git-market/curl-curl
1
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2026-04-11 12:01:42 +08:00
Code Issues Actions 14 Packages Projects Releases Wiki Activity

lib: make SMB support opt-in

Browse Source 
The SMB protocol has weak security and is rarely used these days.

Note that SMB also requires NTLM enabled.

Closes #20846
This commit is contained in:
Daniel Stenberg 2026-03-21 15:37:58 +01:00
parent 06a83340b1
commit 6393103b99
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2
12 changed files with 31 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.github/workflows/windows.yml vendored
View File

@ -857,11 +857,11 @@ jobs:
image: 'windows-11-arm' image: 'windows-11-arm'
openssh: 'OpenSSH-Windows' openssh: 'OpenSSH-Windows'
tflags: '--min=1650' tflags: '--min=1650'
# disable SMB to save 30-60 seconds by omitting prereqs, to counteract the slower test run step # leave SMB disabled to save 30-60 seconds by omitting prereqs,
# to counteract the slower test run step
config: >- config: >-
-DENABLE_DEBUG=ON -DENABLE_DEBUG=ON
-DCURL_USE_SCHANNEL=ON -DCURL_USE_SCHANNEL=ON
-DCURL_DISABLE_SMB=ON
-DUSE_WIN32_IDN=ON -DENABLE_UNICODE=ON -DUSE_SSLS_EXPORT=ON -DUSE_WIN32_IDN=ON -DENABLE_UNICODE=ON -DUSE_SSLS_EXPORT=ON
fail-fast: false fail-fast: false

9
CMakeLists.txt
View File

@ -494,8 +494,8 @@ option(CURL_DISABLE_SHA512_256 "Disable SHA-512/256 hash algorithm" OFF)
mark_as_advanced(CURL_DISABLE_SHA512_256) mark_as_advanced(CURL_DISABLE_SHA512_256)
option(CURL_DISABLE_SHUFFLE_DNS "Disable shuffle DNS feature" OFF) option(CURL_DISABLE_SHUFFLE_DNS "Disable shuffle DNS feature" OFF)
mark_as_advanced(CURL_DISABLE_SHUFFLE_DNS) mark_as_advanced(CURL_DISABLE_SHUFFLE_DNS)
option(CURL_DISABLE_SMB "Disable SMB" OFF) option(CURL_ENABLE_SMB "Enable SMB" OFF)
mark_as_advanced(CURL_DISABLE_SMB) mark_as_advanced(CURL_ENABLE_SMB)
option(CURL_DISABLE_SMTP "Disable SMTP" OFF) option(CURL_DISABLE_SMTP "Disable SMTP" OFF)
mark_as_advanced(CURL_DISABLE_SMTP) mark_as_advanced(CURL_DISABLE_SMTP)
option(CURL_DISABLE_SOCKETPAIR "Disable use of socketpair for curl_multi_poll()" OFF) option(CURL_DISABLE_SOCKETPAIR "Disable use of socketpair for curl_multi_poll()" OFF)
@ -540,7 +540,6 @@ if(HTTP_ONLY)
set(CURL_DISABLE_MQTT ON) set(CURL_DISABLE_MQTT ON)
set(CURL_DISABLE_POP3 ON) set(CURL_DISABLE_POP3 ON)
set(CURL_DISABLE_RTSP ON) set(CURL_DISABLE_RTSP ON)
set(CURL_DISABLE_SMB ON)
set(CURL_DISABLE_SMTP ON) set(CURL_DISABLE_SMTP ON)
set(CURL_DISABLE_TELNET ON) set(CURL_DISABLE_TELNET ON)
set(CURL_DISABLE_TFTP ON) set(CURL_DISABLE_TFTP ON)
@ -1972,9 +1971,9 @@ curl_add_if("POP3" NOT CURL_DISABLE_POP3)
curl_add_if("POP3S" NOT CURL_DISABLE_POP3 AND _ssl_enabled) curl_add_if("POP3S" NOT CURL_DISABLE_POP3 AND _ssl_enabled)
curl_add_if("IMAP" NOT CURL_DISABLE_IMAP) curl_add_if("IMAP" NOT CURL_DISABLE_IMAP)
curl_add_if("IMAPS" NOT CURL_DISABLE_IMAP AND _ssl_enabled) curl_add_if("IMAPS" NOT CURL_DISABLE_IMAP AND _ssl_enabled)
curl_add_if("SMB" NOT CURL_DISABLE_SMB AND curl_add_if("SMB" CURL_ENABLE_SMB AND
_use_curl_ntlm_core AND (SIZEOF_CURL_OFF_T GREATER 4)) _use_curl_ntlm_core AND (SIZEOF_CURL_OFF_T GREATER 4))
curl_add_if("SMBS" NOT CURL_DISABLE_SMB AND _ssl_enabled AND curl_add_if("SMBS" CURL_ENABLE_SMB AND _ssl_enabled AND
_use_curl_ntlm_core AND (SIZEOF_CURL_OFF_T GREATER 4)) _use_curl_ntlm_core AND (SIZEOF_CURL_OFF_T GREATER 4))
curl_add_if("SMTP" NOT CURL_DISABLE_SMTP) curl_add_if("SMTP" NOT CURL_DISABLE_SMTP)
curl_add_if("SMTPS" NOT CURL_DISABLE_SMTP AND _ssl_enabled) curl_add_if("SMTPS" NOT CURL_DISABLE_SMTP AND _ssl_enabled)

18
configure.ac
View File

@ -1018,19 +1018,19 @@ AS_HELP_STRING([--disable-imap],[Disable IMAP support]),
AC_MSG_CHECKING([whether to support smb]) AC_MSG_CHECKING([whether to support smb])
AC_ARG_ENABLE(smb, AC_ARG_ENABLE(smb,
AS_HELP_STRING([--enable-smb],[Enable SMB/CIFS support]) AS_HELP_STRING([--enable-smb],[Enable SMB support])
AS_HELP_STRING([--disable-smb],[Disable SMB/CIFS support]), AS_HELP_STRING([--disable-smb],[Disable SMB support]),
[ case "$enableval" in [ case "$enableval" in
no) yes)
AC_MSG_RESULT(no) AC_MSG_RESULT(yes)
AC_DEFINE(CURL_DISABLE_SMB, 1, [to disable SMB/CIFS]) AC_DEFINE(CURL_ENABLE_SMB, 1, [to enable SMB])
CURL_DISABLE_SMB=1 CURL_ENABLE_SMB=1
;; ;;
*) *)
AC_MSG_RESULT(yes) AC_MSG_RESULT(no)
;; ;;
esac ], esac ],
AC_MSG_RESULT(yes) AC_MSG_RESULT(no)
) )
AC_MSG_CHECKING([whether to support smtp]) AC_MSG_CHECKING([whether to support smtp])
@ -5302,7 +5302,7 @@ if test "$CURL_DISABLE_IMAP" != "1"; then
SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS IMAPS" SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS IMAPS"
fi fi
fi fi
if test "$CURL_DISABLE_SMB" != "1" && test "$use_curl_ntlm_core" = "yes"; then if test "$CURL_ENABLE_SMB" = "1" && test "$use_curl_ntlm_core" = "yes"; then
SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS SMB" SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS SMB"
if test "$SSL_ENABLED" = "1"; then if test "$SSL_ENABLED" = "1"; then
SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS SMBS" SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS SMBS"

4
docs/CURL-DISABLE.md
View File

@ -157,9 +157,9 @@ Disable the SHA-512/256 hash algorithm.
Disable the shuffle DNS feature Disable the shuffle DNS feature
## `CURL_DISABLE_SMB` ## `CURL_ENABLE_SMB`
Disable the SMB(S) protocols Enable the SMB(S) protocols
## `CURL_DISABLE_SMTP` ## `CURL_DISABLE_SMTP`

1
docs/DEPRECATE.md
View File

@ -27,6 +27,7 @@ TLS-SRP support gets removed in August 2026.
## SMB goes opt-in ## SMB goes opt-in
The SMB protocol has weak security and is rarely used these days. After curl The SMB protocol has weak security and is rarely used these days. After curl
8.19.0 SMB support becomes opt-in. 8.19.0 SMB support becomes opt-in.
## NTLM goes opt-in ## NTLM goes opt-in

2
docs/INSTALL-CMAKE.md
View File

@ -310,7 +310,7 @@ target_link_libraries(my_target PRIVATE CURL::libcurl)
- `CURL_DISABLE_RTSP`: Disable RTSP. Default: `OFF` - `CURL_DISABLE_RTSP`: Disable RTSP. Default: `OFF`
- `CURL_DISABLE_SHA512_256`: Disable SHA-512/256 hash algorithm. Default: `OFF` - `CURL_DISABLE_SHA512_256`: Disable SHA-512/256 hash algorithm. Default: `OFF`
- `CURL_DISABLE_SHUFFLE_DNS`: Disable shuffle DNS feature. Default: `OFF` - `CURL_DISABLE_SHUFFLE_DNS`: Disable shuffle DNS feature. Default: `OFF`
- `CURL_DISABLE_SMB`: Disable SMB. Default: `OFF` - `CURL_ENABLE_SMB`: Enable SMB. Default: `OFF`
- `CURL_DISABLE_SMTP`: Disable SMTP. Default: `OFF` - `CURL_DISABLE_SMTP`: Disable SMTP. Default: `OFF`
- `CURL_DISABLE_SOCKETPAIR`: Disable use of socketpair for curl_multi_poll(). Default: `OFF` - `CURL_DISABLE_SOCKETPAIR`: Disable use of socketpair for curl_multi_poll(). Default: `OFF`
- `CURL_DISABLE_SRP`: Disable TLS-SRP support. Default: `OFF` - `CURL_DISABLE_SRP`: Disable TLS-SRP support. Default: `OFF`

2
lib/curl_config-cmake.h.in
View File

@ -146,7 +146,7 @@
#cmakedefine CURL_DISABLE_SHUFFLE_DNS 1 #cmakedefine CURL_DISABLE_SHUFFLE_DNS 1
/* disables SMB */ /* disables SMB */
#cmakedefine CURL_DISABLE_SMB 1 #cmakedefine CURL_ENABLE_SMB 1
/* disables SMTP */ /* disables SMTP */
#cmakedefine CURL_DISABLE_SMTP 1 #cmakedefine CURL_DISABLE_SMTP 1

3
lib/curl_setup.h
View File

@ -258,9 +258,6 @@
# ifndef CURL_DISABLE_RTSP # ifndef CURL_DISABLE_RTSP
# define CURL_DISABLE_RTSP # define CURL_DISABLE_RTSP
# endif # endif
# ifndef CURL_DISABLE_SMB
# define CURL_DISABLE_SMB
# endif
# ifndef CURL_DISABLE_SMTP # ifndef CURL_DISABLE_SMTP
# define CURL_DISABLE_SMTP # define CURL_DISABLE_SMTP
# endif # endif

14
lib/protocol.c
View File

@ -309,10 +309,10 @@ const struct Curl_scheme Curl_scheme_scp = {
const struct Curl_scheme Curl_scheme_smb = { const struct Curl_scheme Curl_scheme_smb = {
"smb", /* scheme */ "smb", /* scheme */
#if defined(CURL_DISABLE_SMB) || !defined(USE_CURL_NTLM_CORE) #if defined(CURL_ENABLE_SMB) && defined(USE_CURL_NTLM_CORE)
ZERO_NULL,
#else
&Curl_protocol_smb, &Curl_protocol_smb,
#else
ZERO_NULL,
#endif #endif
CURLPROTO_SMB, /* protocol */ CURLPROTO_SMB, /* protocol */
CURLPROTO_SMB, /* family */ CURLPROTO_SMB, /* family */
@ -322,11 +322,11 @@ const struct Curl_scheme Curl_scheme_smb = {
const struct Curl_scheme Curl_scheme_smbs = { const struct Curl_scheme Curl_scheme_smbs = {
"smbs", /* scheme */ "smbs", /* scheme */
#if defined(CURL_DISABLE_SMB) || !defined(USE_CURL_NTLM_CORE) || \ #if defined(CURL_ENABLE_SMB) && defined(USE_CURL_NTLM_CORE) && \
!defined(USE_SSL) defined(USE_SSL)
ZERO_NULL,
#else
&Curl_protocol_smb, &Curl_protocol_smb,
#else
ZERO_NULL,
#endif #endif
CURLPROTO_SMBS, /* protocol */ CURLPROTO_SMBS, /* protocol */
CURLPROTO_SMB, /* family */ CURLPROTO_SMB, /* family */

4
lib/smb.c
View File

@ -25,7 +25,7 @@
#include "curl_setup.h" #include "curl_setup.h"
#include "urldata.h" #include "urldata.h"
#if !defined(CURL_DISABLE_SMB) && defined(USE_CURL_NTLM_CORE) #if defined(CURL_ENABLE_SMB) && defined(USE_CURL_NTLM_CORE)
#ifdef HAVE_ARPA_INET_H #ifdef HAVE_ARPA_INET_H
#include <arpa/inet.h> /* for htons() */ #include <arpa/inet.h> /* for htons() */
@ -1228,4 +1228,4 @@ const struct Curl_protocol Curl_protocol_smb = {
ZERO_NULL, /* follow */ ZERO_NULL, /* follow */
}; };
#endif /* CURL_DISABLE_SMB && USE_CURL_NTLM_CORE && SIZEOF_CURL_OFF_T > 4 */ #endif /* CURL_ENABLE_SMB && USE_CURL_NTLM_CORE && SIZEOF_CURL_OFF_T > 4 */

2
lib/smb.h
View File

@ -24,7 +24,7 @@
* SPDX-License-Identifier: curl * SPDX-License-Identifier: curl
* *
***************************************************************************/ ***************************************************************************/
#if !defined(CURL_DISABLE_SMB) && defined(USE_CURL_NTLM_CORE) #if defined(CURL_ENABLE_SMB) && defined(USE_CURL_NTLM_CORE)
extern const struct Curl_protocol Curl_protocol_smb; extern const struct Curl_protocol Curl_protocol_smb;
#endif #endif

2
lib/version.c
View File

@ -345,7 +345,7 @@ static const char * const supported_protocols[] = {
"scp", "scp",
"sftp", "sftp",
#endif #endif
#if !defined(CURL_DISABLE_SMB) && defined(USE_CURL_NTLM_CORE) #if defined(CURL_ENABLE_SMB) && defined(USE_CURL_NTLM_CORE)
"smb", "smb",
# ifdef USE_SSL # ifdef USE_SSL
"smbs", "smbs",