[2014/06/18 06:18:00.177745, 6, pid=5732, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:2657(lp_file_list_changed) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Wed Jun 18 06:11:15 2014 [2014/06/18 06:18:00.177808, 5, pid=5732, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:187(dbwrap_check_lock_order) check lock order 2 for /usr/local/samba/var/lock/serverid.tdb [2014/06/18 06:18:00.177833, 10, pid=5732, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1: 2:/usr/local/samba/var/lock/serverid.tdb 3: [2014/06/18 06:18:00.177861, 10, pid=5732, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Locking key 6416000000000000FFFF [2014/06/18 06:18:00.177893, 10, pid=5732, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) Allocated locked data 0x0xb659dc28 [2014/06/18 06:18:00.177930, 10, pid=5732, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Unlocking key 6416000000000000FFFF [2014/06/18 06:18:00.177960, 5, pid=5732, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) release lock order 2 for /usr/local/samba/var/lock/serverid.tdb [2014/06/18 06:18:00.177985, 10, pid=5732, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1: 2: 3: [2014/06/18 06:18:00.178024, 6, pid=5732, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:2657(lp_file_list_changed) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Wed Jun 18 06:11:15 2014 [2014/06/18 06:18:00.178082, 10, pid=5732, effective(0, 0), real(0, 0)] ../source3/smbd/smb2_server.c:2885(smbd_smb2_first_negprot) smbd_smb2_first_negprot: packet length 106 [2014/06/18 06:18:00.178124, 10, pid=5732, effective(0, 0), real(0, 0)] ../source3/smbd/smb2_server.c:621(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 0 (position 0) from bitmap [2014/06/18 06:18:00.178158, 10, pid=5732, effective(0, 0), real(0, 0)] ../source3/smbd/smb2_server.c:1878(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_NEGPROT] mid = 0 [2014/06/18 06:18:00.178190, 4, pid=5732, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2014/06/18 06:18:00.178216, 5, pid=5732, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2014/06/18 06:18:00.178240, 5, pid=5732, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2014/06/18 06:18:00.178277, 5, pid=5732, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:425(smbd_change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2014/06/18 06:18:00.178332, 10, pid=5732, effective(0, 0), real(0, 0)] ../source3/lib/util.c:1277(set_remote_arch) set_remote_arch: Client arch is 'Vista' [2014/06/18 06:18:00.178380, 6, pid=5732, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:2657(lp_file_list_changed) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Wed Jun 18 06:11:15 2014 [2014/06/18 06:18:00.178434, 3, pid=5732, effective(0, 0), real(0, 0)] ../source3/smbd/smb2_negprot.c:243(smbd_smb2_request_process_negprot) Selected protocol SMB2_FF [2014/06/18 06:18:00.178474, 5, pid=5732, effective(0, 0), real(0, 0), class=auth] ../source3/auth/auth.c:464(make_auth_context_subsystem) Making default auth method list for server role = 'standalone server', encrypt passwords = yes [2014/06/18 06:18:00.178511, 5, pid=5732, effective(0, 0), real(0, 0), class=auth] ../source3/auth/auth.c:48(smb_register_auth) Attempting to register auth backend sam [2014/06/18 06:18:00.178540, 5, pid=5732, effective(0, 0), real(0, 0), class=auth] ../source3/auth/auth.c:60(smb_register_auth) Successfully added auth method 'sam' [2014/06/18 06:18:00.178568, 5, pid=5732, effective(0, 0), real(0, 0), class=auth] ../source3/auth/auth.c:48(smb_register_auth) Attempting to register auth backend sam_ignoredomain [2014/06/18 06:18:00.178598, 5, pid=5732, effective(0, 0), real(0, 0), class=auth] ../source3/auth/auth.c:60(smb_register_auth) Successfully added auth method 'sam_ignoredomain' [2014/06/18 06:18:00.178625, 5, pid=5732, effective(0, 0), real(0, 0), class=auth] ../source3/auth/auth.c:48(smb_register_auth) Attempting to register auth backend unix [2014/06/18 06:18:00.178652, 5, pid=5732, effective(0, 0), real(0, 0), class=auth] ../source3/auth/auth.c:60(smb_register_auth) Successfully added auth method 'unix' [2014/06/18 06:18:00.178679, 5, pid=5732, effective(0, 0), real(0, 0), class=auth] ../source3/auth/auth.c:48(smb_register_auth) Attempting to register auth backend winbind [2014/06/18 06:18:00.178705, 5, pid=5732, effective(0, 0), real(0, 0), class=auth] ../source3/auth/auth.c:60(smb_register_auth) Successfully added auth method 'winbind' [2014/06/18 06:18:00.178730, 5, pid=5732, effective(0, 0), real(0, 0), class=auth] ../source3/auth/auth.c:48(smb_register_auth) Attempting to register auth backend wbc [2014/06/18 06:18:00.178756, 5, pid=5732, effective(0, 0), real(0, 0), class=auth] ../source3/auth/auth.c:60(smb_register_auth) Successfully added auth method 'wbc' [2014/06/18 06:18:00.178782, 5, pid=5732, effective(0, 0), real(0, 0), class=auth] ../source3/auth/auth.c:48(smb_register_auth) Attempting to register auth backend trustdomain [2014/06/18 06:18:00.178808, 5, pid=5732, effective(0, 0), real(0, 0), class=auth] ../source3/auth/auth.c:60(smb_register_auth) Successfully added auth method 'trustdomain' [2014/06/18 06:18:00.178833, 5, pid=5732, effective(0, 0), real(0, 0), class=auth] ../source3/auth/auth.c:48(smb_register_auth) Attempting to register auth backend ntdomain [2014/06/18 06:18:00.178858, 5, pid=5732, effective(0, 0), real(0, 0), class=auth] ../source3/auth/auth.c:60(smb_register_auth) Successfully added auth method 'ntdomain' [2014/06/18 06:18:00.178884, 5, pid=5732, effective(0, 0), real(0, 0), class=auth] ../source3/auth/auth.c:48(smb_register_auth) Attempting to register auth backend guest [2014/06/18 06:18:00.178909, 5, pid=5732, effective(0, 0), real(0, 0), class=auth] ../source3/auth/auth.c:60(smb_register_auth) Successfully added auth method 'guest' [2014/06/18 06:18:00.178936, 5, pid=5732, effective(0, 0), real(0, 0), class=auth] ../source3/auth/auth.c:48(smb_register_auth) Attempting to register auth backend samba4 [2014/06/18 06:18:00.178962, 5, pid=5732, effective(0, 0), real(0, 0), class=auth] ../source3/auth/auth.c:60(smb_register_auth) Successfully added auth method 'samba4' [2014/06/18 06:18:00.178986, 5, pid=5732, effective(0, 0), real(0, 0), class=auth] ../source3/auth/auth.c:351(load_auth_module) load_auth_module: Attempting to find an auth method to match guest [2014/06/18 06:18:00.179014, 5, pid=5732, effective(0, 0), real(0, 0), class=auth] ../source3/auth/auth.c:376(load_auth_module) load_auth_module: auth method guest has a valid init [2014/06/18 06:18:00.179042, 5, pid=5732, effective(0, 0), real(0, 0), class=auth] ../source3/auth/auth.c:351(load_auth_module) load_auth_module: Attempting to find an auth method to match sam [2014/06/18 06:18:00.179069, 5, pid=5732, effective(0, 0), real(0, 0), class=auth] ../source3/auth/auth.c:376(load_auth_module) load_auth_module: auth method sam has a valid init [2014/06/18 06:18:00.180065, 3, pid=5732, effective(0, 0), real(0, 0)] ../auth/gensec/gensec_start.c:870(gensec_register) GENSEC backend 'gssapi_spnego' registered [2014/06/18 06:18:00.180108, 3, pid=5732, effective(0, 0), real(0, 0)] ../auth/gensec/gensec_start.c:870(gensec_register) GENSEC backend 'gssapi_krb5' registered [2014/06/18 06:18:00.180136, 3, pid=5732, effective(0, 0), real(0, 0)] ../auth/gensec/gensec_start.c:870(gensec_register) GENSEC backend 'gssapi_krb5_sasl' registered [2014/06/18 06:18:00.183950, 3, pid=5732, effective(0, 0), real(0, 0)] ../auth/gensec/gensec_start.c:870(gensec_register) GENSEC backend 'sasl-DIGEST-MD5' registered [2014/06/18 06:18:00.183994, 3, pid=5732, effective(0, 0), real(0, 0)] ../auth/gensec/gensec_start.c:870(gensec_register) GENSEC backend 'schannel' registered [2014/06/18 06:18:00.184031, 3, pid=5732, effective(0, 0), real(0, 0)] ../auth/gensec/gensec_start.c:870(gensec_register) GENSEC backend 'spnego' registered [2014/06/18 06:18:00.184197, 3, pid=5732, effective(0, 0), real(0, 0)] ../auth/gensec/gensec_start.c:870(gensec_register) GENSEC backend 'ntlmssp' registered [2014/06/18 06:18:00.184923, 3, pid=5732, effective(0, 0), real(0, 0)] ../auth/gensec/gensec_start.c:870(gensec_register) GENSEC backend 'krb5' registered [2014/06/18 06:18:00.184953, 3, pid=5732, effective(0, 0), real(0, 0)] ../auth/gensec/gensec_start.c:870(gensec_register) GENSEC backend 'fake_gssapi_krb5' registered [2014/06/18 06:18:00.185080, 5, pid=5732, effective(0, 0), real(0, 0)] ../auth/gensec/gensec_start.c:649(gensec_start_mech) Starting GENSEC mechanism spnego [2014/06/18 06:18:00.185152, 5, pid=5732, effective(0, 0), real(0, 0)] ../auth/gensec/gensec_start.c:649(gensec_start_mech) Starting GENSEC submechanism ntlmssp [2014/06/18 06:18:00.185326, 10, pid=5732, effective(0, 0), real(0, 0)] ../source3/smbd/smb2_server.c:2499(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[64] dyn[yes:74] at ../source3/smbd/smb2_negprot.c:387 [2014/06/18 06:18:00.185371, 10, pid=5732, effective(0, 0), real(0, 0)] ../source3/smbd/smb2_server.c:874(smb2_set_operation_credit) smb2_set_operation_credit: requested 0, charge 1, granted 1, current possible/max 512/512, total granted/max/low/range 1/8192/1/1 [2014/06/18 06:18:00.185720, 3, pid=5732, effective(0, 0), real(0, 0)] ../source3/smbd/negprot.c:671(reply_negprot) Selected protocol SMB 2.??? [2014/06/18 06:18:00.185762, 5, pid=5732, effective(0, 0), real(0, 0)] ../source3/smbd/negprot.c:678(reply_negprot) negprot index=7 [2014/06/18 06:18:00.185814, 10, pid=5732, effective(0, 0), real(0, 0)] ../source3/smbd/smb2_server.c:3241(smbd_smb2_io_handler) smbd_smb2_request idx[1] of 5 vectors [2014/06/18 06:18:00.185846, 10, pid=5732, effective(0, 0), real(0, 0)] ../source3/smbd/smb2_server.c:621(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 1 (position 1) from bitmap [2014/06/18 06:18:00.185877, 10, pid=5732, effective(0, 0), real(0, 0)] ../source3/smbd/smb2_server.c:1878(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_NEGPROT] mid = 1 [2014/06/18 06:18:00.185908, 4, pid=5732, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2014/06/18 06:18:00.185936, 5, pid=5732, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2014/06/18 06:18:00.185963, 5, pid=5732, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2014/06/18 06:18:00.186007, 5, pid=5732, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:425(smbd_change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2014/06/18 06:18:00.186041, 10, pid=5732, effective(0, 0), real(0, 0)] ../source3/lib/util.c:1277(set_remote_arch) set_remote_arch: Client arch is 'Vista' [2014/06/18 06:18:00.186088, 6, pid=5732, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:2657(lp_file_list_changed) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Wed Jun 18 06:11:15 2014 [2014/06/18 06:18:00.186150, 3, pid=5732, effective(0, 0), real(0, 0)] ../source3/smbd/smb2_negprot.c:243(smbd_smb2_request_process_negprot) Selected protocol SMB2_10 [2014/06/18 06:18:00.186180, 5, pid=5732, effective(0, 0), real(0, 0), class=auth] ../source3/auth/auth.c:464(make_auth_context_subsystem) Making default auth method list for server role = 'standalone server', encrypt passwords = yes [2014/06/18 06:18:00.186217, 5, pid=5732, effective(0, 0), real(0, 0), class=auth] ../source3/auth/auth.c:351(load_auth_module) load_auth_module: Attempting to find an auth method to match guest [2014/06/18 06:18:00.186246, 5, pid=5732, effective(0, 0), real(0, 0), class=auth] ../source3/auth/auth.c:376(load_auth_module) load_auth_module: auth method guest has a valid init [2014/06/18 06:18:00.186274, 5, pid=5732, effective(0, 0), real(0, 0), class=auth] ../source3/auth/auth.c:351(load_auth_module) load_auth_module: Attempting to find an auth method to match sam [2014/06/18 06:18:00.186303, 5, pid=5732, effective(0, 0), real(0, 0), class=auth] ../source3/auth/auth.c:376(load_auth_module) load_auth_module: auth method sam has a valid init [2014/06/18 06:18:00.186352, 5, pid=5732, effective(0, 0), real(0, 0)] ../auth/gensec/gensec_start.c:649(gensec_start_mech) Starting GENSEC mechanism spnego [2014/06/18 06:18:00.186391, 5, pid=5732, effective(0, 0), real(0, 0)] ../auth/gensec/gensec_start.c:649(gensec_start_mech) Starting GENSEC submechanism ntlmssp [2014/06/18 06:18:00.186480, 5, pid=5732, effective(0, 0), real(0, 0)] ../source3/lib/messages.c:293(messaging_register) Registering messaging pointer for type 1536 - private_data=0xb65aa1d0 [2014/06/18 06:18:00.186534, 10, pid=5732, effective(0, 0), real(0, 0)] ../source3/smbd/smb2_server.c:2499(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[64] dyn[yes:74] at ../source3/smbd/smb2_negprot.c:387 [2014/06/18 06:18:00.186567, 10, pid=5732, effective(0, 0), real(0, 0)] ../source3/smbd/smb2_server.c:874(smb2_set_operation_credit) smb2_set_operation_credit: requested 0, charge 1, granted 1, current possible/max 512/512, total granted/max/low/range 1/8192/2/1 [2014/06/18 06:18:00.187304, 10, pid=5732, effective(0, 0), real(0, 0)] ../source3/smbd/smb2_server.c:3241(smbd_smb2_io_handler) smbd_smb2_request idx[1] of 5 vectors [2014/06/18 06:18:00.187355, 10, pid=5732, effective(0, 0), real(0, 0)] ../source3/smbd/smb2_server.c:621(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 2 (position 2) from bitmap [2014/06/18 06:18:00.187385, 10, pid=5732, effective(0, 0), real(0, 0)] ../source3/smbd/smb2_server.c:1878(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_SESSSETUP] mid = 2 [2014/06/18 06:18:00.187413, 4, pid=5732, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2014/06/18 06:18:00.187440, 5, pid=5732, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2014/06/18 06:18:00.187464, 5, pid=5732, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2014/06/18 06:18:00.187503, 5, pid=5732, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:425(smbd_change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2014/06/18 06:18:00.187548, 5, pid=5732, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:187(dbwrap_check_lock_order) check lock order 1 for /usr/local/samba/var/lock/smbXsrv_session_global.tdb [2014/06/18 06:18:00.187576, 10, pid=5732, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1:/usr/local/samba/var/lock/smbXsrv_session_global.tdb 2: 3: [2014/06/18 06:18:00.187604, 10, pid=5732, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Locking key 78E69D1F [2014/06/18 06:18:00.187641, 10, pid=5732, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) Allocated locked data 0x0xb65aae50 [2014/06/18 06:18:00.187870, 10, pid=5732, effective(0, 0), real(0, 0)] ../source3/smbd/smbXsrv_session.c:853(smbXsrv_session_global_store) [2014/06/18 06:18:00.187894, 10, pid=5732, effective(0, 0), real(0, 0)] ../source3/smbd/smbXsrv_session.c:855(smbXsrv_session_global_store) smbXsrv_session_global_store: key '78E69D1F' stored [2014/06/18 06:18:00.187929, 1, pid=5732, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &global_blob: struct smbXsrv_session_globalB version : SMBXSRV_VERSION_0 (0) seqnum : 0x00000001 (1) info : union smbXsrv_session_globalU(case 0) info0 : * info0: struct smbXsrv_session_global0 db_rec : * session_global_id : 0x78e69d1f (2028379423) session_wire_id : 0x0000000078e69d1f (2028379423) creation_time : Wed Jun 18 06:18:00 AM 2014 IST expiration_time : Thu Jan 1 05:30:00 AM 1970 IST auth_session_info_seqnum : 0x00000000 (0) auth_session_info : NULL connection_dialect : 0x0210 (528) signing_required : 0x00 (0) encryption_required : 0x00 (0) num_channels : 0x00000001 (1) channels: ARRAY(1) channels: struct smbXsrv_channel_global0 server_id: struct server_id pid : 0x0000000000001664 (5732) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0x718583a4645892af (8180089040269775535) local_address : 'ipv6:fe80::20c:29ff:fe35:4012:445' remote_address : 'ipv6:fe80::51bb:b8a:3bcd:9e1e:49878' remote_name : 'fe80::51bb:b8a:3bcd:9e1e' auth_session_info_seqnum : 0x00000000 (0) [2014/06/18 06:18:00.188292, 10, pid=5732, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Unlocking key 78E69D1F [2014/06/18 06:18:00.188320, 5, pid=5732, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) release lock order 1 for /usr/local/samba/var/lock/smbXsrv_session_global.tdb [2014/06/18 06:18:00.188346, 10, pid=5732, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1: 2: 3: [2014/06/18 06:18:00.188372, 10, pid=5732, effective(0, 0), real(0, 0)] ../source3/smbd/smbXsrv_session.c:1215(smbXsrv_session_create) [2014/06/18 06:18:00.188388, 10, pid=5732, effective(0, 0), real(0, 0)] ../source3/smbd/smbXsrv_session.c:1223(smbXsrv_session_create) smbXsrv_session_create: global_id (0x78e69d1f) stored [2014/06/18 06:18:00.188412, 1, pid=5732, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &session_blob: struct smbXsrv_sessionB version : SMBXSRV_VERSION_0 (0) reserved : 0x00000000 (0) info : union smbXsrv_sessionU(case 0) info0 : * info0: struct smbXsrv_session table : * db_rec : NULL connection : * local_id : 0x78e69d1f (2028379423) global : * global: struct smbXsrv_session_global0 db_rec : NULL session_global_id : 0x78e69d1f (2028379423) session_wire_id : 0x0000000078e69d1f (2028379423) creation_time : Wed Jun 18 06:18:00 AM 2014 IST expiration_time : Thu Jan 1 05:30:00 AM 1970 IST auth_session_info_seqnum : 0x00000000 (0) auth_session_info : NULL connection_dialect : 0x0210 (528) signing_required : 0x00 (0) encryption_required : 0x00 (0) num_channels : 0x00000001 (1) channels: ARRAY(1) channels: struct smbXsrv_channel_global0 server_id: struct server_id pid : 0x0000000000001664 (5732) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0x718583a4645892af (8180089040269775535) local_address : 'ipv6:fe80::20c:29ff:fe35:4012:445' remote_address : 'ipv6:fe80::51bb:b8a:3bcd:9e1e:49878' remote_name : 'fe80::51bb:b8a:3bcd:9e1e' auth_session_info_seqnum : 0x00000000 (0) status : NT_STATUS_MORE_PROCESSING_REQUIRED idle_time : Wed Jun 18 06:18:00 AM 2014 IST nonce_high : 0x0000000000000000 (0) nonce_low : 0x0000000000000000 (0) gensec : NULL compat : NULL tcon_table : * [2014/06/18 06:18:00.188883, 5, pid=5732, effective(0, 0), real(0, 0), class=auth] ../source3/auth/auth.c:464(make_auth_context_subsystem) Making default auth method list for server role = 'standalone server', encrypt passwords = yes [2014/06/18 06:18:00.188912, 5, pid=5732, effective(0, 0), real(0, 0), class=auth] ../source3/auth/auth.c:351(load_auth_module) load_auth_module: Attempting to find an auth method to match guest [2014/06/18 06:18:00.188938, 5, pid=5732, effective(0, 0), real(0, 0), class=auth] ../source3/auth/auth.c:376(load_auth_module) load_auth_module: auth method guest has a valid init [2014/06/18 06:18:00.188964, 5, pid=5732, effective(0, 0), real(0, 0), class=auth] ../source3/auth/auth.c:351(load_auth_module) load_auth_module: Attempting to find an auth method to match sam [2014/06/18 06:18:00.188990, 5, pid=5732, effective(0, 0), real(0, 0), class=auth] ../source3/auth/auth.c:376(load_auth_module) load_auth_module: auth method sam has a valid init [2014/06/18 06:18:00.189049, 5, pid=5732, effective(0, 0), real(0, 0)] ../auth/gensec/gensec_start.c:649(gensec_start_mech) Starting GENSEC mechanism spnego [2014/06/18 06:18:00.189086, 4, pid=5732, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2014/06/18 06:18:00.189115, 4, pid=5732, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2014/06/18 06:18:00.189141, 4, pid=5732, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2014/06/18 06:18:00.189165, 5, pid=5732, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2014/06/18 06:18:00.189190, 5, pid=5732, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2014/06/18 06:18:00.189238, 4, pid=5732, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 24 req->in.vector[4].iov_len = 74 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 [2014/06/18 06:18:00.189435, 5, pid=5732, effective(0, 0), real(0, 0)] ../auth/gensec/gensec_start.c:649(gensec_start_mech) Starting GENSEC submechanism ntlmssp [2014/06/18 06:18:00.189486, 3, pid=5732, effective(0, 0), real(0, 0)] ../auth/ntlmssp/ntlmssp_util.c:34(debug_ntlmssp_flags) Got NTLMSSP neg_flags=0xe2088297 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_NEGOTIATE_OEM NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_LM_KEY NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_VERSION NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH NTLMSSP_NEGOTIATE_56 [2014/06/18 06:18:00.189648, 1, pid=5732, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) negotiate: struct NEGOTIATE_MESSAGE Signature : 'NTLMSSP' MessageType : NtLmNegotiate (1) NegotiateFlags : 0xe2088297 (3792208535) 1: NTLMSSP_NEGOTIATE_UNICODE 1: NTLMSSP_NEGOTIATE_OEM 1: NTLMSSP_REQUEST_TARGET 1: NTLMSSP_NEGOTIATE_SIGN 0: NTLMSSP_NEGOTIATE_SEAL 0: NTLMSSP_NEGOTIATE_DATAGRAM 1: NTLMSSP_NEGOTIATE_LM_KEY 0: NTLMSSP_NEGOTIATE_NETWARE 1: NTLMSSP_NEGOTIATE_NTLM 0: NTLMSSP_NEGOTIATE_NT_ONLY 0: NTLMSSP_ANONYMOUS 0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED 0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED 0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL 1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN 0: NTLMSSP_TARGET_TYPE_DOMAIN 0: NTLMSSP_TARGET_TYPE_SERVER 0: NTLMSSP_TARGET_TYPE_SHARE 1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY 0: NTLMSSP_NEGOTIATE_IDENTIFY 0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY 0: NTLMSSP_NEGOTIATE_TARGET_INFO 1: NTLMSSP_NEGOTIATE_VERSION 1: NTLMSSP_NEGOTIATE_128 1: NTLMSSP_NEGOTIATE_KEY_EXCH 1: NTLMSSP_NEGOTIATE_56 DomainNameLen : 0x0000 (0) DomainNameMaxLen : 0x0000 (0) DomainName : NULL WorkstationLen : 0x0000 (0) WorkstationMaxLen : 0x0000 (0) Workstation : NULL Version: struct ntlmssp_VERSION ProductMajorVersion : NTLMSSP_WINDOWS_MAJOR_VERSION_6 (6) ProductMinorVersion : NTLMSSP_WINDOWS_MINOR_VERSION_1 (1) ProductBuild : 0x1db0 (7600) Reserved: ARRAY(3) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) NTLMRevisionCurrent : NTLMSSP_REVISION_W2K3 (15) [2014/06/18 06:18:00.190206, 1, pid=5732, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) challenge: struct CHALLENGE_MESSAGE Signature : 'NTLMSSP' MessageType : NtLmChallenge (0x2) TargetNameLen : 0x0012 (18) TargetNameMaxLen : 0x0012 (18) TargetName : * TargetName : 'LOCALHOST' NegotiateFlags : 0xe28a8215 (3800728085) 1: NTLMSSP_NEGOTIATE_UNICODE 0: NTLMSSP_NEGOTIATE_OEM 1: NTLMSSP_REQUEST_TARGET 1: NTLMSSP_NEGOTIATE_SIGN 0: NTLMSSP_NEGOTIATE_SEAL 0: NTLMSSP_NEGOTIATE_DATAGRAM 0: NTLMSSP_NEGOTIATE_LM_KEY 0: NTLMSSP_NEGOTIATE_NETWARE 1: NTLMSSP_NEGOTIATE_NTLM 0: NTLMSSP_NEGOTIATE_NT_ONLY 0: NTLMSSP_ANONYMOUS 0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED 0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED 0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL 1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN 0: NTLMSSP_TARGET_TYPE_DOMAIN 1: NTLMSSP_TARGET_TYPE_SERVER 0: NTLMSSP_TARGET_TYPE_SHARE 1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY 0: NTLMSSP_NEGOTIATE_IDENTIFY 0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY 1: NTLMSSP_NEGOTIATE_TARGET_INFO 1: NTLMSSP_NEGOTIATE_VERSION 1: NTLMSSP_NEGOTIATE_128 1: NTLMSSP_NEGOTIATE_KEY_EXCH 1: NTLMSSP_NEGOTIATE_56 ServerChallenge : f8137858887c25a5 Reserved : 0000000000000000 TargetInfoLen : 0x004a (74) TargetNameInfoMaxLen : 0x004a (74) TargetInfo : * TargetInfo: struct AV_PAIR_LIST count : 0x00000005 (5) pair: ARRAY(5) pair: struct AV_PAIR AvId : MsvAvNbDomainName (0x2) AvLen : 0x0012 (18) Value : union ntlmssp_AvValue(case 0x2) AvNbDomainName : 'LOCALHOST' pair: struct AV_PAIR AvId : MsvAvNbComputerName (0x1) AvLen : 0x0012 (18) Value : union ntlmssp_AvValue(case 0x1) AvNbComputerName : 'LOCALHOST' pair: struct AV_PAIR AvId : MsvAvDnsDomainName (0x4) AvLen : 0x0000 (0) Value : union ntlmssp_AvValue(case 0x4) AvDnsDomainName : '' pair: struct AV_PAIR AvId : MsvAvDnsComputerName (0x3) AvLen : 0x0012 (18) Value : union ntlmssp_AvValue(case 0x3) AvDnsComputerName : 'localhost' pair: struct AV_PAIR AvId : MsvAvEOL (0x0) AvLen : 0x0000 (0) Value : union ntlmssp_AvValue(case 0x0) Version: struct ntlmssp_VERSION ProductMajorVersion : NTLMSSP_WINDOWS_MAJOR_VERSION_6 (0x6) ProductMinorVersion : NTLMSSP_WINDOWS_MINOR_VERSION_1 (0x1) ProductBuild : 0x0000 (0) Reserved : 000000 NTLMRevisionCurrent : NTLMSSP_REVISION_W2K3 (0xF) [2014/06/18 06:18:00.190969, 4, pid=5732, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2014/06/18 06:18:00.190996, 4, pid=5732, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2014/06/18 06:18:00.191019, 4, pid=5732, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2014/06/18 06:18:00.191042, 5, pid=5732, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2014/06/18 06:18:00.191064, 5, pid=5732, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2014/06/18 06:18:00.191106, 4, pid=5732, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2014/06/18 06:18:00.191230, 10, pid=5732, effective(0, 0), real(0, 0)] ../source3/smbd/smb2_server.c:2499(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_MORE_PROCESSING_REQUIRED] body[8] dyn[yes:179] at ../source3/smbd/smb2_sesssetup.c:167 [2014/06/18 06:18:00.191258, 10, pid=5732, effective(0, 0), real(0, 0)] ../source3/smbd/smb2_server.c:874(smb2_set_operation_credit) smb2_set_operation_credit: requested 31, charge 1, granted 1, current possible/max 512/512, total granted/max/low/range 1/8192/3/1 [2014/06/18 06:18:00.191714, 10, pid=5732, effective(0, 0), real(0, 0)] ../source3/smbd/smb2_server.c:3241(smbd_smb2_io_handler) smbd_smb2_request idx[1] of 5 vectors [2014/06/18 06:18:00.191755, 10, pid=5732, effective(0, 0), real(0, 0)] ../source3/smbd/smb2_server.c:621(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 3 (position 3) from bitmap [2014/06/18 06:18:00.191783, 10, pid=5732, effective(0, 0), real(0, 0)] ../source3/smbd/smb2_server.c:1878(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_SESSSETUP] mid = 3 [2014/06/18 06:18:00.191815, 4, pid=5732, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2014/06/18 06:18:00.191841, 5, pid=5732, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2014/06/18 06:18:00.191865, 5, pid=5732, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2014/06/18 06:18:00.191901, 5, pid=5732, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:425(smbd_change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2014/06/18 06:18:00.191930, 4, pid=5732, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2014/06/18 06:18:00.191955, 4, pid=5732, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2014/06/18 06:18:00.191979, 4, pid=5732, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2014/06/18 06:18:00.192002, 5, pid=5732, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2014/06/18 06:18:00.192026, 5, pid=5732, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2014/06/18 06:18:00.192063, 4, pid=5732, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 24 req->in.vector[4].iov_len = 208 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 [2014/06/18 06:18:00.192217, 1, pid=5732, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) authenticate: struct AUTHENTICATE_MESSAGE Signature : 'NTLMSSP' MessageType : NtLmAuthenticate (3) LmChallengeResponseLen : 0x0018 (24) LmChallengeResponseMaxLen: 0x0018 (24) LmChallengeResponse : * LmChallengeResponse : union ntlmssp_LM_RESPONSE(case 24) v1: struct LM_RESPONSE Response : 89681b01757f971c00000000000000000000000000000000 NtChallengeResponseLen : 0x0018 (24) NtChallengeResponseMaxLen: 0x0018 (24) NtChallengeResponse : * NtChallengeResponse : union ntlmssp_NTLM_RESPONSE(case 24) v1: struct NTLM_RESPONSE Response : e6d65aa94be3bf801a0d6aae73431a80d9c80367f05170fe DomainNameLen : 0x0008 (8) DomainNameMaxLen : 0x0008 (8) DomainName : * DomainName : 'TSIP' UserNameLen : 0x0012 (18) UserNameMaxLen : 0x0012 (18) UserName : * UserName : 'sshivappa' WorkstationLen : 0x0012 (18) WorkstationMaxLen : 0x0012 (18) Workstation : * Workstation : 'SHIVAPPAS' EncryptedRandomSessionKeyLen: 0x0010 (16) EncryptedRandomSessionKeyMaxLen: 0x0010 (16) EncryptedRandomSessionKey: * EncryptedRandomSessionKey: DATA_BLOB length=16 [0000] 68 DC 37 74 87 C1 23 58 91 45 94 12 E9 81 46 4B h.7t..#X .E....FK NegotiateFlags : 0xe2888215 (3800597013) 1: NTLMSSP_NEGOTIATE_UNICODE 0: NTLMSSP_NEGOTIATE_OEM 1: NTLMSSP_REQUEST_TARGET 1: NTLMSSP_NEGOTIATE_SIGN 0: NTLMSSP_NEGOTIATE_SEAL 0: NTLMSSP_NEGOTIATE_DATAGRAM 0: NTLMSSP_NEGOTIATE_LM_KEY 0: NTLMSSP_NEGOTIATE_NETWARE 1: NTLMSSP_NEGOTIATE_NTLM 0: NTLMSSP_NEGOTIATE_NT_ONLY 0: NTLMSSP_ANONYMOUS 0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED 0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED 0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL 1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN 0: NTLMSSP_TARGET_TYPE_DOMAIN 0: NTLMSSP_TARGET_TYPE_SERVER 0: NTLMSSP_TARGET_TYPE_SHARE 1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY 0: NTLMSSP_NEGOTIATE_IDENTIFY 0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY 1: NTLMSSP_NEGOTIATE_TARGET_INFO 1: NTLMSSP_NEGOTIATE_VERSION 1: NTLMSSP_NEGOTIATE_128 1: NTLMSSP_NEGOTIATE_KEY_EXCH 1: NTLMSSP_NEGOTIATE_56 Version: struct ntlmssp_VERSION ProductMajorVersion : NTLMSSP_WINDOWS_MAJOR_VERSION_6 (6) ProductMinorVersion : NTLMSSP_WINDOWS_MINOR_VERSION_1 (1) ProductBuild : 0x1db0 (7600) Reserved: ARRAY(3) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) NTLMRevisionCurrent : NTLMSSP_REVISION_W2K3 (15) [2014/06/18 06:18:00.192883, 3, pid=5732, effective(0, 0), real(0, 0)] ../auth/ntlmssp/ntlmssp_server.c:358(ntlmssp_server_preauth) Got user=[sshivappa] domain=[TSIP] workstation=[SHIVAPPAS] len1=24 len2=24 [2014/06/18 06:18:00.192917, 5, pid=5732, effective(0, 0), real(0, 0)] ../source3/auth/auth_ntlmssp.c:83(auth3_set_challenge) auth_context challenge set by NTLMSSP callback (NTLM2) [2014/06/18 06:18:00.192942, 5, pid=5732, effective(0, 0), real(0, 0)] ../source3/auth/auth_ntlmssp.c:84(auth3_set_challenge) challenge is: [2014/06/18 06:18:00.192966, 5, pid=5732, effective(0, 0), real(0, 0)] ../lib/util/util.c:556(dump_data) [0000] 06 30 56 9F 3D 5A CF 2C .0V.=Z., [2014/06/18 06:18:00.193011, 3, pid=5732, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:4838(lp_load_ex) lp_load_ex: refreshing parameters [2014/06/18 06:18:00.193037, 5, pid=5732, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:1487(free_param_opts) Freeing parametrics: [2014/06/18 06:18:00.193083, 3, pid=5732, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:750(init_globals) Initialising global parameters [2014/06/18 06:18:00.193153, 3, pid=5732, effective(0, 0), real(0, 0)] ../lib/util/params.c:550(pm_process) params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf" [2014/06/18 06:18:00.193187, 3, pid=5732, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:3564(do_section) Processing section "[global]" doing parameter workgroup = WORKGROUP doing parameter log level = 10 [2014/06/18 06:18:00.193240, 5, pid=5732, effective(0, 0), real(0, 0)] ../lib/util/debug.c:334(debug_dump_status) INFO: Current debug levels: all: 10 tdb: 10 printdrivers: 10 lanman: 10 smb: 10 rpc_parse: 10 rpc_srv: 10 rpc_cli: 10 passdb: 10 sam: 10 auth: 10 winbind: 10 vfs: 10 idmap: 10 quota: 10 acls: 10 locking: 10 msdfs: 10 dmapi: 10 registry: 10 scavenger: 10 dns: 10 ldb: 10 doing parameter max log size = 10000 doing parameter log file = /usr/local/samba/var/samba_myname_%I.log doing parameter security = user doing parameter map to guest = bad user doing parameter max protocol = SMB2 doing parameter load printers = yes doing parameter printing = lprng [2014/06/18 06:18:00.193537, 2, pid=5732, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:3581(do_section) Processing section "[shiva]" doing parameter comment = Shivas doing parameter path = /root/softwares doing parameter guest ok = yes doing parameter read only = yes [2014/06/18 06:18:00.193616, 2, pid=5732, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:3581(do_section) Processing section "[home]" doing parameter comment = home doing parameter path = /home/ doing parameter guest ok = yes [2014/06/18 06:18:00.193681, 2, pid=5732, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:3581(do_section) Processing section "[print]" doing parameter path = /var/spool/samba doing parameter printable = yes doing parameter guest ok = yes doing parameter available = 1 doing parameter browseable = yes [2014/06/18 06:18:00.193795, 4, pid=5732, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:4877(lp_load_ex) pm_process() returned Yes [2014/06/18 06:18:00.193826, 7, pid=5732, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:5167(lp_servicenumber) lp_servicenumber: couldn't find homes [2014/06/18 06:18:00.193855, 3, pid=5732, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:1773(lp_add_ipc) adding IPC service [2014/06/18 06:18:00.193896, 5, pid=5732, effective(0, 0), real(0, 0), class=auth] ../source3/auth/auth_util.c:115(make_user_info_map) Mapping user [TSIP]\[sshivappa] from workstation [SHIVAPPAS] [2014/06/18 06:18:00.193939, 5, pid=5732, effective(0, 0), real(0, 0), class=auth] ../source3/auth/auth_util.c:137(make_user_info_map) Mapped domain from [TSIP] to [LOCALHOST] for user [sshivappa] from workstation [SHIVAPPAS] [2014/06/18 06:18:00.193967, 5, pid=5732, effective(0, 0), real(0, 0), class=auth] ../source3/auth/user_info.c:61(make_user_info) attempting to make a user_info for sshivappa (sshivappa) [2014/06/18 06:18:00.193991, 5, pid=5732, effective(0, 0), real(0, 0), class=auth] ../source3/auth/user_info.c:72(make_user_info) making strings for sshivappa's user_info struct [2014/06/18 06:18:00.194018, 5, pid=5732, effective(0, 0), real(0, 0), class=auth] ../source3/auth/user_info.c:92(make_user_info) making blobs for sshivappa's user_info struct [2014/06/18 06:18:00.194042, 10, pid=5732, effective(0, 0), real(0, 0), class=auth] ../source3/auth/user_info.c:128(make_user_info) made a user_info for sshivappa (sshivappa) [2014/06/18 06:18:00.194067, 3, pid=5732, effective(0, 0), real(0, 0), class=auth] ../source3/auth/auth.c:177(auth_check_ntlm_password) check_ntlm_password: Checking password for unmapped user [TSIP]\[sshivappa]@[SHIVAPPAS] with the new password interface [2014/06/18 06:18:00.194092, 3, pid=5732, effective(0, 0), real(0, 0), class=auth] ../source3/auth/auth.c:180(auth_check_ntlm_password) check_ntlm_password: mapped user is: [LOCALHOST]\[sshivappa]@[SHIVAPPAS] [2014/06/18 06:18:00.194118, 10, pid=5732, effective(0, 0), real(0, 0), class=auth] ../source3/auth/auth.c:189(auth_check_ntlm_password) check_ntlm_password: auth_context challenge created by NTLMSSP callback (NTLM2) [2014/06/18 06:18:00.194142, 10, pid=5732, effective(0, 0), real(0, 0), class=auth] ../source3/auth/auth.c:191(auth_check_ntlm_password) challenge is: [2014/06/18 06:18:00.194164, 5, pid=5732, effective(0, 0), real(0, 0)] ../lib/util/util.c:556(dump_data) [0000] 06 30 56 9F 3D 5A CF 2C .0V.=Z., [2014/06/18 06:18:00.194199, 10, pid=5732, effective(0, 0), real(0, 0), class=auth] ../source3/auth/auth_builtin.c:44(check_guest_security) Check auth for: [sshivappa] [2014/06/18 06:18:00.194223, 10, pid=5732, effective(0, 0), real(0, 0), class=auth] ../source3/auth/auth.c:217(auth_check_ntlm_password) check_ntlm_password: guest had nothing to say [2014/06/18 06:18:00.194249, 10, pid=5732, effective(0, 0), real(0, 0), class=auth] ../source3/auth/auth_sam.c:75(auth_samstrict_auth) Check auth for: [sshivappa] [2014/06/18 06:18:00.194276, 8, pid=5732, effective(0, 0), real(0, 0)] ../source3/lib/util.c:1191(is_myname) is_myname("LOCALHOST") returns 1 [2014/06/18 06:18:00.194306, 4, pid=5732, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2014/06/18 06:18:00.194331, 4, pid=5732, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2014/06/18 06:18:00.194355, 4, pid=5732, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2014/06/18 06:18:00.194378, 5, pid=5732, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2014/06/18 06:18:00.194400, 5, pid=5732, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2014/06/18 06:18:00.194451, 5, pid=5732, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_tdb.c:594(tdbsam_getsampwnam) pdb_getsampwnam (TDB): error fetching database. Key: USER_sshivappa [2014/06/18 06:18:00.194489, 4, pid=5732, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2014/06/18 06:18:00.194514, 3, pid=5732, effective(0, 0), real(0, 0), class=auth] ../source3/auth/check_samsec.c:399(check_sam_security) check_sam_security: Couldn't find user 'sshivappa' in passdb. [2014/06/18 06:18:00.194539, 5, pid=5732, effective(0, 0), real(0, 0), class=auth] ../source3/auth/auth.c:229(auth_check_ntlm_password) check_ntlm_password: sam authentication for user [sshivappa] FAILED with error NT_STATUS_NO_SUCH_USER [2014/06/18 06:18:00.194568, 2, pid=5732, effective(0, 0), real(0, 0), class=auth] ../source3/auth/auth.c:288(auth_check_ntlm_password) check_ntlm_password: Authentication for user [sshivappa] -> [sshivappa] FAILED with error NT_STATUS_NO_SUCH_USER [2014/06/18 06:18:00.194593, 5, pid=5732, effective(0, 0), real(0, 0)] ../source3/auth/auth_ntlmssp.c:144(auth3_check_password) Checking NTLMSSP password for TSIP\sshivappa failed: NT_STATUS_NO_SUCH_USER [2014/06/18 06:18:00.194620, 3, pid=5732, effective(0, 0), real(0, 0), class=auth] ../source3/auth/auth_util.c:1593(do_map_to_guest_server_info) No such user sshivappa [TSIP] - using guest account [2014/06/18 06:18:00.194656, 10, pid=5732, effective(0, 0), real(0, 0)] ../auth/ntlmssp/ntlmssp_server.c:498(ntlmssp_server_postauth) ntlmssp_server_auth: Failed to create NTLM2 session key. [2014/06/18 06:18:00.194681, 5, pid=5732, effective(0, 0), real(0, 0)] ../auth/ntlmssp/ntlmssp_server.c:571(ntlmssp_server_postauth) server session key is invalid (len == 0), cannot do KEY_EXCH! [2014/06/18 06:18:00.194711, 4, pid=5732, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2014/06/18 06:18:00.194736, 4, pid=5732, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2014/06/18 06:18:00.194763, 4, pid=5732, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2014/06/18 06:18:00.194786, 5, pid=5732, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2014/06/18 06:18:00.194808, 5, pid=5732, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2014/06/18 06:18:00.194846, 4, pid=5732, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2014/06/18 06:18:00.194921, 6, pid=5732, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:2657(lp_file_list_changed) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Wed Jun 18 06:11:15 2014 [2014/06/18 06:18:00.194988, 5, pid=5732, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:187(dbwrap_check_lock_order) check lock order 1 for /usr/local/samba/var/lock/smbXsrv_session_global.tdb [2014/06/18 06:18:00.195015, 10, pid=5732, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1:/usr/local/samba/var/lock/smbXsrv_session_global.tdb 2: 3: [2014/06/18 06:18:00.195041, 10, pid=5732, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Locking key 78E69D1F [2014/06/18 06:18:00.195069, 10, pid=5732, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) Allocated locked data 0x0xb65acad0 [2014/06/18 06:18:00.195129, 10, pid=5732, effective(0, 0), real(0, 0)] ../source3/smbd/smbXsrv_session.c:853(smbXsrv_session_global_store) [2014/06/18 06:18:00.195148, 10, pid=5732, effective(0, 0), real(0, 0)] ../source3/smbd/smbXsrv_session.c:855(smbXsrv_session_global_store) smbXsrv_session_global_store: key '78E69D1F' stored [2014/06/18 06:18:00.195174, 1, pid=5732, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &global_blob: struct smbXsrv_session_globalB version : SMBXSRV_VERSION_0 (0) seqnum : 0x00000002 (2) info : union smbXsrv_session_globalU(case 0) info0 : * info0: struct smbXsrv_session_global0 db_rec : * session_global_id : 0x78e69d1f (2028379423) session_wire_id : 0x0000000078e69d1f (2028379423) creation_time : Wed Jun 18 06:18:00 AM 2014 IST expiration_time : Thu Jan 1 05:30:00 AM 1970 IST auth_session_info_seqnum : 0x00000001 (1) auth_session_info : * auth_session_info: struct auth_session_info security_token : * security_token: struct security_token num_sids : 0x00000006 (6) sids: ARRAY(6) sids : S-1-5-21-1412259249-3212819653-634731678-501 sids : S-1-5-21-1412259249-3212819653-634731678-514 sids : S-1-1-0 sids : S-1-5-2 sids : S-1-5-32-546 sids : S-1-22-1-99 privilege_mask : 0x0000000000000000 (0) 0: SEC_PRIV_MACHINE_ACCOUNT_BIT 0: SEC_PRIV_PRINT_OPERATOR_BIT 0: SEC_PRIV_ADD_USERS_BIT 0: SEC_PRIV_DISK_OPERATOR_BIT 0: SEC_PRIV_REMOTE_SHUTDOWN_BIT 0: SEC_PRIV_BACKUP_BIT 0: SEC_PRIV_RESTORE_BIT 0: SEC_PRIV_TAKE_OWNERSHIP_BIT 0: SEC_PRIV_INCREASE_QUOTA_BIT 0: SEC_PRIV_SECURITY_BIT 0: SEC_PRIV_LOAD_DRIVER_BIT 0: SEC_PRIV_SYSTEM_PROFILE_BIT 0: SEC_PRIV_SYSTEMTIME_BIT 0: SEC_PRIV_PROFILE_SINGLE_PROCESS_BIT 0: SEC_PRIV_INCREASE_BASE_PRIORITY_BIT 0: SEC_PRIV_CREATE_PAGEFILE_BIT 0: SEC_PRIV_SHUTDOWN_BIT 0: SEC_PRIV_DEBUG_BIT 0: SEC_PRIV_SYSTEM_ENVIRONMENT_BIT 0: SEC_PRIV_CHANGE_NOTIFY_BIT 0: SEC_PRIV_UNDOCK_BIT 0: SEC_PRIV_ENABLE_DELEGATION_BIT 0: SEC_PRIV_MANAGE_VOLUME_BIT 0: SEC_PRIV_IMPERSONATE_BIT 0: SEC_PRIV_CREATE_GLOBAL_BIT rights_mask : 0x00000000 (0) 0: LSA_POLICY_MODE_INTERACTIVE 0: LSA_POLICY_MODE_NETWORK 0: LSA_POLICY_MODE_BATCH 0: LSA_POLICY_MODE_SERVICE 0: LSA_POLICY_MODE_PROXY 0: LSA_POLICY_MODE_DENY_INTERACTIVE 0: LSA_POLICY_MODE_DENY_NETWORK 0: LSA_POLICY_MODE_DENY_BATCH 0: LSA_POLICY_MODE_DENY_SERVICE 0: LSA_POLICY_MODE_REMOTE_INTERACTIVE 0: LSA_POLICY_MODE_DENY_REMOTE_INTERACTIVE 0x00: LSA_POLICY_MODE_ALL (0) 0x00: LSA_POLICY_MODE_ALL_NT4 (0) unix_token : * unix_token: struct security_unix_token uid : 0x0000000000000063 (99) gid : 0x0000000000000063 (99) ngroups : 0x00000000 (0) groups: ARRAY(0) info : * info: struct auth_user_info account_name : * account_name : 'nobody' domain_name : * domain_name : 'LOCALHOST' full_name : NULL logon_script : NULL profile_path : NULL home_directory : NULL home_drive : NULL logon_server : NULL last_logon : NTTIME(0) last_logoff : NTTIME(0) acct_expiry : NTTIME(0) last_password_change : NTTIME(0) allow_password_change : NTTIME(0) force_password_change : NTTIME(0) logon_count : 0x0000 (0) bad_password_count : 0x0000 (0) acct_flags : 0x00000000 (0) authenticated : 0x00 (0) unix_info : * unix_info: struct auth_user_info_unix unix_name : * unix_name : 'nobody' sanitized_username : * sanitized_username : 'sshivappa' torture : NULL credentials : NULL connection_dialect : 0x0210 (528) signing_required : 0x00 (0) encryption_required : 0x00 (0) num_channels : 0x00000001 (1) channels: ARRAY(1) channels: struct smbXsrv_channel_global0 server_id: struct server_id pid : 0x0000000000001664 (5732) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0x718583a4645892af (8180089040269775535) local_address : 'ipv6:fe80::20c:29ff:fe35:4012:445' remote_address : 'ipv6:fe80::51bb:b8a:3bcd:9e1e:49878' remote_name : 'fe80::51bb:b8a:3bcd:9e1e' auth_session_info_seqnum : 0x00000001 (1) [2014/06/18 06:18:00.196396, 10, pid=5732, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Unlocking key 78E69D1F [2014/06/18 06:18:00.196423, 5, pid=5732, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) release lock order 1 for /usr/local/samba/var/lock/smbXsrv_session_global.tdb [2014/06/18 06:18:00.196447, 10, pid=5732, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1: 2: 3: [2014/06/18 06:18:00.196472, 10, pid=5732, effective(0, 0), real(0, 0)] ../source3/smbd/smbXsrv_session.c:1269(smbXsrv_session_update) [2014/06/18 06:18:00.196487, 10, pid=5732, effective(0, 0), real(0, 0)] ../source3/smbd/smbXsrv_session.c:1277(smbXsrv_session_update) smbXsrv_session_update: global_id (0x78e69d1f) stored [2014/06/18 06:18:00.196510, 1, pid=5732, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &session_blob: struct smbXsrv_sessionB version : SMBXSRV_VERSION_0 (0) reserved : 0x00000000 (0) info : union smbXsrv_sessionU(case 0) info0 : * info0: struct smbXsrv_session table : * db_rec : NULL connection : * local_id : 0x78e69d1f (2028379423) global : * global: struct smbXsrv_session_global0 db_rec : NULL session_global_id : 0x78e69d1f (2028379423) session_wire_id : 0x0000000078e69d1f (2028379423) creation_time : Wed Jun 18 06:18:00 AM 2014 IST expiration_time : Thu Jan 1 05:30:00 AM 1970 IST auth_session_info_seqnum : 0x00000001 (1) auth_session_info : * auth_session_info: struct auth_session_info security_token : * security_token: struct security_token num_sids : 0x00000006 (6) sids: ARRAY(6) sids : S-1-5-21-1412259249-3212819653-634731678-501 sids : S-1-5-21-1412259249-3212819653-634731678-514 sids : S-1-1-0 sids : S-1-5-2 sids : S-1-5-32-546 sids : S-1-22-1-99 privilege_mask : 0x0000000000000000 (0) 0: SEC_PRIV_MACHINE_ACCOUNT_BIT 0: SEC_PRIV_PRINT_OPERATOR_BIT 0: SEC_PRIV_ADD_USERS_BIT 0: SEC_PRIV_DISK_OPERATOR_BIT 0: SEC_PRIV_REMOTE_SHUTDOWN_BIT 0: SEC_PRIV_BACKUP_BIT 0: SEC_PRIV_RESTORE_BIT 0: SEC_PRIV_TAKE_OWNERSHIP_BIT 0: SEC_PRIV_INCREASE_QUOTA_BIT 0: SEC_PRIV_SECURITY_BIT 0: SEC_PRIV_LOAD_DRIVER_BIT 0: SEC_PRIV_SYSTEM_PROFILE_BIT 0: SEC_PRIV_SYSTEMTIME_BIT 0: SEC_PRIV_PROFILE_SINGLE_PROCESS_BIT 0: SEC_PRIV_INCREASE_BASE_PRIORITY_BIT 0: SEC_PRIV_CREATE_PAGEFILE_BIT 0: SEC_PRIV_SHUTDOWN_BIT 0: SEC_PRIV_DEBUG_BIT 0: SEC_PRIV_SYSTEM_ENVIRONMENT_BIT 0: SEC_PRIV_CHANGE_NOTIFY_BIT 0: SEC_PRIV_UNDOCK_BIT 0: SEC_PRIV_ENABLE_DELEGATION_BIT 0: SEC_PRIV_MANAGE_VOLUME_BIT 0: SEC_PRIV_IMPERSONATE_BIT 0: SEC_PRIV_CREATE_GLOBAL_BIT rights_mask : 0x00000000 (0) 0: LSA_POLICY_MODE_INTERACTIVE 0: LSA_POLICY_MODE_NETWORK 0: LSA_POLICY_MODE_BATCH 0: LSA_POLICY_MODE_SERVICE 0: LSA_POLICY_MODE_PROXY 0: LSA_POLICY_MODE_DENY_INTERACTIVE 0: LSA_POLICY_MODE_DENY_NETWORK 0: LSA_POLICY_MODE_DENY_BATCH 0: LSA_POLICY_MODE_DENY_SERVICE 0: LSA_POLICY_MODE_REMOTE_INTERACTIVE 0: LSA_POLICY_MODE_DENY_REMOTE_INTERACTIVE 0x00: LSA_POLICY_MODE_ALL (0) 0x00: LSA_POLICY_MODE_ALL_NT4 (0) unix_token : * unix_token: struct security_unix_token uid : 0x0000000000000063 (99) gid : 0x0000000000000063 (99) ngroups : 0x00000000 (0) groups: ARRAY(0) info : * info: struct auth_user_info account_name : * account_name : 'nobody' domain_name : * domain_name : 'LOCALHOST' full_name : NULL logon_script : NULL profile_path : NULL home_directory : NULL home_drive : NULL logon_server : NULL last_logon : NTTIME(0) last_logoff : NTTIME(0) acct_expiry : NTTIME(0) last_password_change : NTTIME(0) allow_password_change : NTTIME(0) force_password_change : NTTIME(0) logon_count : 0x0000 (0) bad_password_count : 0x0000 (0) acct_flags : 0x00000000 (0) authenticated : 0x00 (0) unix_info : * unix_info: struct auth_user_info_unix unix_name : * unix_name : 'nobody' sanitized_username : * sanitized_username : 'sshivappa' torture : NULL credentials : NULL connection_dialect : 0x0210 (528) signing_required : 0x00 (0) encryption_required : 0x00 (0) num_channels : 0x00000001 (1) channels: ARRAY(1) channels: struct smbXsrv_channel_global0 server_id: struct server_id pid : 0x0000000000001664 (5732) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0x718583a4645892af (8180089040269775535) local_address : 'ipv6:fe80::20c:29ff:fe35:4012:445' remote_address : 'ipv6:fe80::51bb:b8a:3bcd:9e1e:49878' remote_name : 'fe80::51bb:b8a:3bcd:9e1e' auth_session_info_seqnum : 0x00000001 (1) status : NT_STATUS_OK idle_time : Wed Jun 18 06:18:00 AM 2014 IST nonce_high : 0x0000000000000000 (0) nonce_low : 0x0000000000000000 (0) gensec : * compat : * tcon_table : * [2014/06/18 06:18:00.197828, 10, pid=5732, effective(0, 0), real(0, 0)] ../source3/smbd/smb2_server.c:2499(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[8] dyn[yes:9] at ../source3/smbd/smb2_sesssetup.c:167 [2014/06/18 06:18:00.197854, 10, pid=5732, effective(0, 0), real(0, 0)] ../source3/smbd/smb2_server.c:874(smb2_set_operation_credit) smb2_set_operation_credit: requested 31, charge 1, granted 31, current possible/max 512/512, total granted/max/low/range 31/8192/4/31 [2014/06/18 06:18:00.198241, 10, pid=5732, effective(0, 0), real(0, 0)] ../source3/smbd/smb2_server.c:3241(smbd_smb2_io_handler) smbd_smb2_request idx[1] of 5 vectors [2014/06/18 06:18:00.198295, 10, pid=5732, effective(0, 0), real(0, 0)] ../source3/smbd/smb2_server.c:621(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 4 (position 4) from bitmap [2014/06/18 06:18:00.198322, 10, pid=5732, effective(0, 0), real(0, 0)] ../source3/smbd/smb2_server.c:1878(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_TCON] mid = 4 [2014/06/18 06:18:00.198351, 4, pid=5732, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2014/06/18 06:18:00.198375, 5, pid=5732, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2014/06/18 06:18:00.198398, 5, pid=5732, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2014/06/18 06:18:00.198433, 5, pid=5732, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:425(smbd_change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2014/06/18 06:18:00.198469, 10, pid=5732, effective(0, 0), real(0, 0)] ../source3/smbd/smb2_tcon.c:198(smbd_smb2_tree_connect) smbd_smb2_tree_connect: path[\\fe80::20c:29ff:fe35:4012\print] share[print] [2014/06/18 06:18:00.198512, 5, pid=5732, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:187(dbwrap_check_lock_order) check lock order 1 for /usr/local/samba/var/lock/smbXsrv_tcon_global.tdb [2014/06/18 06:18:00.198538, 10, pid=5732, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1:/usr/local/samba/var/lock/smbXsrv_tcon_global.tdb 2: 3: [2014/06/18 06:18:00.198563, 10, pid=5732, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Locking key A16EC242 [2014/06/18 06:18:00.198591, 10, pid=5732, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) Allocated locked data 0x0xb65ac3f0 [2014/06/18 06:18:00.198647, 10, pid=5732, effective(0, 0), real(0, 0)] ../source3/smbd/smbXsrv_tcon.c:672(smbXsrv_tcon_global_store) [2014/06/18 06:18:00.198667, 10, pid=5732, effective(0, 0), real(0, 0)] ../source3/smbd/smbXsrv_tcon.c:674(smbXsrv_tcon_global_store) smbXsrv_tcon_global_store: key 'A16EC242' stored [2014/06/18 06:18:00.198691, 1, pid=5732, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &global_blob: struct smbXsrv_tcon_globalB version : SMBXSRV_VERSION_0 (0) seqnum : 0x00000001 (1) info : union smbXsrv_tcon_globalU(case 0) info0 : * info0: struct smbXsrv_tcon_global0 db_rec : * tcon_global_id : 0xa16ec242 (2708390466) tcon_wire_id : 0xa16ec242 (2708390466) server_id: struct server_id pid : 0x0000000000001664 (5732) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0x718583a4645892af (8180089040269775535) creation_time : Wed Jun 18 06:18:00 AM 2014 IST share_name : NULL encryption_required : 0x00 (0) session_global_id : 0x00000000 (0) [2014/06/18 06:18:00.198891, 10, pid=5732, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Unlocking key A16EC242 [2014/06/18 06:18:00.198916, 5, pid=5732, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) release lock order 1 for /usr/local/samba/var/lock/smbXsrv_tcon_global.tdb [2014/06/18 06:18:00.198940, 10, pid=5732, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1: 2: 3: [2014/06/18 06:18:00.198964, 10, pid=5732, effective(0, 0), real(0, 0)] ../source3/smbd/smbXsrv_tcon.c:796(smbXsrv_tcon_create) [2014/06/18 06:18:00.198979, 10, pid=5732, effective(0, 0), real(0, 0)] ../source3/smbd/smbXsrv_tcon.c:804(smbXsrv_tcon_create) smbXsrv_tcon_create: global_id (0xa16ec242) stored [2014/06/18 06:18:00.199001, 1, pid=5732, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &tcon_blob: struct smbXsrv_tconB version : SMBXSRV_VERSION_0 (0) reserved : 0x00000000 (0) info : union smbXsrv_tconU(case 0) info0 : * info0: struct smbXsrv_tcon table : * db_rec : NULL local_id : 0xa16ec242 (2708390466) global : * global: struct smbXsrv_tcon_global0 db_rec : NULL tcon_global_id : 0xa16ec242 (2708390466) tcon_wire_id : 0xa16ec242 (2708390466) server_id: struct server_id pid : 0x0000000000001664 (5732) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0x718583a4645892af (8180089040269775535) creation_time : Wed Jun 18 06:18:00 AM 2014 IST share_name : NULL encryption_required : 0x00 (0) session_global_id : 0x00000000 (0) status : NT_STATUS_INTERNAL_ERROR idle_time : Wed Jun 18 06:18:00 AM 2014 IST compat : NULL [2014/06/18 06:18:00.199297, 3, pid=5732, effective(0, 0), real(0, 0)] ../source3/lib/access.c:338(allow_access) Allowed connection from fe80::51bb:b8a:3bcd:9e1e (fe80::51bb:b8a:3bcd:9e1e) [2014/06/18 06:18:00.199373, 10, pid=5732, effective(0, 0), real(0, 0)] ../source3/smbd/service.c:163(set_conn_connectpath) set_conn_connectpath: service print, connectpath = /var/spool/samba [2014/06/18 06:18:00.199406, 3, pid=5732, effective(0, 0), real(0, 0)] ../source3/smbd/service.c:612(make_connection_snum) Connect path is '/var/spool/samba' for service [print] [2014/06/18 06:18:00.199439, 10, pid=5732, effective(0, 0), real(0, 0)] ../source3/smbd/share_access.c:237(user_ok_token) user_ok_token: share print is ok for unix user nobody [2014/06/18 06:18:00.199470, 10, pid=5732, effective(0, 0), real(0, 0)] ../source3/smbd/share_access.c:284(is_share_read_only_for_token) is_share_read_only_for_user: share print is read-only for unix user nobody [2014/06/18 06:18:00.199531, 10, pid=5732, effective(0, 0), real(0, 0)] ../libcli/security/access_check.c:337(se_file_access_check) se_file_access_check: MAX desired = 0x2000000 mapped to 0x1f01ff [2014/06/18 06:18:00.199570, 3, pid=5732, effective(0, 0), real(0, 0), class=vfs] ../source3/smbd/vfs.c:113(vfs_init_default) Initialising default vfs hooks [2014/06/18 06:18:00.199600, 10, pid=5732, effective(0, 0), real(0, 0), class=vfs] ../source3/smbd/vfs.c:64(vfs_find_backend_entry) vfs_find_backend_entry called for posixacl [2014/06/18 06:18:00.199627, 5, pid=5732, effective(0, 0), real(0, 0), class=vfs] ../source3/smbd/vfs.c:103(smb_register_vfs) Successfully added vfs backend 'posixacl' [2014/06/18 06:18:00.199653, 10, pid=5732, effective(0, 0), real(0, 0), class=vfs] ../source3/smbd/vfs.c:64(vfs_find_backend_entry) vfs_find_backend_entry called for /[Default VFS]/ [2014/06/18 06:18:00.199678, 5, pid=5732, effective(0, 0), real(0, 0), class=vfs] ../source3/smbd/vfs.c:103(smb_register_vfs) Successfully added vfs backend '/[Default VFS]/' [2014/06/18 06:18:00.199705, 10, pid=5732, effective(0, 0), real(0, 0), class=vfs] ../source3/smbd/vfs.c:64(vfs_find_backend_entry) vfs_find_backend_entry called for dfs_samba4 [2014/06/18 06:18:00.199729, 5, pid=5732, effective(0, 0), real(0, 0), class=vfs] ../source3/smbd/vfs.c:103(smb_register_vfs) Successfully added vfs backend 'dfs_samba4' [2014/06/18 06:18:00.199759, 10, pid=5732, effective(0, 0), real(0, 0), class=dfs_samba4] ../source3/modules/vfs_dfs_samba4.c:155(vfs_dfs_samba4_init) vfs_dfs_samba4: Debug class number of 'fileid': 23 [2014/06/18 06:18:00.199784, 3, pid=5732, effective(0, 0), real(0, 0), class=vfs] ../source3/smbd/vfs.c:139(vfs_init_custom) Initialising custom vfs hooks from [/[Default VFS]/] [2014/06/18 06:18:00.199811, 10, pid=5732, effective(0, 0), real(0, 0), class=vfs] ../source3/smbd/vfs.c:64(vfs_find_backend_entry) vfs_find_backend_entry called for /[Default VFS]/ Successfully loaded vfs module [/[Default VFS]/] with the new modules system [2014/06/18 06:18:00.199863, 10, pid=5732, effective(0, 0), real(0, 0)] ../source3/smbd/service.c:163(set_conn_connectpath) set_conn_connectpath: service print, connectpath = /var/spool/samba [2014/06/18 06:18:00.199897, 10, pid=5732, effective(0, 0), real(0, 0)] ../source3/smbd/share_access.c:237(user_ok_token) user_ok_token: share print is ok for unix user nobody [2014/06/18 06:18:00.199924, 10, pid=5732, effective(0, 0), real(0, 0)] ../source3/smbd/share_access.c:284(is_share_read_only_for_token) is_share_read_only_for_user: share print is read-only for unix user nobody [2014/06/18 06:18:00.199957, 10, pid=5732, effective(0, 0), real(0, 0)] ../libcli/security/access_check.c:337(se_file_access_check) se_file_access_check: MAX desired = 0x2000000 mapped to 0x1f01ff [2014/06/18 06:18:00.200008, 4, pid=5732, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (99, 99) - sec_ctx_stack_ndx = 0 [2014/06/18 06:18:00.200038, 5, pid=5732, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (6): SID[ 0]: S-1-5-21-1412259249-3212819653-634731678-501 SID[ 1]: S-1-5-21-1412259249-3212819653-634731678-514 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-32-546 SID[ 5]: S-1-22-1-99 Privileges (0x 0): Rights (0x 0): [2014/06/18 06:18:00.200137, 5, pid=5732, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 99 Primary group is 99 and contains 0 supplementary groups [2014/06/18 06:18:00.200175, 5, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) Impersonated user: uid=(99,99), gid=(0,99) [2014/06/18 06:18:00.200205, 4, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2014/06/18 06:18:00.200230, 5, pid=5732, effective(99, 99), real(99, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2014/06/18 06:18:00.200256, 5, pid=5732, effective(99, 99), real(99, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2014/06/18 06:18:00.200293, 5, pid=5732, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:425(smbd_change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2014/06/18 06:18:00.200332, 10, pid=5732, effective(0, 0), real(0, 0)] ../source3/smbd/service.c:163(set_conn_connectpath) set_conn_connectpath: service print, connectpath = /var/spool/samba [2014/06/18 06:18:00.200506, 10, pid=5732, effective(0, 0), real(0, 0), class=vfs] ../source3/modules/vfs_default.c:164(vfswrap_fs_capabilities) vfswrap_fs_capabilities: timestamp resolution of sec available on share print, directory /var/spool/samba [2014/06/18 06:18:00.200538, 2, pid=5732, effective(0, 0), real(0, 0)] ../source3/smbd/service.c:848(make_connection_snum) shivappas (ipv6:fe80::51bb:b8a:3bcd:9e1e:49878) connect to service print initially as user nobody (uid=99, gid=99) (pid 5732) [2014/06/18 06:18:00.200584, 5, pid=5732, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:187(dbwrap_check_lock_order) check lock order 1 for /usr/local/samba/var/lock/smbXsrv_tcon_global.tdb [2014/06/18 06:18:00.200609, 10, pid=5732, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1:/usr/local/samba/var/lock/smbXsrv_tcon_global.tdb 2: 3: [2014/06/18 06:18:00.200635, 10, pid=5732, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Locking key A16EC242 [2014/06/18 06:18:00.200663, 10, pid=5732, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) Allocated locked data 0x0xb65acbd0 [2014/06/18 06:18:00.200694, 10, pid=5732, effective(0, 0), real(0, 0)] ../source3/smbd/smbXsrv_tcon.c:672(smbXsrv_tcon_global_store) [2014/06/18 06:18:00.200712, 10, pid=5732, effective(0, 0), real(0, 0)] ../source3/smbd/smbXsrv_tcon.c:674(smbXsrv_tcon_global_store) smbXsrv_tcon_global_store: key 'A16EC242' stored [2014/06/18 06:18:00.200736, 1, pid=5732, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &global_blob: struct smbXsrv_tcon_globalB version : SMBXSRV_VERSION_0 (0) seqnum : 0x00000002 (2) info : union smbXsrv_tcon_globalU(case 0) info0 : * info0: struct smbXsrv_tcon_global0 db_rec : * tcon_global_id : 0xa16ec242 (2708390466) tcon_wire_id : 0xa16ec242 (2708390466) server_id: struct server_id pid : 0x0000000000001664 (5732) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0x718583a4645892af (8180089040269775535) creation_time : Wed Jun 18 06:18:00 AM 2014 IST share_name : 'print' encryption_required : 0x00 (0) session_global_id : 0x78e69d1f (2028379423) [2014/06/18 06:18:00.200935, 10, pid=5732, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Unlocking key A16EC242 [2014/06/18 06:18:00.200961, 5, pid=5732, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) release lock order 1 for /usr/local/samba/var/lock/smbXsrv_tcon_global.tdb [2014/06/18 06:18:00.200985, 10, pid=5732, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1: 2: 3: [2014/06/18 06:18:00.201010, 10, pid=5732, effective(0, 0), real(0, 0)] ../source3/smbd/smbXsrv_tcon.c:849(smbXsrv_tcon_update) [2014/06/18 06:18:00.201025, 10, pid=5732, effective(0, 0), real(0, 0)] ../source3/smbd/smbXsrv_tcon.c:857(smbXsrv_tcon_update) smbXsrv_tcon_update: global_id (0xa16ec242) stored [2014/06/18 06:18:00.201053, 1, pid=5732, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &tcon_blob: struct smbXsrv_tconB version : SMBXSRV_VERSION_0 (0) reserved : 0x00000000 (0) info : union smbXsrv_tconU(case 0) info0 : * info0: struct smbXsrv_tcon table : * db_rec : NULL local_id : 0xa16ec242 (2708390466) global : * global: struct smbXsrv_tcon_global0 db_rec : NULL tcon_global_id : 0xa16ec242 (2708390466) tcon_wire_id : 0xa16ec242 (2708390466) server_id: struct server_id pid : 0x0000000000001664 (5732) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0x718583a4645892af (8180089040269775535) creation_time : Wed Jun 18 06:18:00 AM 2014 IST share_name : 'print' encryption_required : 0x00 (0) session_global_id : 0x78e69d1f (2028379423) status : NT_STATUS_OK idle_time : Wed Jun 18 06:18:00 AM 2014 IST compat : * [2014/06/18 06:18:00.201347, 10, pid=5732, effective(0, 0), real(0, 0)] ../source3/smbd/smb2_server.c:2499(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[16] dyn[no:0] at ../source3/smbd/smb2_tcon.c:162 [2014/06/18 06:18:00.201375, 10, pid=5732, effective(0, 0), real(0, 0)] ../source3/smbd/smb2_server.c:874(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 482/512, total granted/max/low/range 31/8192/5/31 [2014/06/18 06:18:00.201805, 10, pid=5732, effective(0, 0), real(0, 0)] ../source3/smbd/smb2_server.c:3241(smbd_smb2_io_handler) smbd_smb2_request idx[1] of 5 vectors [2014/06/18 06:18:00.201851, 10, pid=5732, effective(0, 0), real(0, 0)] ../source3/smbd/smb2_server.c:621(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 5 (position 5) from bitmap [2014/06/18 06:18:00.201880, 10, pid=5732, effective(0, 0), real(0, 0)] ../source3/smbd/smb2_server.c:1878(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_CREATE] mid = 5 [2014/06/18 06:18:00.201916, 4, pid=5732, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (99, 99) - sec_ctx_stack_ndx = 0 [2014/06/18 06:18:00.201944, 5, pid=5732, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (6): SID[ 0]: S-1-5-21-1412259249-3212819653-634731678-501 SID[ 1]: S-1-5-21-1412259249-3212819653-634731678-514 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-32-546 SID[ 5]: S-1-22-1-99 Privileges (0x 0): Rights (0x 0): [2014/06/18 06:18:00.202046, 5, pid=5732, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 99 Primary group is 99 and contains 0 supplementary groups [2014/06/18 06:18:00.202087, 5, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) Impersonated user: uid=(99,99), gid=(0,99) [2014/06/18 06:18:00.202120, 4, pid=5732, effective(99, 99), real(99, 0), class=vfs] ../source3/smbd/vfs.c:838(vfs_ChDir) vfs_ChDir to /var/spool/samba [2014/06/18 06:18:00.202172, 4, pid=5732, effective(99, 99), real(99, 0), class=vfs] ../source3/smbd/vfs.c:849(vfs_ChDir) vfs_ChDir got /var/spool/samba [2014/06/18 06:18:00.202224, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/smb2_create.c:451(smbd_smb2_create_send) smbd_smb2_create: name[] [2014/06/18 06:18:00.202268, 5, pid=5732, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:187(dbwrap_check_lock_order) check lock order 1 for /usr/local/samba/var/lock/smbXsrv_open_global.tdb [2014/06/18 06:18:00.202295, 10, pid=5732, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1:/usr/local/samba/var/lock/smbXsrv_open_global.tdb 2: 3: [2014/06/18 06:18:00.202323, 10, pid=5732, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Locking key 2CC7D2DC [2014/06/18 06:18:00.202354, 10, pid=5732, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) Allocated locked data 0x0xb659f890 [2014/06/18 06:18:00.202430, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/smbXsrv_open.c:695(smbXsrv_open_global_store) [2014/06/18 06:18:00.202451, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/smbXsrv_open.c:697(smbXsrv_open_global_store) smbXsrv_open_global_store: key '2CC7D2DC' stored [2014/06/18 06:18:00.202477, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &global_blob: struct smbXsrv_open_globalB version : SMBXSRV_VERSION_0 (0) seqnum : 0x00000001 (1) info : union smbXsrv_open_globalU(case 0) info0 : * info0: struct smbXsrv_open_global0 db_rec : * server_id: struct server_id pid : 0x0000000000001664 (5732) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0x718583a4645892af (8180089040269775535) open_global_id : 0x2cc7d2dc (751293148) open_persistent_id : 0x000000002cc7d2dc (751293148) open_volatile_id : 0x00000000a67918b3 (2792954035) open_owner : S-1-5-21-1412259249-3212819653-634731678-501 open_time : Wed Jun 18 06:18:00 AM 2014 IST create_guid : 00000000-0000-0000-0000-000000000000 client_guid : e8c453bd-f6cd-11e3-a601-005056c00008 app_instance_id : 00000000-0000-0000-0000-000000000000 disconnect_time : NTTIME(0) durable_timeout_msec : 0x00000000 (0) durable : 0x00 (0) backend_cookie : DATA_BLOB length=0 [2014/06/18 06:18:00.202766, 10, pid=5732, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Unlocking key 2CC7D2DC [2014/06/18 06:18:00.202794, 5, pid=5732, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) release lock order 1 for /usr/local/samba/var/lock/smbXsrv_open_global.tdb [2014/06/18 06:18:00.202819, 10, pid=5732, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1: 2: 3: [2014/06/18 06:18:00.202844, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/smbXsrv_open.c:862(smbXsrv_open_create) [2014/06/18 06:18:00.202860, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/smbXsrv_open.c:870(smbXsrv_open_create) smbXsrv_open_create: global_id (0x2cc7d2dc) stored [2014/06/18 06:18:00.202884, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &open_blob: struct smbXsrv_openB version : SMBXSRV_VERSION_0 (0) reserved : 0x00000000 (0) info : union smbXsrv_openU(case 0) info0 : * info0: struct smbXsrv_open table : * db_rec : NULL local_id : 0xa67918b3 (2792954035) global : * global: struct smbXsrv_open_global0 db_rec : NULL server_id: struct server_id pid : 0x0000000000001664 (5732) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0x718583a4645892af (8180089040269775535) open_global_id : 0x2cc7d2dc (751293148) open_persistent_id : 0x000000002cc7d2dc (751293148) open_volatile_id : 0x00000000a67918b3 (2792954035) open_owner : S-1-5-21-1412259249-3212819653-634731678-501 open_time : Wed Jun 18 06:18:00 AM 2014 IST create_guid : 00000000-0000-0000-0000-000000000000 client_guid : e8c453bd-f6cd-11e3-a601-005056c00008 app_instance_id : 00000000-0000-0000-0000-000000000000 disconnect_time : NTTIME(0) durable_timeout_msec : 0x00000000 (0) durable : 0x00 (0) backend_cookie : DATA_BLOB length=0 status : NT_STATUS_OK idle_time : Wed Jun 18 06:18:00 AM 2014 IST compat : NULL [2014/06/18 06:18:00.203259, 5, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/files.c:125(file_new) allocated file structure fnum 2792954035 (1 used) [2014/06/18 06:18:00.203406, 5, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:796(rpc_pipe_open_interface) Connecting to spoolss pipe. [2014/06/18 06:18:00.203451, 4, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) Create pipe requested \spoolss [2014/06/18 06:18:00.203482, 10, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \spoolss [2014/06/18 06:18:00.203509, 10, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \spoolss [2014/06/18 06:18:00.203565, 4, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) Created internal pipe \spoolss [2014/06/18 06:18:00.203650, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_OpenPrinter: struct spoolss_OpenPrinter in: struct spoolss_OpenPrinter printername : * printername : 'print' datatype : * datatype : 'RAW' devmode_ctr: struct spoolss_DevmodeContainer _ndr_size : 0x00000000 (0) devmode : NULL access_mask : 0x00000008 (8) 0: SERVER_ACCESS_ADMINISTER 0: SERVER_ACCESS_ENUMERATE 0: PRINTER_ACCESS_ADMINISTER 1: PRINTER_ACCESS_USE 0: JOB_ACCESS_ADMINISTER 0: JOB_ACCESS_READ checking name: print [2014/06/18 06:18:00.203861, 10, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:737(open_printer_hnd) open_printer_hnd: name [print] [2014/06/18 06:18:00.203891, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 11 00 00 00 00 00 00 00 A0 53 C0 E1 ........ .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:00.203944, 3, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:506(set_printer_hnd_printertype) Setting printer type=print Printer is a printer [2014/06/18 06:18:00.203977, 4, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:566(set_printer_hnd_name) Setting printer name=print (len=5) searching for [print] [2014/06/18 06:18:00.204055, 10, pid=5732, effective(99, 99), real(99, 0), class=tdb] ../source3/lib/gencache.c:296(gencache_set_data_blob) Adding cache entry with key=[PRINTERNAME/print] and timeout=[Wed Jun 18 06:23:00 AM 2014 IST] (300 seconds ahead) set_printer_hnd_name: Printer found: print -> print [2014/06/18 06:18:00.204131, 5, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:773(open_printer_hnd) 1 printer handles active [2014/06/18 06:18:00.204160, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 11 00 00 00 00 00 00 00 A0 53 C0 E1 ........ .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:00.204211, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 11 00 00 00 00 00 00 00 A0 53 C0 E1 ........ .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:00.204261, 4, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) short name:print [2014/06/18 06:18:00.204303, 3, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/access.c:338(allow_access) Allowed connection from fe80::51bb:b8a:3bcd:9e1e (fe80::51bb:b8a:3bcd:9e1e) [2014/06/18 06:18:00.204370, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/share_access.c:237(user_ok_token) user_ok_token: share print is ok for unix user nobody [2014/06/18 06:18:00.204445, 4, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) Create pipe requested \winreg [2014/06/18 06:18:00.204478, 10, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2014/06/18 06:18:00.204505, 10, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2014/06/18 06:18:00.204557, 4, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) Created internal pipe \winreg [2014/06/18 06:18:00.204609, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2014/06/18 06:18:00.204755, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2014/06/18 06:18:00.204785, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2014/06/18 06:18:00.204817, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2014/06/18 06:18:00.204842, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2014/06/18 06:18:00.204876, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:00.204899, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM] [2014/06/18 06:18:00.204948, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2014/06/18 06:18:00.204993, 10, pid=5732, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2014/06/18 06:18:00.205023, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 12 00 00 00 00 00 00 00 A0 53 C0 E1 ........ .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:00.205073, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000012-0000-0000-a053-c0e164160000 result : WERR_OK [2014/06/18 06:18:00.205187, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000012-0000-0000-a053-c0e164160000 keyname: struct winreg_String name_len : 0x0084 (132) name_size : 0x0084 (132) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2014/06/18 06:18:00.205546, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 12 00 00 00 00 00 00 00 A0 53 C0 E1 ........ .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:00.205612, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2014/06/18 06:18:00.205639, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2014/06/18 06:18:00.205666, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2014/06/18 06:18:00.205689, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2014/06/18 06:18:00.205714, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:00.205737, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM\SOFTWARE] [2014/06/18 06:18:00.205786, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2014/06/18 06:18:00.205826, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2014/06/18 06:18:00.205853, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2014/06/18 06:18:00.205879, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2014/06/18 06:18:00.205902, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2014/06/18 06:18:00.205927, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:00.205950, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM\SOFTWARE\Microsoft] [2014/06/18 06:18:00.205994, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2014/06/18 06:18:00.206037, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2014/06/18 06:18:00.206064, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2014/06/18 06:18:00.206090, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2014/06/18 06:18:00.206114, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2014/06/18 06:18:00.206139, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:00.206162, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2014/06/18 06:18:00.206199, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2014/06/18 06:18:00.206241, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2014/06/18 06:18:00.206267, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2014/06/18 06:18:00.206293, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2014/06/18 06:18:00.206317, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2014/06/18 06:18:00.206342, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:00.206365, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x463360 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2014/06/18 06:18:00.206421, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2014/06/18 06:18:00.206449, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2014/06/18 06:18:00.206475, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2014/06/18 06:18:00.206499, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2014/06/18 06:18:00.206525, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:00.206548, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x463360 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2014/06/18 06:18:00.206589, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2014/06/18 06:18:00.206616, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (8->9) [2014/06/18 06:18:00.206642, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2014/06/18 06:18:00.206666, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2014/06/18 06:18:00.206692, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:00.206715, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2014/06/18 06:18:00.206753, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2014/06/18 06:18:00.206798, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [print] [2014/06/18 06:18:00.206826, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (9->10) [2014/06/18 06:18:00.206852, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:00.206876, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:00.206908, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:00.206931, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:00.206974, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:00.207011, 10, pid=5732, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2014/06/18 06:18:00.207038, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (10->9) [2014/06/18 06:18:00.207063, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (9->8) [2014/06/18 06:18:00.207087, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2014/06/18 06:18:00.207111, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2014/06/18 06:18:00.207135, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2014/06/18 06:18:00.207158, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2014/06/18 06:18:00.207183, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 13 00 00 00 00 00 00 00 A0 53 C0 E1 ........ .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:00.207230, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000013-0000-0000-a053-c0e164160000 result : WERR_OK [2014/06/18 06:18:00.207361, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000013-0000-0000-a053-c0e164160000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2014/06/18 06:18:00.207570, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 13 00 00 00 00 00 00 00 A0 53 C0 E1 ........ .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:00.207619, 7, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:00.207643, 7, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2014/06/18 06:18:00.207670, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print' (ops 0x6c4bc0) [2014/06/18 06:18:00.207695, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:00.207735, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2014/06/18 06:18:00.207762, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Description] len[2] [2014/06/18 06:18:00.207787, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[Datatype] len[8] [2014/06/18 06:18:00.207813, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[Default Priority] len[4] [2014/06/18 06:18:00.207838, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[Port] len[38] [2014/06/18 06:18:00.207864, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Name] len[12] [2014/06/18 06:18:00.207889, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[Print Processor] len[18] [2014/06/18 06:18:00.207914, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[7]: name[Priority] len[4] [2014/06/18 06:18:00.207940, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[8]: name[Security] len[176] [2014/06/18 06:18:00.207966, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[9]: name[Share Name] len[12] [2014/06/18 06:18:00.207995, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[10]: name[StartTime] len[4] [2014/06/18 06:18:00.208021, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[11]: name[UntilTime] len[4] [2014/06/18 06:18:00.208046, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[12]: name[ChangeID] len[4] [2014/06/18 06:18:00.208075, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2014/06/18 06:18:00.208201, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000013-0000-0000-a053-c0e164160000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x00000000 (0) [2014/06/18 06:18:00.208404, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 13 00 00 00 00 00 00 00 A0 53 C0 E1 ........ .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:00.208453, 7, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:00.208477, 7, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2014/06/18 06:18:00.208504, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(176) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0x7c (124) [55] : 0x00 (0) [56] : 0x05 (5) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x18 (24) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x02 (2) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x20 (32) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0x20 (32) [101] : 0x02 (2) [102] : 0x00 (0) [103] : 0x00 (0) [104] : 0x00 (0) [105] : 0x02 (2) [106] : 0x18 (24) [107] : 0x00 (0) [108] : 0x0c (12) [109] : 0x00 (0) [110] : 0x0f (15) [111] : 0x10 (16) [112] : 0x01 (1) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x00 (0) [118] : 0x00 (0) [119] : 0x05 (5) [120] : 0x20 (32) [121] : 0x00 (0) [122] : 0x00 (0) [123] : 0x00 (0) [124] : 0x20 (32) [125] : 0x02 (2) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x09 (9) [130] : 0x18 (24) [131] : 0x00 (0) [132] : 0x0c (12) [133] : 0x00 (0) [134] : 0x0f (15) [135] : 0x10 (16) [136] : 0x01 (1) [137] : 0x02 (2) [138] : 0x00 (0) [139] : 0x00 (0) [140] : 0x00 (0) [141] : 0x00 (0) [142] : 0x00 (0) [143] : 0x05 (5) [144] : 0x20 (32) [145] : 0x00 (0) [146] : 0x00 (0) [147] : 0x00 (0) [148] : 0x26 (38) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x02 (2) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x26 (38) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x000000b0 (176) result : WERR_OK [2014/06/18 06:18:00.210330, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000013-0000-0000-a053-c0e164160000 [2014/06/18 06:18:00.210408, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 13 00 00 00 00 00 00 00 A0 53 C0 E1 ........ .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:00.210456, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 13 00 00 00 00 00 00 00 A0 53 C0 E1 ........ .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:00.210502, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2014/06/18 06:18:00.210527, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2014/06/18 06:18:00.210552, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2014/06/18 06:18:00.210646, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000012-0000-0000-a053-c0e164160000 [2014/06/18 06:18:00.210724, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 12 00 00 00 00 00 00 00 A0 53 C0 E1 ........ .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:00.210772, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 12 00 00 00 00 00 00 00 A0 53 C0 E1 ........ .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:00.210819, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2014/06/18 06:18:00.210842, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2014/06/18 06:18:00.210866, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2014/06/18 06:18:00.210955, 10, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) Deleted handle list for RPC connection \winreg [2014/06/18 06:18:00.210989, 10, pid=5732, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x20020008 to 0x00020008 [2014/06/18 06:18:00.211014, 10, pid=5732, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2014/06/18 06:18:00.211038, 10, pid=5732, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2014/06/18 06:18:00.211060, 10, pid=5732, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2014/06/18 06:18:00.211083, 10, pid=5732, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2014/06/18 06:18:00.211110, 4, pid=5732, effective(99, 99), real(99, 0)] ../source3/printing/nt_printing.c:1844(print_access_check) access check was SUCCESS [2014/06/18 06:18:00.211135, 4, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:1921(_spoolss_OpenPrinterEx) Setting printer access = PRINTER_ACCESS_USE [2014/06/18 06:18:00.211181, 4, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) Create pipe requested \winreg [2014/06/18 06:18:00.211212, 10, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2014/06/18 06:18:00.211237, 10, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2014/06/18 06:18:00.211284, 4, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) Created internal pipe \winreg [2014/06/18 06:18:00.211324, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2014/06/18 06:18:00.211451, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2014/06/18 06:18:00.211475, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2014/06/18 06:18:00.211500, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2014/06/18 06:18:00.211523, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2014/06/18 06:18:00.211546, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:00.211569, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM] [2014/06/18 06:18:00.211609, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2014/06/18 06:18:00.211645, 10, pid=5732, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2014/06/18 06:18:00.211673, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 14 00 00 00 00 00 00 00 A0 53 C0 E1 ........ .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:00.211722, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000014-0000-0000-a053-c0e164160000 result : WERR_OK [2014/06/18 06:18:00.211823, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000014-0000-0000-a053-c0e164160000 keyname: struct winreg_String name_len : 0x0084 (132) name_size : 0x0084 (132) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2014/06/18 06:18:00.212075, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 14 00 00 00 00 00 00 00 A0 53 C0 E1 ........ .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:00.212125, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2014/06/18 06:18:00.212149, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2014/06/18 06:18:00.212175, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2014/06/18 06:18:00.212198, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2014/06/18 06:18:00.212222, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:00.212245, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM\SOFTWARE] [2014/06/18 06:18:00.212287, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2014/06/18 06:18:00.212325, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2014/06/18 06:18:00.212351, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2014/06/18 06:18:00.212376, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2014/06/18 06:18:00.212399, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2014/06/18 06:18:00.212423, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:00.212446, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM\SOFTWARE\Microsoft] [2014/06/18 06:18:00.212485, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2014/06/18 06:18:00.212522, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2014/06/18 06:18:00.212548, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2014/06/18 06:18:00.212574, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2014/06/18 06:18:00.212597, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2014/06/18 06:18:00.212624, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:00.212647, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2014/06/18 06:18:00.212683, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2014/06/18 06:18:00.212719, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2014/06/18 06:18:00.212745, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2014/06/18 06:18:00.212770, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2014/06/18 06:18:00.212793, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2014/06/18 06:18:00.212818, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:00.212840, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x463360 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2014/06/18 06:18:00.212889, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2014/06/18 06:18:00.212916, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2014/06/18 06:18:00.212941, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2014/06/18 06:18:00.212965, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2014/06/18 06:18:00.212990, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:00.213012, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x463360 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2014/06/18 06:18:00.213051, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2014/06/18 06:18:00.213078, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (8->9) [2014/06/18 06:18:00.213103, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2014/06/18 06:18:00.213127, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2014/06/18 06:18:00.213152, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:00.213181, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2014/06/18 06:18:00.213218, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2014/06/18 06:18:00.213256, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [print] [2014/06/18 06:18:00.213282, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (9->10) [2014/06/18 06:18:00.213308, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:00.213331, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:00.213357, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:00.213379, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:00.213422, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:00.213460, 10, pid=5732, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2014/06/18 06:18:00.213487, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (10->9) [2014/06/18 06:18:00.213511, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (9->8) [2014/06/18 06:18:00.213536, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2014/06/18 06:18:00.213560, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2014/06/18 06:18:00.213583, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2014/06/18 06:18:00.213607, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2014/06/18 06:18:00.213632, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 15 00 00 00 00 00 00 00 A0 53 C0 E1 ........ .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:00.213679, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000015-0000-0000-a053-c0e164160000 result : WERR_OK [2014/06/18 06:18:00.213774, 2, pid=5732, effective(99, 99), real(99, 0)] ../source3/rpc_client/cli_winreg_spoolss.c:626(winreg_create_printer) winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print already exists [2014/06/18 06:18:00.213810, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000015-0000-0000-a053-c0e164160000 [2014/06/18 06:18:00.213885, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 15 00 00 00 00 00 00 00 A0 53 C0 E1 ........ .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:00.213934, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 15 00 00 00 00 00 00 00 A0 53 C0 E1 ........ .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:00.213981, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2014/06/18 06:18:00.214005, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2014/06/18 06:18:00.214029, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2014/06/18 06:18:00.214123, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000014-0000-0000-a053-c0e164160000 [2014/06/18 06:18:00.214198, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 14 00 00 00 00 00 00 00 A0 53 C0 E1 ........ .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:00.214247, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 14 00 00 00 00 00 00 00 A0 53 C0 E1 ........ .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:00.214294, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2014/06/18 06:18:00.214318, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2014/06/18 06:18:00.214342, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2014/06/18 06:18:00.214435, 10, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) Deleted handle list for RPC connection \winreg [2014/06/18 06:18:00.214466, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_OpenPrinter: struct spoolss_OpenPrinter out: struct spoolss_OpenPrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000011-0000-0000-a053-c0e164160000 result : WERR_OK [2014/06/18 06:18:00.214598, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_StartDocPrinter: struct spoolss_StartDocPrinter in: struct spoolss_StartDocPrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000011-0000-0000-a053-c0e164160000 info_ctr : * info_ctr: struct spoolss_DocumentInfoCtr level : 0x00000001 (1) info : union spoolss_DocumentInfo(case 1) info1 : * info1: struct spoolss_DocumentInfo1 document_name : * document_name : 'Remote Downlevel Document ' output_file : * output_file : '/var/spool/samba/smbprn.qh7n1O' datatype : * datatype : 'RAW' [2014/06/18 06:18:00.214814, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 11 00 00 00 00 00 00 00 A0 53 C0 E1 ........ .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:00.214865, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 11 00 00 00 00 00 00 00 A0 53 C0 E1 ........ .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:00.214913, 4, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) short name:print [2014/06/18 06:18:00.214959, 4, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(99, 99) : sec_ctx_stack_ndx = 1 [2014/06/18 06:18:00.214987, 4, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) push_conn_ctx(2028379423) : conn_ctx_stack_ndx = 0 [2014/06/18 06:18:00.215011, 4, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2014/06/18 06:18:00.215034, 5, pid=5732, effective(99, 99), real(99, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2014/06/18 06:18:00.215057, 5, pid=5732, effective(99, 99), real(99, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2014/06/18 06:18:00.215124, 4, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (99, 99) - sec_ctx_stack_ndx = 0 [2014/06/18 06:18:00.215180, 4, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) Create pipe requested \winreg [2014/06/18 06:18:00.215211, 10, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2014/06/18 06:18:00.215237, 10, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2014/06/18 06:18:00.215281, 4, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) Created internal pipe \winreg [2014/06/18 06:18:00.215317, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2014/06/18 06:18:00.215445, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2014/06/18 06:18:00.215469, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2014/06/18 06:18:00.215495, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2014/06/18 06:18:00.215518, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2014/06/18 06:18:00.215541, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:00.215564, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM] [2014/06/18 06:18:00.215604, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2014/06/18 06:18:00.215641, 10, pid=5732, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2014/06/18 06:18:00.215669, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 16 00 00 00 00 00 00 00 A0 53 C0 E1 ........ .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:00.215718, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000016-0000-0000-a053-c0e164160000 result : WERR_OK [2014/06/18 06:18:00.215819, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000016-0000-0000-a053-c0e164160000 keyname: struct winreg_String name_len : 0x0084 (132) name_size : 0x0084 (132) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2014/06/18 06:18:00.216071, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 16 00 00 00 00 00 00 00 A0 53 C0 E1 ........ .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:00.216122, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2014/06/18 06:18:00.216146, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2014/06/18 06:18:00.216171, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2014/06/18 06:18:00.216194, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2014/06/18 06:18:00.216218, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:00.216240, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM\SOFTWARE] [2014/06/18 06:18:00.216283, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2014/06/18 06:18:00.216320, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2014/06/18 06:18:00.216346, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2014/06/18 06:18:00.216371, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2014/06/18 06:18:00.216394, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2014/06/18 06:18:00.216418, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:00.216440, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM\SOFTWARE\Microsoft] [2014/06/18 06:18:00.216479, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2014/06/18 06:18:00.216519, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2014/06/18 06:18:00.216545, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2014/06/18 06:18:00.216571, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2014/06/18 06:18:00.216593, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2014/06/18 06:18:00.216618, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:00.216640, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2014/06/18 06:18:00.216676, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2014/06/18 06:18:00.216713, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2014/06/18 06:18:00.216739, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2014/06/18 06:18:00.216764, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2014/06/18 06:18:00.216787, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2014/06/18 06:18:00.216811, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:00.216834, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x463360 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2014/06/18 06:18:00.216883, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2014/06/18 06:18:00.216910, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2014/06/18 06:18:00.216936, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2014/06/18 06:18:00.217002, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2014/06/18 06:18:00.217030, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:00.217053, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x463360 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2014/06/18 06:18:00.217095, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2014/06/18 06:18:00.217129, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (8->9) [2014/06/18 06:18:00.217156, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2014/06/18 06:18:00.217180, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2014/06/18 06:18:00.217206, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:00.217229, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2014/06/18 06:18:00.217267, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2014/06/18 06:18:00.217308, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [print] [2014/06/18 06:18:00.217334, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (9->10) [2014/06/18 06:18:00.217360, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:00.217384, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:00.217410, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:00.217433, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:00.217484, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:00.217540, 10, pid=5732, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2014/06/18 06:18:00.217567, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (10->9) [2014/06/18 06:18:00.217591, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (9->8) [2014/06/18 06:18:00.217615, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2014/06/18 06:18:00.217639, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2014/06/18 06:18:00.217663, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2014/06/18 06:18:00.217690, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2014/06/18 06:18:00.217714, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 17 00 00 00 00 00 00 00 A0 53 C0 E1 ........ .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:00.217762, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000017-0000-0000-a053-c0e164160000 result : WERR_OK [2014/06/18 06:18:00.217864, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000017-0000-0000-a053-c0e164160000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2014/06/18 06:18:00.218060, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 17 00 00 00 00 00 00 00 A0 53 C0 E1 ........ .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:00.218109, 7, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:00.218132, 7, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2014/06/18 06:18:00.218156, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print' (ops 0x6c4bc0) [2014/06/18 06:18:00.218180, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:00.218216, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2014/06/18 06:18:00.218243, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Description] len[2] [2014/06/18 06:18:00.218268, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[Datatype] len[8] [2014/06/18 06:18:00.218297, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[Default Priority] len[4] [2014/06/18 06:18:00.218322, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[Port] len[38] [2014/06/18 06:18:00.218347, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Name] len[12] [2014/06/18 06:18:00.218372, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[Print Processor] len[18] [2014/06/18 06:18:00.218397, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[7]: name[Priority] len[4] [2014/06/18 06:18:00.218422, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[8]: name[Security] len[176] [2014/06/18 06:18:00.218447, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[9]: name[Share Name] len[12] [2014/06/18 06:18:00.218473, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[10]: name[StartTime] len[4] [2014/06/18 06:18:00.218498, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[11]: name[UntilTime] len[4] [2014/06/18 06:18:00.218523, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[12]: name[ChangeID] len[4] [2014/06/18 06:18:00.218548, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2014/06/18 06:18:00.218672, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000017-0000-0000-a053-c0e164160000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x00000000 (0) [2014/06/18 06:18:00.218910, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 17 00 00 00 00 00 00 00 A0 53 C0 E1 ........ .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:00.218967, 7, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:00.218992, 7, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2014/06/18 06:18:00.219018, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(176) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0x7c (124) [55] : 0x00 (0) [56] : 0x05 (5) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x18 (24) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x02 (2) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x20 (32) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0x20 (32) [101] : 0x02 (2) [102] : 0x00 (0) [103] : 0x00 (0) [104] : 0x00 (0) [105] : 0x02 (2) [106] : 0x18 (24) [107] : 0x00 (0) [108] : 0x0c (12) [109] : 0x00 (0) [110] : 0x0f (15) [111] : 0x10 (16) [112] : 0x01 (1) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x00 (0) [118] : 0x00 (0) [119] : 0x05 (5) [120] : 0x20 (32) [121] : 0x00 (0) [122] : 0x00 (0) [123] : 0x00 (0) [124] : 0x20 (32) [125] : 0x02 (2) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x09 (9) [130] : 0x18 (24) [131] : 0x00 (0) [132] : 0x0c (12) [133] : 0x00 (0) [134] : 0x0f (15) [135] : 0x10 (16) [136] : 0x01 (1) [137] : 0x02 (2) [138] : 0x00 (0) [139] : 0x00 (0) [140] : 0x00 (0) [141] : 0x00 (0) [142] : 0x00 (0) [143] : 0x05 (5) [144] : 0x20 (32) [145] : 0x00 (0) [146] : 0x00 (0) [147] : 0x00 (0) [148] : 0x26 (38) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x02 (2) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x26 (38) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x000000b0 (176) result : WERR_OK [2014/06/18 06:18:00.220794, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000017-0000-0000-a053-c0e164160000 [2014/06/18 06:18:00.220906, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 17 00 00 00 00 00 00 00 A0 53 C0 E1 ........ .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:00.220992, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 17 00 00 00 00 00 00 00 A0 53 C0 E1 ........ .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:00.221040, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2014/06/18 06:18:00.221073, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2014/06/18 06:18:00.221097, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2014/06/18 06:18:00.221191, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000016-0000-0000-a053-c0e164160000 [2014/06/18 06:18:00.221266, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 16 00 00 00 00 00 00 00 A0 53 C0 E1 ........ .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:00.221313, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 16 00 00 00 00 00 00 00 A0 53 C0 E1 ........ .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:00.221359, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2014/06/18 06:18:00.221382, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2014/06/18 06:18:00.221406, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2014/06/18 06:18:00.221497, 10, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) Deleted handle list for RPC connection \winreg [2014/06/18 06:18:00.221526, 10, pid=5732, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x20020008 to 0x00020008 [2014/06/18 06:18:00.221550, 10, pid=5732, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2014/06/18 06:18:00.221573, 10, pid=5732, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2014/06/18 06:18:00.221596, 10, pid=5732, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2014/06/18 06:18:00.221622, 10, pid=5732, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2014/06/18 06:18:00.221645, 4, pid=5732, effective(99, 99), real(99, 0)] ../source3/printing/nt_printing.c:1844(print_access_check) access check was SUCCESS [2014/06/18 06:18:00.221695, 4, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) Create pipe requested \winreg [2014/06/18 06:18:00.221725, 10, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2014/06/18 06:18:00.221751, 10, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2014/06/18 06:18:00.221798, 4, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) Created internal pipe \winreg [2014/06/18 06:18:00.221843, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2014/06/18 06:18:00.221972, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2014/06/18 06:18:00.221996, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2014/06/18 06:18:00.222021, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2014/06/18 06:18:00.222045, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2014/06/18 06:18:00.222068, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:00.222090, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM] [2014/06/18 06:18:00.222131, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2014/06/18 06:18:00.222167, 10, pid=5732, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0x20019, remaining = 0x20019 [2014/06/18 06:18:00.222195, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 18 00 00 00 00 00 00 00 A0 53 C0 E1 ........ .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:00.222245, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000018-0000-0000-a053-c0e164160000 result : WERR_OK [2014/06/18 06:18:00.222357, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000018-0000-0000-a053-c0e164160000 keyname: struct winreg_String name_len : 0x0084 (132) name_size : 0x0084 (132) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2014/06/18 06:18:00.222610, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 18 00 00 00 00 00 00 00 A0 53 C0 E1 ........ .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:00.222660, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2014/06/18 06:18:00.222685, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2014/06/18 06:18:00.222710, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2014/06/18 06:18:00.222733, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2014/06/18 06:18:00.222756, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:00.222779, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM\SOFTWARE] [2014/06/18 06:18:00.222822, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2014/06/18 06:18:00.222859, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2014/06/18 06:18:00.222885, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2014/06/18 06:18:00.222911, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2014/06/18 06:18:00.222934, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2014/06/18 06:18:00.222958, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:00.222983, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM\SOFTWARE\Microsoft] [2014/06/18 06:18:00.223022, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2014/06/18 06:18:00.223058, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2014/06/18 06:18:00.223084, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2014/06/18 06:18:00.223110, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2014/06/18 06:18:00.223133, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2014/06/18 06:18:00.223157, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:00.223179, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2014/06/18 06:18:00.223215, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2014/06/18 06:18:00.223252, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2014/06/18 06:18:00.223278, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2014/06/18 06:18:00.223303, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2014/06/18 06:18:00.223326, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2014/06/18 06:18:00.223350, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:00.223373, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x463360 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2014/06/18 06:18:00.223422, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2014/06/18 06:18:00.223449, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2014/06/18 06:18:00.223475, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2014/06/18 06:18:00.223498, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2014/06/18 06:18:00.223523, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:00.223549, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x463360 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2014/06/18 06:18:00.223588, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2014/06/18 06:18:00.223615, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (8->9) [2014/06/18 06:18:00.223640, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2014/06/18 06:18:00.223664, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2014/06/18 06:18:00.223689, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:00.223711, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2014/06/18 06:18:00.223748, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2014/06/18 06:18:00.223785, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [print] [2014/06/18 06:18:00.223810, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (9->10) [2014/06/18 06:18:00.223836, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:00.223860, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:00.223885, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:00.223907, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:00.223949, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:00.223988, 10, pid=5732, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0x20019, remaining = 0x20019 [2014/06/18 06:18:00.224016, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (10->9) [2014/06/18 06:18:00.224041, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (9->8) [2014/06/18 06:18:00.224066, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2014/06/18 06:18:00.224093, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2014/06/18 06:18:00.224117, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2014/06/18 06:18:00.224141, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2014/06/18 06:18:00.224165, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 A0 53 C0 E1 ........ .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:00.224213, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000019-0000-0000-a053-c0e164160000 result : WERR_OK [2014/06/18 06:18:00.224315, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey in: struct winreg_QueryInfoKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000019-0000-0000-a053-c0e164160000 classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL [2014/06/18 06:18:00.224438, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 A0 53 C0 E1 ........ .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:00.224487, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print' (ops 0x6c4bc0) [2014/06/18 06:18:00.224512, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:00.224549, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2014/06/18 06:18:00.224575, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Description] len[2] [2014/06/18 06:18:00.224601, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[Datatype] len[8] [2014/06/18 06:18:00.224626, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[Default Priority] len[4] [2014/06/18 06:18:00.224651, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[Port] len[38] [2014/06/18 06:18:00.224680, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Name] len[12] [2014/06/18 06:18:00.224705, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[Print Processor] len[18] [2014/06/18 06:18:00.224730, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[7]: name[Priority] len[4] [2014/06/18 06:18:00.224755, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[8]: name[Security] len[176] [2014/06/18 06:18:00.224781, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[9]: name[Share Name] len[12] [2014/06/18 06:18:00.224806, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[10]: name[StartTime] len[4] [2014/06/18 06:18:00.224831, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[11]: name[UntilTime] len[4] [2014/06/18 06:18:00.224857, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[12]: name[ChangeID] len[4] [2014/06/18 06:18:00.224882, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:00.224918, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey out: struct winreg_QueryInfoKey classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL num_subkeys : * num_subkeys : 0x00000003 (3) max_subkeylen : * max_subkeylen : 0x00000022 (34) max_classlen : * max_classlen : 0x00000000 (0) num_values : * num_values : 0x0000000d (13) max_valnamelen : * max_valnamelen : 0x00000022 (34) max_valbufsize : * max_valbufsize : 0x000000b0 (176) secdescsize : * secdescsize : 0x00000078 (120) last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2014/06/18 06:18:00.225186, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000019-0000-0000-a053-c0e164160000 enum_index : 0x00000000 (0) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000b0 (176) length : * length : 0x00000000 (0) [2014/06/18 06:18:00.225407, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 A0 53 C0 E1 ........ .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:00.225456, 8, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:00.225485, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Attributes' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x48 (72) [1] : 0x10 (16) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2014/06/18 06:18:00.225716, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000019-0000-0000-a053-c0e164160000 enum_index : 0x00000001 (1) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000b0 (176) length : * length : 0x00000000 (0) [2014/06/18 06:18:00.225928, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 A0 53 C0 E1 ........ .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:00.225976, 8, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:00.226005, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0018 (24) size : 0x0024 (36) name : * name : 'Description' type : * type : REG_SZ (1) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2014/06/18 06:18:00.226212, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000019-0000-0000-a053-c0e164160000 enum_index : 0x00000002 (2) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000b0 (176) length : * length : 0x00000000 (0) [2014/06/18 06:18:00.226424, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 A0 53 C0 E1 ........ .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:00.226472, 8, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:00.226498, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Datatype' type : * type : REG_SZ (1) value : * value: ARRAY(8) [0] : 0x52 (82) [1] : 0x00 (0) [2] : 0x41 (65) [3] : 0x00 (0) [4] : 0x57 (87) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) size : * size : 0x00000008 (8) length : * length : 0x00000008 (8) result : WERR_OK [2014/06/18 06:18:00.226762, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000019-0000-0000-a053-c0e164160000 enum_index : 0x00000003 (3) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000b0 (176) length : * length : 0x00000000 (0) [2014/06/18 06:18:00.226974, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 A0 53 C0 E1 ........ .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:00.227021, 8, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:00.227047, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0022 (34) size : 0x0024 (36) name : * name : 'Default Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2014/06/18 06:18:00.227273, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000019-0000-0000-a053-c0e164160000 enum_index : 0x00000004 (4) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000b0 (176) length : * length : 0x00000000 (0) [2014/06/18 06:18:00.227487, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 A0 53 C0 E1 ........ .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:00.227534, 8, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:00.227560, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Port' type : * type : REG_SZ (1) value : * value: ARRAY(38) [0] : 0x53 (83) [1] : 0x00 (0) [2] : 0x61 (97) [3] : 0x00 (0) [4] : 0x6d (109) [5] : 0x00 (0) [6] : 0x62 (98) [7] : 0x00 (0) [8] : 0x61 (97) [9] : 0x00 (0) [10] : 0x20 (32) [11] : 0x00 (0) [12] : 0x50 (80) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x69 (105) [17] : 0x00 (0) [18] : 0x6e (110) [19] : 0x00 (0) [20] : 0x74 (116) [21] : 0x00 (0) [22] : 0x65 (101) [23] : 0x00 (0) [24] : 0x72 (114) [25] : 0x00 (0) [26] : 0x20 (32) [27] : 0x00 (0) [28] : 0x50 (80) [29] : 0x00 (0) [30] : 0x6f (111) [31] : 0x00 (0) [32] : 0x72 (114) [33] : 0x00 (0) [34] : 0x74 (116) [35] : 0x00 (0) [36] : 0x00 (0) [37] : 0x00 (0) size : * size : 0x00000026 (38) length : * length : 0x00000026 (38) result : WERR_OK [2014/06/18 06:18:00.228097, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000019-0000-0000-a053-c0e164160000 enum_index : 0x00000005 (5) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000b0 (176) length : * length : 0x00000000 (0) [2014/06/18 06:18:00.228308, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 A0 53 C0 E1 ........ .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:00.228355, 8, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:00.228381, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Name' type : * type : REG_SZ (1) value : * value: ARRAY(12) [0] : 0x70 (112) [1] : 0x00 (0) [2] : 0x72 (114) [3] : 0x00 (0) [4] : 0x69 (105) [5] : 0x00 (0) [6] : 0x6e (110) [7] : 0x00 (0) [8] : 0x74 (116) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) size : * size : 0x0000000c (12) length : * length : 0x0000000c (12) result : WERR_OK [2014/06/18 06:18:00.228676, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000019-0000-0000-a053-c0e164160000 enum_index : 0x00000006 (6) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000b0 (176) length : * length : 0x00000000 (0) [2014/06/18 06:18:00.228890, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 A0 53 C0 E1 ........ .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:00.228937, 8, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:00.228963, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0020 (32) size : 0x0024 (36) name : * name : 'Print Processor' type : * type : REG_SZ (1) value : * value: ARRAY(18) [0] : 0x77 (119) [1] : 0x00 (0) [2] : 0x69 (105) [3] : 0x00 (0) [4] : 0x6e (110) [5] : 0x00 (0) [6] : 0x70 (112) [7] : 0x00 (0) [8] : 0x72 (114) [9] : 0x00 (0) [10] : 0x69 (105) [11] : 0x00 (0) [12] : 0x6e (110) [13] : 0x00 (0) [14] : 0x74 (116) [15] : 0x00 (0) [16] : 0x00 (0) [17] : 0x00 (0) size : * size : 0x00000012 (18) length : * length : 0x00000012 (18) result : WERR_OK [2014/06/18 06:18:00.229315, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000019-0000-0000-a053-c0e164160000 enum_index : 0x00000007 (7) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000b0 (176) length : * length : 0x00000000 (0) [2014/06/18 06:18:00.229529, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 A0 53 C0 E1 ........ .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:00.229576, 8, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:00.229603, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2014/06/18 06:18:00.229830, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000019-0000-0000-a053-c0e164160000 enum_index : 0x00000008 (8) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000b0 (176) length : * length : 0x00000000 (0) [2014/06/18 06:18:00.230044, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 A0 53 C0 E1 ........ .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:00.230092, 8, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:00.230122, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Security' type : * type : REG_BINARY (3) value : * value: ARRAY(176) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0x7c (124) [55] : 0x00 (0) [56] : 0x05 (5) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x18 (24) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x02 (2) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x20 (32) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0x20 (32) [101] : 0x02 (2) [102] : 0x00 (0) [103] : 0x00 (0) [104] : 0x00 (0) [105] : 0x02 (2) [106] : 0x18 (24) [107] : 0x00 (0) [108] : 0x0c (12) [109] : 0x00 (0) [110] : 0x0f (15) [111] : 0x10 (16) [112] : 0x01 (1) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x00 (0) [118] : 0x00 (0) [119] : 0x05 (5) [120] : 0x20 (32) [121] : 0x00 (0) [122] : 0x00 (0) [123] : 0x00 (0) [124] : 0x20 (32) [125] : 0x02 (2) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x09 (9) [130] : 0x18 (24) [131] : 0x00 (0) [132] : 0x0c (12) [133] : 0x00 (0) [134] : 0x0f (15) [135] : 0x10 (16) [136] : 0x01 (1) [137] : 0x02 (2) [138] : 0x00 (0) [139] : 0x00 (0) [140] : 0x00 (0) [141] : 0x00 (0) [142] : 0x00 (0) [143] : 0x05 (5) [144] : 0x20 (32) [145] : 0x00 (0) [146] : 0x00 (0) [147] : 0x00 (0) [148] : 0x26 (38) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x02 (2) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x26 (38) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) size : * size : 0x000000b0 (176) length : * length : 0x000000b0 (176) result : WERR_OK [2014/06/18 06:18:00.232063, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000019-0000-0000-a053-c0e164160000 enum_index : 0x00000009 (9) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000b0 (176) length : * length : 0x00000000 (0) [2014/06/18 06:18:00.232281, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 A0 53 C0 E1 ........ .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:00.232329, 8, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:00.232356, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Share Name' type : * type : REG_SZ (1) value : * value: ARRAY(12) [0] : 0x70 (112) [1] : 0x00 (0) [2] : 0x72 (114) [3] : 0x00 (0) [4] : 0x69 (105) [5] : 0x00 (0) [6] : 0x6e (110) [7] : 0x00 (0) [8] : 0x74 (116) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) size : * size : 0x0000000c (12) length : * length : 0x0000000c (12) result : WERR_OK [2014/06/18 06:18:00.232670, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000019-0000-0000-a053-c0e164160000 enum_index : 0x0000000a (10) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000b0 (176) length : * length : 0x00000000 (0) [2014/06/18 06:18:00.232883, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 A0 53 C0 E1 ........ .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:00.232931, 8, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:00.232964, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'StartTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2014/06/18 06:18:00.233202, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000019-0000-0000-a053-c0e164160000 enum_index : 0x0000000b (11) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000b0 (176) length : * length : 0x00000000 (0) [2014/06/18 06:18:00.233415, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 A0 53 C0 E1 ........ .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:00.233463, 8, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:00.233489, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'UntilTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2014/06/18 06:18:00.233777, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000019-0000-0000-a053-c0e164160000 enum_index : 0x0000000c (12) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000b0 (176) length : * length : 0x00000000 (0) [2014/06/18 06:18:00.234006, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 A0 53 C0 E1 ........ .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:00.234062, 8, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:00.234088, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'ChangeID' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x5e (94) [1] : 0x01 (1) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2014/06/18 06:18:00.234362, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000019-0000-0000-a053-c0e164160000 value_name : * value_name: struct winreg_String name_len : 0x0020 (32) name_size : 0x0020 (32) name : * name : 'Default DevMode' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2014/06/18 06:18:00.234599, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 A0 53 C0 E1 ........ .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:00.234648, 7, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:00.234672, 7, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2014/06/18 06:18:00.234697, 10, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:316(_winreg_QueryValue) _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE [2014/06/18 06:18:00.234723, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) result : WERR_BADFILE [2014/06/18 06:18:00.234882, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2014/06/18 06:18:00.235011, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2014/06/18 06:18:00.235036, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2014/06/18 06:18:00.235062, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2014/06/18 06:18:00.235085, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2014/06/18 06:18:00.235108, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:00.235131, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM] [2014/06/18 06:18:00.235172, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2014/06/18 06:18:00.235208, 10, pid=5732, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0x20019, remaining = 0x20019 [2014/06/18 06:18:00.235240, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 1A 00 00 00 00 00 00 00 A0 53 C0 E1 ........ .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:00.235289, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001a-0000-0000-a053-c0e164160000 result : WERR_OK [2014/06/18 06:18:00.235388, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001a-0000-0000-a053-c0e164160000 keyname: struct winreg_String name_len : 0x0084 (132) name_size : 0x0084 (132) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2014/06/18 06:18:00.235639, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1A 00 00 00 00 00 00 00 A0 53 C0 E1 ........ .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:00.235689, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2014/06/18 06:18:00.235714, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2014/06/18 06:18:00.235739, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2014/06/18 06:18:00.235762, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2014/06/18 06:18:00.235786, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:00.235809, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM\SOFTWARE] [2014/06/18 06:18:00.235852, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2014/06/18 06:18:00.235893, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2014/06/18 06:18:00.235920, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2014/06/18 06:18:00.235945, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2014/06/18 06:18:00.235968, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2014/06/18 06:18:00.235992, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:00.236014, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM\SOFTWARE\Microsoft] [2014/06/18 06:18:00.236053, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2014/06/18 06:18:00.236090, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2014/06/18 06:18:00.236116, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2014/06/18 06:18:00.236141, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2014/06/18 06:18:00.236164, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2014/06/18 06:18:00.236188, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:00.236211, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2014/06/18 06:18:00.236247, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2014/06/18 06:18:00.236284, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2014/06/18 06:18:00.236310, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (8->9) [2014/06/18 06:18:00.236336, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2014/06/18 06:18:00.236359, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2014/06/18 06:18:00.236384, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:00.236407, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x463360 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2014/06/18 06:18:00.236457, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2014/06/18 06:18:00.236541, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (9->10) [2014/06/18 06:18:00.236568, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2014/06/18 06:18:00.236593, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2014/06/18 06:18:00.236619, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:00.236649, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x463360 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2014/06/18 06:18:00.236692, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2014/06/18 06:18:00.236719, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (10->11) [2014/06/18 06:18:00.236744, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2014/06/18 06:18:00.236768, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2014/06/18 06:18:00.236793, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:00.236816, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2014/06/18 06:18:00.236853, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2014/06/18 06:18:00.236891, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [print] [2014/06/18 06:18:00.236917, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (11->12) [2014/06/18 06:18:00.236943, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:00.236966, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:00.236992, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:00.237014, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:00.237057, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:00.237100, 10, pid=5732, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0x20019, remaining = 0x20019 [2014/06/18 06:18:00.237132, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (12->11) [2014/06/18 06:18:00.237156, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (11->10) [2014/06/18 06:18:00.237181, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (10->9) [2014/06/18 06:18:00.237204, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (9->8) [2014/06/18 06:18:00.237228, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2014/06/18 06:18:00.237252, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2014/06/18 06:18:00.237276, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[4] [0000] 00 00 00 00 1B 00 00 00 00 00 00 00 A0 53 C0 E1 ........ .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:00.237324, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001b-0000-0000-a053-c0e164160000 result : WERR_OK [2014/06/18 06:18:00.237424, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001b-0000-0000-a053-c0e164160000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2014/06/18 06:18:00.237620, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1B 00 00 00 00 00 00 00 A0 53 C0 E1 ........ .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:00.237668, 7, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:00.237691, 7, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2014/06/18 06:18:00.237718, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print' (ops 0x6c4bc0) [2014/06/18 06:18:00.237742, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:00.237778, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2014/06/18 06:18:00.237805, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Description] len[2] [2014/06/18 06:18:00.237830, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[Datatype] len[8] [2014/06/18 06:18:00.237856, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[Default Priority] len[4] [2014/06/18 06:18:00.237881, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[Port] len[38] [2014/06/18 06:18:00.237906, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Name] len[12] [2014/06/18 06:18:00.237932, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[Print Processor] len[18] [2014/06/18 06:18:00.237957, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[7]: name[Priority] len[4] [2014/06/18 06:18:00.237982, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[8]: name[Security] len[176] [2014/06/18 06:18:00.238007, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[9]: name[Share Name] len[12] [2014/06/18 06:18:00.238033, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[10]: name[StartTime] len[4] [2014/06/18 06:18:00.238058, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[11]: name[UntilTime] len[4] [2014/06/18 06:18:00.238083, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[12]: name[ChangeID] len[4] [2014/06/18 06:18:00.238109, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2014/06/18 06:18:00.238233, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001b-0000-0000-a053-c0e164160000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x00000000 (0) [2014/06/18 06:18:00.238438, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1B 00 00 00 00 00 00 00 A0 53 C0 E1 ........ .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:00.238486, 7, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:00.238510, 7, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2014/06/18 06:18:00.238536, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(176) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0x7c (124) [55] : 0x00 (0) [56] : 0x05 (5) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x18 (24) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x02 (2) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x20 (32) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0x20 (32) [101] : 0x02 (2) [102] : 0x00 (0) [103] : 0x00 (0) [104] : 0x00 (0) [105] : 0x02 (2) [106] : 0x18 (24) [107] : 0x00 (0) [108] : 0x0c (12) [109] : 0x00 (0) [110] : 0x0f (15) [111] : 0x10 (16) [112] : 0x01 (1) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x00 (0) [118] : 0x00 (0) [119] : 0x05 (5) [120] : 0x20 (32) [121] : 0x00 (0) [122] : 0x00 (0) [123] : 0x00 (0) [124] : 0x20 (32) [125] : 0x02 (2) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x09 (9) [130] : 0x18 (24) [131] : 0x00 (0) [132] : 0x0c (12) [133] : 0x00 (0) [134] : 0x0f (15) [135] : 0x10 (16) [136] : 0x01 (1) [137] : 0x02 (2) [138] : 0x00 (0) [139] : 0x00 (0) [140] : 0x00 (0) [141] : 0x00 (0) [142] : 0x00 (0) [143] : 0x05 (5) [144] : 0x20 (32) [145] : 0x00 (0) [146] : 0x00 (0) [147] : 0x00 (0) [148] : 0x26 (38) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x02 (2) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x26 (38) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x000000b0 (176) result : WERR_OK [2014/06/18 06:18:00.240307, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001b-0000-0000-a053-c0e164160000 [2014/06/18 06:18:00.240385, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1B 00 00 00 00 00 00 00 A0 53 C0 E1 ........ .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:00.240434, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1B 00 00 00 00 00 00 00 A0 53 C0 E1 ........ .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:00.240480, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2014/06/18 06:18:00.240506, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2014/06/18 06:18:00.240531, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2014/06/18 06:18:00.240624, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001a-0000-0000-a053-c0e164160000 [2014/06/18 06:18:00.240700, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1A 00 00 00 00 00 00 00 A0 53 C0 E1 ........ .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:00.240748, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1A 00 00 00 00 00 00 00 A0 53 C0 E1 ........ .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:00.240794, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2014/06/18 06:18:00.240818, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2014/06/18 06:18:00.240841, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2014/06/18 06:18:00.240941, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000019-0000-0000-a053-c0e164160000 [2014/06/18 06:18:00.241016, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 A0 53 C0 E1 ........ .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:00.241064, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 A0 53 C0 E1 ........ .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:00.241111, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2014/06/18 06:18:00.241136, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2014/06/18 06:18:00.241160, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2014/06/18 06:18:00.241253, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000018-0000-0000-a053-c0e164160000 [2014/06/18 06:18:00.241328, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 18 00 00 00 00 00 00 00 A0 53 C0 E1 ........ .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:00.241375, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 18 00 00 00 00 00 00 00 A0 53 C0 E1 ........ .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:00.241422, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2014/06/18 06:18:00.241446, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2014/06/18 06:18:00.241469, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2014/06/18 06:18:00.241563, 10, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) Deleted handle list for RPC connection \winreg [2014/06/18 06:18:00.241615, 4, pid=5732, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:1328(print_cache_expired) print_cache_expired: cache expired for queue print (last_qscan_time = 1403052305, time now = 1403052480, qcachetime = 30) [2014/06/18 06:18:00.241672, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:1745(print_queue_update) print_queue_update: Sending message -> printer = print, type = 6, lpq command = [lpq -P'print'] lprm command = [lprm -P'print' %j] [2014/06/18 06:18:00.241745, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/messages_local.c:282(messaging_tdb_store) messaging_tdb_store: [2014/06/18 06:18:00.241772, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) array: struct messaging_array num_messages : 0x00000001 (1) messages: ARRAY(1) messages: struct messaging_rec msg_version : 0x00000002 (2) msg_type : MSG_PRINTER_UPDATE (517) dest: struct server_id pid : 0x00000000000015fc (5628) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0x718583a4645892af (8180089040269775535) src: struct server_id pid : 0x0000000000001664 (5732) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0x718583a4645892af (8180089040269775535) buf : DATA_BLOB length=42 [0000] 70 72 69 6E 74 00 06 00 00 00 6C 70 71 20 2D 50 print... ..lpq -P [0010] 27 70 72 69 6E 74 27 00 6C 70 72 6D 20 2D 50 27 'print'. lprm -P' [0020] 70 72 69 6E 74 27 20 25 6A 00 print' % j. [2014/06/18 06:18:00.242866, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:2805(print_job_start) print_job_start: Queue print number of jobs (1), max printjobs = 1000 [2014/06/18 06:18:00.242912, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:2573(allocate_print_jobid) allocate_print_jobid: Read jobid 39 from print [2014/06/18 06:18:00.242977, 3, pid=5732, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:2737(print_job_spool_file) print_job_spool_file:External spooling activated [2014/06/18 06:18:00.243033, 5, pid=5732, effective(99, 99), real(99, 0)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) send_spoolss_notify2_msg: appending message 0x01/0x10 for printer print to notify_queue_head [2014/06/18 06:18:00.243066, 5, pid=5732, effective(99, 99), real(99, 0)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) send_spoolss_notify2_msg: appending message 0x01/0x03 for printer print to notify_queue_head [2014/06/18 06:18:00.243096, 5, pid=5732, effective(99, 99), real(99, 0)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) send_spoolss_notify2_msg: appending message 0x01/0x0d for printer print to notify_queue_head [2014/06/18 06:18:00.243125, 5, pid=5732, effective(99, 99), real(99, 0)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) send_spoolss_notify2_msg: appending message 0x01/0x0a for printer print to notify_queue_head [2014/06/18 06:18:00.243154, 5, pid=5732, effective(99, 99), real(99, 0)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) send_spoolss_notify2_msg: appending message 0x01/0x16 for printer print to notify_queue_head [2014/06/18 06:18:00.243186, 5, pid=5732, effective(99, 99), real(99, 0)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) send_spoolss_notify2_msg: appending message 0x01/0x14 for printer print to notify_queue_head [2014/06/18 06:18:00.243212, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:2637(add_to_jobs_added) add_to_jobs_added: Added jobid 40 [2014/06/18 06:18:00.243252, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_StartDocPrinter: struct spoolss_StartDocPrinter out: struct spoolss_StartDocPrinter job_id : * job_id : 0x00000028 (40) result : WERR_OK [2014/06/18 06:18:00.243337, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:79(pjobid_to_rap) pjobid_to_rap: called. [2014/06/18 06:18:00.243375, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:114(pjobid_to_rap) pjobid_to_rap: created jobid 40 maps to RAP jobid 1 [2014/06/18 06:18:00.243414, 8, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/dosmode.c:631(dos_mode) dos_mode: /var/spool/samba/smbprn.qh7n1O [2014/06/18 06:18:00.243454, 8, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/dosmode.c:204(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2014/06/18 06:18:00.243487, 8, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/dosmode.c:682(dos_mode) dos_mode returning [2014/06/18 06:18:00.243532, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/smb2_create.c:1052(smbd_smb2_create_send) smbd_smb2_create_send: /var/spool/samba/smbprn.qh7n1O - fnum 2792954035 [2014/06/18 06:18:00.243574, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/smb2_server.c:2499(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[88] dyn[yes:0] at ../source3/smbd/smb2_create.c:369 [2014/06/18 06:18:00.243604, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/smb2_server.c:874(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 482/512, total granted/max/low/range 31/8192/6/31 [2014/06/18 06:18:00.245209, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/smb2_server.c:3241(smbd_smb2_io_handler) smbd_smb2_request idx[1] of 5 vectors [2014/06/18 06:18:00.245264, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/smb2_server.c:621(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 6 (position 6) from bitmap [2014/06/18 06:18:00.245294, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/smb2_server.c:1878(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_CREATE] mid = 6 [2014/06/18 06:18:00.245328, 4, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2014/06/18 06:18:00.245363, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/smb2_create.c:451(smbd_smb2_create_send) smbd_smb2_create: name[] [2014/06/18 06:18:00.245398, 5, pid=5732, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:187(dbwrap_check_lock_order) check lock order 1 for /usr/local/samba/var/lock/smbXsrv_open_global.tdb [2014/06/18 06:18:00.245424, 10, pid=5732, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1:/usr/local/samba/var/lock/smbXsrv_open_global.tdb 2: 3: [2014/06/18 06:18:00.245459, 10, pid=5732, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Locking key 7326B47E [2014/06/18 06:18:00.245503, 10, pid=5732, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) Allocated locked data 0x0xb65a0908 [2014/06/18 06:18:00.245561, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/smbXsrv_open.c:695(smbXsrv_open_global_store) [2014/06/18 06:18:00.245587, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/smbXsrv_open.c:697(smbXsrv_open_global_store) smbXsrv_open_global_store: key '7326B47E' stored [2014/06/18 06:18:00.245614, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &global_blob: struct smbXsrv_open_globalB version : SMBXSRV_VERSION_0 (0) seqnum : 0x00000001 (1) info : union smbXsrv_open_globalU(case 0) info0 : * info0: struct smbXsrv_open_global0 db_rec : * server_id: struct server_id pid : 0x0000000000001664 (5732) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0x718583a4645892af (8180089040269775535) open_global_id : 0x7326b47e (1931916414) open_persistent_id : 0x000000007326b47e (1931916414) open_volatile_id : 0x00000000a43dd321 (2755515169) open_owner : S-1-5-21-1412259249-3212819653-634731678-501 open_time : Wed Jun 18 06:18:00 AM 2014 IST create_guid : 00000000-0000-0000-0000-000000000000 client_guid : e8c453bd-f6cd-11e3-a601-005056c00008 app_instance_id : 00000000-0000-0000-0000-000000000000 disconnect_time : NTTIME(0) durable_timeout_msec : 0x00000000 (0) durable : 0x00 (0) backend_cookie : DATA_BLOB length=0 [2014/06/18 06:18:00.245900, 10, pid=5732, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Unlocking key 7326B47E [2014/06/18 06:18:00.245928, 5, pid=5732, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) release lock order 1 for /usr/local/samba/var/lock/smbXsrv_open_global.tdb [2014/06/18 06:18:00.245953, 10, pid=5732, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1: 2: 3: [2014/06/18 06:18:00.245979, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/smbXsrv_open.c:862(smbXsrv_open_create) [2014/06/18 06:18:00.245995, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/smbXsrv_open.c:870(smbXsrv_open_create) smbXsrv_open_create: global_id (0x7326b47e) stored [2014/06/18 06:18:00.246020, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &open_blob: struct smbXsrv_openB version : SMBXSRV_VERSION_0 (0) reserved : 0x00000000 (0) info : union smbXsrv_openU(case 0) info0 : * info0: struct smbXsrv_open table : * db_rec : NULL local_id : 0xa43dd321 (2755515169) global : * global: struct smbXsrv_open_global0 db_rec : NULL server_id: struct server_id pid : 0x0000000000001664 (5732) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0x718583a4645892af (8180089040269775535) open_global_id : 0x7326b47e (1931916414) open_persistent_id : 0x000000007326b47e (1931916414) open_volatile_id : 0x00000000a43dd321 (2755515169) open_owner : S-1-5-21-1412259249-3212819653-634731678-501 open_time : Wed Jun 18 06:18:00 AM 2014 IST create_guid : 00000000-0000-0000-0000-000000000000 client_guid : e8c453bd-f6cd-11e3-a601-005056c00008 app_instance_id : 00000000-0000-0000-0000-000000000000 disconnect_time : NTTIME(0) durable_timeout_msec : 0x00000000 (0) durable : 0x00 (0) backend_cookie : DATA_BLOB length=0 status : NT_STATUS_OK idle_time : Wed Jun 18 06:18:00 AM 2014 IST compat : NULL [2014/06/18 06:18:00.246393, 5, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/files.c:125(file_new) allocated file structure fnum 2755515169 (2 used) [2014/06/18 06:18:00.246460, 10, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) Deleted handle list for RPC connection \spoolss [2014/06/18 06:18:00.246495, 5, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:796(rpc_pipe_open_interface) Connecting to spoolss pipe. [2014/06/18 06:18:00.246529, 4, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) Create pipe requested \spoolss [2014/06/18 06:18:00.246560, 10, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \spoolss [2014/06/18 06:18:00.246587, 10, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \spoolss [2014/06/18 06:18:00.246668, 4, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) Created internal pipe \spoolss [2014/06/18 06:18:00.246718, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_OpenPrinter: struct spoolss_OpenPrinter in: struct spoolss_OpenPrinter printername : * printername : 'print' datatype : * datatype : 'RAW' devmode_ctr: struct spoolss_DevmodeContainer _ndr_size : 0x00000000 (0) devmode : NULL access_mask : 0x00000008 (8) 0: SERVER_ACCESS_ADMINISTER 0: SERVER_ACCESS_ENUMERATE 0: PRINTER_ACCESS_ADMINISTER 1: PRINTER_ACCESS_USE 0: JOB_ACCESS_ADMINISTER 0: JOB_ACCESS_READ checking name: print [2014/06/18 06:18:00.246907, 10, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:737(open_printer_hnd) open_printer_hnd: name [print] [2014/06/18 06:18:00.246934, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 1C 00 00 00 00 00 00 00 A0 53 C0 E1 ........ .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:00.246988, 3, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:506(set_printer_hnd_printertype) Setting printer type=print Printer is a printer [2014/06/18 06:18:00.247022, 4, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:566(set_printer_hnd_name) Setting printer name=print (len=5) searching for [print] [2014/06/18 06:18:00.247084, 10, pid=5732, effective(99, 99), real(99, 0), class=tdb] ../source3/lib/gencache.c:275(gencache_set_data_blob) Did not store value for PRINTERNAME/print, we already got it set_printer_hnd_name: Printer found: print -> print [2014/06/18 06:18:00.247120, 5, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:773(open_printer_hnd) 1 printer handles active [2014/06/18 06:18:00.247146, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1C 00 00 00 00 00 00 00 A0 53 C0 E1 ........ .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:00.247198, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1C 00 00 00 00 00 00 00 A0 53 C0 E1 ........ .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:00.247249, 4, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) short name:print [2014/06/18 06:18:00.247288, 3, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/access.c:338(allow_access) Allowed connection from fe80::51bb:b8a:3bcd:9e1e (fe80::51bb:b8a:3bcd:9e1e) [2014/06/18 06:18:00.247339, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/share_access.c:237(user_ok_token) user_ok_token: share print is ok for unix user nobody [2014/06/18 06:18:00.247408, 4, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) Create pipe requested \winreg [2014/06/18 06:18:00.247442, 10, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2014/06/18 06:18:00.247470, 10, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2014/06/18 06:18:00.247519, 4, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) Created internal pipe \winreg [2014/06/18 06:18:00.247559, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2014/06/18 06:18:00.247700, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2014/06/18 06:18:00.247727, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2014/06/18 06:18:00.247756, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2014/06/18 06:18:00.247781, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2014/06/18 06:18:00.247808, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:00.247836, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM] [2014/06/18 06:18:00.247884, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2014/06/18 06:18:00.247925, 10, pid=5732, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2014/06/18 06:18:00.247955, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 1D 00 00 00 00 00 00 00 A0 53 C0 E1 ........ .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:00.248009, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001d-0000-0000-a053-c0e164160000 result : WERR_OK [2014/06/18 06:18:00.248123, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001d-0000-0000-a053-c0e164160000 keyname: struct winreg_String name_len : 0x0084 (132) name_size : 0x0084 (132) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2014/06/18 06:18:00.258265, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1D 00 00 00 00 00 00 00 A0 53 C0 E1 ........ .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:00.258335, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2014/06/18 06:18:00.258362, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2014/06/18 06:18:00.258389, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2014/06/18 06:18:00.258413, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2014/06/18 06:18:00.258439, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:00.258468, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM\SOFTWARE] [2014/06/18 06:18:00.258526, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2014/06/18 06:18:00.258567, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2014/06/18 06:18:00.258593, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2014/06/18 06:18:00.258618, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2014/06/18 06:18:00.258641, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2014/06/18 06:18:00.258665, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:00.258687, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM\SOFTWARE\Microsoft] [2014/06/18 06:18:00.258726, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2014/06/18 06:18:00.258762, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2014/06/18 06:18:00.258788, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2014/06/18 06:18:00.258813, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2014/06/18 06:18:00.258836, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2014/06/18 06:18:00.258860, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:00.258882, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2014/06/18 06:18:00.258918, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2014/06/18 06:18:00.258955, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2014/06/18 06:18:00.258981, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2014/06/18 06:18:00.259006, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2014/06/18 06:18:00.259029, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2014/06/18 06:18:00.259057, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:00.259080, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x463360 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2014/06/18 06:18:00.259130, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2014/06/18 06:18:00.259157, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2014/06/18 06:18:00.259182, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2014/06/18 06:18:00.259206, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2014/06/18 06:18:00.259231, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:00.259253, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x463360 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2014/06/18 06:18:00.259293, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2014/06/18 06:18:00.259319, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (8->9) [2014/06/18 06:18:00.259345, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2014/06/18 06:18:00.259368, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2014/06/18 06:18:00.259393, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:00.259416, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2014/06/18 06:18:00.259453, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2014/06/18 06:18:00.259490, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [print] [2014/06/18 06:18:00.259516, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (9->10) [2014/06/18 06:18:00.259541, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:00.259564, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:00.259590, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:00.259616, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:00.259658, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:00.259696, 10, pid=5732, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2014/06/18 06:18:00.259724, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (10->9) [2014/06/18 06:18:00.259748, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (9->8) [2014/06/18 06:18:00.259773, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2014/06/18 06:18:00.259797, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2014/06/18 06:18:00.259820, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2014/06/18 06:18:00.259844, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2014/06/18 06:18:00.259869, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 1E 00 00 00 00 00 00 00 A0 53 C0 E1 ........ .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:00.259917, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001e-0000-0000-a053-c0e164160000 result : WERR_OK [2014/06/18 06:18:00.260044, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001e-0000-0000-a053-c0e164160000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2014/06/18 06:18:00.260241, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1E 00 00 00 00 00 00 00 A0 53 C0 E1 ........ .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:00.260293, 7, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:00.260316, 7, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2014/06/18 06:18:00.260340, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print' (ops 0x6c4bc0) [2014/06/18 06:18:00.260364, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:00.260401, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2014/06/18 06:18:00.260428, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Description] len[2] [2014/06/18 06:18:00.260454, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[Datatype] len[8] [2014/06/18 06:18:00.260479, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[Default Priority] len[4] [2014/06/18 06:18:00.260504, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[Port] len[38] [2014/06/18 06:18:00.260529, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Name] len[12] [2014/06/18 06:18:00.260554, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[Print Processor] len[18] [2014/06/18 06:18:00.260580, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[7]: name[Priority] len[4] [2014/06/18 06:18:00.260605, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[8]: name[Security] len[176] [2014/06/18 06:18:00.260631, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[9]: name[Share Name] len[12] [2014/06/18 06:18:00.260656, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[10]: name[StartTime] len[4] [2014/06/18 06:18:00.260681, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[11]: name[UntilTime] len[4] [2014/06/18 06:18:00.260707, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[12]: name[ChangeID] len[4] [2014/06/18 06:18:00.260733, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2014/06/18 06:18:00.260863, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001e-0000-0000-a053-c0e164160000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x00000000 (0) [2014/06/18 06:18:00.261068, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1E 00 00 00 00 00 00 00 A0 53 C0 E1 ........ .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:00.261115, 7, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:00.261139, 7, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2014/06/18 06:18:00.261165, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(176) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0x7c (124) [55] : 0x00 (0) [56] : 0x05 (5) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x18 (24) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x02 (2) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x20 (32) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0x20 (32) [101] : 0x02 (2) [102] : 0x00 (0) [103] : 0x00 (0) [104] : 0x00 (0) [105] : 0x02 (2) [106] : 0x18 (24) [107] : 0x00 (0) [108] : 0x0c (12) [109] : 0x00 (0) [110] : 0x0f (15) [111] : 0x10 (16) [112] : 0x01 (1) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x00 (0) [118] : 0x00 (0) [119] : 0x05 (5) [120] : 0x20 (32) [121] : 0x00 (0) [122] : 0x00 (0) [123] : 0x00 (0) [124] : 0x20 (32) [125] : 0x02 (2) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x09 (9) [130] : 0x18 (24) [131] : 0x00 (0) [132] : 0x0c (12) [133] : 0x00 (0) [134] : 0x0f (15) [135] : 0x10 (16) [136] : 0x01 (1) [137] : 0x02 (2) [138] : 0x00 (0) [139] : 0x00 (0) [140] : 0x00 (0) [141] : 0x00 (0) [142] : 0x00 (0) [143] : 0x05 (5) [144] : 0x20 (32) [145] : 0x00 (0) [146] : 0x00 (0) [147] : 0x00 (0) [148] : 0x26 (38) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x02 (2) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x26 (38) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x000000b0 (176) result : WERR_OK [2014/06/18 06:18:00.262950, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001e-0000-0000-a053-c0e164160000 [2014/06/18 06:18:00.263028, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1E 00 00 00 00 00 00 00 A0 53 C0 E1 ........ .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:00.263076, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1E 00 00 00 00 00 00 00 A0 53 C0 E1 ........ .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:00.263123, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2014/06/18 06:18:00.263148, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2014/06/18 06:18:00.263172, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2014/06/18 06:18:00.263265, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001d-0000-0000-a053-c0e164160000 [2014/06/18 06:18:00.263340, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1D 00 00 00 00 00 00 00 A0 53 C0 E1 ........ .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:00.263388, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1D 00 00 00 00 00 00 00 A0 53 C0 E1 ........ .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:00.263435, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2014/06/18 06:18:00.263462, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2014/06/18 06:18:00.263486, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2014/06/18 06:18:00.263577, 10, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) Deleted handle list for RPC connection \winreg [2014/06/18 06:18:00.263608, 10, pid=5732, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x20020008 to 0x00020008 [2014/06/18 06:18:00.263632, 10, pid=5732, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2014/06/18 06:18:00.263655, 10, pid=5732, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2014/06/18 06:18:00.263678, 10, pid=5732, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2014/06/18 06:18:00.263700, 10, pid=5732, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2014/06/18 06:18:00.263724, 4, pid=5732, effective(99, 99), real(99, 0)] ../source3/printing/nt_printing.c:1844(print_access_check) access check was SUCCESS [2014/06/18 06:18:00.263749, 4, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:1921(_spoolss_OpenPrinterEx) Setting printer access = PRINTER_ACCESS_USE [2014/06/18 06:18:00.263815, 4, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) Create pipe requested \winreg [2014/06/18 06:18:00.263846, 10, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2014/06/18 06:18:00.263872, 10, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2014/06/18 06:18:00.263927, 4, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) Created internal pipe \winreg [2014/06/18 06:18:00.263963, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2014/06/18 06:18:00.264090, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2014/06/18 06:18:00.264115, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2014/06/18 06:18:00.264143, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2014/06/18 06:18:00.264166, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2014/06/18 06:18:00.264189, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:00.264212, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM] [2014/06/18 06:18:00.264253, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2014/06/18 06:18:00.264289, 10, pid=5732, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2014/06/18 06:18:00.264317, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 1F 00 00 00 00 00 00 00 A0 53 C0 E1 ........ .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:00.264366, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001f-0000-0000-a053-c0e164160000 result : WERR_OK [2014/06/18 06:18:00.264466, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001f-0000-0000-a053-c0e164160000 keyname: struct winreg_String name_len : 0x0084 (132) name_size : 0x0084 (132) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2014/06/18 06:18:00.264713, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1F 00 00 00 00 00 00 00 A0 53 C0 E1 ........ .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:00.264762, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2014/06/18 06:18:00.264786, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2014/06/18 06:18:00.264814, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2014/06/18 06:18:00.264837, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2014/06/18 06:18:00.264860, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:00.264882, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM\SOFTWARE] [2014/06/18 06:18:00.264925, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2014/06/18 06:18:00.264962, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2014/06/18 06:18:00.264988, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2014/06/18 06:18:00.265013, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2014/06/18 06:18:00.265036, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2014/06/18 06:18:00.265059, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:00.265082, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM\SOFTWARE\Microsoft] [2014/06/18 06:18:00.265119, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2014/06/18 06:18:00.265155, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2014/06/18 06:18:00.265181, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2014/06/18 06:18:00.265206, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2014/06/18 06:18:00.265229, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2014/06/18 06:18:00.265253, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:00.265275, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2014/06/18 06:18:00.265311, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2014/06/18 06:18:00.265347, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2014/06/18 06:18:00.265372, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2014/06/18 06:18:00.265401, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2014/06/18 06:18:00.265424, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2014/06/18 06:18:00.265448, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:00.265470, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x463360 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2014/06/18 06:18:00.265519, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2014/06/18 06:18:00.265545, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2014/06/18 06:18:00.265571, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2014/06/18 06:18:00.265594, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2014/06/18 06:18:00.265619, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:00.265641, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x463360 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2014/06/18 06:18:00.265680, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2014/06/18 06:18:00.265706, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (8->9) [2014/06/18 06:18:00.265732, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2014/06/18 06:18:00.265755, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2014/06/18 06:18:00.265780, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:00.265802, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2014/06/18 06:18:00.265839, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2014/06/18 06:18:00.265876, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [print] [2014/06/18 06:18:00.265901, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (9->10) [2014/06/18 06:18:00.265934, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:00.265958, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:00.265983, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:00.266005, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:00.266048, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:00.266085, 10, pid=5732, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2014/06/18 06:18:00.266111, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (10->9) [2014/06/18 06:18:00.266136, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (9->8) [2014/06/18 06:18:00.266160, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2014/06/18 06:18:00.266184, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2014/06/18 06:18:00.266207, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2014/06/18 06:18:00.266231, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2014/06/18 06:18:00.266255, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 20 00 00 00 00 00 00 00 A0 53 C0 E1 .... ... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:00.266302, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000020-0000-0000-a053-c0e164160000 result : WERR_OK [2014/06/18 06:18:00.266393, 2, pid=5732, effective(99, 99), real(99, 0)] ../source3/rpc_client/cli_winreg_spoolss.c:626(winreg_create_printer) winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print already exists [2014/06/18 06:18:00.266426, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000020-0000-0000-a053-c0e164160000 [2014/06/18 06:18:00.266504, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 20 00 00 00 00 00 00 00 A0 53 C0 E1 .... ... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:00.266553, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 20 00 00 00 00 00 00 00 A0 53 C0 E1 .... ... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:00.266599, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2014/06/18 06:18:00.266623, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2014/06/18 06:18:00.266646, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2014/06/18 06:18:00.266739, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001f-0000-0000-a053-c0e164160000 [2014/06/18 06:18:00.266813, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1F 00 00 00 00 00 00 00 A0 53 C0 E1 ........ .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:00.266861, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1F 00 00 00 00 00 00 00 A0 53 C0 E1 ........ .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:00.266907, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2014/06/18 06:18:00.266930, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2014/06/18 06:18:00.266961, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2014/06/18 06:18:00.267068, 10, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) Deleted handle list for RPC connection \winreg [2014/06/18 06:18:00.267097, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_OpenPrinter: struct spoolss_OpenPrinter out: struct spoolss_OpenPrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001c-0000-0000-a053-c0e164160000 result : WERR_OK [2014/06/18 06:18:00.267211, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_StartDocPrinter: struct spoolss_StartDocPrinter in: struct spoolss_StartDocPrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001c-0000-0000-a053-c0e164160000 info_ctr : * info_ctr: struct spoolss_DocumentInfoCtr level : 0x00000001 (1) info : union spoolss_DocumentInfo(case 1) info1 : * info1: struct spoolss_DocumentInfo1 document_name : * document_name : 'Remote Downlevel Document ' output_file : * output_file : '/var/spool/samba/smbprn.8PZICe' datatype : * datatype : 'RAW' [2014/06/18 06:18:00.267408, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1C 00 00 00 00 00 00 00 A0 53 C0 E1 ........ .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:00.267458, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1C 00 00 00 00 00 00 00 A0 53 C0 E1 ........ .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:00.267507, 4, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) short name:print [2014/06/18 06:18:00.267571, 4, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) Create pipe requested \winreg [2014/06/18 06:18:00.267604, 10, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2014/06/18 06:18:00.267630, 10, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2014/06/18 06:18:00.269431, 4, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) Created internal pipe \winreg [2014/06/18 06:18:00.269505, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2014/06/18 06:18:00.269660, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2014/06/18 06:18:00.269690, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2014/06/18 06:18:00.269720, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2014/06/18 06:18:00.269753, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2014/06/18 06:18:00.269782, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:00.269808, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM] [2014/06/18 06:18:00.269862, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2014/06/18 06:18:00.269904, 10, pid=5732, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2014/06/18 06:18:00.269937, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 21 00 00 00 00 00 00 00 A0 53 C0 E1 ....!... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:00.269994, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000021-0000-0000-a053-c0e164160000 result : WERR_OK [2014/06/18 06:18:00.270119, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000021-0000-0000-a053-c0e164160000 keyname: struct winreg_String name_len : 0x0084 (132) name_size : 0x0084 (132) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2014/06/18 06:18:00.270413, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 21 00 00 00 00 00 00 00 A0 53 C0 E1 ....!... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:00.270471, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2014/06/18 06:18:00.270500, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2014/06/18 06:18:00.270529, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2014/06/18 06:18:00.270565, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2014/06/18 06:18:00.270593, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:00.270619, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM\SOFTWARE] [2014/06/18 06:18:00.270669, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2014/06/18 06:18:00.270712, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2014/06/18 06:18:00.270742, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2014/06/18 06:18:00.270771, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2014/06/18 06:18:00.270798, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2014/06/18 06:18:00.270826, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:00.270852, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM\SOFTWARE\Microsoft] [2014/06/18 06:18:00.270896, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2014/06/18 06:18:00.270938, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2014/06/18 06:18:00.270967, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2014/06/18 06:18:00.270997, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2014/06/18 06:18:00.271024, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2014/06/18 06:18:00.271052, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:00.271078, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2014/06/18 06:18:00.271119, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2014/06/18 06:18:00.271161, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2014/06/18 06:18:00.271190, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2014/06/18 06:18:00.271220, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2014/06/18 06:18:00.271255, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2014/06/18 06:18:00.271284, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:00.271310, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x463360 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2014/06/18 06:18:00.271366, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2014/06/18 06:18:00.271397, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2014/06/18 06:18:00.271427, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2014/06/18 06:18:00.271454, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2014/06/18 06:18:00.271483, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:00.271509, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x463360 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2014/06/18 06:18:00.271553, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2014/06/18 06:18:00.271584, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (8->9) [2014/06/18 06:18:00.271613, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2014/06/18 06:18:00.271641, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2014/06/18 06:18:00.271670, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:00.271696, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2014/06/18 06:18:00.271738, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2014/06/18 06:18:00.271781, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [print] [2014/06/18 06:18:00.271810, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (9->10) [2014/06/18 06:18:00.271840, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:00.271871, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:00.271900, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:00.271926, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:00.271974, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:00.272016, 10, pid=5732, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2014/06/18 06:18:00.272047, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (10->9) [2014/06/18 06:18:00.272076, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (9->8) [2014/06/18 06:18:00.272104, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2014/06/18 06:18:00.272131, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2014/06/18 06:18:00.272159, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2014/06/18 06:18:00.272187, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2014/06/18 06:18:00.272215, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 22 00 00 00 00 00 00 00 A0 53 C0 E1 ...."... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:00.272269, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000022-0000-0000-a053-c0e164160000 result : WERR_OK [2014/06/18 06:18:00.272388, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000022-0000-0000-a053-c0e164160000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2014/06/18 06:18:00.272619, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 22 00 00 00 00 00 00 00 A0 53 C0 E1 ...."... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:00.272674, 7, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:00.272701, 7, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2014/06/18 06:18:00.272729, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print' (ops 0x6c4bc0) [2014/06/18 06:18:00.272757, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:00.272800, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2014/06/18 06:18:00.272831, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Description] len[2] [2014/06/18 06:18:00.272860, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[Datatype] len[8] [2014/06/18 06:18:00.272890, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[Default Priority] len[4] [2014/06/18 06:18:00.272919, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[Port] len[38] [2014/06/18 06:18:00.272948, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Name] len[12] [2014/06/18 06:18:00.272977, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[Print Processor] len[18] [2014/06/18 06:18:00.273007, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[7]: name[Priority] len[4] [2014/06/18 06:18:00.273042, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[8]: name[Security] len[176] [2014/06/18 06:18:00.273070, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[9]: name[Share Name] len[12] [2014/06/18 06:18:00.273098, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[10]: name[StartTime] len[4] [2014/06/18 06:18:00.273127, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[11]: name[UntilTime] len[4] [2014/06/18 06:18:00.273157, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[12]: name[ChangeID] len[4] [2014/06/18 06:18:00.273186, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2014/06/18 06:18:00.273324, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000022-0000-0000-a053-c0e164160000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x00000000 (0) [2014/06/18 06:18:00.273548, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 22 00 00 00 00 00 00 00 A0 53 C0 E1 ...."... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:00.273600, 7, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:00.273626, 7, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2014/06/18 06:18:00.273655, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(176) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0x7c (124) [55] : 0x00 (0) [56] : 0x05 (5) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x18 (24) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x02 (2) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x20 (32) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0x20 (32) [101] : 0x02 (2) [102] : 0x00 (0) [103] : 0x00 (0) [104] : 0x00 (0) [105] : 0x02 (2) [106] : 0x18 (24) [107] : 0x00 (0) [108] : 0x0c (12) [109] : 0x00 (0) [110] : 0x0f (15) [111] : 0x10 (16) [112] : 0x01 (1) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x00 (0) [118] : 0x00 (0) [119] : 0x05 (5) [120] : 0x20 (32) [121] : 0x00 (0) [122] : 0x00 (0) [123] : 0x00 (0) [124] : 0x20 (32) [125] : 0x02 (2) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x09 (9) [130] : 0x18 (24) [131] : 0x00 (0) [132] : 0x0c (12) [133] : 0x00 (0) [134] : 0x0f (15) [135] : 0x10 (16) [136] : 0x01 (1) [137] : 0x02 (2) [138] : 0x00 (0) [139] : 0x00 (0) [140] : 0x00 (0) [141] : 0x00 (0) [142] : 0x00 (0) [143] : 0x05 (5) [144] : 0x20 (32) [145] : 0x00 (0) [146] : 0x00 (0) [147] : 0x00 (0) [148] : 0x26 (38) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x02 (2) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x26 (38) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x000000b0 (176) result : WERR_OK [2014/06/18 06:18:00.275652, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000022-0000-0000-a053-c0e164160000 [2014/06/18 06:18:00.275737, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 22 00 00 00 00 00 00 00 A0 53 C0 E1 ...."... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:00.275789, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 22 00 00 00 00 00 00 00 A0 53 C0 E1 ...."... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:00.275838, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2014/06/18 06:18:00.275866, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2014/06/18 06:18:00.275893, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2014/06/18 06:18:00.275995, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000021-0000-0000-a053-c0e164160000 [2014/06/18 06:18:00.276078, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 21 00 00 00 00 00 00 00 A0 53 C0 E1 ....!... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:00.276133, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 21 00 00 00 00 00 00 00 A0 53 C0 E1 ....!... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:00.276183, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2014/06/18 06:18:00.276209, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2014/06/18 06:18:00.276235, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2014/06/18 06:18:00.276334, 10, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) Deleted handle list for RPC connection \winreg [2014/06/18 06:18:00.276367, 10, pid=5732, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x20020008 to 0x00020008 [2014/06/18 06:18:00.276393, 10, pid=5732, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2014/06/18 06:18:00.276419, 10, pid=5732, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2014/06/18 06:18:00.276444, 10, pid=5732, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2014/06/18 06:18:00.276469, 10, pid=5732, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2014/06/18 06:18:00.276495, 4, pid=5732, effective(99, 99), real(99, 0)] ../source3/printing/nt_printing.c:1844(print_access_check) access check was SUCCESS [2014/06/18 06:18:00.276550, 4, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) Create pipe requested \winreg [2014/06/18 06:18:00.276584, 10, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2014/06/18 06:18:00.276612, 10, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2014/06/18 06:18:00.276664, 4, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) Created internal pipe \winreg [2014/06/18 06:18:00.276705, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2014/06/18 06:18:00.276846, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2014/06/18 06:18:00.276876, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2014/06/18 06:18:00.276904, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2014/06/18 06:18:00.276929, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2014/06/18 06:18:00.276955, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:00.276979, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM] [2014/06/18 06:18:00.277022, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2014/06/18 06:18:00.277061, 10, pid=5732, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0x20019, remaining = 0x20019 [2014/06/18 06:18:00.277091, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 23 00 00 00 00 00 00 00 A0 53 C0 E1 ....#... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:00.277144, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000023-0000-0000-a053-c0e164160000 result : WERR_OK [2014/06/18 06:18:00.277252, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000023-0000-0000-a053-c0e164160000 keyname: struct winreg_String name_len : 0x0084 (132) name_size : 0x0084 (132) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2014/06/18 06:18:00.277528, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 23 00 00 00 00 00 00 00 A0 53 C0 E1 ....#... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:00.277585, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2014/06/18 06:18:00.277612, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2014/06/18 06:18:00.277640, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2014/06/18 06:18:00.277665, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2014/06/18 06:18:00.277691, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:00.277716, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM\SOFTWARE] [2014/06/18 06:18:00.277761, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2014/06/18 06:18:00.277801, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2014/06/18 06:18:00.277830, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2014/06/18 06:18:00.277858, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2014/06/18 06:18:00.277883, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2014/06/18 06:18:00.277909, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:00.277934, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM\SOFTWARE\Microsoft] [2014/06/18 06:18:00.277976, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2014/06/18 06:18:00.278016, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2014/06/18 06:18:00.278044, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2014/06/18 06:18:00.278072, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2014/06/18 06:18:00.278097, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2014/06/18 06:18:00.278124, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:00.278149, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2014/06/18 06:18:00.278188, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2014/06/18 06:18:00.278227, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2014/06/18 06:18:00.278259, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2014/06/18 06:18:00.278287, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2014/06/18 06:18:00.278312, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2014/06/18 06:18:00.278339, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:00.278364, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x463360 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2014/06/18 06:18:00.278416, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2014/06/18 06:18:00.278445, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2014/06/18 06:18:00.278473, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2014/06/18 06:18:00.278499, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2014/06/18 06:18:00.278526, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:00.278558, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x463360 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2014/06/18 06:18:00.278609, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2014/06/18 06:18:00.278653, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (8->9) [2014/06/18 06:18:00.278682, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2014/06/18 06:18:00.278707, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2014/06/18 06:18:00.278735, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:00.278759, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2014/06/18 06:18:00.278799, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2014/06/18 06:18:00.278839, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [print] [2014/06/18 06:18:00.278871, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (9->10) [2014/06/18 06:18:00.278899, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:00.278925, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:00.278952, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:00.278977, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:00.279022, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:00.279063, 10, pid=5732, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0x20019, remaining = 0x20019 [2014/06/18 06:18:00.279094, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (10->9) [2014/06/18 06:18:00.279121, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (9->8) [2014/06/18 06:18:00.279148, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2014/06/18 06:18:00.279173, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2014/06/18 06:18:00.279200, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2014/06/18 06:18:00.279225, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2014/06/18 06:18:00.279252, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 A0 53 C0 E1 ....$... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:00.279303, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000024-0000-0000-a053-c0e164160000 result : WERR_OK [2014/06/18 06:18:00.279410, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey in: struct winreg_QueryInfoKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000024-0000-0000-a053-c0e164160000 classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL [2014/06/18 06:18:00.279548, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 A0 53 C0 E1 ....$... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:00.279603, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print' (ops 0x6c4bc0) [2014/06/18 06:18:00.279630, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:00.279669, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2014/06/18 06:18:00.279698, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Description] len[2] [2014/06/18 06:18:00.279726, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[Datatype] len[8] [2014/06/18 06:18:00.279754, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[Default Priority] len[4] [2014/06/18 06:18:00.279781, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[Port] len[38] [2014/06/18 06:18:00.279809, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Name] len[12] [2014/06/18 06:18:00.279837, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[Print Processor] len[18] [2014/06/18 06:18:00.279865, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[7]: name[Priority] len[4] [2014/06/18 06:18:00.279893, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[8]: name[Security] len[176] [2014/06/18 06:18:00.279920, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[9]: name[Share Name] len[12] [2014/06/18 06:18:00.279948, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[10]: name[StartTime] len[4] [2014/06/18 06:18:00.279976, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[11]: name[UntilTime] len[4] [2014/06/18 06:18:00.280004, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[12]: name[ChangeID] len[4] [2014/06/18 06:18:00.280031, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:00.280073, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey out: struct winreg_QueryInfoKey classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL num_subkeys : * num_subkeys : 0x00000003 (3) max_subkeylen : * max_subkeylen : 0x00000022 (34) max_classlen : * max_classlen : 0x00000000 (0) num_values : * num_values : 0x0000000d (13) max_valnamelen : * max_valnamelen : 0x00000022 (34) max_valbufsize : * max_valbufsize : 0x000000b0 (176) secdescsize : * secdescsize : 0x00000078 (120) last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2014/06/18 06:18:00.280353, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000024-0000-0000-a053-c0e164160000 enum_index : 0x00000000 (0) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000b0 (176) length : * length : 0x00000000 (0) [2014/06/18 06:18:00.280587, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 A0 53 C0 E1 ....$... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:00.280639, 8, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:00.280668, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Attributes' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x48 (72) [1] : 0x10 (16) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2014/06/18 06:18:00.280966, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000024-0000-0000-a053-c0e164160000 enum_index : 0x00000001 (1) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000b0 (176) length : * length : 0x00000000 (0) [2014/06/18 06:18:00.281200, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 A0 53 C0 E1 ....$... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:00.281251, 8, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:00.281279, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0018 (24) size : 0x0024 (36) name : * name : 'Description' type : * type : REG_SZ (1) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2014/06/18 06:18:00.281508, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000024-0000-0000-a053-c0e164160000 enum_index : 0x00000002 (2) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000b0 (176) length : * length : 0x00000000 (0) [2014/06/18 06:18:00.281746, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 A0 53 C0 E1 ....$... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:00.281796, 8, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:00.281824, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Datatype' type : * type : REG_SZ (1) value : * value: ARRAY(8) [0] : 0x52 (82) [1] : 0x00 (0) [2] : 0x41 (65) [3] : 0x00 (0) [4] : 0x57 (87) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) size : * size : 0x00000008 (8) length : * length : 0x00000008 (8) result : WERR_OK [2014/06/18 06:18:00.282111, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000024-0000-0000-a053-c0e164160000 enum_index : 0x00000003 (3) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000b0 (176) length : * length : 0x00000000 (0) [2014/06/18 06:18:00.282343, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 A0 53 C0 E1 ....$... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:00.282394, 8, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:00.282425, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0022 (34) size : 0x0024 (36) name : * name : 'Default Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2014/06/18 06:18:00.282674, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000024-0000-0000-a053-c0e164160000 enum_index : 0x00000004 (4) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000b0 (176) length : * length : 0x00000000 (0) [2014/06/18 06:18:00.282907, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 A0 53 C0 E1 ....$... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:00.282957, 8, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:00.282985, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Port' type : * type : REG_SZ (1) value : * value: ARRAY(38) [0] : 0x53 (83) [1] : 0x00 (0) [2] : 0x61 (97) [3] : 0x00 (0) [4] : 0x6d (109) [5] : 0x00 (0) [6] : 0x62 (98) [7] : 0x00 (0) [8] : 0x61 (97) [9] : 0x00 (0) [10] : 0x20 (32) [11] : 0x00 (0) [12] : 0x50 (80) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x69 (105) [17] : 0x00 (0) [18] : 0x6e (110) [19] : 0x00 (0) [20] : 0x74 (116) [21] : 0x00 (0) [22] : 0x65 (101) [23] : 0x00 (0) [24] : 0x72 (114) [25] : 0x00 (0) [26] : 0x20 (32) [27] : 0x00 (0) [28] : 0x50 (80) [29] : 0x00 (0) [30] : 0x6f (111) [31] : 0x00 (0) [32] : 0x72 (114) [33] : 0x00 (0) [34] : 0x74 (116) [35] : 0x00 (0) [36] : 0x00 (0) [37] : 0x00 (0) size : * size : 0x00000026 (38) length : * length : 0x00000026 (38) result : WERR_OK [2014/06/18 06:18:00.285083, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000024-0000-0000-a053-c0e164160000 enum_index : 0x00000005 (5) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000b0 (176) length : * length : 0x00000000 (0) [2014/06/18 06:18:00.285308, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 A0 53 C0 E1 ....$... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:00.285358, 8, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:00.285386, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Name' type : * type : REG_SZ (1) value : * value: ARRAY(12) [0] : 0x70 (112) [1] : 0x00 (0) [2] : 0x72 (114) [3] : 0x00 (0) [4] : 0x69 (105) [5] : 0x00 (0) [6] : 0x6e (110) [7] : 0x00 (0) [8] : 0x74 (116) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) size : * size : 0x0000000c (12) length : * length : 0x0000000c (12) result : WERR_OK [2014/06/18 06:18:00.285697, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000024-0000-0000-a053-c0e164160000 enum_index : 0x00000006 (6) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000b0 (176) length : * length : 0x00000000 (0) [2014/06/18 06:18:00.285917, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 A0 53 C0 E1 ....$... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:00.285967, 8, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:00.285993, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0020 (32) size : 0x0024 (36) name : * name : 'Print Processor' type : * type : REG_SZ (1) value : * value: ARRAY(18) [0] : 0x77 (119) [1] : 0x00 (0) [2] : 0x69 (105) [3] : 0x00 (0) [4] : 0x6e (110) [5] : 0x00 (0) [6] : 0x70 (112) [7] : 0x00 (0) [8] : 0x72 (114) [9] : 0x00 (0) [10] : 0x69 (105) [11] : 0x00 (0) [12] : 0x6e (110) [13] : 0x00 (0) [14] : 0x74 (116) [15] : 0x00 (0) [16] : 0x00 (0) [17] : 0x00 (0) size : * size : 0x00000012 (18) length : * length : 0x00000012 (18) result : WERR_OK [2014/06/18 06:18:00.286360, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000024-0000-0000-a053-c0e164160000 enum_index : 0x00000007 (7) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000b0 (176) length : * length : 0x00000000 (0) [2014/06/18 06:18:00.286579, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 A0 53 C0 E1 ....$... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:00.286627, 8, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:00.286654, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2014/06/18 06:18:00.286894, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000024-0000-0000-a053-c0e164160000 enum_index : 0x00000008 (8) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000b0 (176) length : * length : 0x00000000 (0) [2014/06/18 06:18:00.287113, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 A0 53 C0 E1 ....$... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:00.287164, 8, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:00.287191, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Security' type : * type : REG_BINARY (3) value : * value: ARRAY(176) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0x7c (124) [55] : 0x00 (0) [56] : 0x05 (5) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x18 (24) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x02 (2) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x20 (32) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0x20 (32) [101] : 0x02 (2) [102] : 0x00 (0) [103] : 0x00 (0) [104] : 0x00 (0) [105] : 0x02 (2) [106] : 0x18 (24) [107] : 0x00 (0) [108] : 0x0c (12) [109] : 0x00 (0) [110] : 0x0f (15) [111] : 0x10 (16) [112] : 0x01 (1) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x00 (0) [118] : 0x00 (0) [119] : 0x05 (5) [120] : 0x20 (32) [121] : 0x00 (0) [122] : 0x00 (0) [123] : 0x00 (0) [124] : 0x20 (32) [125] : 0x02 (2) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x09 (9) [130] : 0x18 (24) [131] : 0x00 (0) [132] : 0x0c (12) [133] : 0x00 (0) [134] : 0x0f (15) [135] : 0x10 (16) [136] : 0x01 (1) [137] : 0x02 (2) [138] : 0x00 (0) [139] : 0x00 (0) [140] : 0x00 (0) [141] : 0x00 (0) [142] : 0x00 (0) [143] : 0x05 (5) [144] : 0x20 (32) [145] : 0x00 (0) [146] : 0x00 (0) [147] : 0x00 (0) [148] : 0x26 (38) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x02 (2) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x26 (38) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) size : * size : 0x000000b0 (176) length : * length : 0x000000b0 (176) result : WERR_OK [2014/06/18 06:18:00.289175, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000024-0000-0000-a053-c0e164160000 enum_index : 0x00000009 (9) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000b0 (176) length : * length : 0x00000000 (0) [2014/06/18 06:18:00.289390, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 A0 53 C0 E1 ....$... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:00.289439, 8, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:00.289465, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Share Name' type : * type : REG_SZ (1) value : * value: ARRAY(12) [0] : 0x70 (112) [1] : 0x00 (0) [2] : 0x72 (114) [3] : 0x00 (0) [4] : 0x69 (105) [5] : 0x00 (0) [6] : 0x6e (110) [7] : 0x00 (0) [8] : 0x74 (116) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) size : * size : 0x0000000c (12) length : * length : 0x0000000c (12) result : WERR_OK [2014/06/18 06:18:00.289785, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000024-0000-0000-a053-c0e164160000 enum_index : 0x0000000a (10) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000b0 (176) length : * length : 0x00000000 (0) [2014/06/18 06:18:00.289998, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 A0 53 C0 E1 ....$... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:00.290046, 8, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:00.290073, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'StartTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2014/06/18 06:18:00.290311, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000024-0000-0000-a053-c0e164160000 enum_index : 0x0000000b (11) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000b0 (176) length : * length : 0x00000000 (0) [2014/06/18 06:18:00.290527, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 A0 53 C0 E1 ....$... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:00.290575, 8, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:00.290601, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'UntilTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2014/06/18 06:18:00.290834, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000024-0000-0000-a053-c0e164160000 enum_index : 0x0000000c (12) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000b0 (176) length : * length : 0x00000000 (0) [2014/06/18 06:18:00.291047, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 A0 53 C0 E1 ....$... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:00.291095, 8, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:00.291124, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'ChangeID' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x5e (94) [1] : 0x01 (1) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2014/06/18 06:18:00.291380, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000024-0000-0000-a053-c0e164160000 value_name : * value_name: struct winreg_String name_len : 0x0020 (32) name_size : 0x0020 (32) name : * name : 'Default DevMode' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2014/06/18 06:18:00.291575, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 A0 53 C0 E1 ....$... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:00.291623, 7, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:00.291647, 7, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2014/06/18 06:18:00.291673, 10, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:316(_winreg_QueryValue) _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE [2014/06/18 06:18:00.291697, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) result : WERR_BADFILE [2014/06/18 06:18:00.291828, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2014/06/18 06:18:00.291958, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2014/06/18 06:18:00.291983, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2014/06/18 06:18:00.292008, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2014/06/18 06:18:00.292032, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2014/06/18 06:18:00.292055, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:00.292078, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM] [2014/06/18 06:18:00.292120, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2014/06/18 06:18:00.292158, 10, pid=5732, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0x20019, remaining = 0x20019 [2014/06/18 06:18:00.292186, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 25 00 00 00 00 00 00 00 A0 53 C0 E1 ....%... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:00.292235, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000025-0000-0000-a053-c0e164160000 result : WERR_OK [2014/06/18 06:18:00.292335, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000025-0000-0000-a053-c0e164160000 keyname: struct winreg_String name_len : 0x0084 (132) name_size : 0x0084 (132) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2014/06/18 06:18:00.292589, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 25 00 00 00 00 00 00 00 A0 53 C0 E1 ....%... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:00.292638, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2014/06/18 06:18:00.292662, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2014/06/18 06:18:00.292687, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2014/06/18 06:18:00.292710, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2014/06/18 06:18:00.292734, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:00.292757, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM\SOFTWARE] [2014/06/18 06:18:00.292800, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2014/06/18 06:18:00.292837, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2014/06/18 06:18:00.292863, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2014/06/18 06:18:00.292888, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2014/06/18 06:18:00.292911, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2014/06/18 06:18:00.292935, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:00.292957, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM\SOFTWARE\Microsoft] [2014/06/18 06:18:00.292996, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2014/06/18 06:18:00.293033, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2014/06/18 06:18:00.293059, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2014/06/18 06:18:00.293084, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2014/06/18 06:18:00.293110, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2014/06/18 06:18:00.293134, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:00.293156, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2014/06/18 06:18:00.293193, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2014/06/18 06:18:00.293231, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2014/06/18 06:18:00.293257, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (8->9) [2014/06/18 06:18:00.293283, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2014/06/18 06:18:00.293306, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2014/06/18 06:18:00.293331, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:00.293353, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x463360 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2014/06/18 06:18:00.293404, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2014/06/18 06:18:00.293431, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (9->10) [2014/06/18 06:18:00.293457, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2014/06/18 06:18:00.293480, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2014/06/18 06:18:00.293506, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:00.293529, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x463360 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2014/06/18 06:18:00.293569, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2014/06/18 06:18:00.293595, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (10->11) [2014/06/18 06:18:00.293621, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2014/06/18 06:18:00.293646, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2014/06/18 06:18:00.293674, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:00.293698, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2014/06/18 06:18:00.293735, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2014/06/18 06:18:00.293774, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [print] [2014/06/18 06:18:00.293800, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (11->12) [2014/06/18 06:18:00.293825, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:00.293849, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:00.293874, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:00.293896, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:00.293939, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:00.293977, 10, pid=5732, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0x20019, remaining = 0x20019 [2014/06/18 06:18:00.294005, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (12->11) [2014/06/18 06:18:00.294030, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (11->10) [2014/06/18 06:18:00.294054, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (10->9) [2014/06/18 06:18:00.294078, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (9->8) [2014/06/18 06:18:00.294102, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2014/06/18 06:18:00.294126, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2014/06/18 06:18:00.294151, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[4] [0000] 00 00 00 00 26 00 00 00 00 00 00 00 A0 53 C0 E1 ....&... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:00.294198, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000026-0000-0000-a053-c0e164160000 result : WERR_OK [2014/06/18 06:18:00.294301, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000026-0000-0000-a053-c0e164160000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2014/06/18 06:18:00.294494, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 26 00 00 00 00 00 00 00 A0 53 C0 E1 ....&... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:00.294541, 7, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:00.294565, 7, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2014/06/18 06:18:00.294589, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print' (ops 0x6c4bc0) [2014/06/18 06:18:00.294613, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:00.294650, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2014/06/18 06:18:00.294676, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Description] len[2] [2014/06/18 06:18:00.294702, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[Datatype] len[8] [2014/06/18 06:18:00.294727, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[Default Priority] len[4] [2014/06/18 06:18:00.294752, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[Port] len[38] [2014/06/18 06:18:00.294777, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Name] len[12] [2014/06/18 06:18:00.294802, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[Print Processor] len[18] [2014/06/18 06:18:00.294831, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[7]: name[Priority] len[4] [2014/06/18 06:18:00.294856, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[8]: name[Security] len[176] [2014/06/18 06:18:00.294881, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[9]: name[Share Name] len[12] [2014/06/18 06:18:00.294907, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[10]: name[StartTime] len[4] [2014/06/18 06:18:00.294932, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[11]: name[UntilTime] len[4] [2014/06/18 06:18:00.294957, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[12]: name[ChangeID] len[4] [2014/06/18 06:18:00.294982, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2014/06/18 06:18:00.295105, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000026-0000-0000-a053-c0e164160000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x00000000 (0) [2014/06/18 06:18:00.295310, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 26 00 00 00 00 00 00 00 A0 53 C0 E1 ....&... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:00.295357, 7, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:00.295381, 7, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2014/06/18 06:18:00.295407, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(176) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0x7c (124) [55] : 0x00 (0) [56] : 0x05 (5) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x18 (24) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x02 (2) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x20 (32) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0x20 (32) [101] : 0x02 (2) [102] : 0x00 (0) [103] : 0x00 (0) [104] : 0x00 (0) [105] : 0x02 (2) [106] : 0x18 (24) [107] : 0x00 (0) [108] : 0x0c (12) [109] : 0x00 (0) [110] : 0x0f (15) [111] : 0x10 (16) [112] : 0x01 (1) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x00 (0) [118] : 0x00 (0) [119] : 0x05 (5) [120] : 0x20 (32) [121] : 0x00 (0) [122] : 0x00 (0) [123] : 0x00 (0) [124] : 0x20 (32) [125] : 0x02 (2) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x09 (9) [130] : 0x18 (24) [131] : 0x00 (0) [132] : 0x0c (12) [133] : 0x00 (0) [134] : 0x0f (15) [135] : 0x10 (16) [136] : 0x01 (1) [137] : 0x02 (2) [138] : 0x00 (0) [139] : 0x00 (0) [140] : 0x00 (0) [141] : 0x00 (0) [142] : 0x00 (0) [143] : 0x05 (5) [144] : 0x20 (32) [145] : 0x00 (0) [146] : 0x00 (0) [147] : 0x00 (0) [148] : 0x26 (38) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x02 (2) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x26 (38) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x000000b0 (176) result : WERR_OK [2014/06/18 06:18:00.297144, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000026-0000-0000-a053-c0e164160000 [2014/06/18 06:18:00.297221, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 26 00 00 00 00 00 00 00 A0 53 C0 E1 ....&... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:00.297269, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 26 00 00 00 00 00 00 00 A0 53 C0 E1 ....&... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:00.297315, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2014/06/18 06:18:00.297341, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2014/06/18 06:18:00.297369, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2014/06/18 06:18:00.297462, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000025-0000-0000-a053-c0e164160000 [2014/06/18 06:18:00.297537, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 25 00 00 00 00 00 00 00 A0 53 C0 E1 ....%... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:00.297584, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 25 00 00 00 00 00 00 00 A0 53 C0 E1 ....%... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:00.297630, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2014/06/18 06:18:00.297654, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2014/06/18 06:18:00.297677, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2014/06/18 06:18:00.297771, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000024-0000-0000-a053-c0e164160000 [2014/06/18 06:18:00.297847, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 A0 53 C0 E1 ....$... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:00.297894, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 A0 53 C0 E1 ....$... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:00.297940, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2014/06/18 06:18:00.297966, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2014/06/18 06:18:00.297990, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2014/06/18 06:18:00.298085, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000023-0000-0000-a053-c0e164160000 [2014/06/18 06:18:00.298159, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 23 00 00 00 00 00 00 00 A0 53 C0 E1 ....#... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:00.298208, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 23 00 00 00 00 00 00 00 A0 53 C0 E1 ....#... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:00.298255, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2014/06/18 06:18:00.298279, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2014/06/18 06:18:00.298302, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2014/06/18 06:18:00.298394, 10, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) Deleted handle list for RPC connection \winreg [2014/06/18 06:18:00.298441, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:2805(print_job_start) print_job_start: Queue print number of jobs (1), max printjobs = 1000 [2014/06/18 06:18:00.298473, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:2573(allocate_print_jobid) allocate_print_jobid: Read jobid 40 from print [2014/06/18 06:18:00.298524, 3, pid=5732, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:2737(print_job_spool_file) print_job_spool_file:External spooling activated [2014/06/18 06:18:00.298563, 5, pid=5732, effective(99, 99), real(99, 0)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) send_spoolss_notify2_msg: appending message 0x01/0x10 for printer print to notify_queue_head [2014/06/18 06:18:00.298591, 5, pid=5732, effective(99, 99), real(99, 0)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) send_spoolss_notify2_msg: appending message 0x01/0x03 for printer print to notify_queue_head [2014/06/18 06:18:00.298616, 5, pid=5732, effective(99, 99), real(99, 0)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) send_spoolss_notify2_msg: appending message 0x01/0x0d for printer print to notify_queue_head [2014/06/18 06:18:00.298641, 5, pid=5732, effective(99, 99), real(99, 0)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) send_spoolss_notify2_msg: appending message 0x01/0x0a for printer print to notify_queue_head [2014/06/18 06:18:00.298666, 5, pid=5732, effective(99, 99), real(99, 0)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) send_spoolss_notify2_msg: appending message 0x01/0x16 for printer print to notify_queue_head [2014/06/18 06:18:00.298693, 5, pid=5732, effective(99, 99), real(99, 0)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) send_spoolss_notify2_msg: appending message 0x01/0x14 for printer print to notify_queue_head [2014/06/18 06:18:00.298717, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:2637(add_to_jobs_added) add_to_jobs_added: Added jobid 41 [2014/06/18 06:18:00.298747, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_StartDocPrinter: struct spoolss_StartDocPrinter out: struct spoolss_StartDocPrinter job_id : * job_id : 0x00000029 (41) result : WERR_OK [2014/06/18 06:18:00.298819, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:79(pjobid_to_rap) pjobid_to_rap: called. [2014/06/18 06:18:00.298849, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:114(pjobid_to_rap) pjobid_to_rap: created jobid 41 maps to RAP jobid 2 [2014/06/18 06:18:00.299091, 8, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/dosmode.c:631(dos_mode) dos_mode: /var/spool/samba/smbprn.8PZICe [2014/06/18 06:18:00.299124, 8, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/dosmode.c:204(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2014/06/18 06:18:00.299158, 8, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/dosmode.c:682(dos_mode) dos_mode returning [2014/06/18 06:18:00.299200, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/smb2_create.c:1052(smbd_smb2_create_send) smbd_smb2_create_send: /var/spool/samba/smbprn.8PZICe - fnum 2755515169 [2014/06/18 06:18:00.299232, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/smb2_server.c:2499(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[88] dyn[yes:0] at ../source3/smbd/smb2_create.c:369 [2014/06/18 06:18:00.299260, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/smb2_server.c:874(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 482/512, total granted/max/low/range 31/8192/7/31 [2014/06/18 06:18:00.300654, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/smb2_server.c:3241(smbd_smb2_io_handler) smbd_smb2_request idx[1] of 5 vectors [2014/06/18 06:18:00.300703, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/smb2_server.c:621(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 7 (position 7) from bitmap [2014/06/18 06:18:00.300733, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/smb2_server.c:1878(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_WRITE] mid = 7 [2014/06/18 06:18:00.300766, 4, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2014/06/18 06:18:00.300807, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/smb2_server.c:1780(smbd_smb2_request_verify_creditcharge) mid 7, CreditCharge: 1, NeededCharge: 1 [2014/06/18 06:18:00.300835, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/smb2_write.c:271(smbd_smb2_write_send) smbd_smb2_write: /var/spool/samba/smbprn.qh7n1O - fnum 2792954035 [2014/06/18 06:18:00.300872, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/aio.c:848(schedule_aio_smb2_write) smb2: write size (65536) too small for minimum aio_write of 0 [2014/06/18 06:18:00.300912, 5, pid=5732, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:187(dbwrap_check_lock_order) check lock order 2 for /usr/local/samba/var/lock/brlock.tdb [2014/06/18 06:18:00.300938, 10, pid=5732, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1: 2:/usr/local/samba/var/lock/brlock.tdb 3: [2014/06/18 06:18:00.300967, 10, pid=5732, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Locking key 00FD000000000000877A [2014/06/18 06:18:00.301005, 10, pid=5732, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) Allocated locked data 0x0xb65a3c58 [2014/06/18 06:18:00.301038, 10, pid=5732, effective(99, 99), real(99, 0), class=locking] ../source3/locking/brlock.c:2009(brl_get_locks_internal) brl_get_locks_internal: 0 current locks on file_id fd00:167a87:0 [2014/06/18 06:18:00.301075, 10, pid=5732, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Unlocking key 00FD000000000000877A [2014/06/18 06:18:00.301103, 5, pid=5732, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) release lock order 2 for /usr/local/samba/var/lock/brlock.tdb [2014/06/18 06:18:00.301127, 10, pid=5732, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1: 2: 3: [2014/06/18 06:18:00.301170, 10, pid=5732, effective(99, 99), real(99, 0), class=locking] ../source3/locking/posix.c:294(is_posix_locked) is_posix_locked: File /var/spool/samba/smbprn.qh7n1O, offset = 0, count = 65536, type = WRITE [2014/06/18 06:18:00.301214, 10, pid=5732, effective(99, 99), real(99, 0), class=locking] ../source3/locking/posix.c:164(posix_lock_in_range) posix_lock_in_range: offset_out = 0, count_out = 65536 [2014/06/18 06:18:00.301241, 8, pid=5732, effective(99, 99), real(99, 0), class=locking] ../source3/locking/posix.c:243(posix_fcntl_getlock) posix_fcntl_getlock 11 0 65536 1 [2014/06/18 06:18:00.301271, 8, pid=5732, effective(99, 99), real(99, 0), class=locking] ../source3/lib/util.c:1144(fcntl_getlock) fcntl_getlock fd=11 offset=0 count=65536 type=1 [2014/06/18 06:18:00.301301, 3, pid=5732, effective(99, 99), real(99, 0), class=locking] ../source3/lib/util.c:1168(fcntl_getlock) fcntl_getlock: fd 11 is returned info 2 pid 0 [2014/06/18 06:18:00.301326, 8, pid=5732, effective(99, 99), real(99, 0), class=locking] ../source3/locking/posix.c:273(posix_fcntl_getlock) posix_fcntl_getlock: Lock query call successful [2014/06/18 06:18:00.301350, 10, pid=5732, effective(99, 99), real(99, 0), class=locking] ../source3/locking/brlock.c:1321(brl_locktest) brl_locktest: posix start=0 len=65536 unlocked for fnum 2792954035 file /var/spool/samba/smbprn.qh7n1O [2014/06/18 06:18:00.301380, 10, pid=5732, effective(99, 99), real(99, 0), class=locking] ../source3/locking/locking.c:161(strict_lock_default) strict_lock_default: flavour = WINDOWS_LOCK brl start=0 len=65536 unlocked for fnum 2792954035 file /var/spool/samba/smbprn.qh7n1O [2014/06/18 06:18:00.301466, 3, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/smb2_write.c:198(smb2_write_complete_internal) smb2: fnum 2792954035, file /var/spool/samba/smbprn.qh7n1O, length=65536 offset=0 wrote=65536 [2014/06/18 06:18:00.301506, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/smb2_write.c:357(smbd_smb2_write_send) smb2: write on file /var/spool/samba/smbprn.qh7n1O, offset 0, requested 65536, written = 65536 [2014/06/18 06:18:00.301541, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/smb2_server.c:2499(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[16] dyn[yes:0] at ../source3/smbd/smb2_write.c:150 [2014/06/18 06:18:00.301570, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/smb2_server.c:874(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 482/512, total granted/max/low/range 31/8192/8/31 [2014/06/18 06:18:00.302269, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/smb2_server.c:3241(smbd_smb2_io_handler) smbd_smb2_request idx[1] of 5 vectors [2014/06/18 06:18:00.302307, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/smb2_server.c:621(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 8 (position 8) from bitmap [2014/06/18 06:18:00.302337, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/smb2_server.c:1878(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_WRITE] mid = 8 [2014/06/18 06:18:00.302372, 4, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2014/06/18 06:18:00.302403, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/smb2_server.c:1780(smbd_smb2_request_verify_creditcharge) mid 8, CreditCharge: 1, NeededCharge: 1 [2014/06/18 06:18:00.302432, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/smb2_write.c:271(smbd_smb2_write_send) smbd_smb2_write: /var/spool/samba/smbprn.qh7n1O - fnum 2792954035 [2014/06/18 06:18:00.302463, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/aio.c:848(schedule_aio_smb2_write) smb2: write size (65536) too small for minimum aio_write of 0 [2014/06/18 06:18:00.302493, 10, pid=5732, effective(99, 99), real(99, 0), class=locking] ../source3/locking/posix.c:294(is_posix_locked) is_posix_locked: File /var/spool/samba/smbprn.qh7n1O, offset = 65536, count = 65536, type = WRITE [2014/06/18 06:18:00.302524, 10, pid=5732, effective(99, 99), real(99, 0), class=locking] ../source3/locking/posix.c:164(posix_lock_in_range) posix_lock_in_range: offset_out = 65536, count_out = 65536 [2014/06/18 06:18:00.302553, 8, pid=5732, effective(99, 99), real(99, 0), class=locking] ../source3/locking/posix.c:243(posix_fcntl_getlock) posix_fcntl_getlock 11 65536 65536 1 [2014/06/18 06:18:00.302581, 8, pid=5732, effective(99, 99), real(99, 0), class=locking] ../source3/lib/util.c:1144(fcntl_getlock) fcntl_getlock fd=11 offset=65536 count=65536 type=1 [2014/06/18 06:18:00.302611, 3, pid=5732, effective(99, 99), real(99, 0), class=locking] ../source3/lib/util.c:1168(fcntl_getlock) fcntl_getlock: fd 11 is returned info 2 pid 0 [2014/06/18 06:18:00.302638, 8, pid=5732, effective(99, 99), real(99, 0), class=locking] ../source3/locking/posix.c:273(posix_fcntl_getlock) posix_fcntl_getlock: Lock query call successful [2014/06/18 06:18:00.302664, 10, pid=5732, effective(99, 99), real(99, 0), class=locking] ../source3/locking/brlock.c:1321(brl_locktest) brl_locktest: posix start=65536 len=65536 unlocked for fnum 2792954035 file /var/spool/samba/smbprn.qh7n1O [2014/06/18 06:18:00.302695, 10, pid=5732, effective(99, 99), real(99, 0), class=locking] ../source3/locking/locking.c:161(strict_lock_default) strict_lock_default: flavour = WINDOWS_LOCK brl start=65536 len=65536 unlocked for fnum 2792954035 file /var/spool/samba/smbprn.qh7n1O [2014/06/18 06:18:00.302762, 3, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/smb2_write.c:198(smb2_write_complete_internal) smb2: fnum 2792954035, file /var/spool/samba/smbprn.qh7n1O, length=65536 offset=0 wrote=65536 [2014/06/18 06:18:00.302794, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/smb2_write.c:357(smbd_smb2_write_send) smb2: write on file /var/spool/samba/smbprn.qh7n1O, offset 65536, requested 65536, written = 65536 [2014/06/18 06:18:00.302827, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/smb2_server.c:2499(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[16] dyn[yes:0] at ../source3/smbd/smb2_write.c:150 [2014/06/18 06:18:00.302856, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/smb2_server.c:874(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 482/512, total granted/max/low/range 31/8192/9/31 [2014/06/18 06:18:00.303027, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/smb2_server.c:3241(smbd_smb2_io_handler) smbd_smb2_request idx[1] of 5 vectors [2014/06/18 06:18:00.303070, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/smb2_server.c:621(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 9 (position 9) from bitmap [2014/06/18 06:18:00.303099, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/smb2_server.c:1878(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_WRITE] mid = 9 [2014/06/18 06:18:00.303132, 4, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2014/06/18 06:18:00.303161, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/smb2_server.c:1780(smbd_smb2_request_verify_creditcharge) mid 9, CreditCharge: 1, NeededCharge: 1 [2014/06/18 06:18:00.303190, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/smb2_write.c:271(smbd_smb2_write_send) smbd_smb2_write: /var/spool/samba/smbprn.qh7n1O - fnum 2792954035 [2014/06/18 06:18:00.303219, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/aio.c:848(schedule_aio_smb2_write) smb2: write size (53248) too small for minimum aio_write of 0 [2014/06/18 06:18:00.303248, 10, pid=5732, effective(99, 99), real(99, 0), class=locking] ../source3/locking/posix.c:294(is_posix_locked) is_posix_locked: File /var/spool/samba/smbprn.qh7n1O, offset = 131072, count = 53248, type = WRITE [2014/06/18 06:18:00.303279, 10, pid=5732, effective(99, 99), real(99, 0), class=locking] ../source3/locking/posix.c:164(posix_lock_in_range) posix_lock_in_range: offset_out = 131072, count_out = 53248 [2014/06/18 06:18:00.303307, 8, pid=5732, effective(99, 99), real(99, 0), class=locking] ../source3/locking/posix.c:243(posix_fcntl_getlock) posix_fcntl_getlock 11 131072 53248 1 [2014/06/18 06:18:00.303335, 8, pid=5732, effective(99, 99), real(99, 0), class=locking] ../source3/lib/util.c:1144(fcntl_getlock) fcntl_getlock fd=11 offset=131072 count=53248 type=1 [2014/06/18 06:18:00.303363, 3, pid=5732, effective(99, 99), real(99, 0), class=locking] ../source3/lib/util.c:1168(fcntl_getlock) fcntl_getlock: fd 11 is returned info 2 pid 0 [2014/06/18 06:18:00.303389, 8, pid=5732, effective(99, 99), real(99, 0), class=locking] ../source3/locking/posix.c:273(posix_fcntl_getlock) posix_fcntl_getlock: Lock query call successful [2014/06/18 06:18:00.303415, 10, pid=5732, effective(99, 99), real(99, 0), class=locking] ../source3/locking/brlock.c:1321(brl_locktest) brl_locktest: posix start=131072 len=53248 unlocked for fnum 2792954035 file /var/spool/samba/smbprn.qh7n1O [2014/06/18 06:18:00.303445, 10, pid=5732, effective(99, 99), real(99, 0), class=locking] ../source3/locking/locking.c:161(strict_lock_default) strict_lock_default: flavour = WINDOWS_LOCK brl start=131072 len=53248 unlocked for fnum 2792954035 file /var/spool/samba/smbprn.qh7n1O [2014/06/18 06:18:00.303504, 3, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/smb2_write.c:198(smb2_write_complete_internal) smb2: fnum 2792954035, file /var/spool/samba/smbprn.qh7n1O, length=53248 offset=0 wrote=53248 [2014/06/18 06:18:00.303536, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/smb2_write.c:357(smbd_smb2_write_send) smb2: write on file /var/spool/samba/smbprn.qh7n1O, offset 131072, requested 53248, written = 53248 [2014/06/18 06:18:00.303567, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/smb2_server.c:2499(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[16] dyn[yes:0] at ../source3/smbd/smb2_write.c:150 [2014/06/18 06:18:00.303596, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/smb2_server.c:874(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 482/512, total granted/max/low/range 31/8192/10/31 [2014/06/18 06:18:00.304045, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/smb2_server.c:3241(smbd_smb2_io_handler) smbd_smb2_request idx[1] of 5 vectors [2014/06/18 06:18:00.304118, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/smb2_server.c:621(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 10 (position 10) from bitmap [2014/06/18 06:18:00.304162, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/smb2_server.c:1878(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_CLOSE] mid = 10 [2014/06/18 06:18:00.304225, 4, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2014/06/18 06:18:00.304261, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/smb2_close.c:185(smbd_smb2_close) smbd_smb2_close: /var/spool/samba/smbprn.8PZICe - fnum 2755515169 [2014/06/18 06:18:00.304344, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_ClosePrinter: struct spoolss_ClosePrinter in: struct spoolss_ClosePrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001c-0000-0000-a053-c0e164160000 [2014/06/18 06:18:00.304449, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1C 00 00 00 00 00 00 00 A0 53 C0 E1 ........ .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:00.304504, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1C 00 00 00 00 00 00 00 A0 53 C0 E1 ........ .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:00.304553, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1C 00 00 00 00 00 00 00 A0 53 C0 E1 ........ .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:00.304602, 4, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) short name:print [2014/06/18 06:18:00.304635, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:457(print_job_find) print_job_find: looking up job 41 for share print [2014/06/18 06:18:00.304670, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:485(print_job_find) print_job_find: returning system job -1 for jobid 41. [2014/06/18 06:18:00.304702, 5, pid=5732, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:2977(print_job_end) print_job_end: canceling spool of /var/spool/samba/smbprn.8PZICe (zero length) [2014/06/18 06:18:00.304738, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:457(print_job_find) print_job_find: looking up job 41 for share print [2014/06/18 06:18:00.304767, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:485(print_job_find) print_job_find: returning system job -1 for jobid 41. [2014/06/18 06:18:00.304795, 5, pid=5732, effective(99, 99), real(99, 0)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) send_spoolss_notify2_msg: appending message 0x01/0x0a for printer print to notify_queue_head [2014/06/18 06:18:00.304848, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:2093(remove_from_jobs_added) remove_from_jobs_added: removed jobid 41 [2014/06/18 06:18:00.304876, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:158(rap_jobid_delete) rap_jobid_delete: called. [2014/06/18 06:18:00.304903, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:178(rap_jobid_delete) rap_jobid_delete: deleting jobid 41 [2014/06/18 06:18:00.304933, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1C 00 00 00 00 00 00 00 A0 53 C0 E1 ........ .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:00.304983, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1C 00 00 00 00 00 00 00 A0 53 C0 E1 ........ .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:00.305035, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2014/06/18 06:18:00.305059, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_ClosePrinter: struct spoolss_ClosePrinter out: struct spoolss_ClosePrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2014/06/18 06:18:00.305158, 5, pid=5732, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:187(dbwrap_check_lock_order) check lock order 1 for /usr/local/samba/var/lock/smbXsrv_open_global.tdb [2014/06/18 06:18:00.305186, 10, pid=5732, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1:/usr/local/samba/var/lock/smbXsrv_open_global.tdb 2: 3: [2014/06/18 06:18:00.305212, 10, pid=5732, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Locking key 7326B47E [2014/06/18 06:18:00.305240, 10, pid=5732, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) Allocated locked data 0x0xb65a23c0 [2014/06/18 06:18:00.305274, 10, pid=5732, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Unlocking key 7326B47E [2014/06/18 06:18:00.305301, 5, pid=5732, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) release lock order 1 for /usr/local/samba/var/lock/smbXsrv_open_global.tdb [2014/06/18 06:18:00.305325, 10, pid=5732, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1: 2: 3: [2014/06/18 06:18:00.305357, 5, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/files.c:525(file_free) freed files structure 2755515169 (1 used) [2014/06/18 06:18:00.305392, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/smb2_server.c:2499(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[60] dyn[no:0] at ../source3/smbd/smb2_close.c:139 [2014/06/18 06:18:00.305419, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/smb2_server.c:874(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 482/512, total granted/max/low/range 31/8192/11/31 [2014/06/18 06:18:00.305905, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/smb2_server.c:3241(smbd_smb2_io_handler) smbd_smb2_request idx[1] of 5 vectors [2014/06/18 06:18:00.305947, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/smb2_server.c:621(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 11 (position 11) from bitmap [2014/06/18 06:18:00.305977, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/smb2_server.c:1878(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_WRITE] mid = 11 [2014/06/18 06:18:00.306005, 4, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2014/06/18 06:18:00.306033, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/smb2_server.c:1780(smbd_smb2_request_verify_creditcharge) mid 11, CreditCharge: 1, NeededCharge: 1 [2014/06/18 06:18:00.306060, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/smb2_write.c:271(smbd_smb2_write_send) smbd_smb2_write: /var/spool/samba/smbprn.qh7n1O - fnum 2792954035 [2014/06/18 06:18:00.306088, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/aio.c:848(schedule_aio_smb2_write) smb2: write size (4650) too small for minimum aio_write of 0 [2014/06/18 06:18:00.306120, 10, pid=5732, effective(99, 99), real(99, 0), class=locking] ../source3/locking/posix.c:294(is_posix_locked) is_posix_locked: File /var/spool/samba/smbprn.qh7n1O, offset = 184320, count = 4650, type = WRITE [2014/06/18 06:18:00.306151, 10, pid=5732, effective(99, 99), real(99, 0), class=locking] ../source3/locking/posix.c:164(posix_lock_in_range) posix_lock_in_range: offset_out = 184320, count_out = 4650 [2014/06/18 06:18:00.306177, 8, pid=5732, effective(99, 99), real(99, 0), class=locking] ../source3/locking/posix.c:243(posix_fcntl_getlock) posix_fcntl_getlock 11 184320 4650 1 [2014/06/18 06:18:00.306203, 8, pid=5732, effective(99, 99), real(99, 0), class=locking] ../source3/lib/util.c:1144(fcntl_getlock) fcntl_getlock fd=11 offset=184320 count=4650 type=1 [2014/06/18 06:18:00.306230, 3, pid=5732, effective(99, 99), real(99, 0), class=locking] ../source3/lib/util.c:1168(fcntl_getlock) fcntl_getlock: fd 11 is returned info 2 pid 0 [2014/06/18 06:18:00.306255, 8, pid=5732, effective(99, 99), real(99, 0), class=locking] ../source3/locking/posix.c:273(posix_fcntl_getlock) posix_fcntl_getlock: Lock query call successful [2014/06/18 06:18:00.306279, 10, pid=5732, effective(99, 99), real(99, 0), class=locking] ../source3/locking/brlock.c:1321(brl_locktest) brl_locktest: posix start=184320 len=4650 unlocked for fnum 2792954035 file /var/spool/samba/smbprn.qh7n1O [2014/06/18 06:18:00.306307, 10, pid=5732, effective(99, 99), real(99, 0), class=locking] ../source3/locking/locking.c:161(strict_lock_default) strict_lock_default: flavour = WINDOWS_LOCK brl start=184320 len=4650 unlocked for fnum 2792954035 file /var/spool/samba/smbprn.qh7n1O [2014/06/18 06:18:00.306344, 3, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/smb2_write.c:198(smb2_write_complete_internal) smb2: fnum 2792954035, file /var/spool/samba/smbprn.qh7n1O, length=4650 offset=0 wrote=4650 [2014/06/18 06:18:00.306373, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/smb2_write.c:357(smbd_smb2_write_send) smb2: write on file /var/spool/samba/smbprn.qh7n1O, offset 184320, requested 4650, written = 4650 [2014/06/18 06:18:00.306403, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/smb2_server.c:2499(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[16] dyn[yes:0] at ../source3/smbd/smb2_write.c:150 [2014/06/18 06:18:00.306429, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/smb2_server.c:874(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 482/512, total granted/max/low/range 31/8192/12/31 [2014/06/18 06:18:00.306761, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/smb2_server.c:3241(smbd_smb2_io_handler) smbd_smb2_request idx[1] of 5 vectors [2014/06/18 06:18:00.306803, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/smb2_server.c:621(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 12 (position 12) from bitmap [2014/06/18 06:18:00.306832, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/smb2_server.c:1878(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_FLUSH] mid = 12 [2014/06/18 06:18:00.306860, 4, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2014/06/18 06:18:00.306890, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/smb2_flush.c:131(smbd_smb2_flush_send) smbd_smb2_flush: /var/spool/samba/smbprn.qh7n1O - fnum 2792954035 [2014/06/18 06:18:00.306923, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/smb2_server.c:2499(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[4] dyn[no:0] at ../source3/smbd/smb2_flush.c:101 [2014/06/18 06:18:00.306951, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/smb2_server.c:874(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 482/512, total granted/max/low/range 31/8192/13/31 [2014/06/18 06:18:00.307184, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/smb2_server.c:3241(smbd_smb2_io_handler) smbd_smb2_request idx[1] of 5 vectors [2014/06/18 06:18:00.307218, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/smb2_server.c:621(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 13 (position 13) from bitmap [2014/06/18 06:18:00.307246, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/smb2_server.c:1878(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_CLOSE] mid = 13 [2014/06/18 06:18:00.307273, 4, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2014/06/18 06:18:00.307302, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/smb2_close.c:185(smbd_smb2_close) smbd_smb2_close: /var/spool/samba/smbprn.qh7n1O - fnum 2792954035 [2014/06/18 06:18:00.307337, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_ClosePrinter: struct spoolss_ClosePrinter in: struct spoolss_ClosePrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000011-0000-0000-a053-c0e164160000 [2014/06/18 06:18:00.307419, 4, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:347(find_policy_by_hnd_internal) Policy not found: [0000] 00 00 00 00 11 00 00 00 00 00 00 00 A0 53 C0 E1 ........ .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:00.307471, 2, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:343(find_printer_index_by_hnd) find_printer_index_by_hnd: Printer handle not found: Policy not found: [0000] 00 00 00 00 11 00 00 00 00 00 00 00 A0 53 C0 E1 ........ .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:00.307521, 2, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:343(find_printer_index_by_hnd) find_printer_index_by_hnd: Printer handle not found: close_printer_handle: Invalid handle (OURS:5732:5732) [2014/06/18 06:18:00.307560, 3, pid=5732, effective(99, 99), real(99, 0)] ../source3/printing/printspoolss.c:326(print_spool_end) Failed to close printer print [NT code 0x1c00001a] [2014/06/18 06:18:00.307609, 5, pid=5732, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:187(dbwrap_check_lock_order) check lock order 1 for /usr/local/samba/var/lock/smbXsrv_open_global.tdb [2014/06/18 06:18:00.307635, 10, pid=5732, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1:/usr/local/samba/var/lock/smbXsrv_open_global.tdb 2: 3: [2014/06/18 06:18:00.307662, 10, pid=5732, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Locking key 2CC7D2DC [2014/06/18 06:18:00.307692, 10, pid=5732, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) Allocated locked data 0x0xb65a0d48 [2014/06/18 06:18:00.307724, 10, pid=5732, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Unlocking key 2CC7D2DC [2014/06/18 06:18:00.307752, 5, pid=5732, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) release lock order 1 for /usr/local/samba/var/lock/smbXsrv_open_global.tdb [2014/06/18 06:18:00.307777, 10, pid=5732, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1: 2: 3: [2014/06/18 06:18:00.307808, 5, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/files.c:525(file_free) freed files structure 2792954035 (0 used) [2014/06/18 06:18:00.307839, 8, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/dosmode.c:631(dos_mode) dos_mode: /var/spool/samba/smbprn.qh7n1O [2014/06/18 06:18:00.307871, 8, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/dosmode.c:204(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2014/06/18 06:18:00.307898, 8, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/dosmode.c:682(dos_mode) dos_mode returning [2014/06/18 06:18:00.307930, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/smb2_server.c:2499(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[60] dyn[no:0] at ../source3/smbd/smb2_close.c:139 [2014/06/18 06:18:00.307958, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/smb2_server.c:874(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 482/512, total granted/max/low/range 31/8192/14/31 [2014/06/18 06:18:01.250708, 4, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2014/06/18 06:18:01.253184, 5, pid=5732, effective(99, 99), real(99, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2014/06/18 06:18:01.253255, 5, pid=5732, effective(99, 99), real(99, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2014/06/18 06:18:01.253407, 5, pid=5732, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:425(smbd_change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2014/06/18 06:18:01.253514, 5, pid=5732, effective(0, 0), real(0, 0)] ../source3/printing/notify.c:180(print_notify_send_messages_to_printer) print_notify_send_messages_to_printer: sending 13 print notify messages to printer print [2014/06/18 06:18:05.307520, 10, pid=5732, effective(0, 0), real(0, 0)] ../source3/smbd/smb2_server.c:3241(smbd_smb2_io_handler) smbd_smb2_request idx[1] of 5 vectors [2014/06/18 06:18:05.307656, 10, pid=5732, effective(0, 0), real(0, 0)] ../source3/smbd/smb2_server.c:621(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 14 (position 14) from bitmap [2014/06/18 06:18:05.307722, 10, pid=5732, effective(0, 0), real(0, 0)] ../source3/smbd/smb2_server.c:1878(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_CREATE] mid = 14 [2014/06/18 06:18:05.307896, 4, pid=5732, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (99, 99) - sec_ctx_stack_ndx = 0 [2014/06/18 06:18:05.307962, 5, pid=5732, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (6): SID[ 0]: S-1-5-21-1412259249-3212819653-634731678-501 SID[ 1]: S-1-5-21-1412259249-3212819653-634731678-514 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-32-546 SID[ 5]: S-1-22-1-99 Privileges (0x 0): Rights (0x 0): [2014/06/18 06:18:05.308185, 5, pid=5732, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 99 Primary group is 99 and contains 0 supplementary groups [2014/06/18 06:18:05.308277, 5, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) Impersonated user: uid=(99,99), gid=(0,99) [2014/06/18 06:18:05.308350, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/smb2_create.c:451(smbd_smb2_create_send) smbd_smb2_create: name[] [2014/06/18 06:18:05.308423, 5, pid=5732, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:187(dbwrap_check_lock_order) check lock order 1 for /usr/local/samba/var/lock/smbXsrv_open_global.tdb [2014/06/18 06:18:05.308480, 10, pid=5732, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1:/usr/local/samba/var/lock/smbXsrv_open_global.tdb 2: 3: [2014/06/18 06:18:05.308541, 10, pid=5732, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Locking key 3DEFF5AC [2014/06/18 06:18:05.308620, 10, pid=5732, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) Allocated locked data 0x0xb65a0870 [2014/06/18 06:18:05.308758, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/smbXsrv_open.c:695(smbXsrv_open_global_store) [2014/06/18 06:18:05.308802, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/smbXsrv_open.c:697(smbXsrv_open_global_store) smbXsrv_open_global_store: key '3DEFF5AC' stored [2014/06/18 06:18:05.308859, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &global_blob: struct smbXsrv_open_globalB version : SMBXSRV_VERSION_0 (0) seqnum : 0x00000001 (1) info : union smbXsrv_open_globalU(case 0) info0 : * info0: struct smbXsrv_open_global0 db_rec : * server_id: struct server_id pid : 0x0000000000001664 (5732) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0x718583a4645892af (8180089040269775535) open_global_id : 0x3deff5ac (1039136172) open_persistent_id : 0x000000003deff5ac (1039136172) open_volatile_id : 0x000000000e5422af (240394927) open_owner : S-1-5-21-1412259249-3212819653-634731678-501 open_time : Wed Jun 18 06:18:05 AM 2014 IST create_guid : 00000000-0000-0000-0000-000000000000 client_guid : e8c453bd-f6cd-11e3-a601-005056c00008 app_instance_id : 00000000-0000-0000-0000-000000000000 disconnect_time : NTTIME(0) durable_timeout_msec : 0x00000000 (0) durable : 0x00 (0) backend_cookie : DATA_BLOB length=0 [2014/06/18 06:18:05.309467, 10, pid=5732, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Unlocking key 3DEFF5AC [2014/06/18 06:18:05.309527, 5, pid=5732, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) release lock order 1 for /usr/local/samba/var/lock/smbXsrv_open_global.tdb [2014/06/18 06:18:05.309582, 10, pid=5732, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1: 2: 3: [2014/06/18 06:18:05.309638, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/smbXsrv_open.c:862(smbXsrv_open_create) [2014/06/18 06:18:05.309673, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/smbXsrv_open.c:870(smbXsrv_open_create) smbXsrv_open_create: global_id (0x3deff5ac) stored [2014/06/18 06:18:05.309727, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &open_blob: struct smbXsrv_openB version : SMBXSRV_VERSION_0 (0) reserved : 0x00000000 (0) info : union smbXsrv_openU(case 0) info0 : * info0: struct smbXsrv_open table : * db_rec : NULL local_id : 0x0e5422af (240394927) global : * global: struct smbXsrv_open_global0 db_rec : NULL server_id: struct server_id pid : 0x0000000000001664 (5732) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0x718583a4645892af (8180089040269775535) open_global_id : 0x3deff5ac (1039136172) open_persistent_id : 0x000000003deff5ac (1039136172) open_volatile_id : 0x000000000e5422af (240394927) open_owner : S-1-5-21-1412259249-3212819653-634731678-501 open_time : Wed Jun 18 06:18:05 AM 2014 IST create_guid : 00000000-0000-0000-0000-000000000000 client_guid : e8c453bd-f6cd-11e3-a601-005056c00008 app_instance_id : 00000000-0000-0000-0000-000000000000 disconnect_time : NTTIME(0) durable_timeout_msec : 0x00000000 (0) durable : 0x00 (0) backend_cookie : DATA_BLOB length=0 status : NT_STATUS_OK idle_time : Wed Jun 18 06:18:05 AM 2014 IST compat : NULL [2014/06/18 06:18:05.310527, 5, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/files.c:125(file_new) allocated file structure fnum 240394927 (1 used) [2014/06/18 06:18:05.310647, 10, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) Deleted handle list for RPC connection \spoolss [2014/06/18 06:18:05.310720, 5, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:796(rpc_pipe_open_interface) Connecting to spoolss pipe. [2014/06/18 06:18:05.310789, 4, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) Create pipe requested \spoolss [2014/06/18 06:18:05.310853, 10, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \spoolss [2014/06/18 06:18:05.310911, 10, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \spoolss [2014/06/18 06:18:05.311027, 4, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) Created internal pipe \spoolss [2014/06/18 06:18:05.311120, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_OpenPrinter: struct spoolss_OpenPrinter in: struct spoolss_OpenPrinter printername : * printername : 'print' datatype : * datatype : 'RAW' devmode_ctr: struct spoolss_DevmodeContainer _ndr_size : 0x00000000 (0) devmode : NULL access_mask : 0x00000008 (8) 0: SERVER_ACCESS_ADMINISTER 0: SERVER_ACCESS_ENUMERATE 0: PRINTER_ACCESS_ADMINISTER 1: PRINTER_ACCESS_USE 0: JOB_ACCESS_ADMINISTER 0: JOB_ACCESS_READ checking name: print [2014/06/18 06:18:05.311515, 10, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:737(open_printer_hnd) open_printer_hnd: name [print] [2014/06/18 06:18:05.311574, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 27 00 00 00 00 00 00 00 A0 53 C5 E1 ....'... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.311685, 3, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:506(set_printer_hnd_printertype) Setting printer type=print Printer is a printer [2014/06/18 06:18:05.311765, 4, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:566(set_printer_hnd_name) Setting printer name=print (len=5) searching for [print] [2014/06/18 06:18:05.311868, 10, pid=5732, effective(99, 99), real(99, 0), class=tdb] ../source3/lib/gencache.c:275(gencache_set_data_blob) Did not store value for PRINTERNAME/print, we already got it set_printer_hnd_name: Printer found: print -> print [2014/06/18 06:18:05.311945, 5, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:773(open_printer_hnd) 1 printer handles active [2014/06/18 06:18:05.312000, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 27 00 00 00 00 00 00 00 A0 53 C5 E1 ....'... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.312110, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 27 00 00 00 00 00 00 00 A0 53 C5 E1 ....'... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.312218, 4, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) short name:print [2014/06/18 06:18:05.312297, 3, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/access.c:338(allow_access) Allowed connection from fe80::51bb:b8a:3bcd:9e1e (fe80::51bb:b8a:3bcd:9e1e) [2014/06/18 06:18:05.312401, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/share_access.c:237(user_ok_token) user_ok_token: share print is ok for unix user nobody [2014/06/18 06:18:05.312534, 4, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) Create pipe requested \winreg [2014/06/18 06:18:05.312605, 10, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2014/06/18 06:18:05.312664, 10, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2014/06/18 06:18:05.312770, 4, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) Created internal pipe \winreg [2014/06/18 06:18:05.312854, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2014/06/18 06:18:05.313151, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2014/06/18 06:18:05.313209, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2014/06/18 06:18:05.313267, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2014/06/18 06:18:05.313328, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2014/06/18 06:18:05.313383, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:05.313434, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM] [2014/06/18 06:18:05.313531, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2014/06/18 06:18:05.313616, 10, pid=5732, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2014/06/18 06:18:05.313681, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 A0 53 C5 E1 ....(... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.313796, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000028-0000-0000-a053-c5e164160000 result : WERR_OK [2014/06/18 06:18:05.314109, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000028-0000-0000-a053-c5e164160000 keyname: struct winreg_String name_len : 0x0084 (132) name_size : 0x0084 (132) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2014/06/18 06:18:05.314687, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 A0 53 C5 E1 ....(... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.314803, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2014/06/18 06:18:05.314859, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2014/06/18 06:18:05.314917, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2014/06/18 06:18:05.315002, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2014/06/18 06:18:05.315064, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:05.315121, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM\SOFTWARE] [2014/06/18 06:18:05.315228, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2014/06/18 06:18:05.315323, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2014/06/18 06:18:05.315391, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2014/06/18 06:18:05.315456, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2014/06/18 06:18:05.315514, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2014/06/18 06:18:05.315575, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:05.315631, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM\SOFTWARE\Microsoft] [2014/06/18 06:18:05.315728, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2014/06/18 06:18:05.315819, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2014/06/18 06:18:05.315884, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2014/06/18 06:18:05.315947, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2014/06/18 06:18:05.316005, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2014/06/18 06:18:05.316066, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:05.316122, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2014/06/18 06:18:05.316212, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2014/06/18 06:18:05.316302, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2014/06/18 06:18:05.316366, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2014/06/18 06:18:05.316429, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2014/06/18 06:18:05.316496, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2014/06/18 06:18:05.316557, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:05.316613, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x463360 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2014/06/18 06:18:05.316736, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2014/06/18 06:18:05.316803, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2014/06/18 06:18:05.316867, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2014/06/18 06:18:05.316926, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2014/06/18 06:18:05.316990, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:05.317046, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x463360 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2014/06/18 06:18:05.317143, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2014/06/18 06:18:05.317210, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (8->9) [2014/06/18 06:18:05.317274, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2014/06/18 06:18:05.317333, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2014/06/18 06:18:05.317396, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:05.317452, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2014/06/18 06:18:05.317544, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2014/06/18 06:18:05.317636, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [print] [2014/06/18 06:18:05.317701, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (9->10) [2014/06/18 06:18:05.317765, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.317831, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.317895, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:05.317951, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.318057, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.318150, 10, pid=5732, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2014/06/18 06:18:05.318217, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (10->9) [2014/06/18 06:18:05.318278, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (9->8) [2014/06/18 06:18:05.318339, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2014/06/18 06:18:05.318398, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2014/06/18 06:18:05.318457, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2014/06/18 06:18:05.318516, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2014/06/18 06:18:05.318578, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 29 00 00 00 00 00 00 00 A0 53 C5 E1 ....)... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.318697, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000029-0000-0000-a053-c5e164160000 result : WERR_OK [2014/06/18 06:18:05.318966, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000029-0000-0000-a053-c5e164160000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2014/06/18 06:18:05.319530, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 29 00 00 00 00 00 00 00 A0 53 C5 E1 ....)... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.319651, 7, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.319711, 7, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2014/06/18 06:18:05.319772, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print' (ops 0x6c4bc0) [2014/06/18 06:18:05.319834, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.319943, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2014/06/18 06:18:05.320013, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Description] len[2] [2014/06/18 06:18:05.320130, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[Datatype] len[8] [2014/06/18 06:18:05.320196, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[Default Priority] len[4] [2014/06/18 06:18:05.320288, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[Port] len[38] [2014/06/18 06:18:05.320353, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Name] len[12] [2014/06/18 06:18:05.320416, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[Print Processor] len[18] [2014/06/18 06:18:05.320480, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[7]: name[Priority] len[4] [2014/06/18 06:18:05.320546, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[8]: name[Security] len[176] [2014/06/18 06:18:05.320611, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[9]: name[Share Name] len[12] [2014/06/18 06:18:05.320675, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[10]: name[StartTime] len[4] [2014/06/18 06:18:05.320738, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[11]: name[UntilTime] len[4] [2014/06/18 06:18:05.320802, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[12]: name[ChangeID] len[4] [2014/06/18 06:18:05.320878, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2014/06/18 06:18:05.321197, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000029-0000-0000-a053-c5e164160000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x00000000 (0) [2014/06/18 06:18:05.321717, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 29 00 00 00 00 00 00 00 A0 53 C5 E1 ....)... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.321834, 7, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.321894, 7, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2014/06/18 06:18:05.322029, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(176) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0x7c (124) [55] : 0x00 (0) [56] : 0x05 (5) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x18 (24) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x02 (2) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x20 (32) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0x20 (32) [101] : 0x02 (2) [102] : 0x00 (0) [103] : 0x00 (0) [104] : 0x00 (0) [105] : 0x02 (2) [106] : 0x18 (24) [107] : 0x00 (0) [108] : 0x0c (12) [109] : 0x00 (0) [110] : 0x0f (15) [111] : 0x10 (16) [112] : 0x01 (1) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x00 (0) [118] : 0x00 (0) [119] : 0x05 (5) [120] : 0x20 (32) [121] : 0x00 (0) [122] : 0x00 (0) [123] : 0x00 (0) [124] : 0x20 (32) [125] : 0x02 (2) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x09 (9) [130] : 0x18 (24) [131] : 0x00 (0) [132] : 0x0c (12) [133] : 0x00 (0) [134] : 0x0f (15) [135] : 0x10 (16) [136] : 0x01 (1) [137] : 0x02 (2) [138] : 0x00 (0) [139] : 0x00 (0) [140] : 0x00 (0) [141] : 0x00 (0) [142] : 0x00 (0) [143] : 0x05 (5) [144] : 0x20 (32) [145] : 0x00 (0) [146] : 0x00 (0) [147] : 0x00 (0) [148] : 0x26 (38) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x02 (2) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x26 (38) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x000000b0 (176) result : WERR_OK [2014/06/18 06:18:05.326558, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000029-0000-0000-a053-c5e164160000 [2014/06/18 06:18:05.326757, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 29 00 00 00 00 00 00 00 A0 53 C5 E1 ....)... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.326876, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 29 00 00 00 00 00 00 00 A0 53 C5 E1 ....)... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.326990, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2014/06/18 06:18:05.327055, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2014/06/18 06:18:05.327116, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2014/06/18 06:18:05.327351, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000028-0000-0000-a053-c5e164160000 [2014/06/18 06:18:05.327542, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 A0 53 C5 E1 ....(... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.327671, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 A0 53 C5 E1 ....(... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.327789, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2014/06/18 06:18:05.327848, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2014/06/18 06:18:05.327908, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2014/06/18 06:18:05.328135, 10, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) Deleted handle list for RPC connection \winreg [2014/06/18 06:18:05.328212, 10, pid=5732, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x20020008 to 0x00020008 [2014/06/18 06:18:05.328273, 10, pid=5732, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2014/06/18 06:18:05.328331, 10, pid=5732, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2014/06/18 06:18:05.328389, 10, pid=5732, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2014/06/18 06:18:05.328447, 10, pid=5732, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2014/06/18 06:18:05.328507, 4, pid=5732, effective(99, 99), real(99, 0)] ../source3/printing/nt_printing.c:1844(print_access_check) access check was SUCCESS [2014/06/18 06:18:05.328567, 4, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:1921(_spoolss_OpenPrinterEx) Setting printer access = PRINTER_ACCESS_USE [2014/06/18 06:18:05.328698, 4, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) Create pipe requested \winreg [2014/06/18 06:18:05.328775, 10, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2014/06/18 06:18:05.328840, 10, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2014/06/18 06:18:05.328961, 4, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) Created internal pipe \winreg [2014/06/18 06:18:05.329050, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2014/06/18 06:18:05.329381, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2014/06/18 06:18:05.329444, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2014/06/18 06:18:05.329507, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2014/06/18 06:18:05.329565, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2014/06/18 06:18:05.329625, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:05.329681, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM] [2014/06/18 06:18:05.329785, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2014/06/18 06:18:05.329876, 10, pid=5732, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2014/06/18 06:18:05.329945, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 2A 00 00 00 00 00 00 00 A0 53 C5 E1 ....*... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.330064, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002a-0000-0000-a053-c5e164160000 result : WERR_OK [2014/06/18 06:18:05.330315, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002a-0000-0000-a053-c5e164160000 keyname: struct winreg_String name_len : 0x0084 (132) name_size : 0x0084 (132) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2014/06/18 06:18:05.330944, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2A 00 00 00 00 00 00 00 A0 53 C5 E1 ....*... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.331075, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2014/06/18 06:18:05.331137, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2014/06/18 06:18:05.331200, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2014/06/18 06:18:05.331257, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2014/06/18 06:18:05.331317, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:05.331374, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM\SOFTWARE] [2014/06/18 06:18:05.331478, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2014/06/18 06:18:05.331571, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2014/06/18 06:18:05.331636, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2014/06/18 06:18:05.331699, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2014/06/18 06:18:05.331757, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2014/06/18 06:18:05.331817, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:05.331873, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM\SOFTWARE\Microsoft] [2014/06/18 06:18:05.331968, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2014/06/18 06:18:05.332059, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2014/06/18 06:18:05.332124, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2014/06/18 06:18:05.332187, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2014/06/18 06:18:05.332245, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2014/06/18 06:18:05.332305, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:05.332362, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2014/06/18 06:18:05.332452, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2014/06/18 06:18:05.332550, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2014/06/18 06:18:05.332615, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2014/06/18 06:18:05.332678, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2014/06/18 06:18:05.332736, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2014/06/18 06:18:05.332797, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:05.332854, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x463360 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2014/06/18 06:18:05.332976, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2014/06/18 06:18:05.333043, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2014/06/18 06:18:05.333107, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2014/06/18 06:18:05.333165, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2014/06/18 06:18:05.333228, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:05.333285, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x463360 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2014/06/18 06:18:05.333382, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2014/06/18 06:18:05.333448, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (8->9) [2014/06/18 06:18:05.333512, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2014/06/18 06:18:05.333571, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2014/06/18 06:18:05.333634, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:05.333691, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2014/06/18 06:18:05.333782, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2014/06/18 06:18:05.333882, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [print] [2014/06/18 06:18:05.333947, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (9->10) [2014/06/18 06:18:05.334012, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.334071, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.334134, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:05.334191, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.334298, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.334392, 10, pid=5732, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2014/06/18 06:18:05.334461, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (10->9) [2014/06/18 06:18:05.334522, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (9->8) [2014/06/18 06:18:05.334583, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2014/06/18 06:18:05.334643, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2014/06/18 06:18:05.334702, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2014/06/18 06:18:05.334762, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2014/06/18 06:18:05.334823, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 2B 00 00 00 00 00 00 00 A0 53 C5 E1 ....+... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.334940, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002b-0000-0000-a053-c5e164160000 result : WERR_OK [2014/06/18 06:18:05.335171, 2, pid=5732, effective(99, 99), real(99, 0)] ../source3/rpc_client/cli_winreg_spoolss.c:626(winreg_create_printer) winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print already exists [2014/06/18 06:18:05.335252, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002b-0000-0000-a053-c5e164160000 [2014/06/18 06:18:05.335447, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2B 00 00 00 00 00 00 00 A0 53 C5 E1 ....+... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.335565, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2B 00 00 00 00 00 00 00 A0 53 C5 E1 ....+... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.335680, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2014/06/18 06:18:05.335740, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2014/06/18 06:18:05.335800, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2014/06/18 06:18:05.336033, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002a-0000-0000-a053-c5e164160000 [2014/06/18 06:18:05.336220, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2A 00 00 00 00 00 00 00 A0 53 C5 E1 ....*... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.336338, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2A 00 00 00 00 00 00 00 A0 53 C5 E1 ....*... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.336452, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2014/06/18 06:18:05.336512, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2014/06/18 06:18:05.336571, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2014/06/18 06:18:05.336794, 10, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) Deleted handle list for RPC connection \winreg [2014/06/18 06:18:05.336868, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_OpenPrinter: struct spoolss_OpenPrinter out: struct spoolss_OpenPrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000027-0000-0000-a053-c5e164160000 result : WERR_OK [2014/06/18 06:18:05.337135, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_StartDocPrinter: struct spoolss_StartDocPrinter in: struct spoolss_StartDocPrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000027-0000-0000-a053-c5e164160000 info_ctr : * info_ctr: struct spoolss_DocumentInfoCtr level : 0x00000001 (1) info : union spoolss_DocumentInfo(case 1) info1 : * info1: struct spoolss_DocumentInfo1 document_name : * document_name : 'Remote Downlevel Document ' output_file : * output_file : '/var/spool/samba/smbprn.qVGvqW' datatype : * datatype : 'RAW' [2014/06/18 06:18:05.337709, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 27 00 00 00 00 00 00 00 A0 53 C5 E1 ....'... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.337766, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 27 00 00 00 00 00 00 00 A0 53 C5 E1 ....'... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.337820, 4, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) short name:print [2014/06/18 06:18:05.337899, 4, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) Create pipe requested \winreg [2014/06/18 06:18:05.337935, 10, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2014/06/18 06:18:05.337965, 10, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2014/06/18 06:18:05.338018, 4, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) Created internal pipe \winreg [2014/06/18 06:18:05.338059, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2014/06/18 06:18:05.338207, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2014/06/18 06:18:05.338240, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2014/06/18 06:18:05.338269, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2014/06/18 06:18:05.338295, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2014/06/18 06:18:05.338323, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:05.338356, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM] [2014/06/18 06:18:05.338398, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2014/06/18 06:18:05.338437, 10, pid=5732, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2014/06/18 06:18:05.338467, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 2C 00 00 00 00 00 00 00 A0 53 C5 E1 ....,... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.338519, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002c-0000-0000-a053-c5e164160000 result : WERR_OK [2014/06/18 06:18:05.338627, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002c-0000-0000-a053-c5e164160000 keyname: struct winreg_String name_len : 0x0084 (132) name_size : 0x0084 (132) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2014/06/18 06:18:05.338907, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2C 00 00 00 00 00 00 00 A0 53 C5 E1 ....,... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.338961, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2014/06/18 06:18:05.338991, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2014/06/18 06:18:05.339019, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2014/06/18 06:18:05.339045, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2014/06/18 06:18:05.339072, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:05.339097, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM\SOFTWARE] [2014/06/18 06:18:05.339144, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2014/06/18 06:18:05.339185, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2014/06/18 06:18:05.339214, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2014/06/18 06:18:05.339242, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2014/06/18 06:18:05.339268, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2014/06/18 06:18:05.339294, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:05.339320, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM\SOFTWARE\Microsoft] [2014/06/18 06:18:05.339362, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2014/06/18 06:18:05.339403, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2014/06/18 06:18:05.339432, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2014/06/18 06:18:05.339460, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2014/06/18 06:18:05.339485, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2014/06/18 06:18:05.339512, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:05.339538, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2014/06/18 06:18:05.339577, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2014/06/18 06:18:05.339617, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2014/06/18 06:18:05.339650, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2014/06/18 06:18:05.339678, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2014/06/18 06:18:05.339704, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2014/06/18 06:18:05.339731, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:05.339756, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x463360 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2014/06/18 06:18:05.339809, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2014/06/18 06:18:05.339839, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2014/06/18 06:18:05.339868, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2014/06/18 06:18:05.339894, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2014/06/18 06:18:05.339922, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:05.339947, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x463360 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2014/06/18 06:18:05.339990, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2014/06/18 06:18:05.340019, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (8->9) [2014/06/18 06:18:05.340048, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2014/06/18 06:18:05.340074, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2014/06/18 06:18:05.340102, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:05.340127, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2014/06/18 06:18:05.340168, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2014/06/18 06:18:05.340209, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [print] [2014/06/18 06:18:05.340241, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (9->10) [2014/06/18 06:18:05.340270, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.340296, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.340324, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:05.340350, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.340396, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.340437, 10, pid=5732, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2014/06/18 06:18:05.340467, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (10->9) [2014/06/18 06:18:05.340495, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (9->8) [2014/06/18 06:18:05.340522, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2014/06/18 06:18:05.340548, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2014/06/18 06:18:05.340574, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2014/06/18 06:18:05.340601, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2014/06/18 06:18:05.340628, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 2D 00 00 00 00 00 00 00 A0 53 C5 E1 ....-... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.340680, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002d-0000-0000-a053-c5e164160000 result : WERR_OK [2014/06/18 06:18:05.340792, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002d-0000-0000-a053-c5e164160000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2014/06/18 06:18:05.341013, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2D 00 00 00 00 00 00 00 A0 53 C5 E1 ....-... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.341066, 7, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.341092, 7, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2014/06/18 06:18:05.341119, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print' (ops 0x6c4bc0) [2014/06/18 06:18:05.341146, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.341186, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2014/06/18 06:18:05.341216, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Description] len[2] [2014/06/18 06:18:05.341244, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[Datatype] len[8] [2014/06/18 06:18:05.341273, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[Default Priority] len[4] [2014/06/18 06:18:05.341301, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[Port] len[38] [2014/06/18 06:18:05.341329, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Name] len[12] [2014/06/18 06:18:05.341357, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[Print Processor] len[18] [2014/06/18 06:18:05.341385, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[7]: name[Priority] len[4] [2014/06/18 06:18:05.341413, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[8]: name[Security] len[176] [2014/06/18 06:18:05.341442, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[9]: name[Share Name] len[12] [2014/06/18 06:18:05.341470, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[10]: name[StartTime] len[4] [2014/06/18 06:18:05.341502, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[11]: name[UntilTime] len[4] [2014/06/18 06:18:05.341530, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[12]: name[ChangeID] len[4] [2014/06/18 06:18:05.341559, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2014/06/18 06:18:05.341698, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002d-0000-0000-a053-c5e164160000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x00000000 (0) [2014/06/18 06:18:05.341927, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2D 00 00 00 00 00 00 00 A0 53 C5 E1 ....-... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.341978, 7, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.342005, 7, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2014/06/18 06:18:05.342034, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(176) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0x7c (124) [55] : 0x00 (0) [56] : 0x05 (5) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x18 (24) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x02 (2) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x20 (32) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0x20 (32) [101] : 0x02 (2) [102] : 0x00 (0) [103] : 0x00 (0) [104] : 0x00 (0) [105] : 0x02 (2) [106] : 0x18 (24) [107] : 0x00 (0) [108] : 0x0c (12) [109] : 0x00 (0) [110] : 0x0f (15) [111] : 0x10 (16) [112] : 0x01 (1) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x00 (0) [118] : 0x00 (0) [119] : 0x05 (5) [120] : 0x20 (32) [121] : 0x00 (0) [122] : 0x00 (0) [123] : 0x00 (0) [124] : 0x20 (32) [125] : 0x02 (2) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x09 (9) [130] : 0x18 (24) [131] : 0x00 (0) [132] : 0x0c (12) [133] : 0x00 (0) [134] : 0x0f (15) [135] : 0x10 (16) [136] : 0x01 (1) [137] : 0x02 (2) [138] : 0x00 (0) [139] : 0x00 (0) [140] : 0x00 (0) [141] : 0x00 (0) [142] : 0x00 (0) [143] : 0x05 (5) [144] : 0x20 (32) [145] : 0x00 (0) [146] : 0x00 (0) [147] : 0x00 (0) [148] : 0x26 (38) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x02 (2) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x26 (38) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x000000b0 (176) result : WERR_OK [2014/06/18 06:18:05.344011, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002d-0000-0000-a053-c5e164160000 [2014/06/18 06:18:05.344094, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2D 00 00 00 00 00 00 00 A0 53 C5 E1 ....-... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.344146, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2D 00 00 00 00 00 00 00 A0 53 C5 E1 ....-... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.344196, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2014/06/18 06:18:05.344223, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2014/06/18 06:18:05.344249, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2014/06/18 06:18:05.344351, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002c-0000-0000-a053-c5e164160000 [2014/06/18 06:18:05.344437, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2C 00 00 00 00 00 00 00 A0 53 C5 E1 ....,... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.344488, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2C 00 00 00 00 00 00 00 A0 53 C5 E1 ....,... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.344537, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2014/06/18 06:18:05.344563, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2014/06/18 06:18:05.344589, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2014/06/18 06:18:05.344686, 10, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) Deleted handle list for RPC connection \winreg [2014/06/18 06:18:05.344718, 10, pid=5732, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x20020008 to 0x00020008 [2014/06/18 06:18:05.344744, 10, pid=5732, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2014/06/18 06:18:05.344769, 10, pid=5732, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2014/06/18 06:18:05.344794, 10, pid=5732, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2014/06/18 06:18:05.344819, 10, pid=5732, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2014/06/18 06:18:05.344845, 4, pid=5732, effective(99, 99), real(99, 0)] ../source3/printing/nt_printing.c:1844(print_access_check) access check was SUCCESS [2014/06/18 06:18:05.344892, 4, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) Create pipe requested \winreg [2014/06/18 06:18:05.344925, 10, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2014/06/18 06:18:05.344953, 10, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2014/06/18 06:18:05.345003, 4, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) Created internal pipe \winreg [2014/06/18 06:18:05.345044, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2014/06/18 06:18:05.345187, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2014/06/18 06:18:05.345214, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2014/06/18 06:18:05.345241, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2014/06/18 06:18:05.345266, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2014/06/18 06:18:05.345292, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:05.345316, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM] [2014/06/18 06:18:05.345359, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2014/06/18 06:18:05.345397, 10, pid=5732, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0x20019, remaining = 0x20019 [2014/06/18 06:18:05.345427, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 2E 00 00 00 00 00 00 00 A0 53 C5 E1 ........ .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.345479, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002e-0000-0000-a053-c5e164160000 result : WERR_OK [2014/06/18 06:18:05.345587, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002e-0000-0000-a053-c5e164160000 keyname: struct winreg_String name_len : 0x0084 (132) name_size : 0x0084 (132) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2014/06/18 06:18:05.345865, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2E 00 00 00 00 00 00 00 A0 53 C5 E1 ........ .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.345917, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2014/06/18 06:18:05.345944, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2014/06/18 06:18:05.345971, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2014/06/18 06:18:05.345996, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2014/06/18 06:18:05.346022, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:05.346047, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM\SOFTWARE] [2014/06/18 06:18:05.346092, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2014/06/18 06:18:05.346132, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2014/06/18 06:18:05.346160, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2014/06/18 06:18:05.346188, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2014/06/18 06:18:05.346213, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2014/06/18 06:18:05.346239, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:05.346263, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM\SOFTWARE\Microsoft] [2014/06/18 06:18:05.346304, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2014/06/18 06:18:05.346343, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2014/06/18 06:18:05.346372, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2014/06/18 06:18:05.346399, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2014/06/18 06:18:05.346424, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2014/06/18 06:18:05.346451, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:05.346475, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2014/06/18 06:18:05.346517, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2014/06/18 06:18:05.346557, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2014/06/18 06:18:05.346585, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2014/06/18 06:18:05.346612, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2014/06/18 06:18:05.346637, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2014/06/18 06:18:05.346664, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:05.346688, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x463360 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2014/06/18 06:18:05.346741, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2014/06/18 06:18:05.346770, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2014/06/18 06:18:05.346798, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2014/06/18 06:18:05.346823, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2014/06/18 06:18:05.346851, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:05.346875, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x463360 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2014/06/18 06:18:05.346917, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2014/06/18 06:18:05.346946, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (8->9) [2014/06/18 06:18:05.346974, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2014/06/18 06:18:05.346999, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2014/06/18 06:18:05.347027, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:05.347052, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2014/06/18 06:18:05.347091, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2014/06/18 06:18:05.347134, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [print] [2014/06/18 06:18:05.347162, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (9->10) [2014/06/18 06:18:05.347190, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.347215, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.347243, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:05.347267, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.347312, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.347352, 10, pid=5732, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0x20019, remaining = 0x20019 [2014/06/18 06:18:05.347381, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (10->9) [2014/06/18 06:18:05.347408, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (9->8) [2014/06/18 06:18:05.347434, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2014/06/18 06:18:05.347460, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2014/06/18 06:18:05.347486, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2014/06/18 06:18:05.347512, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2014/06/18 06:18:05.347538, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 2F 00 00 00 00 00 00 00 A0 53 C5 E1 ..../... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.347589, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002f-0000-0000-a053-c5e164160000 result : WERR_OK [2014/06/18 06:18:05.347695, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey in: struct winreg_QueryInfoKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002f-0000-0000-a053-c5e164160000 classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL [2014/06/18 06:18:05.347832, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2F 00 00 00 00 00 00 00 A0 53 C5 E1 ..../... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.347886, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print' (ops 0x6c4bc0) [2014/06/18 06:18:05.347913, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.347952, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2014/06/18 06:18:05.347981, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Description] len[2] [2014/06/18 06:18:05.348008, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[Datatype] len[8] [2014/06/18 06:18:05.348035, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[Default Priority] len[4] [2014/06/18 06:18:05.348063, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[Port] len[38] [2014/06/18 06:18:05.348090, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Name] len[12] [2014/06/18 06:18:05.348117, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[Print Processor] len[18] [2014/06/18 06:18:05.348145, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[7]: name[Priority] len[4] [2014/06/18 06:18:05.348172, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[8]: name[Security] len[176] [2014/06/18 06:18:05.348200, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[9]: name[Share Name] len[12] [2014/06/18 06:18:05.348228, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[10]: name[StartTime] len[4] [2014/06/18 06:18:05.348256, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[11]: name[UntilTime] len[4] [2014/06/18 06:18:05.348283, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[12]: name[ChangeID] len[4] [2014/06/18 06:18:05.348314, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.348353, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey out: struct winreg_QueryInfoKey classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL num_subkeys : * num_subkeys : 0x00000003 (3) max_subkeylen : * max_subkeylen : 0x00000022 (34) max_classlen : * max_classlen : 0x00000000 (0) num_values : * num_values : 0x0000000d (13) max_valnamelen : * max_valnamelen : 0x00000022 (34) max_valbufsize : * max_valbufsize : 0x000000b0 (176) secdescsize : * secdescsize : 0x00000078 (120) last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2014/06/18 06:18:05.348627, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002f-0000-0000-a053-c5e164160000 enum_index : 0x00000000 (0) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000b0 (176) length : * length : 0x00000000 (0) [2014/06/18 06:18:05.348859, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2F 00 00 00 00 00 00 00 A0 53 C5 E1 ..../... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.348910, 8, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.348939, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Attributes' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x48 (72) [1] : 0x10 (16) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2014/06/18 06:18:05.349194, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002f-0000-0000-a053-c5e164160000 enum_index : 0x00000001 (1) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000b0 (176) length : * length : 0x00000000 (0) [2014/06/18 06:18:05.349427, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2F 00 00 00 00 00 00 00 A0 53 C5 E1 ..../... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.349478, 8, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.349506, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0018 (24) size : 0x0024 (36) name : * name : 'Description' type : * type : REG_SZ (1) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2014/06/18 06:18:05.349733, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002f-0000-0000-a053-c5e164160000 enum_index : 0x00000002 (2) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000b0 (176) length : * length : 0x00000000 (0) [2014/06/18 06:18:05.349967, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2F 00 00 00 00 00 00 00 A0 53 C5 E1 ..../... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.350017, 8, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.350045, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Datatype' type : * type : REG_SZ (1) value : * value: ARRAY(8) [0] : 0x52 (82) [1] : 0x00 (0) [2] : 0x41 (65) [3] : 0x00 (0) [4] : 0x57 (87) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) size : * size : 0x00000008 (8) length : * length : 0x00000008 (8) result : WERR_OK [2014/06/18 06:18:05.350360, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002f-0000-0000-a053-c5e164160000 enum_index : 0x00000003 (3) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000b0 (176) length : * length : 0x00000000 (0) [2014/06/18 06:18:05.350591, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2F 00 00 00 00 00 00 00 A0 53 C5 E1 ..../... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.350644, 8, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.350672, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0022 (34) size : 0x0024 (36) name : * name : 'Default Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2014/06/18 06:18:05.350916, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002f-0000-0000-a053-c5e164160000 enum_index : 0x00000004 (4) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000b0 (176) length : * length : 0x00000000 (0) [2014/06/18 06:18:05.351148, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2F 00 00 00 00 00 00 00 A0 53 C5 E1 ..../... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.351199, 8, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.351227, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Port' type : * type : REG_SZ (1) value : * value: ARRAY(38) [0] : 0x53 (83) [1] : 0x00 (0) [2] : 0x61 (97) [3] : 0x00 (0) [4] : 0x6d (109) [5] : 0x00 (0) [6] : 0x62 (98) [7] : 0x00 (0) [8] : 0x61 (97) [9] : 0x00 (0) [10] : 0x20 (32) [11] : 0x00 (0) [12] : 0x50 (80) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x69 (105) [17] : 0x00 (0) [18] : 0x6e (110) [19] : 0x00 (0) [20] : 0x74 (116) [21] : 0x00 (0) [22] : 0x65 (101) [23] : 0x00 (0) [24] : 0x72 (114) [25] : 0x00 (0) [26] : 0x20 (32) [27] : 0x00 (0) [28] : 0x50 (80) [29] : 0x00 (0) [30] : 0x6f (111) [31] : 0x00 (0) [32] : 0x72 (114) [33] : 0x00 (0) [34] : 0x74 (116) [35] : 0x00 (0) [36] : 0x00 (0) [37] : 0x00 (0) size : * size : 0x00000026 (38) length : * length : 0x00000026 (38) result : WERR_OK [2014/06/18 06:18:05.351815, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002f-0000-0000-a053-c5e164160000 enum_index : 0x00000005 (5) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000b0 (176) length : * length : 0x00000000 (0) [2014/06/18 06:18:05.352047, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2F 00 00 00 00 00 00 00 A0 53 C5 E1 ..../... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.352100, 8, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.352129, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Name' type : * type : REG_SZ (1) value : * value: ARRAY(12) [0] : 0x70 (112) [1] : 0x00 (0) [2] : 0x72 (114) [3] : 0x00 (0) [4] : 0x69 (105) [5] : 0x00 (0) [6] : 0x6e (110) [7] : 0x00 (0) [8] : 0x74 (116) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) size : * size : 0x0000000c (12) length : * length : 0x0000000c (12) result : WERR_OK [2014/06/18 06:18:05.352453, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002f-0000-0000-a053-c5e164160000 enum_index : 0x00000006 (6) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000b0 (176) length : * length : 0x00000000 (0) [2014/06/18 06:18:05.352684, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2F 00 00 00 00 00 00 00 A0 53 C5 E1 ..../... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.352733, 8, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.352761, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0020 (32) size : 0x0024 (36) name : * name : 'Print Processor' type : * type : REG_SZ (1) value : * value: ARRAY(18) [0] : 0x77 (119) [1] : 0x00 (0) [2] : 0x69 (105) [3] : 0x00 (0) [4] : 0x6e (110) [5] : 0x00 (0) [6] : 0x70 (112) [7] : 0x00 (0) [8] : 0x72 (114) [9] : 0x00 (0) [10] : 0x69 (105) [11] : 0x00 (0) [12] : 0x6e (110) [13] : 0x00 (0) [14] : 0x74 (116) [15] : 0x00 (0) [16] : 0x00 (0) [17] : 0x00 (0) size : * size : 0x00000012 (18) length : * length : 0x00000012 (18) result : WERR_OK [2014/06/18 06:18:05.353396, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002f-0000-0000-a053-c5e164160000 enum_index : 0x00000007 (7) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000b0 (176) length : * length : 0x00000000 (0) [2014/06/18 06:18:05.353625, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2F 00 00 00 00 00 00 00 A0 53 C5 E1 ..../... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.353674, 8, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.353701, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2014/06/18 06:18:05.353936, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002f-0000-0000-a053-c5e164160000 enum_index : 0x00000008 (8) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000b0 (176) length : * length : 0x00000000 (0) [2014/06/18 06:18:05.354149, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2F 00 00 00 00 00 00 00 A0 53 C5 E1 ..../... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.354197, 8, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.354223, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Security' type : * type : REG_BINARY (3) value : * value: ARRAY(176) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0x7c (124) [55] : 0x00 (0) [56] : 0x05 (5) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x18 (24) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x02 (2) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x20 (32) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0x20 (32) [101] : 0x02 (2) [102] : 0x00 (0) [103] : 0x00 (0) [104] : 0x00 (0) [105] : 0x02 (2) [106] : 0x18 (24) [107] : 0x00 (0) [108] : 0x0c (12) [109] : 0x00 (0) [110] : 0x0f (15) [111] : 0x10 (16) [112] : 0x01 (1) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x00 (0) [118] : 0x00 (0) [119] : 0x05 (5) [120] : 0x20 (32) [121] : 0x00 (0) [122] : 0x00 (0) [123] : 0x00 (0) [124] : 0x20 (32) [125] : 0x02 (2) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x09 (9) [130] : 0x18 (24) [131] : 0x00 (0) [132] : 0x0c (12) [133] : 0x00 (0) [134] : 0x0f (15) [135] : 0x10 (16) [136] : 0x01 (1) [137] : 0x02 (2) [138] : 0x00 (0) [139] : 0x00 (0) [140] : 0x00 (0) [141] : 0x00 (0) [142] : 0x00 (0) [143] : 0x05 (5) [144] : 0x20 (32) [145] : 0x00 (0) [146] : 0x00 (0) [147] : 0x00 (0) [148] : 0x26 (38) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x02 (2) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x26 (38) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) size : * size : 0x000000b0 (176) length : * length : 0x000000b0 (176) result : WERR_OK [2014/06/18 06:18:05.356076, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002f-0000-0000-a053-c5e164160000 enum_index : 0x00000009 (9) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000b0 (176) length : * length : 0x00000000 (0) [2014/06/18 06:18:05.356295, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2F 00 00 00 00 00 00 00 A0 53 C5 E1 ..../... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.356343, 8, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.356370, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Share Name' type : * type : REG_SZ (1) value : * value: ARRAY(12) [0] : 0x70 (112) [1] : 0x00 (0) [2] : 0x72 (114) [3] : 0x00 (0) [4] : 0x69 (105) [5] : 0x00 (0) [6] : 0x6e (110) [7] : 0x00 (0) [8] : 0x74 (116) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) size : * size : 0x0000000c (12) length : * length : 0x0000000c (12) result : WERR_OK [2014/06/18 06:18:05.356680, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002f-0000-0000-a053-c5e164160000 enum_index : 0x0000000a (10) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000b0 (176) length : * length : 0x00000000 (0) [2014/06/18 06:18:05.356897, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2F 00 00 00 00 00 00 00 A0 53 C5 E1 ..../... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.356946, 8, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.356972, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'StartTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2014/06/18 06:18:05.357203, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002f-0000-0000-a053-c5e164160000 enum_index : 0x0000000b (11) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000b0 (176) length : * length : 0x00000000 (0) [2014/06/18 06:18:05.357423, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2F 00 00 00 00 00 00 00 A0 53 C5 E1 ..../... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.357472, 8, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.357498, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'UntilTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2014/06/18 06:18:05.357730, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002f-0000-0000-a053-c5e164160000 enum_index : 0x0000000c (12) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000b0 (176) length : * length : 0x00000000 (0) [2014/06/18 06:18:05.357946, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2F 00 00 00 00 00 00 00 A0 53 C5 E1 ..../... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.357998, 8, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.358024, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'ChangeID' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x5e (94) [1] : 0x01 (1) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2014/06/18 06:18:05.358274, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002f-0000-0000-a053-c5e164160000 value_name : * value_name: struct winreg_String name_len : 0x0020 (32) name_size : 0x0020 (32) name : * name : 'Default DevMode' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2014/06/18 06:18:05.358479, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2F 00 00 00 00 00 00 00 A0 53 C5 E1 ..../... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.358527, 7, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.358550, 7, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2014/06/18 06:18:05.358576, 10, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:316(_winreg_QueryValue) _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE [2014/06/18 06:18:05.358600, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) result : WERR_BADFILE [2014/06/18 06:18:05.358729, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2014/06/18 06:18:05.358855, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2014/06/18 06:18:05.358880, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2014/06/18 06:18:05.358905, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2014/06/18 06:18:05.358928, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2014/06/18 06:18:05.358951, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:05.358974, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM] [2014/06/18 06:18:05.359016, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2014/06/18 06:18:05.359052, 10, pid=5732, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0x20019, remaining = 0x20019 [2014/06/18 06:18:05.359080, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 30 00 00 00 00 00 00 00 A0 53 C5 E1 ....0... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.359129, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000030-0000-0000-a053-c5e164160000 result : WERR_OK [2014/06/18 06:18:05.359227, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000030-0000-0000-a053-c5e164160000 keyname: struct winreg_String name_len : 0x0084 (132) name_size : 0x0084 (132) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2014/06/18 06:18:05.359477, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 30 00 00 00 00 00 00 00 A0 53 C5 E1 ....0... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.359527, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2014/06/18 06:18:05.359551, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2014/06/18 06:18:05.359576, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2014/06/18 06:18:05.359599, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2014/06/18 06:18:05.359623, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:05.359645, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM\SOFTWARE] [2014/06/18 06:18:05.359688, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2014/06/18 06:18:05.359726, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2014/06/18 06:18:05.359752, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2014/06/18 06:18:05.359777, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2014/06/18 06:18:05.359799, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2014/06/18 06:18:05.359823, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:05.359845, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM\SOFTWARE\Microsoft] [2014/06/18 06:18:05.359884, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2014/06/18 06:18:05.359920, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2014/06/18 06:18:05.359946, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2014/06/18 06:18:05.359975, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2014/06/18 06:18:05.359997, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2014/06/18 06:18:05.360021, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:05.360044, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2014/06/18 06:18:05.360080, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2014/06/18 06:18:05.360116, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2014/06/18 06:18:05.360142, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (8->9) [2014/06/18 06:18:05.360167, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2014/06/18 06:18:05.360190, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2014/06/18 06:18:05.360214, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:05.360237, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x463360 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2014/06/18 06:18:05.360286, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2014/06/18 06:18:05.360313, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (9->10) [2014/06/18 06:18:05.360338, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2014/06/18 06:18:05.360362, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2014/06/18 06:18:05.360386, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:05.360409, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x463360 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2014/06/18 06:18:05.360448, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2014/06/18 06:18:05.360474, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (10->11) [2014/06/18 06:18:05.360500, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2014/06/18 06:18:05.360526, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2014/06/18 06:18:05.360551, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:05.360573, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2014/06/18 06:18:05.360610, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2014/06/18 06:18:05.360647, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [print] [2014/06/18 06:18:05.360673, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (11->12) [2014/06/18 06:18:05.360698, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.360721, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.360746, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:05.360768, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.360810, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.360848, 10, pid=5732, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0x20019, remaining = 0x20019 [2014/06/18 06:18:05.360875, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (12->11) [2014/06/18 06:18:05.360899, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (11->10) [2014/06/18 06:18:05.360923, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (10->9) [2014/06/18 06:18:05.360946, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (9->8) [2014/06/18 06:18:05.360970, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2014/06/18 06:18:05.360994, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2014/06/18 06:18:05.361018, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[4] [0000] 00 00 00 00 31 00 00 00 00 00 00 00 A0 53 C5 E1 ....1... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.361068, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000031-0000-0000-a053-c5e164160000 result : WERR_OK [2014/06/18 06:18:05.361168, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000031-0000-0000-a053-c5e164160000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2014/06/18 06:18:05.361362, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 31 00 00 00 00 00 00 00 A0 53 C5 E1 ....1... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.361411, 7, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.361434, 7, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2014/06/18 06:18:05.361458, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print' (ops 0x6c4bc0) [2014/06/18 06:18:05.361482, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.361518, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2014/06/18 06:18:05.361545, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Description] len[2] [2014/06/18 06:18:05.361571, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[Datatype] len[8] [2014/06/18 06:18:05.361596, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[Default Priority] len[4] [2014/06/18 06:18:05.361621, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[Port] len[38] [2014/06/18 06:18:05.361649, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Name] len[12] [2014/06/18 06:18:05.361674, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[Print Processor] len[18] [2014/06/18 06:18:05.361700, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[7]: name[Priority] len[4] [2014/06/18 06:18:05.361725, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[8]: name[Security] len[176] [2014/06/18 06:18:05.361750, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[9]: name[Share Name] len[12] [2014/06/18 06:18:05.361775, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[10]: name[StartTime] len[4] [2014/06/18 06:18:05.361800, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[11]: name[UntilTime] len[4] [2014/06/18 06:18:05.361825, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[12]: name[ChangeID] len[4] [2014/06/18 06:18:05.361851, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2014/06/18 06:18:05.361972, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000031-0000-0000-a053-c5e164160000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x00000000 (0) [2014/06/18 06:18:05.362172, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 31 00 00 00 00 00 00 00 A0 53 C5 E1 ....1... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.362219, 7, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.362245, 7, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2014/06/18 06:18:05.362271, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(176) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0x7c (124) [55] : 0x00 (0) [56] : 0x05 (5) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x18 (24) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x02 (2) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x20 (32) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0x20 (32) [101] : 0x02 (2) [102] : 0x00 (0) [103] : 0x00 (0) [104] : 0x00 (0) [105] : 0x02 (2) [106] : 0x18 (24) [107] : 0x00 (0) [108] : 0x0c (12) [109] : 0x00 (0) [110] : 0x0f (15) [111] : 0x10 (16) [112] : 0x01 (1) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x00 (0) [118] : 0x00 (0) [119] : 0x05 (5) [120] : 0x20 (32) [121] : 0x00 (0) [122] : 0x00 (0) [123] : 0x00 (0) [124] : 0x20 (32) [125] : 0x02 (2) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x09 (9) [130] : 0x18 (24) [131] : 0x00 (0) [132] : 0x0c (12) [133] : 0x00 (0) [134] : 0x0f (15) [135] : 0x10 (16) [136] : 0x01 (1) [137] : 0x02 (2) [138] : 0x00 (0) [139] : 0x00 (0) [140] : 0x00 (0) [141] : 0x00 (0) [142] : 0x00 (0) [143] : 0x05 (5) [144] : 0x20 (32) [145] : 0x00 (0) [146] : 0x00 (0) [147] : 0x00 (0) [148] : 0x26 (38) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x02 (2) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x26 (38) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x000000b0 (176) result : WERR_OK [2014/06/18 06:18:05.364009, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000031-0000-0000-a053-c5e164160000 [2014/06/18 06:18:05.364086, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 31 00 00 00 00 00 00 00 A0 53 C5 E1 ....1... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.364134, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 31 00 00 00 00 00 00 00 A0 53 C5 E1 ....1... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.364184, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2014/06/18 06:18:05.364210, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2014/06/18 06:18:05.364234, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2014/06/18 06:18:05.364327, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000030-0000-0000-a053-c5e164160000 [2014/06/18 06:18:05.364401, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 30 00 00 00 00 00 00 00 A0 53 C5 E1 ....0... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.364448, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 30 00 00 00 00 00 00 00 A0 53 C5 E1 ....0... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.364494, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2014/06/18 06:18:05.364517, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2014/06/18 06:18:05.364540, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2014/06/18 06:18:05.364633, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002f-0000-0000-a053-c5e164160000 [2014/06/18 06:18:05.364708, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2F 00 00 00 00 00 00 00 A0 53 C5 E1 ..../... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.364756, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2F 00 00 00 00 00 00 00 A0 53 C5 E1 ..../... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.364803, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2014/06/18 06:18:05.364828, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2014/06/18 06:18:05.364855, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2014/06/18 06:18:05.364947, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002e-0000-0000-a053-c5e164160000 [2014/06/18 06:18:05.365022, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2E 00 00 00 00 00 00 00 A0 53 C5 E1 ........ .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.365068, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2E 00 00 00 00 00 00 00 A0 53 C5 E1 ........ .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.365114, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2014/06/18 06:18:05.365137, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2014/06/18 06:18:05.365161, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2014/06/18 06:18:05.365252, 10, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) Deleted handle list for RPC connection \winreg [2014/06/18 06:18:05.365298, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:2805(print_job_start) print_job_start: Queue print number of jobs (2), max printjobs = 1000 [2014/06/18 06:18:05.365332, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:2573(allocate_print_jobid) allocate_print_jobid: Read jobid 41 from print [2014/06/18 06:18:05.365378, 3, pid=5732, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:2737(print_job_spool_file) print_job_spool_file:External spooling activated [2014/06/18 06:18:05.365418, 5, pid=5732, effective(99, 99), real(99, 0)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) send_spoolss_notify2_msg: appending message 0x01/0x10 for printer print to notify_queue_head [2014/06/18 06:18:05.365447, 5, pid=5732, effective(99, 99), real(99, 0)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) send_spoolss_notify2_msg: appending message 0x01/0x03 for printer print to notify_queue_head [2014/06/18 06:18:05.365472, 5, pid=5732, effective(99, 99), real(99, 0)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) send_spoolss_notify2_msg: appending message 0x01/0x0d for printer print to notify_queue_head [2014/06/18 06:18:05.365498, 5, pid=5732, effective(99, 99), real(99, 0)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) send_spoolss_notify2_msg: appending message 0x01/0x0a for printer print to notify_queue_head [2014/06/18 06:18:05.365526, 5, pid=5732, effective(99, 99), real(99, 0)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) send_spoolss_notify2_msg: appending message 0x01/0x16 for printer print to notify_queue_head [2014/06/18 06:18:05.365551, 5, pid=5732, effective(99, 99), real(99, 0)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) send_spoolss_notify2_msg: appending message 0x01/0x14 for printer print to notify_queue_head [2014/06/18 06:18:05.365574, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:2637(add_to_jobs_added) add_to_jobs_added: Added jobid 42 [2014/06/18 06:18:05.365604, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_StartDocPrinter: struct spoolss_StartDocPrinter out: struct spoolss_StartDocPrinter job_id : * job_id : 0x0000002a (42) result : WERR_OK [2014/06/18 06:18:05.365675, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:79(pjobid_to_rap) pjobid_to_rap: called. [2014/06/18 06:18:05.365706, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:114(pjobid_to_rap) pjobid_to_rap: created jobid 42 maps to RAP jobid 3 [2014/06/18 06:18:05.365735, 8, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/dosmode.c:631(dos_mode) dos_mode: /var/spool/samba/smbprn.qVGvqW [2014/06/18 06:18:05.365762, 8, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/dosmode.c:204(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2014/06/18 06:18:05.365787, 8, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/dosmode.c:682(dos_mode) dos_mode returning [2014/06/18 06:18:05.365821, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/smb2_create.c:1052(smbd_smb2_create_send) smbd_smb2_create_send: /var/spool/samba/smbprn.qVGvqW - fnum 240394927 [2014/06/18 06:18:05.365852, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/smb2_server.c:2499(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[88] dyn[yes:0] at ../source3/smbd/smb2_create.c:369 [2014/06/18 06:18:05.365880, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/smb2_server.c:874(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 482/512, total granted/max/low/range 31/8192/15/31 [2014/06/18 06:18:05.366383, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/smb2_server.c:3241(smbd_smb2_io_handler) smbd_smb2_request idx[1] of 5 vectors [2014/06/18 06:18:05.366424, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/smb2_server.c:621(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 15 (position 15) from bitmap [2014/06/18 06:18:05.366452, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/smb2_server.c:1878(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_CLOSE] mid = 15 [2014/06/18 06:18:05.366482, 4, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2014/06/18 06:18:05.366512, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/smb2_close.c:185(smbd_smb2_close) smbd_smb2_close: /var/spool/samba/smbprn.qVGvqW - fnum 240394927 [2014/06/18 06:18:05.366549, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_ClosePrinter: struct spoolss_ClosePrinter in: struct spoolss_ClosePrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000027-0000-0000-a053-c5e164160000 [2014/06/18 06:18:05.366631, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 27 00 00 00 00 00 00 00 A0 53 C5 E1 ....'... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.366681, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 27 00 00 00 00 00 00 00 A0 53 C5 E1 ....'... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.366729, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 27 00 00 00 00 00 00 00 A0 53 C5 E1 ....'... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.366783, 4, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) short name:print [2014/06/18 06:18:05.366827, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:457(print_job_find) print_job_find: looking up job 42 for share print [2014/06/18 06:18:05.366859, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:485(print_job_find) print_job_find: returning system job -1 for jobid 42. [2014/06/18 06:18:05.366893, 5, pid=5732, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:2977(print_job_end) print_job_end: canceling spool of /var/spool/samba/smbprn.qVGvqW (zero length) [2014/06/18 06:18:05.366926, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:457(print_job_find) print_job_find: looking up job 42 for share print [2014/06/18 06:18:05.366954, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:485(print_job_find) print_job_find: returning system job -1 for jobid 42. [2014/06/18 06:18:05.366979, 5, pid=5732, effective(99, 99), real(99, 0)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) send_spoolss_notify2_msg: appending message 0x01/0x0a for printer print to notify_queue_head [2014/06/18 06:18:05.367016, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:2093(remove_from_jobs_added) remove_from_jobs_added: removed jobid 42 [2014/06/18 06:18:05.367041, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:158(rap_jobid_delete) rap_jobid_delete: called. [2014/06/18 06:18:05.367066, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:178(rap_jobid_delete) rap_jobid_delete: deleting jobid 42 [2014/06/18 06:18:05.367100, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 27 00 00 00 00 00 00 00 A0 53 C5 E1 ....'... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.367150, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 27 00 00 00 00 00 00 00 A0 53 C5 E1 ....'... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.367198, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2014/06/18 06:18:05.367222, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_ClosePrinter: struct spoolss_ClosePrinter out: struct spoolss_ClosePrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2014/06/18 06:18:05.367321, 5, pid=5732, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:187(dbwrap_check_lock_order) check lock order 1 for /usr/local/samba/var/lock/smbXsrv_open_global.tdb [2014/06/18 06:18:05.367348, 10, pid=5732, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1:/usr/local/samba/var/lock/smbXsrv_open_global.tdb 2: 3: [2014/06/18 06:18:05.367374, 10, pid=5732, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Locking key 3DEFF5AC [2014/06/18 06:18:05.367402, 10, pid=5732, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) Allocated locked data 0x0xb65a1450 [2014/06/18 06:18:05.367433, 10, pid=5732, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Unlocking key 3DEFF5AC [2014/06/18 06:18:05.367459, 5, pid=5732, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) release lock order 1 for /usr/local/samba/var/lock/smbXsrv_open_global.tdb [2014/06/18 06:18:05.367482, 10, pid=5732, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1: 2: 3: [2014/06/18 06:18:05.367512, 5, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/files.c:525(file_free) freed files structure 240394927 (0 used) [2014/06/18 06:18:05.367540, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/smb2_server.c:2499(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[60] dyn[no:0] at ../source3/smbd/smb2_close.c:139 [2014/06/18 06:18:05.367567, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/smb2_server.c:874(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 482/512, total granted/max/low/range 31/8192/16/31 [2014/06/18 06:18:05.368234, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/smb2_server.c:3241(smbd_smb2_io_handler) smbd_smb2_request idx[1] of 5 vectors [2014/06/18 06:18:05.368276, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/smb2_server.c:621(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 16 (position 16) from bitmap [2014/06/18 06:18:05.368304, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/smb2_server.c:1878(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_CREATE] mid = 16 [2014/06/18 06:18:05.368331, 4, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2014/06/18 06:18:05.368360, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/smb2_create.c:451(smbd_smb2_create_send) smbd_smb2_create: name[] [2014/06/18 06:18:05.368393, 5, pid=5732, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:187(dbwrap_check_lock_order) check lock order 1 for /usr/local/samba/var/lock/smbXsrv_open_global.tdb [2014/06/18 06:18:05.368418, 10, pid=5732, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1:/usr/local/samba/var/lock/smbXsrv_open_global.tdb 2: 3: [2014/06/18 06:18:05.368445, 10, pid=5732, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Locking key 0AB155FA [2014/06/18 06:18:05.368473, 10, pid=5732, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) Allocated locked data 0x0xb65ac3f0 [2014/06/18 06:18:05.368519, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/smbXsrv_open.c:695(smbXsrv_open_global_store) [2014/06/18 06:18:05.368538, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/smbXsrv_open.c:697(smbXsrv_open_global_store) smbXsrv_open_global_store: key '0AB155FA' stored [2014/06/18 06:18:05.368564, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &global_blob: struct smbXsrv_open_globalB version : SMBXSRV_VERSION_0 (0) seqnum : 0x00000001 (1) info : union smbXsrv_open_globalU(case 0) info0 : * info0: struct smbXsrv_open_global0 db_rec : * server_id: struct server_id pid : 0x0000000000001664 (5732) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0x718583a4645892af (8180089040269775535) open_global_id : 0x0ab155fa (179394042) open_persistent_id : 0x000000000ab155fa (179394042) open_volatile_id : 0x00000000abee285d (2884511837) open_owner : S-1-5-21-1412259249-3212819653-634731678-501 open_time : Wed Jun 18 06:18:05 AM 2014 IST create_guid : 00000000-0000-0000-0000-000000000000 client_guid : e8c453bd-f6cd-11e3-a601-005056c00008 app_instance_id : 00000000-0000-0000-0000-000000000000 disconnect_time : NTTIME(0) durable_timeout_msec : 0x00000000 (0) durable : 0x00 (0) backend_cookie : DATA_BLOB length=0 [2014/06/18 06:18:05.368919, 10, pid=5732, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Unlocking key 0AB155FA [2014/06/18 06:18:05.368952, 5, pid=5732, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) release lock order 1 for /usr/local/samba/var/lock/smbXsrv_open_global.tdb [2014/06/18 06:18:05.368979, 10, pid=5732, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1: 2: 3: [2014/06/18 06:18:05.369006, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/smbXsrv_open.c:862(smbXsrv_open_create) [2014/06/18 06:18:05.369023, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/smbXsrv_open.c:870(smbXsrv_open_create) smbXsrv_open_create: global_id (0x0ab155fa) stored [2014/06/18 06:18:05.369048, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &open_blob: struct smbXsrv_openB version : SMBXSRV_VERSION_0 (0) reserved : 0x00000000 (0) info : union smbXsrv_openU(case 0) info0 : * info0: struct smbXsrv_open table : * db_rec : NULL local_id : 0xabee285d (2884511837) global : * global: struct smbXsrv_open_global0 db_rec : NULL server_id: struct server_id pid : 0x0000000000001664 (5732) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0x718583a4645892af (8180089040269775535) open_global_id : 0x0ab155fa (179394042) open_persistent_id : 0x000000000ab155fa (179394042) open_volatile_id : 0x00000000abee285d (2884511837) open_owner : S-1-5-21-1412259249-3212819653-634731678-501 open_time : Wed Jun 18 06:18:05 AM 2014 IST create_guid : 00000000-0000-0000-0000-000000000000 client_guid : e8c453bd-f6cd-11e3-a601-005056c00008 app_instance_id : 00000000-0000-0000-0000-000000000000 disconnect_time : NTTIME(0) durable_timeout_msec : 0x00000000 (0) durable : 0x00 (0) backend_cookie : DATA_BLOB length=0 status : NT_STATUS_OK idle_time : Wed Jun 18 06:18:05 AM 2014 IST compat : NULL [2014/06/18 06:18:05.369435, 5, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/files.c:125(file_new) allocated file structure fnum 2884511837 (1 used) [2014/06/18 06:18:05.369492, 10, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) Deleted handle list for RPC connection \spoolss [2014/06/18 06:18:05.369527, 5, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:796(rpc_pipe_open_interface) Connecting to spoolss pipe. [2014/06/18 06:18:05.369560, 4, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) Create pipe requested \spoolss [2014/06/18 06:18:05.369590, 10, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \spoolss [2014/06/18 06:18:05.369618, 10, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \spoolss [2014/06/18 06:18:05.369672, 4, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) Created internal pipe \spoolss [2014/06/18 06:18:05.369716, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_OpenPrinter: struct spoolss_OpenPrinter in: struct spoolss_OpenPrinter printername : * printername : 'print' datatype : * datatype : 'RAW' devmode_ctr: struct spoolss_DevmodeContainer _ndr_size : 0x00000000 (0) devmode : NULL access_mask : 0x00000008 (8) 0: SERVER_ACCESS_ADMINISTER 0: SERVER_ACCESS_ENUMERATE 0: PRINTER_ACCESS_ADMINISTER 1: PRINTER_ACCESS_USE 0: JOB_ACCESS_ADMINISTER 0: JOB_ACCESS_READ checking name: print [2014/06/18 06:18:05.369907, 10, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:737(open_printer_hnd) open_printer_hnd: name [print] [2014/06/18 06:18:05.369936, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 32 00 00 00 00 00 00 00 A0 53 C5 E1 ....2... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.369988, 3, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:506(set_printer_hnd_printertype) Setting printer type=print Printer is a printer [2014/06/18 06:18:05.370023, 4, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:566(set_printer_hnd_name) Setting printer name=print (len=5) searching for [print] [2014/06/18 06:18:05.370073, 10, pid=5732, effective(99, 99), real(99, 0), class=tdb] ../source3/lib/gencache.c:275(gencache_set_data_blob) Did not store value for PRINTERNAME/print, we already got it set_printer_hnd_name: Printer found: print -> print [2014/06/18 06:18:05.370110, 5, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:773(open_printer_hnd) 1 printer handles active [2014/06/18 06:18:05.370140, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 32 00 00 00 00 00 00 00 A0 53 C5 E1 ....2... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.370192, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 32 00 00 00 00 00 00 00 A0 53 C5 E1 ....2... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.370242, 4, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) short name:print [2014/06/18 06:18:05.370279, 3, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/access.c:338(allow_access) Allowed connection from fe80::51bb:b8a:3bcd:9e1e (fe80::51bb:b8a:3bcd:9e1e) [2014/06/18 06:18:05.370332, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/share_access.c:237(user_ok_token) user_ok_token: share print is ok for unix user nobody [2014/06/18 06:18:05.370391, 4, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) Create pipe requested \winreg [2014/06/18 06:18:05.370425, 10, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2014/06/18 06:18:05.370454, 10, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2014/06/18 06:18:05.370503, 4, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) Created internal pipe \winreg [2014/06/18 06:18:05.370543, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2014/06/18 06:18:05.370685, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2014/06/18 06:18:05.370713, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2014/06/18 06:18:05.370741, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2014/06/18 06:18:05.370767, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2014/06/18 06:18:05.370793, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:05.370818, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM] [2014/06/18 06:18:05.370863, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2014/06/18 06:18:05.370908, 10, pid=5732, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2014/06/18 06:18:05.370939, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 33 00 00 00 00 00 00 00 A0 53 C5 E1 ....3... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.370993, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000033-0000-0000-a053-c5e164160000 result : WERR_OK [2014/06/18 06:18:05.371105, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000033-0000-0000-a053-c5e164160000 keyname: struct winreg_String name_len : 0x0084 (132) name_size : 0x0084 (132) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2014/06/18 06:18:05.371382, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 33 00 00 00 00 00 00 00 A0 53 C5 E1 ....3... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.371437, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2014/06/18 06:18:05.371465, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2014/06/18 06:18:05.371493, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2014/06/18 06:18:05.371519, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2014/06/18 06:18:05.371546, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:05.371571, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM\SOFTWARE] [2014/06/18 06:18:05.371618, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2014/06/18 06:18:05.371666, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2014/06/18 06:18:05.371696, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2014/06/18 06:18:05.371724, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2014/06/18 06:18:05.371749, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2014/06/18 06:18:05.371776, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:05.371801, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM\SOFTWARE\Microsoft] [2014/06/18 06:18:05.371844, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2014/06/18 06:18:05.371884, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2014/06/18 06:18:05.371913, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2014/06/18 06:18:05.371941, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2014/06/18 06:18:05.371966, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2014/06/18 06:18:05.371994, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:05.372018, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2014/06/18 06:18:05.372058, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2014/06/18 06:18:05.372098, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2014/06/18 06:18:05.372127, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2014/06/18 06:18:05.372155, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2014/06/18 06:18:05.372180, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2014/06/18 06:18:05.372208, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:05.372233, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x463360 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2014/06/18 06:18:05.372290, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2014/06/18 06:18:05.372320, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2014/06/18 06:18:05.372348, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2014/06/18 06:18:05.372374, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2014/06/18 06:18:05.372402, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:05.372427, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x463360 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2014/06/18 06:18:05.372476, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2014/06/18 06:18:05.372505, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (8->9) [2014/06/18 06:18:05.372532, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2014/06/18 06:18:05.372558, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2014/06/18 06:18:05.372585, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:05.372609, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2014/06/18 06:18:05.372649, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2014/06/18 06:18:05.372689, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [print] [2014/06/18 06:18:05.372717, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (9->10) [2014/06/18 06:18:05.372745, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.372771, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.372798, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:05.372823, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.372868, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.372911, 10, pid=5732, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2014/06/18 06:18:05.372941, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (10->9) [2014/06/18 06:18:05.372967, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (9->8) [2014/06/18 06:18:05.372994, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2014/06/18 06:18:05.373019, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2014/06/18 06:18:05.373045, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2014/06/18 06:18:05.373071, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2014/06/18 06:18:05.373097, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 34 00 00 00 00 00 00 00 A0 53 C5 E1 ....4... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.373148, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000034-0000-0000-a053-c5e164160000 result : WERR_OK [2014/06/18 06:18:05.373257, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000034-0000-0000-a053-c5e164160000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2014/06/18 06:18:05.373469, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 34 00 00 00 00 00 00 00 A0 53 C5 E1 ....4... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.373521, 7, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.373550, 7, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2014/06/18 06:18:05.373577, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print' (ops 0x6c4bc0) [2014/06/18 06:18:05.373603, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.373641, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2014/06/18 06:18:05.373671, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Description] len[2] [2014/06/18 06:18:05.373698, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[Datatype] len[8] [2014/06/18 06:18:05.373726, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[Default Priority] len[4] [2014/06/18 06:18:05.373753, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[Port] len[38] [2014/06/18 06:18:05.373781, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Name] len[12] [2014/06/18 06:18:05.373808, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[Print Processor] len[18] [2014/06/18 06:18:05.373836, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[7]: name[Priority] len[4] [2014/06/18 06:18:05.373863, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[8]: name[Security] len[176] [2014/06/18 06:18:05.373891, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[9]: name[Share Name] len[12] [2014/06/18 06:18:05.373919, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[10]: name[StartTime] len[4] [2014/06/18 06:18:05.373946, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[11]: name[UntilTime] len[4] [2014/06/18 06:18:05.373974, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[12]: name[ChangeID] len[4] [2014/06/18 06:18:05.374002, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2014/06/18 06:18:05.374141, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000034-0000-0000-a053-c5e164160000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x00000000 (0) [2014/06/18 06:18:05.374359, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 34 00 00 00 00 00 00 00 A0 53 C5 E1 ....4... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.374410, 7, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.374436, 7, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2014/06/18 06:18:05.374464, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(176) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0x7c (124) [55] : 0x00 (0) [56] : 0x05 (5) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x18 (24) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x02 (2) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x20 (32) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0x20 (32) [101] : 0x02 (2) [102] : 0x00 (0) [103] : 0x00 (0) [104] : 0x00 (0) [105] : 0x02 (2) [106] : 0x18 (24) [107] : 0x00 (0) [108] : 0x0c (12) [109] : 0x00 (0) [110] : 0x0f (15) [111] : 0x10 (16) [112] : 0x01 (1) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x00 (0) [118] : 0x00 (0) [119] : 0x05 (5) [120] : 0x20 (32) [121] : 0x00 (0) [122] : 0x00 (0) [123] : 0x00 (0) [124] : 0x20 (32) [125] : 0x02 (2) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x09 (9) [130] : 0x18 (24) [131] : 0x00 (0) [132] : 0x0c (12) [133] : 0x00 (0) [134] : 0x0f (15) [135] : 0x10 (16) [136] : 0x01 (1) [137] : 0x02 (2) [138] : 0x00 (0) [139] : 0x00 (0) [140] : 0x00 (0) [141] : 0x00 (0) [142] : 0x00 (0) [143] : 0x05 (5) [144] : 0x20 (32) [145] : 0x00 (0) [146] : 0x00 (0) [147] : 0x00 (0) [148] : 0x26 (38) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x02 (2) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x26 (38) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x000000b0 (176) result : WERR_OK [2014/06/18 06:18:05.376522, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000034-0000-0000-a053-c5e164160000 [2014/06/18 06:18:05.376607, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 34 00 00 00 00 00 00 00 A0 53 C5 E1 ....4... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.376659, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 34 00 00 00 00 00 00 00 A0 53 C5 E1 ....4... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.376709, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2014/06/18 06:18:05.376737, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2014/06/18 06:18:05.376763, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2014/06/18 06:18:05.376865, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000033-0000-0000-a053-c5e164160000 [2014/06/18 06:18:05.376947, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 33 00 00 00 00 00 00 00 A0 53 C5 E1 ....3... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.376998, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 33 00 00 00 00 00 00 00 A0 53 C5 E1 ....3... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.377048, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2014/06/18 06:18:05.377074, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2014/06/18 06:18:05.377100, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2014/06/18 06:18:05.377200, 10, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) Deleted handle list for RPC connection \winreg [2014/06/18 06:18:05.377233, 10, pid=5732, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x20020008 to 0x00020008 [2014/06/18 06:18:05.377259, 10, pid=5732, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2014/06/18 06:18:05.377284, 10, pid=5732, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2014/06/18 06:18:05.377309, 10, pid=5732, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2014/06/18 06:18:05.377333, 10, pid=5732, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2014/06/18 06:18:05.377359, 4, pid=5732, effective(99, 99), real(99, 0)] ../source3/printing/nt_printing.c:1844(print_access_check) access check was SUCCESS [2014/06/18 06:18:05.377385, 4, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:1921(_spoolss_OpenPrinterEx) Setting printer access = PRINTER_ACCESS_USE [2014/06/18 06:18:05.377432, 4, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) Create pipe requested \winreg [2014/06/18 06:18:05.377465, 10, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2014/06/18 06:18:05.377493, 10, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2014/06/18 06:18:05.377541, 4, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) Created internal pipe \winreg [2014/06/18 06:18:05.377579, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2014/06/18 06:18:05.377717, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2014/06/18 06:18:05.377744, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2014/06/18 06:18:05.377771, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2014/06/18 06:18:05.377796, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2014/06/18 06:18:05.377826, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:05.377850, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM] [2014/06/18 06:18:05.377893, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2014/06/18 06:18:05.377932, 10, pid=5732, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2014/06/18 06:18:05.377962, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 35 00 00 00 00 00 00 00 A0 53 C5 E1 ....5... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.378015, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000035-0000-0000-a053-c5e164160000 result : WERR_OK [2014/06/18 06:18:05.378122, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000035-0000-0000-a053-c5e164160000 keyname: struct winreg_String name_len : 0x0084 (132) name_size : 0x0084 (132) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2014/06/18 06:18:05.378394, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 35 00 00 00 00 00 00 00 A0 53 C5 E1 ....5... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.378446, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2014/06/18 06:18:05.378473, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2014/06/18 06:18:05.378500, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2014/06/18 06:18:05.378529, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2014/06/18 06:18:05.378555, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:05.378580, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM\SOFTWARE] [2014/06/18 06:18:05.378626, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2014/06/18 06:18:05.378665, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2014/06/18 06:18:05.378693, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2014/06/18 06:18:05.378721, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2014/06/18 06:18:05.378745, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2014/06/18 06:18:05.378772, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:05.378796, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM\SOFTWARE\Microsoft] [2014/06/18 06:18:05.378837, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2014/06/18 06:18:05.378876, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2014/06/18 06:18:05.378904, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2014/06/18 06:18:05.378932, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2014/06/18 06:18:05.378957, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2014/06/18 06:18:05.378984, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:05.379008, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2014/06/18 06:18:05.379047, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2014/06/18 06:18:05.379086, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2014/06/18 06:18:05.379114, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2014/06/18 06:18:05.379141, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2014/06/18 06:18:05.379173, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2014/06/18 06:18:05.379200, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:05.379225, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x463360 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2014/06/18 06:18:05.379277, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2014/06/18 06:18:05.379307, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2014/06/18 06:18:05.379335, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2014/06/18 06:18:05.379360, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2014/06/18 06:18:05.379387, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:05.379412, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x463360 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2014/06/18 06:18:05.379454, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2014/06/18 06:18:05.379482, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (8->9) [2014/06/18 06:18:05.379510, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2014/06/18 06:18:05.379535, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2014/06/18 06:18:05.379563, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:05.379587, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2014/06/18 06:18:05.379627, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2014/06/18 06:18:05.379667, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [print] [2014/06/18 06:18:05.379695, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (9->10) [2014/06/18 06:18:05.379723, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.379749, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.379780, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:05.379804, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.379850, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.379890, 10, pid=5732, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2014/06/18 06:18:05.379919, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (10->9) [2014/06/18 06:18:05.379946, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (9->8) [2014/06/18 06:18:05.379972, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2014/06/18 06:18:05.379998, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2014/06/18 06:18:05.380024, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2014/06/18 06:18:05.380050, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2014/06/18 06:18:05.380076, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 36 00 00 00 00 00 00 00 A0 53 C5 E1 ....6... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.380127, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000036-0000-0000-a053-c5e164160000 result : WERR_OK [2014/06/18 06:18:05.380226, 2, pid=5732, effective(99, 99), real(99, 0)] ../source3/rpc_client/cli_winreg_spoolss.c:626(winreg_create_printer) winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print already exists [2014/06/18 06:18:05.380261, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000036-0000-0000-a053-c5e164160000 [2014/06/18 06:18:05.380342, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 36 00 00 00 00 00 00 00 A0 53 C5 E1 ....6... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.380394, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 36 00 00 00 00 00 00 00 A0 53 C5 E1 ....6... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.380447, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2014/06/18 06:18:05.380473, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2014/06/18 06:18:05.380499, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2014/06/18 06:18:05.380599, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000035-0000-0000-a053-c5e164160000 [2014/06/18 06:18:05.380680, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 35 00 00 00 00 00 00 00 A0 53 C5 E1 ....5... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.380732, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 35 00 00 00 00 00 00 00 A0 53 C5 E1 ....5... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.380781, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2014/06/18 06:18:05.380807, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2014/06/18 06:18:05.380833, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2014/06/18 06:18:05.380929, 10, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) Deleted handle list for RPC connection \winreg [2014/06/18 06:18:05.380961, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_OpenPrinter: struct spoolss_OpenPrinter out: struct spoolss_OpenPrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000032-0000-0000-a053-c5e164160000 result : WERR_OK [2014/06/18 06:18:05.381071, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_StartDocPrinter: struct spoolss_StartDocPrinter in: struct spoolss_StartDocPrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000032-0000-0000-a053-c5e164160000 info_ctr : * info_ctr: struct spoolss_DocumentInfoCtr level : 0x00000001 (1) info : union spoolss_DocumentInfo(case 1) info1 : * info1: struct spoolss_DocumentInfo1 document_name : * document_name : 'Remote Downlevel Document ' output_file : * output_file : '/var/spool/samba/smbprn.4cLprE' datatype : * datatype : 'RAW' [2014/06/18 06:18:05.381282, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 32 00 00 00 00 00 00 00 A0 53 C5 E1 ....2... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.381333, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 32 00 00 00 00 00 00 00 A0 53 C5 E1 ....2... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.381383, 4, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) short name:print [2014/06/18 06:18:05.381440, 4, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) Create pipe requested \winreg [2014/06/18 06:18:05.381474, 10, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2014/06/18 06:18:05.381502, 10, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2014/06/18 06:18:05.381550, 4, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) Created internal pipe \winreg [2014/06/18 06:18:05.381588, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2014/06/18 06:18:05.381727, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2014/06/18 06:18:05.381754, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2014/06/18 06:18:05.381781, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2014/06/18 06:18:05.381806, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2014/06/18 06:18:05.381831, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:05.381859, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM] [2014/06/18 06:18:05.381902, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2014/06/18 06:18:05.381941, 10, pid=5732, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2014/06/18 06:18:05.381971, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 37 00 00 00 00 00 00 00 A0 53 C5 E1 ....7... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.382023, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000037-0000-0000-a053-c5e164160000 result : WERR_OK [2014/06/18 06:18:05.382131, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000037-0000-0000-a053-c5e164160000 keyname: struct winreg_String name_len : 0x0084 (132) name_size : 0x0084 (132) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2014/06/18 06:18:05.382404, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 37 00 00 00 00 00 00 00 A0 53 C5 E1 ....7... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.382458, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2014/06/18 06:18:05.382485, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2014/06/18 06:18:05.382513, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2014/06/18 06:18:05.382538, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2014/06/18 06:18:05.382564, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:05.382593, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM\SOFTWARE] [2014/06/18 06:18:05.382638, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2014/06/18 06:18:05.382678, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2014/06/18 06:18:05.382706, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2014/06/18 06:18:05.382733, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2014/06/18 06:18:05.382758, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2014/06/18 06:18:05.382784, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:05.382809, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM\SOFTWARE\Microsoft] [2014/06/18 06:18:05.382850, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2014/06/18 06:18:05.382889, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2014/06/18 06:18:05.382917, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2014/06/18 06:18:05.382944, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2014/06/18 06:18:05.382970, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2014/06/18 06:18:05.382996, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:05.383020, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2014/06/18 06:18:05.383059, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2014/06/18 06:18:05.383098, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2014/06/18 06:18:05.383126, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2014/06/18 06:18:05.383153, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2014/06/18 06:18:05.383178, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2014/06/18 06:18:05.383214, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:05.383239, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x463360 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2014/06/18 06:18:05.383291, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2014/06/18 06:18:05.383320, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2014/06/18 06:18:05.383348, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2014/06/18 06:18:05.383374, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2014/06/18 06:18:05.383401, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:05.383426, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x463360 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2014/06/18 06:18:05.383490, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2014/06/18 06:18:05.383519, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (8->9) [2014/06/18 06:18:05.383554, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2014/06/18 06:18:05.383580, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2014/06/18 06:18:05.383607, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:05.383632, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2014/06/18 06:18:05.383671, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2014/06/18 06:18:05.383711, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [print] [2014/06/18 06:18:05.383739, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (9->10) [2014/06/18 06:18:05.383767, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.383792, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.383820, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:05.383847, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.383893, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.383932, 10, pid=5732, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2014/06/18 06:18:05.383961, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (10->9) [2014/06/18 06:18:05.383988, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (9->8) [2014/06/18 06:18:05.384014, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2014/06/18 06:18:05.384039, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2014/06/18 06:18:05.384065, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2014/06/18 06:18:05.384091, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2014/06/18 06:18:05.384117, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 38 00 00 00 00 00 00 00 A0 53 C5 E1 ....8... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.384168, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000038-0000-0000-a053-c5e164160000 result : WERR_OK [2014/06/18 06:18:05.384276, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000038-0000-0000-a053-c5e164160000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2014/06/18 06:18:05.384567, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 38 00 00 00 00 00 00 00 A0 53 C5 E1 ....8... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.384624, 7, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.384650, 7, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2014/06/18 06:18:05.384676, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print' (ops 0x6c4bc0) [2014/06/18 06:18:05.384702, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.384741, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2014/06/18 06:18:05.384771, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Description] len[2] [2014/06/18 06:18:05.384798, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[Datatype] len[8] [2014/06/18 06:18:05.384826, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[Default Priority] len[4] [2014/06/18 06:18:05.384853, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[Port] len[38] [2014/06/18 06:18:05.384880, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Name] len[12] [2014/06/18 06:18:05.384908, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[Print Processor] len[18] [2014/06/18 06:18:05.384935, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[7]: name[Priority] len[4] [2014/06/18 06:18:05.384970, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[8]: name[Security] len[176] [2014/06/18 06:18:05.384999, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[9]: name[Share Name] len[12] [2014/06/18 06:18:05.385027, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[10]: name[StartTime] len[4] [2014/06/18 06:18:05.385055, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[11]: name[UntilTime] len[4] [2014/06/18 06:18:05.385083, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[12]: name[ChangeID] len[4] [2014/06/18 06:18:05.385112, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2014/06/18 06:18:05.385255, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000038-0000-0000-a053-c5e164160000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x00000000 (0) [2014/06/18 06:18:05.385482, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 38 00 00 00 00 00 00 00 A0 53 C5 E1 ....8... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.385534, 7, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.385560, 7, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2014/06/18 06:18:05.385590, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(176) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0x7c (124) [55] : 0x00 (0) [56] : 0x05 (5) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x18 (24) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x02 (2) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x20 (32) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0x20 (32) [101] : 0x02 (2) [102] : 0x00 (0) [103] : 0x00 (0) [104] : 0x00 (0) [105] : 0x02 (2) [106] : 0x18 (24) [107] : 0x00 (0) [108] : 0x0c (12) [109] : 0x00 (0) [110] : 0x0f (15) [111] : 0x10 (16) [112] : 0x01 (1) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x00 (0) [118] : 0x00 (0) [119] : 0x05 (5) [120] : 0x20 (32) [121] : 0x00 (0) [122] : 0x00 (0) [123] : 0x00 (0) [124] : 0x20 (32) [125] : 0x02 (2) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x09 (9) [130] : 0x18 (24) [131] : 0x00 (0) [132] : 0x0c (12) [133] : 0x00 (0) [134] : 0x0f (15) [135] : 0x10 (16) [136] : 0x01 (1) [137] : 0x02 (2) [138] : 0x00 (0) [139] : 0x00 (0) [140] : 0x00 (0) [141] : 0x00 (0) [142] : 0x00 (0) [143] : 0x05 (5) [144] : 0x20 (32) [145] : 0x00 (0) [146] : 0x00 (0) [147] : 0x00 (0) [148] : 0x26 (38) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x02 (2) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x26 (38) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x000000b0 (176) result : WERR_OK [2014/06/18 06:18:05.387561, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000038-0000-0000-a053-c5e164160000 [2014/06/18 06:18:05.387647, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 38 00 00 00 00 00 00 00 A0 53 C5 E1 ....8... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.387701, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 38 00 00 00 00 00 00 00 A0 53 C5 E1 ....8... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.387752, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2014/06/18 06:18:05.387781, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2014/06/18 06:18:05.387808, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2014/06/18 06:18:05.387912, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000037-0000-0000-a053-c5e164160000 [2014/06/18 06:18:05.387996, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 37 00 00 00 00 00 00 00 A0 53 C5 E1 ....7... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.388049, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 37 00 00 00 00 00 00 00 A0 53 C5 E1 ....7... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.388103, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2014/06/18 06:18:05.388130, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2014/06/18 06:18:05.388156, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2014/06/18 06:18:05.388257, 10, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) Deleted handle list for RPC connection \winreg [2014/06/18 06:18:05.388289, 10, pid=5732, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x20020008 to 0x00020008 [2014/06/18 06:18:05.388316, 10, pid=5732, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2014/06/18 06:18:05.388342, 10, pid=5732, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2014/06/18 06:18:05.388367, 10, pid=5732, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2014/06/18 06:18:05.388392, 10, pid=5732, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2014/06/18 06:18:05.388418, 4, pid=5732, effective(99, 99), real(99, 0)] ../source3/printing/nt_printing.c:1844(print_access_check) access check was SUCCESS [2014/06/18 06:18:05.388474, 4, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) Create pipe requested \winreg [2014/06/18 06:18:05.388506, 10, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2014/06/18 06:18:05.388534, 10, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2014/06/18 06:18:05.388583, 4, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) Created internal pipe \winreg [2014/06/18 06:18:05.388623, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2014/06/18 06:18:05.388763, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2014/06/18 06:18:05.388790, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2014/06/18 06:18:05.388818, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2014/06/18 06:18:05.388846, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2014/06/18 06:18:05.388872, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:05.388897, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM] [2014/06/18 06:18:05.388940, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2014/06/18 06:18:05.388979, 10, pid=5732, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0x20019, remaining = 0x20019 [2014/06/18 06:18:05.389009, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 39 00 00 00 00 00 00 00 A0 53 C5 E1 ....9... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.389061, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000039-0000-0000-a053-c5e164160000 result : WERR_OK [2014/06/18 06:18:05.389170, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000039-0000-0000-a053-c5e164160000 keyname: struct winreg_String name_len : 0x0084 (132) name_size : 0x0084 (132) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2014/06/18 06:18:05.389442, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 39 00 00 00 00 00 00 00 A0 53 C5 E1 ....9... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.389495, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2014/06/18 06:18:05.389522, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2014/06/18 06:18:05.389553, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2014/06/18 06:18:05.389578, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2014/06/18 06:18:05.389604, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:05.389628, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM\SOFTWARE] [2014/06/18 06:18:05.389674, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2014/06/18 06:18:05.389714, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2014/06/18 06:18:05.389742, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2014/06/18 06:18:05.389769, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2014/06/18 06:18:05.389794, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2014/06/18 06:18:05.389821, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:05.389845, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM\SOFTWARE\Microsoft] [2014/06/18 06:18:05.389886, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2014/06/18 06:18:05.389925, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2014/06/18 06:18:05.389953, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2014/06/18 06:18:05.389980, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2014/06/18 06:18:05.390005, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2014/06/18 06:18:05.390032, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:05.390056, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2014/06/18 06:18:05.390095, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2014/06/18 06:18:05.390134, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2014/06/18 06:18:05.390162, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2014/06/18 06:18:05.390190, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2014/06/18 06:18:05.390218, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2014/06/18 06:18:05.390244, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:05.390269, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x463360 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2014/06/18 06:18:05.390321, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2014/06/18 06:18:05.390350, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2014/06/18 06:18:05.390378, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2014/06/18 06:18:05.390403, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2014/06/18 06:18:05.390430, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:05.390455, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x463360 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2014/06/18 06:18:05.390496, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2014/06/18 06:18:05.390525, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (8->9) [2014/06/18 06:18:05.390553, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2014/06/18 06:18:05.390578, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2014/06/18 06:18:05.390606, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:05.390631, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2014/06/18 06:18:05.390670, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2014/06/18 06:18:05.390710, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [print] [2014/06/18 06:18:05.390738, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (9->10) [2014/06/18 06:18:05.390766, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.390795, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.390822, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:05.390846, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.390891, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.390932, 10, pid=5732, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0x20019, remaining = 0x20019 [2014/06/18 06:18:05.390961, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (10->9) [2014/06/18 06:18:05.390987, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (9->8) [2014/06/18 06:18:05.391014, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2014/06/18 06:18:05.391040, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2014/06/18 06:18:05.391065, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2014/06/18 06:18:05.391091, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2014/06/18 06:18:05.391117, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 3A 00 00 00 00 00 00 00 A0 53 C5 E1 ....:... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.391167, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000003a-0000-0000-a053-c5e164160000 result : WERR_OK [2014/06/18 06:18:05.391273, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey in: struct winreg_QueryInfoKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000003a-0000-0000-a053-c5e164160000 classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL [2014/06/18 06:18:05.391407, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3A 00 00 00 00 00 00 00 A0 53 C5 E1 ....:... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.391464, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print' (ops 0x6c4bc0) [2014/06/18 06:18:05.391491, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.391529, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2014/06/18 06:18:05.391558, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Description] len[2] [2014/06/18 06:18:05.391586, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[Datatype] len[8] [2014/06/18 06:18:05.391613, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[Default Priority] len[4] [2014/06/18 06:18:05.391641, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[Port] len[38] [2014/06/18 06:18:05.391668, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Name] len[12] [2014/06/18 06:18:05.391695, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[Print Processor] len[18] [2014/06/18 06:18:05.391723, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[7]: name[Priority] len[4] [2014/06/18 06:18:05.391751, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[8]: name[Security] len[176] [2014/06/18 06:18:05.391778, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[9]: name[Share Name] len[12] [2014/06/18 06:18:05.391806, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[10]: name[StartTime] len[4] [2014/06/18 06:18:05.391833, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[11]: name[UntilTime] len[4] [2014/06/18 06:18:05.391861, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[12]: name[ChangeID] len[4] [2014/06/18 06:18:05.391888, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.391927, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey out: struct winreg_QueryInfoKey classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL num_subkeys : * num_subkeys : 0x00000003 (3) max_subkeylen : * max_subkeylen : 0x00000022 (34) max_classlen : * max_classlen : 0x00000000 (0) num_values : * num_values : 0x0000000d (13) max_valnamelen : * max_valnamelen : 0x00000022 (34) max_valbufsize : * max_valbufsize : 0x000000b0 (176) secdescsize : * secdescsize : 0x00000078 (120) last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2014/06/18 06:18:05.392203, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000003a-0000-0000-a053-c5e164160000 enum_index : 0x00000000 (0) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000b0 (176) length : * length : 0x00000000 (0) [2014/06/18 06:18:05.392436, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3A 00 00 00 00 00 00 00 A0 53 C5 E1 ....:... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.392487, 8, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.392516, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Attributes' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x48 (72) [1] : 0x10 (16) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2014/06/18 06:18:05.392766, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000003a-0000-0000-a053-c5e164160000 enum_index : 0x00000001 (1) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000b0 (176) length : * length : 0x00000000 (0) [2014/06/18 06:18:05.393003, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3A 00 00 00 00 00 00 00 A0 53 C5 E1 ....:... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.393054, 8, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.393082, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0018 (24) size : 0x0024 (36) name : * name : 'Description' type : * type : REG_SZ (1) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2014/06/18 06:18:05.393307, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000003a-0000-0000-a053-c5e164160000 enum_index : 0x00000002 (2) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000b0 (176) length : * length : 0x00000000 (0) [2014/06/18 06:18:05.393537, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3A 00 00 00 00 00 00 00 A0 53 C5 E1 ....:... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.393590, 8, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.393619, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Datatype' type : * type : REG_SZ (1) value : * value: ARRAY(8) [0] : 0x52 (82) [1] : 0x00 (0) [2] : 0x41 (65) [3] : 0x00 (0) [4] : 0x57 (87) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) size : * size : 0x00000008 (8) length : * length : 0x00000008 (8) result : WERR_OK [2014/06/18 06:18:05.393901, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000003a-0000-0000-a053-c5e164160000 enum_index : 0x00000003 (3) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000b0 (176) length : * length : 0x00000000 (0) [2014/06/18 06:18:05.394131, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3A 00 00 00 00 00 00 00 A0 53 C5 E1 ....:... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.394181, 8, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.394209, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0022 (34) size : 0x0024 (36) name : * name : 'Default Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2014/06/18 06:18:05.394456, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000003a-0000-0000-a053-c5e164160000 enum_index : 0x00000004 (4) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000b0 (176) length : * length : 0x00000000 (0) [2014/06/18 06:18:05.394686, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3A 00 00 00 00 00 00 00 A0 53 C5 E1 ....:... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.394736, 8, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.394764, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Port' type : * type : REG_SZ (1) value : * value: ARRAY(38) [0] : 0x53 (83) [1] : 0x00 (0) [2] : 0x61 (97) [3] : 0x00 (0) [4] : 0x6d (109) [5] : 0x00 (0) [6] : 0x62 (98) [7] : 0x00 (0) [8] : 0x61 (97) [9] : 0x00 (0) [10] : 0x20 (32) [11] : 0x00 (0) [12] : 0x50 (80) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x69 (105) [17] : 0x00 (0) [18] : 0x6e (110) [19] : 0x00 (0) [20] : 0x74 (116) [21] : 0x00 (0) [22] : 0x65 (101) [23] : 0x00 (0) [24] : 0x72 (114) [25] : 0x00 (0) [26] : 0x20 (32) [27] : 0x00 (0) [28] : 0x50 (80) [29] : 0x00 (0) [30] : 0x6f (111) [31] : 0x00 (0) [32] : 0x72 (114) [33] : 0x00 (0) [34] : 0x74 (116) [35] : 0x00 (0) [36] : 0x00 (0) [37] : 0x00 (0) size : * size : 0x00000026 (38) length : * length : 0x00000026 (38) result : WERR_OK [2014/06/18 06:18:05.395354, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000003a-0000-0000-a053-c5e164160000 enum_index : 0x00000005 (5) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000b0 (176) length : * length : 0x00000000 (0) [2014/06/18 06:18:05.395587, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3A 00 00 00 00 00 00 00 A0 53 C5 E1 ....:... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.395637, 8, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.395665, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Name' type : * type : REG_SZ (1) value : * value: ARRAY(12) [0] : 0x70 (112) [1] : 0x00 (0) [2] : 0x72 (114) [3] : 0x00 (0) [4] : 0x69 (105) [5] : 0x00 (0) [6] : 0x6e (110) [7] : 0x00 (0) [8] : 0x74 (116) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) size : * size : 0x0000000c (12) length : * length : 0x0000000c (12) result : WERR_OK [2014/06/18 06:18:05.395997, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000003a-0000-0000-a053-c5e164160000 enum_index : 0x00000006 (6) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000b0 (176) length : * length : 0x00000000 (0) [2014/06/18 06:18:05.396227, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3A 00 00 00 00 00 00 00 A0 53 C5 E1 ....:... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.396277, 8, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.396305, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0020 (32) size : 0x0024 (36) name : * name : 'Print Processor' type : * type : REG_SZ (1) value : * value: ARRAY(18) [0] : 0x77 (119) [1] : 0x00 (0) [2] : 0x69 (105) [3] : 0x00 (0) [4] : 0x6e (110) [5] : 0x00 (0) [6] : 0x70 (112) [7] : 0x00 (0) [8] : 0x72 (114) [9] : 0x00 (0) [10] : 0x69 (105) [11] : 0x00 (0) [12] : 0x6e (110) [13] : 0x00 (0) [14] : 0x74 (116) [15] : 0x00 (0) [16] : 0x00 (0) [17] : 0x00 (0) size : * size : 0x00000012 (18) length : * length : 0x00000012 (18) result : WERR_OK [2014/06/18 06:18:05.396694, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000003a-0000-0000-a053-c5e164160000 enum_index : 0x00000007 (7) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000b0 (176) length : * length : 0x00000000 (0) [2014/06/18 06:18:05.396926, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3A 00 00 00 00 00 00 00 A0 53 C5 E1 ....:... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.396976, 8, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.397004, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2014/06/18 06:18:05.397250, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000003a-0000-0000-a053-c5e164160000 enum_index : 0x00000008 (8) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000b0 (176) length : * length : 0x00000000 (0) [2014/06/18 06:18:05.397483, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3A 00 00 00 00 00 00 00 A0 53 C5 E1 ....:... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.397533, 8, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.397562, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Security' type : * type : REG_BINARY (3) value : * value: ARRAY(176) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0x7c (124) [55] : 0x00 (0) [56] : 0x05 (5) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x18 (24) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x02 (2) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x20 (32) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0x20 (32) [101] : 0x02 (2) [102] : 0x00 (0) [103] : 0x00 (0) [104] : 0x00 (0) [105] : 0x02 (2) [106] : 0x18 (24) [107] : 0x00 (0) [108] : 0x0c (12) [109] : 0x00 (0) [110] : 0x0f (15) [111] : 0x10 (16) [112] : 0x01 (1) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x00 (0) [118] : 0x00 (0) [119] : 0x05 (5) [120] : 0x20 (32) [121] : 0x00 (0) [122] : 0x00 (0) [123] : 0x00 (0) [124] : 0x20 (32) [125] : 0x02 (2) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x09 (9) [130] : 0x18 (24) [131] : 0x00 (0) [132] : 0x0c (12) [133] : 0x00 (0) [134] : 0x0f (15) [135] : 0x10 (16) [136] : 0x01 (1) [137] : 0x02 (2) [138] : 0x00 (0) [139] : 0x00 (0) [140] : 0x00 (0) [141] : 0x00 (0) [142] : 0x00 (0) [143] : 0x05 (5) [144] : 0x20 (32) [145] : 0x00 (0) [146] : 0x00 (0) [147] : 0x00 (0) [148] : 0x26 (38) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x02 (2) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x26 (38) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) size : * size : 0x000000b0 (176) length : * length : 0x000000b0 (176) result : WERR_OK [2014/06/18 06:18:05.399558, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000003a-0000-0000-a053-c5e164160000 enum_index : 0x00000009 (9) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000b0 (176) length : * length : 0x00000000 (0) [2014/06/18 06:18:05.399790, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3A 00 00 00 00 00 00 00 A0 53 C5 E1 ....:... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.399840, 8, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.399869, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Share Name' type : * type : REG_SZ (1) value : * value: ARRAY(12) [0] : 0x70 (112) [1] : 0x00 (0) [2] : 0x72 (114) [3] : 0x00 (0) [4] : 0x69 (105) [5] : 0x00 (0) [6] : 0x6e (110) [7] : 0x00 (0) [8] : 0x74 (116) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) size : * size : 0x0000000c (12) length : * length : 0x0000000c (12) result : WERR_OK [2014/06/18 06:18:05.400659, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000003a-0000-0000-a053-c5e164160000 enum_index : 0x0000000a (10) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000b0 (176) length : * length : 0x00000000 (0) [2014/06/18 06:18:05.400892, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3A 00 00 00 00 00 00 00 A0 53 C5 E1 ....:... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.400942, 8, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.400971, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'StartTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2014/06/18 06:18:05.401237, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000003a-0000-0000-a053-c5e164160000 enum_index : 0x0000000b (11) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000b0 (176) length : * length : 0x00000000 (0) [2014/06/18 06:18:05.401482, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3A 00 00 00 00 00 00 00 A0 53 C5 E1 ....:... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.401534, 8, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.401564, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'UntilTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2014/06/18 06:18:05.401821, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000003a-0000-0000-a053-c5e164160000 enum_index : 0x0000000c (12) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000b0 (176) length : * length : 0x00000000 (0) [2014/06/18 06:18:05.402063, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3A 00 00 00 00 00 00 00 A0 53 C5 E1 ....:... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.402116, 8, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.402146, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'ChangeID' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x5e (94) [1] : 0x01 (1) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2014/06/18 06:18:05.402429, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000003a-0000-0000-a053-c5e164160000 value_name : * value_name: struct winreg_String name_len : 0x0020 (32) name_size : 0x0020 (32) name : * name : 'Default DevMode' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2014/06/18 06:18:05.402655, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3A 00 00 00 00 00 00 00 A0 53 C5 E1 ....:... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.402708, 7, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.402735, 7, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2014/06/18 06:18:05.402765, 10, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:316(_winreg_QueryValue) _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE [2014/06/18 06:18:05.402793, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) result : WERR_BADFILE [2014/06/18 06:18:05.402936, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2014/06/18 06:18:05.403086, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2014/06/18 06:18:05.403115, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2014/06/18 06:18:05.403144, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2014/06/18 06:18:05.403171, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2014/06/18 06:18:05.403198, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:05.403223, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM] [2014/06/18 06:18:05.403269, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2014/06/18 06:18:05.403310, 10, pid=5732, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0x20019, remaining = 0x20019 [2014/06/18 06:18:05.403342, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 3B 00 00 00 00 00 00 00 A0 53 C5 E1 ....;... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.403397, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000003b-0000-0000-a053-c5e164160000 result : WERR_OK [2014/06/18 06:18:05.403510, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000003b-0000-0000-a053-c5e164160000 keyname: struct winreg_String name_len : 0x0084 (132) name_size : 0x0084 (132) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2014/06/18 06:18:05.403806, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3B 00 00 00 00 00 00 00 A0 53 C5 E1 ....;... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.403862, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2014/06/18 06:18:05.403890, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2014/06/18 06:18:05.403919, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2014/06/18 06:18:05.403946, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2014/06/18 06:18:05.403973, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:05.403999, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM\SOFTWARE] [2014/06/18 06:18:05.404047, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2014/06/18 06:18:05.404090, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2014/06/18 06:18:05.404120, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2014/06/18 06:18:05.404149, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2014/06/18 06:18:05.404176, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2014/06/18 06:18:05.404203, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:05.404229, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM\SOFTWARE\Microsoft] [2014/06/18 06:18:05.404273, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2014/06/18 06:18:05.404314, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2014/06/18 06:18:05.404343, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2014/06/18 06:18:05.404373, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2014/06/18 06:18:05.404399, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2014/06/18 06:18:05.404427, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:05.404452, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2014/06/18 06:18:05.404497, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2014/06/18 06:18:05.404545, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2014/06/18 06:18:05.404573, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (8->9) [2014/06/18 06:18:05.404601, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2014/06/18 06:18:05.404626, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2014/06/18 06:18:05.404653, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:05.404677, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x463360 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2014/06/18 06:18:05.404730, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2014/06/18 06:18:05.404759, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (9->10) [2014/06/18 06:18:05.404787, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2014/06/18 06:18:05.404813, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2014/06/18 06:18:05.404840, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:05.404865, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x463360 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2014/06/18 06:18:05.404908, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2014/06/18 06:18:05.404937, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (10->11) [2014/06/18 06:18:05.404965, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2014/06/18 06:18:05.404991, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2014/06/18 06:18:05.405018, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:05.405043, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2014/06/18 06:18:05.405086, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2014/06/18 06:18:05.405126, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [print] [2014/06/18 06:18:05.405155, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (11->12) [2014/06/18 06:18:05.405182, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.405208, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.405235, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:05.405260, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.405305, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.405346, 10, pid=5732, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0x20019, remaining = 0x20019 [2014/06/18 06:18:05.405376, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (12->11) [2014/06/18 06:18:05.405402, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (11->10) [2014/06/18 06:18:05.405429, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (10->9) [2014/06/18 06:18:05.405455, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (9->8) [2014/06/18 06:18:05.405481, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2014/06/18 06:18:05.405507, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2014/06/18 06:18:05.405534, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[4] [0000] 00 00 00 00 3C 00 00 00 00 00 00 00 A0 53 C5 E1 ....<... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.405585, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000003c-0000-0000-a053-c5e164160000 result : WERR_OK [2014/06/18 06:18:05.405692, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000003c-0000-0000-a053-c5e164160000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2014/06/18 06:18:05.405906, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3C 00 00 00 00 00 00 00 A0 53 C5 E1 ....<... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.405956, 7, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.405982, 7, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2014/06/18 06:18:05.406008, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print' (ops 0x6c4bc0) [2014/06/18 06:18:05.406034, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.406072, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2014/06/18 06:18:05.406101, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Description] len[2] [2014/06/18 06:18:05.406129, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[Datatype] len[8] [2014/06/18 06:18:05.406156, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[Default Priority] len[4] [2014/06/18 06:18:05.406183, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[Port] len[38] [2014/06/18 06:18:05.406211, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Name] len[12] [2014/06/18 06:18:05.406238, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[Print Processor] len[18] [2014/06/18 06:18:05.406266, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[7]: name[Priority] len[4] [2014/06/18 06:18:05.406297, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[8]: name[Security] len[176] [2014/06/18 06:18:05.406340, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[9]: name[Share Name] len[12] [2014/06/18 06:18:05.406367, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[10]: name[StartTime] len[4] [2014/06/18 06:18:05.406395, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[11]: name[UntilTime] len[4] [2014/06/18 06:18:05.406423, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[12]: name[ChangeID] len[4] [2014/06/18 06:18:05.406451, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2014/06/18 06:18:05.406585, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000003c-0000-0000-a053-c5e164160000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x00000000 (0) [2014/06/18 06:18:05.406806, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3C 00 00 00 00 00 00 00 A0 53 C5 E1 ....<... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.406857, 7, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.406883, 7, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2014/06/18 06:18:05.406912, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(176) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0x7c (124) [55] : 0x00 (0) [56] : 0x05 (5) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x18 (24) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x02 (2) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x20 (32) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0x20 (32) [101] : 0x02 (2) [102] : 0x00 (0) [103] : 0x00 (0) [104] : 0x00 (0) [105] : 0x02 (2) [106] : 0x18 (24) [107] : 0x00 (0) [108] : 0x0c (12) [109] : 0x00 (0) [110] : 0x0f (15) [111] : 0x10 (16) [112] : 0x01 (1) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x00 (0) [118] : 0x00 (0) [119] : 0x05 (5) [120] : 0x20 (32) [121] : 0x00 (0) [122] : 0x00 (0) [123] : 0x00 (0) [124] : 0x20 (32) [125] : 0x02 (2) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x09 (9) [130] : 0x18 (24) [131] : 0x00 (0) [132] : 0x0c (12) [133] : 0x00 (0) [134] : 0x0f (15) [135] : 0x10 (16) [136] : 0x01 (1) [137] : 0x02 (2) [138] : 0x00 (0) [139] : 0x00 (0) [140] : 0x00 (0) [141] : 0x00 (0) [142] : 0x00 (0) [143] : 0x05 (5) [144] : 0x20 (32) [145] : 0x00 (0) [146] : 0x00 (0) [147] : 0x00 (0) [148] : 0x26 (38) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x02 (2) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x26 (38) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x000000b0 (176) result : WERR_OK [2014/06/18 06:18:05.408852, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000003c-0000-0000-a053-c5e164160000 [2014/06/18 06:18:05.408936, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3C 00 00 00 00 00 00 00 A0 53 C5 E1 ....<... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.408987, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3C 00 00 00 00 00 00 00 A0 53 C5 E1 ....<... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.409036, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2014/06/18 06:18:05.409065, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2014/06/18 06:18:05.409092, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2014/06/18 06:18:05.409195, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000003b-0000-0000-a053-c5e164160000 [2014/06/18 06:18:05.409277, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3B 00 00 00 00 00 00 00 A0 53 C5 E1 ....;... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.409328, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3B 00 00 00 00 00 00 00 A0 53 C5 E1 ....;... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.409378, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2014/06/18 06:18:05.409404, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2014/06/18 06:18:05.409429, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2014/06/18 06:18:05.409530, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000003a-0000-0000-a053-c5e164160000 [2014/06/18 06:18:05.409611, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3A 00 00 00 00 00 00 00 A0 53 C5 E1 ....:... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.409662, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3A 00 00 00 00 00 00 00 A0 53 C5 E1 ....:... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.409711, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2014/06/18 06:18:05.409739, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2014/06/18 06:18:05.409765, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2014/06/18 06:18:05.409865, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000039-0000-0000-a053-c5e164160000 [2014/06/18 06:18:05.409950, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 39 00 00 00 00 00 00 00 A0 53 C5 E1 ....9... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.410001, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 39 00 00 00 00 00 00 00 A0 53 C5 E1 ....9... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.410051, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2014/06/18 06:18:05.410077, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2014/06/18 06:18:05.410103, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2014/06/18 06:18:05.410201, 10, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) Deleted handle list for RPC connection \winreg [2014/06/18 06:18:05.410246, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:2805(print_job_start) print_job_start: Queue print number of jobs (3), max printjobs = 1000 [2014/06/18 06:18:05.410280, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:2573(allocate_print_jobid) allocate_print_jobid: Read jobid 42 from print [2014/06/18 06:18:05.410325, 3, pid=5732, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:2737(print_job_spool_file) print_job_spool_file:External spooling activated [2014/06/18 06:18:05.410366, 5, pid=5732, effective(99, 99), real(99, 0)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) send_spoolss_notify2_msg: appending message 0x01/0x10 for printer print to notify_queue_head [2014/06/18 06:18:05.410395, 5, pid=5732, effective(99, 99), real(99, 0)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) send_spoolss_notify2_msg: appending message 0x01/0x03 for printer print to notify_queue_head [2014/06/18 06:18:05.410423, 5, pid=5732, effective(99, 99), real(99, 0)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) send_spoolss_notify2_msg: appending message 0x01/0x0d for printer print to notify_queue_head [2014/06/18 06:18:05.410450, 5, pid=5732, effective(99, 99), real(99, 0)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) send_spoolss_notify2_msg: appending message 0x01/0x0a for printer print to notify_queue_head [2014/06/18 06:18:05.410477, 5, pid=5732, effective(99, 99), real(99, 0)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) send_spoolss_notify2_msg: appending message 0x01/0x16 for printer print to notify_queue_head [2014/06/18 06:18:05.410505, 5, pid=5732, effective(99, 99), real(99, 0)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) send_spoolss_notify2_msg: appending message 0x01/0x14 for printer print to notify_queue_head [2014/06/18 06:18:05.410530, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:2637(add_to_jobs_added) add_to_jobs_added: Added jobid 43 [2014/06/18 06:18:05.410565, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_StartDocPrinter: struct spoolss_StartDocPrinter out: struct spoolss_StartDocPrinter job_id : * job_id : 0x0000002b (43) result : WERR_OK [2014/06/18 06:18:05.410643, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:79(pjobid_to_rap) pjobid_to_rap: called. [2014/06/18 06:18:05.410676, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:114(pjobid_to_rap) pjobid_to_rap: created jobid 43 maps to RAP jobid 4 [2014/06/18 06:18:05.410706, 8, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/dosmode.c:631(dos_mode) dos_mode: /var/spool/samba/smbprn.4cLprE [2014/06/18 06:18:05.410733, 8, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/dosmode.c:204(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2014/06/18 06:18:05.410760, 8, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/dosmode.c:682(dos_mode) dos_mode returning [2014/06/18 06:18:05.410793, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/smb2_create.c:1052(smbd_smb2_create_send) smbd_smb2_create_send: /var/spool/samba/smbprn.4cLprE - fnum 2884511837 [2014/06/18 06:18:05.410825, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/smb2_server.c:2499(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[88] dyn[yes:0] at ../source3/smbd/smb2_create.c:369 [2014/06/18 06:18:05.410854, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/smb2_server.c:874(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 482/512, total granted/max/low/range 31/8192/17/31 [2014/06/18 06:18:05.411282, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/smb2_server.c:3241(smbd_smb2_io_handler) smbd_smb2_request idx[1] of 5 vectors [2014/06/18 06:18:05.411318, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/smb2_server.c:621(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 17 (position 17) from bitmap [2014/06/18 06:18:05.411346, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/smb2_server.c:1878(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_CLOSE] mid = 17 [2014/06/18 06:18:05.411375, 4, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2014/06/18 06:18:05.411406, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/smb2_close.c:185(smbd_smb2_close) smbd_smb2_close: /var/spool/samba/smbprn.4cLprE - fnum 2884511837 [2014/06/18 06:18:05.411443, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_ClosePrinter: struct spoolss_ClosePrinter in: struct spoolss_ClosePrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000032-0000-0000-a053-c5e164160000 [2014/06/18 06:18:05.411526, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 32 00 00 00 00 00 00 00 A0 53 C5 E1 ....2... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.411578, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 32 00 00 00 00 00 00 00 A0 53 C5 E1 ....2... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.411629, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 32 00 00 00 00 00 00 00 A0 53 C5 E1 ....2... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.411683, 4, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) short name:print [2014/06/18 06:18:05.411713, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:457(print_job_find) print_job_find: looking up job 43 for share print [2014/06/18 06:18:05.411745, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:485(print_job_find) print_job_find: returning system job -1 for jobid 43. [2014/06/18 06:18:05.411773, 5, pid=5732, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:2977(print_job_end) print_job_end: canceling spool of /var/spool/samba/smbprn.4cLprE (zero length) [2014/06/18 06:18:05.411805, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:457(print_job_find) print_job_find: looking up job 43 for share print [2014/06/18 06:18:05.411835, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:485(print_job_find) print_job_find: returning system job -1 for jobid 43. [2014/06/18 06:18:05.411863, 5, pid=5732, effective(99, 99), real(99, 0)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) send_spoolss_notify2_msg: appending message 0x01/0x0a for printer print to notify_queue_head [2014/06/18 06:18:05.411901, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:2093(remove_from_jobs_added) remove_from_jobs_added: removed jobid 43 [2014/06/18 06:18:05.411928, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:158(rap_jobid_delete) rap_jobid_delete: called. [2014/06/18 06:18:05.411955, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:178(rap_jobid_delete) rap_jobid_delete: deleting jobid 43 [2014/06/18 06:18:05.411985, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 32 00 00 00 00 00 00 00 A0 53 C5 E1 ....2... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.412036, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 32 00 00 00 00 00 00 00 A0 53 C5 E1 ....2... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.412086, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2014/06/18 06:18:05.412112, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_ClosePrinter: struct spoolss_ClosePrinter out: struct spoolss_ClosePrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2014/06/18 06:18:05.412210, 5, pid=5732, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:187(dbwrap_check_lock_order) check lock order 1 for /usr/local/samba/var/lock/smbXsrv_open_global.tdb [2014/06/18 06:18:05.412239, 10, pid=5732, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1:/usr/local/samba/var/lock/smbXsrv_open_global.tdb 2: 3: [2014/06/18 06:18:05.412267, 10, pid=5732, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Locking key 0AB155FA [2014/06/18 06:18:05.412296, 10, pid=5732, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) Allocated locked data 0x0xb65a2848 [2014/06/18 06:18:05.412331, 10, pid=5732, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Unlocking key 0AB155FA [2014/06/18 06:18:05.412360, 5, pid=5732, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) release lock order 1 for /usr/local/samba/var/lock/smbXsrv_open_global.tdb [2014/06/18 06:18:05.412385, 10, pid=5732, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1: 2: 3: [2014/06/18 06:18:05.412415, 5, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/files.c:525(file_free) freed files structure 2884511837 (0 used) [2014/06/18 06:18:05.412445, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/smb2_server.c:2499(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[60] dyn[no:0] at ../source3/smbd/smb2_close.c:139 [2014/06/18 06:18:05.412473, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/smb2_server.c:874(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 482/512, total granted/max/low/range 31/8192/18/31 [2014/06/18 06:18:05.412798, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/smb2_server.c:3241(smbd_smb2_io_handler) smbd_smb2_request idx[1] of 5 vectors [2014/06/18 06:18:05.412833, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/smb2_server.c:621(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 18 (position 18) from bitmap [2014/06/18 06:18:05.412861, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/smb2_server.c:1878(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_CREATE] mid = 18 [2014/06/18 06:18:05.412890, 4, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2014/06/18 06:18:05.412920, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/smb2_create.c:451(smbd_smb2_create_send) smbd_smb2_create: name[] [2014/06/18 06:18:05.412953, 5, pid=5732, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:187(dbwrap_check_lock_order) check lock order 1 for /usr/local/samba/var/lock/smbXsrv_open_global.tdb [2014/06/18 06:18:05.412980, 10, pid=5732, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1:/usr/local/samba/var/lock/smbXsrv_open_global.tdb 2: 3: [2014/06/18 06:18:05.413007, 10, pid=5732, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Locking key 7715422D [2014/06/18 06:18:05.413044, 10, pid=5732, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) Allocated locked data 0x0xb65ac3f0 [2014/06/18 06:18:05.413090, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/smbXsrv_open.c:695(smbXsrv_open_global_store) [2014/06/18 06:18:05.413110, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/smbXsrv_open.c:697(smbXsrv_open_global_store) smbXsrv_open_global_store: key '7715422D' stored [2014/06/18 06:18:05.413137, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &global_blob: struct smbXsrv_open_globalB version : SMBXSRV_VERSION_0 (0) seqnum : 0x00000001 (1) info : union smbXsrv_open_globalU(case 0) info0 : * info0: struct smbXsrv_open_global0 db_rec : * server_id: struct server_id pid : 0x0000000000001664 (5732) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0x718583a4645892af (8180089040269775535) open_global_id : 0x7715422d (1997881901) open_persistent_id : 0x000000007715422d (1997881901) open_volatile_id : 0x000000000e0a5fd8 (235560920) open_owner : S-1-5-21-1412259249-3212819653-634731678-501 open_time : Wed Jun 18 06:18:05 AM 2014 IST create_guid : 00000000-0000-0000-0000-000000000000 client_guid : e8c453bd-f6cd-11e3-a601-005056c00008 app_instance_id : 00000000-0000-0000-0000-000000000000 disconnect_time : NTTIME(0) durable_timeout_msec : 0x00000000 (0) durable : 0x00 (0) backend_cookie : DATA_BLOB length=0 [2014/06/18 06:18:05.413429, 10, pid=5732, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Unlocking key 7715422D [2014/06/18 06:18:05.413458, 5, pid=5732, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) release lock order 1 for /usr/local/samba/var/lock/smbXsrv_open_global.tdb [2014/06/18 06:18:05.413484, 10, pid=5732, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1: 2: 3: [2014/06/18 06:18:05.413511, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/smbXsrv_open.c:862(smbXsrv_open_create) [2014/06/18 06:18:05.413527, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/smbXsrv_open.c:870(smbXsrv_open_create) smbXsrv_open_create: global_id (0x7715422d) stored [2014/06/18 06:18:05.413553, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &open_blob: struct smbXsrv_openB version : SMBXSRV_VERSION_0 (0) reserved : 0x00000000 (0) info : union smbXsrv_openU(case 0) info0 : * info0: struct smbXsrv_open table : * db_rec : NULL local_id : 0x0e0a5fd8 (235560920) global : * global: struct smbXsrv_open_global0 db_rec : NULL server_id: struct server_id pid : 0x0000000000001664 (5732) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0x718583a4645892af (8180089040269775535) open_global_id : 0x7715422d (1997881901) open_persistent_id : 0x000000007715422d (1997881901) open_volatile_id : 0x000000000e0a5fd8 (235560920) open_owner : S-1-5-21-1412259249-3212819653-634731678-501 open_time : Wed Jun 18 06:18:05 AM 2014 IST create_guid : 00000000-0000-0000-0000-000000000000 client_guid : e8c453bd-f6cd-11e3-a601-005056c00008 app_instance_id : 00000000-0000-0000-0000-000000000000 disconnect_time : NTTIME(0) durable_timeout_msec : 0x00000000 (0) durable : 0x00 (0) backend_cookie : DATA_BLOB length=0 status : NT_STATUS_OK idle_time : Wed Jun 18 06:18:05 AM 2014 IST compat : NULL [2014/06/18 06:18:05.413931, 5, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/files.c:125(file_new) allocated file structure fnum 235560920 (1 used) [2014/06/18 06:18:05.413985, 10, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) Deleted handle list for RPC connection \spoolss [2014/06/18 06:18:05.414023, 5, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:796(rpc_pipe_open_interface) Connecting to spoolss pipe. [2014/06/18 06:18:05.414055, 4, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) Create pipe requested \spoolss [2014/06/18 06:18:05.414085, 10, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \spoolss [2014/06/18 06:18:05.414113, 10, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \spoolss [2014/06/18 06:18:05.414164, 4, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) Created internal pipe \spoolss [2014/06/18 06:18:05.414205, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_OpenPrinter: struct spoolss_OpenPrinter in: struct spoolss_OpenPrinter printername : * printername : 'print' datatype : * datatype : 'RAW' devmode_ctr: struct spoolss_DevmodeContainer _ndr_size : 0x00000000 (0) devmode : NULL access_mask : 0x00000008 (8) 0: SERVER_ACCESS_ADMINISTER 0: SERVER_ACCESS_ENUMERATE 0: PRINTER_ACCESS_ADMINISTER 1: PRINTER_ACCESS_USE 0: JOB_ACCESS_ADMINISTER 0: JOB_ACCESS_READ checking name: print [2014/06/18 06:18:05.414397, 10, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:737(open_printer_hnd) open_printer_hnd: name [print] [2014/06/18 06:18:05.414425, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 3D 00 00 00 00 00 00 00 A0 53 C5 E1 ....=... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.414477, 3, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:506(set_printer_hnd_printertype) Setting printer type=print Printer is a printer [2014/06/18 06:18:05.414512, 4, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:566(set_printer_hnd_name) Setting printer name=print (len=5) searching for [print] [2014/06/18 06:18:05.414558, 10, pid=5732, effective(99, 99), real(99, 0), class=tdb] ../source3/lib/gencache.c:275(gencache_set_data_blob) Did not store value for PRINTERNAME/print, we already got it set_printer_hnd_name: Printer found: print -> print [2014/06/18 06:18:05.414595, 5, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:773(open_printer_hnd) 1 printer handles active [2014/06/18 06:18:05.414622, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3D 00 00 00 00 00 00 00 A0 53 C5 E1 ....=... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.414674, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3D 00 00 00 00 00 00 00 A0 53 C5 E1 ....=... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.414729, 4, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) short name:print [2014/06/18 06:18:05.414765, 3, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/access.c:338(allow_access) Allowed connection from fe80::51bb:b8a:3bcd:9e1e (fe80::51bb:b8a:3bcd:9e1e) [2014/06/18 06:18:05.414813, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/share_access.c:237(user_ok_token) user_ok_token: share print is ok for unix user nobody [2014/06/18 06:18:05.414869, 4, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) Create pipe requested \winreg [2014/06/18 06:18:05.414904, 10, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2014/06/18 06:18:05.414933, 10, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2014/06/18 06:18:05.414981, 4, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) Created internal pipe \winreg [2014/06/18 06:18:05.415020, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2014/06/18 06:18:05.415162, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2014/06/18 06:18:05.415190, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2014/06/18 06:18:05.415218, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2014/06/18 06:18:05.415244, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2014/06/18 06:18:05.415270, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:05.415295, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM] [2014/06/18 06:18:05.415340, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2014/06/18 06:18:05.415379, 10, pid=5732, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2014/06/18 06:18:05.415411, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 3E 00 00 00 00 00 00 00 A0 53 C5 E1 ....>... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.415465, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000003e-0000-0000-a053-c5e164160000 result : WERR_OK [2014/06/18 06:18:05.415675, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000003e-0000-0000-a053-c5e164160000 keyname: struct winreg_String name_len : 0x0084 (132) name_size : 0x0084 (132) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2014/06/18 06:18:05.415942, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3E 00 00 00 00 00 00 00 A0 53 C5 E1 ....>... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.415997, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2014/06/18 06:18:05.416022, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2014/06/18 06:18:05.416049, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2014/06/18 06:18:05.416073, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2014/06/18 06:18:05.416098, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:05.416121, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM\SOFTWARE] [2014/06/18 06:18:05.416168, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2014/06/18 06:18:05.416207, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2014/06/18 06:18:05.416234, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2014/06/18 06:18:05.416260, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2014/06/18 06:18:05.416291, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2014/06/18 06:18:05.416317, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:05.416340, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM\SOFTWARE\Microsoft] [2014/06/18 06:18:05.416379, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2014/06/18 06:18:05.416417, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2014/06/18 06:18:05.416444, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2014/06/18 06:18:05.416469, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2014/06/18 06:18:05.416493, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2014/06/18 06:18:05.416517, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:05.416540, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2014/06/18 06:18:05.416577, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2014/06/18 06:18:05.416614, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2014/06/18 06:18:05.416640, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2014/06/18 06:18:05.416666, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2014/06/18 06:18:05.416690, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2014/06/18 06:18:05.416715, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:05.416738, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x463360 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2014/06/18 06:18:05.416796, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2014/06/18 06:18:05.416824, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2014/06/18 06:18:05.416851, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2014/06/18 06:18:05.416882, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2014/06/18 06:18:05.416911, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:05.416935, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x463360 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2014/06/18 06:18:05.416975, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2014/06/18 06:18:05.417002, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (8->9) [2014/06/18 06:18:05.417035, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2014/06/18 06:18:05.417060, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2014/06/18 06:18:05.417087, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:05.417111, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2014/06/18 06:18:05.417149, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2014/06/18 06:18:05.417189, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [print] [2014/06/18 06:18:05.417216, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (9->10) [2014/06/18 06:18:05.417243, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.417267, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.417294, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:05.417317, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.417362, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.417402, 10, pid=5732, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2014/06/18 06:18:05.417430, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (10->9) [2014/06/18 06:18:05.417455, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (9->8) [2014/06/18 06:18:05.417484, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2014/06/18 06:18:05.417509, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2014/06/18 06:18:05.417534, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2014/06/18 06:18:05.417559, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2014/06/18 06:18:05.417584, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 3F 00 00 00 00 00 00 00 A0 53 C5 E1 ....?... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.417634, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000003f-0000-0000-a053-c5e164160000 result : WERR_OK [2014/06/18 06:18:05.417741, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000003f-0000-0000-a053-c5e164160000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2014/06/18 06:18:05.417943, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3F 00 00 00 00 00 00 00 A0 53 C5 E1 ....?... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.417992, 7, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.418017, 7, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2014/06/18 06:18:05.418042, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print' (ops 0x6c4bc0) [2014/06/18 06:18:05.418067, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.418109, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2014/06/18 06:18:05.418137, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Description] len[2] [2014/06/18 06:18:05.418164, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[Datatype] len[8] [2014/06/18 06:18:05.418191, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[Default Priority] len[4] [2014/06/18 06:18:05.418217, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[Port] len[38] [2014/06/18 06:18:05.418244, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Name] len[12] [2014/06/18 06:18:05.418270, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[Print Processor] len[18] [2014/06/18 06:18:05.418297, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[7]: name[Priority] len[4] [2014/06/18 06:18:05.418324, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[8]: name[Security] len[176] [2014/06/18 06:18:05.418351, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[9]: name[Share Name] len[12] [2014/06/18 06:18:05.418377, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[10]: name[StartTime] len[4] [2014/06/18 06:18:05.418404, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[11]: name[UntilTime] len[4] [2014/06/18 06:18:05.418431, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[12]: name[ChangeID] len[4] [2014/06/18 06:18:05.418458, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2014/06/18 06:18:05.418589, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000003f-0000-0000-a053-c5e164160000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x00000000 (0) [2014/06/18 06:18:05.418806, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3F 00 00 00 00 00 00 00 A0 53 C5 E1 ....?... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.418857, 7, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.418881, 7, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2014/06/18 06:18:05.418909, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(176) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0x7c (124) [55] : 0x00 (0) [56] : 0x05 (5) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x18 (24) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x02 (2) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x20 (32) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0x20 (32) [101] : 0x02 (2) [102] : 0x00 (0) [103] : 0x00 (0) [104] : 0x00 (0) [105] : 0x02 (2) [106] : 0x18 (24) [107] : 0x00 (0) [108] : 0x0c (12) [109] : 0x00 (0) [110] : 0x0f (15) [111] : 0x10 (16) [112] : 0x01 (1) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x00 (0) [118] : 0x00 (0) [119] : 0x05 (5) [120] : 0x20 (32) [121] : 0x00 (0) [122] : 0x00 (0) [123] : 0x00 (0) [124] : 0x20 (32) [125] : 0x02 (2) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x09 (9) [130] : 0x18 (24) [131] : 0x00 (0) [132] : 0x0c (12) [133] : 0x00 (0) [134] : 0x0f (15) [135] : 0x10 (16) [136] : 0x01 (1) [137] : 0x02 (2) [138] : 0x00 (0) [139] : 0x00 (0) [140] : 0x00 (0) [141] : 0x00 (0) [142] : 0x00 (0) [143] : 0x05 (5) [144] : 0x20 (32) [145] : 0x00 (0) [146] : 0x00 (0) [147] : 0x00 (0) [148] : 0x26 (38) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x02 (2) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x26 (38) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x000000b0 (176) result : WERR_OK [2014/06/18 06:18:05.420785, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000003f-0000-0000-a053-c5e164160000 [2014/06/18 06:18:05.420868, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3F 00 00 00 00 00 00 00 A0 53 C5 E1 ....?... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.420917, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3F 00 00 00 00 00 00 00 A0 53 C5 E1 ....?... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.420965, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2014/06/18 06:18:05.420991, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2014/06/18 06:18:05.421016, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2014/06/18 06:18:05.421111, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000003e-0000-0000-a053-c5e164160000 [2014/06/18 06:18:05.421188, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3E 00 00 00 00 00 00 00 A0 53 C5 E1 ....>... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.421236, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3E 00 00 00 00 00 00 00 A0 53 C5 E1 ....>... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.421283, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2014/06/18 06:18:05.421307, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2014/06/18 06:18:05.421331, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2014/06/18 06:18:05.421423, 10, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) Deleted handle list for RPC connection \winreg [2014/06/18 06:18:05.421453, 10, pid=5732, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x20020008 to 0x00020008 [2014/06/18 06:18:05.421481, 10, pid=5732, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2014/06/18 06:18:05.421505, 10, pid=5732, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2014/06/18 06:18:05.421528, 10, pid=5732, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2014/06/18 06:18:05.421551, 10, pid=5732, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2014/06/18 06:18:05.421575, 4, pid=5732, effective(99, 99), real(99, 0)] ../source3/printing/nt_printing.c:1844(print_access_check) access check was SUCCESS [2014/06/18 06:18:05.421600, 4, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:1921(_spoolss_OpenPrinterEx) Setting printer access = PRINTER_ACCESS_USE [2014/06/18 06:18:05.421648, 4, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) Create pipe requested \winreg [2014/06/18 06:18:05.421679, 10, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2014/06/18 06:18:05.421706, 10, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2014/06/18 06:18:05.421752, 4, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) Created internal pipe \winreg [2014/06/18 06:18:05.421788, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2014/06/18 06:18:05.421918, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2014/06/18 06:18:05.421943, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2014/06/18 06:18:05.421969, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2014/06/18 06:18:05.421993, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2014/06/18 06:18:05.422016, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:05.422040, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM] [2014/06/18 06:18:05.422081, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2014/06/18 06:18:05.422118, 10, pid=5732, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2014/06/18 06:18:05.422150, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 40 00 00 00 00 00 00 00 A0 53 C5 E1 ....@... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.422200, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000040-0000-0000-a053-c5e164160000 result : WERR_OK [2014/06/18 06:18:05.422302, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000040-0000-0000-a053-c5e164160000 keyname: struct winreg_String name_len : 0x0084 (132) name_size : 0x0084 (132) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2014/06/18 06:18:05.422555, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 40 00 00 00 00 00 00 00 A0 53 C5 E1 ....@... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.422606, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2014/06/18 06:18:05.422632, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2014/06/18 06:18:05.422657, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2014/06/18 06:18:05.422681, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2014/06/18 06:18:05.422705, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:05.422728, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM\SOFTWARE] [2014/06/18 06:18:05.422773, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2014/06/18 06:18:05.422814, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2014/06/18 06:18:05.422842, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2014/06/18 06:18:05.422867, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2014/06/18 06:18:05.422890, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2014/06/18 06:18:05.422915, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:05.422937, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM\SOFTWARE\Microsoft] [2014/06/18 06:18:05.422977, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2014/06/18 06:18:05.423015, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2014/06/18 06:18:05.423041, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2014/06/18 06:18:05.423067, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2014/06/18 06:18:05.423090, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2014/06/18 06:18:05.423115, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:05.423138, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2014/06/18 06:18:05.423175, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2014/06/18 06:18:05.423212, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2014/06/18 06:18:05.423238, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2014/06/18 06:18:05.423264, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2014/06/18 06:18:05.423288, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2014/06/18 06:18:05.423313, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:05.423336, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x463360 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2014/06/18 06:18:05.423387, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2014/06/18 06:18:05.423417, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2014/06/18 06:18:05.423443, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2014/06/18 06:18:05.423467, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2014/06/18 06:18:05.423493, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:05.423516, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x463360 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2014/06/18 06:18:05.423556, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2014/06/18 06:18:05.423583, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (8->9) [2014/06/18 06:18:05.423609, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2014/06/18 06:18:05.423633, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2014/06/18 06:18:05.423659, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:05.423682, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2014/06/18 06:18:05.423720, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2014/06/18 06:18:05.423758, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [print] [2014/06/18 06:18:05.423784, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (9->10) [2014/06/18 06:18:05.423811, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.423834, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.423860, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:05.423882, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.423926, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.423968, 10, pid=5732, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2014/06/18 06:18:05.423996, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (10->9) [2014/06/18 06:18:05.424021, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (9->8) [2014/06/18 06:18:05.424046, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2014/06/18 06:18:05.424070, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2014/06/18 06:18:05.424094, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2014/06/18 06:18:05.424118, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2014/06/18 06:18:05.424143, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 41 00 00 00 00 00 00 00 A0 53 C5 E1 ....A... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.424191, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000041-0000-0000-a053-c5e164160000 result : WERR_OK [2014/06/18 06:18:05.424284, 2, pid=5732, effective(99, 99), real(99, 0)] ../source3/rpc_client/cli_winreg_spoolss.c:626(winreg_create_printer) winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print already exists [2014/06/18 06:18:05.424317, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000041-0000-0000-a053-c5e164160000 [2014/06/18 06:18:05.424394, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 41 00 00 00 00 00 00 00 A0 53 C5 E1 ....A... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.424444, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 41 00 00 00 00 00 00 00 A0 53 C5 E1 ....A... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.424492, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2014/06/18 06:18:05.424516, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2014/06/18 06:18:05.424540, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2014/06/18 06:18:05.424638, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000040-0000-0000-a053-c5e164160000 [2014/06/18 06:18:05.424714, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 40 00 00 00 00 00 00 00 A0 53 C5 E1 ....@... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.424762, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 40 00 00 00 00 00 00 00 A0 53 C5 E1 ....@... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.424809, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2014/06/18 06:18:05.424833, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2014/06/18 06:18:05.424857, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2014/06/18 06:18:05.424947, 10, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) Deleted handle list for RPC connection \winreg [2014/06/18 06:18:05.424977, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_OpenPrinter: struct spoolss_OpenPrinter out: struct spoolss_OpenPrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000003d-0000-0000-a053-c5e164160000 result : WERR_OK [2014/06/18 06:18:05.425081, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_StartDocPrinter: struct spoolss_StartDocPrinter in: struct spoolss_StartDocPrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000003d-0000-0000-a053-c5e164160000 info_ctr : * info_ctr: struct spoolss_DocumentInfoCtr level : 0x00000001 (1) info : union spoolss_DocumentInfo(case 1) info1 : * info1: struct spoolss_DocumentInfo1 document_name : * document_name : 'Remote Downlevel Document ' output_file : * output_file : '/var/spool/samba/smbprn.rjweCm' datatype : * datatype : 'RAW' [2014/06/18 06:18:05.425281, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3D 00 00 00 00 00 00 00 A0 53 C5 E1 ....=... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.425330, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3D 00 00 00 00 00 00 00 A0 53 C5 E1 ....=... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.425377, 4, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) short name:print [2014/06/18 06:18:05.425433, 4, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) Create pipe requested \winreg [2014/06/18 06:18:05.425465, 10, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2014/06/18 06:18:05.425492, 10, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2014/06/18 06:18:05.425538, 4, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) Created internal pipe \winreg [2014/06/18 06:18:05.425574, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2014/06/18 06:18:05.425705, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2014/06/18 06:18:05.425730, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2014/06/18 06:18:05.425756, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2014/06/18 06:18:05.425779, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2014/06/18 06:18:05.425803, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:05.425826, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM] [2014/06/18 06:18:05.425867, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2014/06/18 06:18:05.425905, 10, pid=5732, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2014/06/18 06:18:05.425933, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 42 00 00 00 00 00 00 00 A0 53 C5 E1 ....B... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.425987, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000042-0000-0000-a053-c5e164160000 result : WERR_OK [2014/06/18 06:18:05.426090, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000042-0000-0000-a053-c5e164160000 keyname: struct winreg_String name_len : 0x0084 (132) name_size : 0x0084 (132) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2014/06/18 06:18:05.426345, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 42 00 00 00 00 00 00 00 A0 53 C5 E1 ....B... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.426396, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2014/06/18 06:18:05.426422, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2014/06/18 06:18:05.426448, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2014/06/18 06:18:05.426471, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2014/06/18 06:18:05.426496, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:05.426519, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM\SOFTWARE] [2014/06/18 06:18:05.426562, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2014/06/18 06:18:05.426600, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2014/06/18 06:18:05.426630, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2014/06/18 06:18:05.426657, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2014/06/18 06:18:05.426680, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2014/06/18 06:18:05.426704, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:05.426727, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM\SOFTWARE\Microsoft] [2014/06/18 06:18:05.426767, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2014/06/18 06:18:05.426804, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2014/06/18 06:18:05.426831, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2014/06/18 06:18:05.426856, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2014/06/18 06:18:05.426880, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2014/06/18 06:18:05.426904, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:05.426927, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2014/06/18 06:18:05.426964, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2014/06/18 06:18:05.427001, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2014/06/18 06:18:05.427027, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2014/06/18 06:18:05.427053, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2014/06/18 06:18:05.427077, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2014/06/18 06:18:05.427102, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:05.427124, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x463360 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2014/06/18 06:18:05.427174, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2014/06/18 06:18:05.427202, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2014/06/18 06:18:05.427231, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2014/06/18 06:18:05.427255, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2014/06/18 06:18:05.427281, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:05.427304, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x463360 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2014/06/18 06:18:05.427344, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2014/06/18 06:18:05.427371, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (8->9) [2014/06/18 06:18:05.427397, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2014/06/18 06:18:05.427421, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2014/06/18 06:18:05.427447, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:05.427470, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2014/06/18 06:18:05.427507, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2014/06/18 06:18:05.427545, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [print] [2014/06/18 06:18:05.427572, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (9->10) [2014/06/18 06:18:05.427598, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.427622, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.427648, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:05.427671, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.427714, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.427752, 10, pid=5732, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2014/06/18 06:18:05.427783, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (10->9) [2014/06/18 06:18:05.427808, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (9->8) [2014/06/18 06:18:05.427833, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2014/06/18 06:18:05.427857, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2014/06/18 06:18:05.427881, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2014/06/18 06:18:05.427905, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2014/06/18 06:18:05.427929, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 43 00 00 00 00 00 00 00 A0 53 C5 E1 ....C... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.427978, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000043-0000-0000-a053-c5e164160000 result : WERR_OK [2014/06/18 06:18:05.428081, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000043-0000-0000-a053-c5e164160000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2014/06/18 06:18:05.428280, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 43 00 00 00 00 00 00 00 A0 53 C5 E1 ....C... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.428330, 7, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.428354, 7, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2014/06/18 06:18:05.428378, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print' (ops 0x6c4bc0) [2014/06/18 06:18:05.428406, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.428443, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2014/06/18 06:18:05.428471, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Description] len[2] [2014/06/18 06:18:05.428496, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[Datatype] len[8] [2014/06/18 06:18:05.428522, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[Default Priority] len[4] [2014/06/18 06:18:05.428548, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[Port] len[38] [2014/06/18 06:18:05.428574, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Name] len[12] [2014/06/18 06:18:05.428599, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[Print Processor] len[18] [2014/06/18 06:18:05.428626, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[7]: name[Priority] len[4] [2014/06/18 06:18:05.428652, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[8]: name[Security] len[176] [2014/06/18 06:18:05.428678, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[9]: name[Share Name] len[12] [2014/06/18 06:18:05.428704, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[10]: name[StartTime] len[4] [2014/06/18 06:18:05.428731, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[11]: name[UntilTime] len[4] [2014/06/18 06:18:05.428756, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[12]: name[ChangeID] len[4] [2014/06/18 06:18:05.428783, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2014/06/18 06:18:05.428912, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000043-0000-0000-a053-c5e164160000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x00000000 (0) [2014/06/18 06:18:05.429123, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 43 00 00 00 00 00 00 00 A0 53 C5 E1 ....C... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.429172, 7, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.429196, 7, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2014/06/18 06:18:05.429223, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(176) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0x7c (124) [55] : 0x00 (0) [56] : 0x05 (5) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x18 (24) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x02 (2) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x20 (32) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0x20 (32) [101] : 0x02 (2) [102] : 0x00 (0) [103] : 0x00 (0) [104] : 0x00 (0) [105] : 0x02 (2) [106] : 0x18 (24) [107] : 0x00 (0) [108] : 0x0c (12) [109] : 0x00 (0) [110] : 0x0f (15) [111] : 0x10 (16) [112] : 0x01 (1) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x00 (0) [118] : 0x00 (0) [119] : 0x05 (5) [120] : 0x20 (32) [121] : 0x00 (0) [122] : 0x00 (0) [123] : 0x00 (0) [124] : 0x20 (32) [125] : 0x02 (2) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x09 (9) [130] : 0x18 (24) [131] : 0x00 (0) [132] : 0x0c (12) [133] : 0x00 (0) [134] : 0x0f (15) [135] : 0x10 (16) [136] : 0x01 (1) [137] : 0x02 (2) [138] : 0x00 (0) [139] : 0x00 (0) [140] : 0x00 (0) [141] : 0x00 (0) [142] : 0x00 (0) [143] : 0x05 (5) [144] : 0x20 (32) [145] : 0x00 (0) [146] : 0x00 (0) [147] : 0x00 (0) [148] : 0x26 (38) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x02 (2) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x26 (38) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x000000b0 (176) result : WERR_OK [2014/06/18 06:18:05.431071, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000043-0000-0000-a053-c5e164160000 [2014/06/18 06:18:05.431203, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 43 00 00 00 00 00 00 00 A0 53 C5 E1 ....C... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.431266, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 43 00 00 00 00 00 00 00 A0 53 C5 E1 ....C... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.431316, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2014/06/18 06:18:05.431343, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2014/06/18 06:18:05.431369, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2014/06/18 06:18:05.431475, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000042-0000-0000-a053-c5e164160000 [2014/06/18 06:18:05.431552, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 42 00 00 00 00 00 00 00 A0 53 C5 E1 ....B... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.431601, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 42 00 00 00 00 00 00 00 A0 53 C5 E1 ....B... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.431649, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2014/06/18 06:18:05.431673, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2014/06/18 06:18:05.431697, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2014/06/18 06:18:05.431794, 10, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) Deleted handle list for RPC connection \winreg [2014/06/18 06:18:05.431825, 10, pid=5732, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x20020008 to 0x00020008 [2014/06/18 06:18:05.431849, 10, pid=5732, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2014/06/18 06:18:05.431873, 10, pid=5732, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2014/06/18 06:18:05.431896, 10, pid=5732, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2014/06/18 06:18:05.431919, 10, pid=5732, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2014/06/18 06:18:05.431943, 4, pid=5732, effective(99, 99), real(99, 0)] ../source3/printing/nt_printing.c:1844(print_access_check) access check was SUCCESS [2014/06/18 06:18:05.431993, 4, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) Create pipe requested \winreg [2014/06/18 06:18:05.432025, 10, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2014/06/18 06:18:05.432051, 10, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2014/06/18 06:18:05.432100, 4, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) Created internal pipe \winreg [2014/06/18 06:18:05.432140, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2014/06/18 06:18:05.432273, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2014/06/18 06:18:05.432298, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2014/06/18 06:18:05.432324, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2014/06/18 06:18:05.432348, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2014/06/18 06:18:05.432373, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:05.432396, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM] [2014/06/18 06:18:05.432439, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2014/06/18 06:18:05.432481, 10, pid=5732, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0x20019, remaining = 0x20019 [2014/06/18 06:18:05.432509, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 44 00 00 00 00 00 00 00 A0 53 C5 E1 ....D... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.432560, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000044-0000-0000-a053-c5e164160000 result : WERR_OK [2014/06/18 06:18:05.432663, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000044-0000-0000-a053-c5e164160000 keyname: struct winreg_String name_len : 0x0084 (132) name_size : 0x0084 (132) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2014/06/18 06:18:05.432923, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 44 00 00 00 00 00 00 00 A0 53 C5 E1 ....D... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.432973, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2014/06/18 06:18:05.432998, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2014/06/18 06:18:05.433024, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2014/06/18 06:18:05.433048, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2014/06/18 06:18:05.433080, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:05.433104, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM\SOFTWARE] [2014/06/18 06:18:05.433152, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2014/06/18 06:18:05.433192, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2014/06/18 06:18:05.433220, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2014/06/18 06:18:05.433247, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2014/06/18 06:18:05.433271, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2014/06/18 06:18:05.433296, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:05.433320, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM\SOFTWARE\Microsoft] [2014/06/18 06:18:05.433361, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2014/06/18 06:18:05.433399, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2014/06/18 06:18:05.433427, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2014/06/18 06:18:05.433454, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2014/06/18 06:18:05.433478, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2014/06/18 06:18:05.433503, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:05.433527, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2014/06/18 06:18:05.433565, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2014/06/18 06:18:05.433603, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2014/06/18 06:18:05.433630, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2014/06/18 06:18:05.433658, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2014/06/18 06:18:05.433682, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2014/06/18 06:18:05.433707, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:05.433731, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x463360 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2014/06/18 06:18:05.433787, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2014/06/18 06:18:05.433815, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2014/06/18 06:18:05.433842, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2014/06/18 06:18:05.433867, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2014/06/18 06:18:05.433893, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:05.433917, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x463360 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2014/06/18 06:18:05.433958, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2014/06/18 06:18:05.433986, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (8->9) [2014/06/18 06:18:05.434013, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2014/06/18 06:18:05.434038, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2014/06/18 06:18:05.434065, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:05.434088, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2014/06/18 06:18:05.434127, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2014/06/18 06:18:05.434166, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [print] [2014/06/18 06:18:05.434193, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (9->10) [2014/06/18 06:18:05.434220, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.434244, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.434271, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:05.434294, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.434342, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.434382, 10, pid=5732, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0x20019, remaining = 0x20019 [2014/06/18 06:18:05.434410, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (10->9) [2014/06/18 06:18:05.434436, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (9->8) [2014/06/18 06:18:05.434462, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2014/06/18 06:18:05.434487, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2014/06/18 06:18:05.434512, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2014/06/18 06:18:05.434537, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2014/06/18 06:18:05.434563, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 45 00 00 00 00 00 00 00 A0 53 C5 E1 ....E... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.434613, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000045-0000-0000-a053-c5e164160000 result : WERR_OK [2014/06/18 06:18:05.434717, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey in: struct winreg_QueryInfoKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000045-0000-0000-a053-c5e164160000 classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL [2014/06/18 06:18:05.434848, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 45 00 00 00 00 00 00 00 A0 53 C5 E1 ....E... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.434901, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print' (ops 0x6c4bc0) [2014/06/18 06:18:05.434927, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.434968, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2014/06/18 06:18:05.434996, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Description] len[2] [2014/06/18 06:18:05.435023, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[Datatype] len[8] [2014/06/18 06:18:05.435049, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[Default Priority] len[4] [2014/06/18 06:18:05.435075, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[Port] len[38] [2014/06/18 06:18:05.435102, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Name] len[12] [2014/06/18 06:18:05.435128, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[Print Processor] len[18] [2014/06/18 06:18:05.435155, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[7]: name[Priority] len[4] [2014/06/18 06:18:05.435181, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[8]: name[Security] len[176] [2014/06/18 06:18:05.435208, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[9]: name[Share Name] len[12] [2014/06/18 06:18:05.435235, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[10]: name[StartTime] len[4] [2014/06/18 06:18:05.435261, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[11]: name[UntilTime] len[4] [2014/06/18 06:18:05.435288, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[12]: name[ChangeID] len[4] [2014/06/18 06:18:05.435314, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.435352, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey out: struct winreg_QueryInfoKey classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL num_subkeys : * num_subkeys : 0x00000003 (3) max_subkeylen : * max_subkeylen : 0x00000022 (34) max_classlen : * max_classlen : 0x00000000 (0) num_values : * num_values : 0x0000000d (13) max_valnamelen : * max_valnamelen : 0x00000022 (34) max_valbufsize : * max_valbufsize : 0x000000b0 (176) secdescsize : * secdescsize : 0x00000078 (120) last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2014/06/18 06:18:05.435621, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000045-0000-0000-a053-c5e164160000 enum_index : 0x00000000 (0) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000b0 (176) length : * length : 0x00000000 (0) [2014/06/18 06:18:05.435843, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 45 00 00 00 00 00 00 00 A0 53 C5 E1 ....E... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.435893, 8, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.435921, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Attributes' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x48 (72) [1] : 0x10 (16) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2014/06/18 06:18:05.436160, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000045-0000-0000-a053-c5e164160000 enum_index : 0x00000001 (1) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000b0 (176) length : * length : 0x00000000 (0) [2014/06/18 06:18:05.436390, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 45 00 00 00 00 00 00 00 A0 53 C5 E1 ....E... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.436441, 8, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.436468, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0018 (24) size : 0x0024 (36) name : * name : 'Description' type : * type : REG_SZ (1) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2014/06/18 06:18:05.436686, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000045-0000-0000-a053-c5e164160000 enum_index : 0x00000002 (2) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000b0 (176) length : * length : 0x00000000 (0) [2014/06/18 06:18:05.436908, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 45 00 00 00 00 00 00 00 A0 53 C5 E1 ....E... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.436958, 8, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.436985, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Datatype' type : * type : REG_SZ (1) value : * value: ARRAY(8) [0] : 0x52 (82) [1] : 0x00 (0) [2] : 0x41 (65) [3] : 0x00 (0) [4] : 0x57 (87) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) size : * size : 0x00000008 (8) length : * length : 0x00000008 (8) result : WERR_OK [2014/06/18 06:18:05.437268, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000045-0000-0000-a053-c5e164160000 enum_index : 0x00000003 (3) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000b0 (176) length : * length : 0x00000000 (0) [2014/06/18 06:18:05.437492, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 45 00 00 00 00 00 00 00 A0 53 C5 E1 ....E... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.437542, 8, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.437570, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0022 (34) size : 0x0024 (36) name : * name : 'Default Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2014/06/18 06:18:05.437813, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000045-0000-0000-a053-c5e164160000 enum_index : 0x00000004 (4) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000b0 (176) length : * length : 0x00000000 (0) [2014/06/18 06:18:05.438035, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 45 00 00 00 00 00 00 00 A0 53 C5 E1 ....E... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.438085, 8, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.438112, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Port' type : * type : REG_SZ (1) value : * value: ARRAY(38) [0] : 0x53 (83) [1] : 0x00 (0) [2] : 0x61 (97) [3] : 0x00 (0) [4] : 0x6d (109) [5] : 0x00 (0) [6] : 0x62 (98) [7] : 0x00 (0) [8] : 0x61 (97) [9] : 0x00 (0) [10] : 0x20 (32) [11] : 0x00 (0) [12] : 0x50 (80) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x69 (105) [17] : 0x00 (0) [18] : 0x6e (110) [19] : 0x00 (0) [20] : 0x74 (116) [21] : 0x00 (0) [22] : 0x65 (101) [23] : 0x00 (0) [24] : 0x72 (114) [25] : 0x00 (0) [26] : 0x20 (32) [27] : 0x00 (0) [28] : 0x50 (80) [29] : 0x00 (0) [30] : 0x6f (111) [31] : 0x00 (0) [32] : 0x72 (114) [33] : 0x00 (0) [34] : 0x74 (116) [35] : 0x00 (0) [36] : 0x00 (0) [37] : 0x00 (0) size : * size : 0x00000026 (38) length : * length : 0x00000026 (38) result : WERR_OK [2014/06/18 06:18:05.438680, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000045-0000-0000-a053-c5e164160000 enum_index : 0x00000005 (5) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000b0 (176) length : * length : 0x00000000 (0) [2014/06/18 06:18:05.438896, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 45 00 00 00 00 00 00 00 A0 53 C5 E1 ....E... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.438944, 8, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.438971, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Name' type : * type : REG_SZ (1) value : * value: ARRAY(12) [0] : 0x70 (112) [1] : 0x00 (0) [2] : 0x72 (114) [3] : 0x00 (0) [4] : 0x69 (105) [5] : 0x00 (0) [6] : 0x6e (110) [7] : 0x00 (0) [8] : 0x74 (116) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) size : * size : 0x0000000c (12) length : * length : 0x0000000c (12) result : WERR_OK [2014/06/18 06:18:05.439278, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000045-0000-0000-a053-c5e164160000 enum_index : 0x00000006 (6) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000b0 (176) length : * length : 0x00000000 (0) [2014/06/18 06:18:05.439493, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 45 00 00 00 00 00 00 00 A0 53 C5 E1 ....E... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.439541, 8, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.439568, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0020 (32) size : 0x0024 (36) name : * name : 'Print Processor' type : * type : REG_SZ (1) value : * value: ARRAY(18) [0] : 0x77 (119) [1] : 0x00 (0) [2] : 0x69 (105) [3] : 0x00 (0) [4] : 0x6e (110) [5] : 0x00 (0) [6] : 0x70 (112) [7] : 0x00 (0) [8] : 0x72 (114) [9] : 0x00 (0) [10] : 0x69 (105) [11] : 0x00 (0) [12] : 0x6e (110) [13] : 0x00 (0) [14] : 0x74 (116) [15] : 0x00 (0) [16] : 0x00 (0) [17] : 0x00 (0) size : * size : 0x00000012 (18) length : * length : 0x00000012 (18) result : WERR_OK [2014/06/18 06:18:05.439931, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000045-0000-0000-a053-c5e164160000 enum_index : 0x00000007 (7) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000b0 (176) length : * length : 0x00000000 (0) [2014/06/18 06:18:05.440145, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 45 00 00 00 00 00 00 00 A0 53 C5 E1 ....E... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.440193, 8, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.440220, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2014/06/18 06:18:05.440450, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000045-0000-0000-a053-c5e164160000 enum_index : 0x00000008 (8) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000b0 (176) length : * length : 0x00000000 (0) [2014/06/18 06:18:05.440668, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 45 00 00 00 00 00 00 00 A0 53 C5 E1 ....E... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.440716, 8, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.440743, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Security' type : * type : REG_BINARY (3) value : * value: ARRAY(176) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0x7c (124) [55] : 0x00 (0) [56] : 0x05 (5) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x18 (24) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x02 (2) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x20 (32) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0x20 (32) [101] : 0x02 (2) [102] : 0x00 (0) [103] : 0x00 (0) [104] : 0x00 (0) [105] : 0x02 (2) [106] : 0x18 (24) [107] : 0x00 (0) [108] : 0x0c (12) [109] : 0x00 (0) [110] : 0x0f (15) [111] : 0x10 (16) [112] : 0x01 (1) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x00 (0) [118] : 0x00 (0) [119] : 0x05 (5) [120] : 0x20 (32) [121] : 0x00 (0) [122] : 0x00 (0) [123] : 0x00 (0) [124] : 0x20 (32) [125] : 0x02 (2) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x09 (9) [130] : 0x18 (24) [131] : 0x00 (0) [132] : 0x0c (12) [133] : 0x00 (0) [134] : 0x0f (15) [135] : 0x10 (16) [136] : 0x01 (1) [137] : 0x02 (2) [138] : 0x00 (0) [139] : 0x00 (0) [140] : 0x00 (0) [141] : 0x00 (0) [142] : 0x00 (0) [143] : 0x05 (5) [144] : 0x20 (32) [145] : 0x00 (0) [146] : 0x00 (0) [147] : 0x00 (0) [148] : 0x26 (38) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x02 (2) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x26 (38) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) size : * size : 0x000000b0 (176) length : * length : 0x000000b0 (176) result : WERR_OK [2014/06/18 06:18:05.442640, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000045-0000-0000-a053-c5e164160000 enum_index : 0x00000009 (9) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000b0 (176) length : * length : 0x00000000 (0) [2014/06/18 06:18:05.442859, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 45 00 00 00 00 00 00 00 A0 53 C5 E1 ....E... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.442908, 8, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.442935, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Share Name' type : * type : REG_SZ (1) value : * value: ARRAY(12) [0] : 0x70 (112) [1] : 0x00 (0) [2] : 0x72 (114) [3] : 0x00 (0) [4] : 0x69 (105) [5] : 0x00 (0) [6] : 0x6e (110) [7] : 0x00 (0) [8] : 0x74 (116) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) size : * size : 0x0000000c (12) length : * length : 0x0000000c (12) result : WERR_OK [2014/06/18 06:18:05.443240, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000045-0000-0000-a053-c5e164160000 enum_index : 0x0000000a (10) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000b0 (176) length : * length : 0x00000000 (0) [2014/06/18 06:18:05.443457, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 45 00 00 00 00 00 00 00 A0 53 C5 E1 ....E... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.443506, 8, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.443532, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'StartTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2014/06/18 06:18:05.443762, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000045-0000-0000-a053-c5e164160000 enum_index : 0x0000000b (11) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000b0 (176) length : * length : 0x00000000 (0) [2014/06/18 06:18:05.443977, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 45 00 00 00 00 00 00 00 A0 53 C5 E1 ....E... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.444026, 8, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.444056, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'UntilTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2014/06/18 06:18:05.444287, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000045-0000-0000-a053-c5e164160000 enum_index : 0x0000000c (12) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000b0 (176) length : * length : 0x00000000 (0) [2014/06/18 06:18:05.444503, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 45 00 00 00 00 00 00 00 A0 53 C5 E1 ....E... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.444551, 8, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.444578, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'ChangeID' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x5e (94) [1] : 0x01 (1) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2014/06/18 06:18:05.444831, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000045-0000-0000-a053-c5e164160000 value_name : * value_name: struct winreg_String name_len : 0x0020 (32) name_size : 0x0020 (32) name : * name : 'Default DevMode' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2014/06/18 06:18:05.445033, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 45 00 00 00 00 00 00 00 A0 53 C5 E1 ....E... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.445081, 7, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.445106, 7, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2014/06/18 06:18:05.445132, 10, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:316(_winreg_QueryValue) _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE [2014/06/18 06:18:05.445157, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) result : WERR_BADFILE [2014/06/18 06:18:05.445285, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2014/06/18 06:18:05.445415, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2014/06/18 06:18:05.445441, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2014/06/18 06:18:05.445470, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2014/06/18 06:18:05.445494, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2014/06/18 06:18:05.445517, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:05.445540, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM] [2014/06/18 06:18:05.445581, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2014/06/18 06:18:05.445619, 10, pid=5732, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0x20019, remaining = 0x20019 [2014/06/18 06:18:05.445647, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 46 00 00 00 00 00 00 00 A0 53 C5 E1 ....F... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.445698, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000046-0000-0000-a053-c5e164160000 result : WERR_OK [2014/06/18 06:18:05.445800, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000046-0000-0000-a053-c5e164160000 keyname: struct winreg_String name_len : 0x0084 (132) name_size : 0x0084 (132) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2014/06/18 06:18:05.446054, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 46 00 00 00 00 00 00 00 A0 53 C5 E1 ....F... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.446105, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2014/06/18 06:18:05.446130, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2014/06/18 06:18:05.446159, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2014/06/18 06:18:05.446183, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2014/06/18 06:18:05.446207, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:05.446230, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM\SOFTWARE] [2014/06/18 06:18:05.446273, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2014/06/18 06:18:05.446312, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2014/06/18 06:18:05.446338, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2014/06/18 06:18:05.446364, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2014/06/18 06:18:05.446388, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2014/06/18 06:18:05.446412, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:05.446435, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM\SOFTWARE\Microsoft] [2014/06/18 06:18:05.446474, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2014/06/18 06:18:05.446512, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2014/06/18 06:18:05.446538, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2014/06/18 06:18:05.446564, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2014/06/18 06:18:05.446587, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2014/06/18 06:18:05.446612, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:05.446635, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2014/06/18 06:18:05.446672, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2014/06/18 06:18:05.446709, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2014/06/18 06:18:05.446743, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (8->9) [2014/06/18 06:18:05.446892, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2014/06/18 06:18:05.446925, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2014/06/18 06:18:05.446975, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:05.447013, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x463360 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2014/06/18 06:18:05.447117, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2014/06/18 06:18:05.447150, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (9->10) [2014/06/18 06:18:05.447190, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2014/06/18 06:18:05.447255, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2014/06/18 06:18:05.447304, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:05.447367, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x463360 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2014/06/18 06:18:05.447602, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2014/06/18 06:18:05.447632, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (10->11) [2014/06/18 06:18:05.447660, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2014/06/18 06:18:05.447686, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2014/06/18 06:18:05.447714, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:05.447738, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2014/06/18 06:18:05.447780, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2014/06/18 06:18:05.447822, 7, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [print] [2014/06/18 06:18:05.447850, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (11->12) [2014/06/18 06:18:05.447879, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.447908, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.447936, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/06/18 06:18:05.447960, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x6c4bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.448007, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.448049, 10, pid=5732, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0x20019, remaining = 0x20019 [2014/06/18 06:18:05.448079, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (12->11) [2014/06/18 06:18:05.448106, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (11->10) [2014/06/18 06:18:05.448133, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (10->9) [2014/06/18 06:18:05.448159, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (9->8) [2014/06/18 06:18:05.448185, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2014/06/18 06:18:05.448211, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2014/06/18 06:18:05.448238, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[4] [0000] 00 00 00 00 47 00 00 00 00 00 00 00 A0 53 C5 E1 ....G... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.448290, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000047-0000-0000-a053-c5e164160000 result : WERR_OK [2014/06/18 06:18:05.448402, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000047-0000-0000-a053-c5e164160000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2014/06/18 06:18:05.448616, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 47 00 00 00 00 00 00 00 A0 53 C5 E1 ....G... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.448669, 7, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.448694, 7, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2014/06/18 06:18:05.448720, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print' (ops 0x6c4bc0) [2014/06/18 06:18:05.448746, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.448785, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2014/06/18 06:18:05.448814, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Description] len[2] [2014/06/18 06:18:05.448842, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[Datatype] len[8] [2014/06/18 06:18:05.448869, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[Default Priority] len[4] [2014/06/18 06:18:05.448897, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[Port] len[38] [2014/06/18 06:18:05.448924, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Name] len[12] [2014/06/18 06:18:05.448951, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[Print Processor] len[18] [2014/06/18 06:18:05.448979, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[7]: name[Priority] len[4] [2014/06/18 06:18:05.449007, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[8]: name[Security] len[176] [2014/06/18 06:18:05.449035, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[9]: name[Share Name] len[12] [2014/06/18 06:18:05.449063, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[10]: name[StartTime] len[4] [2014/06/18 06:18:05.449090, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[11]: name[UntilTime] len[4] [2014/06/18 06:18:05.449122, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[12]: name[ChangeID] len[4] [2014/06/18 06:18:05.449150, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2014/06/18 06:18:05.449285, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000047-0000-0000-a053-c5e164160000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x00000000 (0) [2014/06/18 06:18:05.449506, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 47 00 00 00 00 00 00 00 A0 53 C5 E1 ....G... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.449559, 7, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\print] [2014/06/18 06:18:05.449585, 7, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2014/06/18 06:18:05.449613, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(176) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0x7c (124) [55] : 0x00 (0) [56] : 0x05 (5) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x18 (24) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x02 (2) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x20 (32) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0x20 (32) [101] : 0x02 (2) [102] : 0x00 (0) [103] : 0x00 (0) [104] : 0x00 (0) [105] : 0x02 (2) [106] : 0x18 (24) [107] : 0x00 (0) [108] : 0x0c (12) [109] : 0x00 (0) [110] : 0x0f (15) [111] : 0x10 (16) [112] : 0x01 (1) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x00 (0) [118] : 0x00 (0) [119] : 0x05 (5) [120] : 0x20 (32) [121] : 0x00 (0) [122] : 0x00 (0) [123] : 0x00 (0) [124] : 0x20 (32) [125] : 0x02 (2) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x09 (9) [130] : 0x18 (24) [131] : 0x00 (0) [132] : 0x0c (12) [133] : 0x00 (0) [134] : 0x0f (15) [135] : 0x10 (16) [136] : 0x01 (1) [137] : 0x02 (2) [138] : 0x00 (0) [139] : 0x00 (0) [140] : 0x00 (0) [141] : 0x00 (0) [142] : 0x00 (0) [143] : 0x05 (5) [144] : 0x20 (32) [145] : 0x00 (0) [146] : 0x00 (0) [147] : 0x00 (0) [148] : 0x26 (38) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x02 (2) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x26 (38) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x000000b0 (176) result : WERR_OK [2014/06/18 06:18:05.451559, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000047-0000-0000-a053-c5e164160000 [2014/06/18 06:18:05.451647, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 47 00 00 00 00 00 00 00 A0 53 C5 E1 ....G... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.451701, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 47 00 00 00 00 00 00 00 A0 53 C5 E1 ....G... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.451753, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2014/06/18 06:18:05.451783, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2014/06/18 06:18:05.451811, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2014/06/18 06:18:05.451914, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000046-0000-0000-a053-c5e164160000 [2014/06/18 06:18:05.451997, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 46 00 00 00 00 00 00 00 A0 53 C5 E1 ....F... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.452052, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 46 00 00 00 00 00 00 00 A0 53 C5 E1 ....F... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.452101, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2014/06/18 06:18:05.452127, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2014/06/18 06:18:05.452152, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2014/06/18 06:18:05.452253, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000045-0000-0000-a053-c5e164160000 [2014/06/18 06:18:05.452334, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 45 00 00 00 00 00 00 00 A0 53 C5 E1 ....E... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.452385, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 45 00 00 00 00 00 00 00 A0 53 C5 E1 ....E... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.452437, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2014/06/18 06:18:05.452465, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2014/06/18 06:18:05.452491, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2014/06/18 06:18:05.452591, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000044-0000-0000-a053-c5e164160000 [2014/06/18 06:18:05.452677, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 44 00 00 00 00 00 00 00 A0 53 C5 E1 ....D... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.452731, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 44 00 00 00 00 00 00 00 A0 53 C5 E1 ....D... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.452781, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2014/06/18 06:18:05.452806, 10, pid=5732, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2014/06/18 06:18:05.452831, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2014/06/18 06:18:05.452926, 10, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) Deleted handle list for RPC connection \winreg [2014/06/18 06:18:05.452974, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:2805(print_job_start) print_job_start: Queue print number of jobs (4), max printjobs = 1000 [2014/06/18 06:18:05.453009, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:2573(allocate_print_jobid) allocate_print_jobid: Read jobid 43 from print [2014/06/18 06:18:05.453058, 3, pid=5732, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:2737(print_job_spool_file) print_job_spool_file:External spooling activated [2014/06/18 06:18:05.453099, 5, pid=5732, effective(99, 99), real(99, 0)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) send_spoolss_notify2_msg: appending message 0x01/0x10 for printer print to notify_queue_head [2014/06/18 06:18:05.453128, 5, pid=5732, effective(99, 99), real(99, 0)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) send_spoolss_notify2_msg: appending message 0x01/0x03 for printer print to notify_queue_head [2014/06/18 06:18:05.453154, 5, pid=5732, effective(99, 99), real(99, 0)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) send_spoolss_notify2_msg: appending message 0x01/0x0d for printer print to notify_queue_head [2014/06/18 06:18:05.453181, 5, pid=5732, effective(99, 99), real(99, 0)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) send_spoolss_notify2_msg: appending message 0x01/0x0a for printer print to notify_queue_head [2014/06/18 06:18:05.453208, 5, pid=5732, effective(99, 99), real(99, 0)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) send_spoolss_notify2_msg: appending message 0x01/0x16 for printer print to notify_queue_head [2014/06/18 06:18:05.453235, 5, pid=5732, effective(99, 99), real(99, 0)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) send_spoolss_notify2_msg: appending message 0x01/0x14 for printer print to notify_queue_head [2014/06/18 06:18:05.453259, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:2637(add_to_jobs_added) add_to_jobs_added: Added jobid 44 [2014/06/18 06:18:05.453291, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_StartDocPrinter: struct spoolss_StartDocPrinter out: struct spoolss_StartDocPrinter job_id : * job_id : 0x0000002c (44) result : WERR_OK [2014/06/18 06:18:05.453369, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:79(pjobid_to_rap) pjobid_to_rap: called. [2014/06/18 06:18:05.453401, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:114(pjobid_to_rap) pjobid_to_rap: created jobid 44 maps to RAP jobid 5 [2014/06/18 06:18:05.453434, 8, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/dosmode.c:631(dos_mode) dos_mode: /var/spool/samba/smbprn.rjweCm [2014/06/18 06:18:05.453462, 8, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/dosmode.c:204(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2014/06/18 06:18:05.453489, 8, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/dosmode.c:682(dos_mode) dos_mode returning [2014/06/18 06:18:05.453524, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/smb2_create.c:1052(smbd_smb2_create_send) smbd_smb2_create_send: /var/spool/samba/smbprn.rjweCm - fnum 235560920 [2014/06/18 06:18:05.453556, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/smb2_server.c:2499(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[88] dyn[yes:0] at ../source3/smbd/smb2_create.c:369 [2014/06/18 06:18:05.453585, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/smb2_server.c:874(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 482/512, total granted/max/low/range 31/8192/19/31 [2014/06/18 06:18:05.454223, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/smb2_server.c:3241(smbd_smb2_io_handler) smbd_smb2_request idx[1] of 5 vectors [2014/06/18 06:18:05.454270, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/smb2_server.c:621(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 19 (position 19) from bitmap [2014/06/18 06:18:05.454299, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/smb2_server.c:1878(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_CLOSE] mid = 19 [2014/06/18 06:18:05.454330, 4, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2014/06/18 06:18:05.454362, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/smb2_close.c:185(smbd_smb2_close) smbd_smb2_close: /var/spool/samba/smbprn.rjweCm - fnum 235560920 [2014/06/18 06:18:05.454403, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_ClosePrinter: struct spoolss_ClosePrinter in: struct spoolss_ClosePrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000003d-0000-0000-a053-c5e164160000 [2014/06/18 06:18:05.454486, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3D 00 00 00 00 00 00 00 A0 53 C5 E1 ....=... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.454538, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3D 00 00 00 00 00 00 00 A0 53 C5 E1 ....=... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.454589, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3D 00 00 00 00 00 00 00 A0 53 C5 E1 ....=... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.454645, 4, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) short name:print [2014/06/18 06:18:05.454675, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:457(print_job_find) print_job_find: looking up job 44 for share print [2014/06/18 06:18:05.454708, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:485(print_job_find) print_job_find: returning system job -1 for jobid 44. [2014/06/18 06:18:05.454741, 5, pid=5732, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:2977(print_job_end) print_job_end: canceling spool of /var/spool/samba/smbprn.rjweCm (zero length) [2014/06/18 06:18:05.454774, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:457(print_job_find) print_job_find: looking up job 44 for share print [2014/06/18 06:18:05.454803, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:485(print_job_find) print_job_find: returning system job -1 for jobid 44. [2014/06/18 06:18:05.454830, 5, pid=5732, effective(99, 99), real(99, 0)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) send_spoolss_notify2_msg: appending message 0x01/0x0a for printer print to notify_queue_head [2014/06/18 06:18:05.454868, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:2093(remove_from_jobs_added) remove_from_jobs_added: removed jobid 44 [2014/06/18 06:18:05.454893, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:158(rap_jobid_delete) rap_jobid_delete: called. [2014/06/18 06:18:05.454919, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:178(rap_jobid_delete) rap_jobid_delete: deleting jobid 44 [2014/06/18 06:18:05.454947, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3D 00 00 00 00 00 00 00 A0 53 C5 E1 ....=... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.454997, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3D 00 00 00 00 00 00 00 A0 53 C5 E1 ....=... .....S.. [0010] 64 16 00 00 d... [2014/06/18 06:18:05.455045, 6, pid=5732, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2014/06/18 06:18:05.455069, 1, pid=5732, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_ClosePrinter: struct spoolss_ClosePrinter out: struct spoolss_ClosePrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2014/06/18 06:18:05.455165, 5, pid=5732, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:187(dbwrap_check_lock_order) check lock order 1 for /usr/local/samba/var/lock/smbXsrv_open_global.tdb [2014/06/18 06:18:05.455192, 10, pid=5732, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1:/usr/local/samba/var/lock/smbXsrv_open_global.tdb 2: 3: [2014/06/18 06:18:05.455219, 10, pid=5732, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Locking key 7715422D [2014/06/18 06:18:05.455247, 10, pid=5732, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) Allocated locked data 0x0xb65a1778 [2014/06/18 06:18:05.455278, 10, pid=5732, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Unlocking key 7715422D [2014/06/18 06:18:05.455304, 5, pid=5732, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) release lock order 1 for /usr/local/samba/var/lock/smbXsrv_open_global.tdb [2014/06/18 06:18:05.455328, 10, pid=5732, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1: 2: 3: [2014/06/18 06:18:05.455357, 5, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/files.c:525(file_free) freed files structure 235560920 (0 used) [2014/06/18 06:18:05.455390, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/smb2_server.c:2499(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[60] dyn[no:0] at ../source3/smbd/smb2_close.c:139 [2014/06/18 06:18:05.455417, 10, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/smb2_server.c:874(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 482/512, total granted/max/low/range 31/8192/20/31 [2014/06/18 06:18:06.367246, 4, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2014/06/18 06:18:06.367362, 5, pid=5732, effective(99, 99), real(99, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2014/06/18 06:18:06.367420, 5, pid=5732, effective(99, 99), real(99, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2014/06/18 06:18:06.367511, 5, pid=5732, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:425(smbd_change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2014/06/18 06:18:06.367617, 5, pid=5732, effective(0, 0), real(0, 0)] ../source3/printing/notify.c:180(print_notify_send_messages_to_printer) print_notify_send_messages_to_printer: sending 21 print notify messages to printer print [2014/06/18 06:18:19.861281, 10, pid=5732, effective(0, 0), real(0, 0)] ../source3/smbd/smb2_server.c:3241(smbd_smb2_io_handler) smbd_smb2_request idx[1] of 5 vectors [2014/06/18 06:18:19.861394, 10, pid=5732, effective(0, 0), real(0, 0)] ../source3/smbd/smb2_server.c:621(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 20 (position 20) from bitmap [2014/06/18 06:18:19.861464, 10, pid=5732, effective(0, 0), real(0, 0)] ../source3/smbd/smb2_server.c:1878(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_TDIS] mid = 20 [2014/06/18 06:18:19.861546, 4, pid=5732, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (99, 99) - sec_ctx_stack_ndx = 0 [2014/06/18 06:18:19.861611, 5, pid=5732, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (6): SID[ 0]: S-1-5-21-1412259249-3212819653-634731678-501 SID[ 1]: S-1-5-21-1412259249-3212819653-634731678-514 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-32-546 SID[ 5]: S-1-22-1-99 Privileges (0x 0): Rights (0x 0): [2014/06/18 06:18:19.861854, 5, pid=5732, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 99 Primary group is 99 and contains 0 supplementary groups [2014/06/18 06:18:19.861950, 5, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) Impersonated user: uid=(99,99), gid=(0,99) [2014/06/18 06:18:19.862017, 4, pid=5732, effective(99, 99), real(99, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2014/06/18 06:18:19.862075, 5, pid=5732, effective(99, 99), real(99, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2014/06/18 06:18:19.862132, 5, pid=5732, effective(99, 99), real(99, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2014/06/18 06:18:19.862218, 5, pid=5732, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:425(smbd_change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2014/06/18 06:18:19.862287, 5, pid=5732, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:187(dbwrap_check_lock_order) check lock order 1 for /usr/local/samba/var/lock/smbXsrv_tcon_global.tdb [2014/06/18 06:18:19.862347, 10, pid=5732, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1:/usr/local/samba/var/lock/smbXsrv_tcon_global.tdb 2: 3: [2014/06/18 06:18:19.862420, 10, pid=5732, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Locking key A16EC242 [2014/06/18 06:18:19.862492, 10, pid=5732, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) Allocated locked data 0x0xb65acbd0 [2014/06/18 06:18:19.862568, 10, pid=5732, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Unlocking key A16EC242 [2014/06/18 06:18:19.862632, 5, pid=5732, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) release lock order 1 for /usr/local/samba/var/lock/smbXsrv_tcon_global.tdb [2014/06/18 06:18:19.862690, 10, pid=5732, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1: 2: 3: [2014/06/18 06:18:19.862767, 4, pid=5732, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2014/06/18 06:18:19.862829, 5, pid=5732, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2014/06/18 06:18:19.862886, 5, pid=5732, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2014/06/18 06:18:19.862970, 5, pid=5732, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:425(smbd_change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2014/06/18 06:18:19.863030, 1, pid=5732, effective(0, 0), real(0, 0)] ../source3/smbd/service.c:1122(close_cnum) shivappas (ipv6:fe80::51bb:b8a:3bcd:9e1e:49878) closed connection to service print [2014/06/18 06:18:19.863111, 4, pid=5732, effective(0, 0), real(0, 0), class=vfs] ../source3/smbd/vfs.c:838(vfs_ChDir) vfs_ChDir to / [2014/06/18 06:18:19.863198, 4, pid=5732, effective(0, 0), real(0, 0), class=vfs] ../source3/smbd/vfs.c:849(vfs_ChDir) vfs_ChDir got / [2014/06/18 06:18:19.863269, 4, pid=5732, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2014/06/18 06:18:19.863329, 5, pid=5732, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2014/06/18 06:18:19.863386, 5, pid=5732, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2014/06/18 06:18:19.863470, 5, pid=5732, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:425(smbd_change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2014/06/18 06:18:19.863555, 10, pid=5732, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) Deleted handle list for RPC connection \spoolss [2014/06/18 06:18:19.863637, 10, pid=5732, effective(0, 0), real(0, 0)] ../source3/smbd/smb2_server.c:2499(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[4] dyn[no:0] at ../source3/smbd/smb2_tcon.c:449 [2014/06/18 06:18:19.863705, 10, pid=5732, effective(0, 0), real(0, 0)] ../source3/smbd/smb2_server.c:874(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 482/512, total granted/max/low/range 31/8192/21/31 [2014/06/18 06:18:19.864627, 10, pid=5732, effective(0, 0), real(0, 0)] ../source3/smbd/smb2_server.c:3241(smbd_smb2_io_handler) smbd_smb2_request idx[1] of 5 vectors [2014/06/18 06:18:19.864696, 10, pid=5732, effective(0, 0), real(0, 0)] ../source3/smbd/smb2_server.c:621(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 21 (position 21) from bitmap [2014/06/18 06:18:19.864760, 10, pid=5732, effective(0, 0), real(0, 0)] ../source3/smbd/smb2_server.c:1878(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_LOGOFF] mid = 21 [2014/06/18 06:18:19.864823, 4, pid=5732, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2014/06/18 06:18:19.864892, 5, pid=5732, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2014/06/18 06:18:19.864949, 5, pid=5732, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2014/06/18 06:18:19.865034, 5, pid=5732, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:425(smbd_change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2014/06/18 06:18:19.865101, 5, pid=5732, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:187(dbwrap_check_lock_order) check lock order 1 for /usr/local/samba/var/lock/smbXsrv_session_global.tdb [2014/06/18 06:18:19.865160, 10, pid=5732, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1:/usr/local/samba/var/lock/smbXsrv_session_global.tdb 2: 3: [2014/06/18 06:18:19.865223, 10, pid=5732, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Locking key 78E69D1F [2014/06/18 06:18:19.865293, 10, pid=5732, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) Allocated locked data 0x0xb659ea50 [2014/06/18 06:18:19.865377, 10, pid=5732, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Unlocking key 78E69D1F [2014/06/18 06:18:19.865442, 5, pid=5732, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) release lock order 1 for /usr/local/samba/var/lock/smbXsrv_session_global.tdb [2014/06/18 06:18:19.865501, 10, pid=5732, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1: 2: 3: [2014/06/18 06:18:19.865601, 10, pid=5732, effective(0, 0), real(0, 0)] ../source3/smbd/smb2_server.c:2499(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[4] dyn[no:0] at ../source3/smbd/smb2_sesssetup.c:793 [2014/06/18 06:18:19.865670, 10, pid=5732, effective(0, 0), real(0, 0)] ../source3/smbd/smb2_server.c:874(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 482/512, total granted/max/low/range 31/8192/22/31 [2014/06/18 06:18:19.869010, 10, pid=5732, effective(0, 0), real(0, 0)] ../source3/smbd/smb2_server.c:1002(smbd_server_connection_terminate_ex) smbd_server_connection_terminate_ex: reason[NT_STATUS_CONNECTION_RESET] at ../source3/smbd/smb2_server.c:3293 [2014/06/18 06:18:19.869161, 4, pid=5732, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2014/06/18 06:18:19.869270, 5, pid=5732, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2014/06/18 06:18:19.869373, 5, pid=5732, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2014/06/18 06:18:19.869525, 5, pid=5732, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:425(smbd_change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2014/06/18 06:18:19.869639, 4, pid=5732, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2014/06/18 06:18:19.869745, 5, pid=5732, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2014/06/18 06:18:19.869846, 5, pid=5732, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2014/06/18 06:18:19.869995, 5, pid=5732, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:425(smbd_change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2014/06/18 06:18:19.870108, 5, pid=5732, effective(0, 0), real(0, 0)] ../source3/lib/messages.c:340(messaging_deregister) Deregistering messaging pointer for type 1536 - private_data=0xb65aa1d0 [2014/06/18 06:18:19.870307, 3, pid=5732, effective(0, 0), real(0, 0)] ../source3/smbd/server_exit.c:212(exit_server_common) Server exit (NT_STATUS_CONNECTION_RESET)