[cifs-protocol] NTCreateAndX with DesiredAccess of 0
James Peach
jpeach at apple.com
Tue May 25 10:14:49 MDT 2010
On May 24, 2010, at 9:55 PM, Christopher R. Hertel wrote:
> James, et. al.,
>
> There is a Windows Behavior Note associated with [MS-CIFS] section 3.3.5.50
> that states:
>
> * DesiredAccess is the SMB_Parameters.Words.DesiredAccess field of the
> request. The FILE_COMPLETE_IF_OPLOCKED option is added (using a
> bitwise OR) to the set provided by the client. If the
> FILE_NO_INTERMEDIATE_BUFFERING flag is set, it is cleared and
> FILE_WRITE_THROUGH is set.
I don't have this note in my copy of MS-CIFS (04/23/2010 revision 6.0)
>
> So, at minimum:
> * We know, from James' description, that the SMB server does not check
> for (DesiredAccess == 0) and return an error itself.
> * The SMB server sets the FILE_COMPLETE_IF_OPLOCKED before passing the
> DesiredAccess field to the FSA layer.
>
> That (at a minimum) is why DesiredAccess is non-zero by the time it gets to
> the OS call that would return STATUS_INVALID_PARAMETER.
It doesn't *sound* like FILE_COMPLETE_IF_OPLOCKED would make the DesiredAccess non-zero. What am I missing here?
>
> Chris -)-----
>
> James Peach wrote:
>> Hi all,
>>
>> In MS-FSA 3.1.5.1, the initial parameter validation says that the operation MUST be failed with STATUS_INVALID_PARAMETER if DesiredAccess is zero. This may be true from the perspective of the object store, but it's not correct from the perspective of the SMB client.
>>
>> The Mac OS X client implements the access(2) system call[*] by sending a SMB_COM_NT_CREATE_ANDX request with a DesiredAccess mask of zero. This causes the server to open a file handle with no access rights, but the SMB_COM_NT_CREATE_ANDX response returns the MaximalAccess which is what the client actually needs. This works with all the Windows versions that we have tested with. I believe that it works because the Windows SMB server implicitly opens the file with a non-zero DesiredAccess mask in order to obtain the necessary information for the SMB_COM_NT_CREATE_ANDX response. Note that providing any value for DesiredAccess might cause the request to fail with STATUS_ACCESS_DENIED, which will not provide the desired functionality.
>>
>> I'm not sure whether MS-FSA should be updated, but it currently does not describe observable Windows behaviour in this regard.
>>
>> cheers,
>> James
>>
>> [*] <http://www.opengroup.org/onlinepubs/009695399/functions/access.html>
>> _______________________________________________
>> cifs-protocol mailing list
>> cifs-protocol at cifs.org
>> https://lists.samba.org/mailman/listinfo/cifs-protocol
>
> --
> Christopher R. Hertel -)----- Storage Architect & CIFS Geek
> http://www.ubiqx.com/ Data Storage and Systems Consulting
> "Implementing CIFS - the Common Internet FileSystem" ISBN: 013047116X
More information about the cifs-protocol
mailing list