Bug 15247 - Permission denied when trying to delete file from android clients (gvfs?)
Summary: Permission denied when trying to delete file from android clients (gvfs?)
Status: NEW
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: libsmbclient (show other bugs)
Version: 4.17.2
Hardware: x64 Linux
: P5 normal (vote)
Target Milestone: ---
Assignee: Samba QA Contact
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2022-11-18 06:13 UTC by RC Bosworth
Modified: 2022-11-22 17:12 UTC (History)
1 user (show)

See Also:


Attachments
Wireshark capture of android client (9.53 KB, application/octet-stream)
2022-11-22 04:57 UTC, RC Bosworth
no flags Details
Level 10 samba server log (130.22 KB, text/plain)
2022-11-22 04:57 UTC, RC Bosworth
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description RC Bosworth 2022-11-18 06:13:50 UTC
Most android file managers are failing to delete files after upgrade to 14.7.x   This was captured using Solid Explorer but most others are failing the same way.

Single files will result in a permission denied error (but will still be deleted.)

Multiple files/dirs will fail immediately after permission denied error.

I believe this is related to gvfs libs being used client side but something changed in 14.7.0 and seems related to bug #15195 which is very similar (but resolved in 14.7.2)  This bug remains outstanding.

I'm new to wireshark -- is there a best way to export the pcap file with the relevant information?

Server log: 
smbd[1668]: [2022/11/16 02:43:00.249990,  0] ../../source3/smbd/server.c:1741(main)
smbd[1668]:   smbd version 4.17.2 started.
smbd[1668]:   Copyright Andrew Tridgell and the Samba Team 1992-2022
nmbd[1673]: [2022/11/16 02:43:00.283325,  0] ../../source3/nmbd/nmbd.c:901(main)
nmbd[1673]:   nmbd version 4.17.2 started.
nmbd[1673]:   Copyright Andrew Tridgell and the Samba Team 1992-2022
...
smbd[22786]: [2022/11/17 00:15:38.152578,  2] ../../source3/smbd/open.c:1678(open_file)
admin opened file SERVER/FOO/file.mkv read=No write=No (numopen=2)
smbd[22786]: [2022/11/17 00:15:38.167282,  3] ../../source3/smbd/smb2_trans2.c:6834(smbd_do_setfilepathinfo)
smbd[22786]:   smbd_do_setfilepathinfo: file SERVER/FOO/file.mkv (fnum 1321203594) info_level=1013 totdata=1
smbd[22786]: [2022/11/17 00:15:38.175453,  2] ../../source3/smbd/close.c:830(close_normal_file)
smbd[22786]:   admin closed file file SERVER/FOO/file.mkv (numopen=0) NT_STATUS_ACCESS_DENIED
smbd[22786]:   smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../../source3/smbd/smb2_close.c:111
status[NT_STATUS_ACCESS_DENIED]Nov 17 00:15:38 Hippo  smbd[22786]: [2022/11/17 00:15:38.175530,  3] ../../source3/smbd/smb2_server.c:3955(smbd_smb2_request_error_ex)


Wireshark:
Negotiate Protocol Request
Negotiate Protocol Response
Session Setup Request, NTLMSSP_NEGOTIATE
Session Setup Response, Error: STATUS_MORE_PROCESSING_REQUIRED, NTLMSSP_CHALLENGE
Session Setup Request, NTLMSSP_AUTH, User: \\admin
Session Setup Response
Tree Connect Request Tree: \\\\192.168.1.10\\media
Tree Connect Response
Create Request File: 
Create Response File: 
Find Request File:  SMB2_FIND_ID_BOTH_DIRECTORY_INFO Pattern: *
Find Response
Find Request File:  SMB2_FIND_ID_BOTH_DIRECTORY_INFO Pattern: *
Find Response, Error: STATUS_NO_MORE_FILES
Close Request File: 
Close Response
Create Request File: SERVER
Create Response File: SERVER
Find Request File: SERVER SMB2_FIND_ID_BOTH_DIRECTORY_INFO Pattern: *
Find Response
Find Request File: SERVER SMB2_FIND_ID_BOTH_DIRECTORY_INFO Pattern: *
Find Response, Error: STATUS_NO_MORE_FILES
Close Request File: SERVER
Close Response
Create Request File: SERVER\\FOO
Create Response File: SERVER\\FOO
Find Request File: SERVER\\FOO SMB2_FIND_ID_BOTH_DIRECTORY_INFO Pattern: *
Find Response
Find Request File: SERVER\\FOO SMB2_FIND_ID_BOTH_DIRECTORY_INFO Pattern: *
Find Response, Error: STATUS_NO_MORE_FILES
Close Request File: SERVER\\FOO
Close Response
Create Request File: SERVER\\FOO\\banner.jpg
Create Response File: SERVER\\FOO\\banner.jpg
SetInfo Request FILE_INFO/SMB2_FILE_DISPOSITION_INFO File: SERVER\\FOO\\banner.jpg
SetInfo Response
Close Request File: SERVER\\FOO\\banner.jpg
Close Response, Error: STATUS_ACCESS_DENIED
Create Request File: SERVER\\FOO\\Folder
Create Response File: SERVER\\FOO\\Folder
Find Request File: SERVER\\FOO\\Folder SMB2_FIND_ID_BOTH_DIRECTORY_INFO Pattern: *
Find Response
Find Request File: SERVER\\FOO\\Folder SMB2_FIND_ID_BOTH_DIRECTORY_INFO Pattern: *
Find Response, Error: STATUS_NO_MORE_FILES
Close Request File: SERVER\\FOO\\Folder
Close Response
Create Request File: SERVER\\FOO\\Folder
Create Response File: SERVER\\FOO\\Folder
Find Request File: SERVER\\FOO\\Folder SMB2_FIND_ID_BOTH_DIRECTORY_INFO Pattern: *
Find Response
Find Request File: SERVER\\FOO\\Folder SMB2_FIND_ID_BOTH_DIRECTORY_INFO Pattern: *
Find Response, Error: STATUS_NO_MORE_FILES
Close Request File: SERVER\\FOO\\Folder
Close Response
Create Request File: SERVER\\FOO\\Folder\\File.mkv
Create Response File: SERVER\\FOO\\Folder\\File.mkv
SetInfo Request FILE_INFO/SMB2_FILE_DISPOSITION_INFO File: SERVER\\FOO\\Folder\\File.mkv
SetInfo Response
Close Request File: SERVER\\FOO\\Folder\\File.mkv
Close Response, Error: STATUS_ACCESS_DENIED
Comment 1 Jeremy Allison 2022-11-21 19:04:28 UTC
This is the "delete file" pattern:

Create Request File: SERVER\\FOO\\Folder\\File.mkv
Create Response File: SERVER\\FOO\\Folder\\File.mkv
SetInfo Request FILE_INFO/SMB2_FILE_DISPOSITION_INFO File: SERVER\\FOO\\Folder\\File.mkv
SetInfo Response
Close Request File: SERVER\\FOO\\Folder\\File.mkv
Close Response, Error: STATUS_ACCESS_DENIED

Which is correct, so it looks like the client libraries are doing the right thing.

Seems the server check for SetInfo (set file disposition "delete-on-close" is succeeding) but then an error occurs when actually trying to delete the file.

There could be lots of reasons for this, usually the logged on user not having the correct permissions in the target directory.

We really need a wireshark trace on TCP port 445 combined with an smbd debug level 10 trace to make progress on this, sorry.
Comment 2 RC Bosworth 2022-11-22 04:57:14 UTC
Created attachment 17667 [details]
Wireshark capture of android client
Comment 3 RC Bosworth 2022-11-22 04:57:45 UTC
Created attachment 17668 [details]
Level 10 samba server log
Comment 4 RC Bosworth 2022-11-22 05:00:11 UTC
(In reply to Jeremy Allison from comment #1)

Thanks for following up.  I've uploaded the wireshark capture as well as the level 10 log.

The odd behavior is that the server is actually deleting the file -- but it's responding with an ACCESS DENIED error that the client then reports that the operation failed.
Comment 5 Jeremy Allison 2022-11-22 17:12:34 UTC
I'm out on vacation until December 5th, so I'll have to follow-up after that. Thanks for the info !