p.smb;
406 #if defined(DEBUGBUILD) && !defined(CURL_DISABLE_VERBOSE_STRINGS)
407 /* For debug purposes */
408 static const char * const names[] = {
409 "SMB_REQUESTING",
410 "SMB_TREE_CONNECT",
411 "SMB_OPEN",
412 "SMB_DOWNLOAD",
413 "SMB_UPLOAD",
414 "SMB_CLOSE",
415 "SMB_TREE_DISCONNECT",
416 "SMB_DONE",
417 /* LAST */
418 };
419
420 if(req->state != newstate)
421 infof(data, "SMB request %p state change from %s to %s",
422 (void *)req, names[req->state], names[newstate]);
423 #endif
424
425 req->state = newstate;
426 }
427
428 /* this should setup things in the connection, not in the easy
429 handle */
smb_setup_connection(struct Curl_easy * data,struct connectdata * conn)430 static CURLcode smb_setup_connection(struct Curl_easy *data,
431 struct connectdata *conn)
432 {
433 struct smb_request *req;
434
435 /* Initialize the request state */
436 data->req.p.smb = req = calloc(1, sizeof(struct smb_request));
437 if(!req)
438 return CURLE_OUT_OF_MEMORY;
439
440 /* Parse the URL path */
441 return smb_parse_url_path(data, conn);
442 }
443
smb_connect(struct Curl_easy * data,bool * done)444 static CURLcode smb_connect(struct Curl_easy *data, bool *done)
445 {
446 struct connectdata *conn = data->conn;
447 struct smb_conn *smbc = &conn->proto.smbc;
448 char *slash;
449
450 (void) done;
451
452 /* Check we have a username and password to authenticate with */
453 if(!data->state.aptr.user)
454 return CURLE_LOGIN_DENIED;
455
456 /* Initialize the connection state */
457 smbc->state = SMB_CONNECTING;
458 smbc->recv_buf = malloc(MAX_MESSAGE_SIZE);
459 if(!smbc->recv_buf)
460 return CURLE_OUT_OF_MEMORY;
461 smbc->send_buf = malloc(MAX_MESSAGE_SIZE);
462 if(!smbc->send_buf)
463 return CURLE_OUT_OF_MEMORY;
464
465 /* Multiple requests are allowed with this connection */
466 connkeep(conn, "SMB default");
467
468 /* Parse the username, domain, and password */
469 slash = strchr(conn->user, '/');
470 if(!slash)
471 slash = strchr(conn->user, '\\');
472
473 if(slash) {
474 smbc->user = slash + 1;
475 smbc->domain = strdup(conn->user);
476 if(!smbc->domain)
477 return CURLE_OUT_OF_MEMORY;
478 smbc->domain[slash - conn->user] = 0;
479 }
480 else {
481 smbc->user = conn->user;
482 smbc->domain = strdup(conn->host.name);
483 if(!smbc->domain)
484 return CURLE_OUT_OF_MEMORY;
485 }
486
487 return CURLE_OK;
488 }
489
smb_recv_message(struct Curl_easy * data,void ** msg)490 static CURLcode smb_recv_message(struct Curl_easy *data, void **msg)
491 {
492 struct connectdata *conn = data->conn;
493 struct smb_conn *smbc = &conn->proto.smbc;
494 char *buf = smbc->recv_buf;
495 ssize_t bytes_read;
496 size_t nbt_size;
497 size_t msg_size;
498 size_t len = MAX_MESSAGE_SIZE - smbc->got;
499 CURLcode result;
500
501 result = Curl_xfer_recv(data, buf + smbc->got, len, &bytes_read);
502 if(result)
503 return result;
504
505 if(!bytes_read)
506 return CURLE_OK;
507
508 smbc->got += bytes_read;
509
510 /* Check for a 32-bit nbt header */
511 if(smbc->got < sizeof(unsigned int))
512 return CURLE_OK;
513
514 nbt_size = Curl_read16_be((const unsigned char *)
515 (buf + sizeof(unsigned short))) +
516 sizeof(unsigned int);
517 if(smbc->got < nbt_size)
518 return CURLE_OK;
519
520 msg_size = sizeof(struct smb_header);
521 if(nbt_size >= msg_size + 1) {
522 /* Add the word count */
523 msg_size += 1 + ((unsigned char) buf[msg_size]) * sizeof(unsigned short);
524 if(nbt_size >= msg_size + sizeof(unsigned short)) {
525 /* Add the byte count */
526 msg_size += sizeof(unsigned short) +
527 Curl_read16_le((const unsigned char *)&buf[msg_size]);
528 if(nbt_size < msg_size)
529 return CURLE_READ_ERROR;
530 }
531 }
532
533 *msg = buf;
534
535 return CURLE_OK;
536 }
537
smb_pop_message(struct connectdata * conn)538 static void smb_pop_message(struct connectdata *conn)
539 {
540 struct smb_conn *smbc = &conn->proto.smbc;
541
542 smbc->got = 0;
543 }
544
smb_format_message(struct Curl_easy * data,struct smb_header * h,unsigned char cmd,size_t len)545 static void smb_format_message(struct Curl_easy *data, struct smb_header *h,
546 unsigned char cmd, size_t len)
547 {
548 struct connectdata *conn = data->conn;
549 struct smb_conn *smbc = &conn->proto.smbc;
550 struct smb_request *req = data->req.p.smb;
551 unsigned int pid;
552
553 memset(h, 0, sizeof(*h));
554 h->nbt_length = htons((unsigned short) (sizeof(*h) - sizeof(unsigned int) +
555 len));
556 memcpy((char *)h->magic, "\xffSMB", 4);
557 h->command = cmd;
558 h->flags = SMB_FLAGS_CANONICAL_PATHNAMES | SMB_FLAGS_CASELESS_PATHNAMES;
559 h->flags2 = smb_swap16(SMB_FLAGS2_IS_LONG_NAME | SMB_FLAGS2_KNOWS_LONG_NAME);
560 h->uid = smb_swap16(smbc->uid);
561 h->tid = smb_swap16(req->tid);
562 pid = getpid();
563 h->pid_high = smb_swap16((unsigned short)(pid >> 16));
564 h->pid = smb_swap16((unsigned short) pid);
565 }
566
smb_send(struct Curl_easy * data,size_t len,size_t upload_size)567 static CURLcode smb_send(struct Curl_easy *data, size_t len,
568 size_t upload_size)
569 {
570 struct connectdata *conn = data->conn;
571 struct smb_conn *smbc = &conn->proto.smbc;
572 size_t bytes_written;
573 CURLcode result;
574
575 result = Curl_xfer_send(data, smbc->send_buf, len, &bytes_written);
576 if(result)
577 return result;
578
579 if(bytes_written != len) {
580 smbc->send_size = len;
581 smbc->sent = bytes_written;
582 }
583
584 smbc->upload_size = upload_size;
585
586 return CURLE_OK;
587 }
588
smb_flush(struct Curl_easy * data)589 static CURLcode smb_flush(struct Curl_easy *data)
590 {
591 struct connectdata *conn = data->conn;
592 struct smb_conn *smbc = &conn->proto.smbc;
593 size_t bytes_written;
594 size_t len = smbc->send_size - smbc->sent;
595 CURLcode result;
596
597 if(!smbc->send_size)
598 return CURLE_OK;
599
600 result = Curl_xfer_send(data, smbc->send_buf + smbc->sent, len,
601 &bytes_written);
602 if(result)
603 return result;
604
605 if(bytes_written != len)
606 smbc->sent += bytes_written;
607 else
608 smbc->send_size = 0;
609
610 return CURLE_OK;
611 }
612
smb_send_message(struct Curl_easy * data,unsigned char cmd,const void * msg,size_t msg_len)613 static CURLcode smb_send_message(struct Curl_easy *data, unsigned char cmd,
614 const void *msg, size_t msg_len)
615 {
616 struct connectdata *conn = data->conn;
617 struct smb_conn *smbc = &conn->proto.smbc;
618
619 smb_format_message(data, (struct smb_header *)smbc->send_buf,
620 cmd, msg_len);
621 DEBUGASSERT((sizeof(struct smb_header) + msg_len) <= MAX_MESSAGE_SIZE);
622 memcpy(smbc->send_buf + sizeof(struct smb_header), msg, msg_len);
623
624 return smb_send(data, sizeof(struct smb_header) + msg_len, 0);
625 }
626
smb_send_negotiate(struct Curl_easy * data)627 static CURLcode smb_send_negotiate(struct Curl_easy *data)
628 {
629 const char *msg = "\x00\x0c\x00\x02NT LM 0.12";
630
631 return smb_send_message(data, SMB_COM_NEGOTIATE, msg, 15);
632 }
633
smb_send_setup(struct Curl_easy * data)634 static CURLcode smb_send_setup(struct Curl_easy *data)
635 {
636 struct connectdata *conn = data->conn;
637 struct smb_conn *smbc = &conn->proto.smbc;
638 struct smb_setup msg;
639 char *p = msg.bytes;
640 unsigned char lm_hash[21];
641 unsigned char lm[24];
642 unsigned char nt_hash[21];
643 unsigned char nt[24];
644
645 size_t byte_count = sizeof(lm) + sizeof(nt);
646 byte_count += strlen(smbc->user) + strlen(smbc->domain);
647 byte_count += strlen(OS) + strlen(CLIENTNAME) + 4; /* 4 null chars */
648 if(byte_count > sizeof(msg.bytes))
649 return CURLE_FILESIZE_EXCEEDED;
650
651 Curl_ntlm_core_mk_lm_hash(conn->passwd, lm_hash);
652 Curl_ntlm_core_lm_resp(lm_hash, smbc->challenge, lm);
653 Curl_ntlm_core_mk_nt_hash(conn->passwd, nt_hash);
654 Curl_ntlm_core_lm_resp(nt_hash, smbc->challenge, nt);
655
656 memset(&msg, 0, sizeof(msg));
657 msg.word_count = SMB_WC_SETUP_ANDX;
658 msg.andx.command = SMB_COM_NO_ANDX_COMMAND;
659 msg.max_buffer_size = smb_swap16(MAX_MESSAGE_SIZE);
660 msg.max_mpx_count = smb_swap16(1);
661 msg.vc_number = smb_swap16(1);
662 msg.session_key = smb_swap32(smbc->session_key);
663 msg.capabilities = smb_swap32(SMB_CAP_LARGE_FILES);
664 msg.lengths[0] = smb_swap16(sizeof(lm));
665 msg.lengths[1] = smb_swap16(sizeof(nt));
666 memcpy(p, lm, sizeof(lm));
667 p += sizeof(lm);
668 memcpy(p, nt, sizeof(nt));
669 p += sizeof(nt);
670 MSGCATNULL(smbc->user);
671 MSGCATNULL(smbc->domain);
672 MSGCATNULL(OS);
673 MSGCATNULL(CLIENTNAME);
674 byte_count = p - msg.bytes;
675 msg.byte_count = smb_swap16((unsigned short)byte_count);
676
677 return smb_send_message(data, SMB_COM_SETUP_ANDX, &msg,
678 sizeof(msg) - sizeof(msg.bytes) + byte_count);
679 }
680
smb_send_tree_connect(struct Curl_easy * data)681 static CURLcode smb_send_tree_connect(struct Curl_easy *data)
682 {
683 struct smb_tree_connect msg;
684 struct connectdata *conn = data->conn;
685 struct smb_conn *smbc = &conn->proto.smbc;
686 char *p = msg.bytes;
687
688 size_t byte_count = strlen(conn->host.name) + strlen(smbc->share);
689 byte_count += strlen(SERVICENAME) + 5; /* 2 nulls and 3 backslashes */
690 if(byte_count > sizeof(msg.bytes))
691 return CURLE_FILESIZE_EXCEEDED;
692
693 memset(&msg, 0, sizeof(msg));
694 msg.word_count = SMB_WC_TREE_CONNECT_ANDX;
695 msg.andx.command = SMB_COM_NO_ANDX_COMMAND;
696 msg.pw_len = 0;
697 MSGCAT("\\\\");
698 MSGCAT(conn->host.name);
699 MSGCAT("\\");
700 MSGCATNULL(smbc->share);
701 MSGCATNULL(SERVICENAME); /* Match any type of service */
702 byte_count = p - msg.bytes;
703 msg.byte_count = smb_swap16((unsigned short)byte_count);
704
705 return smb_send_message(data, SMB_COM_TREE_CONNECT_ANDX, &msg,
706 sizeof(msg) - sizeof(msg.bytes) + byte_count);
707 }
708
smb_send_open(struct Curl_easy * data)709 static CURLcode smb_send_open(struct Curl_easy *data)
710 {
711 struct smb_request *req = data->req.p.smb;
712 struct smb_nt_create msg;
713 size_t byte_count;
714
715 if((strlen(req->path) + 1) > sizeof(msg.bytes))
716 return CURLE_FILESIZE_EXCEEDED;
717
718 memset(&msg, 0, sizeof(msg));
719 msg.word_count = SMB_WC_NT_CREATE_ANDX;
720 msg.andx.command = SMB_COM_NO_ANDX_COMMAND;
721 byte_count = strlen(req->path);
722 msg.name_length = smb_swap16((unsigned short)byte_count);
723 msg.share_access = smb_swap32(SMB_FILE_SHARE_ALL);
724 if(data->state.upload) {
725 msg.access = smb_swap32(SMB_GENERIC_READ | SMB_GENERIC_WRITE);
726 msg.create_disposition = smb_swap32(SMB_FILE_OVERWRITE_IF);
727 }
728 else {
729 msg.access = smb_swap32(SMB_GENERIC_READ);
730 msg.create_disposition = smb_swap32(SMB_FILE_OPEN);
731 }
732 msg.byte_count = smb_swap16((unsigned short) ++byte_count);
733 strcpy(msg.bytes, req->path);
734
735 return smb_send_message(data, SMB_COM_NT_CREATE_ANDX, &msg,
736 sizeof(msg) - sizeof(msg.bytes) + byte_count);
737 }
738
smb_send_close(struct Curl_easy * data)739 static CURLcode smb_send_close(struct Curl_easy *data)
740 {
741 struct smb_request *req = data->req.p.smb;
742 struct smb_close msg;
743
744 memset(&msg, 0, sizeof(msg));
745 msg.word_count = SMB_WC_CLOSE;
746 msg.fid = smb_swap16(req->fid);
747
748 return smb_send_message(data, SMB_COM_CLOSE, &msg, sizeof(msg));
749 }
750
smb_send_tree_disconnect(struct Curl_easy * data)751 static CURLcode smb_send_tree_disconnect(struct Curl_easy *data)
752 {
753 struct smb_tree_disconnect msg;
754
755 memset(&msg, 0, sizeof(msg));
756
757 return smb_send_message(data, SMB_COM_TREE_DISCONNECT, &msg, sizeof(msg));
758 }
759
smb_send_read(struct Curl_easy * data)760 static CURLcode smb_send_read(struct Curl_easy *data)
761 {
762 struct smb_request *req = data->req.p.smb;
763 curl_off_t offset = data->req.offset;
764 struct smb_read msg;
765
766 memset(&msg, 0, sizeof(msg));
767 msg.word_count = SMB_WC_READ_ANDX;
768 msg.andx.command = SMB_COM_NO_ANDX_COMMAND;
769 msg.fid = smb_swap16(req->fid);
770 msg.offset = smb_swap32((unsigned int) offset);
771 msg.offset_high = smb_swap32((unsigned int) (offset >> 32));
772 msg.min_bytes = smb_swap16(MAX_PAYLOAD_SIZE);
773 msg.max_bytes = smb_swap16(MAX_PAYLOAD_SIZE);
774
775 return smb_send_message(data, SMB_COM_READ_ANDX, &msg, sizeof(msg));
776 }
777
smb_send_write(struct Curl_easy * data)778 static CURLcode smb_send_write(struct Curl_easy *data)
779 {
780 struct connectdata *conn = data->conn;
781 struct smb_conn *smbc = &conn->proto.smbc;
782 struct smb_write *msg;
783 struct smb_request *req = data->req.p.smb;
784 curl_off_t offset = data->req.offset;
785 curl_off_t upload_size = data->req.size - data->req.bytecount;
786
787 msg = (struct smb_write *)smbc->send_buf;
788 if(upload_size >= MAX_PAYLOAD_SIZE - 1) /* There is one byte of padding */
789 upload_size = MAX_PAYLOAD_SIZE - 1;
790
791 memset(msg, 0, sizeof(*msg));
792 msg->word_count = SMB_WC_WRITE_ANDX;
793 msg->andx.command = SMB_COM_NO_ANDX_COMMAND;
794 msg->fid = smb_swap16(req->fid);
795 msg->offset = smb_swap32((unsigned int) offset);
796 msg->offset_high = smb_swap32((unsigned int) (offset >> 32));
797 msg->data_length = smb_swap16((unsigned short) upload_size);
798 msg->data_offset = smb_swap16(sizeof(*msg) - sizeof(unsigned int));
799 msg->byte_count = smb_swap16((unsigned short) (upload_size + 1));
800
801 smb_format_message(data, &msg->h, SMB_COM_WRITE_ANDX,
802 sizeof(*msg) - sizeof(msg->h) + (size_t) upload_size);
803
804 return smb_send(data, sizeof(*msg), (size_t) upload_size);
805 }
806
smb_send_and_recv(struct Curl_easy * data,void ** msg)807 static CURLcode smb_send_and_recv(struct Curl_easy *data, void **msg)
808 {
809 struct connectdata *conn = data->conn;
810 struct smb_conn *smbc = &conn->proto.smbc;
811 CURLcode result;
812 *msg = NULL; /* if it returns early */
813
814 /* Check if there is data in the transfer buffer */
815 if(!smbc->send_size && smbc->upload_size) {
816 size_t nread = smbc->upload_size > (size_t)MAX_MESSAGE_SIZE ?
817 (size_t)MAX_MESSAGE_SIZE : smbc->upload_size;
818 bool eos;
819
820 result = Curl_client_read(data, smbc->send_buf, nread, &nread, &eos);
821 if(result && result != CURLE_AGAIN)
822 return result;
823 if(!nread)
824 return CURLE_OK;
825
826 smbc->upload_size -= nread;
827 smbc->send_size = nread;
828 smbc->sent = 0;
829 }
830
831 /* Check if there is data to send */
832 if(smbc->send_size) {
833 result = smb_flush(data);
834 if(result)
835 return result;
836 }
837
838 /* Check if there is still data to be sent */
839 if(smbc->send_size || smbc->upload_size)
840 return CURLE_AGAIN;
841
842 return smb_recv_message(data, msg);
843 }
844
smb_connection_state(struct Curl_easy * data,bool * done)845 static CURLcode smb_connection_state(struct Curl_easy *data, bool *done)
846 {
847 struct connectdata *conn = data->conn;
848 struct smb_conn *smbc = &conn->proto.smbc;
849 struct smb_negotiate_response *nrsp;
850 struct smb_header *h;
851 CURLcode result;
852 void *msg = NULL;
853
854 if(smbc->state == SMB_CONNECTING) {
855 #ifdef USE_SSL
856 if((conn->handler->flags & PROTOPT_SSL)) {
857 bool ssl_done = FALSE;
858 result = Curl_conn_connect(data, FIRSTSOCKET, FALSE, &ssl_done);
859 if(result && result != CURLE_AGAIN)
860 return result;
861 if(!ssl_done)
862 return CURLE_OK;
863 }
864 #endif
865
866 result = smb_send_negotiate(data);
867 if(result) {
868 connclose(conn, "SMB: failed to send negotiate message");
869 return result;
870 }
871
872 conn_state(data, SMB_NEGOTIATE);
873 }
874
875 /* Send the previous message and check for a response */
876 result = smb_send_and_recv(data, &msg);
877 if(result && result != CURLE_AGAIN) {
878 connclose(conn, "SMB: failed to communicate");
879 return result;
880 }
881
882 if(!msg)
883 return CURLE_OK;
884
885 h = msg;
886
887 switch(smbc->state) {
888 case SMB_NEGOTIATE:
889 if((smbc->got < sizeof(*nrsp) + sizeof(smbc->challenge) - 1) ||
890 h->status) {
891 connclose(conn, "SMB: negotiation failed");
892 return CURLE_COULDNT_CONNECT;
893 }
894 nrsp = msg;
895 memcpy(smbc->challenge, nrsp->bytes, sizeof(smbc->challenge));
896 smbc->session_key = smb_swap32(nrsp->session_key);
897 result = smb_send_setup(data);
898 if(result) {
899 connclose(conn, "SMB: failed to send setup message");
900 return result;
901 }
902 conn_state(data, SMB_SETUP);
903 break;
904
905 case SMB_SETUP:
906 if(h->status) {
907 connclose(conn, "SMB: authentication failed");
908 return CURLE_LOGIN_DENIED;
909 }
910 smbc->uid = smb_swap16(h->uid);
911 conn_state(data, SMB_CONNECTED);
912 *done = true;
913 break;
914
915 default:
916 smb_pop_message(conn);
917 return CURLE_OK; /* ignore */
918 }
919
920 smb_pop_message(conn);
921
922 return CURLE_OK;
923 }
924
925 /*
926 * Convert a timestamp from the Windows world (100 nsec units from 1 Jan 1601)
927 * to Posix time. Cap the output to fit within a time_t.
928 */
get_posix_time(time_t * out,curl_off_t timestamp)929 static void get_posix_time(time_t *out, curl_off_t timestamp)
930 {
931 timestamp -= 116444736000000000;
932 timestamp /= 10000000;
933 #if SIZEOF_TIME_T < SIZEOF_CURL_OFF_T
934 if(timestamp > TIME_T_MAX)
935 *out = TIME_T_MAX;
936 else if(timestamp < TIME_T_MIN)
937 *out = TIME_T_MIN;
938 else
939 #endif
940 *out = (time_t) timestamp;
941 }
942
smb_request_state(struct Curl_easy * data,bool * done)943 static CURLcode smb_request_state(struct Curl_easy *data, bool *done)
944 {
945 struct connectdata *conn = data->conn;
946 struct smb_request *req = data->req.p.smb;
947 struct smb_header *h;
948 struct smb_conn *smbc = &conn->proto.smbc;
949 enum smb_req_state next_state = SMB_DONE;
950 unsigned short len;
951 unsigned short off;
952 CURLcode result;
953 void *msg = NULL;
954 const struct smb_nt_create_response *smb_m;
955
956 if(data->state.upload && (data->state.infilesize < 0)) {
957 failf(data, "SMB upload needs to know the size up front");
958 return CURLE_SEND_ERROR;
959 }
960
961 /* Start the request */
962 if(req->state == SMB_REQUESTING) {
963 result = smb_send_tree_connect(data);
964 if(result) {
965 connclose(conn, "SMB: failed to send tree connect message");
966 return result;
967 }
968
969 request_state(data, SMB_TREE_CONNECT);
970 }
971
972 /* Send the previous message and check for a response */
973 result = smb_send_and_recv(data, &msg);
974 if(result && result != CURLE_AGAIN) {
975 connclose(conn, "SMB: failed to communicate");
976 return result;
977 }
978
979 if(!msg)
980 return CURLE_OK;
981
982 h = msg;
983
984 switch(req->state) {
985 case SMB_TREE_CONNECT:
986 if(h->status) {
987 req->result = CURLE_REMOTE_FILE_NOT_FOUND;
988 if(h->status == smb_swap32(SMB_ERR_NOACCESS))
989 req->result = CURLE_REMOTE_ACCESS_DENIED;
990 break;
991 }
992 req->tid = smb_swap16(h->tid);
993 next_state = SMB_OPEN;
994 break;
995
996 case SMB_OPEN:
997 if(h->status || smbc->got < sizeof(struct smb_nt_create_response)) {
998 req->result = CURLE_REMOTE_FILE_NOT_FOUND;
999 if(h->status == smb_swap32(SMB_ERR_NOACCESS))
1000 req->result = CURLE_REMOTE_ACCESS_DENIED;
1001 next_state = SMB_TREE_DISCONNECT;
1002 break;
1003 }
1004 smb_m = (const struct smb_nt_create_response*) msg;
1005 req->fid = smb_swap16(smb_m->fid);
1006 data->req.offset = 0;
1007 if(data->state.upload) {
1008 data->req.size = data->state.infilesize;
1009 Curl_pgrsSetUploadSize(data, data->req.size);
1010 next_state = SMB_UPLOAD;
1011 }
1012 else {
1013 data->req.size = smb_swap64(smb_m->end_of_file);
1014 if(data->req.size < 0) {
1015 req->result = CURLE_WEIRD_SERVER_REPLY;
1016 next_state = SMB_CLOSE;
1017 }
1018 else {
1019 Curl_pgrsSetDownloadSize(data, data->req.size);
1020 if(data->set.get_filetime)
1021 get_posix_time(&data->info.filetime, smb_m->last_change_time);
1022 next_state = SMB_DOWNLOAD;
1023 }
1024 }
1025 break;
1026
1027 case SMB_DOWNLOAD:
1028 if(h->status || smbc->got < sizeof(struct smb_header) + 14) {
1029 req->result = CURLE_RECV_ERROR;
1030 next_state = SMB_CLOSE;
1031 break;
1032 }
1033 len = Curl_read16_le(((const unsigned char *) msg) +
1034 sizeof(struct smb_header) + 11);
1035 off = Curl_read16_le(((const unsigned char *) msg) +
1036 sizeof(struct smb_header) + 13);
1037 if(len > 0) {
1038 if(off + sizeof(unsigned int) + len > smbc->got) {
1039 failf(data, "Invalid input packet");
1040 result = CURLE_RECV_ERROR;
1041 }
1042 else
1043 result = Curl_client_write(data, CLIENTWRITE_BODY,
1044 (char *)msg + off + sizeof(unsigned int),
1045 len);
1046 if(result) {
1047 req->result = result;
1048 next_state = SMB_CLOSE;
1049 break;
1050 }
1051 }
1052 data->req.offset += len;
1053 next_state = (len < MAX_PAYLOAD_SIZE) ? SMB_CLOSE : SMB_DOWNLOAD;
1054 break;
1055
1056 case SMB_UPLOAD:
1057 if(h->status || smbc->got < sizeof(struct smb_header) + 6) {
1058 req->result = CURLE_UPLOAD_FAILED;
1059 next_state = SMB_CLOSE;
1060 break;
1061 }
1062 len = Curl_read16_le(((const unsigned char *) msg) +
1063 sizeof(struct smb_header) + 5);
1064 data->req.bytecount += len;
1065 data->req.offset += len;
1066 Curl_pgrsSetUploadCounter(data, data->req.bytecount);
1067 if(data->req.bytecount >= data->req.size)
1068 next_state = SMB_CLOSE;
1069 else
1070 next_state = SMB_UPLOAD;
1071 break;
1072
1073 case SMB_CLOSE:
1074 /* We don't care if the close failed, proceed to tree disconnect anyway */
1075 next_state = SMB_TREE_DISCONNECT;
1076 break;
1077
1078 case SMB_TREE_DISCONNECT:
1079 next_state = SMB_DONE;
1080 break;
1081
1082 default:
1083 smb_pop_message(conn);
1084 return CURLE_OK; /* ignore */
1085 }
1086
1087 smb_pop_message(conn);
1088
1089 switch(next_state) {
1090 case SMB_OPEN:
1091 result = smb_send_open(data);
1092 break;
1093
1094 case SMB_DOWNLOAD:
1095 result = smb_send_read(data);
1096 break;
1097
1098 case SMB_UPLOAD:
1099 result = smb_send_write(data);
1100 break;
1101
1102 case SMB_CLOSE:
1103 result = smb_send_close(data);
1104 break;
1105
1106 case SMB_TREE_DISCONNECT:
1107 result = smb_send_tree_disconnect(data);
1108 break;
1109
1110 case SMB_DONE:
1111 result = req->result;
1112 *done = true;
1113 break;
1114
1115 default:
1116 break;
1117 }
1118
1119 if(result) {
1120 connclose(conn, "SMB: failed to send message");
1121 return result;
1122 }
1123
1124 request_state(data, next_state);
1125
1126 return CURLE_OK;
1127 }
1128
smb_disconnect(struct Curl_easy * data,struct connectdata * conn,bool dead)1129 static CURLcode smb_disconnect(struct Curl_easy *data,
1130 struct connectdata *conn, bool dead)
1131 {
1132 struct smb_conn *smbc = &conn->proto.smbc;
1133 (void) dead;
1134 (void) data;
1135 Curl_safefree(smbc->share);
1136 Curl_safefree(smbc->domain);
1137 Curl_safefree(smbc->recv_buf);
1138 Curl_safefree(smbc->send_buf);
1139 return CURLE_OK;
1140 }
1141
smb_getsock(struct Curl_easy * data,struct connectdata * conn,curl_socket_t * socks)1142 static int smb_getsock(struct Curl_easy *data,
1143 struct connectdata *conn, curl_socket_t *socks)
1144 {
1145 (void)data;
1146 socks[0] = conn->sock[FIRSTSOCKET];
1147 return GETSOCK_READSOCK(0) | GETSOCK_WRITESOCK(0);
1148 }
1149
smb_do(struct Curl_easy * data,bool * done)1150 static CURLcode smb_do(struct Curl_easy *data, bool *done)
1151 {
1152 struct connectdata *conn = data->conn;
1153 struct smb_conn *smbc = &conn->proto.smbc;
1154
1155 *done = FALSE;
1156 if(smbc->share) {
1157 return CURLE_OK;
1158 }
1159 return CURLE_URL_MALFORMAT;
1160 }
1161
smb_parse_url_path(struct Curl_easy * data,struct connectdata * conn)1162 static CURLcode smb_parse_url_path(struct Curl_easy *data,
1163 struct connectdata *conn)
1164 {
1165 struct smb_request *req = data->req.p.smb;
1166 struct smb_conn *smbc = &conn->proto.smbc;
1167 char *path;
1168 char *slash;
1169
1170 /* URL decode the path */
1171 CURLcode result = Curl_urldecode(data->state.up.path, 0, &path, NULL,
1172 REJECT_CTRL);
1173 if(result)
1174 return result;
1175
1176 /* Parse the path for the share */
1177 smbc->share = strdup((*path == '/' || *path == '\\') ? path + 1 : path);
1178 free(path);
1179 if(!smbc->share)
1180 return CURLE_OUT_OF_MEMORY;
1181
1182 slash = strchr(smbc->share, '/');
1183 if(!slash)
1184 slash = strchr(smbc->share, '\\');
1185
1186 /* The share must be present */
1187 if(!slash) {
1188 Curl_safefree(smbc->share);
1189 failf(data, "missing share in URL path for SMB");
1190 return CURLE_URL_MALFORMAT;
1191 }
1192
1193 /* Parse the path for the file path converting any forward slashes into
1194 backslashes */
1195 *slash++ = 0;
1196 req->path = slash;
1197
1198 for(; *slash; slash++) {
1199 if(*slash == '/')
1200 *slash = '\\';
1201 }
1202 return CURLE_OK;
1203 }
1204
1205 #endif /* CURL_DISABLE_SMB && USE_CURL_NTLM_CORE &&
1206 SIZEOF_CURL_OFF_T > 4 */
1207