hierynomus / smbj

Server Message Block (SMB2, SMB3) implementation in Java
Other
713 stars 180 forks source link

STATUS_ACCESS_DENIED (0xc0000022): Create failed for... #645

Open ramkumarkb opened 3 years ago

ramkumarkb commented 3 years ago

Hi,

We are trying to connect to a NAS Share - where we have permissions to read / write to sub-directories but do not have access to the root share (in the error logs below - OpsApplications$).

For the SMBJ to work, does it need to have full access to the root share?

Seems to authenticate successfully -

12593 [main] INFO com.hierynomus.smbj.connection.SMBSessionBuilder - Successfully authenticated sv_mycompany_U on nas006.mycompbf.mycomp-group.com, session is 1226386473567472248
14223 [main] INFO com.hierynomus.smbj.session.Session - Connecting to \\nas006.mycompbf.mycomp-group.com\OpsApplications$ on session 1226386473567472248
...
Exception in thread "main" com.hierynomus.mssmb2.SMBApiException: STATUS_ACCESS_DENIED (0xc0000022): Create failed for \\nas006.mycompbf.mycomp-group.com\OpsApplications$\Mailroom Checklist\uat\in\batch

Thank you for any tips or pointers. This issue seems to be different from #607

Full stack-trace as below...

9 [main] INFO com.mycompany.poc.smb.SmbFileTransfer - <== STARTING SMB POC =>>
10 [main] INFO com.mycompany.poc.smb.App - info
10 [main] WARN com.mycompany.poc.smb.App - warning
10 [main] ERROR com.mycompany.poc.smb.App - error
20 [main] INFO com.mycompany.poc.smb.SmbFileTransfer - Started fetchFilesFromNASDrive with remove source file = false
11299 [main] INFO com.hierynomus.smbj.connection.PacketEncryptor - Initialized PacketEncryptor with Cipher << AES_128_GCM >>
11299 [main] INFO com.hierynomus.smbj.connection.Connection - Successfully connected to: nas006.mycompbf.mycomp-group.com
12593 [main] INFO com.hierynomus.smbj.connection.SMBSessionBuilder - Successfully authenticated sv_mycompany_U on nas006.mycompbf.mycomp-group.com, session is 1226386473567472248
14223 [main] INFO com.hierynomus.smbj.session.Session - Connecting to \\nas006.mycompbf.mycomp-group.com\OpsApplications$ on session 1226386473567472248
14390 [Thread-4] INFO com.hierynomus.smbj.connection.packet.SMB3DecryptingPacketHandler - Decrypting packet Encrypted for session id << 1226386473567472248 >>
18028 [Thread-4] INFO com.hierynomus.smbj.connection.packet.SMB3DecryptingPacketHandler - Decrypting packet Encrypted for session id << 1226386473567472248 >>
19167 [Thread-4] INFO com.hierynomus.smbj.connection.packet.SMB3DecryptingPacketHandler - Decrypting packet Encrypted for session id << 1226386473567472248 >>
19193 [main] INFO com.hierynomus.smbj.session.Session - Logging off session 1226386473567472248 from host nas006.mycompbf.mycomp-group.com
19197 [Thread-4] INFO com.hierynomus.smbj.connection.packet.SMB3DecryptingPacketHandler - Decrypting packet Encrypted for session id << 1226386473567472248 >>
19199 [main] INFO com.hierynomus.smbj.connection.Connection - Closed connection to nas006.mycompbf.mycomp-group.com
Exception in thread "main" com.hierynomus.mssmb2.SMBApiException: STATUS_ACCESS_DENIED (0xc0000022): Create failed for \\nas006.mycompbf.mycomp-group.com\OpsApplications$\Mailroom Checklist\uat\in\batch
    at com.hierynomus.smbj.share.Share.receive(Share.java:397)
    at com.hierynomus.smbj.share.Share.sendReceive(Share.java:377)
    at com.hierynomus.smbj.share.Share.createFile(Share.java:159)
    at com.hierynomus.smbj.share.DiskShare.createFileAndResolve(DiskShare.java:75)
    at com.hierynomus.smbj.share.DiskShare.access$100(DiskShare.java:55)
    at com.hierynomus.smbj.share.DiskShare$2.apply(DiskShare.java:109)
    at com.hierynomus.smbj.share.DiskShare$2.apply(DiskShare.java:105)
    at com.hierynomus.smbj.paths.PathResolver$1.resolve(PathResolver.java:32)
    at com.hierynomus.smbj.paths.SymlinkPathResolver.resolve(SymlinkPathResolver.java:62)
    at com.hierynomus.smbj.share.DiskShare.resolveAndCreateFile(DiskShare.java:105)
    at com.hierynomus.smbj.share.DiskShare.open(DiskShare.java:65)
    at com.hierynomus.smbj.share.DiskShare.openDirectory(DiskShare.java:151)
    at com.hierynomus.smbj.share.DiskShare.list(DiskShare.java:258)
    at com.hierynomus.smbj.share.DiskShare.list(DiskShare.java:240)
    at com.mycompany.poc.smb.SmbFileTransferKt.fetchFilesFromNASCADrive(SmbFileTransfer.kt:317)
    at com.mycompany.poc.smb.SmbFileTransferKt.fetchFilesFromNASCADrive$default(SmbFileTransfer.kt:305)
    at com.mycompany.poc.smb.SmbFileTransferKt.main(SmbFileTransfer.kt:52)
    Suppressed: com.hierynomus.mssmb2.SMBApiException: STATUS_ACCESS_DENIED (0xc0000022): Error closing connection to \\nas006.mycompbf.mycomp-group.com\OpsApplications$
        at com.hierynomus.smbj.share.TreeConnect.close(TreeConnect.java:72)
        at com.hierynomus.smbj.share.Share.close(Share.java:115)
        at kotlin.jdk7.AutoCloseableKt.closeFinally(AutoCloseable.kt:64)
        at com.mycompany.poc.smb.SmbFileTransferKt.fetchFilesFromNASCADrive(SmbFileTransfer.kt:313)
        ... 2 more
rokkakasu commented 3 years ago

Hi Team, I am also getting the same exception when using latest SMBJ library 0.11.1 and SMB version as 3_1_1. when I use 2_1 as version my application is working. Thanks, R Ramarajan.

rokkakasu commented 3 years ago

Hi @hierynomus

please help we are stuck with this we cannot upgrade to 3_1_1 with this issue.

thanks, R Ramarajan.

rokkakasu commented 3 years ago

Hi Team,

I Read the documentation https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-smb2/9a639360-87be-4d49-a1dd-4c6be0c020bd Please let us know only 2_1 is supported for NAS share or should we try 3.0 or 3.0.2 dialect,

Thanks, R Ramarajan.

rokkakasu commented 3 years ago

@ramkumarkb Hi Ramkumar,

can you post your example here.

Thanks, R Ramarajan.

hierynomus commented 3 years ago

Most probably your AccessMask is set too broad, try to use a more restricted one. What are you now using in your code?

rokkakasu commented 3 years ago

Hi @hierynomus I am using AccessMask.GENERIC_ALL with SMBJ Version 3_1_1 with 0.11.1 version in NAS share. I read the documentation "When I try to open a file or directory my code fails with STATUS_ACCESS_DENIED. How can I fix this?"

I will try with lesser AccessMask permission. when we use version 2_1 the same code works this works without any problem

Thanks, R Ramarajan.

hierynomus commented 3 years ago
To resolve this, reduce the set of AccessMask values down to just the access that you need. For instance, if you only want to read the contents of the file use FILE_READ_DATA instead of something more broad like GENERIC_READ or GENERIC_ALL.

So please use something more specific than GENERIC_ALL. The server is not allowing that with SMB3_1_1

rokkakasu commented 3 years ago

Hi @hierynomus ,

I tried with FILE_READ_DATA and FILE_WRITE_DATA but I am facing the issue for NAS Share only.

private DiskEntry openWritableFile(final DiskShare share, final String name) { return share.openFile(name, EnumSet.of(AccessMask.FILE_READ_DATA,AccessMask.FILE_WRITE_DATA), null, EnumSet.of(SMB2ShareAccess.FILE_SHARE_WRITE), SMB2CreateDisposition.FILE_SUPERSEDE, null); }

Thanks, R Ramarajan.