The Samba-Bugzilla – Attachment 1128 Details for
Bug 2562
Unable to join domain from XP Pro
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
Debug output
xpnorton.debug (text/plain), 692.89 KB, created by
Misty Stanley-Jones
on 2005-03-31 12:10:29 UTC
(
hide
)
Description:
Debug output
Filename:
MIME Type:
Creator:
Misty Stanley-Jones
Created:
2005-03-31 12:10:29 UTC
Size:
692.89 KB
patch
obsolete
>[2005/03/31 14:07:39, 6] param/loadparm.c:lp_file_list_changed(2707) > lp_file_list_changed() > file /usr/local/samba/lib/special.smb -> /usr/local/samba/lib/special.smb last mod_time: Wed Jan 26 16:18:40 2005 > > file /usr/local/samba/lib/bhpro.smb -> /usr/local/samba/lib/bhpro.smb last mod_time: Mon Mar 14 10:04:30 2005 > > file /usr/local/samba/lib/printers.smb -> /usr/local/samba/lib/printers.smb last mod_time: Wed Jan 26 08:36:49 2005 > > file /usr/local/samba/lib/smb.conf -> /usr/local/samba/lib/smb.conf last mod_time: Thu Mar 31 14:06:59 2005 > >[2005/03/31 14:07:39, 5] smbd/reply.c:reply_special(283) > init msg_type=0x81 msg_flags=0x0 >[2005/03/31 14:07:39, 6] lib/util_sock.c:write_socket(449) > write_socket(25,4) >[2005/03/31 14:07:39, 6] lib/util_sock.c:write_socket(452) > write_socket(25,4) wrote 4 >[2005/03/31 14:07:39, 6] param/loadparm.c:lp_file_list_changed(2707) > lp_file_list_changed() > file /usr/local/samba/lib/special.smb -> /usr/local/samba/lib/special.smb last mod_time: Wed Jan 26 16:18:40 2005 > > file /usr/local/samba/lib/bhpro.smb -> /usr/local/samba/lib/bhpro.smb last mod_time: Mon Mar 14 10:04:30 2005 > > file /usr/local/samba/lib/printers.smb -> /usr/local/samba/lib/printers.smb last mod_time: Wed Jan 26 08:36:49 2005 > > file /usr/local/samba/lib/smb.conf -> /usr/local/samba/lib/smb.conf last mod_time: Thu Mar 31 14:06:59 2005 > >[2005/03/31 14:07:39, 4] lib/username.c:map_username(132) > Scanning username map /usr/local/samba/lib/smbusers >[2005/03/31 14:07:39, 10] lib/username.c:user_in_list(529) > user_in_list: checking user root in list >[2005/03/31 14:07:39, 10] lib/username.c:user_in_list(533) > user_in_list: checking user |root| against |administrator| >[2005/03/31 14:07:39, 5] auth/auth_util.c:make_user_info_map(224) > make_user_info_map: Mapping user [CORP]\[root] from workstation [XPNORTON] >[2005/03/31 14:07:39, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2005/03/31 14:07:39, 3] smbd/uid.c:push_conn_ctx(365) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2005/03/31 14:07:39, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2005/03/31 14:07:39, 5] auth/auth_util.c:debug_nt_user_token(485) > NT user token: (NULL) >[2005/03/31 14:07:39, 5] auth/auth_util.c:debug_unix_user_token(506) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2005/03/31 14:07:39, 5] auth/auth_util.c:is_trusted_domain(1560) > is_trusted_domain: Checking for domain trust with [CORP] >[2005/03/31 14:07:39, 5] passdb/secrets.c:secrets_fetch_trusted_domain_password(334) > secrets_fetch failed! >[2005/03/31 14:07:39, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2005/03/31 14:07:39, 10] lib/gencache.c:gencache_get(285) > Cache entry with key = TDOM/CORP couldn't be found >[2005/03/31 14:07:39, 5] libsmb/trustdom_cache.c:trustdom_cache_fetch(184) > no entry for trusted domain CORP found. >[2005/03/31 14:07:39, 5] auth/auth_util.c:make_user_info(132) > attempting to make a user_info for root (root) >[2005/03/31 14:07:39, 5] auth/auth_util.c:make_user_info(142) > making strings for root's user_info struct >[2005/03/31 14:07:39, 5] auth/auth_util.c:make_user_info(184) > making blobs for root's user_info struct >[2005/03/31 14:07:39, 10] auth/auth_util.c:make_user_info(200) > made an encrypted user_info for root (root) >[2005/03/31 14:07:39, 3] auth/auth.c:check_ntlm_password(219) > check_ntlm_password: Checking password for unmapped user [CORP]\[root]@[XPNORTON] with the new password interface >[2005/03/31 14:07:39, 3] auth/auth.c:check_ntlm_password(222) > check_ntlm_password: mapped user is: [CORP]\[root]@[XPNORTON] >[2005/03/31 14:07:39, 10] auth/auth.c:check_ntlm_password(231) > check_ntlm_password: auth_context challenge created by NTLMSSP callback (NTLM2) >[2005/03/31 14:07:39, 10] auth/auth.c:check_ntlm_password(233) > challenge is: >[2005/03/31 14:07:39, 5] lib/util.c:dump_data(1995) > [000] E9 F9 02 1C B0 8D 15 EE ........ >[2005/03/31 14:07:39, 10] auth/auth.c:check_ntlm_password(259) > check_ntlm_password: guest had nothing to say >[2005/03/31 14:07:39, 8] lib/util.c:is_myname(1815) > is_myname("CORP") returns 0 >[2005/03/31 14:07:39, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2005/03/31 14:07:39, 3] smbd/uid.c:push_conn_ctx(365) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2005/03/31 14:07:39, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2005/03/31 14:07:39, 5] auth/auth_util.c:debug_nt_user_token(485) > NT user token: (NULL) >[2005/03/31 14:07:39, 5] auth/auth_util.c:debug_unix_user_token(506) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2005/03/31 14:07:39, 5] lib/smbldap.c:smbldap_search(1038) > smbldap_search: base => [dc=borkholder,dc=com], filter => [(&(uid=root)(objectclass=sambaSamAccount))], scope => [2] >[2005/03/31 14:07:39, 5] lib/smbldap.c:smbldap_close(949) > The connection to the LDAP server was closed >[2005/03/31 14:07:39, 10] lib/smbldap.c:smbldap_open_connection(596) > smbldap_open_connection: ldap://localhost >[2005/03/31 14:07:39, 2] lib/smbldap.c:smbldap_open_connection(692) > smbldap_open_connection: connection opened >[2005/03/31 14:07:39, 10] lib/smbldap.c:smbldap_connect_system(824) > ldap_connect_system: Binding to ldap server ldap://localhost as "cn=Manager,dc=borkholder,dc=com" >[2005/03/31 14:07:39, 3] lib/smbldap.c:smbldap_connect_system(866) > ldap_connect_system: succesful connection to the LDAP server > ldap_connect_system: LDAP server does support paged results >[2005/03/31 14:07:39, 4] lib/smbldap.c:smbldap_open(929) > The LDAP server is succesfully connected >[2005/03/31 14:07:39, 10] lib/util_sock.c:read_socket_data(378) > read_socket_data: recv of 4 returned 0. Error = Success >[2005/03/31 14:07:39, 10] lib/util_sock.c:receive_smb_raw(556) > receive_smb_raw: length < 0! >[2005/03/31 14:07:39, 3] smbd/process.c:timeout_processing(1334) > timeout_processing: End of file from client (client has disconnected). >[2005/03/31 14:07:39, 5] lib/gencache.c:gencache_shutdown(88) > Closing cache file >[2005/03/31 14:07:39, 5] libsmb/namecache.c:namecache_shutdown(79) > namecache_shutdown: netbios namecache closed successfully. >[2005/03/31 14:07:39, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2005/03/31 14:07:39, 5] auth/auth_util.c:debug_nt_user_token(485) > NT user token: (NULL) >[2005/03/31 14:07:39, 5] auth/auth_util.c:debug_unix_user_token(506) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2005/03/31 14:07:39, 5] smbd/uid.c:change_to_root_user(296) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2005/03/31 14:07:39, 2] smbd/server.c:exit_server(609) > Closing connections >[2005/03/31 14:07:39, 3] smbd/connection.c:yield_connection(69) > Yielding connection to >[2005/03/31 14:07:39, 3] smbd/connection.c:yield_connection(76) > yield_connection: tdb_delete for name failed with error Record does not exist. >[2005/03/31 14:07:39, 5] smbd/oplock.c:receive_local_message(107) > receive_local_message: doing select with timeout of 1 ms >[2005/03/31 14:07:39, 2] passdb/pdb_ldap.c:init_sam_from_ldap(499) > init_sam_from_ldap: Entry found for user: root >[2005/03/31 14:07:39, 10] passdb/pdb_get_set.c:pdb_set_username(617) > pdb_set_username: setting username root, was >[2005/03/31 14:07:39, 10] passdb/pdb_get_set.c:pdb_set_domain(644) > pdb_set_domain: setting domain CORP, was >[2005/03/31 14:07:39, 10] passdb/pdb_get_set.c:pdb_set_nt_username(671) > pdb_set_nt_username: setting nt username root, was >[2005/03/31 14:07:39, 10] passdb/pdb_get_set.c:pdb_set_user_sid_from_string(557) > pdb_set_user_sid_from_string: setting user sid S-1-5-21-725326080-1709766072-2910717368-500 >[2005/03/31 14:07:39, 10] passdb/pdb_get_set.c:pdb_set_user_sid(544) > pdb_set_user_sid: setting user sid S-1-5-21-725326080-1709766072-2910717368-500 >[2005/03/31 14:07:39, 10] passdb/pdb_get_set.c:pdb_set_group_sid_from_string(592) > pdb_set_group_sid_from_string: setting group sid S-1-5-21-725326080-1709766072-2910717368-513 >[2005/03/31 14:07:39, 10] passdb/pdb_get_set.c:pdb_set_group_sid(580) > pdb_set_group_sid: setting group sid S-1-5-21-725326080-1709766072-2910717368-513 >[2005/03/31 14:07:39, 10] lib/smbldap.c:smbldap_get_single_attribute(358) > smbldap_get_single_attribute: [displayName] = [<does not exist>] >[2005/03/31 14:07:39, 10] passdb/pdb_get_set.c:pdb_set_fullname(698) > pdb_set_full_name: setting full name root, was >[2005/03/31 14:07:39, 10] lib/smbldap.c:smbldap_get_single_attribute(358) > smbldap_get_single_attribute: [sambaHomeDrive] = [<does not exist>] >[2005/03/31 14:07:39, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(779) > pdb_set_dir_drive: setting dir drive H:, was NULL >[2005/03/31 14:07:39, 10] lib/smbldap.c:smbldap_get_single_attribute(358) > smbldap_get_single_attribute: [sambaHomePath] = [<does not exist>] >[2005/03/31 14:07:39, 10] passdb/pdb_get_set.c:pdb_set_homedir(806) > pdb_set_homedir: setting home dir \\corpsrv\root, was >[2005/03/31 14:07:39, 10] lib/smbldap.c:smbldap_get_single_attribute(358) > smbldap_get_single_attribute: [sambaLogonScript] = [<does not exist>] >[2005/03/31 14:07:39, 10] passdb/pdb_get_set.c:pdb_set_logon_script(725) > pdb_set_logon_script: setting logon script logon.bat, was >[2005/03/31 14:07:39, 10] lib/smbldap.c:smbldap_get_single_attribute(358) > smbldap_get_single_attribute: [sambaProfilePath] = [<does not exist>] >[2005/03/31 14:07:39, 10] passdb/pdb_get_set.c:pdb_set_profile_path(752) > pdb_set_profile_path: setting profile path \\corpsrv\profiles\root\WinXP, was >[2005/03/31 14:07:39, 10] lib/smbldap.c:smbldap_get_single_attribute(358) > smbldap_get_single_attribute: [description] = [<does not exist>] >[2005/03/31 14:07:39, 10] lib/smbldap.c:smbldap_get_single_attribute(358) > smbldap_get_single_attribute: [sambaUserWorkstations] = [<does not exist>] >[2005/03/31 14:07:39, 10] lib/smbldap.c:smbldap_get_single_attribute(358) > smbldap_get_single_attribute: [sambaMungedDial] = [<does not exist>] >[2005/03/31 14:07:39, 10] lib/account_pol.c:account_policy_get(210) > account_policy_get: password history:0 >[2005/03/31 14:07:39, 10] lib/smbldap.c:smbldap_get_single_attribute(358) > smbldap_get_single_attribute: [sambaBadPasswordCount] = [<does not exist>] >[2005/03/31 14:07:39, 10] lib/smbldap.c:smbldap_get_single_attribute(358) > smbldap_get_single_attribute: [sambaBadPasswordTime] = [<does not exist>] >[2005/03/31 14:07:39, 10] lib/smbldap.c:smbldap_get_single_attribute(358) > smbldap_get_single_attribute: [sambaLogonHours] = [<does not exist>] >[2005/03/31 14:07:39, 5] passdb/login_cache.c:login_cache_init(41) > Opening cache file at /usr/local/samba/var/locks/login_cache.tdb >[2005/03/31 14:07:39, 7] passdb/login_cache.c:login_cache_read(83) > Looking up login cache for user root >[2005/03/31 14:07:39, 7] passdb/login_cache.c:login_cache_read(97) > No cache entry found >[2005/03/31 14:07:39, 9] passdb/pdb_ldap.c:init_sam_from_ldap(852) > No cache entry, bad count = 0, bad time = 0 >[2005/03/31 14:07:39, 10] lib/account_pol.c:account_policy_get(210) > account_policy_get: password history:0 >[2005/03/31 14:07:39, 10] passdb/pdb_get_set.c:pdb_set_username(617) > pdb_set_username: setting username root, was >[2005/03/31 14:07:39, 10] passdb/pdb_get_set.c:pdb_set_domain(644) > pdb_set_domain: setting domain CORP, was >[2005/03/31 14:07:39, 10] passdb/pdb_get_set.c:pdb_set_nt_username(671) > pdb_set_nt_username: setting nt username root, was >[2005/03/31 14:07:39, 10] passdb/pdb_get_set.c:pdb_set_fullname(698) > pdb_set_full_name: setting full name root, was >[2005/03/31 14:07:39, 10] passdb/pdb_get_set.c:pdb_set_homedir(806) > pdb_set_homedir: setting home dir \\corpsrv\root, was >[2005/03/31 14:07:39, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(779) > pdb_set_dir_drive: setting dir drive H:, was NULL >[2005/03/31 14:07:39, 10] passdb/pdb_get_set.c:pdb_set_logon_script(725) > pdb_set_logon_script: setting logon script logon.bat, was >[2005/03/31 14:07:39, 10] passdb/pdb_get_set.c:pdb_set_profile_path(752) > pdb_set_profile_path: setting profile path \\corpsrv\profiles\root\WinXP, was >[2005/03/31 14:07:39, 10] passdb/pdb_get_set.c:pdb_set_workstations(885) > pdb_set_workstations: setting workstations , was >[2005/03/31 14:07:39, 10] lib/account_pol.c:account_policy_get(210) > account_policy_get: password history:0 >[2005/03/31 14:07:39, 10] passdb/pdb_get_set.c:pdb_set_user_sid(544) > pdb_set_user_sid: setting user sid S-1-5-21-725326080-1709766072-2910717368-500 >[2005/03/31 14:07:39, 10] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(73) > pdb_set_user_sid_from_rid: > setting user sid S-1-5-21-725326080-1709766072-2910717368-500 from rid 500 >[2005/03/31 14:07:39, 10] passdb/pdb_get_set.c:pdb_set_group_sid(580) > pdb_set_group_sid: setting group sid S-1-5-21-725326080-1709766072-2910717368-513 >[2005/03/31 14:07:39, 10] passdb/pdb_compat.c:pdb_set_group_sid_from_rid(100) > pdb_set_group_sid_from_rid: > setting group sid S-1-5-21-725326080-1709766072-2910717368-513 from rid 513 >[2005/03/31 14:07:39, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2005/03/31 14:07:39, 9] passdb/passdb.c:pdb_update_autolock_flag(2350) > pdb_update_autolock_flag: Account root not autolocked, no check needed >[2005/03/31 14:07:39, 4] libsmb/ntlm_check.c:ntlm_password_check(326) > ntlm_password_check: Checking NT MD4 password >[2005/03/31 14:07:39, 4] auth/auth_sam.c:sam_account_ok(119) > sam_account_ok: Checking SMB password for user root >[2005/03/31 14:07:39, 5] auth/auth_sam.c:logon_hours_ok(101) > logon_hours_ok: user root allowed to logon at this time (Thu Mar 31 14:07:39 2005 > ) >[2005/03/31 14:07:39, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2005/03/31 14:07:39, 3] smbd/uid.c:push_conn_ctx(365) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2005/03/31 14:07:39, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2005/03/31 14:07:39, 5] auth/auth_util.c:debug_nt_user_token(485) > NT user token: (NULL) >[2005/03/31 14:07:39, 5] auth/auth_util.c:debug_unix_user_token(506) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2005/03/31 14:07:39, 10] lib/system_smbd.c:sys_getgrouplist(116) > sys_getgrouplist: user [root] >[2005/03/31 14:07:39, 10] lib/system_smbd.c:sys_getgrouplist(125) > sys_getgrouplist(): disabled winbindd for group lookup [user == root] >[2005/03/31 14:07:39, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2005/03/31 14:07:39, 3] smbd/uid.c:push_conn_ctx(365) > push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >[2005/03/31 14:07:39, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2005/03/31 14:07:39, 5] auth/auth_util.c:debug_nt_user_token(485) > NT user token: (NULL) >[2005/03/31 14:07:39, 5] auth/auth_util.c:debug_unix_user_token(506) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2005/03/31 14:07:39, 3] smbd/server.c:exit_server(652) > Server exit (normal exit) >[2005/03/31 14:07:39, 8] lib/util_getent.c:remove_duplicate_gids(330) > remove_duplicate_gids: Enter 7 gids >[2005/03/31 14:07:39, 8] lib/util_getent.c:remove_duplicate_gids(348) > remove_duplicate_gids: Exit 6 gids >[2005/03/31 14:07:39, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2005/03/31 14:07:39, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2005/03/31 14:07:39, 3] smbd/uid.c:push_conn_ctx(365) > push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >[2005/03/31 14:07:39, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2005/03/31 14:07:39, 5] auth/auth_util.c:debug_nt_user_token(485) > NT user token: (NULL) >[2005/03/31 14:07:39, 5] auth/auth_util.c:debug_unix_user_token(506) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2005/03/31 14:07:39, 5] lib/smbldap.c:smbldap_search(1038) > smbldap_search: base => [ou=Groups,dc=borkholder,dc=com], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=0))], scope => [2] >[2005/03/31 14:07:39, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2106) > ldapsam_getgroup: Did not find group >[2005/03/31 14:07:39, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2005/03/31 14:07:39, 10] passdb/passdb.c:local_gid_to_sid(1267) > local_gid_to_sid: Fall back to algorithmic mapping: 0 -> S-0-0 >[2005/03/31 14:07:39, 8] passdb/passdb.c:algorithmic_gid_to_sid(1233) > algorithmic_gid_to_sid: falling back to RID algorithm >[2005/03/31 14:07:39, 10] passdb/passdb.c:algorithmic_gid_to_sid(1237) > algorithmic_gid_to_sid: gid (0) -> SID S-1-5-21-725326080-1709766072-2910717368-1001. >[2005/03/31 14:07:39, 10] passdb/lookup_sid.c:gid_to_sid(372) > gid_to_sid: local 0 -> S-1-5-21-725326080-1709766072-2910717368-1001 >[2005/03/31 14:07:39, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2005/03/31 14:07:39, 3] smbd/uid.c:push_conn_ctx(365) > push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >[2005/03/31 14:07:39, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2005/03/31 14:07:39, 5] auth/auth_util.c:debug_nt_user_token(485) > NT user token: (NULL) >[2005/03/31 14:07:39, 5] auth/auth_util.c:debug_unix_user_token(506) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2005/03/31 14:07:39, 5] lib/smbldap.c:smbldap_search(1038) > smbldap_search: base => [ou=Groups,dc=borkholder,dc=com], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=3))], scope => [2] >[2005/03/31 14:07:39, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2106) > ldapsam_getgroup: Did not find group >[2005/03/31 14:07:39, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2005/03/31 14:07:39, 10] passdb/passdb.c:local_gid_to_sid(1267) > local_gid_to_sid: Fall back to algorithmic mapping: 3 -> S-0-0 >[2005/03/31 14:07:39, 8] passdb/passdb.c:algorithmic_gid_to_sid(1233) > algorithmic_gid_to_sid: falling back to RID algorithm >[2005/03/31 14:07:39, 10] passdb/passdb.c:algorithmic_gid_to_sid(1237) > algorithmic_gid_to_sid: gid (3) -> SID S-1-5-21-725326080-1709766072-2910717368-1007. >[2005/03/31 14:07:39, 10] passdb/lookup_sid.c:gid_to_sid(372) > gid_to_sid: local 3 -> S-1-5-21-725326080-1709766072-2910717368-1007 >[2005/03/31 14:07:39, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2005/03/31 14:07:39, 3] smbd/uid.c:push_conn_ctx(365) > push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >[2005/03/31 14:07:39, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2005/03/31 14:07:39, 5] auth/auth_util.c:debug_nt_user_token(485) > NT user token: (NULL) >[2005/03/31 14:07:39, 5] auth/auth_util.c:debug_unix_user_token(506) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2005/03/31 14:07:39, 5] lib/smbldap.c:smbldap_search(1038) > smbldap_search: base => [ou=Groups,dc=borkholder,dc=com], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=512))], scope => [2] >[2005/03/31 14:07:39, 2] passdb/pdb_ldap.c:init_group_from_ldap(2000) > init_group_from_ldap: Entry found for group: 512 >[2005/03/31 14:07:39, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2005/03/31 14:07:39, 10] passdb/passdb.c:local_gid_to_sid(1278) > local_gid_to_sid: gid (512) -> SID S-1-5-21-725326080-1709766072-2910717368-512. >[2005/03/31 14:07:39, 10] passdb/lookup_sid.c:gid_to_sid(372) > gid_to_sid: local 512 -> S-1-5-21-725326080-1709766072-2910717368-512 >[2005/03/31 14:07:39, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2005/03/31 14:07:39, 3] smbd/uid.c:push_conn_ctx(365) > push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >[2005/03/31 14:07:39, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2005/03/31 14:07:39, 5] auth/auth_util.c:debug_nt_user_token(485) > NT user token: (NULL) >[2005/03/31 14:07:39, 5] auth/auth_util.c:debug_unix_user_token(506) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2005/03/31 14:07:39, 5] lib/smbldap.c:smbldap_search(1038) > smbldap_search: base => [ou=Groups,dc=borkholder,dc=com], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=513))], scope => [2] >[2005/03/31 14:07:39, 2] passdb/pdb_ldap.c:init_group_from_ldap(2000) > init_group_from_ldap: Entry found for group: 513 >[2005/03/31 14:07:39, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2005/03/31 14:07:39, 10] passdb/passdb.c:local_gid_to_sid(1278) > local_gid_to_sid: gid (513) -> SID S-1-5-21-725326080-1709766072-2910717368-513. >[2005/03/31 14:07:39, 10] passdb/lookup_sid.c:gid_to_sid(372) > gid_to_sid: local 513 -> S-1-5-21-725326080-1709766072-2910717368-513 >[2005/03/31 14:07:39, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2005/03/31 14:07:39, 3] smbd/uid.c:push_conn_ctx(365) > push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >[2005/03/31 14:07:39, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2005/03/31 14:07:39, 5] auth/auth_util.c:debug_nt_user_token(485) > NT user token: (NULL) >[2005/03/31 14:07:39, 5] auth/auth_util.c:debug_unix_user_token(506) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2005/03/31 14:07:39, 5] lib/smbldap.c:smbldap_search(1038) > smbldap_search: base => [ou=Groups,dc=borkholder,dc=com], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=1020))], scope => [2] >[2005/03/31 14:07:39, 2] passdb/pdb_ldap.c:init_group_from_ldap(2000) > init_group_from_ldap: Entry found for group: 1020 >[2005/03/31 14:07:39, 10] lib/smbldap.c:smbldap_get_single_attribute(358) > smbldap_get_single_attribute: [description] = [<does not exist>] >[2005/03/31 14:07:39, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2005/03/31 14:07:39, 10] passdb/passdb.c:local_gid_to_sid(1278) > local_gid_to_sid: gid (1020) -> SID S-1-5-21-725326080-1709766072-2910717368-3041. >[2005/03/31 14:07:39, 10] passdb/lookup_sid.c:gid_to_sid(372) > gid_to_sid: local 1020 -> S-1-5-21-725326080-1709766072-2910717368-3041 >[2005/03/31 14:07:39, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2005/03/31 14:07:39, 3] smbd/uid.c:push_conn_ctx(365) > push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >[2005/03/31 14:07:39, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2005/03/31 14:07:39, 5] auth/auth_util.c:debug_nt_user_token(485) > NT user token: (NULL) >[2005/03/31 14:07:39, 5] auth/auth_util.c:debug_unix_user_token(506) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2005/03/31 14:07:39, 5] lib/smbldap.c:smbldap_search(1038) > smbldap_search: base => [ou=Groups,dc=borkholder,dc=com], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=1021))], scope => [2] >[2005/03/31 14:07:39, 2] passdb/pdb_ldap.c:init_group_from_ldap(2000) > init_group_from_ldap: Entry found for group: 1021 >[2005/03/31 14:07:39, 10] lib/smbldap.c:smbldap_get_single_attribute(358) > smbldap_get_single_attribute: [description] = [<does not exist>] >[2005/03/31 14:07:39, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2005/03/31 14:07:39, 10] passdb/passdb.c:local_gid_to_sid(1278) > local_gid_to_sid: gid (1021) -> SID S-1-5-21-725326080-1709766072-2910717368-3043. >[2005/03/31 14:07:39, 10] passdb/lookup_sid.c:gid_to_sid(372) > gid_to_sid: local 1021 -> S-1-5-21-725326080-1709766072-2910717368-3043 >[2005/03/31 14:07:39, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2005/03/31 14:07:39, 10] auth/auth_util.c:debug_nt_user_token(490) > NT user token of user S-1-5-21-725326080-1709766072-2910717368-500 > contains 10 SIDs > SID[ 0]: S-1-5-21-725326080-1709766072-2910717368-500 > SID[ 1]: S-1-5-21-725326080-1709766072-2910717368-513 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-725326080-1709766072-2910717368-1001 > SID[ 6]: S-1-5-21-725326080-1709766072-2910717368-1007 > SID[ 7]: S-1-5-21-725326080-1709766072-2910717368-512 > SID[ 8]: S-1-5-21-725326080-1709766072-2910717368-3041 > SID[ 9]: S-1-5-21-725326080-1709766072-2910717368-3043 > SE_PRIV 0x0 0x0 0x0 0x0 >[2005/03/31 14:07:39, 5] auth/auth_util.c:make_server_info_sam(862) > make_server_info_sam: made server info for user root -> root >[2005/03/31 14:07:39, 3] auth/auth.c:check_ntlm_password(268) > check_ntlm_password: sam authentication for user [root] succeeded >[2005/03/31 14:07:39, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2005/03/31 14:07:39, 3] smbd/uid.c:push_conn_ctx(365) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2005/03/31 14:07:39, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2005/03/31 14:07:39, 5] auth/auth_util.c:debug_nt_user_token(485) > NT user token: (NULL) >[2005/03/31 14:07:39, 5] auth/auth_util.c:debug_unix_user_token(506) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2005/03/31 14:07:39, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2005/03/31 14:07:39, 5] auth/auth.c:check_ntlm_password(292) > check_ntlm_password: PAM Account for user [root] succeeded >[2005/03/31 14:07:39, 2] auth/auth.c:check_ntlm_password(305) > check_ntlm_password: authentication for user [root] -> [root] -> [root] succeeded >[2005/03/31 14:07:39, 5] auth/auth_util.c:free_user_info(1380) > attempting to free (and zero) a user_info structure >[2005/03/31 14:07:39, 10] auth/auth_util.c:free_user_info(1383) > structure was created for root >[2005/03/31 14:07:39, 10] auth/auth_ntlmssp.c:auth_ntlmssp_check_password(117) > Got NT session key of length 16 >[2005/03/31 14:07:39, 10] auth/auth_ntlmssp.c:auth_ntlmssp_check_password(123) > Got LM session key of length 16 >[2005/03/31 14:07:39, 10] libsmb/ntlmssp.c:ntlmssp_server_auth(669) > ntlmssp_server_auth: Created NTLM2 session key. >[2005/03/31 14:07:39, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(319) > NTLMSSP Sign/Seal - Initialising with flags: >[2005/03/31 14:07:39, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) > Got NTLMSSP neg_flags=0x60088215 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_NEGOTIATE_NTLM2 > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH >[2005/03/31 14:07:39, 10] smbd/password.c:register_vuid(158) > register_vuid: allocated vuid = 100 >[2005/03/31 14:07:39, 10] lib/util_pw.c:getpwnam_alloc(98) > Got root from pwnam_cache >[2005/03/31 14:07:39, 10] smbd/password.c:register_vuid(220) > register_vuid: (0,0) root root CORP guest=0 >[2005/03/31 14:07:39, 3] smbd/password.c:register_vuid(222) > User name: root Real name: root >[2005/03/31 14:07:39, 3] smbd/password.c:register_vuid(241) > UNIX uid 0 is UNIX user root, and will be vuid 100 >[2005/03/31 14:07:39, 7] param/loadparm.c:lp_servicenumber(4048) > lp_servicenumber: couldn't find root >[2005/03/31 14:07:39, 3] smbd/password.c:register_vuid(270) > Adding homes service for user 'root' using home directory: '/root' >[2005/03/31 14:07:39, 8] param/loadparm.c:add_a_service(2319) > add_a_service: Creating snum = 35 for root >[2005/03/31 14:07:39, 3] param/loadparm.c:lp_add_home(2360) > adding home's share [root] for user 'root' at '/root' >[2005/03/31 14:07:39, 6] param/loadparm.c:lp_file_list_changed(2707) > lp_file_list_changed() > file /usr/local/samba/lib/special.smb -> /usr/local/samba/lib/special.smb last mod_time: Wed Jan 26 16:18:40 2005 > > file /usr/local/samba/lib/bhpro.smb -> /usr/local/samba/lib/bhpro.smb last mod_time: Mon Mar 14 10:04:30 2005 > > file /usr/local/samba/lib/printers.smb -> /usr/local/samba/lib/printers.smb last mod_time: Wed Jan 26 08:36:49 2005 > > file /usr/local/samba/lib/smb.conf -> /usr/local/samba/lib/smb.conf last mod_time: Thu Mar 31 14:06:59 2005 > >[2005/03/31 14:07:39, 6] lib/util_sock.c:write_socket(449) > write_socket(25,102) >[2005/03/31 14:07:39, 6] lib/util_sock.c:write_socket(452) > write_socket(25,102) wrote 102 >[2005/03/31 14:07:39, 10] lib/util_sock.c:read_smb_length_return_keepalive(505) > got smb length of 80 >[2005/03/31 14:07:39, 6] smbd/process.c:process_smb(1090) > got message type 0x0 of len 0x50 >[2005/03/31 14:07:39, 3] smbd/process.c:process_smb(1091) > Transaction 3 of length 84 >[2005/03/31 14:07:39, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:39, 5] lib/util.c:show_msg(474) > size=80 > smb_com=0x75 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=0 > smb_pid=65279 > smb_uid=100 > smb_mid=192 > smt_wct=4 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 80 (0x50) > smb_vwv[ 2]= 8 (0x8) > smb_vwv[ 3]= 1 (0x1) > smb_bcc=37 >[2005/03/31 14:07:39, 10] lib/util.c:dump_data(1995) > [000] 00 5C 00 5C 00 43 00 4F 00 52 00 50 00 53 00 52 .\.\.C.O .R.P.S.R > [010] 00 56 00 5C 00 49 00 50 00 43 00 24 00 00 00 3F .V.\.I.P .C.$...? > [020] 3F 3F 3F 3F 00 ????. >[2005/03/31 14:07:39, 3] smbd/process.c:switch_message(886) > switch message SMBtconX (pid 20945) conn 0x0 >[2005/03/31 14:07:39, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2005/03/31 14:07:39, 5] auth/auth_util.c:debug_nt_user_token(485) > NT user token: (NULL) >[2005/03/31 14:07:39, 5] auth/auth_util.c:debug_unix_user_token(506) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2005/03/31 14:07:39, 5] smbd/uid.c:change_to_root_user(296) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2005/03/31 14:07:39, 4] smbd/reply.c:reply_tcon_and_X(407) > Client requested device type [?????] for share [IPC$] >[2005/03/31 14:07:39, 5] smbd/service.c:make_connection(807) > making a connection to 'normal' service ipc$ >[2005/03/31 14:07:39, 5] lib/username.c:Get_Pwnam(293) > Finding user root >[2005/03/31 14:07:39, 5] lib/username.c:Get_Pwnam_internals(223) > Trying _Get_Pwnam(), username as lowercase is root >[2005/03/31 14:07:39, 10] lib/util_pw.c:getpwnam_alloc(98) > Got root from pwnam_cache >[2005/03/31 14:07:39, 5] lib/username.c:Get_Pwnam_internals(251) > Get_Pwnam_internals did find user [root]! >[2005/03/31 14:07:39, 3] smbd/service.c:make_connection_snum(479) > Connect path is '/tmp' for service [IPC$] >[2005/03/31 14:07:39, 4] rpc_server/srv_srvsvc_nt.c:get_share_security(217) > get_share_security: using default secdesc for IPC$ >[2005/03/31 14:07:39, 10] lib/util_seaccess.c:se_map_generic(176) > se_map_generic(): mapped mask 0x10000000 to 0x001f01ff >[2005/03/31 14:07:39, 10] lib/util_seaccess.c:se_access_check(234) > se_access_check: requested access 0x00000002, for NT token with 10 entries and first sid S-1-5-21-725326080-1709766072-2910717368-500. >[2005/03/31 14:07:39, 3] lib/util_seaccess.c:se_access_check(251) >[2005/03/31 14:07:39, 3] lib/util_seaccess.c:se_access_check(252) > se_access_check: user sid is S-1-5-21-725326080-1709766072-2910717368-500 > se_access_check: also S-1-5-21-725326080-1709766072-2910717368-513 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: also S-1-5-21-725326080-1709766072-2910717368-1001 > se_access_check: also S-1-5-21-725326080-1709766072-2910717368-1007 > se_access_check: also S-1-5-21-725326080-1709766072-2910717368-512 > se_access_check: also S-1-5-21-725326080-1709766072-2910717368-3041 > se_access_check: also S-1-5-21-725326080-1709766072-2910717368-3043 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 2 >[2005/03/31 14:07:39, 5] lib/util_seaccess.c:se_access_check(309) > se_access_check: access (2) granted. >[2005/03/31 14:07:39, 3] smbd/vfs.c:vfs_init_default(206) > Initialising default vfs hooks >[2005/03/31 14:07:39, 5] smbd/connection.c:claim_connection(170) > claiming IPC$ 0 >[2005/03/31 14:07:39, 10] smbd/uid.c:is_share_read_only_for_user(99) > is_share_read_only_for_user: share IPC$ is read-only for unix user root >[2005/03/31 14:07:39, 4] rpc_server/srv_srvsvc_nt.c:get_share_security(217) > get_share_security: using default secdesc for IPC$ >[2005/03/31 14:07:39, 10] lib/util_seaccess.c:se_map_generic(176) > se_map_generic(): mapped mask 0x10000000 to 0x001f01ff >[2005/03/31 14:07:39, 10] lib/util_seaccess.c:se_access_check(234) > se_access_check: requested access 0x00000001, for NT token with 10 entries and first sid S-1-5-21-725326080-1709766072-2910717368-500. >[2005/03/31 14:07:39, 3] lib/util_seaccess.c:se_access_check(251) >[2005/03/31 14:07:39, 3] lib/util_seaccess.c:se_access_check(252) > se_access_check: user sid is S-1-5-21-725326080-1709766072-2910717368-500 > se_access_check: also S-1-5-21-725326080-1709766072-2910717368-513 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: also S-1-5-21-725326080-1709766072-2910717368-1001 > se_access_check: also S-1-5-21-725326080-1709766072-2910717368-1007 > se_access_check: also S-1-5-21-725326080-1709766072-2910717368-512 > se_access_check: also S-1-5-21-725326080-1709766072-2910717368-3041 > se_access_check: also S-1-5-21-725326080-1709766072-2910717368-3043 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 1 >[2005/03/31 14:07:39, 5] lib/util_seaccess.c:se_access_check(309) > se_access_check: access (1) granted. >[2005/03/31 14:07:39, 10] lib/username.c:user_in_list(529) > user_in_list: checking user root in list >[2005/03/31 14:07:39, 10] lib/username.c:user_in_list(533) > user_in_list: checking user |root| against |root| >[2005/03/31 14:07:39, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2005/03/31 14:07:39, 5] auth/auth_util.c:debug_nt_user_token(490) > NT user token of user S-1-5-21-725326080-1709766072-2910717368-500 > contains 10 SIDs > SID[ 0]: S-1-5-21-725326080-1709766072-2910717368-500 > SID[ 1]: S-1-5-21-725326080-1709766072-2910717368-513 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-725326080-1709766072-2910717368-1001 > SID[ 6]: S-1-5-21-725326080-1709766072-2910717368-1007 > SID[ 7]: S-1-5-21-725326080-1709766072-2910717368-512 > SID[ 8]: S-1-5-21-725326080-1709766072-2910717368-3041 > SID[ 9]: S-1-5-21-725326080-1709766072-2910717368-3043 > SE_PRIV 0x0 0x0 0x0 0x0 >[2005/03/31 14:07:39, 5] auth/auth_util.c:debug_unix_user_token(506) > UNIX token of user 0 > Primary group is 0 and contains 6 supplementary groups > Group[ 0]: 0 > Group[ 1]: 3 > Group[ 2]: 512 > Group[ 3]: 513 > Group[ 4]: 1020 > Group[ 5]: 1021 >[2005/03/31 14:07:39, 5] smbd/uid.c:change_to_user(281) > change_to_user uid=(0,0) gid=(0,0) >[2005/03/31 14:07:39, 3] smbd/service.c:make_connection_snum(642) > xpnorton (192.168.1.106) connect to service IPC$ initially as user root (uid=0, gid=0) (pid 20945) >[2005/03/31 14:07:39, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2005/03/31 14:07:39, 5] auth/auth_util.c:debug_nt_user_token(485) > NT user token: (NULL) >[2005/03/31 14:07:39, 5] auth/auth_util.c:debug_unix_user_token(506) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2005/03/31 14:07:39, 5] smbd/uid.c:change_to_root_user(296) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2005/03/31 14:07:39, 3] smbd/reply.c:reply_tcon_and_X(455) > tconX service=IPC$ >[2005/03/31 14:07:39, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:39, 5] lib/util.c:show_msg(474) > size=48 > smb_com=0x75 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=192 > smt_wct=3 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 1 (0x1) > smb_bcc=7 >[2005/03/31 14:07:39, 10] lib/util.c:dump_data(1995) > [000] 49 50 43 00 00 00 00 IPC.... >[2005/03/31 14:07:39, 6] lib/util_sock.c:write_socket(449) > write_socket(25,52) >[2005/03/31 14:07:39, 6] lib/util_sock.c:write_socket(452) > write_socket(25,52) wrote 52 >[2005/03/31 14:07:39, 10] lib/util_sock.c:read_smb_length_return_keepalive(505) > got smb length of 100 >[2005/03/31 14:07:39, 6] smbd/process.c:process_smb(1090) > got message type 0x0 of len 0x64 >[2005/03/31 14:07:39, 3] smbd/process.c:process_smb(1091) > Transaction 4 of length 104 >[2005/03/31 14:07:39, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:39, 5] lib/util.c:show_msg(474) > size=100 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=824 > smb_uid=100 > smb_mid=256 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 3584 (0xE00) > smb_vwv[ 3]= 5632 (0x1600) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 513 (0x201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 768 (0x300) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]=16384 (0x4000) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 768 (0x300) > smb_bcc=17 >[2005/03/31 14:07:39, 10] lib/util.c:dump_data(1995) > [000] 00 5C 00 6C 00 73 00 61 00 72 00 70 00 63 00 00 .\.l.s.a .r.p.c.. > [010] 00 . >[2005/03/31 14:07:39, 3] smbd/process.c:switch_message(886) > switch message SMBntcreateX (pid 20945) conn 0x8333878 >[2005/03/31 14:07:39, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2005/03/31 14:07:39, 5] auth/auth_util.c:debug_nt_user_token(490) > NT user token of user S-1-5-21-725326080-1709766072-2910717368-500 > contains 10 SIDs > SID[ 0]: S-1-5-21-725326080-1709766072-2910717368-500 > SID[ 1]: S-1-5-21-725326080-1709766072-2910717368-513 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-725326080-1709766072-2910717368-1001 > SID[ 6]: S-1-5-21-725326080-1709766072-2910717368-1007 > SID[ 7]: S-1-5-21-725326080-1709766072-2910717368-512 > SID[ 8]: S-1-5-21-725326080-1709766072-2910717368-3041 > SID[ 9]: S-1-5-21-725326080-1709766072-2910717368-3043 > SE_PRIV 0x0 0x0 0x0 0x0 >[2005/03/31 14:07:39, 5] auth/auth_util.c:debug_unix_user_token(506) > UNIX token of user 0 > Primary group is 0 and contains 6 supplementary groups > Group[ 0]: 0 > Group[ 1]: 3 > Group[ 2]: 512 > Group[ 3]: 513 > Group[ 4]: 1020 > Group[ 5]: 1021 >[2005/03/31 14:07:39, 5] smbd/uid.c:change_to_user(281) > change_to_user uid=(0,0) gid=(0,0) >[2005/03/31 14:07:39, 4] smbd/vfs.c:vfs_ChDir(660) > vfs_ChDir to /tmp >[2005/03/31 14:07:39, 10] smbd/nttrans.c:reply_ntcreate_and_X(607) > reply_ntcreateX: flags = 0x16, desired_access = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0 >[2005/03/31 14:07:39, 4] smbd/nttrans.c:nt_open_pipe(497) > nt_open_pipe: Opening pipe \lsarpc. >[2005/03/31 14:07:39, 3] smbd/nttrans.c:nt_open_pipe(514) > nt_open_pipe: Known pipe lsarpc opening. >[2005/03/31 14:07:39, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(178) > Open pipe requested lsarpc (pipes_open=0) >[2005/03/31 14:07:39, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(278) > Create pipe requested lsarpc >[2005/03/31 14:07:39, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(77) > init_pipe_handles: created handle list for pipe lsarpc >[2005/03/31 14:07:39, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93) > init_pipe_handles: pipe_handles ref count = 1 for pipe lsarpc >[2005/03/31 14:07:39, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(370) > Created internal pipe lsarpc (pipes_open=0) >[2005/03/31 14:07:39, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(257) > Opened pipe lsarpc with handle 73aa (pipes_open=1) >[2005/03/31 14:07:39, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(263) > open pipes: name lsarpc pnum=73aa >[2005/03/31 14:07:39, 5] smbd/nttrans.c:do_ntcreate_pipe_open(562) > do_ntcreate_pipe_open: open pipe = \lsarpc >[2005/03/31 14:07:39, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:39, 5] lib/util.c:show_msg(474) > size=103 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=824 > smb_uid=100 > smb_mid=256 > smt_wct=34 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]=43520 (0xAA00) > smb_vwv[ 3]= 371 (0x173) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 0 (0x0) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 0 (0x0) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]=32768 (0x8000) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_vwv[24]= 0 (0x0) > smb_vwv[25]= 0 (0x0) > smb_vwv[26]= 0 (0x0) > smb_vwv[27]= 0 (0x0) > smb_vwv[28]= 0 (0x0) > smb_vwv[29]= 0 (0x0) > smb_vwv[30]= 0 (0x0) > smb_vwv[31]= 512 (0x200) > smb_vwv[32]=65280 (0xFF00) > smb_vwv[33]= 5 (0x5) > smb_bcc=0 >[2005/03/31 14:07:39, 6] lib/util_sock.c:write_socket(449) > write_socket(25,107) >[2005/03/31 14:07:39, 6] lib/util_sock.c:write_socket(452) > write_socket(25,107) wrote 107 >[2005/03/31 14:07:39, 10] lib/util_sock.c:read_smb_length_return_keepalive(505) > got smb length of 136 >[2005/03/31 14:07:39, 6] smbd/process.c:process_smb(1090) > got message type 0x0 of len 0x88 >[2005/03/31 14:07:39, 3] smbd/process.c:process_smb(1091) > Transaction 5 of length 140 >[2005/03/31 14:07:39, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:39, 5] lib/util.c:show_msg(474) > size=136 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=320 > smt_wct=14 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=29610 (0x73AA) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]=65535 (0xFFFF) > smb_vwv[ 6]=65535 (0xFFFF) > smb_vwv[ 7]= 8 (0x8) > smb_vwv[ 8]= 72 (0x48) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 72 (0x48) > smb_vwv[11]= 64 (0x40) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_bcc=73 >[2005/03/31 14:07:39, 10] lib/util.c:dump_data(1995) > [000] EE 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... > [010] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ > [020] 00 78 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 .xW4.4.. ....#Eg. > [030] AB 00 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ > [040] 00 2B 10 48 60 02 00 00 00 .+.H`... . >[2005/03/31 14:07:39, 3] smbd/process.c:switch_message(886) > switch message SMBwriteX (pid 20945) conn 0x8333878 >[2005/03/31 14:07:39, 4] smbd/uid.c:change_to_user(194) > change_to_user: Skipping user change - already user >[2005/03/31 14:07:39, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1168) > search for pipe pnum=73aa >[2005/03/31 14:07:39, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) > pipe name lsarpc pnum=73aa (pipes_open=1) >[2005/03/31 14:07:39, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(852) > write_to_pipe: 73aa name: lsarpc open: Yes len: 72 >[2005/03/31 14:07:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) > write_to_pipe: data_left = 72 >[2005/03/31 14:07:39, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 >[2005/03/31 14:07:39, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) > fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 >[2005/03/31 14:07:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) > write_to_pipe: data_used = 16 >[2005/03/31 14:07:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) > write_to_pipe: data_left = 56 >[2005/03/31 14:07:39, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0000 major : 05 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0001 minor : 00 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0002 pkt_type : 0b >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0003 flags : 03 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0004 pack_type0: 10 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0005 pack_type1: 00 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0006 pack_type2: 00 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0007 pack_type3: 00 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 frag_len : 0048 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000a auth_len : 0000 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 000c call_id : 00000001 >[2005/03/31 14:07:39, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) > unmarshall_rpc_header: using little-endian RPC >[2005/03/31 14:07:39, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) > unmarshall_rpc_header: type = 11, flags = 3 >[2005/03/31 14:07:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) > write_to_pipe: data_used = 0 >[2005/03/31 14:07:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) > write_to_pipe: data_left = 56 >[2005/03/31 14:07:39, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 56, incoming data = 56 >[2005/03/31 14:07:39, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(720) > process_complete_pdu: processing packet type 11 >[2005/03/31 14:07:39, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(876) > api_pipe_bind_req: decode request. 876 >[2005/03/31 14:07:39, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(887) > api_pipe_bind_req: \PIPE\lsarpc -> \PIPE\lsass >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_rb >[2005/03/31 14:07:39, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_bba >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0000 max_tsize: 10b8 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0002 max_rsize: 10b8 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0004 assoc_gid: 00000000 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0008 num_elements: 00000001 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000c context_id : 0000 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 000e num_syntaxes: 01 >[2005/03/31 14:07:39, 6] rpc_parse/parse_prs.c:prs_debug(82) > 00000f smb_io_rpc_iface >[2005/03/31 14:07:39, 7] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_uuid uuid >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0010 data : 12345778 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0014 data : 1234 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0016 data : abcd >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8s(729) > 0018 data : ef 00 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8s(729) > 001a data : 01 23 45 67 89 ab >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0020 version: 00000000 >[2005/03/31 14:07:39, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000024 smb_io_rpc_iface >[2005/03/31 14:07:39, 7] rpc_parse/parse_prs.c:prs_debug(82) > 000024 smb_io_uuid uuid >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0024 data : 8a885d04 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0028 data : 1ceb >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 002a data : 11c9 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8s(729) > 002c data : 9f e8 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8s(729) > 002e data : 08 00 2b 10 48 60 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0034 version: 00000002 >[2005/03/31 14:07:39, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1017) > api_pipe_bind_req: make response. 1017 >[2005/03/31 14:07:39, 3] rpc_server/srv_pipe.c:check_bind_req(762) > check_bind_req for \PIPE\lsarpc >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_ba >[2005/03/31 14:07:39, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_bba >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0000 max_tsize: 10b8 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0002 max_rsize: 10b8 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0004 assoc_gid: 000053f0 >[2005/03/31 14:07:39, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000008 smb_io_rpc_addr_str >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 len: 000c >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8s(729) > 000a str: \PIPE\lsass. >[2005/03/31 14:07:39, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000016 smb_io_rpc_results >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0018 num_results: 01 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 001c result : 0000 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 001e reason : 0000 >[2005/03/31 14:07:39, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000020 smb_io_rpc_iface >[2005/03/31 14:07:39, 7] rpc_parse/parse_prs.c:prs_debug(82) > 000020 smb_io_uuid uuid >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0020 data : 8a885d04 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0024 data : 1ceb >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0026 data : 11c9 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8s(729) > 0028 data : 9f e8 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8s(729) > 002a data : 08 00 2b 10 48 60 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0030 version: 00000002 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0000 major : 05 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0001 minor : 00 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0002 pkt_type : 0c >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0003 flags : 03 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0004 pack_type0: 10 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0005 pack_type1: 00 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0006 pack_type2: 00 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0007 pack_type3: 00 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 frag_len : 0044 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000a auth_len : 0000 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 000c call_id : 00000001 >[2005/03/31 14:07:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) > write_to_pipe: data_used = 56 >[2005/03/31 14:07:39, 3] smbd/pipes.c:reply_pipe_write_and_X(199) > writeX-IPC pnum=73aa nwritten=72 >[2005/03/31 14:07:39, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:39, 5] lib/util.c:show_msg(474) > size=47 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=320 > smt_wct=6 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 72 (0x48) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_bcc=0 >[2005/03/31 14:07:39, 6] lib/util_sock.c:write_socket(449) > write_socket(25,51) >[2005/03/31 14:07:39, 6] lib/util_sock.c:write_socket(452) > write_socket(25,51) wrote 51 >[2005/03/31 14:07:39, 10] lib/util_sock.c:read_smb_length_return_keepalive(505) > got smb length of 59 >[2005/03/31 14:07:39, 6] smbd/process.c:process_smb(1090) > got message type 0x0 of len 0x3b >[2005/03/31 14:07:39, 3] smbd/process.c:process_smb(1091) > Transaction 6 of length 63 >[2005/03/31 14:07:39, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:39, 5] lib/util.c:show_msg(474) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=384 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=29610 (0x73AA) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 1024 (0x400) > smb_vwv[ 6]= 1024 (0x400) > smb_vwv[ 7]=65535 (0xFFFF) > smb_vwv[ 8]=65535 (0xFFFF) > smb_vwv[ 9]= 1024 (0x400) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2005/03/31 14:07:39, 3] smbd/process.c:switch_message(886) > switch message SMBreadX (pid 20945) conn 0x8333878 >[2005/03/31 14:07:39, 4] smbd/uid.c:change_to_user(194) > change_to_user: Skipping user change - already user >[2005/03/31 14:07:39, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1168) > search for pipe pnum=73aa >[2005/03/31 14:07:39, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) > pipe name lsarpc pnum=73aa (pipes_open=1) >[2005/03/31 14:07:39, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(909) > read_from_pipe: 73aa name: lsarpc len: 1024 >[2005/03/31 14:07:39, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(968) > read_from_pipe: lsarpc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. >[2005/03/31 14:07:39, 3] smbd/pipes.c:reply_pipe_read_and_X(242) > readX-IPC pnum=73aa min=1024 max=1024 nread=68 >[2005/03/31 14:07:39, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:39, 5] lib/util.c:show_msg(474) > size=127 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=384 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 68 (0x44) > smb_vwv[ 6]= 59 (0x3B) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=68 >[2005/03/31 14:07:39, 10] lib/util.c:dump_data(1995) > [000] 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 00 ........ D....... > [010] B8 10 B8 10 F0 53 00 00 0C 00 5C 50 49 50 45 5C .....S.. ..\PIPE\ > [020] 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 00 lsass... ........ > [030] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` > [040] 02 00 00 00 .... >[2005/03/31 14:07:39, 6] lib/util_sock.c:write_socket(449) > write_socket(25,131) >[2005/03/31 14:07:39, 6] lib/util_sock.c:write_socket(452) > write_socket(25,131) wrote 131 >[2005/03/31 14:07:39, 10] lib/util_sock.c:read_smb_length_return_keepalive(505) > got smb length of 172 >[2005/03/31 14:07:39, 6] smbd/process.c:process_smb(1090) > got message type 0x0 of len 0xac >[2005/03/31 14:07:39, 3] smbd/process.c:process_smb(1091) > Transaction 7 of length 176 >[2005/03/31 14:07:39, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:39, 5] lib/util.c:show_msg(474) > size=172 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=824 > smb_uid=100 > smb_mid=448 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 88 (0x58) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 88 (0x58) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29610 (0x73AA) > smb_bcc=105 >[2005/03/31 14:07:39, 10] lib/util.c:dump_data(1995) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 58 00 00 00 01 00 00 ........ .X...... > [020] 00 40 00 00 00 00 00 2C 00 30 C7 21 03 0A 00 00 .@....., .0.!.... > [030] 00 00 00 00 00 0A 00 00 00 5C 00 5C 00 43 00 4F ........ .\.\.C.O > [040] 00 52 00 50 00 53 00 52 00 56 00 00 00 18 00 00 .R.P.S.R .V...... > [050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [060] 00 00 00 00 00 00 00 00 02 ........ . >[2005/03/31 14:07:39, 3] smbd/process.c:switch_message(886) > switch message SMBtrans (pid 20945) conn 0x8333878 >[2005/03/31 14:07:39, 4] smbd/uid.c:change_to_user(194) > change_to_user: Skipping user change - already user >[2005/03/31 14:07:39, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=88 params=0 setup=2 >[2005/03/31 14:07:39, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2005/03/31 14:07:39, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2005/03/31 14:07:39, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2005/03/31 14:07:39, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1168) > search for pipe pnum=73aa >[2005/03/31 14:07:39, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) > pipe name lsarpc pnum=73aa (pipes_open=1) >[2005/03/31 14:07:39, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "lsarpc" (pnum 73aa) >[2005/03/31 14:07:39, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x8332388 max_trans_reply: 1024 >[2005/03/31 14:07:39, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(852) > write_to_pipe: 73aa name: lsarpc open: Yes len: 88 >[2005/03/31 14:07:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) > write_to_pipe: data_left = 88 >[2005/03/31 14:07:39, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 88 >[2005/03/31 14:07:39, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) > fill_rpc_header: data_to_copy = 88, len_needed_to_complete_hdr = 16, receive_len = 0 >[2005/03/31 14:07:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) > write_to_pipe: data_used = 16 >[2005/03/31 14:07:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) > write_to_pipe: data_left = 72 >[2005/03/31 14:07:39, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 72 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0000 major : 05 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0001 minor : 00 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0002 pkt_type : 00 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0003 flags : 03 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0004 pack_type0: 10 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0005 pack_type1: 00 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0006 pack_type2: 00 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0007 pack_type3: 00 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 frag_len : 0058 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000a auth_len : 0000 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 000c call_id : 00000001 >[2005/03/31 14:07:39, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) > unmarshall_rpc_header: using little-endian RPC >[2005/03/31 14:07:39, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) > unmarshall_rpc_header: type = 0, flags = 3 >[2005/03/31 14:07:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) > write_to_pipe: data_used = 0 >[2005/03/31 14:07:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) > write_to_pipe: data_left = 72 >[2005/03/31 14:07:39, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 72, incoming data = 72 >[2005/03/31 14:07:39, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(720) > process_complete_pdu: processing packet type 0 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0000 alloc_hint: 00000040 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0004 context_id: 0000 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0006 opnum : 002c >[2005/03/31 14:07:39, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) > free_pipe_context: destroying talloc pool of size 0 >[2005/03/31 14:07:39, 5] rpc_server/srv_pipe.c:api_pipe_request(1497) > Requested \PIPE\lsarpc >[2005/03/31 14:07:39, 4] rpc_server/srv_pipe.c:api_rpcTNP(1531) > api_rpcTNP: lsarpc op 0x2c - api_rpcTNP: rpc command: LSA_OPENPOLICY2 >[2005/03/31 14:07:39, 6] rpc_server/srv_pipe.c:api_rpcTNP(1557) > api_rpc_cmds[0].fn == 0x80fc000 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 lsa_io_q_open_pol2 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0000 ptr : 0321c730 >[2005/03/31 14:07:39, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000004 smb_io_unistr2 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0004 uni_max_len: 0000000a >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0008 offset : 00000000 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 000c uni_str_len: 0000000a >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:dbg_rw_punival(814) > 0010 buffer : \.\.C.O.R.P.S.R.V... >[2005/03/31 14:07:39, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000024 lsa_io_obj_attr >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0024 len : 00000018 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0028 ptr_root_dir: 00000000 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 002c ptr_obj_name: 00000000 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0030 attributes : 00000000 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0034 ptr_sec_desc: 00000000 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0038 ptr_sec_qos : 00000000 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 003c des_access: 02000000 >[2005/03/31 14:07:39, 10] lib/util_seaccess.c:se_access_check(234) > se_access_check: requested access 0x02000000, for NT token with 10 entries and first sid S-1-5-21-725326080-1709766072-2910717368-500. >[2005/03/31 14:07:39, 3] lib/util_seaccess.c:se_access_check(251) >[2005/03/31 14:07:39, 3] lib/util_seaccess.c:se_access_check(252) > se_access_check: user sid is S-1-5-21-725326080-1709766072-2910717368-500 > se_access_check: also S-1-5-21-725326080-1709766072-2910717368-513 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: also S-1-5-21-725326080-1709766072-2910717368-1001 > se_access_check: also S-1-5-21-725326080-1709766072-2910717368-1007 > se_access_check: also S-1-5-21-725326080-1709766072-2910717368-512 > se_access_check: also S-1-5-21-725326080-1709766072-2910717368-3041 > se_access_check: also S-1-5-21-725326080-1709766072-2910717368-3043 >[2005/03/31 14:07:39, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) > Opened policy hnd[1] [000] 00 00 00 00 01 00 00 00 00 00 00 00 7B 4A 4C 42 ........ ....{JLB > [010] D1 51 00 00 .Q.. >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 lsa_io_r_open_pol2 >[2005/03/31 14:07:39, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0000 data1: 00000000 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0004 data2: 00000001 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 data3: 0000 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000a data4: 0000 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8s(729) > 000c data5: 7b 4a 4c 42 d1 51 00 00 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_ntstatus(672) > 0014 status: NT_STATUS_OK >[2005/03/31 14:07:39, 5] rpc_server/srv_pipe.c:api_rpcTNP(1578) > api_rpcTNP: called lsarpc successfully >[2005/03/31 14:07:39, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) > free_pipe_context: destroying talloc pool of size 820 >[2005/03/31 14:07:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) > write_to_pipe: data_used = 72 >[2005/03/31 14:07:39, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(909) > read_from_pipe: 73aa name: lsarpc len: 1024 >[2005/03/31 14:07:39, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(982) > read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr hdr >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0000 major : 05 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0001 minor : 00 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0002 pkt_type : 02 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0003 flags : 03 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0004 pack_type0: 10 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0005 pack_type1: 00 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0006 pack_type2: 00 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0007 pack_type3: 00 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 frag_len : 0030 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000a auth_len : 0000 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 000c call_id : 00000001 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0010 alloc_hint: 00000018 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0014 context_id: 0000 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0016 cancel_ct : 00 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0017 reserved : 00 >[2005/03/31 14:07:39, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..48] >[2005/03/31 14:07:39, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:39, 5] lib/util.c:show_msg(474) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=824 > smb_uid=100 > smb_mid=448 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2005/03/31 14:07:39, 10] lib/util.c:dump_data(1995) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 01 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ........ ........ > [020] 00 00 00 00 00 7B 4A 4C 42 D1 51 00 00 00 00 00 .....{JL B.Q..... > [030] 00 . >[2005/03/31 14:07:39, 6] lib/util_sock.c:write_socket(449) > write_socket(25,108) >[2005/03/31 14:07:39, 6] lib/util_sock.c:write_socket(452) > write_socket(25,108) wrote 108 >[2005/03/31 14:07:39, 10] lib/util_sock.c:read_smb_length_return_keepalive(505) > got smb length of 130 >[2005/03/31 14:07:39, 6] smbd/process.c:process_smb(1090) > got message type 0x0 of len 0x82 >[2005/03/31 14:07:39, 3] smbd/process.c:process_smb(1091) > Transaction 8 of length 134 >[2005/03/31 14:07:39, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:39, 5] lib/util.c:show_msg(474) > size=130 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=824 > smb_uid=100 > smb_mid=512 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 46 (0x2E) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 46 (0x2E) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29610 (0x73AA) > smb_bcc=63 >[2005/03/31 14:07:39, 10] lib/util.c:dump_data(1995) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 2E 00 00 00 02 00 00 ........ ........ > [020] 00 16 00 00 00 00 00 2E 00 00 00 00 00 01 00 00 ........ ........ > [030] 00 00 00 00 00 7B 4A 4C 42 D1 51 00 00 0C 00 .....{JL B.Q.... >[2005/03/31 14:07:39, 3] smbd/process.c:switch_message(886) > switch message SMBtrans (pid 20945) conn 0x8333878 >[2005/03/31 14:07:39, 4] smbd/uid.c:change_to_user(194) > change_to_user: Skipping user change - already user >[2005/03/31 14:07:39, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=46 params=0 setup=2 >[2005/03/31 14:07:39, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2005/03/31 14:07:39, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2005/03/31 14:07:39, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2005/03/31 14:07:39, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1168) > search for pipe pnum=73aa >[2005/03/31 14:07:39, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) > pipe name lsarpc pnum=73aa (pipes_open=1) >[2005/03/31 14:07:39, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "lsarpc" (pnum 73aa) >[2005/03/31 14:07:39, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x8332388 max_trans_reply: 1024 >[2005/03/31 14:07:39, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(852) > write_to_pipe: 73aa name: lsarpc open: Yes len: 46 >[2005/03/31 14:07:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) > write_to_pipe: data_left = 46 >[2005/03/31 14:07:39, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 46 >[2005/03/31 14:07:39, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) > fill_rpc_header: data_to_copy = 46, len_needed_to_complete_hdr = 16, receive_len = 0 >[2005/03/31 14:07:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) > write_to_pipe: data_used = 16 >[2005/03/31 14:07:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) > write_to_pipe: data_left = 30 >[2005/03/31 14:07:39, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 30 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0000 major : 05 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0001 minor : 00 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0002 pkt_type : 00 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0003 flags : 03 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0004 pack_type0: 10 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0005 pack_type1: 00 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0006 pack_type2: 00 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0007 pack_type3: 00 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 frag_len : 002e >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000a auth_len : 0000 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 000c call_id : 00000002 >[2005/03/31 14:07:39, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) > unmarshall_rpc_header: using little-endian RPC >[2005/03/31 14:07:39, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) > unmarshall_rpc_header: type = 0, flags = 3 >[2005/03/31 14:07:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) > write_to_pipe: data_used = 0 >[2005/03/31 14:07:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) > write_to_pipe: data_left = 30 >[2005/03/31 14:07:39, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 30, incoming data = 30 >[2005/03/31 14:07:39, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(720) > process_complete_pdu: processing packet type 0 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0000 alloc_hint: 00000016 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0004 context_id: 0000 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0006 opnum : 002e >[2005/03/31 14:07:39, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) > free_pipe_context: destroying talloc pool of size 0 >[2005/03/31 14:07:39, 5] rpc_server/srv_pipe.c:api_pipe_request(1497) > Requested \PIPE\lsarpc >[2005/03/31 14:07:39, 4] rpc_server/srv_pipe.c:api_rpcTNP(1531) > api_rpcTNP: lsarpc op 0x2e - unknown >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0000 major : 05 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0001 minor : 00 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0002 pkt_type : 03 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0003 flags : 23 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0004 pack_type0: 10 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0005 pack_type1: 00 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0006 pack_type2: 00 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0007 pack_type3: 00 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 frag_len : 0020 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000a auth_len : 0000 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 000c call_id : 00000002 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0010 alloc_hint: 00000000 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0014 context_id: 0000 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0016 cancel_ct : 00 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0017 reserved : 00 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000018 smb_io_rpc_hdr_fault fault >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_ntstatus(672) > 0018 status : NT code 0x1c010002 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 001c reserved: 00000000 >[2005/03/31 14:07:39, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) > free_pipe_context: destroying talloc pool of size 0 >[2005/03/31 14:07:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) > write_to_pipe: data_used = 30 >[2005/03/31 14:07:39, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(909) > read_from_pipe: 73aa name: lsarpc len: 1024 >[2005/03/31 14:07:39, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(968) > read_from_pipe: lsarpc: current_pdu_len = 32, current_pdu_sent = 0 returning 32 bytes. >[2005/03/31 14:07:39, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..32] >[2005/03/31 14:07:39, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:39, 5] lib/util.c:show_msg(474) > size=88 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=824 > smb_uid=100 > smb_mid=512 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 32 (0x20) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 32 (0x20) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=33 >[2005/03/31 14:07:39, 10] lib/util.c:dump_data(1995) > [000] 00 05 00 03 23 10 00 00 00 20 00 00 00 02 00 00 ....#... . ...... > [010] 00 00 00 00 00 00 00 00 00 02 00 01 1C 00 00 00 ........ ........ > [020] 00 . >[2005/03/31 14:07:39, 6] lib/util_sock.c:write_socket(449) > write_socket(25,92) >[2005/03/31 14:07:39, 6] lib/util_sock.c:write_socket(452) > write_socket(25,92) wrote 92 >[2005/03/31 14:07:39, 10] lib/util_sock.c:read_smb_length_return_keepalive(505) > got smb length of 130 >[2005/03/31 14:07:39, 6] smbd/process.c:process_smb(1090) > got message type 0x0 of len 0x82 >[2005/03/31 14:07:39, 3] smbd/process.c:process_smb(1091) > Transaction 9 of length 134 >[2005/03/31 14:07:39, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:39, 5] lib/util.c:show_msg(474) > size=130 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=824 > smb_uid=100 > smb_mid=576 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 46 (0x2E) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 46 (0x2E) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29610 (0x73AA) > smb_bcc=63 >[2005/03/31 14:07:39, 10] lib/util.c:dump_data(1995) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 2E 00 00 00 03 00 00 ........ ........ > [020] 00 16 00 00 00 00 00 07 00 00 00 00 00 01 00 00 ........ ........ > [030] 00 00 00 00 00 7B 4A 4C 42 D1 51 00 00 03 00 .....{JL B.Q.... >[2005/03/31 14:07:39, 3] smbd/process.c:switch_message(886) > switch message SMBtrans (pid 20945) conn 0x8333878 >[2005/03/31 14:07:39, 4] smbd/uid.c:change_to_user(194) > change_to_user: Skipping user change - already user >[2005/03/31 14:07:39, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=46 params=0 setup=2 >[2005/03/31 14:07:39, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2005/03/31 14:07:39, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2005/03/31 14:07:39, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2005/03/31 14:07:39, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1168) > search for pipe pnum=73aa >[2005/03/31 14:07:39, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) > pipe name lsarpc pnum=73aa (pipes_open=1) >[2005/03/31 14:07:39, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "lsarpc" (pnum 73aa) >[2005/03/31 14:07:39, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x8332388 max_trans_reply: 1024 >[2005/03/31 14:07:39, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(852) > write_to_pipe: 73aa name: lsarpc open: Yes len: 46 >[2005/03/31 14:07:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) > write_to_pipe: data_left = 46 >[2005/03/31 14:07:39, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 46 >[2005/03/31 14:07:39, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) > fill_rpc_header: data_to_copy = 46, len_needed_to_complete_hdr = 16, receive_len = 0 >[2005/03/31 14:07:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) > write_to_pipe: data_used = 16 >[2005/03/31 14:07:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) > write_to_pipe: data_left = 30 >[2005/03/31 14:07:39, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 30 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0000 major : 05 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0001 minor : 00 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0002 pkt_type : 00 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0003 flags : 03 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0004 pack_type0: 10 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0005 pack_type1: 00 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0006 pack_type2: 00 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0007 pack_type3: 00 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 frag_len : 002e >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000a auth_len : 0000 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 000c call_id : 00000003 >[2005/03/31 14:07:39, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) > unmarshall_rpc_header: using little-endian RPC >[2005/03/31 14:07:39, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) > unmarshall_rpc_header: type = 0, flags = 3 >[2005/03/31 14:07:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) > write_to_pipe: data_used = 0 >[2005/03/31 14:07:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) > write_to_pipe: data_left = 30 >[2005/03/31 14:07:39, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 30, incoming data = 30 >[2005/03/31 14:07:39, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(720) > process_complete_pdu: processing packet type 0 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0000 alloc_hint: 00000016 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0004 context_id: 0000 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0006 opnum : 0007 >[2005/03/31 14:07:39, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) > free_pipe_context: destroying talloc pool of size 0 >[2005/03/31 14:07:39, 5] rpc_server/srv_pipe.c:api_pipe_request(1497) > Requested \PIPE\lsarpc >[2005/03/31 14:07:39, 4] rpc_server/srv_pipe.c:api_rpcTNP(1531) > api_rpcTNP: lsarpc op 0x7 - api_rpcTNP: rpc command: LSA_QUERYINFOPOLICY >[2005/03/31 14:07:39, 6] rpc_server/srv_pipe.c:api_rpcTNP(1557) > api_rpc_cmds[2].fn == 0x80fbd10 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 lsa_io_q_query >[2005/03/31 14:07:39, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0000 data1: 00000000 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0004 data2: 00000001 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 data3: 0000 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000a data4: 0000 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8s(729) > 000c data5: 7b 4a 4c 42 d1 51 00 00 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0014 info_class: 0003 >[2005/03/31 14:07:39, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 01 00 00 00 00 00 00 00 7B 4A 4C 42 ........ ....{JLB > [010] D1 51 00 00 .Q.. >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 lsa_io_r_query >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0000 undoc_buffer: 22000000 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0004 info_class: 0003 >[2005/03/31 14:07:39, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000008 lsa_io_dom_query >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 uni_dom_max_len: 0008 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000a uni_dom_str_len: 000a >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 000c buffer_dom_name: 00000001 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0010 buffer_dom_sid : 00000001 >[2005/03/31 14:07:39, 7] rpc_parse/parse_prs.c:prs_debug(82) > 000014 smb_io_unistr2 unistr2 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0014 uni_max_len: 00000005 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0018 offset : 00000000 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 001c uni_str_len: 00000004 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:dbg_rw_punival(814) > 0020 buffer : C.O.R.P. >[2005/03/31 14:07:39, 7] rpc_parse/parse_prs.c:prs_debug(82) > 000028 smb_io_dom_sid2 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0028 num_auths: 00000004 >[2005/03/31 14:07:39, 8] rpc_parse/parse_prs.c:prs_debug(82) > 00002c smb_io_dom_sid sid >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 002c sid_rev_num: 01 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 002d num_auths : 04 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 002e id_auth[0] : 00 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 002f id_auth[1] : 00 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0030 id_auth[2] : 00 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0031 id_auth[3] : 00 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0032 id_auth[4] : 00 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0033 id_auth[5] : 05 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint32s(869) > 0034 sub_auths : 00000015 2b3b9900 65e8f5b8 ad7e05b8 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_ntstatus(672) > 0044 status: NT_STATUS_OK >[2005/03/31 14:07:39, 5] rpc_server/srv_pipe.c:api_rpcTNP(1578) > api_rpcTNP: called lsarpc successfully >[2005/03/31 14:07:39, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) > free_pipe_context: destroying talloc pool of size 10 >[2005/03/31 14:07:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) > write_to_pipe: data_used = 30 >[2005/03/31 14:07:39, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(909) > read_from_pipe: 73aa name: lsarpc len: 1024 >[2005/03/31 14:07:39, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(982) > read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 72. >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr hdr >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0000 major : 05 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0001 minor : 00 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0002 pkt_type : 02 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0003 flags : 03 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0004 pack_type0: 10 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0005 pack_type1: 00 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0006 pack_type2: 00 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0007 pack_type3: 00 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 frag_len : 0060 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000a auth_len : 0000 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 000c call_id : 00000003 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0010 alloc_hint: 00000048 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0014 context_id: 0000 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0016 cancel_ct : 00 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0017 reserved : 00 >[2005/03/31 14:07:39, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..96] >[2005/03/31 14:07:39, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:39, 5] lib/util.c:show_msg(474) > size=152 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=824 > smb_uid=100 > smb_mid=576 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 96 (0x60) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 96 (0x60) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=97 >[2005/03/31 14:07:39, 10] lib/util.c:dump_data(1995) > [000] 00 05 00 02 03 10 00 00 00 60 00 00 00 03 00 00 ........ .`...... > [010] 00 48 00 00 00 00 00 00 00 00 00 00 22 03 00 00 .H...... ...."... > [020] 00 08 00 0A 00 01 00 00 00 01 00 00 00 05 00 00 ........ ........ > [030] 00 00 00 00 00 04 00 00 00 43 00 4F 00 52 00 50 ........ .C.O.R.P > [040] 00 04 00 00 00 01 04 00 00 00 00 00 05 15 00 00 ........ ........ > [050] 00 00 99 3B 2B B8 F5 E8 65 B8 05 7E AD 00 00 00 ...;+... e..~.... > [060] 00 . >[2005/03/31 14:07:39, 6] lib/util_sock.c:write_socket(449) > write_socket(25,156) >[2005/03/31 14:07:39, 6] lib/util_sock.c:write_socket(452) > write_socket(25,156) wrote 156 >[2005/03/31 14:07:39, 10] lib/util_sock.c:read_smb_length_return_keepalive(505) > got smb length of 100 >[2005/03/31 14:07:39, 6] smbd/process.c:process_smb(1090) > got message type 0x0 of len 0x64 >[2005/03/31 14:07:39, 3] smbd/process.c:process_smb(1091) > Transaction 10 of length 104 >[2005/03/31 14:07:39, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:39, 5] lib/util.c:show_msg(474) > size=100 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=824 > smb_uid=100 > smb_mid=640 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 3584 (0xE00) > smb_vwv[ 3]= 5632 (0x1600) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 513 (0x201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 768 (0x300) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]=16384 (0x4000) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 768 (0x300) > smb_bcc=17 >[2005/03/31 14:07:39, 10] lib/util.c:dump_data(1995) > [000] 00 5C 00 77 00 69 00 6E 00 72 00 65 00 67 00 00 .\.w.i.n .r.e.g.. > [010] 00 . >[2005/03/31 14:07:39, 3] smbd/process.c:switch_message(886) > switch message SMBntcreateX (pid 20945) conn 0x8333878 >[2005/03/31 14:07:39, 4] smbd/uid.c:change_to_user(194) > change_to_user: Skipping user change - already user >[2005/03/31 14:07:39, 10] smbd/nttrans.c:reply_ntcreate_and_X(607) > reply_ntcreateX: flags = 0x16, desired_access = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0 >[2005/03/31 14:07:39, 4] smbd/nttrans.c:nt_open_pipe(497) > nt_open_pipe: Opening pipe \winreg. >[2005/03/31 14:07:39, 3] smbd/nttrans.c:nt_open_pipe(514) > nt_open_pipe: Known pipe winreg opening. >[2005/03/31 14:07:39, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(178) > Open pipe requested winreg (pipes_open=1) >[2005/03/31 14:07:39, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(205) > open_rpc_pipe_p: name lsarpc pnum=73aa >[2005/03/31 14:07:39, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(278) > Create pipe requested winreg >[2005/03/31 14:07:39, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(77) > init_pipe_handles: created handle list for pipe winreg >[2005/03/31 14:07:39, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93) > init_pipe_handles: pipe_handles ref count = 1 for pipe winreg >[2005/03/31 14:07:39, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(370) > Created internal pipe winreg (pipes_open=1) >[2005/03/31 14:07:39, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(257) > Opened pipe winreg with handle 73ab (pipes_open=2) >[2005/03/31 14:07:39, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(263) > open pipes: name winreg pnum=73ab >[2005/03/31 14:07:39, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(263) > open pipes: name lsarpc pnum=73aa >[2005/03/31 14:07:39, 5] smbd/nttrans.c:do_ntcreate_pipe_open(562) > do_ntcreate_pipe_open: open pipe = \winreg >[2005/03/31 14:07:39, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:39, 5] lib/util.c:show_msg(474) > size=103 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=824 > smb_uid=100 > smb_mid=640 > smt_wct=34 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]=43776 (0xAB00) > smb_vwv[ 3]= 371 (0x173) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 0 (0x0) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 0 (0x0) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]=32768 (0x8000) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_vwv[24]= 0 (0x0) > smb_vwv[25]= 0 (0x0) > smb_vwv[26]= 0 (0x0) > smb_vwv[27]= 0 (0x0) > smb_vwv[28]= 0 (0x0) > smb_vwv[29]= 0 (0x0) > smb_vwv[30]= 0 (0x0) > smb_vwv[31]= 512 (0x200) > smb_vwv[32]=65280 (0xFF00) > smb_vwv[33]= 5 (0x5) > smb_bcc=0 >[2005/03/31 14:07:39, 6] lib/util_sock.c:write_socket(449) > write_socket(25,107) >[2005/03/31 14:07:39, 6] lib/util_sock.c:write_socket(452) > write_socket(25,107) wrote 107 >[2005/03/31 14:07:39, 10] lib/util_sock.c:read_smb_length_return_keepalive(505) > got smb length of 136 >[2005/03/31 14:07:39, 6] smbd/process.c:process_smb(1090) > got message type 0x0 of len 0x88 >[2005/03/31 14:07:39, 3] smbd/process.c:process_smb(1091) > Transaction 11 of length 140 >[2005/03/31 14:07:39, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:39, 5] lib/util.c:show_msg(474) > size=136 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=704 > smt_wct=14 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=29611 (0x73AB) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]=65535 (0xFFFF) > smb_vwv[ 6]=65535 (0xFFFF) > smb_vwv[ 7]= 8 (0x8) > smb_vwv[ 8]= 72 (0x48) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 72 (0x48) > smb_vwv[11]= 64 (0x40) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_bcc=73 >[2005/03/31 14:07:39, 10] lib/util.c:dump_data(1995) > [000] EE 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... > [010] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ > [020] 00 01 D0 8C 33 44 22 F1 31 AA AA 90 00 38 00 10 ....3D". 1....8.. > [030] 03 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ > [040] 00 2B 10 48 60 02 00 00 00 .+.H`... . >[2005/03/31 14:07:39, 3] smbd/process.c:switch_message(886) > switch message SMBwriteX (pid 20945) conn 0x8333878 >[2005/03/31 14:07:39, 4] smbd/uid.c:change_to_user(194) > change_to_user: Skipping user change - already user >[2005/03/31 14:07:39, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1168) > search for pipe pnum=73ab >[2005/03/31 14:07:39, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) > pipe name winreg pnum=73ab (pipes_open=2) >[2005/03/31 14:07:39, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) > pipe name lsarpc pnum=73aa (pipes_open=2) >[2005/03/31 14:07:39, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(852) > write_to_pipe: 73ab name: winreg open: Yes len: 72 >[2005/03/31 14:07:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) > write_to_pipe: data_left = 72 >[2005/03/31 14:07:39, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 >[2005/03/31 14:07:39, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) > fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 >[2005/03/31 14:07:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) > write_to_pipe: data_used = 16 >[2005/03/31 14:07:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) > write_to_pipe: data_left = 56 >[2005/03/31 14:07:39, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0000 major : 05 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0001 minor : 00 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0002 pkt_type : 0b >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0003 flags : 03 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0004 pack_type0: 10 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0005 pack_type1: 00 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0006 pack_type2: 00 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0007 pack_type3: 00 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 frag_len : 0048 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000a auth_len : 0000 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 000c call_id : 00000001 >[2005/03/31 14:07:39, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) > unmarshall_rpc_header: using little-endian RPC >[2005/03/31 14:07:39, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) > unmarshall_rpc_header: type = 11, flags = 3 >[2005/03/31 14:07:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) > write_to_pipe: data_used = 0 >[2005/03/31 14:07:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) > write_to_pipe: data_left = 56 >[2005/03/31 14:07:39, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 56, incoming data = 56 >[2005/03/31 14:07:39, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(720) > process_complete_pdu: processing packet type 11 >[2005/03/31 14:07:39, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(876) > api_pipe_bind_req: decode request. 876 >[2005/03/31 14:07:39, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(887) > api_pipe_bind_req: \PIPE\winreg -> \PIPE\winreg >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_rb >[2005/03/31 14:07:39, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_bba >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0000 max_tsize: 10b8 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0002 max_rsize: 10b8 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0004 assoc_gid: 00000000 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0008 num_elements: 00000001 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000c context_id : 0000 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 000e num_syntaxes: 01 >[2005/03/31 14:07:39, 6] rpc_parse/parse_prs.c:prs_debug(82) > 00000f smb_io_rpc_iface >[2005/03/31 14:07:39, 7] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_uuid uuid >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0010 data : 338cd001 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0014 data : 2244 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0016 data : 31f1 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8s(729) > 0018 data : aa aa >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8s(729) > 001a data : 90 00 38 00 10 03 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0020 version: 00000001 >[2005/03/31 14:07:39, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000024 smb_io_rpc_iface >[2005/03/31 14:07:39, 7] rpc_parse/parse_prs.c:prs_debug(82) > 000024 smb_io_uuid uuid >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0024 data : 8a885d04 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0028 data : 1ceb >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 002a data : 11c9 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8s(729) > 002c data : 9f e8 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8s(729) > 002e data : 08 00 2b 10 48 60 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0034 version: 00000002 >[2005/03/31 14:07:39, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1017) > api_pipe_bind_req: make response. 1017 >[2005/03/31 14:07:39, 3] rpc_server/srv_pipe.c:check_bind_req(762) > check_bind_req for \PIPE\winreg >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_ba >[2005/03/31 14:07:39, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_bba >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0000 max_tsize: 10b8 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0002 max_rsize: 10b8 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0004 assoc_gid: 000053f0 >[2005/03/31 14:07:39, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000008 smb_io_rpc_addr_str >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 len: 000d >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8s(729) > 000a str: \PIPE\winreg. >[2005/03/31 14:07:39, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000017 smb_io_rpc_results >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0018 num_results: 01 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 001c result : 0000 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 001e reason : 0000 >[2005/03/31 14:07:39, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000020 smb_io_rpc_iface >[2005/03/31 14:07:39, 7] rpc_parse/parse_prs.c:prs_debug(82) > 000020 smb_io_uuid uuid >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0020 data : 8a885d04 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0024 data : 1ceb >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0026 data : 11c9 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8s(729) > 0028 data : 9f e8 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8s(729) > 002a data : 08 00 2b 10 48 60 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0030 version: 00000002 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0000 major : 05 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0001 minor : 00 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0002 pkt_type : 0c >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0003 flags : 03 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0004 pack_type0: 10 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0005 pack_type1: 00 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0006 pack_type2: 00 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0007 pack_type3: 00 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 frag_len : 0044 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000a auth_len : 0000 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 000c call_id : 00000001 >[2005/03/31 14:07:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) > write_to_pipe: data_used = 56 >[2005/03/31 14:07:39, 3] smbd/pipes.c:reply_pipe_write_and_X(199) > writeX-IPC pnum=73ab nwritten=72 >[2005/03/31 14:07:39, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:39, 5] lib/util.c:show_msg(474) > size=47 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=704 > smt_wct=6 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 72 (0x48) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_bcc=0 >[2005/03/31 14:07:39, 6] lib/util_sock.c:write_socket(449) > write_socket(25,51) >[2005/03/31 14:07:39, 6] lib/util_sock.c:write_socket(452) > write_socket(25,51) wrote 51 >[2005/03/31 14:07:39, 10] lib/util_sock.c:read_smb_length_return_keepalive(505) > got smb length of 59 >[2005/03/31 14:07:39, 6] smbd/process.c:process_smb(1090) > got message type 0x0 of len 0x3b >[2005/03/31 14:07:39, 3] smbd/process.c:process_smb(1091) > Transaction 12 of length 63 >[2005/03/31 14:07:39, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:39, 5] lib/util.c:show_msg(474) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=768 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=29611 (0x73AB) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 1024 (0x400) > smb_vwv[ 6]= 1024 (0x400) > smb_vwv[ 7]=65535 (0xFFFF) > smb_vwv[ 8]=65535 (0xFFFF) > smb_vwv[ 9]= 1024 (0x400) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2005/03/31 14:07:39, 3] smbd/process.c:switch_message(886) > switch message SMBreadX (pid 20945) conn 0x8333878 >[2005/03/31 14:07:39, 4] smbd/uid.c:change_to_user(194) > change_to_user: Skipping user change - already user >[2005/03/31 14:07:39, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1168) > search for pipe pnum=73ab >[2005/03/31 14:07:39, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) > pipe name winreg pnum=73ab (pipes_open=2) >[2005/03/31 14:07:39, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) > pipe name lsarpc pnum=73aa (pipes_open=2) >[2005/03/31 14:07:39, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(909) > read_from_pipe: 73ab name: winreg len: 1024 >[2005/03/31 14:07:39, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(968) > read_from_pipe: winreg: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. >[2005/03/31 14:07:39, 3] smbd/pipes.c:reply_pipe_read_and_X(242) > readX-IPC pnum=73ab min=1024 max=1024 nread=68 >[2005/03/31 14:07:39, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:39, 5] lib/util.c:show_msg(474) > size=127 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=768 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 68 (0x44) > smb_vwv[ 6]= 59 (0x3B) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=68 >[2005/03/31 14:07:39, 10] lib/util.c:dump_data(1995) > [000] 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 00 ........ D....... > [010] B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 5C .....S.. ..\PIPE\ > [020] 77 69 6E 72 65 67 00 00 01 00 00 00 00 00 00 00 winreg.. ........ > [030] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` > [040] 02 00 00 00 .... >[2005/03/31 14:07:39, 6] lib/util_sock.c:write_socket(449) > write_socket(25,131) >[2005/03/31 14:07:39, 6] lib/util_sock.c:write_socket(452) > write_socket(25,131) wrote 131 >[2005/03/31 14:07:39, 10] lib/util_sock.c:read_smb_length_return_keepalive(505) > got smb length of 120 >[2005/03/31 14:07:39, 6] smbd/process.c:process_smb(1090) > got message type 0x0 of len 0x78 >[2005/03/31 14:07:39, 3] smbd/process.c:process_smb(1091) > Transaction 13 of length 124 >[2005/03/31 14:07:39, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:39, 5] lib/util.c:show_msg(474) > size=120 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=824 > smb_uid=100 > smb_mid=832 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 36 (0x24) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 36 (0x24) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29611 (0x73AB) > smb_bcc=53 >[2005/03/31 14:07:39, 10] lib/util.c:dump_data(1995) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 24 00 00 00 01 00 00 ........ .$...... > [020] 00 0C 00 00 00 00 00 02 00 08 F5 14 01 D8 E5 01 ........ ........ > [030] 00 00 00 00 02 ..... >[2005/03/31 14:07:39, 3] smbd/process.c:switch_message(886) > switch message SMBtrans (pid 20945) conn 0x8333878 >[2005/03/31 14:07:39, 4] smbd/uid.c:change_to_user(194) > change_to_user: Skipping user change - already user >[2005/03/31 14:07:39, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=36 params=0 setup=2 >[2005/03/31 14:07:39, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2005/03/31 14:07:39, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2005/03/31 14:07:39, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2005/03/31 14:07:39, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1168) > search for pipe pnum=73ab >[2005/03/31 14:07:39, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) > pipe name winreg pnum=73ab (pipes_open=2) >[2005/03/31 14:07:39, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) > pipe name lsarpc pnum=73aa (pipes_open=2) >[2005/03/31 14:07:39, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "winreg" (pnum 73ab) >[2005/03/31 14:07:39, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x830eed8 max_trans_reply: 1024 >[2005/03/31 14:07:39, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(852) > write_to_pipe: 73ab name: winreg open: Yes len: 36 >[2005/03/31 14:07:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) > write_to_pipe: data_left = 36 >[2005/03/31 14:07:39, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 36 >[2005/03/31 14:07:39, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) > fill_rpc_header: data_to_copy = 36, len_needed_to_complete_hdr = 16, receive_len = 0 >[2005/03/31 14:07:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) > write_to_pipe: data_used = 16 >[2005/03/31 14:07:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) > write_to_pipe: data_left = 20 >[2005/03/31 14:07:39, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 20 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0000 major : 05 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0001 minor : 00 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0002 pkt_type : 00 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0003 flags : 03 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0004 pack_type0: 10 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0005 pack_type1: 00 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0006 pack_type2: 00 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0007 pack_type3: 00 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 frag_len : 0024 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000a auth_len : 0000 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 000c call_id : 00000001 >[2005/03/31 14:07:39, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) > unmarshall_rpc_header: using little-endian RPC >[2005/03/31 14:07:39, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) > unmarshall_rpc_header: type = 0, flags = 3 >[2005/03/31 14:07:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) > write_to_pipe: data_used = 0 >[2005/03/31 14:07:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) > write_to_pipe: data_left = 20 >[2005/03/31 14:07:39, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 20, incoming data = 20 >[2005/03/31 14:07:39, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(720) > process_complete_pdu: processing packet type 0 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0000 alloc_hint: 0000000c >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0004 context_id: 0000 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0006 opnum : 0002 >[2005/03/31 14:07:39, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) > free_pipe_context: destroying talloc pool of size 0 >[2005/03/31 14:07:39, 5] rpc_server/srv_pipe.c:api_pipe_request(1497) > Requested \PIPE\winreg >[2005/03/31 14:07:39, 4] rpc_server/srv_pipe.c:api_rpcTNP(1531) > api_rpcTNP: winreg op 0x2 - api_rpcTNP: rpc command: REG_OPEN_HKLM >[2005/03/31 14:07:39, 6] rpc_server/srv_pipe.c:api_rpcTNP(1557) > api_rpc_cmds[3].fn == 0x80ff280 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 reg_io_q_open_hklm >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0000 ptr : 0114f508 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0004 unknown_0: e5d8 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0006 unknown_1: 0001 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0008 access_mask: 02000000 >[2005/03/31 14:07:39, 7] rpc_server/srv_reg_nt.c:open_registry_key(92) > open_registry_key: name = [NULL][HKLM] >[2005/03/31 14:07:39, 10] registry/reg_cachehook.c:reghook_cache_find(95) > reghook_cache_find: Searching for keyname [/HKLM] >[2005/03/31 14:07:39, 10] lib/adt_tree.c:pathtree_find(388) > pathtree_find: Enter [/HKLM] >[2005/03/31 14:07:39, 10] lib/adt_tree.c:pathtree_find(460) > pathtree_find: Exit >[2005/03/31 14:07:39, 10] registry/reg_db.c:regdb_fetch_reg_keys(245) > regdb_fetch_reg_keys: Enter key => [HKLM] >[2005/03/31 14:07:39, 10] registry/reg_db.c:regdb_fetch_reg_keys(272) > regdb_fetch_reg_keys: Exit [1] items >[2005/03/31 14:07:39, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) > Opened policy hnd[1] [000] 00 00 00 00 02 00 00 00 00 00 00 00 7B 4A 4C 42 ........ ....{JLB > [010] D1 51 00 00 .Q.. >[2005/03/31 14:07:39, 7] rpc_server/srv_reg_nt.c:open_registry_key(164) > open_registry_key: exit >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 reg_io_r_open_hklm >[2005/03/31 14:07:39, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0000 data1: 00000000 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0004 data2: 00000002 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 data3: 0000 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000a data4: 0000 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8s(729) > 000c data5: 7b 4a 4c 42 d1 51 00 00 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_werror(702) > 0014 status: WERR_OK >[2005/03/31 14:07:39, 5] rpc_server/srv_pipe.c:api_rpcTNP(1578) > api_rpcTNP: called winreg successfully >[2005/03/31 14:07:39, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) > free_pipe_context: destroying talloc pool of size 0 >[2005/03/31 14:07:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) > write_to_pipe: data_used = 20 >[2005/03/31 14:07:39, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(909) > read_from_pipe: 73ab name: winreg len: 1024 >[2005/03/31 14:07:39, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(982) > read_from_pipe: winreg: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr hdr >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0000 major : 05 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0001 minor : 00 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0002 pkt_type : 02 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0003 flags : 03 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0004 pack_type0: 10 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0005 pack_type1: 00 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0006 pack_type2: 00 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0007 pack_type3: 00 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 frag_len : 0030 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000a auth_len : 0000 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 000c call_id : 00000001 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0010 alloc_hint: 00000018 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0014 context_id: 0000 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0016 cancel_ct : 00 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0017 reserved : 00 >[2005/03/31 14:07:39, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..48] >[2005/03/31 14:07:39, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:39, 5] lib/util.c:show_msg(474) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=824 > smb_uid=100 > smb_mid=832 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2005/03/31 14:07:39, 10] lib/util.c:dump_data(1995) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 01 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 02 00 00 ........ ........ > [020] 00 00 00 00 00 7B 4A 4C 42 D1 51 00 00 00 00 00 .....{JL B.Q..... > [030] 00 . >[2005/03/31 14:07:39, 6] lib/util_sock.c:write_socket(449) > write_socket(25,108) >[2005/03/31 14:07:39, 6] lib/util_sock.c:write_socket(452) > write_socket(25,108) wrote 108 >[2005/03/31 14:07:39, 10] lib/util_sock.c:read_smb_length_return_keepalive(505) > got smb length of 268 >[2005/03/31 14:07:39, 6] smbd/process.c:process_smb(1090) > got message type 0x0 of len 0x10c >[2005/03/31 14:07:39, 3] smbd/process.c:process_smb(1091) > Transaction 14 of length 272 >[2005/03/31 14:07:39, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:39, 5] lib/util.c:show_msg(474) > size=268 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=824 > smb_uid=100 > smb_mid=896 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 184 (0xB8) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 184 (0xB8) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29611 (0x73AB) > smb_bcc=201 >[2005/03/31 14:07:39, 10] lib/util.c:dump_data(1995) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 B8 00 00 00 02 00 00 ........ ........ > [020] 00 A0 00 00 00 00 00 0F 00 00 00 00 00 02 00 00 ........ ........ > [030] 00 00 00 00 00 7B 4A 4C 42 D1 51 00 00 6E 00 6E .....{JL B.Q..n.n > [040] 00 30 7A E5 76 37 00 00 00 00 00 00 00 37 00 00 .0z.v7.. .....7.. > [050] 00 53 00 79 00 73 00 74 00 65 00 6D 00 5C 00 43 .S.y.s.t .e.m.\.C > [060] 00 75 00 72 00 72 00 65 00 6E 00 74 00 43 00 6F .u.r.r.e .n.t.C.o > [070] 00 6E 00 74 00 72 00 6F 00 6C 00 53 00 65 00 74 .n.t.r.o .l.S.e.t > [080] 00 5C 00 73 00 65 00 72 00 76 00 69 00 63 00 65 .\.s.e.r .v.i.c.e > [090] 00 73 00 5C 00 4E 00 65 00 74 00 6C 00 6F 00 67 .s.\.N.e .t.l.o.g > [0A0] 00 6F 00 6E 00 5C 00 70 00 61 00 72 00 61 00 6D .o.n.\.p .a.r.a.m > [0B0] 00 65 00 74 00 65 00 72 00 73 00 5C 00 00 00 00 .e.t.e.r .s.\.... > [0C0] 00 00 00 00 00 19 00 02 00 ........ . >[2005/03/31 14:07:39, 3] smbd/process.c:switch_message(886) > switch message SMBtrans (pid 20945) conn 0x8333878 >[2005/03/31 14:07:39, 4] smbd/uid.c:change_to_user(194) > change_to_user: Skipping user change - already user >[2005/03/31 14:07:39, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=184 params=0 setup=2 >[2005/03/31 14:07:39, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2005/03/31 14:07:39, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2005/03/31 14:07:39, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2005/03/31 14:07:39, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1168) > search for pipe pnum=73ab >[2005/03/31 14:07:39, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) > pipe name winreg pnum=73ab (pipes_open=2) >[2005/03/31 14:07:39, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) > pipe name lsarpc pnum=73aa (pipes_open=2) >[2005/03/31 14:07:39, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "winreg" (pnum 73ab) >[2005/03/31 14:07:39, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x830eed8 max_trans_reply: 1024 >[2005/03/31 14:07:39, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(852) > write_to_pipe: 73ab name: winreg open: Yes len: 184 >[2005/03/31 14:07:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) > write_to_pipe: data_left = 184 >[2005/03/31 14:07:39, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 184 >[2005/03/31 14:07:39, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) > fill_rpc_header: data_to_copy = 184, len_needed_to_complete_hdr = 16, receive_len = 0 >[2005/03/31 14:07:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) > write_to_pipe: data_used = 16 >[2005/03/31 14:07:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) > write_to_pipe: data_left = 168 >[2005/03/31 14:07:39, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 168 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0000 major : 05 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0001 minor : 00 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0002 pkt_type : 00 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0003 flags : 03 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0004 pack_type0: 10 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0005 pack_type1: 00 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0006 pack_type2: 00 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0007 pack_type3: 00 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 frag_len : 00b8 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000a auth_len : 0000 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 000c call_id : 00000002 >[2005/03/31 14:07:39, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) > unmarshall_rpc_header: using little-endian RPC >[2005/03/31 14:07:39, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) > unmarshall_rpc_header: type = 0, flags = 3 >[2005/03/31 14:07:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) > write_to_pipe: data_used = 0 >[2005/03/31 14:07:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) > write_to_pipe: data_left = 168 >[2005/03/31 14:07:39, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 168, incoming data = 168 >[2005/03/31 14:07:39, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(720) > process_complete_pdu: processing packet type 0 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0000 alloc_hint: 000000a0 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0004 context_id: 0000 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0006 opnum : 000f >[2005/03/31 14:07:39, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) > free_pipe_context: destroying talloc pool of size 0 >[2005/03/31 14:07:39, 5] rpc_server/srv_pipe.c:api_pipe_request(1497) > Requested \PIPE\winreg >[2005/03/31 14:07:39, 4] rpc_server/srv_pipe.c:api_rpcTNP(1531) > api_rpcTNP: winreg op 0xf - api_rpcTNP: rpc command: REG_OPEN_ENTRY >[2005/03/31 14:07:39, 6] rpc_server/srv_pipe.c:api_rpcTNP(1557) > api_rpc_cmds[1].fn == 0x80ff3e0 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 reg_io_q_entry >[2005/03/31 14:07:39, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0000 data1: 00000000 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0004 data2: 00000002 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 data3: 0000 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000a data4: 0000 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8s(729) > 000c data5: 7b 4a 4c 42 d1 51 00 00 >[2005/03/31 14:07:39, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000014 smb_io_unihdr >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0014 uni_str_len: 006e >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0016 uni_max_len: 006e >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0018 buffer : 76e57a30 >[2005/03/31 14:07:39, 6] rpc_parse/parse_prs.c:prs_debug(82) > 00001c smb_io_unistr2 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 001c uni_max_len: 00000037 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0020 offset : 00000000 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0024 uni_str_len: 00000037 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:dbg_rw_punival(814) > 0028 buffer : S.y.s.t.e.m.\.C.u.r.r.e.n.t.C.o.n.t.r.o.l.S.e.t.\.s.e.r.v.i.c.e.s.\.N.e.t.l.o.g.o.n.\.p.a.r.a.m.e.t.e.r.s.\... >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0098 unknown_0 : 00000000 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 009c access_desired : 00020019 >[2005/03/31 14:07:39, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 02 00 00 00 00 00 00 00 7B 4A 4C 42 ........ ....{JLB > [010] D1 51 00 00 .Q.. >[2005/03/31 14:07:39, 5] rpc_server/srv_reg_nt.c:_reg_open_entry(326) > reg_open_entry: Enter >[2005/03/31 14:07:39, 7] rpc_server/srv_reg_nt.c:open_registry_key(92) > open_registry_key: name = [HKLM][System\CurrentControlSet\services\Netlogon\parameters\] >[2005/03/31 14:07:39, 10] registry/reg_cachehook.c:reghook_cache_find(95) > reghook_cache_find: Searching for keyname [/HKLM/System/CurrentControlSet/services/Netlogon/parameters] >[2005/03/31 14:07:39, 10] lib/adt_tree.c:pathtree_find(388) > pathtree_find: Enter [/HKLM/System/CurrentControlSet/services/Netlogon/parameters] >[2005/03/31 14:07:39, 10] lib/adt_tree.c:pathtree_find(460) > pathtree_find: Exit >[2005/03/31 14:07:39, 10] registry/reg_db.c:regdb_fetch_reg_keys(245) > regdb_fetch_reg_keys: Enter key => [HKLM\System\CurrentControlSet\services\Netlogon\parameters] >[2005/03/31 14:07:39, 10] registry/reg_db.c:regdb_fetch_reg_keys(272) > regdb_fetch_reg_keys: Exit [0] items >[2005/03/31 14:07:39, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) > Opened policy hnd[2] [000] 00 00 00 00 03 00 00 00 00 00 00 00 7B 4A 4C 42 ........ ....{JLB > [010] D1 51 00 00 .Q.. >[2005/03/31 14:07:39, 7] rpc_server/srv_reg_nt.c:open_registry_key(164) > open_registry_key: exit >[2005/03/31 14:07:39, 5] rpc_server/srv_reg_nt.c:_reg_open_entry(337) > reg_open_entry: Exit >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 reg_io_r_open_entry >[2005/03/31 14:07:39, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0000 data1: 00000000 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0004 data2: 00000003 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 data3: 0000 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000a data4: 0000 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8s(729) > 000c data5: 7b 4a 4c 42 d1 51 00 00 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_werror(702) > 0014 status: WERR_OK >[2005/03/31 14:07:39, 5] rpc_server/srv_pipe.c:api_rpcTNP(1578) > api_rpcTNP: called winreg successfully >[2005/03/31 14:07:39, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) > free_pipe_context: destroying talloc pool of size 110 >[2005/03/31 14:07:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) > write_to_pipe: data_used = 168 >[2005/03/31 14:07:39, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(909) > read_from_pipe: 73ab name: winreg len: 1024 >[2005/03/31 14:07:39, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(982) > read_from_pipe: winreg: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr hdr >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0000 major : 05 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0001 minor : 00 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0002 pkt_type : 02 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0003 flags : 03 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0004 pack_type0: 10 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0005 pack_type1: 00 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0006 pack_type2: 00 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0007 pack_type3: 00 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 frag_len : 0030 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000a auth_len : 0000 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 000c call_id : 00000002 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0010 alloc_hint: 00000018 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0014 context_id: 0000 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0016 cancel_ct : 00 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0017 reserved : 00 >[2005/03/31 14:07:39, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..48] >[2005/03/31 14:07:39, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:39, 5] lib/util.c:show_msg(474) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=824 > smb_uid=100 > smb_mid=896 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2005/03/31 14:07:39, 10] lib/util.c:dump_data(1995) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 02 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 03 00 00 ........ ........ > [020] 00 00 00 00 00 7B 4A 4C 42 D1 51 00 00 00 00 00 .....{JL B.Q..... > [030] 00 . >[2005/03/31 14:07:39, 6] lib/util_sock.c:write_socket(449) > write_socket(25,108) >[2005/03/31 14:07:39, 6] lib/util_sock.c:write_socket(452) > write_socket(25,108) wrote 108 >[2005/03/31 14:07:39, 10] lib/util_sock.c:read_smb_length_return_keepalive(505) > got smb length of 232 >[2005/03/31 14:07:39, 6] smbd/process.c:process_smb(1090) > got message type 0x0 of len 0xe8 >[2005/03/31 14:07:39, 3] smbd/process.c:process_smb(1091) > Transaction 15 of length 236 >[2005/03/31 14:07:39, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:39, 5] lib/util.c:show_msg(474) > size=232 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=824 > smb_uid=100 > smb_mid=960 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 148 (0x94) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 148 (0x94) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29611 (0x73AB) > smb_bcc=165 >[2005/03/31 14:07:39, 10] lib/util.c:dump_data(1995) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 94 00 00 00 03 00 00 ........ ........ > [020] 00 7C 00 00 00 00 00 11 00 00 00 00 00 03 00 00 .|...... ........ > [030] 00 00 00 00 00 7B 4A 4C 42 D1 51 00 00 2A 00 2A .....{JL B.Q..*.* > [040] 00 04 7A E5 76 15 00 00 00 00 00 00 00 15 00 00 ..z.v... ........ > [050] 00 52 00 65 00 66 00 75 00 73 00 65 00 50 00 61 .R.e.f.u .s.e.P.a > [060] 00 73 00 73 00 77 00 6F 00 72 00 64 00 43 00 68 .s.s.w.o .r.d.C.h > [070] 00 61 00 6E 00 67 00 65 00 00 00 53 00 64 F5 14 .a.n.g.e ...S.d.. > [080] 01 94 F5 14 01 94 F5 14 01 04 00 00 00 00 00 00 ........ ........ > [090] 00 00 00 00 00 5C F5 14 01 04 00 00 00 54 F5 14 .....\.. .....T.. > [0A0] 01 00 00 00 00 ..... >[2005/03/31 14:07:39, 3] smbd/process.c:switch_message(886) > switch message SMBtrans (pid 20945) conn 0x8333878 >[2005/03/31 14:07:39, 4] smbd/uid.c:change_to_user(194) > change_to_user: Skipping user change - already user >[2005/03/31 14:07:39, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=148 params=0 setup=2 >[2005/03/31 14:07:39, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2005/03/31 14:07:39, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2005/03/31 14:07:39, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2005/03/31 14:07:39, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1168) > search for pipe pnum=73ab >[2005/03/31 14:07:39, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) > pipe name winreg pnum=73ab (pipes_open=2) >[2005/03/31 14:07:39, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) > pipe name lsarpc pnum=73aa (pipes_open=2) >[2005/03/31 14:07:39, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "winreg" (pnum 73ab) >[2005/03/31 14:07:39, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x830eed8 max_trans_reply: 1024 >[2005/03/31 14:07:39, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(852) > write_to_pipe: 73ab name: winreg open: Yes len: 148 >[2005/03/31 14:07:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) > write_to_pipe: data_left = 148 >[2005/03/31 14:07:39, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 148 >[2005/03/31 14:07:39, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) > fill_rpc_header: data_to_copy = 148, len_needed_to_complete_hdr = 16, receive_len = 0 >[2005/03/31 14:07:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) > write_to_pipe: data_used = 16 >[2005/03/31 14:07:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) > write_to_pipe: data_left = 132 >[2005/03/31 14:07:39, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 132 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0000 major : 05 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0001 minor : 00 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0002 pkt_type : 00 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0003 flags : 03 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0004 pack_type0: 10 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0005 pack_type1: 00 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0006 pack_type2: 00 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0007 pack_type3: 00 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 frag_len : 0094 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000a auth_len : 0000 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 000c call_id : 00000003 >[2005/03/31 14:07:39, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) > unmarshall_rpc_header: using little-endian RPC >[2005/03/31 14:07:39, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) > unmarshall_rpc_header: type = 0, flags = 3 >[2005/03/31 14:07:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) > write_to_pipe: data_used = 0 >[2005/03/31 14:07:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) > write_to_pipe: data_left = 132 >[2005/03/31 14:07:39, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 132, incoming data = 132 >[2005/03/31 14:07:39, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(720) > process_complete_pdu: processing packet type 0 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0000 alloc_hint: 0000007c >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0004 context_id: 0000 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0006 opnum : 0011 >[2005/03/31 14:07:39, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) > free_pipe_context: destroying talloc pool of size 0 >[2005/03/31 14:07:39, 5] rpc_server/srv_pipe.c:api_pipe_request(1497) > Requested \PIPE\winreg >[2005/03/31 14:07:39, 4] rpc_server/srv_pipe.c:api_rpcTNP(1531) > api_rpcTNP: winreg op 0x11 - api_rpcTNP: rpc command: REG_INFO >[2005/03/31 14:07:39, 6] rpc_server/srv_pipe.c:api_rpcTNP(1557) > api_rpc_cmds[8].fn == 0x80feee0 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 reg_io_q_info >[2005/03/31 14:07:39, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0000 data1: 00000000 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0004 data2: 00000003 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 data3: 0000 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000a data4: 0000 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8s(729) > 000c data5: 7b 4a 4c 42 d1 51 00 00 >[2005/03/31 14:07:39, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000014 smb_io_unihdr >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0014 uni_str_len: 002a >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0016 uni_max_len: 002a >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0018 buffer : 76e57a04 >[2005/03/31 14:07:39, 6] rpc_parse/parse_prs.c:prs_debug(82) > 00001c smb_io_unistr2 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 001c uni_max_len: 00000015 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0020 offset : 00000000 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0024 uni_str_len: 00000015 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:dbg_rw_punival(814) > 0028 buffer : R.e.f.u.s.e.P.a.s.s.w.o.r.d.C.h.a.n.g.e... >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0054 ptr_reserved: 0114f564 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0058 ptr_buf: 0114f594 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 005c ptr_bufsize: 0114f594 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0060 bufsize: 00000004 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0064 buf_unk: 00000000 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0068 unk1: 00000000 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 006c ptr_buflen: 0114f55c >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0070 buflen: 00000004 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0074 ptr_buflen2: 0114f554 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0078 buflen2: 00000000 >[2005/03/31 14:07:39, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 03 00 00 00 00 00 00 00 7B 4A 4C 42 ........ ....{JLB > [010] D1 51 00 00 .Q.. >[2005/03/31 14:07:39, 5] rpc_server/srv_reg_nt.c:_reg_info(358) > _reg_info: Enter >[2005/03/31 14:07:39, 7] rpc_server/srv_reg_nt.c:_reg_info(363) > _reg_info: policy key name = [HKLM\System\CurrentControlSet\services\Netlogon\parameters] >[2005/03/31 14:07:39, 5] rpc_server/srv_reg_nt.c:_reg_info(367) > reg_info: looking up value: [RefusePasswordChange] >[2005/03/31 14:07:39, 10] lib/account_pol.c:account_policy_get(210) > account_policy_get: refuse machine password change:0 >[2005/03/31 14:07:39, 5] rpc_server/srv_reg_nt.c:_reg_info(447) > _reg_info: Exit >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 reg_io_r_info >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0000 ptr_type: 00000001 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0004 type: 00000004 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0008 ptr_uni_val: 00000001 >[2005/03/31 14:07:39, 6] rpc_parse/parse_prs.c:prs_debug(82) > 00000c smb_io_buffer2 uni_val >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 000c uni_max_len: 00000004 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0010 offset : 00000000 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0014 buf_len : 00000004 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:dbg_rw_punival(814) > 0018 buffer : .... >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 001c ptr_max_len: 00000001 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0020 buf_max_len: 00000004 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0024 ptr_len: 00000001 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0028 buf_len: 00000004 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_werror(702) > 002c status: WERR_OK >[2005/03/31 14:07:39, 5] rpc_server/srv_pipe.c:api_rpcTNP(1578) > api_rpcTNP: called winreg successfully >[2005/03/31 14:07:39, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) > free_pipe_context: destroying talloc pool of size 46 >[2005/03/31 14:07:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) > write_to_pipe: data_used = 132 >[2005/03/31 14:07:39, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(909) > read_from_pipe: 73ab name: winreg len: 1024 >[2005/03/31 14:07:39, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(982) > read_from_pipe: winreg: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 48. >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr hdr >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0000 major : 05 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0001 minor : 00 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0002 pkt_type : 02 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0003 flags : 03 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0004 pack_type0: 10 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0005 pack_type1: 00 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0006 pack_type2: 00 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0007 pack_type3: 00 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 frag_len : 0048 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000a auth_len : 0000 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 000c call_id : 00000003 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0010 alloc_hint: 00000030 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0014 context_id: 0000 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0016 cancel_ct : 00 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0017 reserved : 00 >[2005/03/31 14:07:39, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..72] >[2005/03/31 14:07:39, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:39, 5] lib/util.c:show_msg(474) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=824 > smb_uid=100 > smb_mid=960 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 72 (0x48) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 72 (0x48) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=73 >[2005/03/31 14:07:39, 10] lib/util.c:dump_data(1995) > [000] 00 05 00 02 03 10 00 00 00 48 00 00 00 03 00 00 ........ .H...... > [010] 00 30 00 00 00 00 00 00 00 01 00 00 00 04 00 00 .0...... ........ > [020] 00 01 00 00 00 04 00 00 00 00 00 00 00 04 00 00 ........ ........ > [030] 00 00 00 00 00 01 00 00 00 04 00 00 00 01 00 00 ........ ........ > [040] 00 04 00 00 00 00 00 00 00 ........ . >[2005/03/31 14:07:39, 6] lib/util_sock.c:write_socket(449) > write_socket(25,132) >[2005/03/31 14:07:39, 6] lib/util_sock.c:write_socket(452) > write_socket(25,132) wrote 132 >[2005/03/31 14:07:39, 10] lib/util_sock.c:read_smb_length_return_keepalive(505) > got smb length of 128 >[2005/03/31 14:07:39, 6] smbd/process.c:process_smb(1090) > got message type 0x0 of len 0x80 >[2005/03/31 14:07:39, 3] smbd/process.c:process_smb(1091) > Transaction 16 of length 132 >[2005/03/31 14:07:39, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:39, 5] lib/util.c:show_msg(474) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=824 > smb_uid=100 > smb_mid=1024 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29611 (0x73AB) > smb_bcc=61 >[2005/03/31 14:07:39, 10] lib/util.c:dump_data(1995) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 04 00 00 ........ .,...... > [020] 00 14 00 00 00 00 00 05 00 00 00 00 00 03 00 00 ........ ........ > [030] 00 00 00 00 00 7B 4A 4C 42 D1 51 00 00 .....{JL B.Q.. >[2005/03/31 14:07:39, 3] smbd/process.c:switch_message(886) > switch message SMBtrans (pid 20945) conn 0x8333878 >[2005/03/31 14:07:39, 4] smbd/uid.c:change_to_user(194) > change_to_user: Skipping user change - already user >[2005/03/31 14:07:39, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=44 params=0 setup=2 >[2005/03/31 14:07:39, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2005/03/31 14:07:39, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2005/03/31 14:07:39, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2005/03/31 14:07:39, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1168) > search for pipe pnum=73ab >[2005/03/31 14:07:39, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) > pipe name winreg pnum=73ab (pipes_open=2) >[2005/03/31 14:07:39, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) > pipe name lsarpc pnum=73aa (pipes_open=2) >[2005/03/31 14:07:39, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "winreg" (pnum 73ab) >[2005/03/31 14:07:39, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x830eed8 max_trans_reply: 1024 >[2005/03/31 14:07:39, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(852) > write_to_pipe: 73ab name: winreg open: Yes len: 44 >[2005/03/31 14:07:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) > write_to_pipe: data_left = 44 >[2005/03/31 14:07:39, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 >[2005/03/31 14:07:39, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) > fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 >[2005/03/31 14:07:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) > write_to_pipe: data_used = 16 >[2005/03/31 14:07:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) > write_to_pipe: data_left = 28 >[2005/03/31 14:07:39, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0000 major : 05 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0001 minor : 00 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0002 pkt_type : 00 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0003 flags : 03 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0004 pack_type0: 10 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0005 pack_type1: 00 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0006 pack_type2: 00 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0007 pack_type3: 00 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 frag_len : 002c >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000a auth_len : 0000 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 000c call_id : 00000004 >[2005/03/31 14:07:39, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) > unmarshall_rpc_header: using little-endian RPC >[2005/03/31 14:07:39, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) > unmarshall_rpc_header: type = 0, flags = 3 >[2005/03/31 14:07:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) > write_to_pipe: data_used = 0 >[2005/03/31 14:07:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) > write_to_pipe: data_left = 28 >[2005/03/31 14:07:39, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 28, incoming data = 28 >[2005/03/31 14:07:39, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(720) > process_complete_pdu: processing packet type 0 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0000 alloc_hint: 00000014 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0004 context_id: 0000 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0006 opnum : 0005 >[2005/03/31 14:07:39, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) > free_pipe_context: destroying talloc pool of size 0 >[2005/03/31 14:07:39, 5] rpc_server/srv_pipe.c:api_pipe_request(1497) > Requested \PIPE\winreg >[2005/03/31 14:07:39, 4] rpc_server/srv_pipe.c:api_rpcTNP(1531) > api_rpcTNP: winreg op 0x5 - api_rpcTNP: rpc command: REG_CLOSE >[2005/03/31 14:07:39, 6] rpc_server/srv_pipe.c:api_rpcTNP(1557) > api_rpc_cmds[0].fn == 0x80ff480 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 reg_io_q_close >[2005/03/31 14:07:39, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0000 data1: 00000000 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0004 data2: 00000003 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 data3: 0000 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000a data4: 0000 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8s(729) > 000c data5: 7b 4a 4c 42 d1 51 00 00 >[2005/03/31 14:07:39, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 03 00 00 00 00 00 00 00 7B 4A 4C 42 ........ ....{JLB > [010] D1 51 00 00 .Q.. >[2005/03/31 14:07:39, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 03 00 00 00 00 00 00 00 7B 4A 4C 42 ........ ....{JLB > [010] D1 51 00 00 .Q.. >[2005/03/31 14:07:39, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) > Closed policy >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 reg_io_r_close >[2005/03/31 14:07:39, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0000 data1: 00000000 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0004 data2: 00000000 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 data3: 0000 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000a data4: 0000 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8s(729) > 000c data5: 00 00 00 00 00 00 00 00 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_werror(702) > 0014 status: WERR_OK >[2005/03/31 14:07:39, 5] rpc_server/srv_pipe.c:api_rpcTNP(1578) > api_rpcTNP: called winreg successfully >[2005/03/31 14:07:39, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) > free_pipe_context: destroying talloc pool of size 0 >[2005/03/31 14:07:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) > write_to_pipe: data_used = 28 >[2005/03/31 14:07:39, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(909) > read_from_pipe: 73ab name: winreg len: 1024 >[2005/03/31 14:07:39, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(982) > read_from_pipe: winreg: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr hdr >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0000 major : 05 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0001 minor : 00 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0002 pkt_type : 02 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0003 flags : 03 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0004 pack_type0: 10 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0005 pack_type1: 00 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0006 pack_type2: 00 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0007 pack_type3: 00 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 frag_len : 0030 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000a auth_len : 0000 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 000c call_id : 00000004 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0010 alloc_hint: 00000018 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0014 context_id: 0000 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0016 cancel_ct : 00 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0017 reserved : 00 >[2005/03/31 14:07:39, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..48] >[2005/03/31 14:07:39, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:39, 5] lib/util.c:show_msg(474) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=824 > smb_uid=100 > smb_mid=1024 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2005/03/31 14:07:39, 10] lib/util.c:dump_data(1995) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 04 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [030] 00 . >[2005/03/31 14:07:39, 6] lib/util_sock.c:write_socket(449) > write_socket(25,108) >[2005/03/31 14:07:39, 6] lib/util_sock.c:write_socket(452) > write_socket(25,108) wrote 108 >[2005/03/31 14:07:39, 10] lib/util_sock.c:read_smb_length_return_keepalive(505) > got smb length of 128 >[2005/03/31 14:07:39, 6] smbd/process.c:process_smb(1090) > got message type 0x0 of len 0x80 >[2005/03/31 14:07:39, 3] smbd/process.c:process_smb(1091) > Transaction 17 of length 132 >[2005/03/31 14:07:39, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:39, 5] lib/util.c:show_msg(474) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=824 > smb_uid=100 > smb_mid=1088 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29611 (0x73AB) > smb_bcc=61 >[2005/03/31 14:07:39, 10] lib/util.c:dump_data(1995) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 05 00 00 ........ .,...... > [020] 00 14 00 00 00 00 00 05 00 00 00 00 00 02 00 00 ........ ........ > [030] 00 00 00 00 00 7B 4A 4C 42 D1 51 00 00 .....{JL B.Q.. >[2005/03/31 14:07:39, 3] smbd/process.c:switch_message(886) > switch message SMBtrans (pid 20945) conn 0x8333878 >[2005/03/31 14:07:39, 4] smbd/uid.c:change_to_user(194) > change_to_user: Skipping user change - already user >[2005/03/31 14:07:39, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=44 params=0 setup=2 >[2005/03/31 14:07:39, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2005/03/31 14:07:39, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2005/03/31 14:07:39, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2005/03/31 14:07:39, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1168) > search for pipe pnum=73ab >[2005/03/31 14:07:39, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) > pipe name winreg pnum=73ab (pipes_open=2) >[2005/03/31 14:07:39, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) > pipe name lsarpc pnum=73aa (pipes_open=2) >[2005/03/31 14:07:39, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "winreg" (pnum 73ab) >[2005/03/31 14:07:39, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x830eed8 max_trans_reply: 1024 >[2005/03/31 14:07:39, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(852) > write_to_pipe: 73ab name: winreg open: Yes len: 44 >[2005/03/31 14:07:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) > write_to_pipe: data_left = 44 >[2005/03/31 14:07:39, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 >[2005/03/31 14:07:39, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) > fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 >[2005/03/31 14:07:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) > write_to_pipe: data_used = 16 >[2005/03/31 14:07:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) > write_to_pipe: data_left = 28 >[2005/03/31 14:07:39, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0000 major : 05 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0001 minor : 00 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0002 pkt_type : 00 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0003 flags : 03 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0004 pack_type0: 10 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0005 pack_type1: 00 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0006 pack_type2: 00 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0007 pack_type3: 00 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 frag_len : 002c >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000a auth_len : 0000 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 000c call_id : 00000005 >[2005/03/31 14:07:39, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) > unmarshall_rpc_header: using little-endian RPC >[2005/03/31 14:07:39, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) > unmarshall_rpc_header: type = 0, flags = 3 >[2005/03/31 14:07:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) > write_to_pipe: data_used = 0 >[2005/03/31 14:07:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) > write_to_pipe: data_left = 28 >[2005/03/31 14:07:39, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 28, incoming data = 28 >[2005/03/31 14:07:39, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(720) > process_complete_pdu: processing packet type 0 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0000 alloc_hint: 00000014 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0004 context_id: 0000 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0006 opnum : 0005 >[2005/03/31 14:07:39, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) > free_pipe_context: destroying talloc pool of size 0 >[2005/03/31 14:07:39, 5] rpc_server/srv_pipe.c:api_pipe_request(1497) > Requested \PIPE\winreg >[2005/03/31 14:07:39, 4] rpc_server/srv_pipe.c:api_rpcTNP(1531) > api_rpcTNP: winreg op 0x5 - api_rpcTNP: rpc command: REG_CLOSE >[2005/03/31 14:07:39, 6] rpc_server/srv_pipe.c:api_rpcTNP(1557) > api_rpc_cmds[0].fn == 0x80ff480 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 reg_io_q_close >[2005/03/31 14:07:39, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0000 data1: 00000000 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0004 data2: 00000002 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 data3: 0000 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000a data4: 0000 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8s(729) > 000c data5: 7b 4a 4c 42 d1 51 00 00 >[2005/03/31 14:07:39, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 02 00 00 00 00 00 00 00 7B 4A 4C 42 ........ ....{JLB > [010] D1 51 00 00 .Q.. >[2005/03/31 14:07:39, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 02 00 00 00 00 00 00 00 7B 4A 4C 42 ........ ....{JLB > [010] D1 51 00 00 .Q.. >[2005/03/31 14:07:39, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) > Closed policy >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 reg_io_r_close >[2005/03/31 14:07:39, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0000 data1: 00000000 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0004 data2: 00000000 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 data3: 0000 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000a data4: 0000 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8s(729) > 000c data5: 00 00 00 00 00 00 00 00 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_werror(702) > 0014 status: WERR_OK >[2005/03/31 14:07:39, 5] rpc_server/srv_pipe.c:api_rpcTNP(1578) > api_rpcTNP: called winreg successfully >[2005/03/31 14:07:39, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) > free_pipe_context: destroying talloc pool of size 0 >[2005/03/31 14:07:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) > write_to_pipe: data_used = 28 >[2005/03/31 14:07:39, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(909) > read_from_pipe: 73ab name: winreg len: 1024 >[2005/03/31 14:07:39, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(982) > read_from_pipe: winreg: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr hdr >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0000 major : 05 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0001 minor : 00 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0002 pkt_type : 02 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0003 flags : 03 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0004 pack_type0: 10 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0005 pack_type1: 00 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0006 pack_type2: 00 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0007 pack_type3: 00 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 frag_len : 0030 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000a auth_len : 0000 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 000c call_id : 00000005 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0010 alloc_hint: 00000018 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0014 context_id: 0000 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0016 cancel_ct : 00 >[2005/03/31 14:07:39, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0017 reserved : 00 >[2005/03/31 14:07:39, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..48] >[2005/03/31 14:07:39, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:39, 5] lib/util.c:show_msg(474) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=824 > smb_uid=100 > smb_mid=1088 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2005/03/31 14:07:39, 10] lib/util.c:dump_data(1995) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 05 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [030] 00 . >[2005/03/31 14:07:39, 6] lib/util_sock.c:write_socket(449) > write_socket(25,108) >[2005/03/31 14:07:39, 6] lib/util_sock.c:write_socket(452) > write_socket(25,108) wrote 108 >[2005/03/31 14:07:39, 10] lib/util_sock.c:read_smb_length_return_keepalive(505) > got smb length of 41 >[2005/03/31 14:07:39, 6] smbd/process.c:process_smb(1090) > got message type 0x0 of len 0x29 >[2005/03/31 14:07:39, 3] smbd/process.c:process_smb(1091) > Transaction 18 of length 45 >[2005/03/31 14:07:39, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:39, 5] lib/util.c:show_msg(474) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=1152 > smt_wct=3 > smb_vwv[ 0]=29611 (0x73AB) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2005/03/31 14:07:39, 3] smbd/process.c:switch_message(886) > switch message SMBclose (pid 20945) conn 0x8333878 >[2005/03/31 14:07:39, 4] smbd/uid.c:change_to_user(194) > change_to_user: Skipping user change - already user >[2005/03/31 14:07:39, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1168) > search for pipe pnum=73ab >[2005/03/31 14:07:39, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) > pipe name winreg pnum=73ab (pipes_open=2) >[2005/03/31 14:07:39, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) > pipe name lsarpc pnum=73aa (pipes_open=2) >[2005/03/31 14:07:39, 5] smbd/pipes.c:reply_pipe_close(260) > reply_pipe_close: pnum:73ab >[2005/03/31 14:07:39, 10] rpc_server/srv_lsa_hnd.c:close_policy_by_pipe(235) > close_policy_by_pipe: deleted handle list for pipe winreg >[2005/03/31 14:07:39, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1081) > closed pipe name winreg pnum=73ab (pipes_open=1) >[2005/03/31 14:07:39, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:39, 5] lib/util.c:show_msg(474) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=1152 > smt_wct=0 > smb_bcc=0 >[2005/03/31 14:07:39, 6] lib/util_sock.c:write_socket(449) > write_socket(25,39) >[2005/03/31 14:07:39, 6] lib/util_sock.c:write_socket(452) > write_socket(25,39) wrote 39 >[2005/03/31 14:07:40, 10] lib/util_sock.c:read_smb_length_return_keepalive(505) > got smb length of 104 >[2005/03/31 14:07:40, 6] smbd/process.c:process_smb(1090) > got message type 0x0 of len 0x68 >[2005/03/31 14:07:40, 3] smbd/process.c:process_smb(1091) > Transaction 19 of length 108 >[2005/03/31 14:07:40, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:40, 5] lib/util.c:show_msg(474) > size=104 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=824 > smb_uid=100 > smb_mid=1216 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 4608 (0x1200) > smb_vwv[ 3]= 5632 (0x1600) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 513 (0x201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 768 (0x300) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]=16384 (0x4000) > smb_vwv[20]=16384 (0x4000) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 256 (0x100) > smb_bcc=21 >[2005/03/31 14:07:40, 10] lib/util.c:dump_data(1995) > [000] 00 5C 00 4E 00 45 00 54 00 4C 00 4F 00 47 00 4F .\.N.E.T .L.O.G.O > [010] 00 4E 00 00 00 .N... >[2005/03/31 14:07:40, 3] smbd/process.c:switch_message(886) > switch message SMBntcreateX (pid 20945) conn 0x8333878 >[2005/03/31 14:07:40, 4] smbd/uid.c:change_to_user(194) > change_to_user: Skipping user change - already user >[2005/03/31 14:07:40, 10] smbd/nttrans.c:reply_ntcreate_and_X(607) > reply_ntcreateX: flags = 0x16, desired_access = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0 >[2005/03/31 14:07:40, 4] smbd/nttrans.c:nt_open_pipe(497) > nt_open_pipe: Opening pipe \NETLOGON. >[2005/03/31 14:07:40, 3] smbd/nttrans.c:nt_open_pipe(514) > nt_open_pipe: Known pipe NETLOGON opening. >[2005/03/31 14:07:40, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(178) > Open pipe requested NETLOGON (pipes_open=1) >[2005/03/31 14:07:40, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(205) > open_rpc_pipe_p: name lsarpc pnum=73aa >[2005/03/31 14:07:40, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(278) > Create pipe requested NETLOGON >[2005/03/31 14:07:40, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(77) > init_pipe_handles: created handle list for pipe NETLOGON >[2005/03/31 14:07:40, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93) > init_pipe_handles: pipe_handles ref count = 1 for pipe NETLOGON >[2005/03/31 14:07:40, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(370) > Created internal pipe NETLOGON (pipes_open=1) >[2005/03/31 14:07:40, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(257) > Opened pipe NETLOGON with handle 73ac (pipes_open=2) >[2005/03/31 14:07:40, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(263) > open pipes: name NETLOGON pnum=73ac >[2005/03/31 14:07:40, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(263) > open pipes: name lsarpc pnum=73aa >[2005/03/31 14:07:40, 5] smbd/nttrans.c:do_ntcreate_pipe_open(562) > do_ntcreate_pipe_open: open pipe = \NETLOGON >[2005/03/31 14:07:40, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:40, 5] lib/util.c:show_msg(474) > size=103 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=824 > smb_uid=100 > smb_mid=1216 > smt_wct=34 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]=44032 (0xAC00) > smb_vwv[ 3]= 371 (0x173) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 0 (0x0) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 0 (0x0) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]=32768 (0x8000) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_vwv[24]= 0 (0x0) > smb_vwv[25]= 0 (0x0) > smb_vwv[26]= 0 (0x0) > smb_vwv[27]= 0 (0x0) > smb_vwv[28]= 0 (0x0) > smb_vwv[29]= 0 (0x0) > smb_vwv[30]= 0 (0x0) > smb_vwv[31]= 512 (0x200) > smb_vwv[32]=65280 (0xFF00) > smb_vwv[33]= 5 (0x5) > smb_bcc=0 >[2005/03/31 14:07:40, 6] lib/util_sock.c:write_socket(449) > write_socket(25,107) >[2005/03/31 14:07:40, 6] lib/util_sock.c:write_socket(452) > write_socket(25,107) wrote 107 >[2005/03/31 14:07:40, 10] lib/util_sock.c:read_smb_length_return_keepalive(505) > got smb length of 136 >[2005/03/31 14:07:40, 6] smbd/process.c:process_smb(1090) > got message type 0x0 of len 0x88 >[2005/03/31 14:07:40, 3] smbd/process.c:process_smb(1091) > Transaction 20 of length 140 >[2005/03/31 14:07:40, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:40, 5] lib/util.c:show_msg(474) > size=136 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=1280 > smt_wct=14 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=29612 (0x73AC) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]=65535 (0xFFFF) > smb_vwv[ 6]=65535 (0xFFFF) > smb_vwv[ 7]= 8 (0x8) > smb_vwv[ 8]= 72 (0x48) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 72 (0x48) > smb_vwv[11]= 64 (0x40) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_bcc=73 >[2005/03/31 14:07:40, 10] lib/util.c:dump_data(1995) > [000] EE 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... > [010] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ > [020] 00 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF .xV4.4.. ....#Eg. > [030] FB 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ > [040] 00 2B 10 48 60 02 00 00 00 .+.H`... . >[2005/03/31 14:07:40, 3] smbd/process.c:switch_message(886) > switch message SMBwriteX (pid 20945) conn 0x8333878 >[2005/03/31 14:07:40, 4] smbd/uid.c:change_to_user(194) > change_to_user: Skipping user change - already user >[2005/03/31 14:07:40, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1168) > search for pipe pnum=73ac >[2005/03/31 14:07:40, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) > pipe name NETLOGON pnum=73ac (pipes_open=2) >[2005/03/31 14:07:40, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) > pipe name lsarpc pnum=73aa (pipes_open=2) >[2005/03/31 14:07:40, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(852) > write_to_pipe: 73ac name: NETLOGON open: Yes len: 72 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) > write_to_pipe: data_left = 72 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) > fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) > write_to_pipe: data_used = 16 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) > write_to_pipe: data_left = 56 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0000 major : 05 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0001 minor : 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0002 pkt_type : 0b >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0003 flags : 03 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0004 pack_type0: 10 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0005 pack_type1: 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0006 pack_type2: 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0007 pack_type3: 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 frag_len : 0048 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000a auth_len : 0000 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 000c call_id : 00000001 >[2005/03/31 14:07:40, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) > unmarshall_rpc_header: using little-endian RPC >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) > unmarshall_rpc_header: type = 11, flags = 3 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) > write_to_pipe: data_used = 0 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) > write_to_pipe: data_left = 56 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 56, incoming data = 56 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(720) > process_complete_pdu: processing packet type 11 >[2005/03/31 14:07:40, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(876) > api_pipe_bind_req: decode request. 876 >[2005/03/31 14:07:40, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(887) > api_pipe_bind_req: \PIPE\NETLOGON -> \PIPE\lsass >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_rb >[2005/03/31 14:07:40, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_bba >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0000 max_tsize: 10b8 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0002 max_rsize: 10b8 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0004 assoc_gid: 00000000 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0008 num_elements: 00000001 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000c context_id : 0000 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 000e num_syntaxes: 01 >[2005/03/31 14:07:40, 6] rpc_parse/parse_prs.c:prs_debug(82) > 00000f smb_io_rpc_iface >[2005/03/31 14:07:40, 7] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_uuid uuid >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0010 data : 12345678 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0014 data : 1234 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0016 data : abcd >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8s(729) > 0018 data : ef 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8s(729) > 001a data : 01 23 45 67 cf fb >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0020 version: 00000001 >[2005/03/31 14:07:40, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000024 smb_io_rpc_iface >[2005/03/31 14:07:40, 7] rpc_parse/parse_prs.c:prs_debug(82) > 000024 smb_io_uuid uuid >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0024 data : 8a885d04 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0028 data : 1ceb >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 002a data : 11c9 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8s(729) > 002c data : 9f e8 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8s(729) > 002e data : 08 00 2b 10 48 60 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0034 version: 00000002 >[2005/03/31 14:07:40, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1017) > api_pipe_bind_req: make response. 1017 >[2005/03/31 14:07:40, 3] rpc_server/srv_pipe.c:check_bind_req(762) > check_bind_req for \PIPE\NETLOGON >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_ba >[2005/03/31 14:07:40, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_bba >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0000 max_tsize: 10b8 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0002 max_rsize: 10b8 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0004 assoc_gid: 000053f0 >[2005/03/31 14:07:40, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000008 smb_io_rpc_addr_str >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 len: 000c >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8s(729) > 000a str: \PIPE\lsass. >[2005/03/31 14:07:40, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000016 smb_io_rpc_results >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0018 num_results: 01 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 001c result : 0000 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 001e reason : 0000 >[2005/03/31 14:07:40, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000020 smb_io_rpc_iface >[2005/03/31 14:07:40, 7] rpc_parse/parse_prs.c:prs_debug(82) > 000020 smb_io_uuid uuid >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0020 data : 8a885d04 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0024 data : 1ceb >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0026 data : 11c9 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8s(729) > 0028 data : 9f e8 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8s(729) > 002a data : 08 00 2b 10 48 60 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0030 version: 00000002 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0000 major : 05 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0001 minor : 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0002 pkt_type : 0c >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0003 flags : 03 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0004 pack_type0: 10 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0005 pack_type1: 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0006 pack_type2: 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0007 pack_type3: 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 frag_len : 0044 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000a auth_len : 0000 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 000c call_id : 00000001 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) > write_to_pipe: data_used = 56 >[2005/03/31 14:07:40, 3] smbd/pipes.c:reply_pipe_write_and_X(199) > writeX-IPC pnum=73ac nwritten=72 >[2005/03/31 14:07:40, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:40, 5] lib/util.c:show_msg(474) > size=47 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=1280 > smt_wct=6 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 72 (0x48) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_bcc=0 >[2005/03/31 14:07:40, 6] lib/util_sock.c:write_socket(449) > write_socket(25,51) >[2005/03/31 14:07:40, 6] lib/util_sock.c:write_socket(452) > write_socket(25,51) wrote 51 >[2005/03/31 14:07:40, 10] lib/util_sock.c:read_smb_length_return_keepalive(505) > got smb length of 59 >[2005/03/31 14:07:40, 6] smbd/process.c:process_smb(1090) > got message type 0x0 of len 0x3b >[2005/03/31 14:07:40, 3] smbd/process.c:process_smb(1091) > Transaction 21 of length 63 >[2005/03/31 14:07:40, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:40, 5] lib/util.c:show_msg(474) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=1344 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=29612 (0x73AC) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 1024 (0x400) > smb_vwv[ 6]= 1024 (0x400) > smb_vwv[ 7]=65535 (0xFFFF) > smb_vwv[ 8]=65535 (0xFFFF) > smb_vwv[ 9]= 1024 (0x400) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2005/03/31 14:07:40, 3] smbd/process.c:switch_message(886) > switch message SMBreadX (pid 20945) conn 0x8333878 >[2005/03/31 14:07:40, 4] smbd/uid.c:change_to_user(194) > change_to_user: Skipping user change - already user >[2005/03/31 14:07:40, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1168) > search for pipe pnum=73ac >[2005/03/31 14:07:40, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) > pipe name NETLOGON pnum=73ac (pipes_open=2) >[2005/03/31 14:07:40, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) > pipe name lsarpc pnum=73aa (pipes_open=2) >[2005/03/31 14:07:40, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(909) > read_from_pipe: 73ac name: NETLOGON len: 1024 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(968) > read_from_pipe: NETLOGON: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. >[2005/03/31 14:07:40, 3] smbd/pipes.c:reply_pipe_read_and_X(242) > readX-IPC pnum=73ac min=1024 max=1024 nread=68 >[2005/03/31 14:07:40, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:40, 5] lib/util.c:show_msg(474) > size=127 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=1344 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 68 (0x44) > smb_vwv[ 6]= 59 (0x3B) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=68 >[2005/03/31 14:07:40, 10] lib/util.c:dump_data(1995) > [000] 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 00 ........ D....... > [010] B8 10 B8 10 F0 53 00 00 0C 00 5C 50 49 50 45 5C .....S.. ..\PIPE\ > [020] 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 00 lsass... ........ > [030] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` > [040] 02 00 00 00 .... >[2005/03/31 14:07:40, 6] lib/util_sock.c:write_socket(449) > write_socket(25,131) >[2005/03/31 14:07:40, 6] lib/util_sock.c:write_socket(452) > write_socket(25,131) wrote 131 >[2005/03/31 14:07:40, 10] lib/util_sock.c:read_smb_length_return_keepalive(505) > got smb length of 182 >[2005/03/31 14:07:40, 6] smbd/process.c:process_smb(1090) > got message type 0x0 of len 0xb6 >[2005/03/31 14:07:40, 3] smbd/process.c:process_smb(1091) > Transaction 22 of length 186 >[2005/03/31 14:07:40, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:40, 5] lib/util.c:show_msg(474) > size=182 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=824 > smb_uid=100 > smb_mid=1408 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 98 (0x62) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 98 (0x62) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29612 (0x73AC) > smb_bcc=115 >[2005/03/31 14:07:40, 10] lib/util.c:dump_data(1995) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 62 00 00 00 01 00 00 ........ .b...... > [020] 00 4A 00 00 00 00 00 04 00 90 C7 21 03 0A 00 00 .J...... ...!.... > [030] 00 00 00 00 00 0A 00 00 00 5C 00 5C 00 43 00 4F ........ .\.\.C.O > [040] 00 52 00 50 00 53 00 52 00 56 00 00 00 09 00 00 .R.P.S.R .V...... > [050] 00 00 00 00 00 09 00 00 00 58 00 50 00 4E 00 4F ........ .X.P.N.O > [060] 00 52 00 54 00 4F 00 4E 00 00 00 BA B9 E9 F0 8D .R.T.O.N ........ > [070] 26 AB A1 &.. >[2005/03/31 14:07:40, 3] smbd/process.c:switch_message(886) > switch message SMBtrans (pid 20945) conn 0x8333878 >[2005/03/31 14:07:40, 4] smbd/uid.c:change_to_user(194) > change_to_user: Skipping user change - already user >[2005/03/31 14:07:40, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=98 params=0 setup=2 >[2005/03/31 14:07:40, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2005/03/31 14:07:40, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2005/03/31 14:07:40, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2005/03/31 14:07:40, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1168) > search for pipe pnum=73ac >[2005/03/31 14:07:40, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) > pipe name NETLOGON pnum=73ac (pipes_open=2) >[2005/03/31 14:07:40, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) > pipe name lsarpc pnum=73aa (pipes_open=2) >[2005/03/31 14:07:40, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "NETLOGON" (pnum 73ac) >[2005/03/31 14:07:40, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x830eed8 max_trans_reply: 1024 >[2005/03/31 14:07:40, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(852) > write_to_pipe: 73ac name: NETLOGON open: Yes len: 98 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) > write_to_pipe: data_left = 98 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 98 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) > fill_rpc_header: data_to_copy = 98, len_needed_to_complete_hdr = 16, receive_len = 0 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) > write_to_pipe: data_used = 16 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) > write_to_pipe: data_left = 82 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 82 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0000 major : 05 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0001 minor : 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0002 pkt_type : 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0003 flags : 03 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0004 pack_type0: 10 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0005 pack_type1: 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0006 pack_type2: 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0007 pack_type3: 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 frag_len : 0062 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000a auth_len : 0000 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 000c call_id : 00000001 >[2005/03/31 14:07:40, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) > unmarshall_rpc_header: using little-endian RPC >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) > unmarshall_rpc_header: type = 0, flags = 3 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) > write_to_pipe: data_used = 0 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) > write_to_pipe: data_left = 82 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 82, incoming data = 82 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(720) > process_complete_pdu: processing packet type 0 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0000 alloc_hint: 0000004a >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0004 context_id: 0000 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0006 opnum : 0004 >[2005/03/31 14:07:40, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) > free_pipe_context: destroying talloc pool of size 0 >[2005/03/31 14:07:40, 5] rpc_server/srv_pipe.c:api_pipe_request(1497) > Requested \PIPE\NETLOGON >[2005/03/31 14:07:40, 4] rpc_server/srv_pipe.c:api_rpcTNP(1531) > api_rpcTNP: NETLOGON op 0x4 - api_rpcTNP: rpc command: NET_REQCHAL >[2005/03/31 14:07:40, 6] rpc_server/srv_pipe.c:api_rpcTNP(1557) > api_rpc_cmds[0].fn == 0x8102120 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 net_io_q_req_chal >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0000 undoc_buffer: 0321c790 >[2005/03/31 14:07:40, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000004 smb_io_unistr2 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0004 uni_max_len: 0000000a >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0008 offset : 00000000 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 000c uni_str_len: 0000000a >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:dbg_rw_punival(814) > 0010 buffer : \.\.C.O.R.P.S.R.V... >[2005/03/31 14:07:40, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000024 smb_io_unistr2 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0024 uni_max_len: 00000009 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0028 offset : 00000000 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 002c uni_str_len: 00000009 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:dbg_rw_punival(814) > 0030 buffer : X.P.N.O.R.T.O.N... >[2005/03/31 14:07:40, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000042 smb_io_chal >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8s(729) > 0042 data: ba b9 e9 f0 8d 26 ab a1 >[2005/03/31 14:07:40, 6] rpc_server/srv_netlog_nt.c:init_net_r_req_chal(39) > init_net_r_req_chal: 39 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 net_io_r_req_chal >[2005/03/31 14:07:40, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_chal >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8s(729) > 0000 data: f7 6d ba ff a3 53 f3 8f >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_ntstatus(672) > 0008 status: NT_STATUS_OK >[2005/03/31 14:07:40, 5] rpc_server/srv_pipe.c:api_rpcTNP(1578) > api_rpcTNP: called NETLOGON successfully >[2005/03/31 14:07:40, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) > free_pipe_context: destroying talloc pool of size 38 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) > write_to_pipe: data_used = 82 >[2005/03/31 14:07:40, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(909) > read_from_pipe: 73ac name: NETLOGON len: 1024 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(982) > read_from_pipe: NETLOGON: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 12. >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr hdr >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0000 major : 05 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0001 minor : 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0002 pkt_type : 02 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0003 flags : 03 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0004 pack_type0: 10 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0005 pack_type1: 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0006 pack_type2: 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0007 pack_type3: 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 frag_len : 0024 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000a auth_len : 0000 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 000c call_id : 00000001 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0010 alloc_hint: 0000000c >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0014 context_id: 0000 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0016 cancel_ct : 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0017 reserved : 00 >[2005/03/31 14:07:40, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..36] >[2005/03/31 14:07:40, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:40, 5] lib/util.c:show_msg(474) > size=92 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=824 > smb_uid=100 > smb_mid=1408 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 36 (0x24) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 36 (0x24) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=37 >[2005/03/31 14:07:40, 10] lib/util.c:dump_data(1995) > [000] 00 05 00 02 03 10 00 00 00 24 00 00 00 01 00 00 ........ .$...... > [010] 00 0C 00 00 00 00 00 00 00 F7 6D BA FF A3 53 F3 ........ ..m...S. > [020] 8F 00 00 00 00 ..... >[2005/03/31 14:07:40, 6] lib/util_sock.c:write_socket(449) > write_socket(25,96) >[2005/03/31 14:07:40, 6] lib/util_sock.c:write_socket(452) > write_socket(25,96) wrote 96 >[2005/03/31 14:07:40, 10] lib/util_sock.c:read_smb_length_return_keepalive(505) > got smb length of 41 >[2005/03/31 14:07:40, 6] smbd/process.c:process_smb(1090) > got message type 0x0 of len 0x29 >[2005/03/31 14:07:40, 3] smbd/process.c:process_smb(1091) > Transaction 23 of length 45 >[2005/03/31 14:07:40, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:40, 5] lib/util.c:show_msg(474) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=1472 > smt_wct=3 > smb_vwv[ 0]=29612 (0x73AC) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2005/03/31 14:07:40, 3] smbd/process.c:switch_message(886) > switch message SMBclose (pid 20945) conn 0x8333878 >[2005/03/31 14:07:40, 4] smbd/uid.c:change_to_user(194) > change_to_user: Skipping user change - already user >[2005/03/31 14:07:40, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1168) > search for pipe pnum=73ac >[2005/03/31 14:07:40, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) > pipe name NETLOGON pnum=73ac (pipes_open=2) >[2005/03/31 14:07:40, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) > pipe name lsarpc pnum=73aa (pipes_open=2) >[2005/03/31 14:07:40, 5] smbd/pipes.c:reply_pipe_close(260) > reply_pipe_close: pnum:73ac >[2005/03/31 14:07:40, 10] rpc_server/srv_lsa_hnd.c:close_policy_by_pipe(235) > close_policy_by_pipe: deleted handle list for pipe NETLOGON >[2005/03/31 14:07:40, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1081) > closed pipe name NETLOGON pnum=73ac (pipes_open=1) >[2005/03/31 14:07:40, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:40, 5] lib/util.c:show_msg(474) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=1472 > smt_wct=0 > smb_bcc=0 >[2005/03/31 14:07:40, 6] lib/util_sock.c:write_socket(449) > write_socket(25,39) >[2005/03/31 14:07:40, 6] lib/util_sock.c:write_socket(452) > write_socket(25,39) wrote 39 >[2005/03/31 14:07:40, 10] lib/util_sock.c:read_smb_length_return_keepalive(505) > got smb length of 104 >[2005/03/31 14:07:40, 6] smbd/process.c:process_smb(1090) > got message type 0x0 of len 0x68 >[2005/03/31 14:07:40, 3] smbd/process.c:process_smb(1091) > Transaction 24 of length 108 >[2005/03/31 14:07:40, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:40, 5] lib/util.c:show_msg(474) > size=104 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=824 > smb_uid=100 > smb_mid=1536 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 4608 (0x1200) > smb_vwv[ 3]= 5632 (0x1600) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 513 (0x201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 768 (0x300) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]=16384 (0x4000) > smb_vwv[20]=16384 (0x4000) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 256 (0x100) > smb_bcc=21 >[2005/03/31 14:07:40, 10] lib/util.c:dump_data(1995) > [000] 00 5C 00 4E 00 45 00 54 00 4C 00 4F 00 47 00 4F .\.N.E.T .L.O.G.O > [010] 00 4E 00 00 00 .N... >[2005/03/31 14:07:40, 3] smbd/process.c:switch_message(886) > switch message SMBntcreateX (pid 20945) conn 0x8333878 >[2005/03/31 14:07:40, 4] smbd/uid.c:change_to_user(194) > change_to_user: Skipping user change - already user >[2005/03/31 14:07:40, 10] smbd/nttrans.c:reply_ntcreate_and_X(607) > reply_ntcreateX: flags = 0x16, desired_access = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0 >[2005/03/31 14:07:40, 4] smbd/nttrans.c:nt_open_pipe(497) > nt_open_pipe: Opening pipe \NETLOGON. >[2005/03/31 14:07:40, 3] smbd/nttrans.c:nt_open_pipe(514) > nt_open_pipe: Known pipe NETLOGON opening. >[2005/03/31 14:07:40, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(178) > Open pipe requested NETLOGON (pipes_open=1) >[2005/03/31 14:07:40, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(205) > open_rpc_pipe_p: name lsarpc pnum=73aa >[2005/03/31 14:07:40, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(278) > Create pipe requested NETLOGON >[2005/03/31 14:07:40, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(77) > init_pipe_handles: created handle list for pipe NETLOGON >[2005/03/31 14:07:40, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93) > init_pipe_handles: pipe_handles ref count = 1 for pipe NETLOGON >[2005/03/31 14:07:40, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(370) > Created internal pipe NETLOGON (pipes_open=1) >[2005/03/31 14:07:40, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(257) > Opened pipe NETLOGON with handle 73ad (pipes_open=2) >[2005/03/31 14:07:40, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(263) > open pipes: name NETLOGON pnum=73ad >[2005/03/31 14:07:40, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(263) > open pipes: name lsarpc pnum=73aa >[2005/03/31 14:07:40, 5] smbd/nttrans.c:do_ntcreate_pipe_open(562) > do_ntcreate_pipe_open: open pipe = \NETLOGON >[2005/03/31 14:07:40, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:40, 5] lib/util.c:show_msg(474) > size=103 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=824 > smb_uid=100 > smb_mid=1536 > smt_wct=34 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]=44288 (0xAD00) > smb_vwv[ 3]= 371 (0x173) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 0 (0x0) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 0 (0x0) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]=32768 (0x8000) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_vwv[24]= 0 (0x0) > smb_vwv[25]= 0 (0x0) > smb_vwv[26]= 0 (0x0) > smb_vwv[27]= 0 (0x0) > smb_vwv[28]= 0 (0x0) > smb_vwv[29]= 0 (0x0) > smb_vwv[30]= 0 (0x0) > smb_vwv[31]= 512 (0x200) > smb_vwv[32]=65280 (0xFF00) > smb_vwv[33]= 5 (0x5) > smb_bcc=0 >[2005/03/31 14:07:40, 6] lib/util_sock.c:write_socket(449) > write_socket(25,107) >[2005/03/31 14:07:40, 6] lib/util_sock.c:write_socket(452) > write_socket(25,107) wrote 107 >[2005/03/31 14:07:40, 10] lib/util_sock.c:read_smb_length_return_keepalive(505) > got smb length of 136 >[2005/03/31 14:07:40, 6] smbd/process.c:process_smb(1090) > got message type 0x0 of len 0x88 >[2005/03/31 14:07:40, 3] smbd/process.c:process_smb(1091) > Transaction 25 of length 140 >[2005/03/31 14:07:40, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:40, 5] lib/util.c:show_msg(474) > size=136 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=1600 > smt_wct=14 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=29613 (0x73AD) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]=65535 (0xFFFF) > smb_vwv[ 6]=65535 (0xFFFF) > smb_vwv[ 7]= 8 (0x8) > smb_vwv[ 8]= 72 (0x48) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 72 (0x48) > smb_vwv[11]= 64 (0x40) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_bcc=73 >[2005/03/31 14:07:40, 10] lib/util.c:dump_data(1995) > [000] EE 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... > [010] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ > [020] 00 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF .xV4.4.. ....#Eg. > [030] FB 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ > [040] 00 2B 10 48 60 02 00 00 00 .+.H`... . >[2005/03/31 14:07:40, 3] smbd/process.c:switch_message(886) > switch message SMBwriteX (pid 20945) conn 0x8333878 >[2005/03/31 14:07:40, 4] smbd/uid.c:change_to_user(194) > change_to_user: Skipping user change - already user >[2005/03/31 14:07:40, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1168) > search for pipe pnum=73ad >[2005/03/31 14:07:40, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) > pipe name NETLOGON pnum=73ad (pipes_open=2) >[2005/03/31 14:07:40, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) > pipe name lsarpc pnum=73aa (pipes_open=2) >[2005/03/31 14:07:40, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(852) > write_to_pipe: 73ad name: NETLOGON open: Yes len: 72 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) > write_to_pipe: data_left = 72 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) > fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) > write_to_pipe: data_used = 16 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) > write_to_pipe: data_left = 56 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0000 major : 05 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0001 minor : 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0002 pkt_type : 0b >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0003 flags : 03 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0004 pack_type0: 10 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0005 pack_type1: 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0006 pack_type2: 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0007 pack_type3: 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 frag_len : 0048 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000a auth_len : 0000 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 000c call_id : 00000001 >[2005/03/31 14:07:40, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) > unmarshall_rpc_header: using little-endian RPC >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) > unmarshall_rpc_header: type = 11, flags = 3 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) > write_to_pipe: data_used = 0 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) > write_to_pipe: data_left = 56 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 56, incoming data = 56 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(720) > process_complete_pdu: processing packet type 11 >[2005/03/31 14:07:40, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(876) > api_pipe_bind_req: decode request. 876 >[2005/03/31 14:07:40, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(887) > api_pipe_bind_req: \PIPE\NETLOGON -> \PIPE\lsass >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_rb >[2005/03/31 14:07:40, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_bba >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0000 max_tsize: 10b8 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0002 max_rsize: 10b8 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0004 assoc_gid: 00000000 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0008 num_elements: 00000001 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000c context_id : 0000 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 000e num_syntaxes: 01 >[2005/03/31 14:07:40, 6] rpc_parse/parse_prs.c:prs_debug(82) > 00000f smb_io_rpc_iface >[2005/03/31 14:07:40, 7] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_uuid uuid >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0010 data : 12345678 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0014 data : 1234 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0016 data : abcd >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8s(729) > 0018 data : ef 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8s(729) > 001a data : 01 23 45 67 cf fb >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0020 version: 00000001 >[2005/03/31 14:07:40, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000024 smb_io_rpc_iface >[2005/03/31 14:07:40, 7] rpc_parse/parse_prs.c:prs_debug(82) > 000024 smb_io_uuid uuid >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0024 data : 8a885d04 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0028 data : 1ceb >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 002a data : 11c9 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8s(729) > 002c data : 9f e8 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8s(729) > 002e data : 08 00 2b 10 48 60 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0034 version: 00000002 >[2005/03/31 14:07:40, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1017) > api_pipe_bind_req: make response. 1017 >[2005/03/31 14:07:40, 3] rpc_server/srv_pipe.c:check_bind_req(762) > check_bind_req for \PIPE\NETLOGON >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_ba >[2005/03/31 14:07:40, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_bba >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0000 max_tsize: 10b8 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0002 max_rsize: 10b8 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0004 assoc_gid: 000053f0 >[2005/03/31 14:07:40, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000008 smb_io_rpc_addr_str >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 len: 000c >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8s(729) > 000a str: \PIPE\lsass. >[2005/03/31 14:07:40, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000016 smb_io_rpc_results >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0018 num_results: 01 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 001c result : 0000 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 001e reason : 0000 >[2005/03/31 14:07:40, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000020 smb_io_rpc_iface >[2005/03/31 14:07:40, 7] rpc_parse/parse_prs.c:prs_debug(82) > 000020 smb_io_uuid uuid >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0020 data : 8a885d04 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0024 data : 1ceb >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0026 data : 11c9 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8s(729) > 0028 data : 9f e8 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8s(729) > 002a data : 08 00 2b 10 48 60 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0030 version: 00000002 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0000 major : 05 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0001 minor : 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0002 pkt_type : 0c >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0003 flags : 03 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0004 pack_type0: 10 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0005 pack_type1: 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0006 pack_type2: 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0007 pack_type3: 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 frag_len : 0044 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000a auth_len : 0000 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 000c call_id : 00000001 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) > write_to_pipe: data_used = 56 >[2005/03/31 14:07:40, 3] smbd/pipes.c:reply_pipe_write_and_X(199) > writeX-IPC pnum=73ad nwritten=72 >[2005/03/31 14:07:40, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:40, 5] lib/util.c:show_msg(474) > size=47 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=1600 > smt_wct=6 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 72 (0x48) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_bcc=0 >[2005/03/31 14:07:40, 6] lib/util_sock.c:write_socket(449) > write_socket(25,51) >[2005/03/31 14:07:40, 6] lib/util_sock.c:write_socket(452) > write_socket(25,51) wrote 51 >[2005/03/31 14:07:40, 10] lib/util_sock.c:read_smb_length_return_keepalive(505) > got smb length of 59 >[2005/03/31 14:07:40, 6] smbd/process.c:process_smb(1090) > got message type 0x0 of len 0x3b >[2005/03/31 14:07:40, 3] smbd/process.c:process_smb(1091) > Transaction 26 of length 63 >[2005/03/31 14:07:40, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:40, 5] lib/util.c:show_msg(474) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=1664 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=29613 (0x73AD) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 1024 (0x400) > smb_vwv[ 6]= 1024 (0x400) > smb_vwv[ 7]=65535 (0xFFFF) > smb_vwv[ 8]=65535 (0xFFFF) > smb_vwv[ 9]= 1024 (0x400) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2005/03/31 14:07:40, 3] smbd/process.c:switch_message(886) > switch message SMBreadX (pid 20945) conn 0x8333878 >[2005/03/31 14:07:40, 4] smbd/uid.c:change_to_user(194) > change_to_user: Skipping user change - already user >[2005/03/31 14:07:40, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1168) > search for pipe pnum=73ad >[2005/03/31 14:07:40, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) > pipe name NETLOGON pnum=73ad (pipes_open=2) >[2005/03/31 14:07:40, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) > pipe name lsarpc pnum=73aa (pipes_open=2) >[2005/03/31 14:07:40, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(909) > read_from_pipe: 73ad name: NETLOGON len: 1024 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(968) > read_from_pipe: NETLOGON: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. >[2005/03/31 14:07:40, 3] smbd/pipes.c:reply_pipe_read_and_X(242) > readX-IPC pnum=73ad min=1024 max=1024 nread=68 >[2005/03/31 14:07:40, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:40, 5] lib/util.c:show_msg(474) > size=127 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=1664 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 68 (0x44) > smb_vwv[ 6]= 59 (0x3B) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=68 >[2005/03/31 14:07:40, 10] lib/util.c:dump_data(1995) > [000] 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 00 ........ D....... > [010] B8 10 B8 10 F0 53 00 00 0C 00 5C 50 49 50 45 5C .....S.. ..\PIPE\ > [020] 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 00 lsass... ........ > [030] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` > [040] 02 00 00 00 .... >[2005/03/31 14:07:40, 6] lib/util_sock.c:write_socket(449) > write_socket(25,131) >[2005/03/31 14:07:40, 6] lib/util_sock.c:write_socket(452) > write_socket(25,131) wrote 131 >[2005/03/31 14:07:40, 10] lib/util_sock.c:read_smb_length_return_keepalive(505) > got smb length of 218 >[2005/03/31 14:07:40, 6] smbd/process.c:process_smb(1090) > got message type 0x0 of len 0xda >[2005/03/31 14:07:40, 3] smbd/process.c:process_smb(1091) > Transaction 27 of length 222 >[2005/03/31 14:07:40, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:40, 5] lib/util.c:show_msg(474) > size=218 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=824 > smb_uid=100 > smb_mid=1728 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 134 (0x86) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 134 (0x86) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29613 (0x73AD) > smb_bcc=151 >[2005/03/31 14:07:40, 10] lib/util.c:dump_data(1995) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 86 00 00 00 01 00 00 ........ ........ > [020] 00 6E 00 00 00 00 00 05 00 90 C7 21 03 0A 00 00 .n...... ...!.... > [030] 00 00 00 00 00 0A 00 00 00 5C 00 5C 00 43 00 4F ........ .\.\.C.O > [040] 00 52 00 50 00 53 00 52 00 56 00 00 00 0A 00 00 .R.P.S.R .V...... > [050] 00 00 00 00 00 0A 00 00 00 58 00 50 00 4E 00 4F ........ .X.P.N.O > [060] 00 52 00 54 00 4F 00 4E 00 24 00 00 00 02 00 8D .R.T.O.N .$...... > [070] 26 09 00 00 00 00 00 00 00 09 00 00 00 58 00 50 &....... .....X.P > [080] 00 4E 00 4F 00 52 00 54 00 4F 00 4E 00 00 00 2F .N.O.R.T .O.N.../ > [090] 56 76 71 8F B6 D1 03 Vvq.... >[2005/03/31 14:07:40, 3] smbd/process.c:switch_message(886) > switch message SMBtrans (pid 20945) conn 0x8333878 >[2005/03/31 14:07:40, 4] smbd/uid.c:change_to_user(194) > change_to_user: Skipping user change - already user >[2005/03/31 14:07:40, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=134 params=0 setup=2 >[2005/03/31 14:07:40, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2005/03/31 14:07:40, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2005/03/31 14:07:40, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2005/03/31 14:07:40, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1168) > search for pipe pnum=73ad >[2005/03/31 14:07:40, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) > pipe name NETLOGON pnum=73ad (pipes_open=2) >[2005/03/31 14:07:40, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) > pipe name lsarpc pnum=73aa (pipes_open=2) >[2005/03/31 14:07:40, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "NETLOGON" (pnum 73ad) >[2005/03/31 14:07:40, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x830eed8 max_trans_reply: 1024 >[2005/03/31 14:07:40, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(852) > write_to_pipe: 73ad name: NETLOGON open: Yes len: 134 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) > write_to_pipe: data_left = 134 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 134 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) > fill_rpc_header: data_to_copy = 134, len_needed_to_complete_hdr = 16, receive_len = 0 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) > write_to_pipe: data_used = 16 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) > write_to_pipe: data_left = 118 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 118 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0000 major : 05 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0001 minor : 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0002 pkt_type : 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0003 flags : 03 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0004 pack_type0: 10 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0005 pack_type1: 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0006 pack_type2: 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0007 pack_type3: 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 frag_len : 0086 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000a auth_len : 0000 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 000c call_id : 00000001 >[2005/03/31 14:07:40, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) > unmarshall_rpc_header: using little-endian RPC >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) > unmarshall_rpc_header: type = 0, flags = 3 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) > write_to_pipe: data_used = 0 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) > write_to_pipe: data_left = 118 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 118, incoming data = 118 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(720) > process_complete_pdu: processing packet type 0 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0000 alloc_hint: 0000006e >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0004 context_id: 0000 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0006 opnum : 0005 >[2005/03/31 14:07:40, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) > free_pipe_context: destroying talloc pool of size 0 >[2005/03/31 14:07:40, 5] rpc_server/srv_pipe.c:api_pipe_request(1497) > Requested \PIPE\NETLOGON >[2005/03/31 14:07:40, 4] rpc_server/srv_pipe.c:api_rpcTNP(1531) > api_rpcTNP: NETLOGON op 0x5 - api_rpcTNP: rpc command: NET_AUTH >[2005/03/31 14:07:40, 6] rpc_server/srv_pipe.c:api_rpcTNP(1557) > api_rpc_cmds[1].fn == 0x8101fb0 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 net_io_q_auth >[2005/03/31 14:07:40, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_log_info >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0000 undoc_buffer: 0321c790 >[2005/03/31 14:07:40, 7] rpc_parse/parse_prs.c:prs_debug(82) > 000004 smb_io_unistr2 unistr2 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0004 uni_max_len: 0000000a >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0008 offset : 00000000 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 000c uni_str_len: 0000000a >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:dbg_rw_punival(814) > 0010 buffer : \.\.C.O.R.P.S.R.V... >[2005/03/31 14:07:40, 7] rpc_parse/parse_prs.c:prs_debug(82) > 000024 smb_io_unistr2 unistr2 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0024 uni_max_len: 0000000a >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0028 offset : 00000000 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 002c uni_str_len: 0000000a >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:dbg_rw_punival(814) > 0030 buffer : X.P.N.O.R.T.O.N.$... >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0044 sec_chan: 0002 >[2005/03/31 14:07:40, 7] rpc_parse/parse_prs.c:prs_debug(82) > 000046 smb_io_unistr2 unistr2 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0048 uni_max_len: 00000009 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 004c offset : 00000000 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0050 uni_str_len: 00000009 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:dbg_rw_punival(814) > 0054 buffer : X.P.N.O.R.T.O.N... >[2005/03/31 14:07:40, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000066 smb_io_chal >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8s(729) > 0066 data: 2f 56 76 71 8f b6 d1 03 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 net_io_r_auth >[2005/03/31 14:07:40, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_chal >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8s(729) > 0000 data: 88 eb ff bf b5 89 0e 08 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_ntstatus(672) > 0008 status: NT_STATUS_ACCESS_DENIED >[2005/03/31 14:07:40, 5] rpc_server/srv_pipe.c:api_rpcTNP(1578) > api_rpcTNP: called NETLOGON successfully >[2005/03/31 14:07:40, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) > free_pipe_context: destroying talloc pool of size 58 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) > write_to_pipe: data_used = 118 >[2005/03/31 14:07:40, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(909) > read_from_pipe: 73ad name: NETLOGON len: 1024 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(982) > read_from_pipe: NETLOGON: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 12. >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr hdr >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0000 major : 05 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0001 minor : 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0002 pkt_type : 02 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0003 flags : 03 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0004 pack_type0: 10 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0005 pack_type1: 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0006 pack_type2: 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0007 pack_type3: 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 frag_len : 0024 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000a auth_len : 0000 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 000c call_id : 00000001 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0010 alloc_hint: 0000000c >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0014 context_id: 0000 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0016 cancel_ct : 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0017 reserved : 00 >[2005/03/31 14:07:40, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..36] >[2005/03/31 14:07:40, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:40, 5] lib/util.c:show_msg(474) > size=92 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=824 > smb_uid=100 > smb_mid=1728 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 36 (0x24) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 36 (0x24) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=37 >[2005/03/31 14:07:40, 10] lib/util.c:dump_data(1995) > [000] 00 05 00 02 03 10 00 00 00 24 00 00 00 01 00 00 ........ .$...... > [010] 00 0C 00 00 00 00 00 00 00 88 EB FF BF B5 89 0E ........ ........ > [020] 08 22 00 00 C0 ."... >[2005/03/31 14:07:40, 6] lib/util_sock.c:write_socket(449) > write_socket(25,96) >[2005/03/31 14:07:40, 6] lib/util_sock.c:write_socket(452) > write_socket(25,96) wrote 96 >[2005/03/31 14:07:40, 10] lib/util_sock.c:read_smb_length_return_keepalive(505) > got smb length of 41 >[2005/03/31 14:07:40, 6] smbd/process.c:process_smb(1090) > got message type 0x0 of len 0x29 >[2005/03/31 14:07:40, 3] smbd/process.c:process_smb(1091) > Transaction 28 of length 45 >[2005/03/31 14:07:40, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:40, 5] lib/util.c:show_msg(474) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=1792 > smt_wct=3 > smb_vwv[ 0]=29613 (0x73AD) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2005/03/31 14:07:40, 3] smbd/process.c:switch_message(886) > switch message SMBclose (pid 20945) conn 0x8333878 >[2005/03/31 14:07:40, 4] smbd/uid.c:change_to_user(194) > change_to_user: Skipping user change - already user >[2005/03/31 14:07:40, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1168) > search for pipe pnum=73ad >[2005/03/31 14:07:40, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) > pipe name NETLOGON pnum=73ad (pipes_open=2) >[2005/03/31 14:07:40, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) > pipe name lsarpc pnum=73aa (pipes_open=2) >[2005/03/31 14:07:40, 5] smbd/pipes.c:reply_pipe_close(260) > reply_pipe_close: pnum:73ad >[2005/03/31 14:07:40, 10] rpc_server/srv_lsa_hnd.c:close_policy_by_pipe(235) > close_policy_by_pipe: deleted handle list for pipe NETLOGON >[2005/03/31 14:07:40, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1081) > closed pipe name NETLOGON pnum=73ad (pipes_open=1) >[2005/03/31 14:07:40, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:40, 5] lib/util.c:show_msg(474) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=1792 > smt_wct=0 > smb_bcc=0 >[2005/03/31 14:07:40, 6] lib/util_sock.c:write_socket(449) > write_socket(25,39) >[2005/03/31 14:07:40, 6] lib/util_sock.c:write_socket(452) > write_socket(25,39) wrote 39 >[2005/03/31 14:07:40, 10] lib/util_sock.c:read_smb_length_return_keepalive(505) > got smb length of 128 >[2005/03/31 14:07:40, 6] smbd/process.c:process_smb(1090) > got message type 0x0 of len 0x80 >[2005/03/31 14:07:40, 3] smbd/process.c:process_smb(1091) > Transaction 29 of length 132 >[2005/03/31 14:07:40, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:40, 5] lib/util.c:show_msg(474) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=824 > smb_uid=100 > smb_mid=1856 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29610 (0x73AA) > smb_bcc=61 >[2005/03/31 14:07:40, 10] lib/util.c:dump_data(1995) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 04 00 00 ........ .,...... > [020] 00 14 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ........ ........ > [030] 00 00 00 00 00 7B 4A 4C 42 D1 51 00 00 .....{JL B.Q.. >[2005/03/31 14:07:40, 3] smbd/process.c:switch_message(886) > switch message SMBtrans (pid 20945) conn 0x8333878 >[2005/03/31 14:07:40, 4] smbd/uid.c:change_to_user(194) > change_to_user: Skipping user change - already user >[2005/03/31 14:07:40, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=44 params=0 setup=2 >[2005/03/31 14:07:40, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2005/03/31 14:07:40, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2005/03/31 14:07:40, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2005/03/31 14:07:40, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1168) > search for pipe pnum=73aa >[2005/03/31 14:07:40, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) > pipe name lsarpc pnum=73aa (pipes_open=1) >[2005/03/31 14:07:40, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "lsarpc" (pnum 73aa) >[2005/03/31 14:07:40, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x8332388 max_trans_reply: 1024 >[2005/03/31 14:07:40, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(852) > write_to_pipe: 73aa name: lsarpc open: Yes len: 44 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) > write_to_pipe: data_left = 44 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) > fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) > write_to_pipe: data_used = 16 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) > write_to_pipe: data_left = 28 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0000 major : 05 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0001 minor : 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0002 pkt_type : 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0003 flags : 03 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0004 pack_type0: 10 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0005 pack_type1: 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0006 pack_type2: 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0007 pack_type3: 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 frag_len : 002c >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000a auth_len : 0000 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 000c call_id : 00000004 >[2005/03/31 14:07:40, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) > unmarshall_rpc_header: using little-endian RPC >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) > unmarshall_rpc_header: type = 0, flags = 3 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) > write_to_pipe: data_used = 0 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) > write_to_pipe: data_left = 28 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 28, incoming data = 28 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(720) > process_complete_pdu: processing packet type 0 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0000 alloc_hint: 00000014 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0004 context_id: 0000 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0006 opnum : 0000 >[2005/03/31 14:07:40, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) > free_pipe_context: destroying talloc pool of size 0 >[2005/03/31 14:07:40, 5] rpc_server/srv_pipe.c:api_pipe_request(1497) > Requested \PIPE\lsarpc >[2005/03/31 14:07:40, 4] rpc_server/srv_pipe.c:api_rpcTNP(1531) > api_rpcTNP: lsarpc op 0x0 - api_rpcTNP: rpc command: LSA_CLOSE >[2005/03/31 14:07:40, 6] rpc_server/srv_pipe.c:api_rpcTNP(1557) > api_rpc_cmds[4].fn == 0x80fbb00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 lsa_io_q_close >[2005/03/31 14:07:40, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0000 data1: 00000000 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0004 data2: 00000001 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 data3: 0000 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000a data4: 0000 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8s(729) > 000c data5: 7b 4a 4c 42 d1 51 00 00 >[2005/03/31 14:07:40, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 01 00 00 00 00 00 00 00 7B 4A 4C 42 ........ ....{JLB > [010] D1 51 00 00 .Q.. >[2005/03/31 14:07:40, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 01 00 00 00 00 00 00 00 7B 4A 4C 42 ........ ....{JLB > [010] D1 51 00 00 .Q.. >[2005/03/31 14:07:40, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) > Closed policy >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 lsa_io_r_close >[2005/03/31 14:07:40, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0000 data1: 00000000 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0004 data2: 00000000 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 data3: 0000 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000a data4: 0000 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8s(729) > 000c data5: 00 00 00 00 00 00 00 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_ntstatus(672) > 0014 status: NT_STATUS_OK >[2005/03/31 14:07:40, 5] rpc_server/srv_pipe.c:api_rpcTNP(1578) > api_rpcTNP: called lsarpc successfully >[2005/03/31 14:07:40, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) > free_pipe_context: destroying talloc pool of size 0 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) > write_to_pipe: data_used = 28 >[2005/03/31 14:07:40, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(909) > read_from_pipe: 73aa name: lsarpc len: 1024 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(982) > read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr hdr >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0000 major : 05 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0001 minor : 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0002 pkt_type : 02 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0003 flags : 03 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0004 pack_type0: 10 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0005 pack_type1: 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0006 pack_type2: 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0007 pack_type3: 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 frag_len : 0030 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000a auth_len : 0000 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 000c call_id : 00000004 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0010 alloc_hint: 00000018 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0014 context_id: 0000 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0016 cancel_ct : 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0017 reserved : 00 >[2005/03/31 14:07:40, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..48] >[2005/03/31 14:07:40, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:40, 5] lib/util.c:show_msg(474) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=824 > smb_uid=100 > smb_mid=1856 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2005/03/31 14:07:40, 10] lib/util.c:dump_data(1995) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 04 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [030] 00 . >[2005/03/31 14:07:40, 6] lib/util_sock.c:write_socket(449) > write_socket(25,108) >[2005/03/31 14:07:40, 6] lib/util_sock.c:write_socket(452) > write_socket(25,108) wrote 108 >[2005/03/31 14:07:40, 10] lib/util_sock.c:read_smb_length_return_keepalive(505) > got smb length of 41 >[2005/03/31 14:07:40, 6] smbd/process.c:process_smb(1090) > got message type 0x0 of len 0x29 >[2005/03/31 14:07:40, 3] smbd/process.c:process_smb(1091) > Transaction 30 of length 45 >[2005/03/31 14:07:40, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:40, 5] lib/util.c:show_msg(474) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=1920 > smt_wct=3 > smb_vwv[ 0]=29610 (0x73AA) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2005/03/31 14:07:40, 3] smbd/process.c:switch_message(886) > switch message SMBclose (pid 20945) conn 0x8333878 >[2005/03/31 14:07:40, 4] smbd/uid.c:change_to_user(194) > change_to_user: Skipping user change - already user >[2005/03/31 14:07:40, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1168) > search for pipe pnum=73aa >[2005/03/31 14:07:40, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) > pipe name lsarpc pnum=73aa (pipes_open=1) >[2005/03/31 14:07:40, 5] smbd/pipes.c:reply_pipe_close(260) > reply_pipe_close: pnum:73aa >[2005/03/31 14:07:40, 10] rpc_server/srv_lsa_hnd.c:close_policy_by_pipe(235) > close_policy_by_pipe: deleted handle list for pipe lsarpc >[2005/03/31 14:07:40, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1081) > closed pipe name lsarpc pnum=73aa (pipes_open=0) >[2005/03/31 14:07:40, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:40, 5] lib/util.c:show_msg(474) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=1920 > smt_wct=0 > smb_bcc=0 >[2005/03/31 14:07:40, 6] lib/util_sock.c:write_socket(449) > write_socket(25,39) >[2005/03/31 14:07:40, 6] lib/util_sock.c:write_socket(452) > write_socket(25,39) wrote 39 >[2005/03/31 14:07:40, 10] lib/util_sock.c:read_smb_length_return_keepalive(505) > got smb length of 39 >[2005/03/31 14:07:40, 6] smbd/process.c:process_smb(1090) > got message type 0x0 of len 0x27 >[2005/03/31 14:07:40, 3] smbd/process.c:process_smb(1091) > Transaction 31 of length 43 >[2005/03/31 14:07:40, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:40, 5] lib/util.c:show_msg(474) > size=39 > smb_com=0x74 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=0 > smb_pid=65279 > smb_uid=100 > smb_mid=1984 > smt_wct=2 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_bcc=0 >[2005/03/31 14:07:40, 3] smbd/process.c:switch_message(886) > switch message SMBulogoffX (pid 20945) conn 0x0 >[2005/03/31 14:07:40, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2005/03/31 14:07:40, 5] auth/auth_util.c:debug_nt_user_token(485) > NT user token: (NULL) >[2005/03/31 14:07:40, 5] auth/auth_util.c:debug_unix_user_token(506) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2005/03/31 14:07:40, 5] smbd/uid.c:change_to_root_user(296) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2005/03/31 14:07:40, 5] auth/auth_util.c:free_server_info(1406) > attempting to free (and zero) a server_info structure >[2005/03/31 14:07:40, 3] smbd/reply.c:reply_ulogoffX(1261) > ulogoffX vuid=100 >[2005/03/31 14:07:40, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:40, 5] lib/util.c:show_msg(474) > size=39 > smb_com=0x74 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=0 > smb_pid=65279 > smb_uid=100 > smb_mid=1984 > smt_wct=2 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_bcc=0 >[2005/03/31 14:07:40, 6] lib/util_sock.c:write_socket(449) > write_socket(25,43) >[2005/03/31 14:07:40, 6] lib/util_sock.c:write_socket(452) > write_socket(25,43) wrote 43 >[2005/03/31 14:07:40, 10] lib/util_sock.c:read_smb_length_return_keepalive(505) > got smb length of 35 >[2005/03/31 14:07:40, 6] smbd/process.c:process_smb(1090) > got message type 0x0 of len 0x23 >[2005/03/31 14:07:40, 3] smbd/process.c:process_smb(1091) > Transaction 32 of length 39 >[2005/03/31 14:07:40, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:40, 5] lib/util.c:show_msg(474) > size=35 > smb_com=0x71 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=2048 > smt_wct=0 > smb_bcc=0 >[2005/03/31 14:07:40, 3] smbd/process.c:switch_message(886) > switch message SMBtdis (pid 20945) conn 0x8333878 >[2005/03/31 14:07:40, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2005/03/31 14:07:40, 5] auth/auth_util.c:debug_nt_user_token(485) > NT user token: (NULL) >[2005/03/31 14:07:40, 5] auth/auth_util.c:debug_unix_user_token(506) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2005/03/31 14:07:40, 5] smbd/uid.c:change_to_root_user(296) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2005/03/31 14:07:40, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2005/03/31 14:07:40, 5] auth/auth_util.c:debug_nt_user_token(485) > NT user token: (NULL) >[2005/03/31 14:07:40, 5] auth/auth_util.c:debug_unix_user_token(506) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2005/03/31 14:07:40, 5] smbd/uid.c:change_to_root_user(296) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2005/03/31 14:07:40, 3] smbd/service.c:close_cnum(830) > xpnorton (192.168.1.106) closed connection to service IPC$ >[2005/03/31 14:07:40, 3] smbd/connection.c:yield_connection(69) > Yielding connection to IPC$ >[2005/03/31 14:07:40, 4] smbd/vfs.c:vfs_ChDir(660) > vfs_ChDir to / >[2005/03/31 14:07:40, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2005/03/31 14:07:40, 5] auth/auth_util.c:debug_nt_user_token(485) > NT user token: (NULL) >[2005/03/31 14:07:40, 5] auth/auth_util.c:debug_unix_user_token(506) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2005/03/31 14:07:40, 5] smbd/uid.c:change_to_root_user(296) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2005/03/31 14:07:40, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:40, 5] lib/util.c:show_msg(474) > size=35 > smb_com=0x71 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=2048 > smt_wct=0 > smb_bcc=0 >[2005/03/31 14:07:40, 6] lib/util_sock.c:write_socket(449) > write_socket(25,39) >[2005/03/31 14:07:40, 6] lib/util_sock.c:write_socket(452) > write_socket(25,39) wrote 39 >[2005/03/31 14:07:40, 10] lib/util_sock.c:read_socket_data(378) > read_socket_data: recv of 4 returned 0. Error = Success >[2005/03/31 14:07:40, 10] lib/util_sock.c:receive_smb_raw(556) > receive_smb_raw: length < 0! >[2005/03/31 14:07:40, 3] smbd/process.c:timeout_processing(1334) > timeout_processing: End of file from client (client has disconnected). >[2005/03/31 14:07:40, 5] lib/gencache.c:gencache_shutdown(88) > Closing cache file >[2005/03/31 14:07:40, 5] libsmb/namecache.c:namecache_shutdown(79) > namecache_shutdown: netbios namecache closed successfully. >[2005/03/31 14:07:40, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2005/03/31 14:07:40, 5] auth/auth_util.c:debug_nt_user_token(485) > NT user token: (NULL) >[2005/03/31 14:07:40, 5] auth/auth_util.c:debug_unix_user_token(506) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2005/03/31 14:07:40, 5] smbd/uid.c:change_to_root_user(296) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2005/03/31 14:07:40, 2] smbd/server.c:exit_server(609) > Closing connections >[2005/03/31 14:07:40, 3] smbd/connection.c:yield_connection(69) > Yielding connection to >[2005/03/31 14:07:40, 5] smbd/oplock.c:receive_local_message(107) > receive_local_message: doing select with timeout of 1 ms >[2005/03/31 14:07:40, 3] smbd/server.c:exit_server(652) > Server exit (normal exit) >[2005/03/31 14:07:40, 6] param/loadparm.c:lp_file_list_changed(2707) > lp_file_list_changed() > file /usr/local/samba/lib/special.smb -> /usr/local/samba/lib/special.smb last mod_time: Wed Jan 26 16:18:40 2005 > > file /usr/local/samba/lib/bhpro.smb -> /usr/local/samba/lib/bhpro.smb last mod_time: Mon Mar 14 10:04:30 2005 > > file /usr/local/samba/lib/printers.smb -> /usr/local/samba/lib/printers.smb last mod_time: Wed Jan 26 08:36:49 2005 > > file /usr/local/samba/lib/smb.conf -> /usr/local/samba/lib/smb.conf last mod_time: Thu Mar 31 14:06:59 2005 > >[2005/03/31 14:07:40, 5] smbd/reply.c:reply_special(283) > init msg_type=0x81 msg_flags=0x0 >[2005/03/31 14:07:40, 6] lib/util_sock.c:write_socket(449) > write_socket(25,4) >[2005/03/31 14:07:40, 6] lib/util_sock.c:write_socket(452) > write_socket(25,4) wrote 4 >[2005/03/31 14:07:40, 6] param/loadparm.c:lp_file_list_changed(2707) > lp_file_list_changed() > file /usr/local/samba/lib/special.smb -> /usr/local/samba/lib/special.smb last mod_time: Wed Jan 26 16:18:40 2005 > > file /usr/local/samba/lib/bhpro.smb -> /usr/local/samba/lib/bhpro.smb last mod_time: Mon Mar 14 10:04:30 2005 > > file /usr/local/samba/lib/printers.smb -> /usr/local/samba/lib/printers.smb last mod_time: Wed Jan 26 08:36:49 2005 > > file /usr/local/samba/lib/smb.conf -> /usr/local/samba/lib/smb.conf last mod_time: Thu Mar 31 14:06:59 2005 > >[2005/03/31 14:07:40, 4] lib/username.c:map_username(132) > Scanning username map /usr/local/samba/lib/smbusers >[2005/03/31 14:07:40, 10] lib/username.c:user_in_list(529) > user_in_list: checking user root in list >[2005/03/31 14:07:40, 10] lib/username.c:user_in_list(533) > user_in_list: checking user |root| against |administrator| >[2005/03/31 14:07:40, 5] auth/auth_util.c:make_user_info_map(224) > make_user_info_map: Mapping user [CORP]\[root] from workstation [XPNORTON] >[2005/03/31 14:07:40, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2005/03/31 14:07:40, 3] smbd/uid.c:push_conn_ctx(365) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2005/03/31 14:07:40, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2005/03/31 14:07:40, 5] auth/auth_util.c:debug_nt_user_token(485) > NT user token: (NULL) >[2005/03/31 14:07:40, 5] auth/auth_util.c:debug_unix_user_token(506) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2005/03/31 14:07:40, 5] auth/auth_util.c:is_trusted_domain(1560) > is_trusted_domain: Checking for domain trust with [CORP] >[2005/03/31 14:07:40, 5] passdb/secrets.c:secrets_fetch_trusted_domain_password(334) > secrets_fetch failed! >[2005/03/31 14:07:40, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2005/03/31 14:07:40, 10] lib/gencache.c:gencache_get(285) > Cache entry with key = TDOM/CORP couldn't be found >[2005/03/31 14:07:40, 5] libsmb/trustdom_cache.c:trustdom_cache_fetch(184) > no entry for trusted domain CORP found. >[2005/03/31 14:07:40, 5] auth/auth_util.c:make_user_info(132) > attempting to make a user_info for root (root) >[2005/03/31 14:07:40, 5] auth/auth_util.c:make_user_info(142) > making strings for root's user_info struct >[2005/03/31 14:07:40, 5] auth/auth_util.c:make_user_info(184) > making blobs for root's user_info struct >[2005/03/31 14:07:40, 10] auth/auth_util.c:make_user_info(200) > made an encrypted user_info for root (root) >[2005/03/31 14:07:40, 3] auth/auth.c:check_ntlm_password(219) > check_ntlm_password: Checking password for unmapped user [CORP]\[root]@[XPNORTON] with the new password interface >[2005/03/31 14:07:40, 3] auth/auth.c:check_ntlm_password(222) > check_ntlm_password: mapped user is: [CORP]\[root]@[XPNORTON] >[2005/03/31 14:07:40, 10] auth/auth.c:check_ntlm_password(231) > check_ntlm_password: auth_context challenge created by NTLMSSP callback (NTLM2) >[2005/03/31 14:07:40, 10] auth/auth.c:check_ntlm_password(233) > challenge is: >[2005/03/31 14:07:40, 5] lib/util.c:dump_data(1995) > [000] 6E D9 D3 B0 37 07 4F 1F n...7.O. >[2005/03/31 14:07:40, 10] auth/auth.c:check_ntlm_password(259) > check_ntlm_password: guest had nothing to say >[2005/03/31 14:07:40, 8] lib/util.c:is_myname(1815) > is_myname("CORP") returns 0 >[2005/03/31 14:07:40, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2005/03/31 14:07:40, 3] smbd/uid.c:push_conn_ctx(365) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2005/03/31 14:07:40, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2005/03/31 14:07:40, 5] auth/auth_util.c:debug_nt_user_token(485) > NT user token: (NULL) >[2005/03/31 14:07:40, 5] auth/auth_util.c:debug_unix_user_token(506) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2005/03/31 14:07:40, 5] lib/smbldap.c:smbldap_search(1038) > smbldap_search: base => [dc=borkholder,dc=com], filter => [(&(uid=root)(objectclass=sambaSamAccount))], scope => [2] >[2005/03/31 14:07:40, 5] lib/smbldap.c:smbldap_close(949) > The connection to the LDAP server was closed >[2005/03/31 14:07:40, 10] lib/smbldap.c:smbldap_open_connection(596) > smbldap_open_connection: ldap://localhost >[2005/03/31 14:07:40, 2] lib/smbldap.c:smbldap_open_connection(692) > smbldap_open_connection: connection opened >[2005/03/31 14:07:40, 10] lib/smbldap.c:smbldap_connect_system(824) > ldap_connect_system: Binding to ldap server ldap://localhost as "cn=Manager,dc=borkholder,dc=com" >[2005/03/31 14:07:40, 3] lib/smbldap.c:smbldap_connect_system(866) > ldap_connect_system: succesful connection to the LDAP server > ldap_connect_system: LDAP server does support paged results >[2005/03/31 14:07:40, 4] lib/smbldap.c:smbldap_open(929) > The LDAP server is succesfully connected >[2005/03/31 14:07:40, 10] lib/util_sock.c:read_socket_data(378) > read_socket_data: recv of 4 returned 0. Error = Success >[2005/03/31 14:07:40, 10] lib/util_sock.c:receive_smb_raw(556) > receive_smb_raw: length < 0! >[2005/03/31 14:07:40, 3] smbd/process.c:timeout_processing(1334) > timeout_processing: End of file from client (client has disconnected). >[2005/03/31 14:07:40, 5] lib/gencache.c:gencache_shutdown(88) > Closing cache file >[2005/03/31 14:07:40, 5] libsmb/namecache.c:namecache_shutdown(79) > namecache_shutdown: netbios namecache closed successfully. >[2005/03/31 14:07:40, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2005/03/31 14:07:40, 5] auth/auth_util.c:debug_nt_user_token(485) > NT user token: (NULL) >[2005/03/31 14:07:40, 5] auth/auth_util.c:debug_unix_user_token(506) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2005/03/31 14:07:40, 5] smbd/uid.c:change_to_root_user(296) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2005/03/31 14:07:40, 2] smbd/server.c:exit_server(609) > Closing connections >[2005/03/31 14:07:40, 3] smbd/connection.c:yield_connection(69) > Yielding connection to >[2005/03/31 14:07:40, 3] smbd/connection.c:yield_connection(76) > yield_connection: tdb_delete for name failed with error Record does not exist. >[2005/03/31 14:07:40, 5] smbd/oplock.c:receive_local_message(107) > receive_local_message: doing select with timeout of 1 ms >[2005/03/31 14:07:40, 2] passdb/pdb_ldap.c:init_sam_from_ldap(499) > init_sam_from_ldap: Entry found for user: root >[2005/03/31 14:07:40, 10] passdb/pdb_get_set.c:pdb_set_username(617) > pdb_set_username: setting username root, was >[2005/03/31 14:07:40, 10] passdb/pdb_get_set.c:pdb_set_domain(644) > pdb_set_domain: setting domain CORP, was >[2005/03/31 14:07:40, 10] passdb/pdb_get_set.c:pdb_set_nt_username(671) > pdb_set_nt_username: setting nt username root, was >[2005/03/31 14:07:40, 10] passdb/pdb_get_set.c:pdb_set_user_sid_from_string(557) > pdb_set_user_sid_from_string: setting user sid S-1-5-21-725326080-1709766072-2910717368-500 >[2005/03/31 14:07:40, 10] passdb/pdb_get_set.c:pdb_set_user_sid(544) > pdb_set_user_sid: setting user sid S-1-5-21-725326080-1709766072-2910717368-500 >[2005/03/31 14:07:40, 10] passdb/pdb_get_set.c:pdb_set_group_sid_from_string(592) > pdb_set_group_sid_from_string: setting group sid S-1-5-21-725326080-1709766072-2910717368-513 >[2005/03/31 14:07:40, 10] passdb/pdb_get_set.c:pdb_set_group_sid(580) > pdb_set_group_sid: setting group sid S-1-5-21-725326080-1709766072-2910717368-513 >[2005/03/31 14:07:40, 10] lib/smbldap.c:smbldap_get_single_attribute(358) > smbldap_get_single_attribute: [displayName] = [<does not exist>] >[2005/03/31 14:07:40, 10] passdb/pdb_get_set.c:pdb_set_fullname(698) > pdb_set_full_name: setting full name root, was >[2005/03/31 14:07:40, 10] lib/smbldap.c:smbldap_get_single_attribute(358) > smbldap_get_single_attribute: [sambaHomeDrive] = [<does not exist>] >[2005/03/31 14:07:40, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(779) > pdb_set_dir_drive: setting dir drive H:, was NULL >[2005/03/31 14:07:40, 10] lib/smbldap.c:smbldap_get_single_attribute(358) > smbldap_get_single_attribute: [sambaHomePath] = [<does not exist>] >[2005/03/31 14:07:40, 10] passdb/pdb_get_set.c:pdb_set_homedir(806) > pdb_set_homedir: setting home dir \\corpsrv\root, was >[2005/03/31 14:07:40, 10] lib/smbldap.c:smbldap_get_single_attribute(358) > smbldap_get_single_attribute: [sambaLogonScript] = [<does not exist>] >[2005/03/31 14:07:40, 10] passdb/pdb_get_set.c:pdb_set_logon_script(725) > pdb_set_logon_script: setting logon script logon.bat, was >[2005/03/31 14:07:40, 10] lib/smbldap.c:smbldap_get_single_attribute(358) > smbldap_get_single_attribute: [sambaProfilePath] = [<does not exist>] >[2005/03/31 14:07:40, 10] passdb/pdb_get_set.c:pdb_set_profile_path(752) > pdb_set_profile_path: setting profile path \\corpsrv\profiles\root\WinXP, was >[2005/03/31 14:07:40, 10] lib/smbldap.c:smbldap_get_single_attribute(358) > smbldap_get_single_attribute: [description] = [<does not exist>] >[2005/03/31 14:07:40, 10] lib/smbldap.c:smbldap_get_single_attribute(358) > smbldap_get_single_attribute: [sambaUserWorkstations] = [<does not exist>] >[2005/03/31 14:07:40, 10] lib/smbldap.c:smbldap_get_single_attribute(358) > smbldap_get_single_attribute: [sambaMungedDial] = [<does not exist>] >[2005/03/31 14:07:40, 10] lib/account_pol.c:account_policy_get(210) > account_policy_get: password history:0 >[2005/03/31 14:07:40, 10] lib/smbldap.c:smbldap_get_single_attribute(358) > smbldap_get_single_attribute: [sambaBadPasswordCount] = [<does not exist>] >[2005/03/31 14:07:40, 10] lib/smbldap.c:smbldap_get_single_attribute(358) > smbldap_get_single_attribute: [sambaBadPasswordTime] = [<does not exist>] >[2005/03/31 14:07:40, 10] lib/smbldap.c:smbldap_get_single_attribute(358) > smbldap_get_single_attribute: [sambaLogonHours] = [<does not exist>] >[2005/03/31 14:07:40, 5] passdb/login_cache.c:login_cache_init(41) > Opening cache file at /usr/local/samba/var/locks/login_cache.tdb >[2005/03/31 14:07:40, 7] passdb/login_cache.c:login_cache_read(83) > Looking up login cache for user root >[2005/03/31 14:07:40, 7] passdb/login_cache.c:login_cache_read(97) > No cache entry found >[2005/03/31 14:07:40, 9] passdb/pdb_ldap.c:init_sam_from_ldap(852) > No cache entry, bad count = 0, bad time = 0 >[2005/03/31 14:07:40, 10] lib/account_pol.c:account_policy_get(210) > account_policy_get: password history:0 >[2005/03/31 14:07:40, 10] passdb/pdb_get_set.c:pdb_set_username(617) > pdb_set_username: setting username root, was >[2005/03/31 14:07:40, 10] passdb/pdb_get_set.c:pdb_set_domain(644) > pdb_set_domain: setting domain CORP, was >[2005/03/31 14:07:40, 10] passdb/pdb_get_set.c:pdb_set_nt_username(671) > pdb_set_nt_username: setting nt username root, was >[2005/03/31 14:07:40, 10] passdb/pdb_get_set.c:pdb_set_fullname(698) > pdb_set_full_name: setting full name root, was >[2005/03/31 14:07:40, 10] passdb/pdb_get_set.c:pdb_set_homedir(806) > pdb_set_homedir: setting home dir \\corpsrv\root, was >[2005/03/31 14:07:40, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(779) > pdb_set_dir_drive: setting dir drive H:, was NULL >[2005/03/31 14:07:40, 10] passdb/pdb_get_set.c:pdb_set_logon_script(725) > pdb_set_logon_script: setting logon script logon.bat, was >[2005/03/31 14:07:40, 10] passdb/pdb_get_set.c:pdb_set_profile_path(752) > pdb_set_profile_path: setting profile path \\corpsrv\profiles\root\WinXP, was >[2005/03/31 14:07:40, 10] passdb/pdb_get_set.c:pdb_set_workstations(885) > pdb_set_workstations: setting workstations , was >[2005/03/31 14:07:40, 10] lib/account_pol.c:account_policy_get(210) > account_policy_get: password history:0 >[2005/03/31 14:07:40, 10] passdb/pdb_get_set.c:pdb_set_user_sid(544) > pdb_set_user_sid: setting user sid S-1-5-21-725326080-1709766072-2910717368-500 >[2005/03/31 14:07:40, 10] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(73) > pdb_set_user_sid_from_rid: > setting user sid S-1-5-21-725326080-1709766072-2910717368-500 from rid 500 >[2005/03/31 14:07:40, 10] passdb/pdb_get_set.c:pdb_set_group_sid(580) > pdb_set_group_sid: setting group sid S-1-5-21-725326080-1709766072-2910717368-513 >[2005/03/31 14:07:40, 10] passdb/pdb_compat.c:pdb_set_group_sid_from_rid(100) > pdb_set_group_sid_from_rid: > setting group sid S-1-5-21-725326080-1709766072-2910717368-513 from rid 513 >[2005/03/31 14:07:40, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2005/03/31 14:07:40, 9] passdb/passdb.c:pdb_update_autolock_flag(2350) > pdb_update_autolock_flag: Account root not autolocked, no check needed >[2005/03/31 14:07:40, 4] libsmb/ntlm_check.c:ntlm_password_check(326) > ntlm_password_check: Checking NT MD4 password >[2005/03/31 14:07:40, 4] auth/auth_sam.c:sam_account_ok(119) > sam_account_ok: Checking SMB password for user root >[2005/03/31 14:07:40, 5] auth/auth_sam.c:logon_hours_ok(101) > logon_hours_ok: user root allowed to logon at this time (Thu Mar 31 14:07:40 2005 > ) >[2005/03/31 14:07:40, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2005/03/31 14:07:40, 3] smbd/uid.c:push_conn_ctx(365) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2005/03/31 14:07:40, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2005/03/31 14:07:40, 5] auth/auth_util.c:debug_nt_user_token(485) > NT user token: (NULL) >[2005/03/31 14:07:40, 5] auth/auth_util.c:debug_unix_user_token(506) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2005/03/31 14:07:40, 10] lib/system_smbd.c:sys_getgrouplist(116) > sys_getgrouplist: user [root] >[2005/03/31 14:07:40, 10] lib/system_smbd.c:sys_getgrouplist(125) > sys_getgrouplist(): disabled winbindd for group lookup [user == root] >[2005/03/31 14:07:40, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2005/03/31 14:07:40, 3] smbd/uid.c:push_conn_ctx(365) > push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >[2005/03/31 14:07:40, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2005/03/31 14:07:40, 5] auth/auth_util.c:debug_nt_user_token(485) > NT user token: (NULL) >[2005/03/31 14:07:40, 5] auth/auth_util.c:debug_unix_user_token(506) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2005/03/31 14:07:40, 3] smbd/server.c:exit_server(652) > Server exit (normal exit) >[2005/03/31 14:07:40, 8] lib/util_getent.c:remove_duplicate_gids(330) > remove_duplicate_gids: Enter 7 gids >[2005/03/31 14:07:40, 8] lib/util_getent.c:remove_duplicate_gids(348) > remove_duplicate_gids: Exit 6 gids >[2005/03/31 14:07:40, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2005/03/31 14:07:40, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2005/03/31 14:07:40, 3] smbd/uid.c:push_conn_ctx(365) > push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >[2005/03/31 14:07:40, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2005/03/31 14:07:40, 5] auth/auth_util.c:debug_nt_user_token(485) > NT user token: (NULL) >[2005/03/31 14:07:40, 5] auth/auth_util.c:debug_unix_user_token(506) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2005/03/31 14:07:40, 5] lib/smbldap.c:smbldap_search(1038) > smbldap_search: base => [ou=Groups,dc=borkholder,dc=com], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=0))], scope => [2] >[2005/03/31 14:07:40, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2106) > ldapsam_getgroup: Did not find group >[2005/03/31 14:07:40, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2005/03/31 14:07:40, 10] passdb/passdb.c:local_gid_to_sid(1267) > local_gid_to_sid: Fall back to algorithmic mapping: 0 -> S-0-0 >[2005/03/31 14:07:40, 8] passdb/passdb.c:algorithmic_gid_to_sid(1233) > algorithmic_gid_to_sid: falling back to RID algorithm >[2005/03/31 14:07:40, 10] passdb/passdb.c:algorithmic_gid_to_sid(1237) > algorithmic_gid_to_sid: gid (0) -> SID S-1-5-21-725326080-1709766072-2910717368-1001. >[2005/03/31 14:07:40, 10] passdb/lookup_sid.c:gid_to_sid(372) > gid_to_sid: local 0 -> S-1-5-21-725326080-1709766072-2910717368-1001 >[2005/03/31 14:07:40, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2005/03/31 14:07:40, 3] smbd/uid.c:push_conn_ctx(365) > push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >[2005/03/31 14:07:40, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2005/03/31 14:07:40, 5] auth/auth_util.c:debug_nt_user_token(485) > NT user token: (NULL) >[2005/03/31 14:07:40, 5] auth/auth_util.c:debug_unix_user_token(506) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2005/03/31 14:07:40, 5] lib/smbldap.c:smbldap_search(1038) > smbldap_search: base => [ou=Groups,dc=borkholder,dc=com], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=3))], scope => [2] >[2005/03/31 14:07:40, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2106) > ldapsam_getgroup: Did not find group >[2005/03/31 14:07:40, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2005/03/31 14:07:40, 10] passdb/passdb.c:local_gid_to_sid(1267) > local_gid_to_sid: Fall back to algorithmic mapping: 3 -> S-0-0 >[2005/03/31 14:07:40, 8] passdb/passdb.c:algorithmic_gid_to_sid(1233) > algorithmic_gid_to_sid: falling back to RID algorithm >[2005/03/31 14:07:40, 10] passdb/passdb.c:algorithmic_gid_to_sid(1237) > algorithmic_gid_to_sid: gid (3) -> SID S-1-5-21-725326080-1709766072-2910717368-1007. >[2005/03/31 14:07:40, 10] passdb/lookup_sid.c:gid_to_sid(372) > gid_to_sid: local 3 -> S-1-5-21-725326080-1709766072-2910717368-1007 >[2005/03/31 14:07:40, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2005/03/31 14:07:40, 3] smbd/uid.c:push_conn_ctx(365) > push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >[2005/03/31 14:07:40, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2005/03/31 14:07:40, 5] auth/auth_util.c:debug_nt_user_token(485) > NT user token: (NULL) >[2005/03/31 14:07:40, 5] auth/auth_util.c:debug_unix_user_token(506) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2005/03/31 14:07:40, 5] lib/smbldap.c:smbldap_search(1038) > smbldap_search: base => [ou=Groups,dc=borkholder,dc=com], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=512))], scope => [2] >[2005/03/31 14:07:40, 2] passdb/pdb_ldap.c:init_group_from_ldap(2000) > init_group_from_ldap: Entry found for group: 512 >[2005/03/31 14:07:40, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2005/03/31 14:07:40, 10] passdb/passdb.c:local_gid_to_sid(1278) > local_gid_to_sid: gid (512) -> SID S-1-5-21-725326080-1709766072-2910717368-512. >[2005/03/31 14:07:40, 10] passdb/lookup_sid.c:gid_to_sid(372) > gid_to_sid: local 512 -> S-1-5-21-725326080-1709766072-2910717368-512 >[2005/03/31 14:07:40, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2005/03/31 14:07:40, 3] smbd/uid.c:push_conn_ctx(365) > push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >[2005/03/31 14:07:40, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2005/03/31 14:07:40, 5] auth/auth_util.c:debug_nt_user_token(485) > NT user token: (NULL) >[2005/03/31 14:07:40, 5] auth/auth_util.c:debug_unix_user_token(506) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2005/03/31 14:07:40, 5] lib/smbldap.c:smbldap_search(1038) > smbldap_search: base => [ou=Groups,dc=borkholder,dc=com], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=513))], scope => [2] >[2005/03/31 14:07:40, 2] passdb/pdb_ldap.c:init_group_from_ldap(2000) > init_group_from_ldap: Entry found for group: 513 >[2005/03/31 14:07:40, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2005/03/31 14:07:40, 10] passdb/passdb.c:local_gid_to_sid(1278) > local_gid_to_sid: gid (513) -> SID S-1-5-21-725326080-1709766072-2910717368-513. >[2005/03/31 14:07:40, 10] passdb/lookup_sid.c:gid_to_sid(372) > gid_to_sid: local 513 -> S-1-5-21-725326080-1709766072-2910717368-513 >[2005/03/31 14:07:40, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2005/03/31 14:07:40, 3] smbd/uid.c:push_conn_ctx(365) > push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >[2005/03/31 14:07:40, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2005/03/31 14:07:40, 5] auth/auth_util.c:debug_nt_user_token(485) > NT user token: (NULL) >[2005/03/31 14:07:40, 5] auth/auth_util.c:debug_unix_user_token(506) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2005/03/31 14:07:40, 5] lib/smbldap.c:smbldap_search(1038) > smbldap_search: base => [ou=Groups,dc=borkholder,dc=com], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=1020))], scope => [2] >[2005/03/31 14:07:40, 2] passdb/pdb_ldap.c:init_group_from_ldap(2000) > init_group_from_ldap: Entry found for group: 1020 >[2005/03/31 14:07:40, 10] lib/smbldap.c:smbldap_get_single_attribute(358) > smbldap_get_single_attribute: [description] = [<does not exist>] >[2005/03/31 14:07:40, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2005/03/31 14:07:40, 10] passdb/passdb.c:local_gid_to_sid(1278) > local_gid_to_sid: gid (1020) -> SID S-1-5-21-725326080-1709766072-2910717368-3041. >[2005/03/31 14:07:40, 10] passdb/lookup_sid.c:gid_to_sid(372) > gid_to_sid: local 1020 -> S-1-5-21-725326080-1709766072-2910717368-3041 >[2005/03/31 14:07:40, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2005/03/31 14:07:40, 3] smbd/uid.c:push_conn_ctx(365) > push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >[2005/03/31 14:07:40, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2005/03/31 14:07:40, 5] auth/auth_util.c:debug_nt_user_token(485) > NT user token: (NULL) >[2005/03/31 14:07:40, 5] auth/auth_util.c:debug_unix_user_token(506) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2005/03/31 14:07:40, 5] lib/smbldap.c:smbldap_search(1038) > smbldap_search: base => [ou=Groups,dc=borkholder,dc=com], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=1021))], scope => [2] >[2005/03/31 14:07:40, 2] passdb/pdb_ldap.c:init_group_from_ldap(2000) > init_group_from_ldap: Entry found for group: 1021 >[2005/03/31 14:07:40, 10] lib/smbldap.c:smbldap_get_single_attribute(358) > smbldap_get_single_attribute: [description] = [<does not exist>] >[2005/03/31 14:07:40, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2005/03/31 14:07:40, 10] passdb/passdb.c:local_gid_to_sid(1278) > local_gid_to_sid: gid (1021) -> SID S-1-5-21-725326080-1709766072-2910717368-3043. >[2005/03/31 14:07:40, 10] passdb/lookup_sid.c:gid_to_sid(372) > gid_to_sid: local 1021 -> S-1-5-21-725326080-1709766072-2910717368-3043 >[2005/03/31 14:07:40, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2005/03/31 14:07:40, 10] auth/auth_util.c:debug_nt_user_token(490) > NT user token of user S-1-5-21-725326080-1709766072-2910717368-500 > contains 10 SIDs > SID[ 0]: S-1-5-21-725326080-1709766072-2910717368-500 > SID[ 1]: S-1-5-21-725326080-1709766072-2910717368-513 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-725326080-1709766072-2910717368-1001 > SID[ 6]: S-1-5-21-725326080-1709766072-2910717368-1007 > SID[ 7]: S-1-5-21-725326080-1709766072-2910717368-512 > SID[ 8]: S-1-5-21-725326080-1709766072-2910717368-3041 > SID[ 9]: S-1-5-21-725326080-1709766072-2910717368-3043 > SE_PRIV 0x0 0x0 0x0 0x0 >[2005/03/31 14:07:40, 5] auth/auth_util.c:make_server_info_sam(862) > make_server_info_sam: made server info for user root -> root >[2005/03/31 14:07:40, 3] auth/auth.c:check_ntlm_password(268) > check_ntlm_password: sam authentication for user [root] succeeded >[2005/03/31 14:07:40, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2005/03/31 14:07:40, 3] smbd/uid.c:push_conn_ctx(365) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2005/03/31 14:07:40, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2005/03/31 14:07:40, 5] auth/auth_util.c:debug_nt_user_token(485) > NT user token: (NULL) >[2005/03/31 14:07:40, 5] auth/auth_util.c:debug_unix_user_token(506) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2005/03/31 14:07:40, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2005/03/31 14:07:40, 5] auth/auth.c:check_ntlm_password(292) > check_ntlm_password: PAM Account for user [root] succeeded >[2005/03/31 14:07:40, 2] auth/auth.c:check_ntlm_password(305) > check_ntlm_password: authentication for user [root] -> [root] -> [root] succeeded >[2005/03/31 14:07:40, 5] auth/auth_util.c:free_user_info(1380) > attempting to free (and zero) a user_info structure >[2005/03/31 14:07:40, 10] auth/auth_util.c:free_user_info(1383) > structure was created for root >[2005/03/31 14:07:40, 10] auth/auth_ntlmssp.c:auth_ntlmssp_check_password(117) > Got NT session key of length 16 >[2005/03/31 14:07:40, 10] auth/auth_ntlmssp.c:auth_ntlmssp_check_password(123) > Got LM session key of length 16 >[2005/03/31 14:07:40, 10] libsmb/ntlmssp.c:ntlmssp_server_auth(669) > ntlmssp_server_auth: Created NTLM2 session key. >[2005/03/31 14:07:40, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(319) > NTLMSSP Sign/Seal - Initialising with flags: >[2005/03/31 14:07:40, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) > Got NTLMSSP neg_flags=0x60088215 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_NEGOTIATE_NTLM2 > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH >[2005/03/31 14:07:40, 10] smbd/password.c:register_vuid(158) > register_vuid: allocated vuid = 100 >[2005/03/31 14:07:40, 10] lib/util_pw.c:getpwnam_alloc(98) > Got root from pwnam_cache >[2005/03/31 14:07:40, 10] smbd/password.c:register_vuid(220) > register_vuid: (0,0) root root CORP guest=0 >[2005/03/31 14:07:40, 3] smbd/password.c:register_vuid(222) > User name: root Real name: root >[2005/03/31 14:07:40, 3] smbd/password.c:register_vuid(241) > UNIX uid 0 is UNIX user root, and will be vuid 100 >[2005/03/31 14:07:40, 7] param/loadparm.c:lp_servicenumber(4048) > lp_servicenumber: couldn't find root >[2005/03/31 14:07:40, 3] smbd/password.c:register_vuid(270) > Adding homes service for user 'root' using home directory: '/root' >[2005/03/31 14:07:40, 8] param/loadparm.c:add_a_service(2319) > add_a_service: Creating snum = 35 for root >[2005/03/31 14:07:40, 3] param/loadparm.c:lp_add_home(2360) > adding home's share [root] for user 'root' at '/root' >[2005/03/31 14:07:40, 6] param/loadparm.c:lp_file_list_changed(2707) > lp_file_list_changed() > file /usr/local/samba/lib/special.smb -> /usr/local/samba/lib/special.smb last mod_time: Wed Jan 26 16:18:40 2005 > > file /usr/local/samba/lib/bhpro.smb -> /usr/local/samba/lib/bhpro.smb last mod_time: Mon Mar 14 10:04:30 2005 > > file /usr/local/samba/lib/printers.smb -> /usr/local/samba/lib/printers.smb last mod_time: Wed Jan 26 08:36:49 2005 > > file /usr/local/samba/lib/smb.conf -> /usr/local/samba/lib/smb.conf last mod_time: Thu Mar 31 14:06:59 2005 > >[2005/03/31 14:07:40, 6] lib/util_sock.c:write_socket(449) > write_socket(25,102) >[2005/03/31 14:07:40, 6] lib/util_sock.c:write_socket(452) > write_socket(25,102) wrote 102 >[2005/03/31 14:07:40, 10] lib/util_sock.c:read_smb_length_return_keepalive(505) > got smb length of 80 >[2005/03/31 14:07:40, 6] smbd/process.c:process_smb(1090) > got message type 0x0 of len 0x50 >[2005/03/31 14:07:40, 3] smbd/process.c:process_smb(1091) > Transaction 3 of length 84 >[2005/03/31 14:07:40, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:40, 5] lib/util.c:show_msg(474) > size=80 > smb_com=0x75 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=0 > smb_pid=65279 > smb_uid=100 > smb_mid=192 > smt_wct=4 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 80 (0x50) > smb_vwv[ 2]= 8 (0x8) > smb_vwv[ 3]= 1 (0x1) > smb_bcc=37 >[2005/03/31 14:07:40, 10] lib/util.c:dump_data(1995) > [000] 00 5C 00 5C 00 43 00 4F 00 52 00 50 00 53 00 52 .\.\.C.O .R.P.S.R > [010] 00 56 00 5C 00 49 00 50 00 43 00 24 00 00 00 3F .V.\.I.P .C.$...? > [020] 3F 3F 3F 3F 00 ????. >[2005/03/31 14:07:40, 3] smbd/process.c:switch_message(886) > switch message SMBtconX (pid 20948) conn 0x0 >[2005/03/31 14:07:40, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2005/03/31 14:07:40, 5] auth/auth_util.c:debug_nt_user_token(485) > NT user token: (NULL) >[2005/03/31 14:07:40, 5] auth/auth_util.c:debug_unix_user_token(506) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2005/03/31 14:07:40, 5] smbd/uid.c:change_to_root_user(296) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2005/03/31 14:07:40, 4] smbd/reply.c:reply_tcon_and_X(407) > Client requested device type [?????] for share [IPC$] >[2005/03/31 14:07:40, 5] smbd/service.c:make_connection(807) > making a connection to 'normal' service ipc$ >[2005/03/31 14:07:40, 5] lib/username.c:Get_Pwnam(293) > Finding user root >[2005/03/31 14:07:40, 5] lib/username.c:Get_Pwnam_internals(223) > Trying _Get_Pwnam(), username as lowercase is root >[2005/03/31 14:07:40, 10] lib/util_pw.c:getpwnam_alloc(98) > Got root from pwnam_cache >[2005/03/31 14:07:40, 5] lib/username.c:Get_Pwnam_internals(251) > Get_Pwnam_internals did find user [root]! >[2005/03/31 14:07:40, 3] smbd/service.c:make_connection_snum(479) > Connect path is '/tmp' for service [IPC$] >[2005/03/31 14:07:40, 4] rpc_server/srv_srvsvc_nt.c:get_share_security(217) > get_share_security: using default secdesc for IPC$ >[2005/03/31 14:07:40, 10] lib/util_seaccess.c:se_map_generic(176) > se_map_generic(): mapped mask 0x10000000 to 0x001f01ff >[2005/03/31 14:07:40, 10] lib/util_seaccess.c:se_access_check(234) > se_access_check: requested access 0x00000002, for NT token with 10 entries and first sid S-1-5-21-725326080-1709766072-2910717368-500. >[2005/03/31 14:07:40, 3] lib/util_seaccess.c:se_access_check(251) >[2005/03/31 14:07:40, 3] lib/util_seaccess.c:se_access_check(252) > se_access_check: user sid is S-1-5-21-725326080-1709766072-2910717368-500 > se_access_check: also S-1-5-21-725326080-1709766072-2910717368-513 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: also S-1-5-21-725326080-1709766072-2910717368-1001 > se_access_check: also S-1-5-21-725326080-1709766072-2910717368-1007 > se_access_check: also S-1-5-21-725326080-1709766072-2910717368-512 > se_access_check: also S-1-5-21-725326080-1709766072-2910717368-3041 > se_access_check: also S-1-5-21-725326080-1709766072-2910717368-3043 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 2 >[2005/03/31 14:07:40, 5] lib/util_seaccess.c:se_access_check(309) > se_access_check: access (2) granted. >[2005/03/31 14:07:40, 3] smbd/vfs.c:vfs_init_default(206) > Initialising default vfs hooks >[2005/03/31 14:07:40, 5] smbd/connection.c:claim_connection(170) > claiming IPC$ 0 >[2005/03/31 14:07:40, 10] smbd/uid.c:is_share_read_only_for_user(99) > is_share_read_only_for_user: share IPC$ is read-only for unix user root >[2005/03/31 14:07:40, 4] rpc_server/srv_srvsvc_nt.c:get_share_security(217) > get_share_security: using default secdesc for IPC$ >[2005/03/31 14:07:40, 10] lib/util_seaccess.c:se_map_generic(176) > se_map_generic(): mapped mask 0x10000000 to 0x001f01ff >[2005/03/31 14:07:40, 10] lib/util_seaccess.c:se_access_check(234) > se_access_check: requested access 0x00000001, for NT token with 10 entries and first sid S-1-5-21-725326080-1709766072-2910717368-500. >[2005/03/31 14:07:40, 3] lib/util_seaccess.c:se_access_check(251) >[2005/03/31 14:07:40, 3] lib/util_seaccess.c:se_access_check(252) > se_access_check: user sid is S-1-5-21-725326080-1709766072-2910717368-500 > se_access_check: also S-1-5-21-725326080-1709766072-2910717368-513 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: also S-1-5-21-725326080-1709766072-2910717368-1001 > se_access_check: also S-1-5-21-725326080-1709766072-2910717368-1007 > se_access_check: also S-1-5-21-725326080-1709766072-2910717368-512 > se_access_check: also S-1-5-21-725326080-1709766072-2910717368-3041 > se_access_check: also S-1-5-21-725326080-1709766072-2910717368-3043 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 1 >[2005/03/31 14:07:40, 5] lib/util_seaccess.c:se_access_check(309) > se_access_check: access (1) granted. >[2005/03/31 14:07:40, 10] lib/username.c:user_in_list(529) > user_in_list: checking user root in list >[2005/03/31 14:07:40, 10] lib/username.c:user_in_list(533) > user_in_list: checking user |root| against |root| >[2005/03/31 14:07:40, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2005/03/31 14:07:40, 5] auth/auth_util.c:debug_nt_user_token(490) > NT user token of user S-1-5-21-725326080-1709766072-2910717368-500 > contains 10 SIDs > SID[ 0]: S-1-5-21-725326080-1709766072-2910717368-500 > SID[ 1]: S-1-5-21-725326080-1709766072-2910717368-513 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-725326080-1709766072-2910717368-1001 > SID[ 6]: S-1-5-21-725326080-1709766072-2910717368-1007 > SID[ 7]: S-1-5-21-725326080-1709766072-2910717368-512 > SID[ 8]: S-1-5-21-725326080-1709766072-2910717368-3041 > SID[ 9]: S-1-5-21-725326080-1709766072-2910717368-3043 > SE_PRIV 0x0 0x0 0x0 0x0 >[2005/03/31 14:07:40, 5] auth/auth_util.c:debug_unix_user_token(506) > UNIX token of user 0 > Primary group is 0 and contains 6 supplementary groups > Group[ 0]: 0 > Group[ 1]: 3 > Group[ 2]: 512 > Group[ 3]: 513 > Group[ 4]: 1020 > Group[ 5]: 1021 >[2005/03/31 14:07:40, 5] smbd/uid.c:change_to_user(281) > change_to_user uid=(0,0) gid=(0,0) >[2005/03/31 14:07:40, 3] smbd/service.c:make_connection_snum(642) > xpnorton (192.168.1.106) connect to service IPC$ initially as user root (uid=0, gid=0) (pid 20948) >[2005/03/31 14:07:40, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2005/03/31 14:07:40, 5] auth/auth_util.c:debug_nt_user_token(485) > NT user token: (NULL) >[2005/03/31 14:07:40, 5] auth/auth_util.c:debug_unix_user_token(506) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2005/03/31 14:07:40, 5] smbd/uid.c:change_to_root_user(296) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2005/03/31 14:07:40, 3] smbd/reply.c:reply_tcon_and_X(455) > tconX service=IPC$ >[2005/03/31 14:07:40, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:40, 5] lib/util.c:show_msg(474) > size=48 > smb_com=0x75 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=192 > smt_wct=3 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 1 (0x1) > smb_bcc=7 >[2005/03/31 14:07:40, 10] lib/util.c:dump_data(1995) > [000] 49 50 43 00 00 00 00 IPC.... >[2005/03/31 14:07:40, 6] lib/util_sock.c:write_socket(449) > write_socket(25,52) >[2005/03/31 14:07:40, 6] lib/util_sock.c:write_socket(452) > write_socket(25,52) wrote 52 >[2005/03/31 14:07:40, 10] lib/util_sock.c:read_smb_length_return_keepalive(505) > got smb length of 100 >[2005/03/31 14:07:40, 6] smbd/process.c:process_smb(1090) > got message type 0x0 of len 0x64 >[2005/03/31 14:07:40, 3] smbd/process.c:process_smb(1091) > Transaction 4 of length 104 >[2005/03/31 14:07:40, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:40, 5] lib/util.c:show_msg(474) > size=100 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=824 > smb_uid=100 > smb_mid=256 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 3584 (0xE00) > smb_vwv[ 3]= 5632 (0x1600) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 513 (0x201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 768 (0x300) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]=16384 (0x4000) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 768 (0x300) > smb_bcc=17 >[2005/03/31 14:07:40, 10] lib/util.c:dump_data(1995) > [000] 00 5C 00 6C 00 73 00 61 00 72 00 70 00 63 00 00 .\.l.s.a .r.p.c.. > [010] 00 . >[2005/03/31 14:07:40, 3] smbd/process.c:switch_message(886) > switch message SMBntcreateX (pid 20948) conn 0x8333888 >[2005/03/31 14:07:40, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2005/03/31 14:07:40, 5] auth/auth_util.c:debug_nt_user_token(490) > NT user token of user S-1-5-21-725326080-1709766072-2910717368-500 > contains 10 SIDs > SID[ 0]: S-1-5-21-725326080-1709766072-2910717368-500 > SID[ 1]: S-1-5-21-725326080-1709766072-2910717368-513 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-725326080-1709766072-2910717368-1001 > SID[ 6]: S-1-5-21-725326080-1709766072-2910717368-1007 > SID[ 7]: S-1-5-21-725326080-1709766072-2910717368-512 > SID[ 8]: S-1-5-21-725326080-1709766072-2910717368-3041 > SID[ 9]: S-1-5-21-725326080-1709766072-2910717368-3043 > SE_PRIV 0x0 0x0 0x0 0x0 >[2005/03/31 14:07:40, 5] auth/auth_util.c:debug_unix_user_token(506) > UNIX token of user 0 > Primary group is 0 and contains 6 supplementary groups > Group[ 0]: 0 > Group[ 1]: 3 > Group[ 2]: 512 > Group[ 3]: 513 > Group[ 4]: 1020 > Group[ 5]: 1021 >[2005/03/31 14:07:40, 5] smbd/uid.c:change_to_user(281) > change_to_user uid=(0,0) gid=(0,0) >[2005/03/31 14:07:40, 4] smbd/vfs.c:vfs_ChDir(660) > vfs_ChDir to /tmp >[2005/03/31 14:07:40, 10] smbd/nttrans.c:reply_ntcreate_and_X(607) > reply_ntcreateX: flags = 0x16, desired_access = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0 >[2005/03/31 14:07:40, 4] smbd/nttrans.c:nt_open_pipe(497) > nt_open_pipe: Opening pipe \lsarpc. >[2005/03/31 14:07:40, 3] smbd/nttrans.c:nt_open_pipe(514) > nt_open_pipe: Known pipe lsarpc opening. >[2005/03/31 14:07:40, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(178) > Open pipe requested lsarpc (pipes_open=0) >[2005/03/31 14:07:40, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(278) > Create pipe requested lsarpc >[2005/03/31 14:07:40, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(77) > init_pipe_handles: created handle list for pipe lsarpc >[2005/03/31 14:07:40, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93) > init_pipe_handles: pipe_handles ref count = 1 for pipe lsarpc >[2005/03/31 14:07:40, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(370) > Created internal pipe lsarpc (pipes_open=0) >[2005/03/31 14:07:40, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(257) > Opened pipe lsarpc with handle 73a8 (pipes_open=1) >[2005/03/31 14:07:40, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(263) > open pipes: name lsarpc pnum=73a8 >[2005/03/31 14:07:40, 5] smbd/nttrans.c:do_ntcreate_pipe_open(562) > do_ntcreate_pipe_open: open pipe = \lsarpc >[2005/03/31 14:07:40, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:40, 5] lib/util.c:show_msg(474) > size=103 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=824 > smb_uid=100 > smb_mid=256 > smt_wct=34 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]=43008 (0xA800) > smb_vwv[ 3]= 371 (0x173) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 0 (0x0) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 0 (0x0) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]=32768 (0x8000) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_vwv[24]= 0 (0x0) > smb_vwv[25]= 0 (0x0) > smb_vwv[26]= 0 (0x0) > smb_vwv[27]= 0 (0x0) > smb_vwv[28]= 0 (0x0) > smb_vwv[29]= 0 (0x0) > smb_vwv[30]= 0 (0x0) > smb_vwv[31]= 512 (0x200) > smb_vwv[32]=65280 (0xFF00) > smb_vwv[33]= 5 (0x5) > smb_bcc=0 >[2005/03/31 14:07:40, 6] lib/util_sock.c:write_socket(449) > write_socket(25,107) >[2005/03/31 14:07:40, 6] lib/util_sock.c:write_socket(452) > write_socket(25,107) wrote 107 >[2005/03/31 14:07:40, 10] lib/util_sock.c:read_smb_length_return_keepalive(505) > got smb length of 136 >[2005/03/31 14:07:40, 6] smbd/process.c:process_smb(1090) > got message type 0x0 of len 0x88 >[2005/03/31 14:07:40, 3] smbd/process.c:process_smb(1091) > Transaction 5 of length 140 >[2005/03/31 14:07:40, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:40, 5] lib/util.c:show_msg(474) > size=136 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=320 > smt_wct=14 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=29608 (0x73A8) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]=65535 (0xFFFF) > smb_vwv[ 6]=65535 (0xFFFF) > smb_vwv[ 7]= 8 (0x8) > smb_vwv[ 8]= 72 (0x48) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 72 (0x48) > smb_vwv[11]= 64 (0x40) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_bcc=73 >[2005/03/31 14:07:40, 10] lib/util.c:dump_data(1995) > [000] EE 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... > [010] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ > [020] 00 78 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 .xW4.4.. ....#Eg. > [030] AB 00 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ > [040] 00 2B 10 48 60 02 00 00 00 .+.H`... . >[2005/03/31 14:07:40, 3] smbd/process.c:switch_message(886) > switch message SMBwriteX (pid 20948) conn 0x8333888 >[2005/03/31 14:07:40, 4] smbd/uid.c:change_to_user(194) > change_to_user: Skipping user change - already user >[2005/03/31 14:07:40, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1168) > search for pipe pnum=73a8 >[2005/03/31 14:07:40, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) > pipe name lsarpc pnum=73a8 (pipes_open=1) >[2005/03/31 14:07:40, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(852) > write_to_pipe: 73a8 name: lsarpc open: Yes len: 72 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) > write_to_pipe: data_left = 72 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) > fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) > write_to_pipe: data_used = 16 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) > write_to_pipe: data_left = 56 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0000 major : 05 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0001 minor : 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0002 pkt_type : 0b >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0003 flags : 03 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0004 pack_type0: 10 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0005 pack_type1: 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0006 pack_type2: 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0007 pack_type3: 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 frag_len : 0048 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000a auth_len : 0000 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 000c call_id : 00000001 >[2005/03/31 14:07:40, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) > unmarshall_rpc_header: using little-endian RPC >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) > unmarshall_rpc_header: type = 11, flags = 3 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) > write_to_pipe: data_used = 0 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) > write_to_pipe: data_left = 56 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 56, incoming data = 56 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(720) > process_complete_pdu: processing packet type 11 >[2005/03/31 14:07:40, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(876) > api_pipe_bind_req: decode request. 876 >[2005/03/31 14:07:40, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(887) > api_pipe_bind_req: \PIPE\lsarpc -> \PIPE\lsass >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_rb >[2005/03/31 14:07:40, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_bba >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0000 max_tsize: 10b8 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0002 max_rsize: 10b8 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0004 assoc_gid: 00000000 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0008 num_elements: 00000001 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000c context_id : 0000 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 000e num_syntaxes: 01 >[2005/03/31 14:07:40, 6] rpc_parse/parse_prs.c:prs_debug(82) > 00000f smb_io_rpc_iface >[2005/03/31 14:07:40, 7] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_uuid uuid >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0010 data : 12345778 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0014 data : 1234 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0016 data : abcd >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8s(729) > 0018 data : ef 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8s(729) > 001a data : 01 23 45 67 89 ab >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0020 version: 00000000 >[2005/03/31 14:07:40, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000024 smb_io_rpc_iface >[2005/03/31 14:07:40, 7] rpc_parse/parse_prs.c:prs_debug(82) > 000024 smb_io_uuid uuid >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0024 data : 8a885d04 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0028 data : 1ceb >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 002a data : 11c9 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8s(729) > 002c data : 9f e8 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8s(729) > 002e data : 08 00 2b 10 48 60 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0034 version: 00000002 >[2005/03/31 14:07:40, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1017) > api_pipe_bind_req: make response. 1017 >[2005/03/31 14:07:40, 3] rpc_server/srv_pipe.c:check_bind_req(762) > check_bind_req for \PIPE\lsarpc >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_ba >[2005/03/31 14:07:40, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_bba >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0000 max_tsize: 10b8 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0002 max_rsize: 10b8 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0004 assoc_gid: 000053f0 >[2005/03/31 14:07:40, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000008 smb_io_rpc_addr_str >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 len: 000c >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8s(729) > 000a str: \PIPE\lsass. >[2005/03/31 14:07:40, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000016 smb_io_rpc_results >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0018 num_results: 01 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 001c result : 0000 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 001e reason : 0000 >[2005/03/31 14:07:40, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000020 smb_io_rpc_iface >[2005/03/31 14:07:40, 7] rpc_parse/parse_prs.c:prs_debug(82) > 000020 smb_io_uuid uuid >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0020 data : 8a885d04 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0024 data : 1ceb >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0026 data : 11c9 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8s(729) > 0028 data : 9f e8 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8s(729) > 002a data : 08 00 2b 10 48 60 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0030 version: 00000002 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0000 major : 05 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0001 minor : 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0002 pkt_type : 0c >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0003 flags : 03 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0004 pack_type0: 10 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0005 pack_type1: 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0006 pack_type2: 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0007 pack_type3: 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 frag_len : 0044 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000a auth_len : 0000 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 000c call_id : 00000001 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) > write_to_pipe: data_used = 56 >[2005/03/31 14:07:40, 3] smbd/pipes.c:reply_pipe_write_and_X(199) > writeX-IPC pnum=73a8 nwritten=72 >[2005/03/31 14:07:40, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:40, 5] lib/util.c:show_msg(474) > size=47 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=320 > smt_wct=6 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 72 (0x48) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_bcc=0 >[2005/03/31 14:07:40, 6] lib/util_sock.c:write_socket(449) > write_socket(25,51) >[2005/03/31 14:07:40, 6] lib/util_sock.c:write_socket(452) > write_socket(25,51) wrote 51 >[2005/03/31 14:07:40, 10] lib/util_sock.c:read_smb_length_return_keepalive(505) > got smb length of 59 >[2005/03/31 14:07:40, 6] smbd/process.c:process_smb(1090) > got message type 0x0 of len 0x3b >[2005/03/31 14:07:40, 3] smbd/process.c:process_smb(1091) > Transaction 6 of length 63 >[2005/03/31 14:07:40, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:40, 5] lib/util.c:show_msg(474) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=384 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=29608 (0x73A8) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 1024 (0x400) > smb_vwv[ 6]= 1024 (0x400) > smb_vwv[ 7]=65535 (0xFFFF) > smb_vwv[ 8]=65535 (0xFFFF) > smb_vwv[ 9]= 1024 (0x400) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2005/03/31 14:07:40, 3] smbd/process.c:switch_message(886) > switch message SMBreadX (pid 20948) conn 0x8333888 >[2005/03/31 14:07:40, 4] smbd/uid.c:change_to_user(194) > change_to_user: Skipping user change - already user >[2005/03/31 14:07:40, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1168) > search for pipe pnum=73a8 >[2005/03/31 14:07:40, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) > pipe name lsarpc pnum=73a8 (pipes_open=1) >[2005/03/31 14:07:40, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(909) > read_from_pipe: 73a8 name: lsarpc len: 1024 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(968) > read_from_pipe: lsarpc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. >[2005/03/31 14:07:40, 3] smbd/pipes.c:reply_pipe_read_and_X(242) > readX-IPC pnum=73a8 min=1024 max=1024 nread=68 >[2005/03/31 14:07:40, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:40, 5] lib/util.c:show_msg(474) > size=127 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=384 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 68 (0x44) > smb_vwv[ 6]= 59 (0x3B) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=68 >[2005/03/31 14:07:40, 10] lib/util.c:dump_data(1995) > [000] 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 00 ........ D....... > [010] B8 10 B8 10 F0 53 00 00 0C 00 5C 50 49 50 45 5C .....S.. ..\PIPE\ > [020] 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 00 lsass... ........ > [030] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` > [040] 02 00 00 00 .... >[2005/03/31 14:07:40, 6] lib/util_sock.c:write_socket(449) > write_socket(25,131) >[2005/03/31 14:07:40, 6] lib/util_sock.c:write_socket(452) > write_socket(25,131) wrote 131 >[2005/03/31 14:07:40, 10] lib/util_sock.c:read_smb_length_return_keepalive(505) > got smb length of 172 >[2005/03/31 14:07:40, 6] smbd/process.c:process_smb(1090) > got message type 0x0 of len 0xac >[2005/03/31 14:07:40, 3] smbd/process.c:process_smb(1091) > Transaction 7 of length 176 >[2005/03/31 14:07:40, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:40, 5] lib/util.c:show_msg(474) > size=172 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=824 > smb_uid=100 > smb_mid=448 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 88 (0x58) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 88 (0x58) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29608 (0x73A8) > smb_bcc=105 >[2005/03/31 14:07:40, 10] lib/util.c:dump_data(1995) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 58 00 00 00 01 00 00 ........ .X...... > [020] 00 40 00 00 00 00 00 2C 00 D0 C6 21 03 0A 00 00 .@....., ...!.... > [030] 00 00 00 00 00 0A 00 00 00 5C 00 5C 00 43 00 4F ........ .\.\.C.O > [040] 00 52 00 50 00 53 00 52 00 56 00 00 00 18 00 00 .R.P.S.R .V...... > [050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [060] 00 00 00 00 00 00 00 00 02 ........ . >[2005/03/31 14:07:40, 3] smbd/process.c:switch_message(886) > switch message SMBtrans (pid 20948) conn 0x8333888 >[2005/03/31 14:07:40, 4] smbd/uid.c:change_to_user(194) > change_to_user: Skipping user change - already user >[2005/03/31 14:07:40, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=88 params=0 setup=2 >[2005/03/31 14:07:40, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2005/03/31 14:07:40, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2005/03/31 14:07:40, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2005/03/31 14:07:40, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1168) > search for pipe pnum=73a8 >[2005/03/31 14:07:40, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) > pipe name lsarpc pnum=73a8 (pipes_open=1) >[2005/03/31 14:07:40, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "lsarpc" (pnum 73a8) >[2005/03/31 14:07:40, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x8332398 max_trans_reply: 1024 >[2005/03/31 14:07:40, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(852) > write_to_pipe: 73a8 name: lsarpc open: Yes len: 88 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) > write_to_pipe: data_left = 88 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 88 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) > fill_rpc_header: data_to_copy = 88, len_needed_to_complete_hdr = 16, receive_len = 0 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) > write_to_pipe: data_used = 16 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) > write_to_pipe: data_left = 72 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 72 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0000 major : 05 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0001 minor : 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0002 pkt_type : 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0003 flags : 03 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0004 pack_type0: 10 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0005 pack_type1: 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0006 pack_type2: 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0007 pack_type3: 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 frag_len : 0058 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000a auth_len : 0000 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 000c call_id : 00000001 >[2005/03/31 14:07:40, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) > unmarshall_rpc_header: using little-endian RPC >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) > unmarshall_rpc_header: type = 0, flags = 3 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) > write_to_pipe: data_used = 0 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) > write_to_pipe: data_left = 72 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 72, incoming data = 72 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(720) > process_complete_pdu: processing packet type 0 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0000 alloc_hint: 00000040 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0004 context_id: 0000 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0006 opnum : 002c >[2005/03/31 14:07:40, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) > free_pipe_context: destroying talloc pool of size 0 >[2005/03/31 14:07:40, 5] rpc_server/srv_pipe.c:api_pipe_request(1497) > Requested \PIPE\lsarpc >[2005/03/31 14:07:40, 4] rpc_server/srv_pipe.c:api_rpcTNP(1531) > api_rpcTNP: lsarpc op 0x2c - api_rpcTNP: rpc command: LSA_OPENPOLICY2 >[2005/03/31 14:07:40, 6] rpc_server/srv_pipe.c:api_rpcTNP(1557) > api_rpc_cmds[0].fn == 0x80fc000 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 lsa_io_q_open_pol2 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0000 ptr : 0321c6d0 >[2005/03/31 14:07:40, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000004 smb_io_unistr2 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0004 uni_max_len: 0000000a >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0008 offset : 00000000 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 000c uni_str_len: 0000000a >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:dbg_rw_punival(814) > 0010 buffer : \.\.C.O.R.P.S.R.V... >[2005/03/31 14:07:40, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000024 lsa_io_obj_attr >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0024 len : 00000018 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0028 ptr_root_dir: 00000000 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 002c ptr_obj_name: 00000000 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0030 attributes : 00000000 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0034 ptr_sec_desc: 00000000 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0038 ptr_sec_qos : 00000000 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 003c des_access: 02000000 >[2005/03/31 14:07:40, 10] lib/util_seaccess.c:se_access_check(234) > se_access_check: requested access 0x02000000, for NT token with 10 entries and first sid S-1-5-21-725326080-1709766072-2910717368-500. >[2005/03/31 14:07:40, 3] lib/util_seaccess.c:se_access_check(251) >[2005/03/31 14:07:40, 3] lib/util_seaccess.c:se_access_check(252) > se_access_check: user sid is S-1-5-21-725326080-1709766072-2910717368-500 > se_access_check: also S-1-5-21-725326080-1709766072-2910717368-513 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: also S-1-5-21-725326080-1709766072-2910717368-1001 > se_access_check: also S-1-5-21-725326080-1709766072-2910717368-1007 > se_access_check: also S-1-5-21-725326080-1709766072-2910717368-512 > se_access_check: also S-1-5-21-725326080-1709766072-2910717368-3041 > se_access_check: also S-1-5-21-725326080-1709766072-2910717368-3043 >[2005/03/31 14:07:40, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) > Opened policy hnd[1] [000] 00 00 00 00 01 00 00 00 00 00 00 00 7C 4A 4C 42 ........ ....|JLB > [010] D4 51 00 00 .Q.. >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 lsa_io_r_open_pol2 >[2005/03/31 14:07:40, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0000 data1: 00000000 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0004 data2: 00000001 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 data3: 0000 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000a data4: 0000 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8s(729) > 000c data5: 7c 4a 4c 42 d4 51 00 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_ntstatus(672) > 0014 status: NT_STATUS_OK >[2005/03/31 14:07:40, 5] rpc_server/srv_pipe.c:api_rpcTNP(1578) > api_rpcTNP: called lsarpc successfully >[2005/03/31 14:07:40, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) > free_pipe_context: destroying talloc pool of size 820 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) > write_to_pipe: data_used = 72 >[2005/03/31 14:07:40, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(909) > read_from_pipe: 73a8 name: lsarpc len: 1024 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(982) > read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr hdr >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0000 major : 05 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0001 minor : 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0002 pkt_type : 02 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0003 flags : 03 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0004 pack_type0: 10 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0005 pack_type1: 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0006 pack_type2: 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0007 pack_type3: 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 frag_len : 0030 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000a auth_len : 0000 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 000c call_id : 00000001 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0010 alloc_hint: 00000018 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0014 context_id: 0000 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0016 cancel_ct : 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0017 reserved : 00 >[2005/03/31 14:07:40, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..48] >[2005/03/31 14:07:40, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:40, 5] lib/util.c:show_msg(474) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=824 > smb_uid=100 > smb_mid=448 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2005/03/31 14:07:40, 10] lib/util.c:dump_data(1995) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 01 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ........ ........ > [020] 00 00 00 00 00 7C 4A 4C 42 D4 51 00 00 00 00 00 .....|JL B.Q..... > [030] 00 . >[2005/03/31 14:07:40, 6] lib/util_sock.c:write_socket(449) > write_socket(25,108) >[2005/03/31 14:07:40, 6] lib/util_sock.c:write_socket(452) > write_socket(25,108) wrote 108 >[2005/03/31 14:07:40, 10] lib/util_sock.c:read_smb_length_return_keepalive(505) > got smb length of 130 >[2005/03/31 14:07:40, 6] smbd/process.c:process_smb(1090) > got message type 0x0 of len 0x82 >[2005/03/31 14:07:40, 3] smbd/process.c:process_smb(1091) > Transaction 8 of length 134 >[2005/03/31 14:07:40, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:40, 5] lib/util.c:show_msg(474) > size=130 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=824 > smb_uid=100 > smb_mid=512 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 46 (0x2E) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 46 (0x2E) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29608 (0x73A8) > smb_bcc=63 >[2005/03/31 14:07:40, 10] lib/util.c:dump_data(1995) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 2E 00 00 00 02 00 00 ........ ........ > [020] 00 16 00 00 00 00 00 2E 00 00 00 00 00 01 00 00 ........ ........ > [030] 00 00 00 00 00 7C 4A 4C 42 D4 51 00 00 0C 00 .....|JL B.Q.... >[2005/03/31 14:07:40, 3] smbd/process.c:switch_message(886) > switch message SMBtrans (pid 20948) conn 0x8333888 >[2005/03/31 14:07:40, 4] smbd/uid.c:change_to_user(194) > change_to_user: Skipping user change - already user >[2005/03/31 14:07:40, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=46 params=0 setup=2 >[2005/03/31 14:07:40, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2005/03/31 14:07:40, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2005/03/31 14:07:40, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2005/03/31 14:07:40, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1168) > search for pipe pnum=73a8 >[2005/03/31 14:07:40, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) > pipe name lsarpc pnum=73a8 (pipes_open=1) >[2005/03/31 14:07:40, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "lsarpc" (pnum 73a8) >[2005/03/31 14:07:40, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x8332398 max_trans_reply: 1024 >[2005/03/31 14:07:40, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(852) > write_to_pipe: 73a8 name: lsarpc open: Yes len: 46 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) > write_to_pipe: data_left = 46 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 46 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) > fill_rpc_header: data_to_copy = 46, len_needed_to_complete_hdr = 16, receive_len = 0 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) > write_to_pipe: data_used = 16 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) > write_to_pipe: data_left = 30 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 30 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0000 major : 05 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0001 minor : 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0002 pkt_type : 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0003 flags : 03 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0004 pack_type0: 10 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0005 pack_type1: 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0006 pack_type2: 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0007 pack_type3: 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 frag_len : 002e >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000a auth_len : 0000 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 000c call_id : 00000002 >[2005/03/31 14:07:40, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) > unmarshall_rpc_header: using little-endian RPC >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) > unmarshall_rpc_header: type = 0, flags = 3 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) > write_to_pipe: data_used = 0 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) > write_to_pipe: data_left = 30 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 30, incoming data = 30 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(720) > process_complete_pdu: processing packet type 0 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0000 alloc_hint: 00000016 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0004 context_id: 0000 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0006 opnum : 002e >[2005/03/31 14:07:40, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) > free_pipe_context: destroying talloc pool of size 0 >[2005/03/31 14:07:40, 5] rpc_server/srv_pipe.c:api_pipe_request(1497) > Requested \PIPE\lsarpc >[2005/03/31 14:07:40, 4] rpc_server/srv_pipe.c:api_rpcTNP(1531) > api_rpcTNP: lsarpc op 0x2e - unknown >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0000 major : 05 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0001 minor : 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0002 pkt_type : 03 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0003 flags : 23 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0004 pack_type0: 10 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0005 pack_type1: 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0006 pack_type2: 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0007 pack_type3: 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 frag_len : 0020 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000a auth_len : 0000 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 000c call_id : 00000002 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0010 alloc_hint: 00000000 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0014 context_id: 0000 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0016 cancel_ct : 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0017 reserved : 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000018 smb_io_rpc_hdr_fault fault >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_ntstatus(672) > 0018 status : NT code 0x1c010002 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 001c reserved: 00000000 >[2005/03/31 14:07:40, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) > free_pipe_context: destroying talloc pool of size 0 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) > write_to_pipe: data_used = 30 >[2005/03/31 14:07:40, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(909) > read_from_pipe: 73a8 name: lsarpc len: 1024 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(968) > read_from_pipe: lsarpc: current_pdu_len = 32, current_pdu_sent = 0 returning 32 bytes. >[2005/03/31 14:07:40, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..32] >[2005/03/31 14:07:40, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:40, 5] lib/util.c:show_msg(474) > size=88 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=824 > smb_uid=100 > smb_mid=512 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 32 (0x20) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 32 (0x20) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=33 >[2005/03/31 14:07:40, 10] lib/util.c:dump_data(1995) > [000] 00 05 00 03 23 10 00 00 00 20 00 00 00 02 00 00 ....#... . ...... > [010] 00 00 00 00 00 00 00 00 00 02 00 01 1C 00 00 00 ........ ........ > [020] 00 . >[2005/03/31 14:07:40, 6] lib/util_sock.c:write_socket(449) > write_socket(25,92) >[2005/03/31 14:07:40, 6] lib/util_sock.c:write_socket(452) > write_socket(25,92) wrote 92 >[2005/03/31 14:07:40, 10] lib/util_sock.c:read_smb_length_return_keepalive(505) > got smb length of 130 >[2005/03/31 14:07:40, 6] smbd/process.c:process_smb(1090) > got message type 0x0 of len 0x82 >[2005/03/31 14:07:40, 3] smbd/process.c:process_smb(1091) > Transaction 9 of length 134 >[2005/03/31 14:07:40, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:40, 5] lib/util.c:show_msg(474) > size=130 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=824 > smb_uid=100 > smb_mid=576 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 46 (0x2E) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 46 (0x2E) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29608 (0x73A8) > smb_bcc=63 >[2005/03/31 14:07:40, 10] lib/util.c:dump_data(1995) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 2E 00 00 00 03 00 00 ........ ........ > [020] 00 16 00 00 00 00 00 07 00 00 00 00 00 01 00 00 ........ ........ > [030] 00 00 00 00 00 7C 4A 4C 42 D4 51 00 00 03 00 .....|JL B.Q.... >[2005/03/31 14:07:40, 3] smbd/process.c:switch_message(886) > switch message SMBtrans (pid 20948) conn 0x8333888 >[2005/03/31 14:07:40, 4] smbd/uid.c:change_to_user(194) > change_to_user: Skipping user change - already user >[2005/03/31 14:07:40, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=46 params=0 setup=2 >[2005/03/31 14:07:40, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2005/03/31 14:07:40, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2005/03/31 14:07:40, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2005/03/31 14:07:40, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1168) > search for pipe pnum=73a8 >[2005/03/31 14:07:40, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) > pipe name lsarpc pnum=73a8 (pipes_open=1) >[2005/03/31 14:07:40, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "lsarpc" (pnum 73a8) >[2005/03/31 14:07:40, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x8332398 max_trans_reply: 1024 >[2005/03/31 14:07:40, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(852) > write_to_pipe: 73a8 name: lsarpc open: Yes len: 46 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) > write_to_pipe: data_left = 46 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 46 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) > fill_rpc_header: data_to_copy = 46, len_needed_to_complete_hdr = 16, receive_len = 0 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) > write_to_pipe: data_used = 16 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) > write_to_pipe: data_left = 30 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 30 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0000 major : 05 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0001 minor : 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0002 pkt_type : 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0003 flags : 03 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0004 pack_type0: 10 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0005 pack_type1: 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0006 pack_type2: 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0007 pack_type3: 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 frag_len : 002e >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000a auth_len : 0000 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 000c call_id : 00000003 >[2005/03/31 14:07:40, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) > unmarshall_rpc_header: using little-endian RPC >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) > unmarshall_rpc_header: type = 0, flags = 3 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) > write_to_pipe: data_used = 0 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) > write_to_pipe: data_left = 30 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 30, incoming data = 30 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(720) > process_complete_pdu: processing packet type 0 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0000 alloc_hint: 00000016 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0004 context_id: 0000 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0006 opnum : 0007 >[2005/03/31 14:07:40, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) > free_pipe_context: destroying talloc pool of size 0 >[2005/03/31 14:07:40, 5] rpc_server/srv_pipe.c:api_pipe_request(1497) > Requested \PIPE\lsarpc >[2005/03/31 14:07:40, 4] rpc_server/srv_pipe.c:api_rpcTNP(1531) > api_rpcTNP: lsarpc op 0x7 - api_rpcTNP: rpc command: LSA_QUERYINFOPOLICY >[2005/03/31 14:07:40, 6] rpc_server/srv_pipe.c:api_rpcTNP(1557) > api_rpc_cmds[2].fn == 0x80fbd10 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 lsa_io_q_query >[2005/03/31 14:07:40, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0000 data1: 00000000 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0004 data2: 00000001 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 data3: 0000 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000a data4: 0000 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8s(729) > 000c data5: 7c 4a 4c 42 d4 51 00 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0014 info_class: 0003 >[2005/03/31 14:07:40, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 01 00 00 00 00 00 00 00 7C 4A 4C 42 ........ ....|JLB > [010] D4 51 00 00 .Q.. >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 lsa_io_r_query >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0000 undoc_buffer: 22000000 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0004 info_class: 0003 >[2005/03/31 14:07:40, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000008 lsa_io_dom_query >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 uni_dom_max_len: 0008 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000a uni_dom_str_len: 000a >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 000c buffer_dom_name: 00000001 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0010 buffer_dom_sid : 00000001 >[2005/03/31 14:07:40, 7] rpc_parse/parse_prs.c:prs_debug(82) > 000014 smb_io_unistr2 unistr2 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0014 uni_max_len: 00000005 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0018 offset : 00000000 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 001c uni_str_len: 00000004 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:dbg_rw_punival(814) > 0020 buffer : C.O.R.P. >[2005/03/31 14:07:40, 7] rpc_parse/parse_prs.c:prs_debug(82) > 000028 smb_io_dom_sid2 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0028 num_auths: 00000004 >[2005/03/31 14:07:40, 8] rpc_parse/parse_prs.c:prs_debug(82) > 00002c smb_io_dom_sid sid >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 002c sid_rev_num: 01 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 002d num_auths : 04 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 002e id_auth[0] : 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 002f id_auth[1] : 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0030 id_auth[2] : 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0031 id_auth[3] : 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0032 id_auth[4] : 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0033 id_auth[5] : 05 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32s(869) > 0034 sub_auths : 00000015 2b3b9900 65e8f5b8 ad7e05b8 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_ntstatus(672) > 0044 status: NT_STATUS_OK >[2005/03/31 14:07:40, 5] rpc_server/srv_pipe.c:api_rpcTNP(1578) > api_rpcTNP: called lsarpc successfully >[2005/03/31 14:07:40, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) > free_pipe_context: destroying talloc pool of size 10 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) > write_to_pipe: data_used = 30 >[2005/03/31 14:07:40, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(909) > read_from_pipe: 73a8 name: lsarpc len: 1024 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(982) > read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 72. >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr hdr >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0000 major : 05 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0001 minor : 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0002 pkt_type : 02 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0003 flags : 03 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0004 pack_type0: 10 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0005 pack_type1: 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0006 pack_type2: 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0007 pack_type3: 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 frag_len : 0060 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000a auth_len : 0000 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 000c call_id : 00000003 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0010 alloc_hint: 00000048 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0014 context_id: 0000 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0016 cancel_ct : 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0017 reserved : 00 >[2005/03/31 14:07:40, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..96] >[2005/03/31 14:07:40, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:40, 5] lib/util.c:show_msg(474) > size=152 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=824 > smb_uid=100 > smb_mid=576 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 96 (0x60) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 96 (0x60) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=97 >[2005/03/31 14:07:40, 10] lib/util.c:dump_data(1995) > [000] 00 05 00 02 03 10 00 00 00 60 00 00 00 03 00 00 ........ .`...... > [010] 00 48 00 00 00 00 00 00 00 00 00 00 22 03 00 00 .H...... ...."... > [020] 00 08 00 0A 00 01 00 00 00 01 00 00 00 05 00 00 ........ ........ > [030] 00 00 00 00 00 04 00 00 00 43 00 4F 00 52 00 50 ........ .C.O.R.P > [040] 00 04 00 00 00 01 04 00 00 00 00 00 05 15 00 00 ........ ........ > [050] 00 00 99 3B 2B B8 F5 E8 65 B8 05 7E AD 00 00 00 ...;+... e..~.... > [060] 00 . >[2005/03/31 14:07:40, 6] lib/util_sock.c:write_socket(449) > write_socket(25,156) >[2005/03/31 14:07:40, 6] lib/util_sock.c:write_socket(452) > write_socket(25,156) wrote 156 >[2005/03/31 14:07:40, 10] lib/util_sock.c:read_smb_length_return_keepalive(505) > got smb length of 100 >[2005/03/31 14:07:40, 6] smbd/process.c:process_smb(1090) > got message type 0x0 of len 0x64 >[2005/03/31 14:07:40, 3] smbd/process.c:process_smb(1091) > Transaction 10 of length 104 >[2005/03/31 14:07:40, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:40, 5] lib/util.c:show_msg(474) > size=100 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=824 > smb_uid=100 > smb_mid=640 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 3584 (0xE00) > smb_vwv[ 3]= 5632 (0x1600) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 513 (0x201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 768 (0x300) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]=16384 (0x4000) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 768 (0x300) > smb_bcc=17 >[2005/03/31 14:07:40, 10] lib/util.c:dump_data(1995) > [000] 00 5C 00 77 00 69 00 6E 00 72 00 65 00 67 00 00 .\.w.i.n .r.e.g.. > [010] 00 . >[2005/03/31 14:07:40, 3] smbd/process.c:switch_message(886) > switch message SMBntcreateX (pid 20948) conn 0x8333888 >[2005/03/31 14:07:40, 4] smbd/uid.c:change_to_user(194) > change_to_user: Skipping user change - already user >[2005/03/31 14:07:40, 10] smbd/nttrans.c:reply_ntcreate_and_X(607) > reply_ntcreateX: flags = 0x16, desired_access = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0 >[2005/03/31 14:07:40, 4] smbd/nttrans.c:nt_open_pipe(497) > nt_open_pipe: Opening pipe \winreg. >[2005/03/31 14:07:40, 3] smbd/nttrans.c:nt_open_pipe(514) > nt_open_pipe: Known pipe winreg opening. >[2005/03/31 14:07:40, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(178) > Open pipe requested winreg (pipes_open=1) >[2005/03/31 14:07:40, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(205) > open_rpc_pipe_p: name lsarpc pnum=73a8 >[2005/03/31 14:07:40, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(278) > Create pipe requested winreg >[2005/03/31 14:07:40, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(77) > init_pipe_handles: created handle list for pipe winreg >[2005/03/31 14:07:40, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93) > init_pipe_handles: pipe_handles ref count = 1 for pipe winreg >[2005/03/31 14:07:40, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(370) > Created internal pipe winreg (pipes_open=1) >[2005/03/31 14:07:40, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(257) > Opened pipe winreg with handle 73a9 (pipes_open=2) >[2005/03/31 14:07:40, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(263) > open pipes: name winreg pnum=73a9 >[2005/03/31 14:07:40, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(263) > open pipes: name lsarpc pnum=73a8 >[2005/03/31 14:07:40, 5] smbd/nttrans.c:do_ntcreate_pipe_open(562) > do_ntcreate_pipe_open: open pipe = \winreg >[2005/03/31 14:07:40, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:40, 5] lib/util.c:show_msg(474) > size=103 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=824 > smb_uid=100 > smb_mid=640 > smt_wct=34 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]=43264 (0xA900) > smb_vwv[ 3]= 371 (0x173) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 0 (0x0) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 0 (0x0) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]=32768 (0x8000) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_vwv[24]= 0 (0x0) > smb_vwv[25]= 0 (0x0) > smb_vwv[26]= 0 (0x0) > smb_vwv[27]= 0 (0x0) > smb_vwv[28]= 0 (0x0) > smb_vwv[29]= 0 (0x0) > smb_vwv[30]= 0 (0x0) > smb_vwv[31]= 512 (0x200) > smb_vwv[32]=65280 (0xFF00) > smb_vwv[33]= 5 (0x5) > smb_bcc=0 >[2005/03/31 14:07:40, 6] lib/util_sock.c:write_socket(449) > write_socket(25,107) >[2005/03/31 14:07:40, 6] lib/util_sock.c:write_socket(452) > write_socket(25,107) wrote 107 >[2005/03/31 14:07:40, 10] lib/util_sock.c:read_smb_length_return_keepalive(505) > got smb length of 136 >[2005/03/31 14:07:40, 6] smbd/process.c:process_smb(1090) > got message type 0x0 of len 0x88 >[2005/03/31 14:07:40, 3] smbd/process.c:process_smb(1091) > Transaction 11 of length 140 >[2005/03/31 14:07:40, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:40, 5] lib/util.c:show_msg(474) > size=136 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=704 > smt_wct=14 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=29609 (0x73A9) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]=65535 (0xFFFF) > smb_vwv[ 6]=65535 (0xFFFF) > smb_vwv[ 7]= 8 (0x8) > smb_vwv[ 8]= 72 (0x48) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 72 (0x48) > smb_vwv[11]= 64 (0x40) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_bcc=73 >[2005/03/31 14:07:40, 10] lib/util.c:dump_data(1995) > [000] EE 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... > [010] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ > [020] 00 01 D0 8C 33 44 22 F1 31 AA AA 90 00 38 00 10 ....3D". 1....8.. > [030] 03 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ > [040] 00 2B 10 48 60 02 00 00 00 .+.H`... . >[2005/03/31 14:07:40, 3] smbd/process.c:switch_message(886) > switch message SMBwriteX (pid 20948) conn 0x8333888 >[2005/03/31 14:07:40, 4] smbd/uid.c:change_to_user(194) > change_to_user: Skipping user change - already user >[2005/03/31 14:07:40, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1168) > search for pipe pnum=73a9 >[2005/03/31 14:07:40, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) > pipe name winreg pnum=73a9 (pipes_open=2) >[2005/03/31 14:07:40, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) > pipe name lsarpc pnum=73a8 (pipes_open=2) >[2005/03/31 14:07:40, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(852) > write_to_pipe: 73a9 name: winreg open: Yes len: 72 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) > write_to_pipe: data_left = 72 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) > fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) > write_to_pipe: data_used = 16 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) > write_to_pipe: data_left = 56 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0000 major : 05 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0001 minor : 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0002 pkt_type : 0b >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0003 flags : 03 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0004 pack_type0: 10 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0005 pack_type1: 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0006 pack_type2: 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0007 pack_type3: 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 frag_len : 0048 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000a auth_len : 0000 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 000c call_id : 00000001 >[2005/03/31 14:07:40, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) > unmarshall_rpc_header: using little-endian RPC >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) > unmarshall_rpc_header: type = 11, flags = 3 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) > write_to_pipe: data_used = 0 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) > write_to_pipe: data_left = 56 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 56, incoming data = 56 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(720) > process_complete_pdu: processing packet type 11 >[2005/03/31 14:07:40, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(876) > api_pipe_bind_req: decode request. 876 >[2005/03/31 14:07:40, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(887) > api_pipe_bind_req: \PIPE\winreg -> \PIPE\winreg >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_rb >[2005/03/31 14:07:40, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_bba >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0000 max_tsize: 10b8 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0002 max_rsize: 10b8 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0004 assoc_gid: 00000000 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0008 num_elements: 00000001 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000c context_id : 0000 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 000e num_syntaxes: 01 >[2005/03/31 14:07:40, 6] rpc_parse/parse_prs.c:prs_debug(82) > 00000f smb_io_rpc_iface >[2005/03/31 14:07:40, 7] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_uuid uuid >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0010 data : 338cd001 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0014 data : 2244 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0016 data : 31f1 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8s(729) > 0018 data : aa aa >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8s(729) > 001a data : 90 00 38 00 10 03 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0020 version: 00000001 >[2005/03/31 14:07:40, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000024 smb_io_rpc_iface >[2005/03/31 14:07:40, 7] rpc_parse/parse_prs.c:prs_debug(82) > 000024 smb_io_uuid uuid >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0024 data : 8a885d04 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0028 data : 1ceb >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 002a data : 11c9 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8s(729) > 002c data : 9f e8 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8s(729) > 002e data : 08 00 2b 10 48 60 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0034 version: 00000002 >[2005/03/31 14:07:40, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1017) > api_pipe_bind_req: make response. 1017 >[2005/03/31 14:07:40, 3] rpc_server/srv_pipe.c:check_bind_req(762) > check_bind_req for \PIPE\winreg >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_ba >[2005/03/31 14:07:40, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_bba >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0000 max_tsize: 10b8 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0002 max_rsize: 10b8 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0004 assoc_gid: 000053f0 >[2005/03/31 14:07:40, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000008 smb_io_rpc_addr_str >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 len: 000d >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8s(729) > 000a str: \PIPE\winreg. >[2005/03/31 14:07:40, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000017 smb_io_rpc_results >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0018 num_results: 01 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 001c result : 0000 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 001e reason : 0000 >[2005/03/31 14:07:40, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000020 smb_io_rpc_iface >[2005/03/31 14:07:40, 7] rpc_parse/parse_prs.c:prs_debug(82) > 000020 smb_io_uuid uuid >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0020 data : 8a885d04 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0024 data : 1ceb >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0026 data : 11c9 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8s(729) > 0028 data : 9f e8 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8s(729) > 002a data : 08 00 2b 10 48 60 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0030 version: 00000002 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0000 major : 05 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0001 minor : 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0002 pkt_type : 0c >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0003 flags : 03 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0004 pack_type0: 10 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0005 pack_type1: 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0006 pack_type2: 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0007 pack_type3: 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 frag_len : 0044 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000a auth_len : 0000 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 000c call_id : 00000001 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) > write_to_pipe: data_used = 56 >[2005/03/31 14:07:40, 3] smbd/pipes.c:reply_pipe_write_and_X(199) > writeX-IPC pnum=73a9 nwritten=72 >[2005/03/31 14:07:40, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:40, 5] lib/util.c:show_msg(474) > size=47 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=704 > smt_wct=6 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 72 (0x48) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_bcc=0 >[2005/03/31 14:07:40, 6] lib/util_sock.c:write_socket(449) > write_socket(25,51) >[2005/03/31 14:07:40, 6] lib/util_sock.c:write_socket(452) > write_socket(25,51) wrote 51 >[2005/03/31 14:07:40, 10] lib/util_sock.c:read_smb_length_return_keepalive(505) > got smb length of 59 >[2005/03/31 14:07:40, 6] smbd/process.c:process_smb(1090) > got message type 0x0 of len 0x3b >[2005/03/31 14:07:40, 3] smbd/process.c:process_smb(1091) > Transaction 12 of length 63 >[2005/03/31 14:07:40, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:40, 5] lib/util.c:show_msg(474) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=768 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=29609 (0x73A9) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 1024 (0x400) > smb_vwv[ 6]= 1024 (0x400) > smb_vwv[ 7]=65535 (0xFFFF) > smb_vwv[ 8]=65535 (0xFFFF) > smb_vwv[ 9]= 1024 (0x400) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2005/03/31 14:07:40, 3] smbd/process.c:switch_message(886) > switch message SMBreadX (pid 20948) conn 0x8333888 >[2005/03/31 14:07:40, 4] smbd/uid.c:change_to_user(194) > change_to_user: Skipping user change - already user >[2005/03/31 14:07:40, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1168) > search for pipe pnum=73a9 >[2005/03/31 14:07:40, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) > pipe name winreg pnum=73a9 (pipes_open=2) >[2005/03/31 14:07:40, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) > pipe name lsarpc pnum=73a8 (pipes_open=2) >[2005/03/31 14:07:40, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(909) > read_from_pipe: 73a9 name: winreg len: 1024 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(968) > read_from_pipe: winreg: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. >[2005/03/31 14:07:40, 3] smbd/pipes.c:reply_pipe_read_and_X(242) > readX-IPC pnum=73a9 min=1024 max=1024 nread=68 >[2005/03/31 14:07:40, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:40, 5] lib/util.c:show_msg(474) > size=127 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=768 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 68 (0x44) > smb_vwv[ 6]= 59 (0x3B) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=68 >[2005/03/31 14:07:40, 10] lib/util.c:dump_data(1995) > [000] 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 00 ........ D....... > [010] B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 5C .....S.. ..\PIPE\ > [020] 77 69 6E 72 65 67 00 00 01 00 00 00 00 00 00 00 winreg.. ........ > [030] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` > [040] 02 00 00 00 .... >[2005/03/31 14:07:40, 6] lib/util_sock.c:write_socket(449) > write_socket(25,131) >[2005/03/31 14:07:40, 6] lib/util_sock.c:write_socket(452) > write_socket(25,131) wrote 131 >[2005/03/31 14:07:40, 10] lib/util_sock.c:read_smb_length_return_keepalive(505) > got smb length of 120 >[2005/03/31 14:07:40, 6] smbd/process.c:process_smb(1090) > got message type 0x0 of len 0x78 >[2005/03/31 14:07:40, 3] smbd/process.c:process_smb(1091) > Transaction 13 of length 124 >[2005/03/31 14:07:40, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:40, 5] lib/util.c:show_msg(474) > size=120 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=824 > smb_uid=100 > smb_mid=832 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 36 (0x24) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 36 (0x24) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29609 (0x73A9) > smb_bcc=53 >[2005/03/31 14:07:40, 10] lib/util.c:dump_data(1995) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 24 00 00 00 01 00 00 ........ .$...... > [020] 00 0C 00 00 00 00 00 02 00 08 F5 14 01 F8 46 01 ........ ......F. > [030] 00 00 00 00 02 ..... >[2005/03/31 14:07:40, 3] smbd/process.c:switch_message(886) > switch message SMBtrans (pid 20948) conn 0x8333888 >[2005/03/31 14:07:40, 4] smbd/uid.c:change_to_user(194) > change_to_user: Skipping user change - already user >[2005/03/31 14:07:40, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=36 params=0 setup=2 >[2005/03/31 14:07:40, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2005/03/31 14:07:40, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2005/03/31 14:07:40, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2005/03/31 14:07:40, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1168) > search for pipe pnum=73a9 >[2005/03/31 14:07:40, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) > pipe name winreg pnum=73a9 (pipes_open=2) >[2005/03/31 14:07:40, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) > pipe name lsarpc pnum=73a8 (pipes_open=2) >[2005/03/31 14:07:40, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "winreg" (pnum 73a9) >[2005/03/31 14:07:40, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x830eed8 max_trans_reply: 1024 >[2005/03/31 14:07:40, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(852) > write_to_pipe: 73a9 name: winreg open: Yes len: 36 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) > write_to_pipe: data_left = 36 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 36 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) > fill_rpc_header: data_to_copy = 36, len_needed_to_complete_hdr = 16, receive_len = 0 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) > write_to_pipe: data_used = 16 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) > write_to_pipe: data_left = 20 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 20 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0000 major : 05 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0001 minor : 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0002 pkt_type : 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0003 flags : 03 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0004 pack_type0: 10 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0005 pack_type1: 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0006 pack_type2: 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0007 pack_type3: 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 frag_len : 0024 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000a auth_len : 0000 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 000c call_id : 00000001 >[2005/03/31 14:07:40, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) > unmarshall_rpc_header: using little-endian RPC >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) > unmarshall_rpc_header: type = 0, flags = 3 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) > write_to_pipe: data_used = 0 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) > write_to_pipe: data_left = 20 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 20, incoming data = 20 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(720) > process_complete_pdu: processing packet type 0 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0000 alloc_hint: 0000000c >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0004 context_id: 0000 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0006 opnum : 0002 >[2005/03/31 14:07:40, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) > free_pipe_context: destroying talloc pool of size 0 >[2005/03/31 14:07:40, 5] rpc_server/srv_pipe.c:api_pipe_request(1497) > Requested \PIPE\winreg >[2005/03/31 14:07:40, 4] rpc_server/srv_pipe.c:api_rpcTNP(1531) > api_rpcTNP: winreg op 0x2 - api_rpcTNP: rpc command: REG_OPEN_HKLM >[2005/03/31 14:07:40, 6] rpc_server/srv_pipe.c:api_rpcTNP(1557) > api_rpc_cmds[3].fn == 0x80ff280 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 reg_io_q_open_hklm >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0000 ptr : 0114f508 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0004 unknown_0: 46f8 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0006 unknown_1: 0001 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0008 access_mask: 02000000 >[2005/03/31 14:07:40, 7] rpc_server/srv_reg_nt.c:open_registry_key(92) > open_registry_key: name = [NULL][HKLM] >[2005/03/31 14:07:40, 10] registry/reg_cachehook.c:reghook_cache_find(95) > reghook_cache_find: Searching for keyname [/HKLM] >[2005/03/31 14:07:40, 10] lib/adt_tree.c:pathtree_find(388) > pathtree_find: Enter [/HKLM] >[2005/03/31 14:07:40, 10] lib/adt_tree.c:pathtree_find(460) > pathtree_find: Exit >[2005/03/31 14:07:40, 10] registry/reg_db.c:regdb_fetch_reg_keys(245) > regdb_fetch_reg_keys: Enter key => [HKLM] >[2005/03/31 14:07:40, 10] registry/reg_db.c:regdb_fetch_reg_keys(272) > regdb_fetch_reg_keys: Exit [1] items >[2005/03/31 14:07:40, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) > Opened policy hnd[1] [000] 00 00 00 00 02 00 00 00 00 00 00 00 7C 4A 4C 42 ........ ....|JLB > [010] D4 51 00 00 .Q.. >[2005/03/31 14:07:40, 7] rpc_server/srv_reg_nt.c:open_registry_key(164) > open_registry_key: exit >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 reg_io_r_open_hklm >[2005/03/31 14:07:40, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0000 data1: 00000000 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0004 data2: 00000002 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 data3: 0000 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000a data4: 0000 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8s(729) > 000c data5: 7c 4a 4c 42 d4 51 00 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_werror(702) > 0014 status: WERR_OK >[2005/03/31 14:07:40, 5] rpc_server/srv_pipe.c:api_rpcTNP(1578) > api_rpcTNP: called winreg successfully >[2005/03/31 14:07:40, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) > free_pipe_context: destroying talloc pool of size 0 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) > write_to_pipe: data_used = 20 >[2005/03/31 14:07:40, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(909) > read_from_pipe: 73a9 name: winreg len: 1024 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(982) > read_from_pipe: winreg: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr hdr >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0000 major : 05 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0001 minor : 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0002 pkt_type : 02 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0003 flags : 03 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0004 pack_type0: 10 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0005 pack_type1: 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0006 pack_type2: 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0007 pack_type3: 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 frag_len : 0030 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000a auth_len : 0000 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 000c call_id : 00000001 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0010 alloc_hint: 00000018 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0014 context_id: 0000 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0016 cancel_ct : 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0017 reserved : 00 >[2005/03/31 14:07:40, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..48] >[2005/03/31 14:07:40, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:40, 5] lib/util.c:show_msg(474) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=824 > smb_uid=100 > smb_mid=832 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2005/03/31 14:07:40, 10] lib/util.c:dump_data(1995) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 01 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 02 00 00 ........ ........ > [020] 00 00 00 00 00 7C 4A 4C 42 D4 51 00 00 00 00 00 .....|JL B.Q..... > [030] 00 . >[2005/03/31 14:07:40, 6] lib/util_sock.c:write_socket(449) > write_socket(25,108) >[2005/03/31 14:07:40, 6] lib/util_sock.c:write_socket(452) > write_socket(25,108) wrote 108 >[2005/03/31 14:07:40, 10] lib/util_sock.c:read_smb_length_return_keepalive(505) > got smb length of 268 >[2005/03/31 14:07:40, 6] smbd/process.c:process_smb(1090) > got message type 0x0 of len 0x10c >[2005/03/31 14:07:40, 3] smbd/process.c:process_smb(1091) > Transaction 14 of length 272 >[2005/03/31 14:07:40, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:40, 5] lib/util.c:show_msg(474) > size=268 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=824 > smb_uid=100 > smb_mid=896 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 184 (0xB8) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 184 (0xB8) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29609 (0x73A9) > smb_bcc=201 >[2005/03/31 14:07:40, 10] lib/util.c:dump_data(1995) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 B8 00 00 00 02 00 00 ........ ........ > [020] 00 A0 00 00 00 00 00 0F 00 00 00 00 00 02 00 00 ........ ........ > [030] 00 00 00 00 00 7C 4A 4C 42 D4 51 00 00 6E 00 6E .....|JL B.Q..n.n > [040] 00 30 7A E5 76 37 00 00 00 00 00 00 00 37 00 00 .0z.v7.. .....7.. > [050] 00 53 00 79 00 73 00 74 00 65 00 6D 00 5C 00 43 .S.y.s.t .e.m.\.C > [060] 00 75 00 72 00 72 00 65 00 6E 00 74 00 43 00 6F .u.r.r.e .n.t.C.o > [070] 00 6E 00 74 00 72 00 6F 00 6C 00 53 00 65 00 74 .n.t.r.o .l.S.e.t > [080] 00 5C 00 73 00 65 00 72 00 76 00 69 00 63 00 65 .\.s.e.r .v.i.c.e > [090] 00 73 00 5C 00 4E 00 65 00 74 00 6C 00 6F 00 67 .s.\.N.e .t.l.o.g > [0A0] 00 6F 00 6E 00 5C 00 70 00 61 00 72 00 61 00 6D .o.n.\.p .a.r.a.m > [0B0] 00 65 00 74 00 65 00 72 00 73 00 5C 00 00 00 00 .e.t.e.r .s.\.... > [0C0] 00 00 00 00 00 19 00 02 00 ........ . >[2005/03/31 14:07:40, 3] smbd/process.c:switch_message(886) > switch message SMBtrans (pid 20948) conn 0x8333888 >[2005/03/31 14:07:40, 4] smbd/uid.c:change_to_user(194) > change_to_user: Skipping user change - already user >[2005/03/31 14:07:40, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=184 params=0 setup=2 >[2005/03/31 14:07:40, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2005/03/31 14:07:40, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2005/03/31 14:07:40, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2005/03/31 14:07:40, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1168) > search for pipe pnum=73a9 >[2005/03/31 14:07:40, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) > pipe name winreg pnum=73a9 (pipes_open=2) >[2005/03/31 14:07:40, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) > pipe name lsarpc pnum=73a8 (pipes_open=2) >[2005/03/31 14:07:40, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "winreg" (pnum 73a9) >[2005/03/31 14:07:40, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x830eed8 max_trans_reply: 1024 >[2005/03/31 14:07:40, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(852) > write_to_pipe: 73a9 name: winreg open: Yes len: 184 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) > write_to_pipe: data_left = 184 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 184 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) > fill_rpc_header: data_to_copy = 184, len_needed_to_complete_hdr = 16, receive_len = 0 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) > write_to_pipe: data_used = 16 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) > write_to_pipe: data_left = 168 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 168 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0000 major : 05 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0001 minor : 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0002 pkt_type : 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0003 flags : 03 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0004 pack_type0: 10 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0005 pack_type1: 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0006 pack_type2: 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0007 pack_type3: 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 frag_len : 00b8 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000a auth_len : 0000 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 000c call_id : 00000002 >[2005/03/31 14:07:40, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) > unmarshall_rpc_header: using little-endian RPC >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) > unmarshall_rpc_header: type = 0, flags = 3 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) > write_to_pipe: data_used = 0 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) > write_to_pipe: data_left = 168 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 168, incoming data = 168 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(720) > process_complete_pdu: processing packet type 0 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0000 alloc_hint: 000000a0 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0004 context_id: 0000 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0006 opnum : 000f >[2005/03/31 14:07:40, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) > free_pipe_context: destroying talloc pool of size 0 >[2005/03/31 14:07:40, 5] rpc_server/srv_pipe.c:api_pipe_request(1497) > Requested \PIPE\winreg >[2005/03/31 14:07:40, 4] rpc_server/srv_pipe.c:api_rpcTNP(1531) > api_rpcTNP: winreg op 0xf - api_rpcTNP: rpc command: REG_OPEN_ENTRY >[2005/03/31 14:07:40, 6] rpc_server/srv_pipe.c:api_rpcTNP(1557) > api_rpc_cmds[1].fn == 0x80ff3e0 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 reg_io_q_entry >[2005/03/31 14:07:40, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0000 data1: 00000000 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0004 data2: 00000002 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 data3: 0000 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000a data4: 0000 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8s(729) > 000c data5: 7c 4a 4c 42 d4 51 00 00 >[2005/03/31 14:07:40, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000014 smb_io_unihdr >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0014 uni_str_len: 006e >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0016 uni_max_len: 006e >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0018 buffer : 76e57a30 >[2005/03/31 14:07:40, 6] rpc_parse/parse_prs.c:prs_debug(82) > 00001c smb_io_unistr2 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 001c uni_max_len: 00000037 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0020 offset : 00000000 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0024 uni_str_len: 00000037 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:dbg_rw_punival(814) > 0028 buffer : S.y.s.t.e.m.\.C.u.r.r.e.n.t.C.o.n.t.r.o.l.S.e.t.\.s.e.r.v.i.c.e.s.\.N.e.t.l.o.g.o.n.\.p.a.r.a.m.e.t.e.r.s.\... >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0098 unknown_0 : 00000000 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 009c access_desired : 00020019 >[2005/03/31 14:07:40, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 02 00 00 00 00 00 00 00 7C 4A 4C 42 ........ ....|JLB > [010] D4 51 00 00 .Q.. >[2005/03/31 14:07:40, 5] rpc_server/srv_reg_nt.c:_reg_open_entry(326) > reg_open_entry: Enter >[2005/03/31 14:07:40, 7] rpc_server/srv_reg_nt.c:open_registry_key(92) > open_registry_key: name = [HKLM][System\CurrentControlSet\services\Netlogon\parameters\] >[2005/03/31 14:07:40, 10] registry/reg_cachehook.c:reghook_cache_find(95) > reghook_cache_find: Searching for keyname [/HKLM/System/CurrentControlSet/services/Netlogon/parameters] >[2005/03/31 14:07:40, 10] lib/adt_tree.c:pathtree_find(388) > pathtree_find: Enter [/HKLM/System/CurrentControlSet/services/Netlogon/parameters] >[2005/03/31 14:07:40, 10] lib/adt_tree.c:pathtree_find(460) > pathtree_find: Exit >[2005/03/31 14:07:40, 10] registry/reg_db.c:regdb_fetch_reg_keys(245) > regdb_fetch_reg_keys: Enter key => [HKLM\System\CurrentControlSet\services\Netlogon\parameters] >[2005/03/31 14:07:40, 10] registry/reg_db.c:regdb_fetch_reg_keys(272) > regdb_fetch_reg_keys: Exit [0] items >[2005/03/31 14:07:40, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) > Opened policy hnd[2] [000] 00 00 00 00 03 00 00 00 00 00 00 00 7C 4A 4C 42 ........ ....|JLB > [010] D4 51 00 00 .Q.. >[2005/03/31 14:07:40, 7] rpc_server/srv_reg_nt.c:open_registry_key(164) > open_registry_key: exit >[2005/03/31 14:07:40, 5] rpc_server/srv_reg_nt.c:_reg_open_entry(337) > reg_open_entry: Exit >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 reg_io_r_open_entry >[2005/03/31 14:07:40, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0000 data1: 00000000 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0004 data2: 00000003 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 data3: 0000 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000a data4: 0000 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8s(729) > 000c data5: 7c 4a 4c 42 d4 51 00 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_werror(702) > 0014 status: WERR_OK >[2005/03/31 14:07:40, 5] rpc_server/srv_pipe.c:api_rpcTNP(1578) > api_rpcTNP: called winreg successfully >[2005/03/31 14:07:40, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) > free_pipe_context: destroying talloc pool of size 110 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) > write_to_pipe: data_used = 168 >[2005/03/31 14:07:40, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(909) > read_from_pipe: 73a9 name: winreg len: 1024 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(982) > read_from_pipe: winreg: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr hdr >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0000 major : 05 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0001 minor : 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0002 pkt_type : 02 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0003 flags : 03 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0004 pack_type0: 10 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0005 pack_type1: 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0006 pack_type2: 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0007 pack_type3: 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 frag_len : 0030 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000a auth_len : 0000 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 000c call_id : 00000002 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0010 alloc_hint: 00000018 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0014 context_id: 0000 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0016 cancel_ct : 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0017 reserved : 00 >[2005/03/31 14:07:40, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..48] >[2005/03/31 14:07:40, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:40, 5] lib/util.c:show_msg(474) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=824 > smb_uid=100 > smb_mid=896 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2005/03/31 14:07:40, 10] lib/util.c:dump_data(1995) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 02 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 03 00 00 ........ ........ > [020] 00 00 00 00 00 7C 4A 4C 42 D4 51 00 00 00 00 00 .....|JL B.Q..... > [030] 00 . >[2005/03/31 14:07:40, 6] lib/util_sock.c:write_socket(449) > write_socket(25,108) >[2005/03/31 14:07:40, 6] lib/util_sock.c:write_socket(452) > write_socket(25,108) wrote 108 >[2005/03/31 14:07:40, 10] lib/util_sock.c:read_smb_length_return_keepalive(505) > got smb length of 232 >[2005/03/31 14:07:40, 6] smbd/process.c:process_smb(1090) > got message type 0x0 of len 0xe8 >[2005/03/31 14:07:40, 3] smbd/process.c:process_smb(1091) > Transaction 15 of length 236 >[2005/03/31 14:07:40, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:40, 5] lib/util.c:show_msg(474) > size=232 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=824 > smb_uid=100 > smb_mid=960 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 148 (0x94) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 148 (0x94) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29609 (0x73A9) > smb_bcc=165 >[2005/03/31 14:07:40, 10] lib/util.c:dump_data(1995) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 94 00 00 00 03 00 00 ........ ........ > [020] 00 7C 00 00 00 00 00 11 00 00 00 00 00 03 00 00 .|...... ........ > [030] 00 00 00 00 00 7C 4A 4C 42 D4 51 00 00 2A 00 2A .....|JL B.Q..*.* > [040] 00 04 7A E5 76 15 00 00 00 00 00 00 00 15 00 00 ..z.v... ........ > [050] 00 52 00 65 00 66 00 75 00 73 00 65 00 50 00 61 .R.e.f.u .s.e.P.a > [060] 00 73 00 73 00 77 00 6F 00 72 00 64 00 43 00 68 .s.s.w.o .r.d.C.h > [070] 00 61 00 6E 00 67 00 65 00 00 00 53 00 64 F5 14 .a.n.g.e ...S.d.. > [080] 01 94 F5 14 01 94 F5 14 01 04 00 00 00 00 00 00 ........ ........ > [090] 00 00 00 00 00 5C F5 14 01 04 00 00 00 54 F5 14 .....\.. .....T.. > [0A0] 01 00 00 00 00 ..... >[2005/03/31 14:07:40, 3] smbd/process.c:switch_message(886) > switch message SMBtrans (pid 20948) conn 0x8333888 >[2005/03/31 14:07:40, 4] smbd/uid.c:change_to_user(194) > change_to_user: Skipping user change - already user >[2005/03/31 14:07:40, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=148 params=0 setup=2 >[2005/03/31 14:07:40, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2005/03/31 14:07:40, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2005/03/31 14:07:40, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2005/03/31 14:07:40, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1168) > search for pipe pnum=73a9 >[2005/03/31 14:07:40, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) > pipe name winreg pnum=73a9 (pipes_open=2) >[2005/03/31 14:07:40, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) > pipe name lsarpc pnum=73a8 (pipes_open=2) >[2005/03/31 14:07:40, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "winreg" (pnum 73a9) >[2005/03/31 14:07:40, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x830eed8 max_trans_reply: 1024 >[2005/03/31 14:07:40, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(852) > write_to_pipe: 73a9 name: winreg open: Yes len: 148 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) > write_to_pipe: data_left = 148 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 148 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) > fill_rpc_header: data_to_copy = 148, len_needed_to_complete_hdr = 16, receive_len = 0 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) > write_to_pipe: data_used = 16 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) > write_to_pipe: data_left = 132 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 132 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0000 major : 05 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0001 minor : 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0002 pkt_type : 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0003 flags : 03 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0004 pack_type0: 10 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0005 pack_type1: 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0006 pack_type2: 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0007 pack_type3: 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 frag_len : 0094 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000a auth_len : 0000 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 000c call_id : 00000003 >[2005/03/31 14:07:40, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) > unmarshall_rpc_header: using little-endian RPC >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) > unmarshall_rpc_header: type = 0, flags = 3 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) > write_to_pipe: data_used = 0 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) > write_to_pipe: data_left = 132 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 132, incoming data = 132 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(720) > process_complete_pdu: processing packet type 0 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0000 alloc_hint: 0000007c >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0004 context_id: 0000 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0006 opnum : 0011 >[2005/03/31 14:07:40, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) > free_pipe_context: destroying talloc pool of size 0 >[2005/03/31 14:07:40, 5] rpc_server/srv_pipe.c:api_pipe_request(1497) > Requested \PIPE\winreg >[2005/03/31 14:07:40, 4] rpc_server/srv_pipe.c:api_rpcTNP(1531) > api_rpcTNP: winreg op 0x11 - api_rpcTNP: rpc command: REG_INFO >[2005/03/31 14:07:40, 6] rpc_server/srv_pipe.c:api_rpcTNP(1557) > api_rpc_cmds[8].fn == 0x80feee0 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 reg_io_q_info >[2005/03/31 14:07:40, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0000 data1: 00000000 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0004 data2: 00000003 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 data3: 0000 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000a data4: 0000 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8s(729) > 000c data5: 7c 4a 4c 42 d4 51 00 00 >[2005/03/31 14:07:40, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000014 smb_io_unihdr >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0014 uni_str_len: 002a >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0016 uni_max_len: 002a >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0018 buffer : 76e57a04 >[2005/03/31 14:07:40, 6] rpc_parse/parse_prs.c:prs_debug(82) > 00001c smb_io_unistr2 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 001c uni_max_len: 00000015 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0020 offset : 00000000 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0024 uni_str_len: 00000015 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:dbg_rw_punival(814) > 0028 buffer : R.e.f.u.s.e.P.a.s.s.w.o.r.d.C.h.a.n.g.e... >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0054 ptr_reserved: 0114f564 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0058 ptr_buf: 0114f594 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 005c ptr_bufsize: 0114f594 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0060 bufsize: 00000004 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0064 buf_unk: 00000000 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0068 unk1: 00000000 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 006c ptr_buflen: 0114f55c >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0070 buflen: 00000004 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0074 ptr_buflen2: 0114f554 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0078 buflen2: 00000000 >[2005/03/31 14:07:40, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 03 00 00 00 00 00 00 00 7C 4A 4C 42 ........ ....|JLB > [010] D4 51 00 00 .Q.. >[2005/03/31 14:07:40, 5] rpc_server/srv_reg_nt.c:_reg_info(358) > _reg_info: Enter >[2005/03/31 14:07:40, 7] rpc_server/srv_reg_nt.c:_reg_info(363) > _reg_info: policy key name = [HKLM\System\CurrentControlSet\services\Netlogon\parameters] >[2005/03/31 14:07:40, 5] rpc_server/srv_reg_nt.c:_reg_info(367) > reg_info: looking up value: [RefusePasswordChange] >[2005/03/31 14:07:40, 10] lib/account_pol.c:account_policy_get(210) > account_policy_get: refuse machine password change:0 >[2005/03/31 14:07:40, 5] rpc_server/srv_reg_nt.c:_reg_info(447) > _reg_info: Exit >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 reg_io_r_info >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0000 ptr_type: 00000001 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0004 type: 00000004 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0008 ptr_uni_val: 00000001 >[2005/03/31 14:07:40, 6] rpc_parse/parse_prs.c:prs_debug(82) > 00000c smb_io_buffer2 uni_val >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 000c uni_max_len: 00000004 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0010 offset : 00000000 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0014 buf_len : 00000004 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:dbg_rw_punival(814) > 0018 buffer : .... >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 001c ptr_max_len: 00000001 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0020 buf_max_len: 00000004 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0024 ptr_len: 00000001 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0028 buf_len: 00000004 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_werror(702) > 002c status: WERR_OK >[2005/03/31 14:07:40, 5] rpc_server/srv_pipe.c:api_rpcTNP(1578) > api_rpcTNP: called winreg successfully >[2005/03/31 14:07:40, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) > free_pipe_context: destroying talloc pool of size 46 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) > write_to_pipe: data_used = 132 >[2005/03/31 14:07:40, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(909) > read_from_pipe: 73a9 name: winreg len: 1024 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(982) > read_from_pipe: winreg: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 48. >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr hdr >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0000 major : 05 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0001 minor : 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0002 pkt_type : 02 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0003 flags : 03 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0004 pack_type0: 10 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0005 pack_type1: 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0006 pack_type2: 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0007 pack_type3: 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 frag_len : 0048 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000a auth_len : 0000 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 000c call_id : 00000003 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0010 alloc_hint: 00000030 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0014 context_id: 0000 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0016 cancel_ct : 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0017 reserved : 00 >[2005/03/31 14:07:40, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..72] >[2005/03/31 14:07:40, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:40, 5] lib/util.c:show_msg(474) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=824 > smb_uid=100 > smb_mid=960 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 72 (0x48) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 72 (0x48) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=73 >[2005/03/31 14:07:40, 10] lib/util.c:dump_data(1995) > [000] 00 05 00 02 03 10 00 00 00 48 00 00 00 03 00 00 ........ .H...... > [010] 00 30 00 00 00 00 00 00 00 01 00 00 00 04 00 00 .0...... ........ > [020] 00 01 00 00 00 04 00 00 00 00 00 00 00 04 00 00 ........ ........ > [030] 00 00 00 00 00 01 00 00 00 04 00 00 00 01 00 00 ........ ........ > [040] 00 04 00 00 00 00 00 00 00 ........ . >[2005/03/31 14:07:40, 6] lib/util_sock.c:write_socket(449) > write_socket(25,132) >[2005/03/31 14:07:40, 6] lib/util_sock.c:write_socket(452) > write_socket(25,132) wrote 132 >[2005/03/31 14:07:40, 10] lib/util_sock.c:read_smb_length_return_keepalive(505) > got smb length of 128 >[2005/03/31 14:07:40, 6] smbd/process.c:process_smb(1090) > got message type 0x0 of len 0x80 >[2005/03/31 14:07:40, 3] smbd/process.c:process_smb(1091) > Transaction 16 of length 132 >[2005/03/31 14:07:40, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:40, 5] lib/util.c:show_msg(474) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=824 > smb_uid=100 > smb_mid=1024 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29609 (0x73A9) > smb_bcc=61 >[2005/03/31 14:07:40, 10] lib/util.c:dump_data(1995) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 04 00 00 ........ .,...... > [020] 00 14 00 00 00 00 00 05 00 00 00 00 00 03 00 00 ........ ........ > [030] 00 00 00 00 00 7C 4A 4C 42 D4 51 00 00 .....|JL B.Q.. >[2005/03/31 14:07:40, 3] smbd/process.c:switch_message(886) > switch message SMBtrans (pid 20948) conn 0x8333888 >[2005/03/31 14:07:40, 4] smbd/uid.c:change_to_user(194) > change_to_user: Skipping user change - already user >[2005/03/31 14:07:40, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=44 params=0 setup=2 >[2005/03/31 14:07:40, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2005/03/31 14:07:40, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2005/03/31 14:07:40, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2005/03/31 14:07:40, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1168) > search for pipe pnum=73a9 >[2005/03/31 14:07:40, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) > pipe name winreg pnum=73a9 (pipes_open=2) >[2005/03/31 14:07:40, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) > pipe name lsarpc pnum=73a8 (pipes_open=2) >[2005/03/31 14:07:40, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "winreg" (pnum 73a9) >[2005/03/31 14:07:40, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x830eed8 max_trans_reply: 1024 >[2005/03/31 14:07:40, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(852) > write_to_pipe: 73a9 name: winreg open: Yes len: 44 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) > write_to_pipe: data_left = 44 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) > fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) > write_to_pipe: data_used = 16 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) > write_to_pipe: data_left = 28 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0000 major : 05 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0001 minor : 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0002 pkt_type : 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0003 flags : 03 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0004 pack_type0: 10 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0005 pack_type1: 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0006 pack_type2: 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0007 pack_type3: 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 frag_len : 002c >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000a auth_len : 0000 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 000c call_id : 00000004 >[2005/03/31 14:07:40, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) > unmarshall_rpc_header: using little-endian RPC >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) > unmarshall_rpc_header: type = 0, flags = 3 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) > write_to_pipe: data_used = 0 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) > write_to_pipe: data_left = 28 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 28, incoming data = 28 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(720) > process_complete_pdu: processing packet type 0 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0000 alloc_hint: 00000014 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0004 context_id: 0000 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0006 opnum : 0005 >[2005/03/31 14:07:40, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) > free_pipe_context: destroying talloc pool of size 0 >[2005/03/31 14:07:40, 5] rpc_server/srv_pipe.c:api_pipe_request(1497) > Requested \PIPE\winreg >[2005/03/31 14:07:40, 4] rpc_server/srv_pipe.c:api_rpcTNP(1531) > api_rpcTNP: winreg op 0x5 - api_rpcTNP: rpc command: REG_CLOSE >[2005/03/31 14:07:40, 6] rpc_server/srv_pipe.c:api_rpcTNP(1557) > api_rpc_cmds[0].fn == 0x80ff480 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 reg_io_q_close >[2005/03/31 14:07:40, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0000 data1: 00000000 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0004 data2: 00000003 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 data3: 0000 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000a data4: 0000 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8s(729) > 000c data5: 7c 4a 4c 42 d4 51 00 00 >[2005/03/31 14:07:40, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 03 00 00 00 00 00 00 00 7C 4A 4C 42 ........ ....|JLB > [010] D4 51 00 00 .Q.. >[2005/03/31 14:07:40, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 03 00 00 00 00 00 00 00 7C 4A 4C 42 ........ ....|JLB > [010] D4 51 00 00 .Q.. >[2005/03/31 14:07:40, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) > Closed policy >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 reg_io_r_close >[2005/03/31 14:07:40, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0000 data1: 00000000 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0004 data2: 00000000 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 data3: 0000 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000a data4: 0000 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8s(729) > 000c data5: 00 00 00 00 00 00 00 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_werror(702) > 0014 status: WERR_OK >[2005/03/31 14:07:40, 5] rpc_server/srv_pipe.c:api_rpcTNP(1578) > api_rpcTNP: called winreg successfully >[2005/03/31 14:07:40, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) > free_pipe_context: destroying talloc pool of size 0 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) > write_to_pipe: data_used = 28 >[2005/03/31 14:07:40, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(909) > read_from_pipe: 73a9 name: winreg len: 1024 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(982) > read_from_pipe: winreg: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr hdr >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0000 major : 05 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0001 minor : 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0002 pkt_type : 02 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0003 flags : 03 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0004 pack_type0: 10 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0005 pack_type1: 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0006 pack_type2: 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0007 pack_type3: 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 frag_len : 0030 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000a auth_len : 0000 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 000c call_id : 00000004 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0010 alloc_hint: 00000018 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0014 context_id: 0000 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0016 cancel_ct : 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0017 reserved : 00 >[2005/03/31 14:07:40, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..48] >[2005/03/31 14:07:40, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:40, 5] lib/util.c:show_msg(474) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=824 > smb_uid=100 > smb_mid=1024 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2005/03/31 14:07:40, 10] lib/util.c:dump_data(1995) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 04 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [030] 00 . >[2005/03/31 14:07:40, 6] lib/util_sock.c:write_socket(449) > write_socket(25,108) >[2005/03/31 14:07:40, 6] lib/util_sock.c:write_socket(452) > write_socket(25,108) wrote 108 >[2005/03/31 14:07:40, 10] lib/util_sock.c:read_smb_length_return_keepalive(505) > got smb length of 128 >[2005/03/31 14:07:40, 6] smbd/process.c:process_smb(1090) > got message type 0x0 of len 0x80 >[2005/03/31 14:07:40, 3] smbd/process.c:process_smb(1091) > Transaction 17 of length 132 >[2005/03/31 14:07:40, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:40, 5] lib/util.c:show_msg(474) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=824 > smb_uid=100 > smb_mid=1088 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29609 (0x73A9) > smb_bcc=61 >[2005/03/31 14:07:40, 10] lib/util.c:dump_data(1995) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 05 00 00 ........ .,...... > [020] 00 14 00 00 00 00 00 05 00 00 00 00 00 02 00 00 ........ ........ > [030] 00 00 00 00 00 7C 4A 4C 42 D4 51 00 00 .....|JL B.Q.. >[2005/03/31 14:07:40, 3] smbd/process.c:switch_message(886) > switch message SMBtrans (pid 20948) conn 0x8333888 >[2005/03/31 14:07:40, 4] smbd/uid.c:change_to_user(194) > change_to_user: Skipping user change - already user >[2005/03/31 14:07:40, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=44 params=0 setup=2 >[2005/03/31 14:07:40, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2005/03/31 14:07:40, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2005/03/31 14:07:40, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2005/03/31 14:07:40, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1168) > search for pipe pnum=73a9 >[2005/03/31 14:07:40, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) > pipe name winreg pnum=73a9 (pipes_open=2) >[2005/03/31 14:07:40, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) > pipe name lsarpc pnum=73a8 (pipes_open=2) >[2005/03/31 14:07:40, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "winreg" (pnum 73a9) >[2005/03/31 14:07:40, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x830eed8 max_trans_reply: 1024 >[2005/03/31 14:07:40, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(852) > write_to_pipe: 73a9 name: winreg open: Yes len: 44 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) > write_to_pipe: data_left = 44 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) > fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) > write_to_pipe: data_used = 16 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) > write_to_pipe: data_left = 28 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0000 major : 05 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0001 minor : 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0002 pkt_type : 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0003 flags : 03 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0004 pack_type0: 10 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0005 pack_type1: 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0006 pack_type2: 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0007 pack_type3: 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 frag_len : 002c >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000a auth_len : 0000 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 000c call_id : 00000005 >[2005/03/31 14:07:40, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) > unmarshall_rpc_header: using little-endian RPC >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) > unmarshall_rpc_header: type = 0, flags = 3 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) > write_to_pipe: data_used = 0 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) > write_to_pipe: data_left = 28 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 28, incoming data = 28 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(720) > process_complete_pdu: processing packet type 0 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0000 alloc_hint: 00000014 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0004 context_id: 0000 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0006 opnum : 0005 >[2005/03/31 14:07:40, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) > free_pipe_context: destroying talloc pool of size 0 >[2005/03/31 14:07:40, 5] rpc_server/srv_pipe.c:api_pipe_request(1497) > Requested \PIPE\winreg >[2005/03/31 14:07:40, 4] rpc_server/srv_pipe.c:api_rpcTNP(1531) > api_rpcTNP: winreg op 0x5 - api_rpcTNP: rpc command: REG_CLOSE >[2005/03/31 14:07:40, 6] rpc_server/srv_pipe.c:api_rpcTNP(1557) > api_rpc_cmds[0].fn == 0x80ff480 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 reg_io_q_close >[2005/03/31 14:07:40, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0000 data1: 00000000 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0004 data2: 00000002 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 data3: 0000 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000a data4: 0000 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8s(729) > 000c data5: 7c 4a 4c 42 d4 51 00 00 >[2005/03/31 14:07:40, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 02 00 00 00 00 00 00 00 7C 4A 4C 42 ........ ....|JLB > [010] D4 51 00 00 .Q.. >[2005/03/31 14:07:40, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 02 00 00 00 00 00 00 00 7C 4A 4C 42 ........ ....|JLB > [010] D4 51 00 00 .Q.. >[2005/03/31 14:07:40, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) > Closed policy >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 reg_io_r_close >[2005/03/31 14:07:40, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0000 data1: 00000000 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0004 data2: 00000000 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 data3: 0000 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000a data4: 0000 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8s(729) > 000c data5: 00 00 00 00 00 00 00 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_werror(702) > 0014 status: WERR_OK >[2005/03/31 14:07:40, 5] rpc_server/srv_pipe.c:api_rpcTNP(1578) > api_rpcTNP: called winreg successfully >[2005/03/31 14:07:40, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) > free_pipe_context: destroying talloc pool of size 0 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) > write_to_pipe: data_used = 28 >[2005/03/31 14:07:40, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(909) > read_from_pipe: 73a9 name: winreg len: 1024 >[2005/03/31 14:07:40, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(982) > read_from_pipe: winreg: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr hdr >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0000 major : 05 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0001 minor : 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0002 pkt_type : 02 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0003 flags : 03 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0004 pack_type0: 10 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0005 pack_type1: 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0006 pack_type2: 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0007 pack_type3: 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 frag_len : 0030 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000a auth_len : 0000 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 000c call_id : 00000005 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0010 alloc_hint: 00000018 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0014 context_id: 0000 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0016 cancel_ct : 00 >[2005/03/31 14:07:40, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0017 reserved : 00 >[2005/03/31 14:07:40, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..48] >[2005/03/31 14:07:40, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:40, 5] lib/util.c:show_msg(474) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=824 > smb_uid=100 > smb_mid=1088 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2005/03/31 14:07:40, 10] lib/util.c:dump_data(1995) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 05 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [030] 00 . >[2005/03/31 14:07:40, 6] lib/util_sock.c:write_socket(449) > write_socket(25,108) >[2005/03/31 14:07:40, 6] lib/util_sock.c:write_socket(452) > write_socket(25,108) wrote 108 >[2005/03/31 14:07:40, 10] lib/util_sock.c:read_smb_length_return_keepalive(505) > got smb length of 41 >[2005/03/31 14:07:40, 6] smbd/process.c:process_smb(1090) > got message type 0x0 of len 0x29 >[2005/03/31 14:07:40, 3] smbd/process.c:process_smb(1091) > Transaction 18 of length 45 >[2005/03/31 14:07:40, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:40, 5] lib/util.c:show_msg(474) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=1152 > smt_wct=3 > smb_vwv[ 0]=29609 (0x73A9) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2005/03/31 14:07:40, 3] smbd/process.c:switch_message(886) > switch message SMBclose (pid 20948) conn 0x8333888 >[2005/03/31 14:07:40, 4] smbd/uid.c:change_to_user(194) > change_to_user: Skipping user change - already user >[2005/03/31 14:07:40, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1168) > search for pipe pnum=73a9 >[2005/03/31 14:07:40, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) > pipe name winreg pnum=73a9 (pipes_open=2) >[2005/03/31 14:07:40, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) > pipe name lsarpc pnum=73a8 (pipes_open=2) >[2005/03/31 14:07:40, 5] smbd/pipes.c:reply_pipe_close(260) > reply_pipe_close: pnum:73a9 >[2005/03/31 14:07:40, 10] rpc_server/srv_lsa_hnd.c:close_policy_by_pipe(235) > close_policy_by_pipe: deleted handle list for pipe winreg >[2005/03/31 14:07:40, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1081) > closed pipe name winreg pnum=73a9 (pipes_open=1) >[2005/03/31 14:07:40, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:40, 5] lib/util.c:show_msg(474) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=1152 > smt_wct=0 > smb_bcc=0 >[2005/03/31 14:07:40, 6] lib/util_sock.c:write_socket(449) > write_socket(25,39) >[2005/03/31 14:07:40, 6] lib/util_sock.c:write_socket(452) > write_socket(25,39) wrote 39 >[2005/03/31 14:07:41, 10] lib/util_sock.c:read_smb_length_return_keepalive(505) > got smb length of 96 >[2005/03/31 14:07:41, 6] smbd/process.c:process_smb(1090) > got message type 0x0 of len 0x60 >[2005/03/31 14:07:41, 3] smbd/process.c:process_smb(1091) > Transaction 19 of length 100 >[2005/03/31 14:07:41, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:41, 5] lib/util.c:show_msg(474) > size=96 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=824 > smb_uid=100 > smb_mid=1216 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 2560 (0xA00) > smb_vwv[ 3]= 5632 (0x1600) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 513 (0x201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 768 (0x300) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]=16384 (0x4000) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 768 (0x300) > smb_bcc=13 >[2005/03/31 14:07:41, 10] lib/util.c:dump_data(1995) > [000] 00 5C 00 73 00 61 00 6D 00 72 00 00 00 .\.s.a.m .r... >[2005/03/31 14:07:41, 3] smbd/process.c:switch_message(886) > switch message SMBntcreateX (pid 20948) conn 0x8333888 >[2005/03/31 14:07:41, 4] smbd/uid.c:change_to_user(194) > change_to_user: Skipping user change - already user >[2005/03/31 14:07:41, 10] smbd/nttrans.c:reply_ntcreate_and_X(607) > reply_ntcreateX: flags = 0x16, desired_access = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0 >[2005/03/31 14:07:41, 4] smbd/nttrans.c:nt_open_pipe(497) > nt_open_pipe: Opening pipe \samr. >[2005/03/31 14:07:41, 3] smbd/nttrans.c:nt_open_pipe(514) > nt_open_pipe: Known pipe samr opening. >[2005/03/31 14:07:41, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(178) > Open pipe requested samr (pipes_open=1) >[2005/03/31 14:07:41, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(205) > open_rpc_pipe_p: name lsarpc pnum=73a8 >[2005/03/31 14:07:41, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(278) > Create pipe requested samr >[2005/03/31 14:07:41, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93) > init_pipe_handles: pipe_handles ref count = 2 for pipe samr >[2005/03/31 14:07:41, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(370) > Created internal pipe samr (pipes_open=1) >[2005/03/31 14:07:41, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(257) > Opened pipe samr with handle 73aa (pipes_open=2) >[2005/03/31 14:07:41, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(263) > open pipes: name samr pnum=73aa >[2005/03/31 14:07:41, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(263) > open pipes: name lsarpc pnum=73a8 >[2005/03/31 14:07:41, 5] smbd/nttrans.c:do_ntcreate_pipe_open(562) > do_ntcreate_pipe_open: open pipe = \samr >[2005/03/31 14:07:41, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:41, 5] lib/util.c:show_msg(474) > size=103 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=824 > smb_uid=100 > smb_mid=1216 > smt_wct=34 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]=43520 (0xAA00) > smb_vwv[ 3]= 371 (0x173) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 0 (0x0) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 0 (0x0) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]=32768 (0x8000) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_vwv[24]= 0 (0x0) > smb_vwv[25]= 0 (0x0) > smb_vwv[26]= 0 (0x0) > smb_vwv[27]= 0 (0x0) > smb_vwv[28]= 0 (0x0) > smb_vwv[29]= 0 (0x0) > smb_vwv[30]= 0 (0x0) > smb_vwv[31]= 512 (0x200) > smb_vwv[32]=65280 (0xFF00) > smb_vwv[33]= 5 (0x5) > smb_bcc=0 >[2005/03/31 14:07:41, 6] lib/util_sock.c:write_socket(449) > write_socket(25,107) >[2005/03/31 14:07:41, 6] lib/util_sock.c:write_socket(452) > write_socket(25,107) wrote 107 >[2005/03/31 14:07:41, 10] lib/util_sock.c:read_smb_length_return_keepalive(505) > got smb length of 136 >[2005/03/31 14:07:41, 6] smbd/process.c:process_smb(1090) > got message type 0x0 of len 0x88 >[2005/03/31 14:07:41, 3] smbd/process.c:process_smb(1091) > Transaction 20 of length 140 >[2005/03/31 14:07:41, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:41, 5] lib/util.c:show_msg(474) > size=136 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=1280 > smt_wct=14 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=29610 (0x73AA) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]=65535 (0xFFFF) > smb_vwv[ 6]=65535 (0xFFFF) > smb_vwv[ 7]= 8 (0x8) > smb_vwv[ 8]= 72 (0x48) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 72 (0x48) > smb_vwv[11]= 64 (0x40) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_bcc=73 >[2005/03/31 14:07:41, 10] lib/util.c:dump_data(1995) > [000] EE 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... > [010] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ > [020] 00 78 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 .xW4.4.. ....#Eg. > [030] AC 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ > [040] 00 2B 10 48 60 02 00 00 00 .+.H`... . >[2005/03/31 14:07:41, 3] smbd/process.c:switch_message(886) > switch message SMBwriteX (pid 20948) conn 0x8333888 >[2005/03/31 14:07:41, 4] smbd/uid.c:change_to_user(194) > change_to_user: Skipping user change - already user >[2005/03/31 14:07:41, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1168) > search for pipe pnum=73aa >[2005/03/31 14:07:41, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) > pipe name samr pnum=73aa (pipes_open=2) >[2005/03/31 14:07:41, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) > pipe name lsarpc pnum=73a8 (pipes_open=2) >[2005/03/31 14:07:41, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(852) > write_to_pipe: 73aa name: samr open: Yes len: 72 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) > write_to_pipe: data_left = 72 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) > fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) > write_to_pipe: data_used = 16 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) > write_to_pipe: data_left = 56 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0000 major : 05 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0001 minor : 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0002 pkt_type : 0b >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0003 flags : 03 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0004 pack_type0: 10 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0005 pack_type1: 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0006 pack_type2: 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0007 pack_type3: 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 frag_len : 0048 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000a auth_len : 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 000c call_id : 00000001 >[2005/03/31 14:07:41, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) > unmarshall_rpc_header: using little-endian RPC >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) > unmarshall_rpc_header: type = 11, flags = 3 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) > write_to_pipe: data_used = 0 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) > write_to_pipe: data_left = 56 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 56, incoming data = 56 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(720) > process_complete_pdu: processing packet type 11 >[2005/03/31 14:07:41, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(876) > api_pipe_bind_req: decode request. 876 >[2005/03/31 14:07:41, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(887) > api_pipe_bind_req: \PIPE\samr -> \PIPE\lsass >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_rb >[2005/03/31 14:07:41, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_bba >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0000 max_tsize: 10b8 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0002 max_rsize: 10b8 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0004 assoc_gid: 00000000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0008 num_elements: 00000001 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000c context_id : 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 000e num_syntaxes: 01 >[2005/03/31 14:07:41, 6] rpc_parse/parse_prs.c:prs_debug(82) > 00000f smb_io_rpc_iface >[2005/03/31 14:07:41, 7] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_uuid uuid >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0010 data : 12345778 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0014 data : 1234 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0016 data : abcd >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8s(729) > 0018 data : ef 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8s(729) > 001a data : 01 23 45 67 89 ac >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0020 version: 00000001 >[2005/03/31 14:07:41, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000024 smb_io_rpc_iface >[2005/03/31 14:07:41, 7] rpc_parse/parse_prs.c:prs_debug(82) > 000024 smb_io_uuid uuid >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0024 data : 8a885d04 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0028 data : 1ceb >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 002a data : 11c9 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8s(729) > 002c data : 9f e8 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8s(729) > 002e data : 08 00 2b 10 48 60 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0034 version: 00000002 >[2005/03/31 14:07:41, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1017) > api_pipe_bind_req: make response. 1017 >[2005/03/31 14:07:41, 3] rpc_server/srv_pipe.c:check_bind_req(762) > check_bind_req for \PIPE\samr >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_ba >[2005/03/31 14:07:41, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_bba >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0000 max_tsize: 10b8 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0002 max_rsize: 10b8 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0004 assoc_gid: 000053f0 >[2005/03/31 14:07:41, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000008 smb_io_rpc_addr_str >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 len: 000c >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8s(729) > 000a str: \PIPE\lsass. >[2005/03/31 14:07:41, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000016 smb_io_rpc_results >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0018 num_results: 01 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 001c result : 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 001e reason : 0000 >[2005/03/31 14:07:41, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000020 smb_io_rpc_iface >[2005/03/31 14:07:41, 7] rpc_parse/parse_prs.c:prs_debug(82) > 000020 smb_io_uuid uuid >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0020 data : 8a885d04 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0024 data : 1ceb >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0026 data : 11c9 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8s(729) > 0028 data : 9f e8 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8s(729) > 002a data : 08 00 2b 10 48 60 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0030 version: 00000002 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0000 major : 05 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0001 minor : 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0002 pkt_type : 0c >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0003 flags : 03 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0004 pack_type0: 10 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0005 pack_type1: 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0006 pack_type2: 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0007 pack_type3: 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 frag_len : 0044 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000a auth_len : 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 000c call_id : 00000001 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) > write_to_pipe: data_used = 56 >[2005/03/31 14:07:41, 3] smbd/pipes.c:reply_pipe_write_and_X(199) > writeX-IPC pnum=73aa nwritten=72 >[2005/03/31 14:07:41, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:41, 5] lib/util.c:show_msg(474) > size=47 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=1280 > smt_wct=6 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 72 (0x48) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_bcc=0 >[2005/03/31 14:07:41, 6] lib/util_sock.c:write_socket(449) > write_socket(25,51) >[2005/03/31 14:07:41, 6] lib/util_sock.c:write_socket(452) > write_socket(25,51) wrote 51 >[2005/03/31 14:07:41, 10] lib/util_sock.c:read_smb_length_return_keepalive(505) > got smb length of 59 >[2005/03/31 14:07:41, 6] smbd/process.c:process_smb(1090) > got message type 0x0 of len 0x3b >[2005/03/31 14:07:41, 3] smbd/process.c:process_smb(1091) > Transaction 21 of length 63 >[2005/03/31 14:07:41, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:41, 5] lib/util.c:show_msg(474) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=1344 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=29610 (0x73AA) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 1024 (0x400) > smb_vwv[ 6]= 1024 (0x400) > smb_vwv[ 7]=65535 (0xFFFF) > smb_vwv[ 8]=65535 (0xFFFF) > smb_vwv[ 9]= 1024 (0x400) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2005/03/31 14:07:41, 3] smbd/process.c:switch_message(886) > switch message SMBreadX (pid 20948) conn 0x8333888 >[2005/03/31 14:07:41, 4] smbd/uid.c:change_to_user(194) > change_to_user: Skipping user change - already user >[2005/03/31 14:07:41, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1168) > search for pipe pnum=73aa >[2005/03/31 14:07:41, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) > pipe name samr pnum=73aa (pipes_open=2) >[2005/03/31 14:07:41, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) > pipe name lsarpc pnum=73a8 (pipes_open=2) >[2005/03/31 14:07:41, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(909) > read_from_pipe: 73aa name: samr len: 1024 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(968) > read_from_pipe: samr: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. >[2005/03/31 14:07:41, 3] smbd/pipes.c:reply_pipe_read_and_X(242) > readX-IPC pnum=73aa min=1024 max=1024 nread=68 >[2005/03/31 14:07:41, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:41, 5] lib/util.c:show_msg(474) > size=127 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=1344 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 68 (0x44) > smb_vwv[ 6]= 59 (0x3B) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=68 >[2005/03/31 14:07:41, 10] lib/util.c:dump_data(1995) > [000] 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 00 ........ D....... > [010] B8 10 B8 10 F0 53 00 00 0C 00 5C 50 49 50 45 5C .....S.. ..\PIPE\ > [020] 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 00 lsass... ........ > [030] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` > [040] 02 00 00 00 .... >[2005/03/31 14:07:41, 6] lib/util_sock.c:write_socket(449) > write_socket(25,131) >[2005/03/31 14:07:41, 6] lib/util_sock.c:write_socket(452) > write_socket(25,131) wrote 131 >[2005/03/31 14:07:41, 10] lib/util_sock.c:read_smb_length_return_keepalive(505) > got smb length of 164 >[2005/03/31 14:07:41, 6] smbd/process.c:process_smb(1090) > got message type 0x0 of len 0xa4 >[2005/03/31 14:07:41, 3] smbd/process.c:process_smb(1091) > Transaction 22 of length 168 >[2005/03/31 14:07:41, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:41, 5] lib/util.c:show_msg(474) > size=164 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=824 > smb_uid=100 > smb_mid=1408 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 80 (0x50) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 80 (0x50) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29610 (0x73AA) > smb_bcc=97 >[2005/03/31 14:07:41, 10] lib/util.c:dump_data(1995) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 50 00 00 00 01 00 00 ........ .P...... > [020] 00 38 00 00 00 00 00 40 00 90 C7 21 03 0A 00 00 .8.....@ ...!.... > [030] 00 00 00 00 00 0A 00 00 00 5C 00 5C 00 43 00 4F ........ .\.\.C.O > [040] 00 52 00 50 00 53 00 52 00 56 00 00 00 30 00 00 .R.P.S.R .V...0.. > [050] 00 01 00 00 00 01 00 00 00 03 00 00 00 00 00 00 ........ ........ > [060] 00 . >[2005/03/31 14:07:41, 3] smbd/process.c:switch_message(886) > switch message SMBtrans (pid 20948) conn 0x8333888 >[2005/03/31 14:07:41, 4] smbd/uid.c:change_to_user(194) > change_to_user: Skipping user change - already user >[2005/03/31 14:07:41, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=80 params=0 setup=2 >[2005/03/31 14:07:41, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2005/03/31 14:07:41, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2005/03/31 14:07:41, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2005/03/31 14:07:41, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1168) > search for pipe pnum=73aa >[2005/03/31 14:07:41, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) > pipe name samr pnum=73aa (pipes_open=2) >[2005/03/31 14:07:41, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) > pipe name lsarpc pnum=73a8 (pipes_open=2) >[2005/03/31 14:07:41, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "samr" (pnum 73aa) >[2005/03/31 14:07:41, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x830eed8 max_trans_reply: 1024 >[2005/03/31 14:07:41, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(852) > write_to_pipe: 73aa name: samr open: Yes len: 80 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) > write_to_pipe: data_left = 80 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 80 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) > fill_rpc_header: data_to_copy = 80, len_needed_to_complete_hdr = 16, receive_len = 0 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) > write_to_pipe: data_used = 16 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) > write_to_pipe: data_left = 64 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 64 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0000 major : 05 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0001 minor : 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0002 pkt_type : 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0003 flags : 03 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0004 pack_type0: 10 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0005 pack_type1: 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0006 pack_type2: 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0007 pack_type3: 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 frag_len : 0050 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000a auth_len : 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 000c call_id : 00000001 >[2005/03/31 14:07:41, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) > unmarshall_rpc_header: using little-endian RPC >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) > unmarshall_rpc_header: type = 0, flags = 3 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) > write_to_pipe: data_used = 0 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) > write_to_pipe: data_left = 64 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 64, incoming data = 64 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(720) > process_complete_pdu: processing packet type 0 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0000 alloc_hint: 00000038 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0004 context_id: 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0006 opnum : 0040 >[2005/03/31 14:07:41, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) > free_pipe_context: destroying talloc pool of size 0 >[2005/03/31 14:07:41, 5] rpc_server/srv_pipe.c:api_pipe_request(1497) > Requested \PIPE\samr >[2005/03/31 14:07:41, 4] rpc_server/srv_pipe.c:api_rpcTNP(1531) > api_rpcTNP: samr op 0x40 - unknown >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0000 major : 05 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0001 minor : 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0002 pkt_type : 03 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0003 flags : 23 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0004 pack_type0: 10 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0005 pack_type1: 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0006 pack_type2: 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0007 pack_type3: 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 frag_len : 0020 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000a auth_len : 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 000c call_id : 00000001 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0010 alloc_hint: 00000000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0014 context_id: 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0016 cancel_ct : 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0017 reserved : 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000018 smb_io_rpc_hdr_fault fault >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_ntstatus(672) > 0018 status : NT code 0x1c010002 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 001c reserved: 00000000 >[2005/03/31 14:07:41, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) > free_pipe_context: destroying talloc pool of size 0 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) > write_to_pipe: data_used = 64 >[2005/03/31 14:07:41, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(909) > read_from_pipe: 73aa name: samr len: 1024 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(968) > read_from_pipe: samr: current_pdu_len = 32, current_pdu_sent = 0 returning 32 bytes. >[2005/03/31 14:07:41, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..32] >[2005/03/31 14:07:41, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:41, 5] lib/util.c:show_msg(474) > size=88 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=824 > smb_uid=100 > smb_mid=1408 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 32 (0x20) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 32 (0x20) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=33 >[2005/03/31 14:07:41, 10] lib/util.c:dump_data(1995) > [000] 00 05 00 03 23 10 00 00 00 20 00 00 00 01 00 00 ....#... . ...... > [010] 00 00 00 00 00 00 00 00 00 02 00 01 1C 00 00 00 ........ ........ > [020] 00 . >[2005/03/31 14:07:41, 6] lib/util_sock.c:write_socket(449) > write_socket(25,92) >[2005/03/31 14:07:41, 6] lib/util_sock.c:write_socket(452) > write_socket(25,92) wrote 92 >[2005/03/31 14:07:41, 10] lib/util_sock.c:read_smb_length_return_keepalive(505) > got smb length of 41 >[2005/03/31 14:07:41, 6] smbd/process.c:process_smb(1090) > got message type 0x0 of len 0x29 >[2005/03/31 14:07:41, 3] smbd/process.c:process_smb(1091) > Transaction 23 of length 45 >[2005/03/31 14:07:41, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:41, 5] lib/util.c:show_msg(474) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=1472 > smt_wct=3 > smb_vwv[ 0]=29610 (0x73AA) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2005/03/31 14:07:41, 3] smbd/process.c:switch_message(886) > switch message SMBclose (pid 20948) conn 0x8333888 >[2005/03/31 14:07:41, 4] smbd/uid.c:change_to_user(194) > change_to_user: Skipping user change - already user >[2005/03/31 14:07:41, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1168) > search for pipe pnum=73aa >[2005/03/31 14:07:41, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) > pipe name samr pnum=73aa (pipes_open=2) >[2005/03/31 14:07:41, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) > pipe name lsarpc pnum=73a8 (pipes_open=2) >[2005/03/31 14:07:41, 5] smbd/pipes.c:reply_pipe_close(260) > reply_pipe_close: pnum:73aa >[2005/03/31 14:07:41, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1081) > closed pipe name samr pnum=73aa (pipes_open=1) >[2005/03/31 14:07:41, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:41, 5] lib/util.c:show_msg(474) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=1472 > smt_wct=0 > smb_bcc=0 >[2005/03/31 14:07:41, 6] lib/util_sock.c:write_socket(449) > write_socket(25,39) >[2005/03/31 14:07:41, 6] lib/util_sock.c:write_socket(452) > write_socket(25,39) wrote 39 >[2005/03/31 14:07:41, 10] lib/util_sock.c:read_smb_length_return_keepalive(505) > got smb length of 96 >[2005/03/31 14:07:41, 6] smbd/process.c:process_smb(1090) > got message type 0x0 of len 0x60 >[2005/03/31 14:07:41, 3] smbd/process.c:process_smb(1091) > Transaction 24 of length 100 >[2005/03/31 14:07:41, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:41, 5] lib/util.c:show_msg(474) > size=96 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=824 > smb_uid=100 > smb_mid=1536 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 2560 (0xA00) > smb_vwv[ 3]= 5632 (0x1600) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 513 (0x201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 768 (0x300) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]=16384 (0x4000) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 768 (0x300) > smb_bcc=13 >[2005/03/31 14:07:41, 10] lib/util.c:dump_data(1995) > [000] 00 5C 00 73 00 61 00 6D 00 72 00 00 00 .\.s.a.m .r... >[2005/03/31 14:07:41, 3] smbd/process.c:switch_message(886) > switch message SMBntcreateX (pid 20948) conn 0x8333888 >[2005/03/31 14:07:41, 4] smbd/uid.c:change_to_user(194) > change_to_user: Skipping user change - already user >[2005/03/31 14:07:41, 10] smbd/nttrans.c:reply_ntcreate_and_X(607) > reply_ntcreateX: flags = 0x16, desired_access = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0 >[2005/03/31 14:07:41, 4] smbd/nttrans.c:nt_open_pipe(497) > nt_open_pipe: Opening pipe \samr. >[2005/03/31 14:07:41, 3] smbd/nttrans.c:nt_open_pipe(514) > nt_open_pipe: Known pipe samr opening. >[2005/03/31 14:07:41, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(178) > Open pipe requested samr (pipes_open=1) >[2005/03/31 14:07:41, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(205) > open_rpc_pipe_p: name lsarpc pnum=73a8 >[2005/03/31 14:07:41, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(278) > Create pipe requested samr >[2005/03/31 14:07:41, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93) > init_pipe_handles: pipe_handles ref count = 2 for pipe samr >[2005/03/31 14:07:41, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(370) > Created internal pipe samr (pipes_open=1) >[2005/03/31 14:07:41, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(257) > Opened pipe samr with handle 73ab (pipes_open=2) >[2005/03/31 14:07:41, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(263) > open pipes: name samr pnum=73ab >[2005/03/31 14:07:41, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(263) > open pipes: name lsarpc pnum=73a8 >[2005/03/31 14:07:41, 5] smbd/nttrans.c:do_ntcreate_pipe_open(562) > do_ntcreate_pipe_open: open pipe = \samr >[2005/03/31 14:07:41, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:41, 5] lib/util.c:show_msg(474) > size=103 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=824 > smb_uid=100 > smb_mid=1536 > smt_wct=34 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]=43776 (0xAB00) > smb_vwv[ 3]= 371 (0x173) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 0 (0x0) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 0 (0x0) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]=32768 (0x8000) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_vwv[24]= 0 (0x0) > smb_vwv[25]= 0 (0x0) > smb_vwv[26]= 0 (0x0) > smb_vwv[27]= 0 (0x0) > smb_vwv[28]= 0 (0x0) > smb_vwv[29]= 0 (0x0) > smb_vwv[30]= 0 (0x0) > smb_vwv[31]= 512 (0x200) > smb_vwv[32]=65280 (0xFF00) > smb_vwv[33]= 5 (0x5) > smb_bcc=0 >[2005/03/31 14:07:41, 6] lib/util_sock.c:write_socket(449) > write_socket(25,107) >[2005/03/31 14:07:41, 6] lib/util_sock.c:write_socket(452) > write_socket(25,107) wrote 107 >[2005/03/31 14:07:41, 10] lib/util_sock.c:read_smb_length_return_keepalive(505) > got smb length of 136 >[2005/03/31 14:07:41, 6] smbd/process.c:process_smb(1090) > got message type 0x0 of len 0x88 >[2005/03/31 14:07:41, 3] smbd/process.c:process_smb(1091) > Transaction 25 of length 140 >[2005/03/31 14:07:41, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:41, 5] lib/util.c:show_msg(474) > size=136 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=1600 > smt_wct=14 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=29611 (0x73AB) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]=65535 (0xFFFF) > smb_vwv[ 6]=65535 (0xFFFF) > smb_vwv[ 7]= 8 (0x8) > smb_vwv[ 8]= 72 (0x48) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 72 (0x48) > smb_vwv[11]= 64 (0x40) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_bcc=73 >[2005/03/31 14:07:41, 10] lib/util.c:dump_data(1995) > [000] EE 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... > [010] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ > [020] 00 78 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 .xW4.4.. ....#Eg. > [030] AC 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ > [040] 00 2B 10 48 60 02 00 00 00 .+.H`... . >[2005/03/31 14:07:41, 3] smbd/process.c:switch_message(886) > switch message SMBwriteX (pid 20948) conn 0x8333888 >[2005/03/31 14:07:41, 4] smbd/uid.c:change_to_user(194) > change_to_user: Skipping user change - already user >[2005/03/31 14:07:41, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1168) > search for pipe pnum=73ab >[2005/03/31 14:07:41, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) > pipe name samr pnum=73ab (pipes_open=2) >[2005/03/31 14:07:41, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) > pipe name lsarpc pnum=73a8 (pipes_open=2) >[2005/03/31 14:07:41, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(852) > write_to_pipe: 73ab name: samr open: Yes len: 72 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) > write_to_pipe: data_left = 72 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) > fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) > write_to_pipe: data_used = 16 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) > write_to_pipe: data_left = 56 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0000 major : 05 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0001 minor : 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0002 pkt_type : 0b >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0003 flags : 03 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0004 pack_type0: 10 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0005 pack_type1: 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0006 pack_type2: 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0007 pack_type3: 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 frag_len : 0048 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000a auth_len : 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 000c call_id : 00000001 >[2005/03/31 14:07:41, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) > unmarshall_rpc_header: using little-endian RPC >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) > unmarshall_rpc_header: type = 11, flags = 3 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) > write_to_pipe: data_used = 0 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) > write_to_pipe: data_left = 56 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 56, incoming data = 56 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(720) > process_complete_pdu: processing packet type 11 >[2005/03/31 14:07:41, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(876) > api_pipe_bind_req: decode request. 876 >[2005/03/31 14:07:41, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(887) > api_pipe_bind_req: \PIPE\samr -> \PIPE\lsass >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_rb >[2005/03/31 14:07:41, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_bba >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0000 max_tsize: 10b8 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0002 max_rsize: 10b8 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0004 assoc_gid: 00000000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0008 num_elements: 00000001 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000c context_id : 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 000e num_syntaxes: 01 >[2005/03/31 14:07:41, 6] rpc_parse/parse_prs.c:prs_debug(82) > 00000f smb_io_rpc_iface >[2005/03/31 14:07:41, 7] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_uuid uuid >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0010 data : 12345778 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0014 data : 1234 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0016 data : abcd >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8s(729) > 0018 data : ef 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8s(729) > 001a data : 01 23 45 67 89 ac >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0020 version: 00000001 >[2005/03/31 14:07:41, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000024 smb_io_rpc_iface >[2005/03/31 14:07:41, 7] rpc_parse/parse_prs.c:prs_debug(82) > 000024 smb_io_uuid uuid >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0024 data : 8a885d04 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0028 data : 1ceb >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 002a data : 11c9 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8s(729) > 002c data : 9f e8 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8s(729) > 002e data : 08 00 2b 10 48 60 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0034 version: 00000002 >[2005/03/31 14:07:41, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1017) > api_pipe_bind_req: make response. 1017 >[2005/03/31 14:07:41, 3] rpc_server/srv_pipe.c:check_bind_req(762) > check_bind_req for \PIPE\samr >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_ba >[2005/03/31 14:07:41, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_bba >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0000 max_tsize: 10b8 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0002 max_rsize: 10b8 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0004 assoc_gid: 000053f0 >[2005/03/31 14:07:41, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000008 smb_io_rpc_addr_str >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 len: 000c >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8s(729) > 000a str: \PIPE\lsass. >[2005/03/31 14:07:41, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000016 smb_io_rpc_results >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0018 num_results: 01 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 001c result : 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 001e reason : 0000 >[2005/03/31 14:07:41, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000020 smb_io_rpc_iface >[2005/03/31 14:07:41, 7] rpc_parse/parse_prs.c:prs_debug(82) > 000020 smb_io_uuid uuid >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0020 data : 8a885d04 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0024 data : 1ceb >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0026 data : 11c9 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8s(729) > 0028 data : 9f e8 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8s(729) > 002a data : 08 00 2b 10 48 60 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0030 version: 00000002 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0000 major : 05 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0001 minor : 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0002 pkt_type : 0c >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0003 flags : 03 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0004 pack_type0: 10 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0005 pack_type1: 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0006 pack_type2: 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0007 pack_type3: 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 frag_len : 0044 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000a auth_len : 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 000c call_id : 00000001 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) > write_to_pipe: data_used = 56 >[2005/03/31 14:07:41, 3] smbd/pipes.c:reply_pipe_write_and_X(199) > writeX-IPC pnum=73ab nwritten=72 >[2005/03/31 14:07:41, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:41, 5] lib/util.c:show_msg(474) > size=47 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=1600 > smt_wct=6 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 72 (0x48) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_bcc=0 >[2005/03/31 14:07:41, 6] lib/util_sock.c:write_socket(449) > write_socket(25,51) >[2005/03/31 14:07:41, 6] lib/util_sock.c:write_socket(452) > write_socket(25,51) wrote 51 >[2005/03/31 14:07:41, 10] lib/util_sock.c:read_smb_length_return_keepalive(505) > got smb length of 59 >[2005/03/31 14:07:41, 6] smbd/process.c:process_smb(1090) > got message type 0x0 of len 0x3b >[2005/03/31 14:07:41, 3] smbd/process.c:process_smb(1091) > Transaction 26 of length 63 >[2005/03/31 14:07:41, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:41, 5] lib/util.c:show_msg(474) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=1664 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=29611 (0x73AB) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 1024 (0x400) > smb_vwv[ 6]= 1024 (0x400) > smb_vwv[ 7]=65535 (0xFFFF) > smb_vwv[ 8]=65535 (0xFFFF) > smb_vwv[ 9]= 1024 (0x400) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2005/03/31 14:07:41, 3] smbd/process.c:switch_message(886) > switch message SMBreadX (pid 20948) conn 0x8333888 >[2005/03/31 14:07:41, 4] smbd/uid.c:change_to_user(194) > change_to_user: Skipping user change - already user >[2005/03/31 14:07:41, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1168) > search for pipe pnum=73ab >[2005/03/31 14:07:41, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) > pipe name samr pnum=73ab (pipes_open=2) >[2005/03/31 14:07:41, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) > pipe name lsarpc pnum=73a8 (pipes_open=2) >[2005/03/31 14:07:41, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(909) > read_from_pipe: 73ab name: samr len: 1024 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(968) > read_from_pipe: samr: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. >[2005/03/31 14:07:41, 3] smbd/pipes.c:reply_pipe_read_and_X(242) > readX-IPC pnum=73ab min=1024 max=1024 nread=68 >[2005/03/31 14:07:41, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:41, 5] lib/util.c:show_msg(474) > size=127 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=1664 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 68 (0x44) > smb_vwv[ 6]= 59 (0x3B) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=68 >[2005/03/31 14:07:41, 10] lib/util.c:dump_data(1995) > [000] 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 00 ........ D....... > [010] B8 10 B8 10 F0 53 00 00 0C 00 5C 50 49 50 45 5C .....S.. ..\PIPE\ > [020] 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 00 lsass... ........ > [030] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` > [040] 02 00 00 00 .... >[2005/03/31 14:07:41, 6] lib/util_sock.c:write_socket(449) > write_socket(25,131) >[2005/03/31 14:07:41, 6] lib/util_sock.c:write_socket(452) > write_socket(25,131) wrote 131 >[2005/03/31 14:07:41, 10] lib/util_sock.c:read_smb_length_return_keepalive(505) > got smb length of 152 >[2005/03/31 14:07:41, 6] smbd/process.c:process_smb(1090) > got message type 0x0 of len 0x98 >[2005/03/31 14:07:41, 3] smbd/process.c:process_smb(1091) > Transaction 27 of length 156 >[2005/03/31 14:07:41, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:41, 5] lib/util.c:show_msg(474) > size=152 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=824 > smb_uid=100 > smb_mid=1728 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 68 (0x44) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 68 (0x44) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29611 (0x73AB) > smb_bcc=85 >[2005/03/31 14:07:41, 10] lib/util.c:dump_data(1995) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... > [020] 00 2C 00 00 00 00 00 3E 00 90 C7 21 03 0A 00 00 .,.....> ...!.... > [030] 00 00 00 00 00 0A 00 00 00 5C 00 5C 00 43 00 4F ........ .\.\.C.O > [040] 00 52 00 50 00 53 00 52 00 56 00 00 00 02 00 00 .R.P.S.R .V...... > [050] 00 30 00 00 00 .0... >[2005/03/31 14:07:41, 3] smbd/process.c:switch_message(886) > switch message SMBtrans (pid 20948) conn 0x8333888 >[2005/03/31 14:07:41, 4] smbd/uid.c:change_to_user(194) > change_to_user: Skipping user change - already user >[2005/03/31 14:07:41, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=68 params=0 setup=2 >[2005/03/31 14:07:41, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2005/03/31 14:07:41, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2005/03/31 14:07:41, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2005/03/31 14:07:41, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1168) > search for pipe pnum=73ab >[2005/03/31 14:07:41, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) > pipe name samr pnum=73ab (pipes_open=2) >[2005/03/31 14:07:41, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) > pipe name lsarpc pnum=73a8 (pipes_open=2) >[2005/03/31 14:07:41, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "samr" (pnum 73ab) >[2005/03/31 14:07:41, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x830eed8 max_trans_reply: 1024 >[2005/03/31 14:07:41, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(852) > write_to_pipe: 73ab name: samr open: Yes len: 68 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) > write_to_pipe: data_left = 68 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 68 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) > fill_rpc_header: data_to_copy = 68, len_needed_to_complete_hdr = 16, receive_len = 0 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) > write_to_pipe: data_used = 16 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) > write_to_pipe: data_left = 52 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 52 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0000 major : 05 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0001 minor : 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0002 pkt_type : 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0003 flags : 03 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0004 pack_type0: 10 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0005 pack_type1: 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0006 pack_type2: 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0007 pack_type3: 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 frag_len : 0044 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000a auth_len : 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 000c call_id : 00000001 >[2005/03/31 14:07:41, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) > unmarshall_rpc_header: using little-endian RPC >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) > unmarshall_rpc_header: type = 0, flags = 3 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) > write_to_pipe: data_used = 0 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) > write_to_pipe: data_left = 52 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 52, incoming data = 52 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(720) > process_complete_pdu: processing packet type 0 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0000 alloc_hint: 0000002c >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0004 context_id: 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0006 opnum : 003e >[2005/03/31 14:07:41, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) > free_pipe_context: destroying talloc pool of size 0 >[2005/03/31 14:07:41, 5] rpc_server/srv_pipe.c:api_pipe_request(1497) > Requested \PIPE\samr >[2005/03/31 14:07:41, 4] rpc_server/srv_pipe.c:api_rpcTNP(1531) > api_rpcTNP: samr op 0x3e - api_rpcTNP: rpc command: SAMR_CONNECT4 >[2005/03/31 14:07:41, 6] rpc_server/srv_pipe.c:api_rpcTNP(1557) > api_rpc_cmds[47].fn == 0x8122cb0 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_q_connect4 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0000 ptr_srv_name: 0321c790 >[2005/03/31 14:07:41, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000004 smb_io_unistr2 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0004 uni_max_len: 0000000a >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0008 offset : 00000000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 000c uni_str_len: 0000000a >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:dbg_rw_punival(814) > 0010 buffer : \.\.C.O.R.P.S.R.V... >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0024 unk_0: 00000002 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0028 access_mask: 00000030 >[2005/03/31 14:07:41, 5] rpc_server/srv_samr_nt.c:_samr_connect4(2511) > _samr_connect4: 2511 >[2005/03/31 14:07:41, 10] lib/util_seaccess.c:se_access_check(234) > se_access_check: requested access 0x00000030, for NT token with 10 entries and first sid S-1-5-21-725326080-1709766072-2910717368-500. >[2005/03/31 14:07:41, 3] lib/util_seaccess.c:se_access_check(251) >[2005/03/31 14:07:41, 3] lib/util_seaccess.c:se_access_check(252) > se_access_check: user sid is S-1-5-21-725326080-1709766072-2910717368-500 > se_access_check: also S-1-5-21-725326080-1709766072-2910717368-513 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: also S-1-5-21-725326080-1709766072-2910717368-1001 > se_access_check: also S-1-5-21-725326080-1709766072-2910717368-1007 > se_access_check: also S-1-5-21-725326080-1709766072-2910717368-512 > se_access_check: also S-1-5-21-725326080-1709766072-2910717368-3041 > se_access_check: also S-1-5-21-725326080-1709766072-2910717368-3043 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20031, current desired = 30 >[2005/03/31 14:07:41, 5] lib/util_seaccess.c:se_access_check(309) > se_access_check: access (30) granted. >[2005/03/31 14:07:41, 4] rpc_server/srv_samr_nt.c:access_check_samr_object(189) > _samr_connect4: access GRANTED (requested: 0x00000030, granted: 0x00000030) >[2005/03/31 14:07:41, 10] rpc_server/srv_samr_nt.c:get_samr_info_by_sid(248) > get_samr_info_by_sid: created new info for sid (NULL) >[2005/03/31 14:07:41, 10] rpc_server/srv_samr_nt.c:get_samr_info_by_sid(252) > get_samr_info_by_sid: created new info for NULL sid. >[2005/03/31 14:07:41, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) > Opened policy hnd[2] [000] 00 00 00 00 04 00 00 00 00 00 00 00 7D 4A 4C 42 ........ ....}JLB > [010] D4 51 00 00 .Q.. >[2005/03/31 14:07:41, 5] rpc_server/srv_samr_nt.c:_samr_connect4(2543) > _samr_connect: 2543 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_r_connect4 >[2005/03/31 14:07:41, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd connect_pol >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0000 data1: 00000000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0004 data2: 00000004 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 data3: 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000a data4: 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8s(729) > 000c data5: 7d 4a 4c 42 d4 51 00 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_ntstatus(672) > 0014 status: NT_STATUS_OK >[2005/03/31 14:07:41, 5] rpc_server/srv_pipe.c:api_rpcTNP(1578) > api_rpcTNP: called samr successfully >[2005/03/31 14:07:41, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) > free_pipe_context: destroying talloc pool of size 976 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) > write_to_pipe: data_used = 52 >[2005/03/31 14:07:41, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(909) > read_from_pipe: 73ab name: samr len: 1024 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(982) > read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr hdr >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0000 major : 05 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0001 minor : 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0002 pkt_type : 02 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0003 flags : 03 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0004 pack_type0: 10 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0005 pack_type1: 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0006 pack_type2: 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0007 pack_type3: 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 frag_len : 0030 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000a auth_len : 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 000c call_id : 00000001 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0010 alloc_hint: 00000018 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0014 context_id: 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0016 cancel_ct : 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0017 reserved : 00 >[2005/03/31 14:07:41, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..48] >[2005/03/31 14:07:41, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:41, 5] lib/util.c:show_msg(474) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=824 > smb_uid=100 > smb_mid=1728 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2005/03/31 14:07:41, 10] lib/util.c:dump_data(1995) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 01 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 04 00 00 ........ ........ > [020] 00 00 00 00 00 7D 4A 4C 42 D4 51 00 00 00 00 00 .....}JL B.Q..... > [030] 00 . >[2005/03/31 14:07:41, 6] lib/util_sock.c:write_socket(449) > write_socket(25,108) >[2005/03/31 14:07:41, 6] lib/util_sock.c:write_socket(452) > write_socket(25,108) wrote 108 >[2005/03/31 14:07:41, 10] lib/util_sock.c:read_smb_length_return_keepalive(505) > got smb length of 136 >[2005/03/31 14:07:41, 6] smbd/process.c:process_smb(1090) > got message type 0x0 of len 0x88 >[2005/03/31 14:07:41, 3] smbd/process.c:process_smb(1091) > Transaction 28 of length 140 >[2005/03/31 14:07:41, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:41, 5] lib/util.c:show_msg(474) > size=136 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=824 > smb_uid=100 > smb_mid=1792 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 52 (0x34) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 52 (0x34) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29611 (0x73AB) > smb_bcc=69 >[2005/03/31 14:07:41, 10] lib/util.c:dump_data(1995) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 34 00 00 00 02 00 00 ........ .4...... > [020] 00 1C 00 00 00 00 00 06 00 00 00 00 00 04 00 00 ........ ........ > [030] 00 00 00 00 00 7D 4A 4C 42 D4 51 00 00 00 00 00 .....}JL B.Q..... > [040] 00 00 20 00 00 .. .. >[2005/03/31 14:07:41, 3] smbd/process.c:switch_message(886) > switch message SMBtrans (pid 20948) conn 0x8333888 >[2005/03/31 14:07:41, 4] smbd/uid.c:change_to_user(194) > change_to_user: Skipping user change - already user >[2005/03/31 14:07:41, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=52 params=0 setup=2 >[2005/03/31 14:07:41, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2005/03/31 14:07:41, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2005/03/31 14:07:41, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2005/03/31 14:07:41, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1168) > search for pipe pnum=73ab >[2005/03/31 14:07:41, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) > pipe name samr pnum=73ab (pipes_open=2) >[2005/03/31 14:07:41, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) > pipe name lsarpc pnum=73a8 (pipes_open=2) >[2005/03/31 14:07:41, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "samr" (pnum 73ab) >[2005/03/31 14:07:41, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x830eed8 max_trans_reply: 1024 >[2005/03/31 14:07:41, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(852) > write_to_pipe: 73ab name: samr open: Yes len: 52 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) > write_to_pipe: data_left = 52 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 52 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) > fill_rpc_header: data_to_copy = 52, len_needed_to_complete_hdr = 16, receive_len = 0 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) > write_to_pipe: data_used = 16 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) > write_to_pipe: data_left = 36 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 36 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0000 major : 05 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0001 minor : 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0002 pkt_type : 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0003 flags : 03 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0004 pack_type0: 10 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0005 pack_type1: 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0006 pack_type2: 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0007 pack_type3: 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 frag_len : 0034 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000a auth_len : 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 000c call_id : 00000002 >[2005/03/31 14:07:41, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) > unmarshall_rpc_header: using little-endian RPC >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) > unmarshall_rpc_header: type = 0, flags = 3 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) > write_to_pipe: data_used = 0 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) > write_to_pipe: data_left = 36 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 36, incoming data = 36 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(720) > process_complete_pdu: processing packet type 0 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0000 alloc_hint: 0000001c >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0004 context_id: 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0006 opnum : 0006 >[2005/03/31 14:07:41, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) > free_pipe_context: destroying talloc pool of size 0 >[2005/03/31 14:07:41, 5] rpc_server/srv_pipe.c:api_pipe_request(1497) > Requested \PIPE\samr >[2005/03/31 14:07:41, 4] rpc_server/srv_pipe.c:api_rpcTNP(1531) > api_rpcTNP: samr op 0x6 - api_rpcTNP: rpc command: SAMR_ENUM_DOMAINS >[2005/03/31 14:07:41, 6] rpc_server/srv_pipe.c:api_rpcTNP(1557) > api_rpc_cmds[3].fn == 0x8126a00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_q_enum_domains >[2005/03/31 14:07:41, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd pol >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0000 data1: 00000000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0004 data2: 00000004 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 data3: 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000a data4: 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8s(729) > 000c data5: 7d 4a 4c 42 d4 51 00 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0014 start_idx: 00000000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0018 max_size : 00002000 >[2005/03/31 14:07:41, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 04 00 00 00 00 00 00 00 7D 4A 4C 42 ........ ....}JLB > [010] D4 51 00 00 .Q.. >[2005/03/31 14:07:41, 5] rpc_server/srv_samr_nt.c:access_check_samr_function(201) > _samr_enum_domains: access check ((granted: 0x00000030; required: 0x00000010) >[2005/03/31 14:07:41, 5] rpc_server/srv_samr_nt.c:make_enum_domains(2598) > make_enum_domains >[2005/03/31 14:07:41, 10] rpc_parse/parse_samr.c:init_sam_entry(1291) > init_sam_entry: 0 >[2005/03/31 14:07:41, 10] rpc_parse/parse_samr.c:init_sam_entry(1291) > init_sam_entry: 0 >[2005/03/31 14:07:41, 5] rpc_parse/parse_samr.c:init_samr_r_enum_domains(3158) > init_samr_r_enum_domains >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_r_enum_domains >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0000 next_idx : 00000002 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0004 ptr_entries1: 00000001 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0008 num_entries2: 00000002 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 000c ptr_entries2: 00000001 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0010 num_entries3: 00000002 >[2005/03/31 14:07:41, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000014 sam_io_sam_entry dom[0] >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0014 rid: 00000000 >[2005/03/31 14:07:41, 7] rpc_parse/parse_prs.c:prs_debug(82) > 000018 smb_io_unihdr unihdr >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0018 uni_str_len: 0008 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 001a uni_max_len: 0008 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 001c buffer : 00000001 >[2005/03/31 14:07:41, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000020 sam_io_sam_entry dom[1] >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0020 rid: 00000000 >[2005/03/31 14:07:41, 7] rpc_parse/parse_prs.c:prs_debug(82) > 000024 smb_io_unihdr unihdr >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0024 uni_str_len: 000e >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0026 uni_max_len: 000e >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0028 buffer : 00000001 >[2005/03/31 14:07:41, 6] rpc_parse/parse_prs.c:prs_debug(82) > 00002c smb_io_unistr2 dom[0] >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 002c uni_max_len: 00000004 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0030 offset : 00000000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0034 uni_str_len: 00000004 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:dbg_rw_punival(814) > 0038 buffer : C.O.R.P. >[2005/03/31 14:07:41, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000040 smb_io_unistr2 dom[1] >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0040 uni_max_len: 00000007 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0044 offset : 00000000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0048 uni_str_len: 00000007 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:dbg_rw_punival(814) > 004c buffer : B.u.i.l.t.i.n. >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 005c num_entries4: 00000002 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_ntstatus(672) > 0060 status: NT_STATUS_OK >[2005/03/31 14:07:41, 5] rpc_server/srv_pipe.c:api_rpcTNP(1578) > api_rpcTNP: called samr successfully >[2005/03/31 14:07:41, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) > free_pipe_context: destroying talloc pool of size 82 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) > write_to_pipe: data_used = 36 >[2005/03/31 14:07:41, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(909) > read_from_pipe: 73ab name: samr len: 1024 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(982) > read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 100. >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr hdr >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0000 major : 05 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0001 minor : 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0002 pkt_type : 02 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0003 flags : 03 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0004 pack_type0: 10 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0005 pack_type1: 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0006 pack_type2: 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0007 pack_type3: 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 frag_len : 007c >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000a auth_len : 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 000c call_id : 00000002 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0010 alloc_hint: 00000064 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0014 context_id: 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0016 cancel_ct : 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0017 reserved : 00 >[2005/03/31 14:07:41, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..124] >[2005/03/31 14:07:41, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:41, 5] lib/util.c:show_msg(474) > size=180 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=824 > smb_uid=100 > smb_mid=1792 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 124 (0x7C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 124 (0x7C) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=125 >[2005/03/31 14:07:41, 10] lib/util.c:dump_data(1995) > [000] 00 05 00 02 03 10 00 00 00 7C 00 00 00 02 00 00 ........ .|...... > [010] 00 64 00 00 00 00 00 00 00 02 00 00 00 01 00 00 .d...... ........ > [020] 00 02 00 00 00 01 00 00 00 02 00 00 00 00 00 00 ........ ........ > [030] 00 08 00 08 00 01 00 00 00 00 00 00 00 0E 00 0E ........ ........ > [040] 00 01 00 00 00 04 00 00 00 00 00 00 00 04 00 00 ........ ........ > [050] 00 43 00 4F 00 52 00 50 00 07 00 00 00 00 00 00 .C.O.R.P ........ > [060] 00 07 00 00 00 42 00 75 00 69 00 6C 00 74 00 69 .....B.u .i.l.t.i > [070] 00 6E 00 00 00 02 00 00 00 00 00 00 00 .n...... ..... >[2005/03/31 14:07:41, 6] lib/util_sock.c:write_socket(449) > write_socket(25,184) >[2005/03/31 14:07:41, 6] lib/util_sock.c:write_socket(452) > write_socket(25,184) wrote 184 >[2005/03/31 14:07:41, 10] lib/util_sock.c:read_smb_length_return_keepalive(505) > got smb length of 156 >[2005/03/31 14:07:41, 6] smbd/process.c:process_smb(1090) > got message type 0x0 of len 0x9c >[2005/03/31 14:07:41, 3] smbd/process.c:process_smb(1091) > Transaction 29 of length 160 >[2005/03/31 14:07:41, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:41, 5] lib/util.c:show_msg(474) > size=156 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=824 > smb_uid=100 > smb_mid=1856 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 72 (0x48) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 72 (0x48) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29611 (0x73AB) > smb_bcc=89 >[2005/03/31 14:07:41, 10] lib/util.c:dump_data(1995) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 48 00 00 00 03 00 00 ........ .H...... > [020] 00 30 00 00 00 00 00 05 00 00 00 00 00 04 00 00 .0...... ........ > [030] 00 00 00 00 00 7D 4A 4C 42 D4 51 00 00 08 00 08 .....}JL B.Q..... > [040] 00 B0 E1 19 03 04 00 00 00 00 00 00 00 04 00 00 ........ ........ > [050] 00 43 00 4F 00 52 00 50 00 .C.O.R.P . >[2005/03/31 14:07:41, 3] smbd/process.c:switch_message(886) > switch message SMBtrans (pid 20948) conn 0x8333888 >[2005/03/31 14:07:41, 4] smbd/uid.c:change_to_user(194) > change_to_user: Skipping user change - already user >[2005/03/31 14:07:41, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=72 params=0 setup=2 >[2005/03/31 14:07:41, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2005/03/31 14:07:41, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2005/03/31 14:07:41, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2005/03/31 14:07:41, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1168) > search for pipe pnum=73ab >[2005/03/31 14:07:41, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) > pipe name samr pnum=73ab (pipes_open=2) >[2005/03/31 14:07:41, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) > pipe name lsarpc pnum=73a8 (pipes_open=2) >[2005/03/31 14:07:41, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "samr" (pnum 73ab) >[2005/03/31 14:07:41, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x830eed8 max_trans_reply: 1024 >[2005/03/31 14:07:41, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(852) > write_to_pipe: 73ab name: samr open: Yes len: 72 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) > write_to_pipe: data_left = 72 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) > fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) > write_to_pipe: data_used = 16 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) > write_to_pipe: data_left = 56 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0000 major : 05 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0001 minor : 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0002 pkt_type : 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0003 flags : 03 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0004 pack_type0: 10 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0005 pack_type1: 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0006 pack_type2: 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0007 pack_type3: 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 frag_len : 0048 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000a auth_len : 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 000c call_id : 00000003 >[2005/03/31 14:07:41, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) > unmarshall_rpc_header: using little-endian RPC >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) > unmarshall_rpc_header: type = 0, flags = 3 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) > write_to_pipe: data_used = 0 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) > write_to_pipe: data_left = 56 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 56, incoming data = 56 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(720) > process_complete_pdu: processing packet type 0 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0000 alloc_hint: 00000030 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0004 context_id: 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0006 opnum : 0005 >[2005/03/31 14:07:41, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) > free_pipe_context: destroying talloc pool of size 0 >[2005/03/31 14:07:41, 5] rpc_server/srv_pipe.c:api_pipe_request(1497) > Requested \PIPE\samr >[2005/03/31 14:07:41, 4] rpc_server/srv_pipe.c:api_rpcTNP(1531) > api_rpcTNP: samr op 0x5 - api_rpcTNP: rpc command: SAMR_LOOKUP_DOMAIN >[2005/03/31 14:07:41, 6] rpc_server/srv_pipe.c:api_rpcTNP(1557) > api_rpc_cmds[41].fn == 0x8123570 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_q_lookup_domain >[2005/03/31 14:07:41, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd connect_pol >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0000 data1: 00000000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0004 data2: 00000004 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 data3: 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000a data4: 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8s(729) > 000c data5: 7d 4a 4c 42 d4 51 00 00 >[2005/03/31 14:07:41, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000014 smb_io_unihdr hdr_domain >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0014 uni_str_len: 0008 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0016 uni_max_len: 0008 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0018 buffer : 0319e1b0 >[2005/03/31 14:07:41, 6] rpc_parse/parse_prs.c:prs_debug(82) > 00001c smb_io_unistr2 uni_domain >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 001c uni_max_len: 00000004 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0020 offset : 00000000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0024 uni_str_len: 00000004 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:dbg_rw_punival(814) > 0028 buffer : C.O.R.P. >[2005/03/31 14:07:41, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 04 00 00 00 00 00 00 00 7D 4A 4C 42 ........ ....}JLB > [010] D4 51 00 00 .Q.. >[2005/03/31 14:07:41, 5] rpc_server/srv_samr_nt.c:access_check_samr_function(201) > _samr_lookup_domain: access check ((granted: 0x00000030; required: 0x00000020) >[2005/03/31 14:07:41, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2580) > Returning domain sid for domain CORP -> S-1-5-21-725326080-1709766072-2910717368 >[2005/03/31 14:07:41, 5] rpc_parse/parse_samr.c:init_samr_r_lookup_domain(138) > init_samr_r_lookup_domain >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_r_lookup_domain >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0000 ptr: 00000001 >[2005/03/31 14:07:41, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000004 smb_io_dom_sid2 sid >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0004 num_auths: 00000004 >[2005/03/31 14:07:41, 7] rpc_parse/parse_prs.c:prs_debug(82) > 000008 smb_io_dom_sid sid >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0008 sid_rev_num: 01 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0009 num_auths : 04 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 000a id_auth[0] : 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 000b id_auth[1] : 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 000c id_auth[2] : 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 000d id_auth[3] : 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 000e id_auth[4] : 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 000f id_auth[5] : 05 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32s(869) > 0010 sub_auths : 00000015 2b3b9900 65e8f5b8 ad7e05b8 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_ntstatus(672) > 0020 status: NT_STATUS_OK >[2005/03/31 14:07:41, 5] rpc_server/srv_pipe.c:api_rpcTNP(1578) > api_rpcTNP: called samr successfully >[2005/03/31 14:07:41, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) > free_pipe_context: destroying talloc pool of size 8 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) > write_to_pipe: data_used = 56 >[2005/03/31 14:07:41, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(909) > read_from_pipe: 73ab name: samr len: 1024 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(982) > read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 36. >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr hdr >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0000 major : 05 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0001 minor : 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0002 pkt_type : 02 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0003 flags : 03 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0004 pack_type0: 10 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0005 pack_type1: 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0006 pack_type2: 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0007 pack_type3: 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 frag_len : 003c >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000a auth_len : 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 000c call_id : 00000003 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0010 alloc_hint: 00000024 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0014 context_id: 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0016 cancel_ct : 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0017 reserved : 00 >[2005/03/31 14:07:41, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..60] >[2005/03/31 14:07:41, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:41, 5] lib/util.c:show_msg(474) > size=116 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=824 > smb_uid=100 > smb_mid=1856 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 60 (0x3C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 60 (0x3C) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=61 >[2005/03/31 14:07:41, 10] lib/util.c:dump_data(1995) > [000] 00 05 00 02 03 10 00 00 00 3C 00 00 00 03 00 00 ........ .<...... > [010] 00 24 00 00 00 00 00 00 00 01 00 00 00 04 00 00 .$...... ........ > [020] 00 01 04 00 00 00 00 00 05 15 00 00 00 00 99 3B ........ .......; > [030] 2B B8 F5 E8 65 B8 05 7E AD 00 00 00 00 +...e..~ ..... >[2005/03/31 14:07:41, 6] lib/util_sock.c:write_socket(449) > write_socket(25,120) >[2005/03/31 14:07:41, 6] lib/util_sock.c:write_socket(452) > write_socket(25,120) wrote 120 >[2005/03/31 14:07:41, 10] lib/util_sock.c:read_smb_length_return_keepalive(505) > got smb length of 160 >[2005/03/31 14:07:41, 6] smbd/process.c:process_smb(1090) > got message type 0x0 of len 0xa0 >[2005/03/31 14:07:41, 3] smbd/process.c:process_smb(1091) > Transaction 30 of length 164 >[2005/03/31 14:07:41, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:41, 5] lib/util.c:show_msg(474) > size=160 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=824 > smb_uid=100 > smb_mid=1920 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 76 (0x4C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 76 (0x4C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29611 (0x73AB) > smb_bcc=93 >[2005/03/31 14:07:41, 10] lib/util.c:dump_data(1995) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 4C 00 00 00 04 00 00 ........ .L...... > [020] 00 34 00 00 00 00 00 07 00 00 00 00 00 04 00 00 .4...... ........ > [030] 00 00 00 00 00 7D 4A 4C 42 D4 51 00 00 11 02 00 .....}JL B.Q..... > [040] 00 04 00 00 00 01 04 00 00 00 00 00 05 15 00 00 ........ ........ > [050] 00 00 99 3B 2B B8 F5 E8 65 B8 05 7E AD ...;+... e..~. >[2005/03/31 14:07:41, 3] smbd/process.c:switch_message(886) > switch message SMBtrans (pid 20948) conn 0x8333888 >[2005/03/31 14:07:41, 4] smbd/uid.c:change_to_user(194) > change_to_user: Skipping user change - already user >[2005/03/31 14:07:41, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=76 params=0 setup=2 >[2005/03/31 14:07:41, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2005/03/31 14:07:41, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2005/03/31 14:07:41, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2005/03/31 14:07:41, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1168) > search for pipe pnum=73ab >[2005/03/31 14:07:41, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) > pipe name samr pnum=73ab (pipes_open=2) >[2005/03/31 14:07:41, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) > pipe name lsarpc pnum=73a8 (pipes_open=2) >[2005/03/31 14:07:41, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "samr" (pnum 73ab) >[2005/03/31 14:07:41, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x830eed8 max_trans_reply: 1024 >[2005/03/31 14:07:41, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(852) > write_to_pipe: 73ab name: samr open: Yes len: 76 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) > write_to_pipe: data_left = 76 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 76 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) > fill_rpc_header: data_to_copy = 76, len_needed_to_complete_hdr = 16, receive_len = 0 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) > write_to_pipe: data_used = 16 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) > write_to_pipe: data_left = 60 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 60 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0000 major : 05 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0001 minor : 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0002 pkt_type : 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0003 flags : 03 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0004 pack_type0: 10 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0005 pack_type1: 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0006 pack_type2: 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0007 pack_type3: 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 frag_len : 004c >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000a auth_len : 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 000c call_id : 00000004 >[2005/03/31 14:07:41, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) > unmarshall_rpc_header: using little-endian RPC >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) > unmarshall_rpc_header: type = 0, flags = 3 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) > write_to_pipe: data_used = 0 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) > write_to_pipe: data_left = 60 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 60, incoming data = 60 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(720) > process_complete_pdu: processing packet type 0 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0000 alloc_hint: 00000034 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0004 context_id: 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0006 opnum : 0007 >[2005/03/31 14:07:41, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) > free_pipe_context: destroying talloc pool of size 0 >[2005/03/31 14:07:41, 5] rpc_server/srv_pipe.c:api_pipe_request(1497) > Requested \PIPE\samr >[2005/03/31 14:07:41, 4] rpc_server/srv_pipe.c:api_rpcTNP(1531) > api_rpcTNP: samr op 0x7 - api_rpcTNP: rpc command: SAMR_OPEN_DOMAIN >[2005/03/31 14:07:41, 6] rpc_server/srv_pipe.c:api_rpcTNP(1557) > api_rpc_cmds[39].fn == 0x8123860 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_q_open_domain >[2005/03/31 14:07:41, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd pol >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0000 data1: 00000000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0004 data2: 00000004 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 data3: 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000a data4: 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8s(729) > 000c data5: 7d 4a 4c 42 d4 51 00 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0014 flags: 00000211 >[2005/03/31 14:07:41, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000018 smb_io_dom_sid2 sid >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0018 num_auths: 00000004 >[2005/03/31 14:07:41, 7] rpc_parse/parse_prs.c:prs_debug(82) > 00001c smb_io_dom_sid sid >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 001c sid_rev_num: 01 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 001d num_auths : 04 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 001e id_auth[0] : 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 001f id_auth[1] : 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0020 id_auth[2] : 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0021 id_auth[3] : 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0022 id_auth[4] : 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0023 id_auth[5] : 05 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32s(869) > 0024 sub_auths : 00000015 2b3b9900 65e8f5b8 ad7e05b8 >[2005/03/31 14:07:41, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 04 00 00 00 00 00 00 00 7D 4A 4C 42 ........ ....}JLB > [010] D4 51 00 00 .Q.. >[2005/03/31 14:07:41, 5] rpc_server/srv_samr_nt.c:access_check_samr_function(201) > _samr_open_domain: access check ((granted: 0x00000030; required: 0x00000020) >[2005/03/31 14:07:41, 10] lib/util_seaccess.c:se_access_check(234) > se_access_check: requested access 0x00000211, for NT token with 10 entries and first sid S-1-5-21-725326080-1709766072-2910717368-500. >[2005/03/31 14:07:41, 3] lib/util_seaccess.c:se_access_check(251) >[2005/03/31 14:07:41, 3] lib/util_seaccess.c:se_access_check(252) > se_access_check: user sid is S-1-5-21-725326080-1709766072-2910717368-500 > se_access_check: also S-1-5-21-725326080-1709766072-2910717368-513 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: also S-1-5-21-725326080-1709766072-2910717368-1001 > se_access_check: also S-1-5-21-725326080-1709766072-2910717368-1007 > se_access_check: also S-1-5-21-725326080-1709766072-2910717368-512 > se_access_check: also S-1-5-21-725326080-1709766072-2910717368-3041 > se_access_check: also S-1-5-21-725326080-1709766072-2910717368-3043 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20385, current desired = 211 > se_access_check: ACE 1: type 0, flags = 0x00, SID = S-1-5-32-544 mask = f07ff, current desired = 10 > se_access_check: ACE 2: type 0, flags = 0x00, SID = S-1-5-32-548 mask = f07ff, current desired = 10 > se_access_check: ACE 3: type 0, flags = 0x00, SID = S-1-5-21-725326080-1709766072-2910717368-512 mask = f07ff, current desired = 10 >[2005/03/31 14:07:41, 5] lib/util_seaccess.c:se_access_check(309) > se_access_check: access (211) granted. >[2005/03/31 14:07:41, 4] rpc_server/srv_samr_nt.c:access_check_samr_object(189) > _samr_open_domain: access GRANTED (requested: 0x00000211, granted: 0x000d067b) >[2005/03/31 14:07:41, 10] rpc_server/srv_samr_nt.c:get_samr_info_by_sid(248) > get_samr_info_by_sid: created new info for sid S-1-5-21-725326080-1709766072-2910717368 >[2005/03/31 14:07:41, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) > Opened policy hnd[3] [000] 00 00 00 00 05 00 00 00 00 00 00 00 7D 4A 4C 42 ........ ....}JLB > [010] D4 51 00 00 .Q.. >[2005/03/31 14:07:41, 5] rpc_server/srv_samr_nt.c:_samr_open_domain(531) > samr_open_domain: 531 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_r_open_domain >[2005/03/31 14:07:41, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd domain_pol >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0000 data1: 00000000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0004 data2: 00000005 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 data3: 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000a data4: 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8s(729) > 000c data5: 7d 4a 4c 42 d4 51 00 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_ntstatus(672) > 0014 status: NT_STATUS_OK >[2005/03/31 14:07:41, 5] rpc_server/srv_pipe.c:api_rpcTNP(1578) > api_rpcTNP: called samr successfully >[2005/03/31 14:07:41, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) > free_pipe_context: destroying talloc pool of size 956 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) > write_to_pipe: data_used = 60 >[2005/03/31 14:07:41, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(909) > read_from_pipe: 73ab name: samr len: 1024 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(982) > read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr hdr >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0000 major : 05 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0001 minor : 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0002 pkt_type : 02 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0003 flags : 03 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0004 pack_type0: 10 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0005 pack_type1: 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0006 pack_type2: 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0007 pack_type3: 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 frag_len : 0030 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000a auth_len : 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 000c call_id : 00000004 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0010 alloc_hint: 00000018 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0014 context_id: 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0016 cancel_ct : 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0017 reserved : 00 >[2005/03/31 14:07:41, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..48] >[2005/03/31 14:07:41, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:41, 5] lib/util.c:show_msg(474) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=824 > smb_uid=100 > smb_mid=1920 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2005/03/31 14:07:41, 10] lib/util.c:dump_data(1995) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 04 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 05 00 00 ........ ........ > [020] 00 00 00 00 00 7D 4A 4C 42 D4 51 00 00 00 00 00 .....}JL B.Q..... > [030] 00 . >[2005/03/31 14:07:41, 6] lib/util_sock.c:write_socket(449) > write_socket(25,108) >[2005/03/31 14:07:41, 6] lib/util_sock.c:write_socket(452) > write_socket(25,108) wrote 108 >[2005/03/31 14:07:41, 10] lib/util_sock.c:read_smb_length_return_keepalive(505) > got smb length of 176 >[2005/03/31 14:07:41, 6] smbd/process.c:process_smb(1090) > got message type 0x0 of len 0xb0 >[2005/03/31 14:07:41, 3] smbd/process.c:process_smb(1091) > Transaction 31 of length 180 >[2005/03/31 14:07:41, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:41, 5] lib/util.c:show_msg(474) > size=176 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=824 > smb_uid=100 > smb_mid=1984 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 92 (0x5C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 92 (0x5C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29611 (0x73AB) > smb_bcc=109 >[2005/03/31 14:07:41, 10] lib/util.c:dump_data(1995) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 5C 00 00 00 05 00 00 ........ .\...... > [020] 00 44 00 00 00 00 00 32 00 00 00 00 00 05 00 00 .D.....2 ........ > [030] 00 00 00 00 00 7D 4A 4C 42 D4 51 00 00 12 00 14 .....}JL B.Q..... > [040] 00 D0 C6 21 03 0A 00 00 00 00 00 00 00 09 00 00 ...!.... ........ > [050] 00 58 00 50 00 4E 00 4F 00 52 00 54 00 4F 00 4E .X.P.N.O .R.T.O.N > [060] 00 24 00 41 00 80 00 00 00 B0 00 05 E0 .$.A.... ..... >[2005/03/31 14:07:41, 3] smbd/process.c:switch_message(886) > switch message SMBtrans (pid 20948) conn 0x8333888 >[2005/03/31 14:07:41, 4] smbd/uid.c:change_to_user(194) > change_to_user: Skipping user change - already user >[2005/03/31 14:07:41, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=92 params=0 setup=2 >[2005/03/31 14:07:41, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2005/03/31 14:07:41, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2005/03/31 14:07:41, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2005/03/31 14:07:41, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1168) > search for pipe pnum=73ab >[2005/03/31 14:07:41, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) > pipe name samr pnum=73ab (pipes_open=2) >[2005/03/31 14:07:41, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) > pipe name lsarpc pnum=73a8 (pipes_open=2) >[2005/03/31 14:07:41, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "samr" (pnum 73ab) >[2005/03/31 14:07:41, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x830eed8 max_trans_reply: 1024 >[2005/03/31 14:07:41, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(852) > write_to_pipe: 73ab name: samr open: Yes len: 92 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) > write_to_pipe: data_left = 92 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 92 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) > fill_rpc_header: data_to_copy = 92, len_needed_to_complete_hdr = 16, receive_len = 0 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) > write_to_pipe: data_used = 16 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) > write_to_pipe: data_left = 76 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 76 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0000 major : 05 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0001 minor : 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0002 pkt_type : 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0003 flags : 03 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0004 pack_type0: 10 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0005 pack_type1: 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0006 pack_type2: 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0007 pack_type3: 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 frag_len : 005c >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000a auth_len : 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 000c call_id : 00000005 >[2005/03/31 14:07:41, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) > unmarshall_rpc_header: using little-endian RPC >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) > unmarshall_rpc_header: type = 0, flags = 3 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) > write_to_pipe: data_used = 0 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) > write_to_pipe: data_left = 76 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 76, incoming data = 76 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(720) > process_complete_pdu: processing packet type 0 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0000 alloc_hint: 00000044 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0004 context_id: 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0006 opnum : 0032 >[2005/03/31 14:07:41, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) > free_pipe_context: destroying talloc pool of size 0 >[2005/03/31 14:07:41, 5] rpc_server/srv_pipe.c:api_pipe_request(1497) > Requested \PIPE\samr >[2005/03/31 14:07:41, 4] rpc_server/srv_pipe.c:api_rpcTNP(1531) > api_rpcTNP: samr op 0x32 - api_rpcTNP: rpc command: SAMR_CREATE_USER >[2005/03/31 14:07:41, 6] rpc_server/srv_pipe.c:api_rpcTNP(1557) > api_rpc_cmds[33].fn == 0x8124150 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_q_create_user >[2005/03/31 14:07:41, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd domain_pol >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0000 data1: 00000000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0004 data2: 00000005 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 data3: 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000a data4: 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8s(729) > 000c data5: 7d 4a 4c 42 d4 51 00 00 >[2005/03/31 14:07:41, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000014 smb_io_unihdr hdr_name >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0014 uni_str_len: 0012 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0016 uni_max_len: 0014 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0018 buffer : 0321c6d0 >[2005/03/31 14:07:41, 6] rpc_parse/parse_prs.c:prs_debug(82) > 00001c smb_io_unistr2 uni_name >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 001c uni_max_len: 0000000a >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0020 offset : 00000000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0024 uni_str_len: 00000009 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:dbg_rw_punival(814) > 0028 buffer : X.P.N.O.R.T.O.N.$. >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 003c acb_info : 00000080 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0040 access_mask: e00500b0 >[2005/03/31 14:07:41, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 05 00 00 00 00 00 00 00 7D 4A 4C 42 ........ ....}JLB > [010] D4 51 00 00 .Q.. >[2005/03/31 14:07:41, 5] rpc_server/srv_samr_nt.c:access_check_samr_function(201) > _samr_create_user: access check ((granted: 0x000d067b; required: 0x00000010) >[2005/03/31 14:07:41, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2005/03/31 14:07:41, 3] smbd/uid.c:push_conn_ctx(365) > push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >[2005/03/31 14:07:41, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2005/03/31 14:07:41, 5] auth/auth_util.c:debug_nt_user_token(485) > NT user token: (NULL) >[2005/03/31 14:07:41, 5] auth/auth_util.c:debug_unix_user_token(506) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2005/03/31 14:07:41, 5] lib/smbldap.c:smbldap_search(1038) > smbldap_search: base => [dc=borkholder,dc=com], filter => [(&(uid=xpnorton$)(objectclass=sambaSamAccount))], scope => [2] >[2005/03/31 14:07:41, 4] passdb/pdb_ldap.c:ldapsam_getsampwnam(1334) > ldapsam_getsampwnam: Unable to locate user [xpnorton$] count=0 >[2005/03/31 14:07:41, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2005/03/31 14:07:41, 5] lib/username.c:Get_Pwnam(293) > Finding user xpnorton$ >[2005/03/31 14:07:41, 5] lib/username.c:Get_Pwnam_internals(223) > Trying _Get_Pwnam(), username as lowercase is xpnorton$ >[2005/03/31 14:07:41, 5] lib/username.c:Get_Pwnam_internals(251) > Get_Pwnam_internals did find user [xpnorton$]! >[2005/03/31 14:07:41, 5] rpc_server/srv_samr_nt.c:_samr_create_user(2311) > _samr_create_user: can add this account : False >[2005/03/31 14:07:41, 5] lib/username.c:Get_Pwnam(293) > Finding user xpnorton$ >[2005/03/31 14:07:41, 5] lib/username.c:Get_Pwnam_internals(223) > Trying _Get_Pwnam(), username as lowercase is xpnorton$ >[2005/03/31 14:07:41, 5] lib/username.c:Get_Pwnam_internals(251) > Get_Pwnam_internals did find user [xpnorton$]! >[2005/03/31 14:07:41, 10] passdb/pdb_get_set.c:pdb_set_username(617) > pdb_set_username: setting username xpnorton$, was >[2005/03/31 14:07:41, 10] passdb/pdb_get_set.c:pdb_set_fullname(698) > pdb_set_full_name: setting full name Computer, was >[2005/03/31 14:07:41, 10] passdb/pdb_get_set.c:pdb_set_unix_homedir(833) > pdb_set_unix_homedir: setting home dir /dev/null, was NULL >[2005/03/31 14:07:41, 10] passdb/pdb_get_set.c:pdb_set_domain(644) > pdb_set_domain: setting domain CORP, was >[2005/03/31 14:07:41, 10] passdb/pdb_get_set.c:pdb_set_user_sid(544) > pdb_set_user_sid: setting user sid S-1-5-21-725326080-1709766072-2910717368-3324 >[2005/03/31 14:07:41, 10] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(73) > pdb_set_user_sid_from_rid: > setting user sid S-1-5-21-725326080-1709766072-2910717368-3324 from rid 3324 >[2005/03/31 14:07:41, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2005/03/31 14:07:41, 3] smbd/uid.c:push_conn_ctx(365) > push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >[2005/03/31 14:07:41, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2005/03/31 14:07:41, 5] auth/auth_util.c:debug_nt_user_token(485) > NT user token: (NULL) >[2005/03/31 14:07:41, 5] auth/auth_util.c:debug_unix_user_token(506) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2005/03/31 14:07:41, 5] lib/smbldap.c:smbldap_search(1038) > smbldap_search: base => [ou=Groups,dc=borkholder,dc=com], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=515))], scope => [2] >[2005/03/31 14:07:41, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2106) > ldapsam_getgroup: Did not find group >[2005/03/31 14:07:41, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2005/03/31 14:07:41, 10] passdb/pdb_get_set.c:pdb_set_group_sid(580) > pdb_set_group_sid: setting group sid S-1-5-21-725326080-1709766072-2910717368-2031 >[2005/03/31 14:07:41, 10] passdb/pdb_compat.c:pdb_set_group_sid_from_rid(100) > pdb_set_group_sid_from_rid: > setting group sid S-1-5-21-725326080-1709766072-2910717368-2031 from rid 2031 >[2005/03/31 14:07:41, 10] passdb/passdb.c:pdb_init_sam_new(372) > pdb_init_sam_new: no RID specified. Generating one via old algorithm >[2005/03/31 14:07:41, 10] passdb/pdb_get_set.c:pdb_set_user_sid(544) > pdb_set_user_sid: setting user sid S-1-5-21-725326080-1709766072-2910717368-3324 >[2005/03/31 14:07:41, 10] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(73) > pdb_set_user_sid_from_rid: > setting user sid S-1-5-21-725326080-1709766072-2910717368-3324 from rid 3324 >[2005/03/31 14:07:41, 5] lib/smbldap.c:smbldap_search(1038) > smbldap_search: base => [dc=borkholder,dc=com], filter => [(&(uid=xpnorton$)(objectclass=sambaSamAccount))], scope => [2] >[2005/03/31 14:07:41, 5] lib/smbldap.c:smbldap_search(1038) > smbldap_search: base => [dc=borkholder,dc=com], filter => [(&(sambaSID=S-1-5-21-725326080-1709766072-2910717368-3324)(objectclass=sambaSamAccount))], scope => [2] >[2005/03/31 14:07:41, 5] lib/smbldap.c:smbldap_search(1038) > smbldap_search: base => [dc=borkholder,dc=com], filter => [(uid=xpnorton$)], scope => [2] >[2005/03/31 14:07:41, 3] passdb/pdb_ldap.c:ldapsam_add_sam_account(1832) > ldapsam_add_sam_account: User exists without samba attributes: adding them >[2005/03/31 14:07:41, 2] passdb/pdb_ldap.c:init_ldap_from_sam(912) > init_ldap_from_sam: Setting entry for user: xpnorton$ >[2005/03/31 14:07:41, 10] lib/smbldap.c:smbldap_get_single_attribute(358) > smbldap_get_single_attribute: [sambaSID] = [<does not exist>] >[2005/03/31 14:07:41, 10] lib/smbldap.c:smbldap_get_single_attribute(358) > smbldap_get_single_attribute: [sambaPrimaryGroupSID] = [<does not exist>] >[2005/03/31 14:07:41, 10] lib/smbldap.c:smbldap_get_single_attribute(358) > smbldap_get_single_attribute: [sambaAcctFlags] = [<does not exist>] >[2005/03/31 14:07:41, 5] lib/smbldap.c:smbldap_modify(1084) > smbldap_modify: dn => [uid=xpnorton$,ou=Computers,dc=borkholder,dc=com] >[2005/03/31 14:07:41, 2] passdb/pdb_ldap.c:ldapsam_add_sam_account(1942) > ldapsam_add_sam_account: added: uid == xpnorton$ in the LDAP database >[2005/03/31 14:07:41, 10] lib/util_seaccess.c:se_access_check(234) > se_access_check: requested access 0x000f07ff, for NT token with 10 entries and first sid S-1-5-21-725326080-1709766072-2910717368-500. >[2005/03/31 14:07:41, 3] lib/util_seaccess.c:se_access_check(251) >[2005/03/31 14:07:41, 3] lib/util_seaccess.c:se_access_check(252) > se_access_check: user sid is S-1-5-21-725326080-1709766072-2910717368-500 > se_access_check: also S-1-5-21-725326080-1709766072-2910717368-513 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: also S-1-5-21-725326080-1709766072-2910717368-1001 > se_access_check: also S-1-5-21-725326080-1709766072-2910717368-1007 > se_access_check: also S-1-5-21-725326080-1709766072-2910717368-512 > se_access_check: also S-1-5-21-725326080-1709766072-2910717368-3041 > se_access_check: also S-1-5-21-725326080-1709766072-2910717368-3043 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 2035b, current desired = f07ff > se_access_check: ACE 1: type 0, flags = 0x00, SID = S-1-5-32-544 mask = f07ff, current desired = d04a4 > se_access_check: ACE 2: type 0, flags = 0x00, SID = S-1-5-32-548 mask = f07ff, current desired = d04a4 > se_access_check: ACE 3: type 0, flags = 0x00, SID = S-1-5-21-725326080-1709766072-2910717368-512 mask = f07ff, current desired = d04a4 >[2005/03/31 14:07:41, 5] lib/util_seaccess.c:se_access_check(309) > se_access_check: access (f07ff) granted. >[2005/03/31 14:07:41, 4] rpc_server/srv_samr_nt.c:access_check_samr_object(189) > _samr_create_user: access GRANTED (requested: 0x000f07ff, granted: 0x000f07ff) >[2005/03/31 14:07:41, 10] rpc_server/srv_samr_nt.c:get_samr_info_by_sid(248) > get_samr_info_by_sid: created new info for sid S-1-5-21-725326080-1709766072-2910717368-3324 >[2005/03/31 14:07:41, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) > Opened policy hnd[4] [000] 00 00 00 00 06 00 00 00 00 00 00 00 7D 4A 4C 42 ........ ....}JLB > [010] D4 51 00 00 .Q.. >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_r_create_user >[2005/03/31 14:07:41, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd user_pol >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0000 data1: 00000000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0004 data2: 00000006 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 data3: 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000a data4: 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8s(729) > 000c data5: 7d 4a 4c 42 d4 51 00 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0014 access_granted: 000f07ff >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0018 user_rid : 00000cfc >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_ntstatus(672) > 001c status: NT_STATUS_OK >[2005/03/31 14:07:41, 5] rpc_server/srv_pipe.c:api_rpcTNP(1578) > api_rpcTNP: called samr successfully >[2005/03/31 14:07:41, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) > free_pipe_context: destroying talloc pool of size 1200 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) > write_to_pipe: data_used = 76 >[2005/03/31 14:07:41, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(909) > read_from_pipe: 73ab name: samr len: 1024 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(982) > read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 32. >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr hdr >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0000 major : 05 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0001 minor : 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0002 pkt_type : 02 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0003 flags : 03 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0004 pack_type0: 10 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0005 pack_type1: 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0006 pack_type2: 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0007 pack_type3: 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 frag_len : 0038 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000a auth_len : 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 000c call_id : 00000005 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0010 alloc_hint: 00000020 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0014 context_id: 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0016 cancel_ct : 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0017 reserved : 00 >[2005/03/31 14:07:41, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..56] >[2005/03/31 14:07:41, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:41, 5] lib/util.c:show_msg(474) > size=112 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=824 > smb_uid=100 > smb_mid=1984 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 56 (0x38) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 56 (0x38) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=57 >[2005/03/31 14:07:41, 10] lib/util.c:dump_data(1995) > [000] 00 05 00 02 03 10 00 00 00 38 00 00 00 05 00 00 ........ .8...... > [010] 00 20 00 00 00 00 00 00 00 00 00 00 00 06 00 00 . ...... ........ > [020] 00 00 00 00 00 7D 4A 4C 42 D4 51 00 00 FF 07 0F .....}JL B.Q..... > [030] 00 FC 0C 00 00 00 00 00 00 ........ . >[2005/03/31 14:07:41, 6] lib/util_sock.c:write_socket(449) > write_socket(25,116) >[2005/03/31 14:07:41, 6] lib/util_sock.c:write_socket(452) > write_socket(25,116) wrote 116 >[2005/03/31 14:07:41, 10] lib/util_sock.c:read_smb_length_return_keepalive(505) > got smb length of 130 >[2005/03/31 14:07:41, 6] smbd/process.c:process_smb(1090) > got message type 0x0 of len 0x82 >[2005/03/31 14:07:41, 3] smbd/process.c:process_smb(1091) > Transaction 32 of length 134 >[2005/03/31 14:07:41, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:41, 5] lib/util.c:show_msg(474) > size=130 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=824 > smb_uid=100 > smb_mid=2048 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 46 (0x2E) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 46 (0x2E) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29611 (0x73AB) > smb_bcc=63 >[2005/03/31 14:07:41, 10] lib/util.c:dump_data(1995) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 2E 00 00 00 06 00 00 ........ ........ > [020] 00 16 00 00 00 00 00 24 00 00 00 00 00 06 00 00 .......$ ........ > [030] 00 00 00 00 00 7D 4A 4C 42 D4 51 00 00 10 00 .....}JL B.Q.... >[2005/03/31 14:07:41, 3] smbd/process.c:switch_message(886) > switch message SMBtrans (pid 20948) conn 0x8333888 >[2005/03/31 14:07:41, 4] smbd/uid.c:change_to_user(194) > change_to_user: Skipping user change - already user >[2005/03/31 14:07:41, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=46 params=0 setup=2 >[2005/03/31 14:07:41, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2005/03/31 14:07:41, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2005/03/31 14:07:41, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2005/03/31 14:07:41, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1168) > search for pipe pnum=73ab >[2005/03/31 14:07:41, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) > pipe name samr pnum=73ab (pipes_open=2) >[2005/03/31 14:07:41, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) > pipe name lsarpc pnum=73a8 (pipes_open=2) >[2005/03/31 14:07:41, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "samr" (pnum 73ab) >[2005/03/31 14:07:41, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x830eed8 max_trans_reply: 1024 >[2005/03/31 14:07:41, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(852) > write_to_pipe: 73ab name: samr open: Yes len: 46 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) > write_to_pipe: data_left = 46 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 46 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) > fill_rpc_header: data_to_copy = 46, len_needed_to_complete_hdr = 16, receive_len = 0 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) > write_to_pipe: data_used = 16 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) > write_to_pipe: data_left = 30 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 30 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0000 major : 05 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0001 minor : 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0002 pkt_type : 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0003 flags : 03 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0004 pack_type0: 10 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0005 pack_type1: 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0006 pack_type2: 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0007 pack_type3: 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 frag_len : 002e >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000a auth_len : 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 000c call_id : 00000006 >[2005/03/31 14:07:41, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) > unmarshall_rpc_header: using little-endian RPC >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) > unmarshall_rpc_header: type = 0, flags = 3 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) > write_to_pipe: data_used = 0 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) > write_to_pipe: data_left = 30 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 30, incoming data = 30 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(720) > process_complete_pdu: processing packet type 0 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0000 alloc_hint: 00000016 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0004 context_id: 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0006 opnum : 0024 >[2005/03/31 14:07:41, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) > free_pipe_context: destroying talloc pool of size 0 >[2005/03/31 14:07:41, 5] rpc_server/srv_pipe.c:api_pipe_request(1497) > Requested \PIPE\samr >[2005/03/31 14:07:41, 4] rpc_server/srv_pipe.c:api_rpcTNP(1531) > api_rpcTNP: samr op 0x24 - api_rpcTNP: rpc command: SAMR_QUERY_USERINFO >[2005/03/31 14:07:41, 6] rpc_server/srv_pipe.c:api_rpcTNP(1557) > api_rpc_cmds[21].fn == 0x8125010 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_q_query_userinfo >[2005/03/31 14:07:41, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd pol >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0000 data1: 00000000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0004 data2: 00000006 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 data3: 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000a data4: 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8s(729) > 000c data5: 7d 4a 4c 42 d4 51 00 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0014 switch_value: 0010 >[2005/03/31 14:07:41, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 06 00 00 00 00 00 00 00 7D 4A 4C 42 ........ ....}JLB > [010] D4 51 00 00 .Q.. >[2005/03/31 14:07:41, 5] rpc_server/srv_samr_nt.c:_samr_query_userinfo(1879) > _samr_query_userinfo: sid:S-1-5-21-725326080-1709766072-2910717368-3324 >[2005/03/31 14:07:41, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2005/03/31 14:07:41, 3] smbd/uid.c:push_conn_ctx(365) > push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >[2005/03/31 14:07:41, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2005/03/31 14:07:41, 5] auth/auth_util.c:debug_nt_user_token(485) > NT user token: (NULL) >[2005/03/31 14:07:41, 5] auth/auth_util.c:debug_unix_user_token(506) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2005/03/31 14:07:41, 5] lib/smbldap.c:smbldap_search(1038) > smbldap_search: base => [dc=borkholder,dc=com], filter => [(&(sambaSID=S-1-5-21-725326080-1709766072-2910717368-3324)(objectclass=sambaSamAccount))], scope => [2] >[2005/03/31 14:07:41, 2] passdb/pdb_ldap.c:init_sam_from_ldap(499) > init_sam_from_ldap: Entry found for user: xpnorton$ >[2005/03/31 14:07:41, 10] passdb/pdb_get_set.c:pdb_set_username(617) > pdb_set_username: setting username xpnorton$, was >[2005/03/31 14:07:41, 10] passdb/pdb_get_set.c:pdb_set_domain(644) > pdb_set_domain: setting domain CORP, was >[2005/03/31 14:07:41, 10] passdb/pdb_get_set.c:pdb_set_nt_username(671) > pdb_set_nt_username: setting nt username xpnorton$, was >[2005/03/31 14:07:41, 10] passdb/pdb_get_set.c:pdb_set_user_sid_from_string(557) > pdb_set_user_sid_from_string: setting user sid S-1-5-21-725326080-1709766072-2910717368-3324 >[2005/03/31 14:07:41, 10] passdb/pdb_get_set.c:pdb_set_user_sid(544) > pdb_set_user_sid: setting user sid S-1-5-21-725326080-1709766072-2910717368-3324 >[2005/03/31 14:07:41, 10] passdb/pdb_get_set.c:pdb_set_group_sid_from_string(592) > pdb_set_group_sid_from_string: setting group sid S-1-5-21-725326080-1709766072-2910717368-2031 >[2005/03/31 14:07:41, 10] passdb/pdb_get_set.c:pdb_set_group_sid(580) > pdb_set_group_sid: setting group sid S-1-5-21-725326080-1709766072-2910717368-2031 >[2005/03/31 14:07:41, 10] lib/smbldap.c:smbldap_get_single_attribute(358) > smbldap_get_single_attribute: [sambaPwdLastSet] = [<does not exist>] >[2005/03/31 14:07:41, 10] lib/smbldap.c:smbldap_get_single_attribute(358) > smbldap_get_single_attribute: [sambaLogonTime] = [<does not exist>] >[2005/03/31 14:07:41, 10] lib/smbldap.c:smbldap_get_single_attribute(358) > smbldap_get_single_attribute: [sambaLogoffTime] = [<does not exist>] >[2005/03/31 14:07:41, 10] lib/smbldap.c:smbldap_get_single_attribute(358) > smbldap_get_single_attribute: [sambaKickoffTime] = [<does not exist>] >[2005/03/31 14:07:41, 10] lib/smbldap.c:smbldap_get_single_attribute(358) > smbldap_get_single_attribute: [sambaPwdCanChange] = [<does not exist>] >[2005/03/31 14:07:41, 10] lib/smbldap.c:smbldap_get_single_attribute(358) > smbldap_get_single_attribute: [sambaPwdMustChange] = [<does not exist>] >[2005/03/31 14:07:41, 10] passdb/pdb_get_set.c:pdb_set_fullname(698) > pdb_set_full_name: setting full name Computer, was >[2005/03/31 14:07:41, 10] lib/smbldap.c:smbldap_get_single_attribute(358) > smbldap_get_single_attribute: [sambaHomeDrive] = [<does not exist>] >[2005/03/31 14:07:41, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(779) > pdb_set_dir_drive: setting dir drive H:, was NULL >[2005/03/31 14:07:41, 10] lib/smbldap.c:smbldap_get_single_attribute(358) > smbldap_get_single_attribute: [sambaHomePath] = [<does not exist>] >[2005/03/31 14:07:41, 10] passdb/pdb_get_set.c:pdb_set_homedir(806) > pdb_set_homedir: setting home dir \\corpsrv\xpnorton_, was >[2005/03/31 14:07:41, 10] lib/smbldap.c:smbldap_get_single_attribute(358) > smbldap_get_single_attribute: [sambaLogonScript] = [<does not exist>] >[2005/03/31 14:07:41, 10] passdb/pdb_get_set.c:pdb_set_logon_script(725) > pdb_set_logon_script: setting logon script logon.bat, was >[2005/03/31 14:07:41, 10] lib/smbldap.c:smbldap_get_single_attribute(358) > smbldap_get_single_attribute: [sambaProfilePath] = [<does not exist>] >[2005/03/31 14:07:41, 10] passdb/pdb_get_set.c:pdb_set_profile_path(752) > pdb_set_profile_path: setting profile path \\corpsrv\profiles\xpnorton_\WinXP, was >[2005/03/31 14:07:41, 10] lib/smbldap.c:smbldap_get_single_attribute(358) > smbldap_get_single_attribute: [sambaUserWorkstations] = [<does not exist>] >[2005/03/31 14:07:41, 10] lib/smbldap.c:smbldap_get_single_attribute(358) > smbldap_get_single_attribute: [sambaMungedDial] = [<does not exist>] >[2005/03/31 14:07:41, 10] lib/smbldap.c:smbldap_get_single_attribute(358) > smbldap_get_single_attribute: [sambaLMPassword] = [<does not exist>] >[2005/03/31 14:07:41, 10] lib/smbldap.c:smbldap_get_single_attribute(358) > smbldap_get_single_attribute: [sambaNTPassword] = [<does not exist>] >[2005/03/31 14:07:41, 10] lib/account_pol.c:account_policy_get(210) > account_policy_get: password history:0 >[2005/03/31 14:07:41, 10] lib/smbldap.c:smbldap_get_single_attribute(358) > smbldap_get_single_attribute: [sambaBadPasswordCount] = [<does not exist>] >[2005/03/31 14:07:41, 10] lib/smbldap.c:smbldap_get_single_attribute(358) > smbldap_get_single_attribute: [sambaBadPasswordTime] = [<does not exist>] >[2005/03/31 14:07:41, 10] lib/smbldap.c:smbldap_get_single_attribute(358) > smbldap_get_single_attribute: [sambaLogonHours] = [<does not exist>] >[2005/03/31 14:07:41, 7] passdb/login_cache.c:login_cache_read(83) > Looking up login cache for user xpnorton$ >[2005/03/31 14:07:41, 7] passdb/login_cache.c:login_cache_read(97) > No cache entry found >[2005/03/31 14:07:41, 9] passdb/pdb_ldap.c:init_sam_from_ldap(852) > No cache entry, bad count = 0, bad time = 0 >[2005/03/31 14:07:41, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2005/03/31 14:07:41, 3] rpc_server/srv_samr_nt.c:get_user_info_10(1725) > User:[xpnorton$] >[2005/03/31 14:07:41, 5] rpc_parse/parse_samr.c:init_sam_user_info10(5259) > init_sam_user_info10 >[2005/03/31 14:07:41, 5] rpc_parse/parse_samr.c:init_samr_r_query_userinfo(6520) > init_samr_r_query_userinfo >[2005/03/31 14:07:41, 5] rpc_server/srv_samr_nt.c:_samr_query_userinfo(1962) > _samr_query_userinfo: 1962 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_r_query_userinfo >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0000 ptr: 00000001 >[2005/03/31 14:07:41, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000004 samr_io_userinfo_ctr ctr >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0004 switch_value: 0010 >[2005/03/31 14:07:41, 7] rpc_parse/parse_prs.c:prs_debug(82) > 000008 samr_io_r_user_info10 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0008 acb_info: 00000081 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_ntstatus(672) > 000c status: NT_STATUS_OK >[2005/03/31 14:07:41, 5] rpc_server/srv_pipe.c:api_rpcTNP(1578) > api_rpcTNP: called samr successfully >[2005/03/31 14:07:41, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) > free_pipe_context: destroying talloc pool of size 564 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) > write_to_pipe: data_used = 30 >[2005/03/31 14:07:41, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(909) > read_from_pipe: 73ab name: samr len: 1024 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(982) > read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 16. >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr hdr >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0000 major : 05 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0001 minor : 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0002 pkt_type : 02 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0003 flags : 03 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0004 pack_type0: 10 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0005 pack_type1: 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0006 pack_type2: 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0007 pack_type3: 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 frag_len : 0028 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000a auth_len : 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 000c call_id : 00000006 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0010 alloc_hint: 00000010 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0014 context_id: 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0016 cancel_ct : 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0017 reserved : 00 >[2005/03/31 14:07:41, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..40] >[2005/03/31 14:07:41, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:41, 5] lib/util.c:show_msg(474) > size=96 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=824 > smb_uid=100 > smb_mid=2048 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 40 (0x28) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 40 (0x28) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=41 >[2005/03/31 14:07:41, 10] lib/util.c:dump_data(1995) > [000] 00 05 00 02 03 10 00 00 00 28 00 00 00 06 00 00 ........ .(...... > [010] 00 10 00 00 00 00 00 00 00 01 00 00 00 10 00 00 ........ ........ > [020] 00 81 00 00 00 00 00 00 00 ........ . >[2005/03/31 14:07:41, 6] lib/util_sock.c:write_socket(449) > write_socket(25,100) >[2005/03/31 14:07:41, 6] lib/util_sock.c:write_socket(452) > write_socket(25,100) wrote 100 >[2005/03/31 14:07:41, 10] lib/util_sock.c:read_smb_length_return_keepalive(505) > got smb length of 128 >[2005/03/31 14:07:41, 6] smbd/process.c:process_smb(1090) > got message type 0x0 of len 0x80 >[2005/03/31 14:07:41, 3] smbd/process.c:process_smb(1091) > Transaction 33 of length 132 >[2005/03/31 14:07:41, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:41, 5] lib/util.c:show_msg(474) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=824 > smb_uid=100 > smb_mid=2112 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29611 (0x73AB) > smb_bcc=61 >[2005/03/31 14:07:41, 10] lib/util.c:dump_data(1995) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 07 00 00 ........ .,...... > [020] 00 14 00 00 00 00 00 2C 00 00 00 00 00 06 00 00 ......., ........ > [030] 00 00 00 00 00 7D 4A 4C 42 D4 51 00 00 .....}JL B.Q.. >[2005/03/31 14:07:41, 3] smbd/process.c:switch_message(886) > switch message SMBtrans (pid 20948) conn 0x8333888 >[2005/03/31 14:07:41, 4] smbd/uid.c:change_to_user(194) > change_to_user: Skipping user change - already user >[2005/03/31 14:07:41, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=44 params=0 setup=2 >[2005/03/31 14:07:41, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2005/03/31 14:07:41, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2005/03/31 14:07:41, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2005/03/31 14:07:41, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1168) > search for pipe pnum=73ab >[2005/03/31 14:07:41, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) > pipe name samr pnum=73ab (pipes_open=2) >[2005/03/31 14:07:41, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) > pipe name lsarpc pnum=73a8 (pipes_open=2) >[2005/03/31 14:07:41, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "samr" (pnum 73ab) >[2005/03/31 14:07:41, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x830eed8 max_trans_reply: 1024 >[2005/03/31 14:07:41, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(852) > write_to_pipe: 73ab name: samr open: Yes len: 44 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) > write_to_pipe: data_left = 44 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) > fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) > write_to_pipe: data_used = 16 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) > write_to_pipe: data_left = 28 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0000 major : 05 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0001 minor : 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0002 pkt_type : 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0003 flags : 03 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0004 pack_type0: 10 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0005 pack_type1: 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0006 pack_type2: 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0007 pack_type3: 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 frag_len : 002c >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000a auth_len : 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 000c call_id : 00000007 >[2005/03/31 14:07:41, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) > unmarshall_rpc_header: using little-endian RPC >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) > unmarshall_rpc_header: type = 0, flags = 3 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) > write_to_pipe: data_used = 0 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) > write_to_pipe: data_left = 28 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 28, incoming data = 28 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(720) > process_complete_pdu: processing packet type 0 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0000 alloc_hint: 00000014 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0004 context_id: 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0006 opnum : 002c >[2005/03/31 14:07:41, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) > free_pipe_context: destroying talloc pool of size 0 >[2005/03/31 14:07:41, 5] rpc_server/srv_pipe.c:api_pipe_request(1497) > Requested \PIPE\samr >[2005/03/31 14:07:41, 4] rpc_server/srv_pipe.c:api_rpcTNP(1531) > api_rpcTNP: samr op 0x2c - api_rpcTNP: rpc command: SAMR_GET_USRDOM_PWINFO >[2005/03/31 14:07:41, 6] rpc_server/srv_pipe.c:api_rpcTNP(1557) > api_rpc_cmds[44].fn == 0x8123110 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_q_get_usrdom_pwinfo >[2005/03/31 14:07:41, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd user_pol >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0000 data1: 00000000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0004 data2: 00000006 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 data3: 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000a data4: 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8s(729) > 000c data5: 7d 4a 4c 42 d4 51 00 00 >[2005/03/31 14:07:41, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 06 00 00 00 00 00 00 00 7D 4A 4C 42 ........ ....}JLB > [010] D4 51 00 00 .Q.. >[2005/03/31 14:07:41, 5] rpc_parse/parse_samr.c:init_samr_r_get_usrdom_pwinfo(347) > init_samr_r_get_usrdom_pwinfo >[2005/03/31 14:07:41, 5] rpc_server/srv_samr_nt.c:_samr_get_usrdom_pwinfo(555) > _samr_get_usrdom_pwinfo: 555 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_r_get_usrdom_pwinfo >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0000 unknown_0: 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0002 unknown_1: 0015 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0004 unknown_2: 00000000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_ntstatus(672) > 0008 status : NT_STATUS_OK >[2005/03/31 14:07:41, 5] rpc_server/srv_pipe.c:api_rpcTNP(1578) > api_rpcTNP: called samr successfully >[2005/03/31 14:07:41, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) > free_pipe_context: destroying talloc pool of size 0 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) > write_to_pipe: data_used = 28 >[2005/03/31 14:07:41, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(909) > read_from_pipe: 73ab name: samr len: 1024 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(982) > read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 12. >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr hdr >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0000 major : 05 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0001 minor : 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0002 pkt_type : 02 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0003 flags : 03 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0004 pack_type0: 10 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0005 pack_type1: 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0006 pack_type2: 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0007 pack_type3: 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 frag_len : 0024 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000a auth_len : 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 000c call_id : 00000007 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0010 alloc_hint: 0000000c >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0014 context_id: 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0016 cancel_ct : 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0017 reserved : 00 >[2005/03/31 14:07:41, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..36] >[2005/03/31 14:07:41, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:41, 5] lib/util.c:show_msg(474) > size=92 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=824 > smb_uid=100 > smb_mid=2112 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 36 (0x24) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 36 (0x24) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=37 >[2005/03/31 14:07:41, 10] lib/util.c:dump_data(1995) > [000] 00 05 00 02 03 10 00 00 00 24 00 00 00 07 00 00 ........ .$...... > [010] 00 0C 00 00 00 00 00 00 00 00 00 15 00 00 00 00 ........ ........ > [020] 00 00 00 00 00 ..... >[2005/03/31 14:07:41, 6] lib/util_sock.c:write_socket(449) > write_socket(25,96) >[2005/03/31 14:07:41, 6] lib/util_sock.c:write_socket(452) > write_socket(25,96) wrote 96 >[2005/03/31 14:07:41, 10] lib/util_sock.c:read_smb_length_return_keepalive(505) > got smb length of 890 >[2005/03/31 14:07:41, 6] smbd/process.c:process_smb(1090) > got message type 0x0 of len 0x37a >[2005/03/31 14:07:41, 3] smbd/process.c:process_smb(1091) > Transaction 34 of length 894 >[2005/03/31 14:07:41, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:41, 5] lib/util.c:show_msg(474) > size=890 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=824 > smb_uid=100 > smb_mid=2176 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 806 (0x326) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 806 (0x326) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29611 (0x73AB) > smb_bcc=823 >[2005/03/31 14:07:41, 10] lib/util.c:dump_data(1995) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 26 03 00 00 08 00 00 ........ .&...... > [020] 00 0E 03 00 00 00 00 3A 00 00 00 00 00 06 00 00 .......: ........ > [030] 00 00 00 00 00 7D 4A 4C 42 D4 51 00 00 19 00 19 .....}JL B.Q..... > [040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [070] 00 00 00 00 00 00 00 00 00 12 00 14 00 D0 C6 21 ........ .......! > [080] 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E0] 00 00 00 00 00 00 00 00 00 80 00 00 00 02 00 10 ........ ........ > [0F0] 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [100] 00 00 00 00 00 26 E9 B8 03 12 B9 C7 6A E3 C5 D3 .....&.. ....j... > [110] 53 8A BB 9D 96 89 A6 58 AD FC 00 87 D5 DD DC BF S......X ........ > [120] 78 89 B3 13 2E AF 77 3C CA 61 9A 54 F8 A1 D2 F2 x.....w< .a.T.... > [130] A3 D6 55 19 78 BE F8 DA F2 8C AA 04 A4 83 04 67 ..U.x... .......g > [140] A1 A5 A3 25 9C 4B 54 D1 79 03 52 EB 36 9D 5F D9 ...%.KT. y.R.6._. > [150] 77 5B 8E CD AE 3C 76 88 F9 87 0B DB C5 BC 68 33 w[...<v. ......h3 > [160] 16 82 A8 03 26 61 B2 53 08 0E F6 00 A9 B9 21 3F ....&a.S ......!? > [170] 59 88 82 BC 36 91 89 6D 08 F3 5A 27 31 B7 8A 03 Y...6..m ..Z'1... > [180] 3E E0 13 B8 23 15 DC FF 45 F8 29 A0 F5 25 6E 68 >...#... E.)..%nh > [190] 0D F1 C7 B4 03 FA D7 88 A8 87 73 35 85 A2 FA A5 ........ ..s5.... > [1A0] 80 B5 5B CA 02 9A 91 95 68 54 1A 1F 9D 80 BB F2 ..[..... hT...... > [1B0] DB CC B5 62 D8 A5 D2 1A 13 F9 FE 7C 17 CA B3 AA ...b.... ...|.... > [1C0] D0 64 33 45 71 BA 0E 96 D7 36 69 78 4A F3 6C 7D .d3Eq... .6ixJ.l} > [1D0] 63 55 B4 9E D2 E3 29 2A D9 13 33 C3 26 20 C3 F7 cU....)* ..3.& .. > [1E0] 6F F7 D3 14 AB 98 85 CA 57 3A D5 09 06 2F 72 E8 o....... W:.../r. > [1F0] 72 39 0F 11 3F ED DC DF 85 FB 6E AE 8C 45 E3 78 r9..?... ..n..E.x >[2005/03/31 14:07:41, 3] smbd/process.c:switch_message(886) > switch message SMBtrans (pid 20948) conn 0x8333888 >[2005/03/31 14:07:41, 4] smbd/uid.c:change_to_user(194) > change_to_user: Skipping user change - already user >[2005/03/31 14:07:41, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=806 params=0 setup=2 >[2005/03/31 14:07:41, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2005/03/31 14:07:41, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2005/03/31 14:07:41, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2005/03/31 14:07:41, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1168) > search for pipe pnum=73ab >[2005/03/31 14:07:41, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) > pipe name samr pnum=73ab (pipes_open=2) >[2005/03/31 14:07:41, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) > pipe name lsarpc pnum=73a8 (pipes_open=2) >[2005/03/31 14:07:41, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "samr" (pnum 73ab) >[2005/03/31 14:07:41, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x830eed8 max_trans_reply: 1024 >[2005/03/31 14:07:41, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(852) > write_to_pipe: 73ab name: samr open: Yes len: 806 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) > write_to_pipe: data_left = 806 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 806 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) > fill_rpc_header: data_to_copy = 806, len_needed_to_complete_hdr = 16, receive_len = 0 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) > write_to_pipe: data_used = 16 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) > write_to_pipe: data_left = 790 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 790 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0000 major : 05 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0001 minor : 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0002 pkt_type : 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0003 flags : 03 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0004 pack_type0: 10 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0005 pack_type1: 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0006 pack_type2: 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0007 pack_type3: 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 frag_len : 0326 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000a auth_len : 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 000c call_id : 00000008 >[2005/03/31 14:07:41, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) > unmarshall_rpc_header: using little-endian RPC >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) > unmarshall_rpc_header: type = 0, flags = 3 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) > write_to_pipe: data_used = 0 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) > write_to_pipe: data_left = 790 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 790, incoming data = 790 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(720) > process_complete_pdu: processing packet type 0 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0000 alloc_hint: 0000030e >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0004 context_id: 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0006 opnum : 003a >[2005/03/31 14:07:41, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) > free_pipe_context: destroying talloc pool of size 0 >[2005/03/31 14:07:41, 5] rpc_server/srv_pipe.c:api_pipe_request(1497) > Requested \PIPE\samr >[2005/03/31 14:07:41, 4] rpc_server/srv_pipe.c:api_rpcTNP(1531) > api_rpcTNP: samr op 0x3a - api_rpcTNP: rpc command: SAMR_SET_USERINFO >[2005/03/31 14:07:41, 6] rpc_server/srv_pipe.c:api_rpcTNP(1557) > api_rpc_cmds[22].fn == 0x8124e60 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_q_set_userinfo >[2005/03/31 14:07:41, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd pol >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0000 data1: 00000000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0004 data2: 00000006 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 data3: 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000a data4: 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8s(729) > 000c data5: 7d 4a 4c 42 d4 51 00 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0014 switch_value: 0019 >[2005/03/31 14:07:41, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000016 samr_io_userinfo_ctr ctr >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0016 switch_value: 0019 >[2005/03/31 14:07:41, 7] rpc_parse/parse_prs.c:prs_debug(82) > 000018 sam_io_user_info25 >[2005/03/31 14:07:41, 8] rpc_parse/parse_prs.c:prs_debug(82) > 000018 smb_io_time logon_time >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0018 low : 00000000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 001c high: 00000000 >[2005/03/31 14:07:41, 8] rpc_parse/parse_prs.c:prs_debug(82) > 000020 smb_io_time logoff_time >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0020 low : 00000000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0024 high: 00000000 >[2005/03/31 14:07:41, 8] rpc_parse/parse_prs.c:prs_debug(82) > 000028 smb_io_time kickoff_time >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0028 low : 00000000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 002c high: 00000000 >[2005/03/31 14:07:41, 8] rpc_parse/parse_prs.c:prs_debug(82) > 000030 smb_io_time pass_last_set_time >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0030 low : 00000000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0034 high: 00000000 >[2005/03/31 14:07:41, 8] rpc_parse/parse_prs.c:prs_debug(82) > 000038 smb_io_time pass_can_change_time >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0038 low : 00000000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 003c high: 00000000 >[2005/03/31 14:07:41, 8] rpc_parse/parse_prs.c:prs_debug(82) > 000040 smb_io_time pass_must_change_time >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0040 low : 00000000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0044 high: 00000000 >[2005/03/31 14:07:41, 8] rpc_parse/parse_prs.c:prs_debug(82) > 000048 smb_io_unihdr hdr_user_name >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0048 uni_str_len: 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 004a uni_max_len: 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 004c buffer : 00000000 >[2005/03/31 14:07:41, 8] rpc_parse/parse_prs.c:prs_debug(82) > 000050 smb_io_unihdr hdr_full_name >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0050 uni_str_len: 0012 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0052 uni_max_len: 0014 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0054 buffer : 0321c6d0 >[2005/03/31 14:07:41, 8] rpc_parse/parse_prs.c:prs_debug(82) > 000058 smb_io_unihdr hdr_home_dir >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0058 uni_str_len: 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 005a uni_max_len: 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 005c buffer : 00000000 >[2005/03/31 14:07:41, 8] rpc_parse/parse_prs.c:prs_debug(82) > 000060 smb_io_unihdr hdr_dir_drive >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0060 uni_str_len: 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0062 uni_max_len: 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0064 buffer : 00000000 >[2005/03/31 14:07:41, 8] rpc_parse/parse_prs.c:prs_debug(82) > 000068 smb_io_unihdr hdr_logon_script >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0068 uni_str_len: 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 006a uni_max_len: 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 006c buffer : 00000000 >[2005/03/31 14:07:41, 8] rpc_parse/parse_prs.c:prs_debug(82) > 000070 smb_io_unihdr hdr_profile_path >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0070 uni_str_len: 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0072 uni_max_len: 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0074 buffer : 00000000 >[2005/03/31 14:07:41, 8] rpc_parse/parse_prs.c:prs_debug(82) > 000078 smb_io_unihdr hdr_acct_desc >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0078 uni_str_len: 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 007a uni_max_len: 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 007c buffer : 00000000 >[2005/03/31 14:07:41, 8] rpc_parse/parse_prs.c:prs_debug(82) > 000080 smb_io_unihdr hdr_workstations >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0080 uni_str_len: 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0082 uni_max_len: 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0084 buffer : 00000000 >[2005/03/31 14:07:41, 8] rpc_parse/parse_prs.c:prs_debug(82) > 000088 smb_io_unihdr hdr_unknown_str >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0088 uni_str_len: 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 008a uni_max_len: 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 008c buffer : 00000000 >[2005/03/31 14:07:41, 8] rpc_parse/parse_prs.c:prs_debug(82) > 000090 smb_io_unihdr hdr_munged_dial >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0090 uni_str_len: 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0092 uni_max_len: 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0094 buffer : 00000000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8s(729) > 0098 lm_pwd : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8s(729) > 00a8 nt_pwd : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 00b8 user_rid : 00000000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 00bc group_rid : 00000000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 00c0 acb_info : 00000080 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32s(869) > 00c4 unknown_6 : 01100002 00000000 00000000 00000000 00000000 00000000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8s(729) > 00dc password : 26 e9 b8 03 12 b9 c7 6a e3 c5 d3 53 8a bb 9d 96 89 a6 58 ad fc 00 87 d5 dd dc bf 78 89 b3 13 2e af 77 3c ca 61 9a 54 f8 a1 d2 f2 a3 d6 55 19 78 be f8 da f2 8c aa 04 a4 83 04 67 a1 a5 a3 25 9c 4b 54 d1 79 03 52 eb 36 9d 5f d9 77 5b 8e cd ae 3c 76 88 f9 87 0b db c5 bc 68 33 16 82 a8 03 26 61 b2 53 08 0e f6 00 a9 b9 21 3f 59 88 82 bc 36 91 89 6d 08 f3 5a 27 31 b7 8a 03 3e e0 13 b8 23 15 dc ff 45 f8 29 a0 f5 25 6e 68 0d f1 c7 b4 03 fa d7 88 a8 87 73 35 85 a2 fa a5 80 b5 5b ca 02 9a 91 95 68 54 1a 1f 9d 80 bb f2 db cc b5 62 d8 a5 d2 1a 13 f9 fe 7c 17 ca b3 aa d0 64 33 45 71 ba 0e 96 d7 36 69 78 4a f3 6c 7d 63 55 b4 9e d2 e3 29 2a d9 13 33 c3 26 20 c3 f7 6f f7 d3 14 ab 98 85 ca 57 3a d5 09 06 2f 72 e8 72 39 0f 11 3f ed dc df 85 fb 6e ae 8c 45 e3 78 e8 db 8b f0 0f 5b cd 83 2e 26 de 78 b8 dd b0 81 37 4c e2 4b 4a b0 c0 fd 67 6c 99 f5 5b 9b 84 ab 12 a9 7d ec f7 31 f1 e3 d6 08 02 68 ad 9a 98 9f 55 0a 85 f0 e5 8d 08 aa a8 af c5 f1 84 07 5b 80 ad 80 3d 24 34 9f 4f b9 da 9d 87 b9 93 ec a +> > 3 48 7c 48 1b 6f b1 41 6e 16 98 be 8f c6 1e 2c f0 2a 24 cf b8 ca 32 6d 88 55 e7 f0 31 e8 77 5c 31 d3 13 c6 5e b4 0a cd 86 d2 77 b0 dc 7e f7 36 74 22 9e ba 84 31 4d a7 59 b1 96 26 40 81 a9 e6 ac 56 a3 15 67 5c fb 3a 33 d5 a7 5d 7c 77 a5 42 4c 85 f0 44 4e 48 87 e5 d0 3a 73 33 a8 4a 8b 07 d7 19 60 6e 1e 88 8c a9 25 68 92 85 42 ee ac 07 40 bd 99 fc 6b 8e f8 ae a7 96 19 e4 b3 8c 42 21 fe 69 40 1e 4a 97 f6 2f 71 68 ef 22 66 6a b5 c8 8a de 24 30 b7 8a 29 d1 ab ec 4f 53 0d 73 5f a6 bc d4 7f 76 0d 6e 59 85 13 b5 6e 0c ce 36 ab 19 9e 43 de cb 9c d0 b3 38 38 b1 96 67 76 96 d1 f1 24 fb d8 b5 08 12 ac c4 37 47 56 >[2005/03/31 14:07:41, 8] rpc_parse/parse_prs.c:prs_debug(82) > 0002f0 smb_io_unistr2 - NULL uni_user_name >[2005/03/31 14:07:41, 8] rpc_parse/parse_prs.c:prs_debug(82) > 0002f0 smb_io_unistr2 uni_full_name >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 02f0 uni_max_len: 0000000a >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 02f4 offset : 00000000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 02f8 uni_str_len: 00000009 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:dbg_rw_punival(814) > 02fc buffer : X.P.N.O.R.T.O.N.$. >[2005/03/31 14:07:41, 8] rpc_parse/parse_prs.c:prs_debug(82) > 00030e smb_io_unistr2 - NULL uni_home_dir >[2005/03/31 14:07:41, 8] rpc_parse/parse_prs.c:prs_debug(82) > 00030e smb_io_unistr2 - NULL uni_dir_drive >[2005/03/31 14:07:41, 8] rpc_parse/parse_prs.c:prs_debug(82) > 00030e smb_io_unistr2 - NULL uni_logon_script >[2005/03/31 14:07:41, 8] rpc_parse/parse_prs.c:prs_debug(82) > 00030e smb_io_unistr2 - NULL uni_profile_path >[2005/03/31 14:07:41, 8] rpc_parse/parse_prs.c:prs_debug(82) > 00030e smb_io_unistr2 - NULL uni_acct_desc >[2005/03/31 14:07:41, 8] rpc_parse/parse_prs.c:prs_debug(82) > 00030e smb_io_unistr2 - NULL uni_workstations >[2005/03/31 14:07:41, 8] rpc_parse/parse_prs.c:prs_debug(82) > 00030e smb_io_unistr2 - NULL uni_unknown_str >[2005/03/31 14:07:41, 8] rpc_parse/parse_prs.c:prs_debug(82) > 00030e smb_io_unistr2 - NULL uni_munged_dial >[2005/03/31 14:07:41, 5] rpc_server/srv_samr_nt.c:_samr_set_userinfo(3029) > _samr_set_userinfo: 3029 >[2005/03/31 14:07:41, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 06 00 00 00 00 00 00 00 7D 4A 4C 42 ........ ....}JLB > [010] D4 51 00 00 .Q.. >[2005/03/31 14:07:41, 5] rpc_server/srv_samr_nt.c:access_check_samr_function(201) > _samr_set_userinfo: access check ((granted: 0x000f07ff; required: 0x000000b0) >[2005/03/31 14:07:41, 5] rpc_server/srv_samr_nt.c:_samr_set_userinfo(3045) > _samr_set_userinfo: sid:S-1-5-21-725326080-1709766072-2910717368-3324, level:25 >[2005/03/31 14:07:41, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2005/03/31 14:07:41, 3] smbd/uid.c:push_conn_ctx(365) > push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >[2005/03/31 14:07:41, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2005/03/31 14:07:41, 5] auth/auth_util.c:debug_nt_user_token(485) > NT user token: (NULL) >[2005/03/31 14:07:41, 5] auth/auth_util.c:debug_unix_user_token(506) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2005/03/31 14:07:41, 5] lib/smbldap.c:smbldap_search(1038) > smbldap_search: base => [dc=borkholder,dc=com], filter => [(&(sambaSID=S-1-5-21-725326080-1709766072-2910717368-3324)(objectclass=sambaSamAccount))], scope => [2] >[2005/03/31 14:07:41, 2] passdb/pdb_ldap.c:init_sam_from_ldap(499) > init_sam_from_ldap: Entry found for user: xpnorton$ >[2005/03/31 14:07:41, 10] passdb/pdb_get_set.c:pdb_set_username(617) > pdb_set_username: setting username xpnorton$, was >[2005/03/31 14:07:41, 10] passdb/pdb_get_set.c:pdb_set_domain(644) > pdb_set_domain: setting domain CORP, was >[2005/03/31 14:07:41, 10] passdb/pdb_get_set.c:pdb_set_nt_username(671) > pdb_set_nt_username: setting nt username xpnorton$, was >[2005/03/31 14:07:41, 10] passdb/pdb_get_set.c:pdb_set_user_sid_from_string(557) > pdb_set_user_sid_from_string: setting user sid S-1-5-21-725326080-1709766072-2910717368-3324 >[2005/03/31 14:07:41, 10] passdb/pdb_get_set.c:pdb_set_user_sid(544) > pdb_set_user_sid: setting user sid S-1-5-21-725326080-1709766072-2910717368-3324 >[2005/03/31 14:07:41, 10] passdb/pdb_get_set.c:pdb_set_group_sid_from_string(592) > pdb_set_group_sid_from_string: setting group sid S-1-5-21-725326080-1709766072-2910717368-2031 >[2005/03/31 14:07:41, 10] passdb/pdb_get_set.c:pdb_set_group_sid(580) > pdb_set_group_sid: setting group sid S-1-5-21-725326080-1709766072-2910717368-2031 >[2005/03/31 14:07:41, 10] lib/smbldap.c:smbldap_get_single_attribute(358) > smbldap_get_single_attribute: [sambaPwdLastSet] = [<does not exist>] >[2005/03/31 14:07:41, 10] lib/smbldap.c:smbldap_get_single_attribute(358) > smbldap_get_single_attribute: [sambaLogonTime] = [<does not exist>] >[2005/03/31 14:07:41, 10] lib/smbldap.c:smbldap_get_single_attribute(358) > smbldap_get_single_attribute: [sambaLogoffTime] = [<does not exist>] >[2005/03/31 14:07:41, 10] lib/smbldap.c:smbldap_get_single_attribute(358) > smbldap_get_single_attribute: [sambaKickoffTime] = [<does not exist>] >[2005/03/31 14:07:41, 10] lib/smbldap.c:smbldap_get_single_attribute(358) > smbldap_get_single_attribute: [sambaPwdCanChange] = [<does not exist>] >[2005/03/31 14:07:41, 10] lib/smbldap.c:smbldap_get_single_attribute(358) > smbldap_get_single_attribute: [sambaPwdMustChange] = [<does not exist>] >[2005/03/31 14:07:41, 10] passdb/pdb_get_set.c:pdb_set_fullname(698) > pdb_set_full_name: setting full name Computer, was >[2005/03/31 14:07:41, 10] lib/smbldap.c:smbldap_get_single_attribute(358) > smbldap_get_single_attribute: [sambaHomeDrive] = [<does not exist>] >[2005/03/31 14:07:41, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(779) > pdb_set_dir_drive: setting dir drive H:, was NULL >[2005/03/31 14:07:41, 10] lib/smbldap.c:smbldap_get_single_attribute(358) > smbldap_get_single_attribute: [sambaHomePath] = [<does not exist>] >[2005/03/31 14:07:41, 10] passdb/pdb_get_set.c:pdb_set_homedir(806) > pdb_set_homedir: setting home dir \\corpsrv\xpnorton_, was >[2005/03/31 14:07:41, 10] lib/smbldap.c:smbldap_get_single_attribute(358) > smbldap_get_single_attribute: [sambaLogonScript] = [<does not exist>] >[2005/03/31 14:07:41, 10] passdb/pdb_get_set.c:pdb_set_logon_script(725) > pdb_set_logon_script: setting logon script logon.bat, was >[2005/03/31 14:07:41, 10] lib/smbldap.c:smbldap_get_single_attribute(358) > smbldap_get_single_attribute: [sambaProfilePath] = [<does not exist>] >[2005/03/31 14:07:41, 10] passdb/pdb_get_set.c:pdb_set_profile_path(752) > pdb_set_profile_path: setting profile path \\corpsrv\profiles\xpnorton_\WinXP, was >[2005/03/31 14:07:41, 10] lib/smbldap.c:smbldap_get_single_attribute(358) > smbldap_get_single_attribute: [sambaUserWorkstations] = [<does not exist>] >[2005/03/31 14:07:41, 10] lib/smbldap.c:smbldap_get_single_attribute(358) > smbldap_get_single_attribute: [sambaMungedDial] = [<does not exist>] >[2005/03/31 14:07:41, 10] lib/smbldap.c:smbldap_get_single_attribute(358) > smbldap_get_single_attribute: [sambaLMPassword] = [<does not exist>] >[2005/03/31 14:07:41, 10] lib/smbldap.c:smbldap_get_single_attribute(358) > smbldap_get_single_attribute: [sambaNTPassword] = [<does not exist>] >[2005/03/31 14:07:41, 10] lib/account_pol.c:account_policy_get(210) > account_policy_get: password history:0 >[2005/03/31 14:07:41, 10] lib/smbldap.c:smbldap_get_single_attribute(358) > smbldap_get_single_attribute: [sambaBadPasswordCount] = [<does not exist>] >[2005/03/31 14:07:41, 10] lib/smbldap.c:smbldap_get_single_attribute(358) > smbldap_get_single_attribute: [sambaBadPasswordTime] = [<does not exist>] >[2005/03/31 14:07:41, 10] lib/smbldap.c:smbldap_get_single_attribute(358) > smbldap_get_single_attribute: [sambaLogonHours] = [<does not exist>] >[2005/03/31 14:07:41, 7] passdb/login_cache.c:login_cache_read(83) > Looking up login cache for user xpnorton$ >[2005/03/31 14:07:41, 7] passdb/login_cache.c:login_cache_read(97) > No cache entry found >[2005/03/31 14:07:41, 9] passdb/pdb_ldap.c:init_sam_from_ldap(852) > No cache entry, bad count = 0, bad time = 0 >[2005/03/31 14:07:41, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2005/03/31 14:07:41, 5] rpc_server/srv_samr_nt.c:_samr_set_userinfo(3077) > _samr_set_userinfo: does not possess sufficient rights >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_r_set_userinfo >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_ntstatus(672) > 0000 status: NT_STATUS_INVALID_INFO_CLASS >[2005/03/31 14:07:41, 5] rpc_server/srv_pipe.c:api_rpcTNP(1578) > api_rpcTNP: called samr successfully >[2005/03/31 14:07:41, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) > free_pipe_context: destroying talloc pool of size 916 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) > write_to_pipe: data_used = 790 >[2005/03/31 14:07:41, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(909) > read_from_pipe: 73ab name: samr len: 1024 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(982) > read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 4. >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr hdr >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0000 major : 05 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0001 minor : 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0002 pkt_type : 02 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0003 flags : 03 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0004 pack_type0: 10 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0005 pack_type1: 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0006 pack_type2: 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0007 pack_type3: 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 frag_len : 001c >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000a auth_len : 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 000c call_id : 00000008 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0010 alloc_hint: 00000004 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0014 context_id: 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0016 cancel_ct : 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0017 reserved : 00 >[2005/03/31 14:07:41, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..28] >[2005/03/31 14:07:41, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:41, 5] lib/util.c:show_msg(474) > size=84 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=824 > smb_uid=100 > smb_mid=2176 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 28 (0x1C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 28 (0x1C) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=29 >[2005/03/31 14:07:41, 10] lib/util.c:dump_data(1995) > [000] 00 05 00 02 03 10 00 00 00 1C 00 00 00 08 00 00 ........ ........ > [010] 00 04 00 00 00 00 00 00 00 03 00 00 C0 ........ ..... >[2005/03/31 14:07:41, 6] lib/util_sock.c:write_socket(449) > write_socket(25,88) >[2005/03/31 14:07:41, 6] lib/util_sock.c:write_socket(452) > write_socket(25,88) wrote 88 >[2005/03/31 14:07:41, 10] lib/util_sock.c:read_smb_length_return_keepalive(505) > got smb length of 874 >[2005/03/31 14:07:41, 6] smbd/process.c:process_smb(1090) > got message type 0x0 of len 0x36a >[2005/03/31 14:07:41, 3] smbd/process.c:process_smb(1091) > Transaction 35 of length 878 >[2005/03/31 14:07:41, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:41, 5] lib/util.c:show_msg(474) > size=874 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=824 > smb_uid=100 > smb_mid=2240 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 790 (0x316) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 790 (0x316) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29611 (0x73AB) > smb_bcc=807 >[2005/03/31 14:07:41, 10] lib/util.c:dump_data(1995) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 16 03 00 00 09 00 00 ........ ........ > [020] 00 FE 02 00 00 00 00 3A 00 00 00 00 00 06 00 00 .......: ........ > [030] 00 00 00 00 00 7D 4A 4C 42 D4 51 00 00 17 00 17 .....}JL B.Q..... > [040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [070] 00 00 00 00 00 00 00 00 00 12 00 14 00 D0 C6 21 ........ .......! > [080] 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E0] 00 00 00 00 00 00 00 00 00 80 00 00 00 02 00 10 ........ ........ > [0F0] 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [100] 00 00 00 00 00 8F BF 31 35 72 BA AA E8 6B FD B1 .......1 5r...k.. > [110] BA 25 F1 88 B1 3A 53 4F CF 93 4C 72 1F DB 67 CB .%...:SO ..Lr..g. > [120] AD 54 5B 9C 2F 06 A6 0A C2 0F A6 60 23 58 A9 5E .T[./... ...`#X.^ > [130] 2F 0D E2 D8 60 58 B6 1D 7B 7B E5 FE 0D 61 54 B7 /...`X.. {{...aT. > [140] D7 E8 4A 68 56 43 87 78 F7 04 AC 59 55 E9 F8 DC ..JhVC.x ...YU... > [150] 8C 34 9B 93 0E 50 11 20 1B 22 0F E6 32 CA 16 36 .4...P. ."..2..6 > [160] DB 70 F5 B8 D2 AA F8 00 FF 31 DE EE 05 2A A2 05 .p...... .1...*.. > [170] 6B 7E 84 35 5B FC 3D 9E 35 BF 17 2B 57 07 D1 A4 k~.5[.=. 5..+W... > [180] 58 8E 7B 36 1F DC 30 EA 95 52 75 3B 36 6C 7D C3 X.{6..0. .Ru;6l}. > [190] 2E 4D D5 7F 31 92 2E 30 D6 1F E1 71 11 9B 85 C5 .M..1..0 ...q.... > [1A0] 2E 37 AE 7D 39 3C D5 B9 3D 61 76 A4 F0 88 34 F6 .7.}9<.. =av...4. > [1B0] A8 CC 41 A6 DC 20 D4 17 FE 8D 59 96 C0 A8 2D F8 ..A.. .. ..Y...-. > [1C0] 29 6E 6B 97 22 19 2B 26 2B 7D 0A D6 D3 98 14 B8 )nk.".+& +}...... > [1D0] 07 1D D0 4C C9 2A 19 23 CB A6 5B E9 4E 2C 81 79 ...L.*.# ..[.N,.y > [1E0] 2E 7A DC EE 9B 09 7F 29 C3 2F 9D 31 B5 49 18 80 .z.....) ./.1.I.. > [1F0] 45 FE E4 49 79 24 5A 09 2D 48 3C 6E 9A D9 21 93 E..Iy$Z. -H<n..!. >[2005/03/31 14:07:41, 3] smbd/process.c:switch_message(886) > switch message SMBtrans (pid 20948) conn 0x8333888 >[2005/03/31 14:07:41, 4] smbd/uid.c:change_to_user(194) > change_to_user: Skipping user change - already user >[2005/03/31 14:07:41, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=790 params=0 setup=2 >[2005/03/31 14:07:41, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2005/03/31 14:07:41, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2005/03/31 14:07:41, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2005/03/31 14:07:41, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1168) > search for pipe pnum=73ab >[2005/03/31 14:07:41, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) > pipe name samr pnum=73ab (pipes_open=2) >[2005/03/31 14:07:41, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) > pipe name lsarpc pnum=73a8 (pipes_open=2) >[2005/03/31 14:07:41, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "samr" (pnum 73ab) >[2005/03/31 14:07:41, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x830eed8 max_trans_reply: 1024 >[2005/03/31 14:07:41, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(852) > write_to_pipe: 73ab name: samr open: Yes len: 790 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) > write_to_pipe: data_left = 790 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 790 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) > fill_rpc_header: data_to_copy = 790, len_needed_to_complete_hdr = 16, receive_len = 0 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) > write_to_pipe: data_used = 16 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) > write_to_pipe: data_left = 774 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 774 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0000 major : 05 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0001 minor : 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0002 pkt_type : 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0003 flags : 03 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0004 pack_type0: 10 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0005 pack_type1: 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0006 pack_type2: 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0007 pack_type3: 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 frag_len : 0316 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000a auth_len : 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 000c call_id : 00000009 >[2005/03/31 14:07:41, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) > unmarshall_rpc_header: using little-endian RPC >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) > unmarshall_rpc_header: type = 0, flags = 3 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) > write_to_pipe: data_used = 0 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) > write_to_pipe: data_left = 774 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 774, incoming data = 774 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(720) > process_complete_pdu: processing packet type 0 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0000 alloc_hint: 000002fe >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0004 context_id: 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0006 opnum : 003a >[2005/03/31 14:07:41, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) > free_pipe_context: destroying talloc pool of size 0 >[2005/03/31 14:07:41, 5] rpc_server/srv_pipe.c:api_pipe_request(1497) > Requested \PIPE\samr >[2005/03/31 14:07:41, 4] rpc_server/srv_pipe.c:api_rpcTNP(1531) > api_rpcTNP: samr op 0x3a - api_rpcTNP: rpc command: SAMR_SET_USERINFO >[2005/03/31 14:07:41, 6] rpc_server/srv_pipe.c:api_rpcTNP(1557) > api_rpc_cmds[22].fn == 0x8124e60 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_q_set_userinfo >[2005/03/31 14:07:41, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd pol >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0000 data1: 00000000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0004 data2: 00000006 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 data3: 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000a data4: 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8s(729) > 000c data5: 7d 4a 4c 42 d4 51 00 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0014 switch_value: 0017 >[2005/03/31 14:07:41, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000016 samr_io_userinfo_ctr ctr >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0016 switch_value: 0017 >[2005/03/31 14:07:41, 7] rpc_parse/parse_prs.c:prs_debug(82) > 000018 sam_io_user_info23 >[2005/03/31 14:07:41, 8] rpc_parse/parse_prs.c:prs_debug(82) > 000018 smb_io_time logon_time >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0018 low : 00000000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 001c high: 00000000 >[2005/03/31 14:07:41, 8] rpc_parse/parse_prs.c:prs_debug(82) > 000020 smb_io_time logoff_time >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0020 low : 00000000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0024 high: 00000000 >[2005/03/31 14:07:41, 8] rpc_parse/parse_prs.c:prs_debug(82) > 000028 smb_io_time kickoff_time >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0028 low : 00000000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 002c high: 00000000 >[2005/03/31 14:07:41, 8] rpc_parse/parse_prs.c:prs_debug(82) > 000030 smb_io_time pass_last_set_time >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0030 low : 00000000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0034 high: 00000000 >[2005/03/31 14:07:41, 8] rpc_parse/parse_prs.c:prs_debug(82) > 000038 smb_io_time pass_can_change_time >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0038 low : 00000000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 003c high: 00000000 >[2005/03/31 14:07:41, 8] rpc_parse/parse_prs.c:prs_debug(82) > 000040 smb_io_time pass_must_change_time >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0040 low : 00000000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0044 high: 00000000 >[2005/03/31 14:07:41, 8] rpc_parse/parse_prs.c:prs_debug(82) > 000048 smb_io_unihdr hdr_user_name >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0048 uni_str_len: 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 004a uni_max_len: 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 004c buffer : 00000000 >[2005/03/31 14:07:41, 8] rpc_parse/parse_prs.c:prs_debug(82) > 000050 smb_io_unihdr hdr_full_name >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0050 uni_str_len: 0012 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0052 uni_max_len: 0014 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0054 buffer : 0321c6d0 >[2005/03/31 14:07:41, 8] rpc_parse/parse_prs.c:prs_debug(82) > 000058 smb_io_unihdr hdr_home_dir >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0058 uni_str_len: 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 005a uni_max_len: 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 005c buffer : 00000000 >[2005/03/31 14:07:41, 8] rpc_parse/parse_prs.c:prs_debug(82) > 000060 smb_io_unihdr hdr_dir_drive >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0060 uni_str_len: 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0062 uni_max_len: 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0064 buffer : 00000000 >[2005/03/31 14:07:41, 8] rpc_parse/parse_prs.c:prs_debug(82) > 000068 smb_io_unihdr hdr_logon_script >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0068 uni_str_len: 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 006a uni_max_len: 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 006c buffer : 00000000 >[2005/03/31 14:07:41, 8] rpc_parse/parse_prs.c:prs_debug(82) > 000070 smb_io_unihdr hdr_profile_path >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0070 uni_str_len: 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0072 uni_max_len: 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0074 buffer : 00000000 >[2005/03/31 14:07:41, 8] rpc_parse/parse_prs.c:prs_debug(82) > 000078 smb_io_unihdr hdr_acct_desc >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0078 uni_str_len: 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 007a uni_max_len: 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 007c buffer : 00000000 >[2005/03/31 14:07:41, 8] rpc_parse/parse_prs.c:prs_debug(82) > 000080 smb_io_unihdr hdr_workstations >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0080 uni_str_len: 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0082 uni_max_len: 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0084 buffer : 00000000 >[2005/03/31 14:07:41, 8] rpc_parse/parse_prs.c:prs_debug(82) > 000088 smb_io_unihdr hdr_unknown_str >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0088 uni_str_len: 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 008a uni_max_len: 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 008c buffer : 00000000 >[2005/03/31 14:07:41, 8] rpc_parse/parse_prs.c:prs_debug(82) > 000090 smb_io_unihdr hdr_munged_dial >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0090 uni_str_len: 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0092 uni_max_len: 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0094 buffer : 00000000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8s(729) > 0098 lm_pwd : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8s(729) > 00a8 nt_pwd : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 00b8 user_rid : 00000000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 00bc group_rid : 00000000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 00c0 acb_info : 00000080 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 00c4 fields_present : 01100002 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 00c8 logon_divs : 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 00cc ptr_logon_hrs : 00000000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 00d0 bad_password_count : 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 00d2 logon_count : 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8s(729) > 00d4 padding1 : 00 00 00 00 00 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 00da passmustchange : 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 00db padding2 : 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8s(729) > 00dc password : 8f bf 31 35 72 ba aa e8 6b fd b1 ba 25 f1 88 b1 3a 53 4f cf 93 4c 72 1f db 67 cb ad 54 5b 9c 2f 06 a6 0a c2 0f a6 60 23 58 a9 5e 2f 0d e2 d8 60 58 b6 1d 7b 7b e5 fe 0d 61 54 b7 d7 e8 4a 68 56 43 87 78 f7 04 ac 59 55 e9 f8 dc 8c 34 9b 93 0e 50 11 20 1b 22 0f e6 32 ca 16 36 db 70 f5 b8 d2 aa f8 00 ff 31 de ee 05 2a a2 05 6b 7e 84 35 5b fc 3d 9e 35 bf 17 2b 57 07 d1 a4 58 8e 7b 36 1f dc 30 ea 95 52 75 3b 36 6c 7d c3 2e 4d d5 7f 31 92 2e 30 d6 1f e1 71 11 9b 85 c5 2e 37 ae 7d 39 3c d5 b9 3d 61 76 a4 f0 88 34 f6 a8 cc 41 a6 dc 20 d4 17 fe 8d 59 96 c0 a8 2d f8 29 6e 6b 97 22 19 2b 26 2b 7d 0a d6 d3 98 14 b8 07 1d d0 4c c9 2a 19 23 cb a6 5b e9 4e 2c 81 79 2e 7a dc ee 9b 09 7f 29 c3 2f 9d 31 b5 49 18 80 45 fe e4 49 79 24 5a 09 2d 48 3c 6e 9a d9 21 93 68 39 dc fa b1 b4 cd 14 00 7e 97 63 92 e8 14 6b 06 3e a7 0f 71 ab 79 a7 63 2d ea 31 8a 37 c2 cc 7a f5 20 4e 23 f5 a3 c4 49 16 0c e2 85 c9 9c c4 60 a9 35 59 d1 b8 16 f7 05 fb 62 ad 65 91 96 ef 54 9e 02 5f d7 1b 28 23 2e 55 80 23 de 71 f +> > 2 df 77 99 16 67 32 4c 30 8c ad 16 ac 57 28 53 83 23 09 27 13 ad 0b bf a1 5e 74 bc ac 8f f8 5c bc fa b0 f9 09 73 98 bd 99 63 bd 30 0f 6a 34 f9 4f d7 5e 8f fc f4 b6 db 2a ac 6e 7a 2d af d5 9b 5d d0 c0 f5 7c b7 63 50 15 8b df 38 34 5b 79 99 6f ad 8f 1d 9a 50 70 ea 9a 3e d0 60 ce 4f 9b 76 41 55 93 e0 59 07 96 91 8c ec 45 ad 84 79 68 fb ca 54 c6 60 a5 18 d1 11 5a 08 4d 1c b2 4e 3f 44 69 93 67 f9 26 46 76 dd e2 9c 55 ed 64 ec 3f 0f 9e 8e 6d 9a 91 a7 36 3e 7f f9 a1 6a 39 e5 22 24 f5 93 e4 e1 66 26 53 94 eb a3 b2 23 e4 f3 8c 29 dd a5 d0 12 52 f2 2e 39 9a 07 9d >[2005/03/31 14:07:41, 8] rpc_parse/parse_prs.c:prs_debug(82) > 0002e0 smb_io_unistr2 - NULL uni_user_name >[2005/03/31 14:07:41, 8] rpc_parse/parse_prs.c:prs_debug(82) > 0002e0 smb_io_unistr2 uni_full_name >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 02e0 uni_max_len: 0000000a >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 02e4 offset : 00000000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 02e8 uni_str_len: 00000009 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:dbg_rw_punival(814) > 02ec buffer : X.P.N.O.R.T.O.N.$. >[2005/03/31 14:07:41, 8] rpc_parse/parse_prs.c:prs_debug(82) > 0002fe smb_io_unistr2 - NULL uni_home_dir >[2005/03/31 14:07:41, 8] rpc_parse/parse_prs.c:prs_debug(82) > 0002fe smb_io_unistr2 - NULL uni_dir_drive >[2005/03/31 14:07:41, 8] rpc_parse/parse_prs.c:prs_debug(82) > 0002fe smb_io_unistr2 - NULL uni_logon_script >[2005/03/31 14:07:41, 8] rpc_parse/parse_prs.c:prs_debug(82) > 0002fe smb_io_unistr2 - NULL uni_profile_path >[2005/03/31 14:07:41, 8] rpc_parse/parse_prs.c:prs_debug(82) > 0002fe smb_io_unistr2 - NULL uni_acct_desc >[2005/03/31 14:07:41, 8] rpc_parse/parse_prs.c:prs_debug(82) > 0002fe smb_io_unistr2 - NULL uni_workstations >[2005/03/31 14:07:41, 8] rpc_parse/parse_prs.c:prs_debug(82) > 0002fe smb_io_unistr2 - NULL uni_unknown_str >[2005/03/31 14:07:41, 8] rpc_parse/parse_prs.c:prs_debug(82) > 0002fe smb_io_unistr2 - NULL uni_munged_dial >[2005/03/31 14:07:41, 5] rpc_server/srv_samr_nt.c:_samr_set_userinfo(3029) > _samr_set_userinfo: 3029 >[2005/03/31 14:07:41, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 06 00 00 00 00 00 00 00 7D 4A 4C 42 ........ ....}JLB > [010] D4 51 00 00 .Q.. >[2005/03/31 14:07:41, 5] rpc_server/srv_samr_nt.c:access_check_samr_function(201) > _samr_set_userinfo: access check ((granted: 0x000f07ff; required: 0x000000b0) >[2005/03/31 14:07:41, 5] rpc_server/srv_samr_nt.c:_samr_set_userinfo(3045) > _samr_set_userinfo: sid:S-1-5-21-725326080-1709766072-2910717368-3324, level:23 >[2005/03/31 14:07:41, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2005/03/31 14:07:41, 3] smbd/uid.c:push_conn_ctx(365) > push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >[2005/03/31 14:07:41, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2005/03/31 14:07:41, 5] auth/auth_util.c:debug_nt_user_token(485) > NT user token: (NULL) >[2005/03/31 14:07:41, 5] auth/auth_util.c:debug_unix_user_token(506) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2005/03/31 14:07:41, 5] lib/smbldap.c:smbldap_search(1038) > smbldap_search: base => [dc=borkholder,dc=com], filter => [(&(sambaSID=S-1-5-21-725326080-1709766072-2910717368-3324)(objectclass=sambaSamAccount))], scope => [2] >[2005/03/31 14:07:41, 2] passdb/pdb_ldap.c:init_sam_from_ldap(499) > init_sam_from_ldap: Entry found for user: xpnorton$ >[2005/03/31 14:07:41, 10] passdb/pdb_get_set.c:pdb_set_username(617) > pdb_set_username: setting username xpnorton$, was >[2005/03/31 14:07:41, 10] passdb/pdb_get_set.c:pdb_set_domain(644) > pdb_set_domain: setting domain CORP, was >[2005/03/31 14:07:41, 10] passdb/pdb_get_set.c:pdb_set_nt_username(671) > pdb_set_nt_username: setting nt username xpnorton$, was >[2005/03/31 14:07:41, 10] passdb/pdb_get_set.c:pdb_set_user_sid_from_string(557) > pdb_set_user_sid_from_string: setting user sid S-1-5-21-725326080-1709766072-2910717368-3324 >[2005/03/31 14:07:41, 10] passdb/pdb_get_set.c:pdb_set_user_sid(544) > pdb_set_user_sid: setting user sid S-1-5-21-725326080-1709766072-2910717368-3324 >[2005/03/31 14:07:41, 10] passdb/pdb_get_set.c:pdb_set_group_sid_from_string(592) > pdb_set_group_sid_from_string: setting group sid S-1-5-21-725326080-1709766072-2910717368-2031 >[2005/03/31 14:07:41, 10] passdb/pdb_get_set.c:pdb_set_group_sid(580) > pdb_set_group_sid: setting group sid S-1-5-21-725326080-1709766072-2910717368-2031 >[2005/03/31 14:07:41, 10] lib/smbldap.c:smbldap_get_single_attribute(358) > smbldap_get_single_attribute: [sambaPwdLastSet] = [<does not exist>] >[2005/03/31 14:07:41, 10] lib/smbldap.c:smbldap_get_single_attribute(358) > smbldap_get_single_attribute: [sambaLogonTime] = [<does not exist>] >[2005/03/31 14:07:41, 10] lib/smbldap.c:smbldap_get_single_attribute(358) > smbldap_get_single_attribute: [sambaLogoffTime] = [<does not exist>] >[2005/03/31 14:07:41, 10] lib/smbldap.c:smbldap_get_single_attribute(358) > smbldap_get_single_attribute: [sambaKickoffTime] = [<does not exist>] >[2005/03/31 14:07:41, 10] lib/smbldap.c:smbldap_get_single_attribute(358) > smbldap_get_single_attribute: [sambaPwdCanChange] = [<does not exist>] >[2005/03/31 14:07:41, 10] lib/smbldap.c:smbldap_get_single_attribute(358) > smbldap_get_single_attribute: [sambaPwdMustChange] = [<does not exist>] >[2005/03/31 14:07:41, 10] passdb/pdb_get_set.c:pdb_set_fullname(698) > pdb_set_full_name: setting full name Computer, was >[2005/03/31 14:07:41, 10] lib/smbldap.c:smbldap_get_single_attribute(358) > smbldap_get_single_attribute: [sambaHomeDrive] = [<does not exist>] >[2005/03/31 14:07:41, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(779) > pdb_set_dir_drive: setting dir drive H:, was NULL >[2005/03/31 14:07:41, 10] lib/smbldap.c:smbldap_get_single_attribute(358) > smbldap_get_single_attribute: [sambaHomePath] = [<does not exist>] >[2005/03/31 14:07:41, 10] passdb/pdb_get_set.c:pdb_set_homedir(806) > pdb_set_homedir: setting home dir \\corpsrv\xpnorton_, was >[2005/03/31 14:07:41, 10] lib/smbldap.c:smbldap_get_single_attribute(358) > smbldap_get_single_attribute: [sambaLogonScript] = [<does not exist>] >[2005/03/31 14:07:41, 10] passdb/pdb_get_set.c:pdb_set_logon_script(725) > pdb_set_logon_script: setting logon script logon.bat, was >[2005/03/31 14:07:41, 10] lib/smbldap.c:smbldap_get_single_attribute(358) > smbldap_get_single_attribute: [sambaProfilePath] = [<does not exist>] >[2005/03/31 14:07:41, 10] passdb/pdb_get_set.c:pdb_set_profile_path(752) > pdb_set_profile_path: setting profile path \\corpsrv\profiles\xpnorton_\WinXP, was >[2005/03/31 14:07:41, 10] lib/smbldap.c:smbldap_get_single_attribute(358) > smbldap_get_single_attribute: [sambaUserWorkstations] = [<does not exist>] >[2005/03/31 14:07:41, 10] lib/smbldap.c:smbldap_get_single_attribute(358) > smbldap_get_single_attribute: [sambaMungedDial] = [<does not exist>] >[2005/03/31 14:07:41, 10] lib/smbldap.c:smbldap_get_single_attribute(358) > smbldap_get_single_attribute: [sambaLMPassword] = [<does not exist>] >[2005/03/31 14:07:41, 10] lib/smbldap.c:smbldap_get_single_attribute(358) > smbldap_get_single_attribute: [sambaNTPassword] = [<does not exist>] >[2005/03/31 14:07:41, 10] lib/account_pol.c:account_policy_get(210) > account_policy_get: password history:0 >[2005/03/31 14:07:41, 10] lib/smbldap.c:smbldap_get_single_attribute(358) > smbldap_get_single_attribute: [sambaBadPasswordCount] = [<does not exist>] >[2005/03/31 14:07:41, 10] lib/smbldap.c:smbldap_get_single_attribute(358) > smbldap_get_single_attribute: [sambaBadPasswordTime] = [<does not exist>] >[2005/03/31 14:07:41, 10] lib/smbldap.c:smbldap_get_single_attribute(358) > smbldap_get_single_attribute: [sambaLogonHours] = [<does not exist>] >[2005/03/31 14:07:41, 7] passdb/login_cache.c:login_cache_read(83) > Looking up login cache for user xpnorton$ >[2005/03/31 14:07:41, 7] passdb/login_cache.c:login_cache_read(97) > No cache entry found >[2005/03/31 14:07:41, 9] passdb/pdb_ldap.c:init_sam_from_ldap(852) > No cache entry, bad count = 0, bad time = 0 >[2005/03/31 14:07:41, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2005/03/31 14:07:41, 5] rpc_server/srv_samr_nt.c:_samr_set_userinfo(3077) > _samr_set_userinfo: does not possess sufficient rights >[2005/03/31 14:07:41, 5] rpc_server/srv_samr_nt.c:set_user_info_23(2899) > Attempting administrator password change (level 23) for user xpnorton$ >[2005/03/31 14:07:41, 0] libsmb/smbencrypt.c:decode_pw_buffer(539) > decode_pw_buffer: incorrect password length (96148162). >[2005/03/31 14:07:41, 0] libsmb/smbencrypt.c:decode_pw_buffer(540) > decode_pw_buffer: check that 'encrypt passwords = yes' >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_r_set_userinfo >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_ntstatus(672) > 0000 status: NT_STATUS_ACCESS_DENIED >[2005/03/31 14:07:41, 5] rpc_server/srv_pipe.c:api_rpcTNP(1578) > api_rpcTNP: called samr successfully >[2005/03/31 14:07:41, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) > free_pipe_context: destroying talloc pool of size 944 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) > write_to_pipe: data_used = 774 >[2005/03/31 14:07:41, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(909) > read_from_pipe: 73ab name: samr len: 1024 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(982) > read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 4. >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr hdr >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0000 major : 05 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0001 minor : 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0002 pkt_type : 02 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0003 flags : 03 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0004 pack_type0: 10 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0005 pack_type1: 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0006 pack_type2: 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0007 pack_type3: 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 frag_len : 001c >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000a auth_len : 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 000c call_id : 00000009 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0010 alloc_hint: 00000004 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0014 context_id: 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0016 cancel_ct : 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0017 reserved : 00 >[2005/03/31 14:07:41, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..28] >[2005/03/31 14:07:41, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:41, 5] lib/util.c:show_msg(474) > size=84 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=824 > smb_uid=100 > smb_mid=2240 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 28 (0x1C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 28 (0x1C) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=29 >[2005/03/31 14:07:41, 10] lib/util.c:dump_data(1995) > [000] 00 05 00 02 03 10 00 00 00 1C 00 00 00 09 00 00 ........ ........ > [010] 00 04 00 00 00 00 00 00 00 22 00 00 C0 ........ ."... >[2005/03/31 14:07:41, 6] lib/util_sock.c:write_socket(449) > write_socket(25,88) >[2005/03/31 14:07:41, 6] lib/util_sock.c:write_socket(452) > write_socket(25,88) wrote 88 >[2005/03/31 14:07:41, 10] lib/util_sock.c:read_smb_length_return_keepalive(505) > got smb length of 128 >[2005/03/31 14:07:41, 6] smbd/process.c:process_smb(1090) > got message type 0x0 of len 0x80 >[2005/03/31 14:07:41, 3] smbd/process.c:process_smb(1091) > Transaction 36 of length 132 >[2005/03/31 14:07:41, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:41, 5] lib/util.c:show_msg(474) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=824 > smb_uid=100 > smb_mid=2304 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29611 (0x73AB) > smb_bcc=61 >[2005/03/31 14:07:41, 10] lib/util.c:dump_data(1995) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 0A 00 00 ........ .,...... > [020] 00 14 00 00 00 00 00 23 00 00 00 00 00 06 00 00 .......# ........ > [030] 00 00 00 00 00 7D 4A 4C 42 D4 51 00 00 .....}JL B.Q.. >[2005/03/31 14:07:41, 3] smbd/process.c:switch_message(886) > switch message SMBtrans (pid 20948) conn 0x8333888 >[2005/03/31 14:07:41, 4] smbd/uid.c:change_to_user(194) > change_to_user: Skipping user change - already user >[2005/03/31 14:07:41, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=44 params=0 setup=2 >[2005/03/31 14:07:41, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2005/03/31 14:07:41, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2005/03/31 14:07:41, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2005/03/31 14:07:41, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1168) > search for pipe pnum=73ab >[2005/03/31 14:07:41, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) > pipe name samr pnum=73ab (pipes_open=2) >[2005/03/31 14:07:41, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) > pipe name lsarpc pnum=73a8 (pipes_open=2) >[2005/03/31 14:07:41, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "samr" (pnum 73ab) >[2005/03/31 14:07:41, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x830eed8 max_trans_reply: 1024 >[2005/03/31 14:07:41, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(852) > write_to_pipe: 73ab name: samr open: Yes len: 44 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) > write_to_pipe: data_left = 44 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) > fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) > write_to_pipe: data_used = 16 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) > write_to_pipe: data_left = 28 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0000 major : 05 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0001 minor : 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0002 pkt_type : 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0003 flags : 03 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0004 pack_type0: 10 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0005 pack_type1: 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0006 pack_type2: 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0007 pack_type3: 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 frag_len : 002c >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000a auth_len : 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 000c call_id : 0000000a >[2005/03/31 14:07:41, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) > unmarshall_rpc_header: using little-endian RPC >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) > unmarshall_rpc_header: type = 0, flags = 3 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) > write_to_pipe: data_used = 0 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) > write_to_pipe: data_left = 28 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 28, incoming data = 28 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(720) > process_complete_pdu: processing packet type 0 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0000 alloc_hint: 00000014 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0004 context_id: 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0006 opnum : 0023 >[2005/03/31 14:07:41, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) > free_pipe_context: destroying talloc pool of size 0 >[2005/03/31 14:07:41, 5] rpc_server/srv_pipe.c:api_pipe_request(1497) > Requested \PIPE\samr >[2005/03/31 14:07:41, 4] rpc_server/srv_pipe.c:api_rpcTNP(1531) > api_rpcTNP: samr op 0x23 - api_rpcTNP: rpc command: SAMR_DELETE_DOM_USER >[2005/03/31 14:07:41, 6] rpc_server/srv_pipe.c:api_rpcTNP(1557) > api_rpc_cmds[14].fn == 0x8125a30 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_q_delete_dom_user >[2005/03/31 14:07:41, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd user_pol >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0000 data1: 00000000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0004 data2: 00000006 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 data3: 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000a data4: 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8s(729) > 000c data5: 7d 4a 4c 42 d4 51 00 00 >[2005/03/31 14:07:41, 5] rpc_server/srv_samr_nt.c:_samr_delete_dom_user(3828) > _samr_delete_dom_user: 3828 >[2005/03/31 14:07:41, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 06 00 00 00 00 00 00 00 7D 4A 4C 42 ........ ....}JLB > [010] D4 51 00 00 .Q.. >[2005/03/31 14:07:41, 5] rpc_server/srv_samr_nt.c:access_check_samr_function(201) > _samr_delete_dom_user: access check ((granted: 0x000f07ff; required: 0x00010000) >[2005/03/31 14:07:41, 5] lib/smbldap.c:smbldap_search(1038) > smbldap_search: base => [dc=borkholder,dc=com], filter => [(&(sambaSID=S-1-5-21-725326080-1709766072-2910717368-3324)(objectclass=sambaSamAccount))], scope => [2] >[2005/03/31 14:07:41, 2] passdb/pdb_ldap.c:init_sam_from_ldap(499) > init_sam_from_ldap: Entry found for user: xpnorton$ >[2005/03/31 14:07:41, 10] passdb/pdb_get_set.c:pdb_set_username(617) > pdb_set_username: setting username xpnorton$, was >[2005/03/31 14:07:41, 10] passdb/pdb_get_set.c:pdb_set_domain(644) > pdb_set_domain: setting domain CORP, was >[2005/03/31 14:07:41, 10] passdb/pdb_get_set.c:pdb_set_nt_username(671) > pdb_set_nt_username: setting nt username xpnorton$, was >[2005/03/31 14:07:41, 10] passdb/pdb_get_set.c:pdb_set_user_sid_from_string(557) > pdb_set_user_sid_from_string: setting user sid S-1-5-21-725326080-1709766072-2910717368-3324 >[2005/03/31 14:07:41, 10] passdb/pdb_get_set.c:pdb_set_user_sid(544) > pdb_set_user_sid: setting user sid S-1-5-21-725326080-1709766072-2910717368-3324 >[2005/03/31 14:07:41, 10] passdb/pdb_get_set.c:pdb_set_group_sid_from_string(592) > pdb_set_group_sid_from_string: setting group sid S-1-5-21-725326080-1709766072-2910717368-2031 >[2005/03/31 14:07:41, 10] passdb/pdb_get_set.c:pdb_set_group_sid(580) > pdb_set_group_sid: setting group sid S-1-5-21-725326080-1709766072-2910717368-2031 >[2005/03/31 14:07:41, 10] lib/smbldap.c:smbldap_get_single_attribute(358) > smbldap_get_single_attribute: [sambaPwdLastSet] = [<does not exist>] >[2005/03/31 14:07:41, 10] lib/smbldap.c:smbldap_get_single_attribute(358) > smbldap_get_single_attribute: [sambaLogonTime] = [<does not exist>] >[2005/03/31 14:07:41, 10] lib/smbldap.c:smbldap_get_single_attribute(358) > smbldap_get_single_attribute: [sambaLogoffTime] = [<does not exist>] >[2005/03/31 14:07:41, 10] lib/smbldap.c:smbldap_get_single_attribute(358) > smbldap_get_single_attribute: [sambaKickoffTime] = [<does not exist>] >[2005/03/31 14:07:41, 10] lib/smbldap.c:smbldap_get_single_attribute(358) > smbldap_get_single_attribute: [sambaPwdCanChange] = [<does not exist>] >[2005/03/31 14:07:41, 10] lib/smbldap.c:smbldap_get_single_attribute(358) > smbldap_get_single_attribute: [sambaPwdMustChange] = [<does not exist>] >[2005/03/31 14:07:41, 10] passdb/pdb_get_set.c:pdb_set_fullname(698) > pdb_set_full_name: setting full name Computer, was >[2005/03/31 14:07:41, 10] lib/smbldap.c:smbldap_get_single_attribute(358) > smbldap_get_single_attribute: [sambaHomeDrive] = [<does not exist>] >[2005/03/31 14:07:41, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(779) > pdb_set_dir_drive: setting dir drive H:, was NULL >[2005/03/31 14:07:41, 10] lib/smbldap.c:smbldap_get_single_attribute(358) > smbldap_get_single_attribute: [sambaHomePath] = [<does not exist>] >[2005/03/31 14:07:41, 10] passdb/pdb_get_set.c:pdb_set_homedir(806) > pdb_set_homedir: setting home dir \\corpsrv\xpnorton_, was >[2005/03/31 14:07:41, 10] lib/smbldap.c:smbldap_get_single_attribute(358) > smbldap_get_single_attribute: [sambaLogonScript] = [<does not exist>] >[2005/03/31 14:07:41, 10] passdb/pdb_get_set.c:pdb_set_logon_script(725) > pdb_set_logon_script: setting logon script logon.bat, was >[2005/03/31 14:07:41, 10] lib/smbldap.c:smbldap_get_single_attribute(358) > smbldap_get_single_attribute: [sambaProfilePath] = [<does not exist>] >[2005/03/31 14:07:41, 10] passdb/pdb_get_set.c:pdb_set_profile_path(752) > pdb_set_profile_path: setting profile path \\corpsrv\profiles\xpnorton_\WinXP, was >[2005/03/31 14:07:41, 10] lib/smbldap.c:smbldap_get_single_attribute(358) > smbldap_get_single_attribute: [sambaUserWorkstations] = [<does not exist>] >[2005/03/31 14:07:41, 10] lib/smbldap.c:smbldap_get_single_attribute(358) > smbldap_get_single_attribute: [sambaMungedDial] = [<does not exist>] >[2005/03/31 14:07:41, 10] lib/smbldap.c:smbldap_get_single_attribute(358) > smbldap_get_single_attribute: [sambaLMPassword] = [<does not exist>] >[2005/03/31 14:07:41, 10] lib/smbldap.c:smbldap_get_single_attribute(358) > smbldap_get_single_attribute: [sambaNTPassword] = [<does not exist>] >[2005/03/31 14:07:41, 10] lib/account_pol.c:account_policy_get(210) > account_policy_get: password history:0 >[2005/03/31 14:07:41, 10] lib/smbldap.c:smbldap_get_single_attribute(358) > smbldap_get_single_attribute: [sambaBadPasswordCount] = [<does not exist>] >[2005/03/31 14:07:41, 10] lib/smbldap.c:smbldap_get_single_attribute(358) > smbldap_get_single_attribute: [sambaBadPasswordTime] = [<does not exist>] >[2005/03/31 14:07:41, 10] lib/smbldap.c:smbldap_get_single_attribute(358) > smbldap_get_single_attribute: [sambaLogonHours] = [<does not exist>] >[2005/03/31 14:07:41, 7] passdb/login_cache.c:login_cache_read(83) > Looking up login cache for user xpnorton$ >[2005/03/31 14:07:41, 7] passdb/login_cache.c:login_cache_read(97) > No cache entry found >[2005/03/31 14:07:41, 9] passdb/pdb_ldap.c:init_sam_from_ldap(852) > No cache entry, bad count = 0, bad time = 0 >[2005/03/31 14:07:41, 3] passdb/pdb_ldap.c:ldapsam_delete_sam_account(1614) > ldapsam_delete_sam_account: Deleting user xpnorton$ from LDAP. >[2005/03/31 14:07:41, 5] lib/smbldap.c:smbldap_search(1038) > smbldap_search: base => [dc=borkholder,dc=com], filter => [(&(uid=xpnorton$)(objectclass=sambaSamAccount))], scope => [2] >[2005/03/31 14:07:41, 10] passdb/pdb_ldap.c:ldapsam_delete_entry(316) > ldapsam_delete_entry: deleting attribute sambaSID >[2005/03/31 14:07:41, 10] passdb/pdb_ldap.c:ldapsam_delete_entry(316) > ldapsam_delete_entry: deleting attribute sambaPrimaryGroupSID >[2005/03/31 14:07:41, 10] passdb/pdb_ldap.c:ldapsam_delete_entry(316) > ldapsam_delete_entry: deleting attribute sambaAcctFlags >[2005/03/31 14:07:41, 5] lib/smbldap.c:smbldap_modify(1084) > smbldap_modify: dn => [uid=xpnorton$,ou=Computers,dc=borkholder,dc=com] >[2005/03/31 14:07:41, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 06 00 00 00 00 00 00 00 7D 4A 4C 42 ........ ....}JLB > [010] D4 51 00 00 .Q.. >[2005/03/31 14:07:41, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) > Closed policy >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_r_delete_dom_user >[2005/03/31 14:07:41, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd pol >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0000 data1: 00000000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0004 data2: 00000000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 data3: 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000a data4: 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8s(729) > 000c data5: 00 00 00 00 00 00 00 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_ntstatus(672) > 0014 status: NT_STATUS_OK >[2005/03/31 14:07:41, 5] rpc_server/srv_pipe.c:api_rpcTNP(1578) > api_rpcTNP: called samr successfully >[2005/03/31 14:07:41, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) > free_pipe_context: destroying talloc pool of size 0 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) > write_to_pipe: data_used = 28 >[2005/03/31 14:07:41, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(909) > read_from_pipe: 73ab name: samr len: 1024 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(982) > read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr hdr >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0000 major : 05 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0001 minor : 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0002 pkt_type : 02 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0003 flags : 03 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0004 pack_type0: 10 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0005 pack_type1: 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0006 pack_type2: 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0007 pack_type3: 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 frag_len : 0030 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000a auth_len : 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 000c call_id : 0000000a >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0010 alloc_hint: 00000018 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0014 context_id: 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0016 cancel_ct : 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0017 reserved : 00 >[2005/03/31 14:07:41, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..48] >[2005/03/31 14:07:41, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:41, 5] lib/util.c:show_msg(474) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=824 > smb_uid=100 > smb_mid=2304 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2005/03/31 14:07:41, 10] lib/util.c:dump_data(1995) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 0A 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [030] 00 . >[2005/03/31 14:07:41, 6] lib/util_sock.c:write_socket(449) > write_socket(25,108) >[2005/03/31 14:07:41, 6] lib/util_sock.c:write_socket(452) > write_socket(25,108) wrote 108 >[2005/03/31 14:07:41, 10] lib/util_sock.c:read_smb_length_return_keepalive(505) > got smb length of 128 >[2005/03/31 14:07:41, 6] smbd/process.c:process_smb(1090) > got message type 0x0 of len 0x80 >[2005/03/31 14:07:41, 3] smbd/process.c:process_smb(1091) > Transaction 37 of length 132 >[2005/03/31 14:07:41, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:41, 5] lib/util.c:show_msg(474) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=824 > smb_uid=100 > smb_mid=2368 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29611 (0x73AB) > smb_bcc=61 >[2005/03/31 14:07:41, 10] lib/util.c:dump_data(1995) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 0B 00 00 ........ .,...... > [020] 00 14 00 00 00 00 00 01 00 00 00 00 00 05 00 00 ........ ........ > [030] 00 00 00 00 00 7D 4A 4C 42 D4 51 00 00 .....}JL B.Q.. >[2005/03/31 14:07:41, 3] smbd/process.c:switch_message(886) > switch message SMBtrans (pid 20948) conn 0x8333888 >[2005/03/31 14:07:41, 4] smbd/uid.c:change_to_user(194) > change_to_user: Skipping user change - already user >[2005/03/31 14:07:41, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=44 params=0 setup=2 >[2005/03/31 14:07:41, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2005/03/31 14:07:41, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2005/03/31 14:07:41, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2005/03/31 14:07:41, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1168) > search for pipe pnum=73ab >[2005/03/31 14:07:41, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) > pipe name samr pnum=73ab (pipes_open=2) >[2005/03/31 14:07:41, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) > pipe name lsarpc pnum=73a8 (pipes_open=2) >[2005/03/31 14:07:41, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "samr" (pnum 73ab) >[2005/03/31 14:07:41, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x830eed8 max_trans_reply: 1024 >[2005/03/31 14:07:41, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(852) > write_to_pipe: 73ab name: samr open: Yes len: 44 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) > write_to_pipe: data_left = 44 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) > fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) > write_to_pipe: data_used = 16 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) > write_to_pipe: data_left = 28 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0000 major : 05 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0001 minor : 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0002 pkt_type : 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0003 flags : 03 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0004 pack_type0: 10 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0005 pack_type1: 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0006 pack_type2: 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0007 pack_type3: 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 frag_len : 002c >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000a auth_len : 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 000c call_id : 0000000b >[2005/03/31 14:07:41, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) > unmarshall_rpc_header: using little-endian RPC >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) > unmarshall_rpc_header: type = 0, flags = 3 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) > write_to_pipe: data_used = 0 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) > write_to_pipe: data_left = 28 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 28, incoming data = 28 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(720) > process_complete_pdu: processing packet type 0 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0000 alloc_hint: 00000014 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0004 context_id: 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0006 opnum : 0001 >[2005/03/31 14:07:41, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) > free_pipe_context: destroying talloc pool of size 0 >[2005/03/31 14:07:41, 5] rpc_server/srv_pipe.c:api_pipe_request(1497) > Requested \PIPE\samr >[2005/03/31 14:07:41, 4] rpc_server/srv_pipe.c:api_rpcTNP(1531) > api_rpcTNP: samr op 0x1 - api_rpcTNP: rpc command: SAMR_CLOSE_HND >[2005/03/31 14:07:41, 6] rpc_server/srv_pipe.c:api_rpcTNP(1557) > api_rpc_cmds[0].fn == 0x8126e60 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_q_close_hnd >[2005/03/31 14:07:41, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd pol >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0000 data1: 00000000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0004 data2: 00000005 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 data3: 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000a data4: 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8s(729) > 000c data5: 7d 4a 4c 42 d4 51 00 00 >[2005/03/31 14:07:41, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 05 00 00 00 00 00 00 00 7D 4A 4C 42 ........ ....}JLB > [010] D4 51 00 00 .Q.. >[2005/03/31 14:07:41, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) > Closed policy >[2005/03/31 14:07:41, 5] rpc_server/srv_samr_nt.c:_samr_close_hnd(475) > samr_reply_close_hnd: 475 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_r_close_hnd >[2005/03/31 14:07:41, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd pol >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0000 data1: 00000000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0004 data2: 00000000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 data3: 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000a data4: 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8s(729) > 000c data5: 00 00 00 00 00 00 00 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_ntstatus(672) > 0014 status: NT_STATUS_OK >[2005/03/31 14:07:41, 5] rpc_server/srv_pipe.c:api_rpcTNP(1578) > api_rpcTNP: called samr successfully >[2005/03/31 14:07:41, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) > free_pipe_context: destroying talloc pool of size 0 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) > write_to_pipe: data_used = 28 >[2005/03/31 14:07:41, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(909) > read_from_pipe: 73ab name: samr len: 1024 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(982) > read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr hdr >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0000 major : 05 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0001 minor : 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0002 pkt_type : 02 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0003 flags : 03 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0004 pack_type0: 10 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0005 pack_type1: 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0006 pack_type2: 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0007 pack_type3: 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 frag_len : 0030 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000a auth_len : 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 000c call_id : 0000000b >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0010 alloc_hint: 00000018 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0014 context_id: 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0016 cancel_ct : 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0017 reserved : 00 >[2005/03/31 14:07:41, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..48] >[2005/03/31 14:07:41, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:41, 5] lib/util.c:show_msg(474) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=824 > smb_uid=100 > smb_mid=2368 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2005/03/31 14:07:41, 10] lib/util.c:dump_data(1995) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 0B 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [030] 00 . >[2005/03/31 14:07:41, 6] lib/util_sock.c:write_socket(449) > write_socket(25,108) >[2005/03/31 14:07:41, 6] lib/util_sock.c:write_socket(452) > write_socket(25,108) wrote 108 >[2005/03/31 14:07:41, 10] lib/util_sock.c:read_smb_length_return_keepalive(505) > got smb length of 128 >[2005/03/31 14:07:41, 6] smbd/process.c:process_smb(1090) > got message type 0x0 of len 0x80 >[2005/03/31 14:07:41, 3] smbd/process.c:process_smb(1091) > Transaction 38 of length 132 >[2005/03/31 14:07:41, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:41, 5] lib/util.c:show_msg(474) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=824 > smb_uid=100 > smb_mid=2432 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29611 (0x73AB) > smb_bcc=61 >[2005/03/31 14:07:41, 10] lib/util.c:dump_data(1995) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 0C 00 00 ........ .,...... > [020] 00 14 00 00 00 00 00 01 00 00 00 00 00 04 00 00 ........ ........ > [030] 00 00 00 00 00 7D 4A 4C 42 D4 51 00 00 .....}JL B.Q.. >[2005/03/31 14:07:41, 3] smbd/process.c:switch_message(886) > switch message SMBtrans (pid 20948) conn 0x8333888 >[2005/03/31 14:07:41, 4] smbd/uid.c:change_to_user(194) > change_to_user: Skipping user change - already user >[2005/03/31 14:07:41, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=44 params=0 setup=2 >[2005/03/31 14:07:41, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2005/03/31 14:07:41, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2005/03/31 14:07:41, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2005/03/31 14:07:41, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1168) > search for pipe pnum=73ab >[2005/03/31 14:07:41, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) > pipe name samr pnum=73ab (pipes_open=2) >[2005/03/31 14:07:41, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) > pipe name lsarpc pnum=73a8 (pipes_open=2) >[2005/03/31 14:07:41, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "samr" (pnum 73ab) >[2005/03/31 14:07:41, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x830eed8 max_trans_reply: 1024 >[2005/03/31 14:07:41, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(852) > write_to_pipe: 73ab name: samr open: Yes len: 44 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) > write_to_pipe: data_left = 44 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) > fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) > write_to_pipe: data_used = 16 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) > write_to_pipe: data_left = 28 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0000 major : 05 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0001 minor : 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0002 pkt_type : 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0003 flags : 03 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0004 pack_type0: 10 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0005 pack_type1: 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0006 pack_type2: 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0007 pack_type3: 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 frag_len : 002c >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000a auth_len : 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 000c call_id : 0000000c >[2005/03/31 14:07:41, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) > unmarshall_rpc_header: using little-endian RPC >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) > unmarshall_rpc_header: type = 0, flags = 3 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) > write_to_pipe: data_used = 0 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) > write_to_pipe: data_left = 28 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 28, incoming data = 28 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(720) > process_complete_pdu: processing packet type 0 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0000 alloc_hint: 00000014 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0004 context_id: 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0006 opnum : 0001 >[2005/03/31 14:07:41, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) > free_pipe_context: destroying talloc pool of size 0 >[2005/03/31 14:07:41, 5] rpc_server/srv_pipe.c:api_pipe_request(1497) > Requested \PIPE\samr >[2005/03/31 14:07:41, 4] rpc_server/srv_pipe.c:api_rpcTNP(1531) > api_rpcTNP: samr op 0x1 - api_rpcTNP: rpc command: SAMR_CLOSE_HND >[2005/03/31 14:07:41, 6] rpc_server/srv_pipe.c:api_rpcTNP(1557) > api_rpc_cmds[0].fn == 0x8126e60 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_q_close_hnd >[2005/03/31 14:07:41, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd pol >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0000 data1: 00000000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0004 data2: 00000004 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 data3: 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000a data4: 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8s(729) > 000c data5: 7d 4a 4c 42 d4 51 00 00 >[2005/03/31 14:07:41, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 04 00 00 00 00 00 00 00 7D 4A 4C 42 ........ ....}JLB > [010] D4 51 00 00 .Q.. >[2005/03/31 14:07:41, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) > Closed policy >[2005/03/31 14:07:41, 5] rpc_server/srv_samr_nt.c:_samr_close_hnd(475) > samr_reply_close_hnd: 475 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_r_close_hnd >[2005/03/31 14:07:41, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd pol >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0000 data1: 00000000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0004 data2: 00000000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 data3: 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000a data4: 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8s(729) > 000c data5: 00 00 00 00 00 00 00 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_ntstatus(672) > 0014 status: NT_STATUS_OK >[2005/03/31 14:07:41, 5] rpc_server/srv_pipe.c:api_rpcTNP(1578) > api_rpcTNP: called samr successfully >[2005/03/31 14:07:41, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) > free_pipe_context: destroying talloc pool of size 0 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) > write_to_pipe: data_used = 28 >[2005/03/31 14:07:41, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(909) > read_from_pipe: 73ab name: samr len: 1024 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(982) > read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr hdr >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0000 major : 05 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0001 minor : 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0002 pkt_type : 02 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0003 flags : 03 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0004 pack_type0: 10 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0005 pack_type1: 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0006 pack_type2: 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0007 pack_type3: 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 frag_len : 0030 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000a auth_len : 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 000c call_id : 0000000c >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0010 alloc_hint: 00000018 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0014 context_id: 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0016 cancel_ct : 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0017 reserved : 00 >[2005/03/31 14:07:41, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..48] >[2005/03/31 14:07:41, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:41, 5] lib/util.c:show_msg(474) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=824 > smb_uid=100 > smb_mid=2432 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2005/03/31 14:07:41, 10] lib/util.c:dump_data(1995) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 0C 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [030] 00 . >[2005/03/31 14:07:41, 6] lib/util_sock.c:write_socket(449) > write_socket(25,108) >[2005/03/31 14:07:41, 6] lib/util_sock.c:write_socket(452) > write_socket(25,108) wrote 108 >[2005/03/31 14:07:41, 10] lib/util_sock.c:read_smb_length_return_keepalive(505) > got smb length of 41 >[2005/03/31 14:07:41, 6] smbd/process.c:process_smb(1090) > got message type 0x0 of len 0x29 >[2005/03/31 14:07:41, 3] smbd/process.c:process_smb(1091) > Transaction 39 of length 45 >[2005/03/31 14:07:41, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:41, 5] lib/util.c:show_msg(474) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=2496 > smt_wct=3 > smb_vwv[ 0]=29611 (0x73AB) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2005/03/31 14:07:41, 3] smbd/process.c:switch_message(886) > switch message SMBclose (pid 20948) conn 0x8333888 >[2005/03/31 14:07:41, 4] smbd/uid.c:change_to_user(194) > change_to_user: Skipping user change - already user >[2005/03/31 14:07:41, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1168) > search for pipe pnum=73ab >[2005/03/31 14:07:41, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) > pipe name samr pnum=73ab (pipes_open=2) >[2005/03/31 14:07:41, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) > pipe name lsarpc pnum=73a8 (pipes_open=2) >[2005/03/31 14:07:41, 5] smbd/pipes.c:reply_pipe_close(260) > reply_pipe_close: pnum:73ab >[2005/03/31 14:07:41, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1081) > closed pipe name samr pnum=73ab (pipes_open=1) >[2005/03/31 14:07:41, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:41, 5] lib/util.c:show_msg(474) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=2496 > smt_wct=0 > smb_bcc=0 >[2005/03/31 14:07:41, 6] lib/util_sock.c:write_socket(449) > write_socket(25,39) >[2005/03/31 14:07:41, 6] lib/util_sock.c:write_socket(452) > write_socket(25,39) wrote 39 >[2005/03/31 14:07:41, 10] lib/util_sock.c:read_smb_length_return_keepalive(505) > got smb length of 128 >[2005/03/31 14:07:41, 6] smbd/process.c:process_smb(1090) > got message type 0x0 of len 0x80 >[2005/03/31 14:07:41, 3] smbd/process.c:process_smb(1091) > Transaction 40 of length 132 >[2005/03/31 14:07:41, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:41, 5] lib/util.c:show_msg(474) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=824 > smb_uid=100 > smb_mid=2560 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29608 (0x73A8) > smb_bcc=61 >[2005/03/31 14:07:41, 10] lib/util.c:dump_data(1995) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 04 00 00 ........ .,...... > [020] 00 14 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ........ ........ > [030] 00 00 00 00 00 7C 4A 4C 42 D4 51 00 00 .....|JL B.Q.. >[2005/03/31 14:07:41, 3] smbd/process.c:switch_message(886) > switch message SMBtrans (pid 20948) conn 0x8333888 >[2005/03/31 14:07:41, 4] smbd/uid.c:change_to_user(194) > change_to_user: Skipping user change - already user >[2005/03/31 14:07:41, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=44 params=0 setup=2 >[2005/03/31 14:07:41, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2005/03/31 14:07:41, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2005/03/31 14:07:41, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2005/03/31 14:07:41, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1168) > search for pipe pnum=73a8 >[2005/03/31 14:07:41, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) > pipe name lsarpc pnum=73a8 (pipes_open=1) >[2005/03/31 14:07:41, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "lsarpc" (pnum 73a8) >[2005/03/31 14:07:41, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x8332398 max_trans_reply: 1024 >[2005/03/31 14:07:41, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(852) > write_to_pipe: 73a8 name: lsarpc open: Yes len: 44 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) > write_to_pipe: data_left = 44 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) > fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) > write_to_pipe: data_used = 16 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) > write_to_pipe: data_left = 28 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0000 major : 05 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0001 minor : 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0002 pkt_type : 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0003 flags : 03 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0004 pack_type0: 10 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0005 pack_type1: 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0006 pack_type2: 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0007 pack_type3: 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 frag_len : 002c >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000a auth_len : 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 000c call_id : 00000004 >[2005/03/31 14:07:41, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) > unmarshall_rpc_header: using little-endian RPC >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) > unmarshall_rpc_header: type = 0, flags = 3 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) > write_to_pipe: data_used = 0 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) > write_to_pipe: data_left = 28 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 28, incoming data = 28 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(720) > process_complete_pdu: processing packet type 0 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0000 alloc_hint: 00000014 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0004 context_id: 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0006 opnum : 0000 >[2005/03/31 14:07:41, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) > free_pipe_context: destroying talloc pool of size 0 >[2005/03/31 14:07:41, 5] rpc_server/srv_pipe.c:api_pipe_request(1497) > Requested \PIPE\lsarpc >[2005/03/31 14:07:41, 4] rpc_server/srv_pipe.c:api_rpcTNP(1531) > api_rpcTNP: lsarpc op 0x0 - api_rpcTNP: rpc command: LSA_CLOSE >[2005/03/31 14:07:41, 6] rpc_server/srv_pipe.c:api_rpcTNP(1557) > api_rpc_cmds[4].fn == 0x80fbb00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 lsa_io_q_close >[2005/03/31 14:07:41, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0000 data1: 00000000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0004 data2: 00000001 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 data3: 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000a data4: 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8s(729) > 000c data5: 7c 4a 4c 42 d4 51 00 00 >[2005/03/31 14:07:41, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 01 00 00 00 00 00 00 00 7C 4A 4C 42 ........ ....|JLB > [010] D4 51 00 00 .Q.. >[2005/03/31 14:07:41, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 01 00 00 00 00 00 00 00 7C 4A 4C 42 ........ ....|JLB > [010] D4 51 00 00 .Q.. >[2005/03/31 14:07:41, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) > Closed policy >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 lsa_io_r_close >[2005/03/31 14:07:41, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0000 data1: 00000000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0004 data2: 00000000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 data3: 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000a data4: 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8s(729) > 000c data5: 00 00 00 00 00 00 00 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_ntstatus(672) > 0014 status: NT_STATUS_OK >[2005/03/31 14:07:41, 5] rpc_server/srv_pipe.c:api_rpcTNP(1578) > api_rpcTNP: called lsarpc successfully >[2005/03/31 14:07:41, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) > free_pipe_context: destroying talloc pool of size 0 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) > write_to_pipe: data_used = 28 >[2005/03/31 14:07:41, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(909) > read_from_pipe: 73a8 name: lsarpc len: 1024 >[2005/03/31 14:07:41, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(982) > read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr hdr >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0000 major : 05 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0001 minor : 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0002 pkt_type : 02 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0003 flags : 03 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0004 pack_type0: 10 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0005 pack_type1: 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0006 pack_type2: 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0007 pack_type3: 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0008 frag_len : 0030 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 000a auth_len : 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 000c call_id : 00000004 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint32(642) > 0010 alloc_hint: 00000018 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint16(613) > 0014 context_id: 0000 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0016 cancel_ct : 00 >[2005/03/31 14:07:41, 5] rpc_parse/parse_prs.c:prs_uint8(584) > 0017 reserved : 00 >[2005/03/31 14:07:41, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..48] >[2005/03/31 14:07:41, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:41, 5] lib/util.c:show_msg(474) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=824 > smb_uid=100 > smb_mid=2560 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2005/03/31 14:07:41, 10] lib/util.c:dump_data(1995) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 04 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [030] 00 . >[2005/03/31 14:07:41, 6] lib/util_sock.c:write_socket(449) > write_socket(25,108) >[2005/03/31 14:07:41, 6] lib/util_sock.c:write_socket(452) > write_socket(25,108) wrote 108 >[2005/03/31 14:07:41, 10] lib/util_sock.c:read_smb_length_return_keepalive(505) > got smb length of 41 >[2005/03/31 14:07:41, 6] smbd/process.c:process_smb(1090) > got message type 0x0 of len 0x29 >[2005/03/31 14:07:41, 3] smbd/process.c:process_smb(1091) > Transaction 41 of length 45 >[2005/03/31 14:07:41, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:41, 5] lib/util.c:show_msg(474) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=2624 > smt_wct=3 > smb_vwv[ 0]=29608 (0x73A8) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2005/03/31 14:07:41, 3] smbd/process.c:switch_message(886) > switch message SMBclose (pid 20948) conn 0x8333888 >[2005/03/31 14:07:41, 4] smbd/uid.c:change_to_user(194) > change_to_user: Skipping user change - already user >[2005/03/31 14:07:41, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1168) > search for pipe pnum=73a8 >[2005/03/31 14:07:41, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172) > pipe name lsarpc pnum=73a8 (pipes_open=1) >[2005/03/31 14:07:41, 5] smbd/pipes.c:reply_pipe_close(260) > reply_pipe_close: pnum:73a8 >[2005/03/31 14:07:41, 10] rpc_server/srv_lsa_hnd.c:close_policy_by_pipe(235) > close_policy_by_pipe: deleted handle list for pipe lsarpc >[2005/03/31 14:07:41, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1081) > closed pipe name lsarpc pnum=73a8 (pipes_open=0) >[2005/03/31 14:07:41, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:41, 5] lib/util.c:show_msg(474) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=2624 > smt_wct=0 > smb_bcc=0 >[2005/03/31 14:07:41, 6] lib/util_sock.c:write_socket(449) > write_socket(25,39) >[2005/03/31 14:07:41, 6] lib/util_sock.c:write_socket(452) > write_socket(25,39) wrote 39 >[2005/03/31 14:07:41, 10] lib/util_sock.c:read_smb_length_return_keepalive(505) > got smb length of 39 >[2005/03/31 14:07:41, 6] smbd/process.c:process_smb(1090) > got message type 0x0 of len 0x27 >[2005/03/31 14:07:41, 3] smbd/process.c:process_smb(1091) > Transaction 42 of length 43 >[2005/03/31 14:07:41, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:41, 5] lib/util.c:show_msg(474) > size=39 > smb_com=0x74 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=0 > smb_pid=65279 > smb_uid=100 > smb_mid=2688 > smt_wct=2 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_bcc=0 >[2005/03/31 14:07:41, 3] smbd/process.c:switch_message(886) > switch message SMBulogoffX (pid 20948) conn 0x0 >[2005/03/31 14:07:41, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2005/03/31 14:07:41, 5] auth/auth_util.c:debug_nt_user_token(485) > NT user token: (NULL) >[2005/03/31 14:07:41, 5] auth/auth_util.c:debug_unix_user_token(506) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2005/03/31 14:07:41, 5] smbd/uid.c:change_to_root_user(296) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2005/03/31 14:07:41, 5] auth/auth_util.c:free_server_info(1406) > attempting to free (and zero) a server_info structure >[2005/03/31 14:07:41, 3] smbd/reply.c:reply_ulogoffX(1261) > ulogoffX vuid=100 >[2005/03/31 14:07:41, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:41, 5] lib/util.c:show_msg(474) > size=39 > smb_com=0x74 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=0 > smb_pid=65279 > smb_uid=100 > smb_mid=2688 > smt_wct=2 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_bcc=0 >[2005/03/31 14:07:41, 6] lib/util_sock.c:write_socket(449) > write_socket(25,43) >[2005/03/31 14:07:41, 6] lib/util_sock.c:write_socket(452) > write_socket(25,43) wrote 43 >[2005/03/31 14:07:41, 10] lib/util_sock.c:read_smb_length_return_keepalive(505) > got smb length of 35 >[2005/03/31 14:07:41, 6] smbd/process.c:process_smb(1090) > got message type 0x0 of len 0x23 >[2005/03/31 14:07:41, 3] smbd/process.c:process_smb(1091) > Transaction 43 of length 39 >[2005/03/31 14:07:41, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:41, 5] lib/util.c:show_msg(474) > size=35 > smb_com=0x71 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=2752 > smt_wct=0 > smb_bcc=0 >[2005/03/31 14:07:41, 3] smbd/process.c:switch_message(886) > switch message SMBtdis (pid 20948) conn 0x8333888 >[2005/03/31 14:07:41, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2005/03/31 14:07:41, 5] auth/auth_util.c:debug_nt_user_token(485) > NT user token: (NULL) >[2005/03/31 14:07:41, 5] auth/auth_util.c:debug_unix_user_token(506) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2005/03/31 14:07:41, 5] smbd/uid.c:change_to_root_user(296) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2005/03/31 14:07:41, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2005/03/31 14:07:41, 5] auth/auth_util.c:debug_nt_user_token(485) > NT user token: (NULL) >[2005/03/31 14:07:41, 5] auth/auth_util.c:debug_unix_user_token(506) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2005/03/31 14:07:41, 5] smbd/uid.c:change_to_root_user(296) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2005/03/31 14:07:41, 3] smbd/service.c:close_cnum(830) > xpnorton (192.168.1.106) closed connection to service IPC$ >[2005/03/31 14:07:41, 3] smbd/connection.c:yield_connection(69) > Yielding connection to IPC$ >[2005/03/31 14:07:41, 4] smbd/vfs.c:vfs_ChDir(660) > vfs_ChDir to / >[2005/03/31 14:07:41, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2005/03/31 14:07:41, 5] auth/auth_util.c:debug_nt_user_token(485) > NT user token: (NULL) >[2005/03/31 14:07:41, 5] auth/auth_util.c:debug_unix_user_token(506) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2005/03/31 14:07:41, 5] smbd/uid.c:change_to_root_user(296) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2005/03/31 14:07:41, 5] lib/util.c:show_msg(464) >[2005/03/31 14:07:41, 5] lib/util.c:show_msg(474) > size=35 > smb_com=0x71 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=2752 > smt_wct=0 > smb_bcc=0 >[2005/03/31 14:07:41, 6] lib/util_sock.c:write_socket(449) > write_socket(25,39) >[2005/03/31 14:07:41, 6] lib/util_sock.c:write_socket(452) > write_socket(25,39) wrote 39 >[2005/03/31 14:07:41, 10] lib/util_sock.c:read_socket_data(378) > read_socket_data: recv of 4 returned 0. Error = Success >[2005/03/31 14:07:41, 10] lib/util_sock.c:receive_smb_raw(556) > receive_smb_raw: length < 0! >[2005/03/31 14:07:41, 3] smbd/process.c:timeout_processing(1334) > timeout_processing: End of file from client (client has disconnected). >[2005/03/31 14:07:41, 5] lib/gencache.c:gencache_shutdown(88) > Closing cache file >[2005/03/31 14:07:41, 5] libsmb/namecache.c:namecache_shutdown(79) > namecache_shutdown: netbios namecache closed successfully. >[2005/03/31 14:07:41, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2005/03/31 14:07:41, 5] auth/auth_util.c:debug_nt_user_token(485) > NT user token: (NULL) >[2005/03/31 14:07:41, 5] auth/auth_util.c:debug_unix_user_token(506) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2005/03/31 14:07:41, 5] smbd/uid.c:change_to_root_user(296) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2005/03/31 14:07:41, 2] smbd/server.c:exit_server(609) > Closing connections >[2005/03/31 14:07:41, 3] smbd/connection.c:yield_connection(69) > Yielding connection to >[2005/03/31 14:07:41, 5] smbd/oplock.c:receive_local_message(107) > receive_local_message: doing select with timeout of 1 ms >[2005/03/31 14:07:41, 3] smbd/server.c:exit_server(652) > Server exit (normal exit)
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 2562
: 1128